[Samba] OpenLDAP and SAMBA

Tue Nov 15 08:33:10 GMT 2005

Hi everybody!

In my company, we want to migrate from Windows NT to a Linux PDC. I am 
responsible for the change so I am searching for the best solution. After 
some time surfnig in google, I decide to use a LDAP server for users 
maintenance and SAMBA as a file server. and PDC controller

The first step was configure LDAP for autenticating linux users, which works 
fine. Then I configure SAMBA for file sharing using local autentication (ie 
against passwd file) and works fine too. My problem appears when i try to 
autenticate the SAMBA users against the LDAP

I think the problem is getting the right pass or user or sthing similar. I 
will be very grateful if someone can help me.

P.D. Sorry for my bad English. These are my *.conf files:

--> SMB.CONF

[global]

workgroup = NT.DPT.ES
server string = LDAP Samba
load printers = yes
guest account = nobody
log file = /usr/local/samba/var/log.%m
max log size = 50
encrypt passwords = yes
passdb backend = tdbsam guest
passdb backend = ldapsam:ldap://172.21.2.160
debug level = 20

####LDAP######
ldap admin dn = cn=administrador,dc=BECARIOS,dc=dpt,dc=es
ldap ssl = off
ldap delete dn = no
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap suffix = dc=BECARIOS,dc=DPT,dc=ES
security = user
passwd program = smbldap-passwd -o %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
socket options = TCP_NODELAY
dns proxy = no

[homes]
comment = Home Directories
browseable = no
writable = yes

[compartida]
comment = Carpeta compartida
path = /home/compartida
browseable = yes
public = yes
guest ok = yes
writable = yes
encrypt passwords = true

--> SLAPD.CONF

include /usr/local/openldap-2.3.9/etc/openldap/schema/core.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/samba.schema

SLAPD_USER="slapd"
SLAPD_GROUP="slapd"

pidfile /usr/local/openldap-2.3.9/var/run/slapd.pid
argsfile /usr/local/openldap-2.3.9/var/run/slapd.args

access to *
by self write
by dn="cn=Administrador,dc=NT,dc=DPT,dc=ES" write
by * read

access to attr=sambaLMPassword,sambaNTPassword
by dn="cn=Administrador,dc=BECARIOS,dc=DPT,dc=ES" write
by * none

access to attr=userpassword
by self write
by * read

################################
# BDB database definitions
################################
database ldbm
suffix "dc=BECARIOS,dc=DPT,dc=ES"
rootdn "cn=administrador,dc=BECARIOS,dc=DPT,dc=ES"
rootpw admin

directory /usr/local/openldap-2.3.9/var/openldap-data
# Indices to maintain
index objectClass eq

index default sub
index cn pres,sub,eq
index sn pres,sub,eq
index mail eq,subinitial
index givenname eq,subinitial

# Requerido para soportar pdb_getsampwnam
index uid pres,sub,eq

# Requerido para soportar pdb_getsambapwrid()
index displayName pres,sub,eq

# Descomente las siguientes líneas si está almacenando entradas
# posixAccount y posixGroup en el directorio
index uidNumber eq
index gidNumber eq
index memberUid eq

