[Samba] Two Locations, One Domain - LDAP Auth Failure

Dirk.Laurenz at fujitsu-siemens.com Dirk.Laurenz at fujitsu-siemens.com
Tue Sep 20 12:54:29 GMT 2005 

Hi,

here's the problem:
	 check_ntlm_password:  Authentication for user [andy] -> [andy] FAILED with error NT_STATUS_NO_SUCH_USER
	[2005/09/20 12:44:41, 3] smbd/process.c:timeout_processing(1334)
has the user the sambasid attribute? Is it filled? did you use smbldap-tools?


Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer	

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland 
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:	+49 (511) 84 89 - 18 08
Telefax:	+49 (511) 84 89 - 25 18 08
Mobile:	+49 (170) 22 10 781
Email:	mailto:dirk.laurenz at fujitsu-siemens.com
Internet:	http://www.fujitsu-siemens.com
            http://www.fujitsu-siemens.de/services/index.html
*******************************************************************************************************************
  

-|  -----Original Message-----
-|  From: 
-|  samba-bounces+dirk.laurenz=fujitsu-siemens.com at lists.samba.o
-|  rg 
-|  [mailto:samba-bounces+dirk.laurenz=fujitsu-siemens.com at lists
-|  .samba.org] On Behalf Of Andy
-|  Sent: Tuesday, September 20, 2005 2:49 PM
-|  To: Laurenz, Dirk
-|  Cc: samba at lists.samba.org
-|  Subject: RE: [Samba] Two Locations, One Domain - LDAP Auth Failure
-|  
-|  Hi Dirk, thanks for your reply!
-|  
-|  I definatly want to go down the BDC route so that I always 
-|  log on to the nearest server. The link between the two 
-|  isn't really an issue - both have a DSL connection to the 
-|  internet.
-|  
-|  I started by modifying my smb.conf files so that each 
-|  server is a local master for their subnet, but only the uni 
-|  box is domain master. After fiddling with the 'remote 
-|  announce' and 'remote browse sync' I can now view both 
-|  servers from a workstation at home (*not* joined to the 
-|  domain yet). So far so good!
-|  
-|  Ok, so LDAP it is... I've followed the tutorial at 
-|  http://www.idealx.org/prj/samba/smbldap-howto.en.html up to 
-|  the end of section 5.1, and although I can sucesully create 
-|  and remove accounts, and log on to said accounts over SSH, 
-|  I cannot connect to the samba server at uni using the 
-|  credentials of a user in LDAP. The only problem I ran 
-|  into with that tutorial was the following error when 
-|  starting slapd after making the changes in section 5.1:
-|  
-|  Checking configuration files for slapd:  
-|  /etc/openldap/slapd.conf: line 93: unknown attr 
-|  "sambaPrivilegeList" in to clause
-|  
-|  So I simply removed 'sambaPrivilegeList' from slapd.conf. I 
-|  don't know if this is causing samba's authentication to 
-|  fail... any ideas why slapd moaned about this and how to 
-|  fix it?
-|  
-|  Anyway, Uni server is ALPHA, the PDC for domain OMEGA. Home 
-|  server is GAMMA, home workstation is DELTA. User 'andy' can 
-|  log in to ALPHA over SSH, but not samba. 
-|  Increasing the log level to 3 and looking at the access log 
-|  for DELTA on ALPHA when DELTA tries to connect as user 
-|  'andy' to view shares:
-|  
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256)
-|    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
-|  [2005/09/20 12:44:41, 3] smbd/uid.c:push_conn_ctx(365)
-|    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288)
-|    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
-|    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
-|  [2005/09/20 12:44:41, 3] auth/auth.c:check_ntlm_password(219)
-|    check_ntlm_password:  Checking password for unmapped user 
-|  [DELTA]\[andy]@[DELTA] with the new password interface
