[Samba] Any ideas - samba3+openldap2.2.15-5: problems loggin users
onto domain
Marcelo M. Lopes
marcelo at tre-sc.gov.br
Fri Feb 11 22:06:48 GMT 2005
Hi,
I've got this cenario in my Suse 9.2 box:
samba-3.0.7-5
openldap2-2.2.15-5
smbldap-tools-0.8.4-1
So when I try to logon with a defaul user (winnt) I receive C0000001 error
code (unsuficient auth). Here the logs for this request:
#/var/log /messages
Feb 11 19:59:36 glasgow slapd[6674]: conn=583 op=4 SRCH
base="dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=2 deref=0
filter="(&(uid=andre)(objectClass=sambaSamAccount))"
Feb 11 19:59:36 glasgow slapd[6674]: conn=583 op=4 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp
Feb 11 19:59:36 glasgow slapd[6674]: conn=583 op=4 SEARCH RESULT tag=101 err=0
nentries=1 text=
Feb 11 19:59:36 glasgow slapd[6674]: conn=581 op=3 UNBIND
Feb 11 19:59:36 glasgow slapd[6674]: conn=581 fd=23 closed
Feb 11 19:59:36 glasgow slapd[6674]: conn=585 fd=23 ACCEPT from
IP=127.0.0.1:41679 (IP=0.0.0.0:389)
Feb 11 19:59:36 glasgow slapd[6674]: conn=585 op=0 BIND dn="" method=128
Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=0 RESULT tag=97 err=0 text=
Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=1 SRCH
base="ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=andre))"
Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=1 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=1 SEARCH RESULT tag=101 err=0
nentries=1 text=
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 fd=29 ACCEPT from
IP=127.0.0.1:41680 (IP=0.0.0.0:389)
Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=2 UNBIND
Feb 11 19:59:37 glasgow slapd[6674]: conn=585 fd=23 closed
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=0 BIND
dn="cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br" method=128
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=0 BIND
dn="cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br" mech=SIMPLE ssf=0
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=0 RESULT tag=97 err=0 text=
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=1 SRCH
base="ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=andre))"
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=1 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=2 SRCH
base="ou=Groups,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=1 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=andre)
(uniqueMember=uid=andre,ou=users,dc=labredes,dc=tre-sc,dc=gov,dc=br)))"
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=2 SRCH attr=cn userPassword
memberUid uniqueMember gidNumber
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=1 SEARCH RESULT tag=101 err=0
nentries=1 text=
Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=2 SEARCH RESULT tag=101 err=0
nentries=1 text=
Here user attribs:
# andre, Users, labredes.tre-sc.gov.br
dn: uid=andre,ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: andre
sn: andre
uid: andre
uidNumber: 1008
gidNumber: 513
homeDirectory: /home//andre
loginShell: /bin/bash
gecos: System User
description: System User
sambaSID: S-1-5-21-1320336019-1651555980-3662787651-3016
sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-512
displayName: System User
sambaPwdMustChange: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
sambaProfilePath: \\glasgow\profilesandre
sambaHomePath: \\glasgow\homes
sambaPwdCanChange: 1108157871
sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409
sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52
sambaPwdLastSet: 1108157871
userPassword:: e01ENX1KZFZhMG9PcVFBcjBaTWR0Y1R3SHJRPT0=
Any ideas????
Thanks in advance,
--
Marcelo M. Lopes
Tribunal Regional Eleitoral de Santa Catarina
SIE/CI/Redes e Comunicação de Dados
E-mail: marcelo at tre-sc.gov.br
Fone/Fax: 55 48 251-3700
Site: www.tre-sc.gov.br
Follow my conf files:
#slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attr=userPassword,userPKCS12
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
access to *
by * read
database ldbm
checkpoint 1024 5
cachesize 10000
suffix "dc=labredes,dc=tre-sc,dc=gov,dc=br"
rootdn "cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br"
rootpw ********
directory /var/lib/ldap
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
#smb.conf
[global]
workgroup = LABREDES
netbios name = GLASGOW
server string = SAMBA-LDAP PDC Server
unix password sync = yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"
ldap passwd sync = Yes
; SAMBA-LDAP declarations
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br
ldap suffix = dc=labredes,dc=tre-sc,dc=gov,dc=br
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp
%m$
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
security = user
encrypt passwords = yes
domain logons = yes
domain master = yes
idmap backend = ldap:ldap://127.0.0.1/
ldap idmap suffix = ou=Idmap
local master = yes
os level = 65
preferred master = yes
[homes]
comment = Home Directories
valid users = %S
read only = no
create mask = 0664
directory mask = 0775
browseable = no
[export]
comment =
path = /windows/C
printable = no
browseable = yes
force create mode = 0777
force directory mode = 0777
guest ok = yes
writeable = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = no
store dos attributes = yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = no
inherit acls = yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = no
inherit acls = yes
[pdf]
comment = PDF creator
path = /var/tmp
printable = yes
print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z
%z
create mask = 0600
[printers]
comment = All Printers
path = /var/tmp
printable = yes
create mask = 0600
browseable = no
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
#ldap.conf
TLS_REQCERT allow
host 127.0.0.1
base dc=labredes,dc=tre-sc,dc=gov,dc=br
rootbinddn cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br
nss_base_passwd ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br?one
nss_base_passwd ou=Computers,dc=labredes,dc=tre-sc,dc=gov,dc=br?one
nss_base_shadow ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br?one
nss_base_group ou=Groups,dc=labredes,dc=tre-sc,dc=gov,dc=br?one
ssl no
pam_password md5
#smbldap.conf
UID_START="1000"
GID_START="1000"
SID="S-1-5-21-3703471949-3718591838-2324585696"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
suffix="dc=labredes,dc=tre-sc,dc=gov,dc=br"
usersdn="ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br"
computersdn="ou=Computers,dc=labredes,dc=tre-sc,dc=gov,dc=br"
groupsdn="ou=Groups,dc=labredes,dc=tre-sc,dc=gov,dc=br"
scope="sub"
hash_encrypt="SSHA"
userLoginShell="/bin/bash"
userHomePrefix="/home/"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="553"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="55"
userSmbHome="\\glasgow\homes"
userProfile="\\glasgow\profiles"
userHomeDrive="F:"
userScript="\\drivef\rede\public\.dominio\winnt\profile.cmd"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
mk_ntpasswd="/usr/local/sbin/mkntpwd"
More information about the samba
mailing list