[Samba] ldap auth no longer works with upgrade from 3.0-3.0.2?

John H. mrmailer at myway.com
Mon Mar 15 22:46:53 GMT 2004


k, it seems only certain accounts do work on samba with ldap, others do not.

the first one does not, the second one does.
any ideas?
<?php
# safety, People, INTRANET
dn: uid=safety,ou=People,dc=INTRANET
shadowLastChange: 12418
shadowMax: 99999
shadowWarning: 7
sambaAcctFlags: [U          ]
sambaSID: S-1-5-21-4070452498-3149834983-2923667569-2000
sambaPwdCanChange: 1075750753
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1075750753
sambaNTPassword: B34EY5E59X50620EACZ9FF5B4C3C359A
gecos: Mikey
sambaLMPassword: D2B5A9E561CABAB5AAD3B435B51404EE
loginShell: /bin/bash
uid: safety
uidNumber: 500
gidNumber: 504
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: phpgwAccount
objectClass: sambaSamAccount
homeDirectory: /home/safety
cn: user pass
userPassword:: e1NNRDV2V9VqNVEwYxh2anZUcTAra2pqYWVzSjg3RWI0PQ==

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1




WORKING
dn: uid=david,ou=People,dc=INTRANET
shadowLastChange: 12418
sambaSID: S-1-5-21-4070452498-3149834983-2923667569-2002
sambaPrimaryGroupSID: S-1-5-21-4070452498-3149834983-2923667569-1201
displayName: David
sambaPwdCanChange: 1075763078
sambaPwdLastSet: 1075763078
sambaAcctFlags: [U          ]
sambaPwdMustChange: 2147483647
homeDirectory: /home/david
sambaLMPassword: F3289011E7FBB7D1AAD3B435B51404EE
uidNumber: 501
loginShell: /bin/bash
cn: David
uid: david
gidNumber: 100
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: phpgwAccount
gecos: David
sambaNTPassword: 22GFDXE1C98968F33C19F452A46875A3
userPassword:: e2NxeXB0zTZScTMwbGFhdlBxZS4=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
?> 





 --- On Mon 03/15, John H. < mrmailer at myway.com > wrote:
From: John H. [mailto: mrmailer at myway.com]
To: samba at lists.samba.org
Date: Mon, 15 Mar 2004 17:16:49 -0500 (EST)
Subject: [Samba] ldap auth no longer  works with upgrade from 3.0-3.0.2?

<br>Ok, I had ldap with samba working perfectly a few weeks ago.  however, I had no root account, since i was told not to have a root account on ldap server, so someone recommended i do this in smb.conf...<br> passdb backend = smbpasswd<br><br>adding root user to samba with smbpasswd -a <br><br>then changing smb.conf to this<br><br> passdb backend = ldapsam:ldap://127.0.0.1 smbpasswd<br><br>so it could use both, right?<br><br>So a while later I let fedora up2date upgrade samba 3.0.0 rpms to 3.0.2.  Everything seemed to work fine afterward.<br>I looked in smbpasswd today, and I noticed all the ldap accounts, including the machine accounts are in there, as well as the root account.  I thought this odd, so I removed smbpasswd from the aforementioned line, and oddly enough, none of the ldap accounts could use samba anymore, getting nt_login_failure or whatever!  <br><br>however, in a command line, i can still id username and it shows their username, through ldap, and i can log in to unix with them(ssh and everything), but samba no longer recognizes them.  can someone tell me what i did wrong, or if this is a bug or something?  below i paste relevant parts of smb.conf<br><br><br>[global]<br>        workgroup = DOMAINNAME<br>        netbios name = NETBIOSNAME<br>        netbios aliases = INTRANET<br>        logon script = logon.cmd<br>        logon home =<br>        #\\homeserver\%u\winprofile<br>        logon path =<br>        domain logons = Yes<br>        os level = 64<br>        preferred master = Yes<br>        encrypt passwords = Yes<br>        domain master = Yes<br>        wins support = Yes<br>        encrypt passwords = Yes<br>        update encrypted = Yes<br>        auth methods = sam guest<br>        security = USER<br><br>#ldap<br>        passdb backend = ldapsam:ldap://127.0.0.1 smbpasswd<br>        ldap suffix = dc=INTRANET<br>        ldap machine suffix = ou=People<br>        ldap passwd sync = yes<br>        ldap user suffix = ou=People<br>        ldap group suffix = ou=Group<br>        ldap admin dn = "cn=Manager,dc=INTRANET"<br>        ldap ssl = no<br>        idmap backend = ldapsam:ldapsam://127.0.0.1<br>        passwd chat debug = Yes<br>        passwd program =/usr/local/sbin/smbldap-passwd -o %u<br>        passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*<br>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192<br>        add machine script = /usr/local/sbin/smbldap-useradd -w %m<br>        add user script = /usr/local/sbin/smbldap-useradd -a -n -m %u<br>        delete user script = /usr/local/sbin/smbldap-userdel %u<br>        add group script = /usr/local/sbin/smbldap-groupadd %g<br>        delete group script = /usr/local/sbin/smbldap-groupdel %g<br>        add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g<br>        delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g<br>        set primary group script = /usr/local/sbin/smbldap-usermod -G %g %u<br><br><br><br><br><br>_______________________________________________<br>No banners. No pop-ups. No kidding.<br>Introducing My Way - http://www.myway.com<br>-- <br>To unsubscribe from this list go to the following URL and read the<br>instructions:  http://lists.samba.org/mailman/listinfo/samba<br>

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com


More information about the samba mailing list