[Samba] Re: SuSE 9.3 + Samba 3 + LDAP
Joachim Kieferle
joakie at fab.fh-wiesbaden.de
Thu Aug 11 17:20:15 GMT 2005
Dear Horst,
as far as I understand from Chapter 5 in "Samba by example", users AND
machines are treated the same way. Thats why JHT (by the way thanks to
John for writing this chapter, otherwise I would not have gotten Samba +
LDAP to work) is using in his smb.conf both for users AND machines
/|ldap machine suffix = ou=People|//|
ldap user suffix = ou=People|/
In the IDEALX-tools you should correct also
computersdn="ou=People,${suffix}"
At least with my installation that's working. If you find a way that it
works with ou=computers, please let me know.
Best
Joachim
Horst Simon wrote:
>On Thu, 11 Aug 2005 10:35, Geoffrey Scott wrote:
>
>
>>Horst B. Simon wrote:
>>
>>
>>>Hi All,
>>>
>>>I have OX with Samba 3 and Ldap working fine, except that workstation
>>>can not join the domain. When I try to join the domain I get
>>>following error message: The following error occurred attempting to
>>>join the domain. Can not find user name in Domain. But the user is
>>>there and it creates the computer in ou=computers in ldap. All users
>>>have no problems accessing the samba shares and using OX. Anyone in
>>>this group has successful joined a computer into ldap with OX and
>>>Samba3?
>>>
>>>Regards,
>>>Horst
>>>
>>>
>>Horst,
>> Is the user either root account in LDAP or been given sepriveledges
>>as per chapter 5 of JHT example book? Does your smb.conf point to the
>>correct part of ldap for your users? Have nss and pam been configured
>>pointing correctly to where to the users are? Is the user that you are
>>trying actually in that part of LDAP? Eg. You aren't trying to use:
>>
>>cn=Manager,dc=hsimon,dc=com,dc=au
>>
>>When your users are in :
>>
>>ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au
>>
>>Are you?
>>
>>Cheers Geoff
>>
>>
>
>Hi,
>
>Following are part of slapd.conf, smb.conf and samba log for the client.
>Maybe someone know what the log file output mean.
>
>Regards,
>Horst
>
>in /etc/openldap/slapd.conf
>suffix "dc=hsc-consulting,dc=com,dc=au"
>rootdn "uid=mailadmin,dc=hsc-consulting,dc=com,dc=au"
>
>in /etc/ldap.conf
>host 127.0.0.1
>base dc=hsc-consulting,dc=com,dc=au
>ldap_version 3
>binddn uid=mailadmin,dc=hsc-consulting,dc=com,dc=au
>timelimit 50
>bind_timelimit 50
>bind_policy hard
>nss_base_passwd ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
>nss_base_shadow ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
>nss_base_group ou=Groups,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
>
>in smb.conf
> passdb backend = ldapsam:ldap://127.0.0.1/
> ldap admin dn = uid=mailadmin,dc=hsc-consulting,dc=com,dc=au
> ldap suffix = dc=hsc-consulting,dc=com,dc=au
> ldap group suffix = ou=Groups,ou=OxObjects
> ldap user suffix = ou=Users,ou=OxObjects
> ldap machine suffix = ou=Computers,ou=OxObjects
> ldap ssl = No
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
>"%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x
>"%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
>"%u"
> enable privileges = yes
> domain master = yes
> domain logons = yes
> encrypt passwords = yes
> ldap passwd sync = Yes
> log level = 3
> syslog = 0
> log file = /var/log/samba/log.%m
>
>part of client log
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219)
> check_ntlm_password: Checking password for unmapped user
>[HSC-CONSULTING]\[root]@[JUPITER-KO] with the new password interface
>[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222)
> check_ntlm_password: mapped user is: [HSC-CONSULTING]\[root]@[JUPITER-KO]
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
>[2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866)
> ldap_connect_system: succesful connection to the LDAP server
> ldap_connect_system: LDAP server does support paged results
>[2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: root
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID
>[S-1-5-21-2848152307-2665265979-542469840-500]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID [S-1-5-2] pop_sec_ctx (0, 0)
>- sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID
>[S-1-5-21-2848152307-2665265979-542469840-500]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID [S-1-5-2]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID [S-1-5-11]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID
>[S-1-5-21-2848152307-2665265979-542469840-1001]
>[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
> check_ntlm_password: sam authentication for user [root] succeeded
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
>succeeded
>[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> NTLMSSP Sign/Seal - Initialising with flags:
>[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
> User name: root Real name: root
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
> UNIX uid 0 is UNIX user root, and will be vuid 100
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
> Adding homes service for user 'root' using home directory: '/root'
>[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
> adding home's share [root] for user 'root' at '/root'
>[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
> Transaction 3 of length 84
>[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
> switch message SMBtconX (pid 7053) conn 0x0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID [S-1-5-11]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249) pop_sec_ctx (0,
>0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID
>[S-1-5-21-2848152307-2665265979-542469840-500]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID [S-1-5-2]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID [S-1-5-11]
>[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
> get_privileges: No privileges assigned to SID
>[S-1-5-21-2848152307-2665265979-542469840-1001]
>[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
> check_ntlm_password: sam authentication for user [root] succeeded
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
>succeeded
>[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> NTLMSSP Sign/Seal - Initialising with flags:
>[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
> User name: root Real name: root
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
> UNIX uid 0 is UNIX user root, and will be vuid 100
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
> Adding homes service for user 'root' using home directory: '/root'
>[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
> adding home's share [root] for user 'root' at '/root'
>[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
> Transaction 3 of length 84
>[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
> switch message SMBtconX (pid 7053) conn 0x0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>
> get_privileges: No privileges assigned to SID
>[S-1-5-21-2848152307-2665265979-542469840-1001]
>[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
> check_ntlm_password: sam authentication for user [root] succeeded
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
>succeeded
>[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
> NTLMSSP Sign/Seal - Initialising with flags:
>[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
> User name: root Real name: root
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
> UNIX uid 0 is UNIX user root, and will be vuid 100
>[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
> Adding homes service for user 'root' using home directory: '/root'
>[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
> adding home's share [root] for user 'root' at '/root'
>[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
> Transaction 3 of length 84
>[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
> switch message SMBtconX (pid 7053) conn 0x0
>[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>
>
More information about the samba
mailing list