[Samba] Re: Authentication confusion - may be LDAP related
Ric Tibbetts
rtibbetts at lanl.gov
Tue Sep 27 20:46:20 GMT 2005
At 02:20 PM 9/27/2005, paul kölle wrote:
>Ric Tibbetts wrote:
> > dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> > uid: 1040
> > username: u123456
> > <snip>
> >
> > with u123456 being my *nix login.
> >
> > To me, this looks very wrong (not to mention that there's no dc=).
>It looks wrong and the author surely has had no clue what cn means etc.
>nevertheless it should work.
>
>
> > If I'm seeing this right, shouldn't the login be the "uid" not
> > "username"? Is that what Samba is looking for?
>You can set "ldap filter = (username=%u)" in smb.conf along with a
>suitable value for "ldap suffix".
>
>Check the users with "getent passwd" to test if they are visible to the
>system.
This is from the error log:
attempting to make a user_info for u212442 (212442)
making strings for u212442's user_info struct
making blobs for u212442's user_info struct
made an encrypted user_info for u212442 (212442)
check_ntlm_password: mapped user is: [RX01]\[u212442]@[PN1162911]
getsampwnam (smbpasswd): search by name: u212442
check_sam_security: Couldn't find user 'u212442' in passdb.
check_ntlm_password: Authentication for user
[212442] -> [u212442] FAILED with error NT_STATUS_NO_SUCH_USER
Yet, from that same AIX box if I check my id:
#> id u212442
uid=1040(u212442) gid=1001(sysadmin)
So the OS knows the id exists, it's just not passing that info to Samba.
More information about the samba
mailing list