[Samba] Problem w/ Samba 3 & LDAP

Ted Wisniewski ted at wiz.plymouth.edu
Wed Mar 31 19:47:31 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is a description of what I am trying to do (with Samba 3.0.2a & openldap 
2.1.27):

I have all my users populated into the LDAP with all the applicable 
attributes;  Users can map drives to a server using LDAP as the 
authentication backend without issue.

Where I am running into problems is bringing up a PDC using Samba w/LDAP.   

* I added the appropriate machine accounts (using smbpasswd -a -m) and was 
able to join the domain.  

* Any user in the pre-populated LDAP cannot log in, however, any user I add to 
the LDAP from the machine with Samba running on it CAN log in properly.

If I delete the original entry from the LDAP, add a new on via (smbpasswd -a), 
then the user can log in.   This works, but is ultimately not scalable...   I 
can then place the original LDAP entry back in place and they can log in...  
Just as long as the password for the account is not changed.

I am sure there is something I am missing, but I cannot see it for the life of 
me.    The odd thing is, that in the log.smbd, I get odd errors about reading 
a socket, but only for the users that have not been added by the local 
"smbpasswd" command.  They are both in the same LDAP. Any help would be 
greatly appreciated.

Ted


Excerpt from log.smb (non-functional user):
- ----------------------------------------------------------------------------------------
[2004/03/31 10:24:11, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2004/03/31 10:24:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: pubtest$
[2004/03/31 10:24:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: testuser
[2004/03/31 10:24:11, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [testuser] -> [testuser] -> 
[testuser] succeeded
[2004/03/31 10:24:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: testuser
[2004/03/31 10:24:24, 2] lib/smbldap.c:smbldap_search_domain_info(1331)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TEST_DOM))]
[2004/03/31 10:24:24, 2] lib/smbldap.c:smbldap_open_connection(626)
  smbldap_open_connection: connection opened
[2004/03/31 10:24:24, 0] lib/util_sock.c:read_socket_data(342)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/03/31 10:24:24, 2] smbd/server.c:exit_server(558)

Excerpt from log.smbd (functional user):
- --------------------------------------------------------------------------------------
[2004/03/31 10:26:04, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2004/03/31 10:26:04, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: pubtest$
[2004/03/31 10:26:04, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: newuser
[2004/03/31 10:26:04, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [newuser] -> [newuser] -> 
[newus
er] succeeded
[2004/03/31 10:26:05, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: newuser
[2004/03/31 10:26:05, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [newuser] -> [newuser] -> 
[newuser] succeeded
[2004/03/31 10:26:05, 1] smbd/service.c:make_connection_snum(705)
  pubtest (158.136.115.89) connect to service profiles initially as user 
newuser (uid=18000, gid=31) (pid 85352)
[2004/03/31 10:26:05, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
  Returning domain sid for domain TEST_DOM -> 
S-1-5-21-204843054-3526713080-3458
795326
[2004/03/31 10:26:05, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: newuser
- -------------------------------------------------------------------------------------------


Global section of smb.conf
- -------------------------------------------------------------------------------------------
;
[global]
   print command = lpr -r -P%p %s
   printer name  = lp
   printcap name = /etc/printcap
   guest account = nobody
   dont descend  = /dev,/proc
   lock directory= /usr/local/server/samba/var/locks
   load printers = yes
   server string = EMERALD - Samba Server %v
   socket options = TCP_NODELAY
   os level = 65
   max disk size = 2000
   printer admin = @winprint
   netbios name = EMERALD
   workgroup = TEST_DOM
   preferred master = yes
   domain master = yes
   local master = yes

   max log size = 35000
   
   wins support = yes
   domain logons = yes
   logon script = logon.bat
   security = user
   encrypt passwords = yes
   debug level = 2

   logon drive = m:
   logon home = \\emerald\%u
   logon path = \\emerald\profiles\%U

   ldap admin dn = "cn=Manager,dc=plymouth,dc=edu"
   passdb backend = ldapsam:ldap://localhost:389
   ldap delete dn = no
   ldap user suffix = ou=People
   ldap group suffix = ou=Groups
   ldap machine suffix = ou=Computers
   ldap suffix = dc=plymouth,dc=edu
   ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"

   idmap backend = ldap:ldap://localhost:389
   
   idmap gid = 10000-15000
   idmap uid = 16000-20000



- -- 
| Ted Wisniewski                    E-Mail: ted at mail.plymouth.edu        |
| Manager, Systems Group            WEB:    http://oz.plymouth.edu/~ted/ |
| Information Technology Services					 |
| Plymouth State University         Phone:  (603) 535-2661               |
| Plymouth NH, 03264                Fax:    (603) 535-2263               |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFAayBTLoXjVqfQ0u4RAtCuAKCRBMazpYXFHw4V4leDGK0fG4bKlgCgt5G2
WnEtI/RvsZCEYiB/yFF0qpQ=
=BZUZ
-----END PGP SIGNATURE-----

More information about the samba mailing list