[Samba] Re: Authentication confusion - may be LDAP related

Ric Tibbetts rtibbetts at lanl.gov
Tue Sep 27 20:46:20 GMT 2005

At 02:20 PM 9/27/2005, paul kölle wrote:
>Ric Tibbetts wrote:
> > dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> > uid: 1040
> > username: u123456
> > <snip>
> >
> > with u123456 being my *nix login.
> >
> > To me, this looks very wrong (not to mention that there's no dc=).
>It looks wrong and the author surely has had no clue what cn means etc.
>nevertheless it should work.
> > If I'm seeing this right, shouldn't the login be the "uid" not
> > "username"? Is that what Samba is looking for?
>You can set "ldap filter = (username=%u)" in smb.conf along with a
>suitable value for "ldap suffix".
>Check the users with "getent passwd" to test if they are visible to the

This is from the error log:

  attempting to make a user_info for u212442 (212442)
  making strings for u212442's user_info struct
  making blobs for u212442's user_info struct
  made an encrypted user_info for u212442 (212442)
  check_ntlm_password:  mapped user is: [RX01]\[u212442]@[PN1162911]
  getsampwnam (smbpasswd): search by name: u212442
  check_sam_security: Couldn't find user 'u212442' in passdb.
  check_ntlm_password:  Authentication for user 
[212442] -> [u212442] FAILED with error NT_STATUS_NO_SUCH_USER

Yet, from that same AIX box if I check my id:

#> id u212442
uid=1040(u212442) gid=1001(sysadmin)

So the OS knows the id exists, it's just not passing that info to Samba.

More information about the samba mailing list