[Samba] samba and openldap authentication issues!
Jeff Davis
jdavis at standard.k12.ca.us
Fri Apr 25 18:40:03 GMT 2008
Can you post a sanitized ldif of one of the user's ldap records? Do
they have all the samba attributes?
Kyle Corupe wrote:
> Alight, I've been working on this for too many hours straight. Any
> help would be much appreciated!
>
> (I posted this online to linux questions, it could be easier to read
> on there... http://www.linuxquestions.org/questions/linux-server-73/samba-and-openldap-authentication-issues-637647/)
>
> The problem is users created in smbldap-useradd can not login, unless
> they also are a local user. for example,
>
> kylec exists both locally and in smbldap-users, his smb passwd is
> differnt from his local passwd.
>
>
> Code: [root at beedril samba]# smbldap-userlist
> uid |username
>
> 0 |root
> 999 |nobody
> 1000 |kylec
> 1001 |test
> 1002 |test1
> 1003 |test2
> 1004 |test3
> 1005 |test4
> 1006 |test5
> 1007 |test6
> 1008 |test7$
> 1009 |test8$
> 1010 |test9
> here is log output from samba when kylec connects
>
>
>
> Code: kyle at kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec
> Password:
> Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4]
> smb: \> quit
>
>
> [2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
> init_sam_from_ldap: Entry found for user: kylec
>
> here is when a bad user trys to connect,
>
>
>
> Code: kyle at kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> [2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352)
> check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
> [2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80)
> check_winbind_security: Not using winbind, requested domain [WINIX]
> was for this SAM.
> [2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319)
> check_ntlm_password: Authentication for user [test3] -> [test3]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106)
> error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
>
>
>
> here is output from pbdedit -L
>
>
>
> Code: [root at beedril samba]# pdbedit -L
> map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory
> creating default valid table
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
> smbldap_open_connection: connection opened
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap_connect_system: succesful connection to the LDAP server
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
> smbldap_open_connection: connection opened
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap_connect_system: succesful connection to the LDAP server
> ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal
> init_sam_from_ldap: Entry found for user: root
> root:0:root
> init_sam_from_ldap: Entry found for user: nobody
> nobody:99:nobody
> init_sam_from_ldap: Entry found for user: kylec
> kylec:501:kylec
> init_sam_from_ldap: Entry found for user: test1
> test1:4294967295:test1
> init_sam_from_ldap: Entry found for user: test2
> test2:4294967295:test2
> init_sam_from_ldap: Entry found for user: test3
> test3:4294967295:test3
> init_sam_from_ldap: Entry found for user: test4
> test4:504:test4
> init_sam_from_ldap: Entry found for user: test5
> test5:4294967295:test5
>
> I think the problem has something to do with it not verifying that
> the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap
> working correctly (I believe).
>
> I can ldapsearch my ldap server, everything on that end seems to be
> working its just getting samba to authenticate against it! so again
> any help would be MUCH APPRECIATED!!!
>
> thanks guys!
>
>
More information about the samba
mailing list