[Samba] samba failed to authenticate to openLDAP
Steve Zeng
szeng at mainframe.ca
Tue Mar 1 02:20:15 GMT 2005
Hi,
I tried to let Samba authenticate against LDAP but could not figure out
how to build the LDAP tree for Samba.
Fedora core 2
Samba 3.0.10
OpenLDAP 2.1.29
I used the migration tool bundled with OpenLDAP and successfully
imported passwd, group and hosts from NIS into LDAP. I can authenticate
from any of linux client against LDAP server. My LDAP DIT is as follows:
dc=mydomain
|
`--- ou=People : to store user accounts for Unix and Windows
|
`--- ou=Hosts : to store computer accounts for UNIXX & Windows
|
`--- ou=Groups : to store system groups for Unix and Windows
What I did were:
In the OpenLDAP server:
1) install OpenLDAP-2.1.29 RPM
2) configure /etc/openldap/slapd.conf
3) configure /etc/openldap/ldap.conf
4) run migrate_all_nis_offline.sh bundled with OpenLDAP
5) start OpenLDAP
In the Samba Server:
1) Install Samba-3.0.10 RPM
2) Configure smb.conf with SWAT
[global]
workgroup = TESTDM
passdb backend = ldapsam:ldap://10.10.0.101/
log level = 1 passdb:8 auth:8
domain logons = Yes
wins support = Yes
ldap admin dn = cn=root,dc=mydomain
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap suffix = dc=mfelc
ldap passwd sync = Yes
ldap ssl = no
[homes]
valid users = %S
read only = No
browseable = No
3) start Samba server
4) run smbclient //smbserver -U myid
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
Attached is the smbd.log, I deleted the normal log and keep failed
messages as below:
passdb/secrets.c:secrets_fetch_trusted_domain_password(334)
secrets_fetch failed!
auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[TESTDM]\[szeng]@[ENZO] with the new password interface
auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [TESTDM]\[szeng]@[ENZO]
passdb/pdb_ldap.c:ldapsam_getsampwnam(1300)
ldapsam_getsampwnam: Unable to locate user [szeng] count=0
auth/auth_sam.c:check_sam_security(244)
check_sam_security: Couldn't find user 'szeng' in passdb file.
auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [szeng] FAILED with
error NT_STATUS_NO_SUCH_USER
auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [TESTDM]
was for this SAM.
auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [szeng] -> [szeng]
FAILED with error NT_STATUS_NO_SUCH_USER
auth/auth_util.c:free_user_info(1318)
attempting to free (and zero) a user_info structure
Is there anybody who might have some idea of what is wrong.
Thanks a lot.
--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
More information about the samba
mailing list