# Samba 3.*
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

--> I get this error when i execute 'smbclient -d 488 
\\\\172.21.2.160\\compartida -U juanma' from a client
Password:
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
write_socket(3,178)
write_socket(3,178) wrote 178
got smb length of 258
size=258
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=2715
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 156 (0x9C)
smb_bcc=215
[000] A1 81 99 30 81 96 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+
[010] 06 01 04 01 82 37 02 02 0A A2 81 80 04 7E 4E 54 .....7.. .....~NT
[020] 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 00 LMSSP... ......0.
[030] 00 00 15 02 8A 60 52 12 65 25 D7 4E 7D EA 00 00 .....`R. e%.N}...
[040] 00 00 00 00 00 00 48 00 48 00 36 00 00 00 31 00 ......H. H.6...1.
[050] 37 00 32 00 02 00 06 00 31 00 37 00 32 00 01 00 7.2..... 1.7.2...
[060] 06 00 31 00 37 00 32 00 04 00 10 00 32 00 31 00 ..1.7.2. ....2.1.
[070] 2E 00 32 00 2E 00 31 00 36 00 30 00 03 00 18 00 ..2...1. 6.0.....
[080] 31 00 37 00 32 00 2E 00 32 00 31 00 2E 00 32 00 1.7.2... 2.1...2.
[090] 2E 00 31 00 36 00 30 00 00 00 00 00 00 55 00 6E ..1.6.0. .....U.n
[0A0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a
[0B0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 30 00 62 . .3...0 ...2.0.b
[0C0] 00 00 00 4E 00 54 00 2E 00 44 00 50 00 54 00 2E ...N.T.. .D.P.T..
[0D0] 00 45 00 53 00 00 00 .E.S...
size=258
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=2715
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 156 (0x9C)
smb_bcc=215
[000] A1 81 99 30 81 96 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+
[010] 06 01 04 01 82 37 02 02 0A A2 81 80 04 7E 4E 54 .....7.. .....~NT
[020] 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 00 LMSSP... ......0.
[030] 00 00 15 02 8A 60 52 12 65 25 D7 4E 7D EA 00 00 .....`R. e%.N}...
[040] 00 00 00 00 00 00 48 00 48 00 36 00 00 00 31 00 ......H. H.6...1.
[050] 37 00 32 00 02 00 06 00 31 00 37 00 32 00 01 00 7.2..... 1.7.2...
[060] 06 00 31 00 37 00 32 00 04 00 10 00 32 00 31 00 ..1.7.2. ....2.1.
[070] 2E 00 32 00 2E 00 31 00 36 00 30 00 03 00 18 00 ..2...1. 6.0.....
[080] 31 00 37 00 32 00 2E 00 32 00 31 00 2E 00 32 00 1.7.2... 2.1...2.
[090] 2E 00 31 00 36 00 30 00 00 00 00 00 00 55 00 6E ..1.6.0. .....U.n
[0A0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a
[0B0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 30 00 62 . .3...0 ...2.0.b
[0C0] 00 00 00 4E 00 54 00 2E 00 44 00 50 00 54 00 2E ...N.T.. .D.P.T..
[0D0] 00 45 00 53 00 00 00 .E.S...
Got challenge flags:
Got NTLMSSP neg_flags=0x608a0215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[000] CB 15 F9 36 BD C0 84 AA ...6....
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
write_socket(3,290)
write_socket(3,290) wrote 290
got smb length of 110
size=110
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=2715
smb_uid=100
smb_mid=3
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=67
[000] A1 07 30 05 A0 03 0A 01 02 55 00 6E 00 69 00 78 ..0..... .U.n.i.x
[010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3
[020] 00 2E 00 30 00 2E 00 32 00 30 00 62 00 00 00 4E ...0...2 .0.b...N
[030] 00 54 00 2E 00 44 00 50 00 54 00 2E 00 45 00 53 .T...D.P .T...E.S
[040] 00 00 00 ...
size=110
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=2715
smb_uid=100
smb_mid=3
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=67
[000] A1 07 30 05 A0 03 0A 01 02 55 00 6E 00 69 00 78 ..0..... .U.n.i.x
[010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3
[020] 00 2E 00 30 00 2E 00 32 00 30 00 62 00 00 00 4E ...0...2 .0.b...N
[030] 00 54 00 2E 00 44 00 50 00 54 00 2E 00 45 00 53 .T...D.P .T...E.S
[040] 00 00 00 ...
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

--> Both, the client and the server are a DEBIAN sarge (stable), with 
openLDAP-2.3.9 and SAMBA-3.0.20b

Thanks...