[Samba] Unable to set/authenticate to correct domain...
Matt Anderson
sokkerstud_11 at hotmail.com
Mon Jun 4 20:08:35 GMT 2007
Dear Help,I am currently running Samba 3.0.25 on AIX 5.3 (installed from the downloaded binaries from samba.org). I have configured Samba to authenticate to an LDAP backend on different servers (Two other samba configurations, one set up as PDC the other as BDC) in the usual way: workgroup = mydomain...passdb = ldapsam:"ldaps://...security = domaindomain master = nonetbios name = p505...I have a share set up like the following:[shared] comment = shared files path = /tmp/shares/testshare valid users = test read only = no write list = test browseable = Yes(It will be good to note that user 'test' belongs to a group called 'testers'. Both 'test' and 'testers' are in the LDAP directory)The main problem is that if I try to connect to the "shared" share, it fails with an access is denied message. However, if I change the configuration to look like the following:[shared]
comment = shared files
path = /tmp/shares/testshare
valid users = +testers
read only = no
write list = +testers
browseable = YesI can log in as 'test' and everything works fine.Based on the log files (running smbd with the -i option), I've come up with the following issues:1) It correctly gets the user's SID and group SID but goes on to say that it authenticates successfully, but that the SIDs have no privileges:"get_privileges: No privileges assigned to SID [insert-test-SID-here]"..."get_privileges: No privileges assigned to SID [insert-testers-SID-here]"..."User test with invalid SID [insert-test-SID-here] in passdb"..."user 'test (from session setup) not permitted to access this share (shared)"2) smbd doesn't seem to be searching for the correct domain object in the LDAP directory when it starts up. Note the following from when I ran smbd -i -d 3:...smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=p505))]...My guess is this is where the problem is. Instead of searching for the domain "mydomain" (which is the value set for workgroup in smb.conf and the machine is joined to the mydomain domain) it is searching for sambaDomainName p505 -- which is the hostname of the machine (as specified in the value set for netbios name in smb.conf).Is there a way to change what domain smbldap_search_domain_info is looking for? If so, when and where does that need to take place? Also, if I delete the p505 domain object from the LDAP directory, the smbd process just creates it again every time it is started since it can't find it.Any help, insight, wisdom or guidance would be most appreciated. If there's any other information I can provide, just let me know. Thanks!-Matt
_________________________________________________________________
Make every IM count. Download Windows Live Messenger and join the i’m Initiative now. It’s free.
http://im.live.com/messenger/im/home/?source=TAGWL_June07
More information about the samba
mailing list