[Samba] login failed
denis rohou
denis.rohou at ville-lannion.fr
Thu Apr 17 14:32:33 GMT 2008
sorry :
my log change and this error isn't it
the authentification work for win 2000 client via network share but
does'nt work at boot authentification.
any idee
testparm :
[global]
workgroup = MAILAN.LOCAL
netbios name = AUTHLAN
server string = Samba-LDAP PDC Server
passdb backend = ldapsam:ldap://127.0.0.1/
log level = 3
log file = /var/log/samba/log.%m
smb ports = 139
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%
g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%
u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%
u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path = \\%L\profile\%U
logon drive = P:
logon home = \\%L\%U
domain logons = Yes
os level = 40
preferred master = Yes
domain master = Yes
dns proxy = No
ldap admin dn = cn=admin,dc=mailan,dc=local
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap suffix = dc=mailan,dc=local
ldap user suffix = ou=Users
winbind use default domain = Yes
hosts allow = 192.168., 127.
case sensitive = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
msdfs root = Yes
[profile]
path = /home/export/profile
read only = No
browseable = No
[netlogon]
path = /home/netlogon
write list = Administrateur
browseable = No
[homes]
comment = Repertoire Personnel
read only = No
browseable = No
[partage]
comment = Repertoire commun
path = /partage
read only = No
guest ok = Yes
################################### slapd.conf #########################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 3
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
#######################################################################
# SSL:
# Uncomment the following lines to enable SSL and use the default
# snakeoil certificates.
#TLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#TLSCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Chemin vers le certificat du serveur LDAP
#TLSCertificateFile /etc/ldap/cert/servercert.pem
# Chemin vers la clef privée du serveur LDAP
#TLSCertificateKeyFile /etc/ldap/cert/serverkey.pem
# Chemin vers le certificat de la CA
#TLSCACertificateFile /etc/ldap/cert/cacert.pem
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=mailan,dc=local"
rootdn "cn=admin,dc=mailan,dc=local"
rootpw xxxxxxxxxxxxxxxxx
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
replogfile "/var/lib/ldap/replog"
replica uri=ldap://192.168.0.132:389
binddn="uid=replication,ou=users,dc=mailan,dc=local"
bindmethod=simple credentials=yyyyyyyy
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=mailan,dc=local" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=mailan,dc=local" write
by dn="uid=replication,ou=users,dc=mailan,dc=local" read
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=mailan,dc=local" write
# by dnattr=owner write
############ log smb #####################
[2008/04/17 15:10:11, 3] smbd/oplock.c:init_oplocks(871)
open_oplock_ipc: initializing messages.
[2008/04/17 15:10:11, 3]
smbd/oplock_linux.c:linux_init_kernel_oplocks(259)
Linux kernel oplocks enabled
[2008/04/17 15:10:11, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2008/04/17 15:10:11, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.1.222)
[2008/04/17 15:10:11, 3] smbd/process.c:process_smb(1194)
Transaction 0 of length 72
[2008/04/17 15:10:11, 2] smbd/reply.c:reply_special(490)
netbios connect: name1=AUTHLAN name2=LPDRO
[2008/04/17 15:10:11, 2] smbd/reply.c:reply_special(497)
netbios connect: local=authlan remote=lpdro, name type = 0
############# log slapd ####################
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_get(17): got
connid=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_read(17):
checking for input on id=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: ber_get_next on fd 17 failed
errno=11 (Resource temporarily unavailable)
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_bind
Apr 17 14:48:57 drohou-desktop slapd[6297]: >>> dnPrettyNormal:
<cn=admin,dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: <<< dnPrettyNormal:
<cn=admin,dc=mailan,dc=local>, <cn=admin,dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_bind: version=3
dn="cn=admin,dc=mailan,dc=local" method=128
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_bind: v3 bind:
"cn=admin,dc=mailan,dc=local" to "cn=admin,dc=mailan,dc=local"
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_result: conn=77
op=0 p=3
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_response: msgid=1
tag=97 err=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_get(17): got
connid=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_read(17):
