[Samba] NT_LOGON_FAILURE setting up a Linux BDC
Kitano
jgascon at gmail.com
Sat Nov 20 23:36:46 GMT 2004
Hi,
We're trying to set up a Red Hat 9 box as a BDC for a domain, the PDC for that
domain is another RH9 machine. To do it we're using samba 2.2.7a and openLDAP
2.0.7 in both machines. We've followed the instructions from the Samba-PDC-Howto
and Samba-BDC-Howto from the samba.org. The PDC works fine but when I try to
list the shares of the BDC using my user I get a NT_LOGON_FAILURE however with
a guest user it seems to work well and I get the list of shares. I think
that's a problem with the permissions.
These are my configuration files, (I only include these lines that I consider
pertinents).
#smb.conf (BDC)
[global]
log level = 1
os level = 32
local master = yes
domain master = no
preferred master = no
security = user
encrypt passwords = yes
domain logons = yes
logon path =
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
passwd chat = *password* %n\n *password* %n\n *successfull*
pam password change = yes
ldap admin dn = cn=Administrator,dc=myorg,dc=org
ldap server = workstation1.myorg.org
ldap suffix = dldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
[test]
comment = Test
path = /tmp/test
browseable = yes
writable = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0640
directory mode = 0750
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = no
writable = no
share modes = no
#slapd.conf (the BDC is also a slave of the master LDAP Server)
updatedn uid=Administrator,ou=users,dc=myorg,dc=org
updateref ldap://server.myorg.org:389
access to attr=userPassword,lmPassword,ntPassword
by dn=uid=Administrator,ou=users,dc=myorg,dc=org write
by self write
by anonymous auth
by * none
access to attr=shadowLastChange
by dn=uid=Administrator,ou=users,dc=myorg,dc=org write
by self write
by anonymous auth
by * none
access to attr=shadowMin,shadowMax,shadowWarning,shadowInactive,shadowExpire
by dn=uid=Administrator,ou=users,dc=myorg,dc=org write
by self read
by anonymous auth
by * none
access to attr=loginShell,gecos
by dn=uid=Administrator,ou=users,dc=myorg,dc=org write
by self write
by * read
access to *
by dn=uid=Administrator,ou=users,dc=myorg,dc=org write
by self write
by * read
# ldap.conf
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST 127.0.0.1
BASE dc=myorg,dc=org
# PAM file system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
#auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass
#auth sufficient /lib/security/$ISA/pam_smb_auth.so
use_first_pass nolocal
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_localuser.so
account [default=bad success=ok user_unknown=ignore service_err=ignore \
system_err=ignore authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
Thanks in advance ;)
More information about the samba
mailing list