[Samba] problem with samba, ldap and windows
Samuele Giovanni Tonon
samu at sferacarta.com
Wed Oct 13 10:00:18 GMT 2004
hi,
i have read that someone has similar problem to mines, however i didn't
find how it solved them .
The problem is this: samba as a PDC for a window domain.
The authentication is managed with openldap.
if i try to change the password of any ldap account with smbpassword i
have no error.
if i try to access to the shared folder of samba, with windows, it asks
me for authentication and it all work.
The only thing i'm not able to do is to manage the windows
authentication through domain: when i try to join the domain using
Administrator it says to me "Can't find user" but in samba log i have:
[2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/10/13 11:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
init_sam_from_ldap: Entry found for user: Administrator
[2004/10/13 11:27:45, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2004/10/13 11:27:46, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477)
Returning domain sid for domain KOSAVUTU ->
S-1-5-21-1603302580-212172761-3240640930
[2004/10/13 11:27:46, 2] smbd/server.c:exit_server(571)
Closing connections
so Administrator is known, the authentication works, but in some way
either samba or windows doesn't communicate well.
Any hints ?
i'm attaching my smb.conf, hoping it can help.
Regards
-------------- next part --------------
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
workgroup = KOSAVUTU
;netbios name = PDC
server string = %h server (Samba %v)
syslog = 30
security = user
null passwords = true
encrypt passwords = true
add user script = /usr/sbin/smbldap-useradd -m -a "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = logon.bat
logon path = \\PDC\profiles\%g
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
min protocol = LANMAN2
time server = Yes
server signing = auto
local master = Yes
os level = 40
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = No
wins server = 10.0.0.1
log file = /var/log/samba/samba.log.%m
log level = 2 passdb:2 auth:2 winbind:2
admin users = root,Administrator
passdb backend = ldapsam:ldap://127.0.0.1/
passwd program = /usr/sbin/smbldap-passwd -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *succesfully*
passwd chat debug = Yes
ldap suffix = dc=sferacarta,dc=com
ldap machine suffix = ou=machines
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap idmap suffix = ou=users
ldap admin dn = "cn=Manager,dc=sferacarta,dc=com"
ldap ssl = no
ldap passwd sync = Yes
ldap delete dn = Yes
[netlogon]
path = /etc/samba/netlogon
locking = no
browsable = no
read only = yes
[profiles]
path = /etc/samba/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
force user = %U
valid users = %U "Domain Admins"
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
[kosovo]
comment = kosovo
browseable = yes
writable = no
path = /kosovo
More information about the samba
mailing list