checking for input on id=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_search
Apr 17 14:48:57 drohou-desktop slapd[6297]: >>> dnPrettyNormal: <>
Apr 17 14:48:57 drohou-desktop slapd[6297]: <<< dnPrettyNormal: <>, <>
Apr 17 14:48:57 drohou-desktop slapd[6297]: => send_search_entry: dn=""
Apr 17 14:48:57 drohou-desktop slapd[6297]: ber_get_next on fd 17 failed
errno=11 (Resource temporarily unavailable)
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= send_search_entry
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_result: conn=77
op=1 p=3
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_response: msgid=2
tag=101 err=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_get(17): got
connid=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_read(17):
checking for input on id=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: ber_get_next on fd 17 failed
errno=11 (Resource temporarily unavailable)
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_search
Apr 17 14:48:57 drohou-desktop slapd[6297]: >>> dnPrettyNormal:
<dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: <<< dnPrettyNormal:
<dc=mailan,dc=local>, <dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_search
Apr 17 14:48:57 drohou-desktop slapd[6297]:
bdb_dn2entry("dc=mailan,dc=local")
Apr 17 14:48:57 drohou-desktop slapd[6297]: search_candidates:
base="dc=mailan,dc=local" (0x00000003) scope=2
Apr 17 14:48:57 drohou-desktop slapd[6297]: =>
bdb_dn2idl( "dc=mailan,dc=local" )
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read: failed
(-30990)
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=0, first=0, last=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(uid)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 1
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=1, first=159, last=159
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 141
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=141, first=9, last=166
Apr 17 14:48:57 drohou-desktop slapd[6297]: bdb_search_candidates: id=1
first=159 last=159
Apr 17 14:48:57 drohou-desktop slapd[6297]: => send_search_entry:
dn="uid=lpdro$,ou=Machines,dc=mailan,dc=local"
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= send_search_entry
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_result: conn=77
op=2 p=3
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_response: msgid=3
tag=101 err=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_get(17): got
connid=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_read(17):
checking for input on id=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: ber_get_next on fd 17 failed
errno=11 (Resource temporarily unavailable)
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_search
Apr 17 14:48:57 drohou-desktop slapd[6297]: >>> dnPrettyNormal:
<dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: <<< dnPrettyNormal:
<dc=mailan,dc=local>, <dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_search
Apr 17 14:48:57 drohou-desktop slapd[6297]:
bdb_dn2entry("dc=mailan,dc=local")
Apr 17 14:48:57 drohou-desktop slapd[6297]: search_candidates:
base="dc=mailan,dc=local" (0x00000003) scope=2
Apr 17 14:48:57 drohou-desktop slapd[6297]: =>
bdb_dn2idl( "dc=mailan,dc=local" )
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read: failed
(-30990)
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=0, first=0, last=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(uid)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 1
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=1, first=54, last=54
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 141
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=141, first=9, last=166
Apr 17 14:48:57 drohou-desktop slapd[6297]: bdb_search_candidates: id=1
first=54 last=54
Apr 17 14:48:57 drohou-desktop slapd[6297]: => send_search_entry:
dn="uid=dpr,ou=Users,dc=mailan,dc=local"
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= send_search_entry
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_result: conn=77
op=3 p=3
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_response: msgid=4
tag=101 err=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_get(15): got
connid=4
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_read(15):
checking for input on id=4
Apr 17 14:48:57 drohou-desktop slapd[6297]: ber_get_next on fd 15 failed
errno=11 (Resource temporarily unavailable)
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_search
Apr 17 14:48:57 drohou-desktop slapd[6297]: >>> dnPrettyNormal:
<dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: <<< dnPrettyNormal:
