[Samba] Samba, OpenLDAP and Windows Vista
Mr Havercamp
mrhavercamp at gmail.com
Wed Sep 26 15:29:27 GMT 2007
I have a Samba server set up to share files within a small network (with
2 clients) and I use OpenLDAP to store user accounts.
I have pretty much got everything working (smbclient prints the correct
information and I can browse and log into Samba via Nautilus) except I
can't get the Vista client to connect to Samba, as it won't even prompt
for a username and password it simply pops up the error "The account is
not authorized to log in from this station".
If I set encrypt passwords = yes in smb.conf then Vista client begins to
be prompted for a username/password but the login always fails and I
get re-prompted for the combination. Looking in the smb logs I see;
"check_ntlm_password: Authentication for user [testuser] -> [testuser]
FAILED with error NT_STATUS_NO_SUCH_USER"
I have included my testparm output, slapd.conf and ldap.conf files for
review as I'm sure I have something in slapd.conf incorrectly
configured. Additionally, I've attached all logging for the specific
session.
testparm
*********
[global]
workgroup = BUSHWOOD.LOCAL
server string = Samba Server
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password %n\n
*all*authentication*tokens*updated*
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 3
log file = /var/log/samba/smbd.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
ldap admin dn = cn=Manager,dc=bushwood,dc=local
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
ldap passwd sync = Yes
ldap suffix = dc=bushwood,dc=local
ldap ssl = no
ldap user suffix = ou=People
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
hosts allow = 192.168.5., 127.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[shared]
comment = Users share
path = /home/shared
valid users = S-1-5-21-2252255531-4061614174-2474224977-513
read only = No
create mask = 0770
slapd.conf
***********
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=bushwood,dc=local"
rootdn "cn=Manager,dc=bushwood,dc=local"
rootpw {SSHA}wflS3RmzdjXVxYDF1zX9kRh3IHT8nza9
hash_encrypt="SSHA"
directory /var/lib/ldap/bushwood.local
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
ldap.conf
**********
HOST 192.168.5.1
BASE dc=bushwood,dc=local
TLS_CACERTDIR /etc/openldap/cacerts
smbd.log
*********
[2007/09/26 23:20:23, 3] smbd/oplock.c:init_oplocks(863)
init_oplocks: initializing messages.
[2007/09/26 23:20:23, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(276)
Linux kernel oplocks enabled
[2007/09/26 23:20:23, 3] lib/access.c:check_access(312)
check_access: no hostnames in host allow/deny list.
[2007/09/26 23:20:23, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.5.21)
[2007/09/26 23:20:23, 3] smbd/process.c:process_smb(1068)
Transaction 0 of length 183
[2007/09/26 23:20:23, 3] smbd/process.c:switch_message(926)
switch message SMBnegprot (pid 14514) conn 0x0
[2007/09/26 23:20:23, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [LANMAN1.0]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [LM1.2X002]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [DOS LANMAN2.1]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [Samba]
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_nt1(364)
using SPNEGO
[2007/09/26 23:20:23, 3] smbd/negprot.c:reply_negprot(606)
Selected protocol NT LANMAN 1.0
[2007/09/26 23:20:25, 3] smbd/process.c:process_smb(1068)
Transaction 1 of length 176
[2007/09/26 23:20:25, 3] smbd/process.c:switch_message(926)
switch message SMBsesssetupX (pid 14514) conn 0x0
[2007/09/26 23:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
wct=12 flg2=0xc801
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
Doing spnego session setup
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
reply_spnego_negotiate: Got secblob of size 56
[2007/09/26 23:20:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
[2007/09/26 23:20:25, 3] smbd/process.c:process_smb(1068)
Transaction 2 of length 288
[2007/09/26 23:20:25, 3] smbd/process.c:switch_message(926)
switch message SMBsesssetupX (pid 14514) conn 0x0
[2007/09/26 23:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
wct=12 flg2=0xc801
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
Doing spnego session setup
[2007/09/26 23:20:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2007/09/26 23:20:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739)
Got user=[testuser] domain=[BUSHWOOD.LOCAL] workstation=[BILLYBAROO]
len1=24 len2=24
[2007/09/26 23:20:25, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[BUSHWOOD.LOCAL]\[testuser]@[BILLYBAROO] with the new password interface
[2007/09/26 23:20:25, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [CZERVIK]\[testuser]@[BILLYBAROO]
[2007/09/26 23:20:25, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/09/26 23:20:25, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/09/26 23:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/09/26 23:20:25, 2] lib/smbldap.c:smbldap_open_connection(786)
smbldap_open_connection: connection opened
[2007/09/26 23:20:25, 3] lib/smbldap.c:smbldap_connect_system(997)
ldap_connect_system: succesful connection to the LDAP server
[2007/09/26 23:20:25, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 23:20:25, 3] auth/auth_sam.c:check_sam_security(281)
check_sam_security: Couldn't find user 'testuser' in passdb.
[2007/09/26 23:20:25, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [testuser] -> [testuser]
FAILED with error NT_STATUS_NO_SUCH_USER
[2007/09/26 23:20:25, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/09/26 23:20:25, 3] smbd/process.c:timeout_processing(1328)
timeout_processing: End of file from client (client has disconnected).
[2007/09/26 23:20:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/26 23:20:25, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2007/09/26 23:20:25, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
More information about the samba
mailing list