[Samba] samba failed to authenticate to openLDAP

Steve Zeng szeng at mainframe.ca
Tue Mar 1 02:20:15 GMT 2005 

Hi,

I tried to let Samba authenticate against LDAP but could not figure out 
how to build the LDAP tree for Samba.

Fedora core 2
Samba 3.0.10
OpenLDAP 2.1.29

I used the migration tool bundled with OpenLDAP and successfully 
imported passwd, group and hosts from NIS into LDAP. I can authenticate 
from any of linux client against LDAP server. My LDAP DIT is as follows:

dc=mydomain
  |
  `--- ou=People    : to store user accounts for Unix and Windows
  |
  `--- ou=Hosts     : to store computer accounts for UNIXX & Windows
  |
  `--- ou=Groups    : to store system groups for Unix and Windows


What I did were:

In the OpenLDAP server:

1) install OpenLDAP-2.1.29 RPM
2) configure /etc/openldap/slapd.conf
3) configure /etc/openldap/ldap.conf
4) run migrate_all_nis_offline.sh bundled with OpenLDAP
5) start OpenLDAP

In the Samba Server:
1) Install Samba-3.0.10 RPM
2) Configure smb.conf with SWAT

    [global]
         workgroup = TESTDM
         passdb backend = ldapsam:ldap://10.10.0.101/
         log level = 1 passdb:8 auth:8
         domain logons = Yes
         wins support = Yes
         ldap admin dn = cn=root,dc=mydomain
         ldap delete dn = Yes
         ldap group suffix = ou=Group
         ldap machine suffix = ou=Hosts
         ldap user suffix = ou=People
         ldap suffix = dc=mfelc
         ldap passwd sync = Yes
         ldap ssl = no

     [homes]
         valid users = %S
         read only = No
         browseable = No


3) start Samba server

4) run smbclient //smbserver -U myid
    Password:
    session setup failed: NT_STATUS_LOGON_FAILURE

Attached is the smbd.log, I deleted the normal log and keep failed 
messages as below:


passdb/secrets.c:secrets_fetch_trusted_domain_password(334)
   secrets_fetch failed!
auth/auth.c:check_ntlm_password(219)
   check_ntlm_password:  Checking password for unmapped user 
[TESTDM]\[szeng]@[ENZO] with the new password interface
auth/auth.c:check_ntlm_password(222)
   check_ntlm_password:  mapped user is: [TESTDM]\[szeng]@[ENZO]
passdb/pdb_ldap.c:ldapsam_getsampwnam(1300)
   ldapsam_getsampwnam: Unable to locate user [szeng] count=0
auth/auth_sam.c:check_sam_security(244)
   check_sam_security: Couldn't find user 'szeng' in passdb file.
auth/auth.c:check_ntlm_password(271)
   check_ntlm_password: sam authentication for user [szeng] FAILED with 
error NT_STATUS_NO_SUCH_USER
auth/auth_winbind.c:check_winbind_security(80)
   check_winbind_security: Not using winbind, requested domain [TESTDM] 
was for this SAM.
auth/auth.c:check_ntlm_password(312)
   check_ntlm_password:  Authentication for user [szeng] -> [szeng] 
FAILED with error NT_STATUS_NO_SUCH_USER
auth/auth_util.c:free_user_info(1318)
   attempting to free (and zero) a user_info structure


Is there anybody who might have some idea of what is wrong.

Thanks a lot.


-- 
Regards,

Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293

More information about the samba mailing list