<dc=mailan,dc=local>, <dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: ==> limits_get: conn=4 op=66
dn="[anonymous]"
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_search
Apr 17 14:48:57 drohou-desktop slapd[6297]:
bdb_dn2entry("dc=mailan,dc=local")
Apr 17 14:48:57 drohou-desktop slapd[6297]: search_candidates:
base="dc=mailan,dc=local" (0x00000003) scope=2
Apr 17 14:48:57 drohou-desktop slapd[6297]: =>
bdb_dn2idl( "dc=mailan,dc=local" )
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read: failed
(-30990)
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=0, first=0, last=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 141
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=141, first=9, last=166
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(uid)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 1
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=1, first=54, last=54
Apr 17 14:48:57 drohou-desktop slapd[6297]: bdb_search_candidates: id=1
first=54 last=54
Apr 17 14:48:57 drohou-desktop slapd[6297]: => send_search_entry:
dn="uid=dpr,ou=Users,dc=mailan,dc=local"
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= send_search_entry
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_result: conn=4
op=66 p=3
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_response: msgid=67
tag=101 err=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_get(17): got
connid=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: connection_read(17):
checking for input on id=77
Apr 17 14:48:57 drohou-desktop slapd[6297]: ber_get_next on fd 17 failed
errno=11 (Resource temporarily unavailable)
Apr 17 14:48:57 drohou-desktop slapd[6297]: do_search
Apr 17 14:48:57 drohou-desktop slapd[6297]: >>> dnPrettyNormal:
<ou=Groups,dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: <<< dnPrettyNormal:
<ou=Groups,dc=mailan,dc=local>, <ou=groups,dc=mailan,dc=local>
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_search
Apr 17 14:48:57 drohou-desktop slapd[6297]:
bdb_dn2entry("ou=groups,dc=mailan,dc=local")
Apr 17 14:48:57 drohou-desktop slapd[6297]: search_candidates:
base="ou=groups,dc=mailan,dc=local" (0x00000006) scope=2
Apr 17 14:48:57 drohou-desktop slapd[6297]: =>
bdb_dn2idl( "ou=groups,dc=mailan,dc=local" )
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_dn2idl: id=10 first=6
last=19
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read: failed
(-30990)
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=0, first=0, last=0
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(objectClass)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 9
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=9, first=11, last=19
Apr 17 14:48:57 drohou-desktop slapd[6297]: => bdb_equality_candidates
(gidNumber)
Apr 17 14:48:57 drohou-desktop slapd[6297]: => key_read
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_index_read 115
candidates
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= bdb_equality_candidates:
id=115, first=12, last=160
Apr 17 14:48:57 drohou-desktop slapd[6297]: bdb_search_candidates: id=1
first=12 last=12
Apr 17 14:48:57 drohou-desktop slapd[6297]: => send_search_entry:
dn="cn=Domain Users,ou=Groups,dc=mailan,dc=local"
Apr 17 14:48:57 drohou-desktop slapd[6297]: <= send_search_entry
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_result: conn=77
op=4 p=3
Apr 17 14:48:57 drohou-desktop slapd[6297]: send_ldap_response: msgid=5
tag=101 err=0
Le jeudi 17 avril 2008 à 14:48 +0200, Christian Perrier a écrit :
> Quoting denis rohou (denis.rohou at ville-lannion.fr):
> > Hello
> >
> > i've samba 3.022 with a ldap 2.2.26. I've no pb to join domain with
my
> > win2000, but when I reboot I'm reject (bad username ...).
> > I find in debug that the first param sent by the client was the
login
> > and I think it must be the machines name.
> > Any idee ?
>
> At this moment, no. And I bet nobody will have, I'm afraid.
>
> People need much more information to have a chance to help you out.
>
> You first might need to send information about your setup.
>
> For this, sending the output of
> "testparm -s /whatever/path/is/your/smb.conf" would help. (recommended
> over just sending the raw smb.conf)
>
> Also, setting "log level" to 3 and sendong out the relevant part of
> the smbd log file would also help a lot (and maybe be even enough for
> you to spot the problem)
>
>
--
Denis Rohou
Service Informatique
ville de Lannion
22113 lannion
02-96-46-64-22
--
Denis Rohou
Service Informatique
ville de Lannion
22113 lannion
02-96-46-64-22
More information about the samba
mailing list