[Samba] samba and openldap authentication issues!

Kyle Corupe kcorupe at corpedia.com
Fri Apr 25 17:44:34 GMT 2008 

Alight, I've been working on this for too many hours straight. Any
help would be much appreciated!

(I posted this online to linux questions, it could be easier to read
on there... http://www.linuxquestions.org/questions/linux-server-73/samba-and-openldap-authentication-issues-637647/)

 The problem is users created in smbldap-useradd can not login, unless
they also are a local user. for example,

 kylec exists both locally and in smbldap-users, his smb passwd is
differnt from his local passwd.


Code: [root at beedril samba]# smbldap-userlist
uid |username

 0 |root
 999 |nobody
1000 |kylec
1001 |test
1002 |test1
1003 |test2
1004 |test3
1005 |test4
1006 |test5
1007 |test6
1008 |test7$
1009 |test8$
1010 |test9
 here is log output from samba when kylec connects



Code: kyle at kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec
Password:
Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4]
smb: \> quit


[2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
 init_sam_from_ldap: Entry found for user: kylec

 here is when a bad user trys to connect,



Code: kyle at kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

[2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352)
 check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80)
 check_winbind_security: Not using winbind, requested domain [WINIX]
was for this SAM.
[2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319)
 check_ntlm_password: Authentication for user [test3] -> [test3]
FAILED with error NT_STATUS_NO_SUCH_USER
[2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106)
 error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE



 here is output from pbdedit -L



Code: [root at beedril samba]# pdbedit -L
map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory
creating default valid table
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
smbldap_open_connection: connection opened
smbldap_check_root_dse: Expected one rootDSE, got 0
ldap_connect_system: succesful connection to the LDAP server
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
smbldap_open_connection: connection opened
smbldap_check_root_dse: Expected one rootDSE, got 0
ldap_connect_system: succesful connection to the LDAP server
ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal
init_sam_from_ldap: Entry found for user: root
root:0:root
init_sam_from_ldap: Entry found for user: nobody
nobody:99:nobody
init_sam_from_ldap: Entry found for user: kylec
kylec:501:kylec
init_sam_from_ldap: Entry found for user: test1
test1:4294967295:test1
init_sam_from_ldap: Entry found for user: test2
test2:4294967295:test2
init_sam_from_ldap: Entry found for user: test3
test3:4294967295:test3
init_sam_from_ldap: Entry found for user: test4
test4:504:test4
init_sam_from_ldap: Entry found for user: test5
test5:4294967295:test5

 I think the problem has something to do with it not verifying that
the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap
working correctly (I believe).

 I can ldapsearch my ldap server, everything on that end seems to be
working its just getting samba to authenticate against it! so again
any help would be MUCH APPRECIATED!!!

 thanks guys!

-- 
Kyle Corupe

Unix Administrator
Corpedia Corporation
Desk:(602)443-2148
kcorupe at corpedia.com

More information about the samba mailing list