[Samba] Re: Authentication for user FAILED with error NT_STATUS_NO_SUCH_USER

[paul kölle]

Sérgio A P Ferreira wrote:
> Hi list,

> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SRCH
> base="dc=cultura,dc=gov,dc=br" scope=2 deref=0
> filter="(&(uid=testuser)(objectClass=sambaSamAccount))"
> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SRCH attr=uid uidNumber
> gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
> sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
> sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
> sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
> modifyTimestamp sambaLogonHours modifyTimestamp
> Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SEARCH RESULT tag=101 err=0
> nentries=0 text=
See the nentries=0? This is telling you the object was not found in your
LDAP directory. Try to search from the commandline with ldapsearch like:

ldapsearch -D <here goes what you have for "ldap admin dn" in your
smb.conf> -b "dc=gov,dc=br" -W (&(uid=testuser)(objectClass=sambaSamAccount)

if that doesn't work try modifying the search filter to read:

(&(uid=*)(objectClass=*)

if it works (you get the entries back), your entry most likely misses
the sambaSamAccount attributes, that is to say you missed a step in your
setup (smbpasswd?)

if it does not work it might be a problem with ACLs in your LDAP server.
 Try using your "rootdn" from slapd.conf for the -D switch in the above
search. If that works change your ACLs to allow your "ldap admin dn" to
read and write the necessary attributes.

Another thing to check is if your users are visible to the system via
NSS, a "getent passwd" should show your samba users along with the users
from /etc/passwd.

hth
 Paul