[Samba] Two Locations, One Domain - LDAP Auth Failure
Dirk.Laurenz at fujitsu-siemens.com
Dirk.Laurenz at fujitsu-siemens.com
Tue Sep 20 12:54:29 GMT 2005
Hi,
here's the problem:
check_ntlm_password: Authentication for user [andy] -> [andy] FAILED with error NT_STATUS_NO_SUCH_USER
[2005/09/20 12:44:41, 3] smbd/process.c:timeout_processing(1334)
has the user the sambasid attribute? Is it filled? did you use smbldap-tools?
Mit freundlichem Gruß,
Dirk Laurenz
Systems Engineer
Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland
Professional Service Nord / Ost
Hildesheimer Strasse 25
30880 Laatzen
Germany
Telephone: +49 (511) 84 89 - 18 08
Telefax: +49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email: mailto:dirk.laurenz at fujitsu-siemens.com
Internet: http://www.fujitsu-siemens.com
http://www.fujitsu-siemens.de/services/index.html
*******************************************************************************************************************
-| -----Original Message-----
-| From:
-| samba-bounces+dirk.laurenz=fujitsu-siemens.com at lists.samba.o
-| rg
-| [mailto:samba-bounces+dirk.laurenz=fujitsu-siemens.com at lists
-| .samba.org] On Behalf Of Andy
-| Sent: Tuesday, September 20, 2005 2:49 PM
-| To: Laurenz, Dirk
-| Cc: samba at lists.samba.org
-| Subject: RE: [Samba] Two Locations, One Domain - LDAP Auth Failure
-|
-| Hi Dirk, thanks for your reply!
-|
-| I definatly want to go down the BDC route so that I always
-| log on to the nearest server. The link between the two
-| isn't really an issue - both have a DSL connection to the
-| internet.
-|
-| I started by modifying my smb.conf files so that each
-| server is a local master for their subnet, but only the uni
-| box is domain master. After fiddling with the 'remote
-| announce' and 'remote browse sync' I can now view both
-| servers from a workstation at home (*not* joined to the
-| domain yet). So far so good!
-|
-| Ok, so LDAP it is... I've followed the tutorial at
-| http://www.idealx.org/prj/samba/smbldap-howto.en.html up to
-| the end of section 5.1, and although I can sucesully create
-| and remove accounts, and log on to said accounts over SSH,
-| I cannot connect to the samba server at uni using the
-| credentials of a user in LDAP. The only problem I ran
-| into with that tutorial was the following error when
-| starting slapd after making the changes in section 5.1:
-|
-| Checking configuration files for slapd:
-| /etc/openldap/slapd.conf: line 93: unknown attr
-| "sambaPrivilegeList" in to clause
-|
-| So I simply removed 'sambaPrivilegeList' from slapd.conf. I
-| don't know if this is causing samba's authentication to
-| fail... any ideas why slapd moaned about this and how to
-| fix it?
-|
-| Anyway, Uni server is ALPHA, the PDC for domain OMEGA. Home
-| server is GAMMA, home workstation is DELTA. User 'andy' can
-| log in to ALPHA over SSH, but not samba.
-| Increasing the log level to 3 and looking at the access log
-| for DELTA on ALPHA when DELTA tries to connect as user
-| 'andy' to view shares:
-|
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256)
-| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
-| [2005/09/20 12:44:41, 3] smbd/uid.c:push_conn_ctx(365)
-| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288)
-| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
-| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
-| [2005/09/20 12:44:41, 3] auth/auth.c:check_ntlm_password(219)
-| check_ntlm_password: Checking password for unmapped user
-| [DELTA]\[andy]@[DELTA] with the new password interface
-| [2005/09/20 12:44:41, 3] auth/auth.c:check_ntlm_password(222)
-| check_ntlm_password: mapped user is: [OMEGA]\[andy]@[DELTA]
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256)
-| push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
-| [2005/09/20 12:44:41, 3] smbd/uid.c:push_conn_ctx(365)
-| push_conn_ctx(0) : conn_ctx_stack_ndx = 0
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288)
-| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
-| [2005/09/20 12:44:41, 2] lib/smbldap.c:smbldap_open_connection(692)
-| smbldap_open_connection: connection opened
-| [2005/09/20 12:44:41, 3] lib/smbldap.c:smbldap_connect_system(866)
-| ldap_connect_system: succesful connection to the LDAP server
-| ldap_connect_system: LDAP server does not support paged results
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
-| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
-| [2005/09/20 12:44:41, 3] auth/auth_sam.c:check_sam_security(257)
-| check_sam_security: Couldn't find user 'andy' in passdb.
-| [2005/09/20 12:44:41, 3]
-| auth/auth_winbind.c:check_winbind_security(80)
-| check_winbind_security: Not using winbind, requested
-| domain [OMEGA] was for this SAM.
-| [2005/09/20 12:44:41, 2] auth/auth.c:check_ntlm_password(312)
-| check_ntlm_password: Authentication for user [andy] ->
-| [andy] FAILED with error NT_STATUS_NO_SUCH_USER
-| [2005/09/20 12:44:41, 3] smbd/process.c:timeout_processing(1334)
-| timeout_processing: End of file from client (client has
-| disconnected).
-| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288)
-| setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
-| [2005/09/20 12:44:41, 2] smbd/server.c:exit_server(609)
-| Closing connections
-| [2005/09/20 12:44:41, 3] smbd/connection.c:yield_connection(69)
-| Yielding connection to
-| [2005/09/20 12:44:41, 3] smbd/server.c:exit_server(652)
-| Server exit (normal exit)
-|
-| It looks like the line "ldap_connect_system: LDAP server
-| does not support paged results" indcates the problem here,
-| however I have no idea what it means or how to fix
-| it. (Running OpenLDAP 2.2.23-5)
-|
-| Any suggestions as to whats wrong?
-|
-| Thanks again,
-|
-| Andy
-|
-|
-| --- On Tue Sep 20 10:53 ,
-| <Dirk.Laurenz at fujitsu-siemens.com> sent: ---
-|
-| >Hello Andy,
-| >
-| >you should setup a samba domain w/ a PDC and BDC or a dial
-| up line and a local wins server at home (but using a bdc is better).
-| >more over you should use an ldap backend. this should be
-| your setup:
-| >
-| >
-| > [HOME] ---DIAL UP LINE---> [UNI]
-| >
-| > [SERVER 1]
-| [SERVER 2]
-| > -OpenLDAP / Slave
-| -OpenLDAP / Master
-| > -Samba / BDC
-| -Samba / PDC
-| >
-| >I recommend to have a flat rate between UNI and HOME
-| >
-| >Mit freundlichem Gruß,
-| >
-| >
-| >
-| >Dirk Laurenz
-| >Systems Engineer
-| >
-| >Fujitsu Siemens Computers
-| >S CE DE SE PS N/O
-| >Sales Central Europe Deutschland
-| >Professional Service Nord / Ost
-| >
-| >Hildesheimer Strasse 25
-| >30880 Laatzen
-| >Germany
-| >
-| >Telephone: +49 (511) 84 89 - 18 08
-| >Telefax: +49 (511) 84 89 - 25 18 08
-| >Mobile: +49 (170) 22 10 781
-| >Email: dirk.laurenz at fujitsu-siemens.com
-| >Internet: http://www.fujitsu-siemens.com
-| > http://www.fujitsu-siemens.de/services/index.html
-| >***********************************************************
-| ********************************************************
-| --
-| To unsubscribe from this list go to the following URL and read the
-| instructions: https://lists.samba.org/mailman/listinfo/samba
-|
More information about the samba
mailing list