[Samba] samba /openldap error message
Ketil Rasmussen
krasmussen at broadpark.no
Wed Nov 30 13:58:56 GMT 2005
Hi
Im new to this list but im hoping some can help me with the problem
described below.
Im trying to set up a tesdomain based on one server , OpenSUSE 10 /
openldap2-2.2.27-6 / samba-3.0.20b-3.1
I have followed this doc
http://www.samba.org/samba/docs/Samba3-ByExample.pdf , cap 5 using PAM
og NSS og Idealx smbldap-tools .
The follwoing ldap and samba modules are in use
openldap2-client-2.2.27-6
ldapcpplib-0.0.3-33
yast2-ldap-2.12.2-2
yast2-ldap-client-2.12.9-2
pam_ldap-178-3
php4-ldap-4.4.0-6
nss_ldap-238-2
perl-ldap-0.33-2
smbldap-tools-0.8.6-1
samba-client-3.0.20b-3.1
yast2-samba-client-2.12.4-2
yast2-samba-server-2.12.8-2
samba-winbind-3.0.20b-3.1
I came as far as beeing able to add computers to the domain using
administrator account. But my challenge now is to be able to
log in on the computer added to the domain using my ldapaccount which i
think should be ok. ( i can ssh to the ldapserver using my username)
This test fails though
# wbinfo -u
Error looking up domain users
When trying to log on to the domain i get the following i
/var/log/messages:
Nov 29 00:39:34 bgnsambatest smbd[8231]: [2005/11/29 00:39:34, 0]
rpc_server/srv_pipe.c:api_pipe_bind_req(981)
Nov 29 00:39:34 bgnsambatest smbd[8231]: Attempt to bind using
schannel without successful serverauth2
- - -
Nov 29 00:39:34 bgnsambatest smbd[8231]: [2005/11/29 00:39:34, 0]
auth/auth_sam.c:check_sam_security(327)
Nov 29 00:39:34 bgnsambatest smbd[8231]: check_sam_security:
make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
I have also created a samba log pr computer in the domain. This log is
saying as follows:
2005/11/29 00:39:34, 1] auth/auth_util.c:make_server_info_sam(807)
User krasmussen in passdb, but getpwnam() fails!
[2005/11/29 00:39:34, 0] auth/auth_sam.c:check_sam_security(327)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
Im able to login to the domain as administrator
I hope someone can get me back on track here ,so any help is highly
appriciated
thanks
Ketil Rasmussen
krasmussen at broadpark.no
My config files are as follows;
#########
ldap.conf
###########
host 127.0.0.1
base dc=domain,dc=com
rootbinddn cn=Manager,dc=domain,dc=com
bindpw pass
nss_base_passwd dc=domain,dc=com
nss_base_shadow dc=domain,dc=com
nss_base_group ou=Groups,dc=domain,dc=com
# Security options
ssl no
sam_password SSHA
##########
Slapd.conf
#########
database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
rootpw {SSHA}wtUXsjIGTVV5MoeK+nRJ28EXm+3qo6Kj
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
#############
Nsswitch .conf
###############
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
networks: files dns
services: files ldap
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files ldap
publickey: files
bootparams: files
automount: files
aliases: files ldap
passwd_compat: ldap
group_compat: ldap
################
Smb.conf-testparm
###############
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[temp]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
unix charset = LOCALE
workgroup = STARSHIPPING
netbios name = SAMBA
server string = Samba File and Print Server
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1
enable privileges = Yes
username map = /etc/samba/smbusers
log level = 1
log file = /var/log/samba/%m.log
max log size = 0
smb ports = 139
name resolve order = wins host bcast
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
IPTOS_LOWDELAY
printcap name = cups
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%g" "%u"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%g" "%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon path = %Lprofiles.msprofile
logon drive = M:
logon home = %L%U.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Users
ldap suffix = dc=domain,dc=com
ldap ssl = no
ldap timeout = 5
ldap user suffix = ou=Users
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
cups options = raw
strict locking = No
############################
/etc/smb-ldaptools/smbldap.conf :
# Put your own SID
# to obtain this number do: net getlocalsid
#SID="S-1-5-21-3539048750-1157598893-2851086582"
SID="S-1-5-21-156160902-2346300862-1257751979"
##########################################
# LDAP Configuration
####################
# Ex: slaveLDAP=127.0.0.1
slaveLDAP="localhost"
slavePort="389"
# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
masterLDAP="localhost"
masterPort="389"
# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="0"
# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify=""
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
#cafile="/etc/smbldap-tools/ca.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
#clientcert="/etc/smbldap-tools/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
#clientkey="/etc/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=domain,dc=com"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=Users,${suffix}"
# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"¨
computersdn="ou=Users,${suffix}"
#computersdn="ou=Computers,${suffix}"
# Where are stored Groups
# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
groupsdn="ou=Groups,${suffix}"
# Where are stored Idmap entries (used if samba is a domain member server)
# Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
idmapdn="ou=Idmap,${suffix}"
# Where to store next uidNumber and gidNumber available
#sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=STARSHIPPING,${suffix}"
# Default scope Used
scope="sub"
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="SSHA"
# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"
##################
# Unix Accounts Configuration
####################
# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"
# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"
# Gecos
userGecos="System User"
# Default User (POSIX and Samba) GID
defaultUserGid="513"
# Default Computer (Samba) GID
defaultComputerGid="515"
# Skel dir
skeletonDir="/etc/skel"
More information about the samba
mailing list