[Samba] Re: Authentication confusion - may be LDAP related
paul at subsignal.org
Tue Sep 27 21:34:06 GMT 2005
Ric Tibbetts wrote:
> This is from the error log:
> attempting to make a user_info for u212442 (212442)
> making strings for u212442's user_info struct
> making blobs for u212442's user_info struct
> made an encrypted user_info for u212442 (212442)
> check_ntlm_password: mapped user is: [RX01]\[u212442]@[PN1162911]
> getsampwnam (smbpasswd): search by name: u212442
> check_sam_security: Couldn't find user 'u212442' in passdb.
> check_ntlm_password: Authentication for user  -> [u212442]
> FAILED with error NT_STATUS_NO_SUCH_USER
If you can increase the log level for the LDAP server you can see what
filter is used above and find out why the object is not found.
Have you added the sambaSamAccount objectClass and attributes to the
user? You can use smbldap-tools for that.
> Yet, from that same AIX box if I check my id:
> #> id u212442
> uid=1040(u212442) gid=1001(sysadmin)
> So the OS knows the id exists, it's just not passing that info to Samba.
Sorry, I don't know AIX, but if all users and groups samba needs to know
about are in LDAP, you can probably set "ldapsam:trusted = yes" in
smb.conf bypassing the whole NSS story. Read the manpage of smb.conf
what this parameter does.
More information about the samba