[Samba] A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!

Robert Silvia coolhand1977 at comcast.net
Thu Nov 25 19:07:30 GMT 2004

I keep getting the following errors when I try to log on to my domain or 
access a share (some how I have no clue I was able to get one computer 
to access the samba domain). It is a standalone PDC, ldap on the same 

This problem has been killing me for about a week, any help would be 
greatly appreciated

I'm running samba 3.0.9 on redhat 9
stock ldap server that comes with redhat 9
nss_ldap installed from apt (include nss_pam)
Used idealx to do all my prep.

testuser does indeed exist as I can login with him from the one computer 
that I managed to get onot the domain.

I added the user via smbldap-tools.

Which is configured correctly with the linux box SID...

I'm at a complete loss...

Here's the error:

[2004/11/25 12:19:58, 5] auth/auth_util.c:is_trusted_domain(1448)
   is_trusted_domain: Checking for domain trust with [PDS-SUPPORT]
[2004/11/25 12:19:58, 5] 
   secrets_fetch failed!

[2004/11/25 12:19:59, 1] auth/auth_util.c:make_server_info_sam(822)
   User testuser in passdb, but getpwnam() fails!
[2004/11/25 12:19:59, 5] auth/auth_util.c:free_server_info(1344)
   attempting to free (and zero) a server_info structure
[2004/11/25 12:19:59, 0] auth/auth_sam.c:check_sam_security(306)
   check_sam_security: make_server_info_sam() failed with 
[2004/11/25 12:19:59, 5] auth/auth.c:check_ntlm_password(271)
   check_ntlm_password: sam authentication for user [testuser] FAILED 
[2004/11/25 12:19:59, 3] auth/auth_winbind.c:check_winbind_security(80)
   check_winbind_security: Not using winbind, requested domain 
[PDS-SUPPORT] was for this SAM.
[2004/11/25 12:19:59, 10] auth/auth.c:check_ntlm_password(259)
   check_ntlm_password: winbind had nothing to say
[2004/11/25 12:19:59, 2] auth/auth.c:check_ntlm_password(312)
   check_ntlm_password:  Authentication for user [testuser] -> 
[testuser] FAILED with error NT_STATUS_NO_SUCH_USER
[2004/11/25 12:19:59, 5] auth/auth_util.c:free_user_info(1318)
   attempting to free (and zero) a user_info structure
[2004/11/25 12:19:59, 10] auth/auth_util.c:free_user_info(1321)
   structure was created for testuser
[2004/11/25 12:19:59, 3] smbd/sesssetup.c:do_map_to_guest(41)
   No such user testuser [PDS-SUPPORT] - using guest account
[2004/11/25 12:19:59, 3] smbd/sec_ctx.c:push_sec_ctx(256)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1

Here's my configuration:

My system auth looks like:
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     sufficient    /lib/security/pam_ldap.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok 
md5 shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

My /etc/ldap.conf is setup as (world readable):
base dc=pds-support,dc=net
rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net
nss_base_passwd         dc=pds-support,dc=net?sub
nss_base_shadow         dc=pds-support,dc=net?sub
nss_base_group          ou=Groups,dc=pds-support,dc=net?one
ssl no
pam_password md5

and my /etc/nsswitch.conf (world readable)
passwd:     files ldap
shadow:     files ldap
group:      files ldap

I have /etc/ldap.secret
set to world readable atm moment with the password (I plan on changing 
this once I have it working)

More information about the samba mailing list