[Samba] samba 3 and ldapsam_compat

Joan Ramos Ramos joanr at uni-post.com
Wed Mar 9 11:58:49 GMT 2005 

Hi, i'm trying to configure a samba-3.0.9-2.3 with suse 9.2 and openldap2-2.1.12-74 in another server  but i have a strange problem. My samba schema is old and i have use the ldapsam_compat parameter on samba 3. 

My problem:

I mount a share of samba 3 server on my linux:

# mount -t smbfs -o username=joanr //192.9.200.147/dpd /mnt
Password:
30004: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

The log:

[...]
[2005/03/09 13:00:19, 3] lib/smbldap.c:smbldap_connect_system(858)
  ldap_connect_system: succesful connection to the LDAP server
[2005/03/09 13:00:19, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: joanr
[2005/03/09 13:00:19, 5] passdb/login_cache.c:login_cache_init(41)
  Opening cache file at /var/lib/samba/login_cache.tdb
[2005/03/09 13:00:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/09 13:00:19, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
  ntlm_password_check: Checking NT MD4 password
[2005/03/09 13:00:19, 4] auth/auth_sam.c:sam_account_ok(119)
  sam_account_ok: Checking SMB password for user joanr
[2005/03/09 13:00:19, 5] auth/auth_sam.c:logon_hours_ok(101)
  logon_hours_ok: user joanr allowed to logon at this time (Wed Mar  9 13:00:19 2005
  )
[2005/03/09 13:00:19, 1] auth/auth_util.c:make_server_info_sam(822)
  User joanr in passdb, but getpwnam() fails!
[2005/03/09 13:00:19, 5] auth/auth_util.c:free_server_info(1387)
  attempting to free (and zero) a server_info structure
[2005/03/09 13:00:19, 0] auth/auth_sam.c:check_sam_security(312)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2005/03/09 13:00:19, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [JOANR] FAILED with error NT_STATUS_NO_SUCH_USER
[2005/03/09 13:00:19, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [JOANR] -> [JOANR] FAILED with error NT_STATUS_NO_SUCH_USER
[2005/03/09 13:00:19, 5] auth/auth_util.c:free_user_info(1361)
  attempting to free (and zero) a user_info structure
[2005/03/09 13:00:19, 10] auth/auth_util.c:free_user_info(1364)
  structure was created for JOANR
[2005/03/09 13:00:19, 3] smbd/sesssetup.c:do_map_to_guest(41)
  No such user JOANR [LDAP] - using guest account
[...]

The most strange is that if i go to the entry of joanr on my openldap server, some fields are deleted, for example the ntPassword lmPassword... and the user is disabled.

My smb.cof:

# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-10-05
[global]
        workgroup = dpd
        username map = /etc/samba/smbusers
        map to guest = Bad User
        passdb backend = ldapsam_compat:ldap://192.168.1.146
        ldap admin dn = cn=Manager,o=unipost
        ldap suffix = o=unipost
        security = user
        encrypt passwords = yes
        netbios name = serverdpd
        hosts allow = 192.9. 127.0.0.1 localhost 192.168.
        wins server = 192.168.1.146
        name resolve order = host wins lmhosts bcast
        interfaces = lo, eth0, eth1, eth2
        os level = 65
        log level = 3 passdb:5 auth:10 winbind:2


[dpd]
        comment = dpd
        path = /home/dpd
        read only = no
        valid users = @informatica9

P.S: i have another samba 2 server and works correctly with this openldap server.

Any help?

Thanks



Joan Ramos Ramos <mailto:joanr at uni-post.com>
Dpto. Informática
Tel.: +34 932 232 552 (Ext. 260)
Fax.: +34 932 230 151
------------------------------------------------------------------------------------------------------------------------------------------------
Este mensaje es confidencial y atañe exclusivamente a las personas a las que va dirigido.
Cualquier opinión en el contenida, es exclusivo de su autor y no representa necesariamente
la opinion de UNIPOST, S.A.
Si Ud. no es el destinatario del  mensaje, considerese advertido que lo ha recibido por error
y que cualquier difusión o copia estan terminantemente prohibidos. Si ha recibido por error, 
por favor comuniquelo a UNIPOST, S.A. al número +34 93 223 25 52 o correo electrónico 
a <support at unipost.es>.

This e-mail is confidential and intended solely for the use of the individual to whom it is addressed.
Any opinions presented are solely those of the author and do not necessarily represent those of 
UNIPOST, S.A.
If you are not the intended recipient, be advised that you have received this e-mail in error and that 
dissemination, forwarding or copying of this e-mail is strictly prohibited. If you have received this 
e-mail in error please notify it to UNIPOST, S.A. by telephone on number +34 93 223 25 52 or by
e-mail to <support at unipost.es>.
------------------------------------------------------------------------------------------------------------------------------------------------

More information about the samba mailing list