-|  [2005/09/20 12:44:41, 3] auth/auth.c:check_ntlm_password(222)
-|    check_ntlm_password:  mapped user is: [OMEGA]\[andy]@[DELTA]
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256)
-|    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
-|  [2005/09/20 12:44:41, 3] smbd/uid.c:push_conn_ctx(365)
-|    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288)
-|    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
-|  [2005/09/20 12:44:41, 2] lib/smbldap.c:smbldap_open_connection(692)
-|    smbldap_open_connection: connection opened
-|  [2005/09/20 12:44:41, 3] lib/smbldap.c:smbldap_connect_system(866)
-|    ldap_connect_system: succesful connection to the LDAP server
-|    ldap_connect_system: LDAP server does not support paged results
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
-|    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
-|  [2005/09/20 12:44:41, 3] auth/auth_sam.c:check_sam_security(257)
-|    check_sam_security: Couldn't find user 'andy' in passdb.
-|  [2005/09/20 12:44:41, 3] 
-|  auth/auth_winbind.c:check_winbind_security(80)
-|    check_winbind_security: Not using winbind, requested 
-|  domain [OMEGA] was for this SAM.
-|  [2005/09/20 12:44:41, 2] auth/auth.c:check_ntlm_password(312)
-|    check_ntlm_password:  Authentication for user [andy] -> 
-|  [andy] FAILED with error NT_STATUS_NO_SUCH_USER
-|  [2005/09/20 12:44:41, 3] smbd/process.c:timeout_processing(1334)
-|    timeout_processing: End of file from client (client has 
-|  disconnected).
-|  [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288)
-|    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
-|  [2005/09/20 12:44:41, 2] smbd/server.c:exit_server(609)
-|    Closing connections
-|  [2005/09/20 12:44:41, 3] smbd/connection.c:yield_connection(69)
-|    Yielding connection to 
-|  [2005/09/20 12:44:41, 3] smbd/server.c:exit_server(652)
-|    Server exit (normal exit)
-|  
-|  It looks like the line "ldap_connect_system: LDAP server 
-|  does not support paged results" indcates the problem here, 
-|  however I have no idea what it means or how to fix 
-|  it. (Running OpenLDAP 2.2.23-5)
-|  
-|  Any suggestions as to whats wrong?
-|  
-|  Thanks again,
-|  
-|  Andy
-|  
-|  
-|  --- On Tue Sep 20 10:53 , 
-|  <Dirk.Laurenz at fujitsu-siemens.com> sent: ---
-|  
-|  >Hello Andy,
-|  >
-|  >you should setup a samba domain w/ a PDC and BDC or a dial 
-|  up line and a local wins server at home (but using a bdc is better).
-|  >more over you should use an ldap backend. this should be 
-|  your setup:
-|  >
-|  >
-|  >		[HOME]  	---DIAL UP LINE--->	[UNI]
-|  >
-|  >		[SERVER 1]					
-|  [SERVER 2]
-|  >		  -OpenLDAP / Slave			  
-|  -OpenLDAP / Master
-|  >		  -Samba / BDC  				
-|    -Samba / PDC
-|  >
-|  >I recommend to have a flat rate between UNI and HOME
-|  >
-|  >Mit freundlichem Gruß,
-|  >
-|  >
-|  >
-|  >Dirk Laurenz
-|  >Systems Engineer	
-|  >
-|  >Fujitsu Siemens Computers
-|  >S CE DE SE PS N/O
-|  >Sales Central Europe Deutschland 
-|  >Professional Service Nord / Ost
-|  >
-|  >Hildesheimer Strasse 25
-|  >30880 Laatzen
-|  >Germany
-|  >
-|  >Telephone:	+49 (511) 84 89 - 18 08
-|  >Telefax:	+49 (511) 84 89 - 25 18 08
-|  >Mobile:	+49 (170) 22 10 781
-|  >Email:	dirk.laurenz at fujitsu-siemens.com
-|  >Internet:	http://www.fujitsu-siemens.com
-|  >            http://www.fujitsu-siemens.de/services/index.html
-|  >***********************************************************
-|  ********************************************************
-|  -- 
-|  To unsubscribe from this list go to the following URL and read the
-|  instructions:  https://lists.samba.org/mailman/listinfo/samba
-|

More information about the samba mailing list