[Samba] NT_STATUS_LOGON_FAILURE with ldap backend

Adam Williams awilliam at mdah.state.ms.us
Tue Feb 26 18:41:18 GMT 2008

did you run smbldap-populate?  even with a user in ldap, that is for 
their posix (linux shell) account.  you will still need to run smbpasswd 
-a user to add their samba NT and LM hashes and samba SID info to ldap.

Luca Ferrari wrote:
> On Monday 25 February 2008 Luca Ferrari's cat, walking on the keyboard, wrote:
>> Hi all,
>> I've configured my samba server to work with my ldap backend, the
>> configuration of ldap is correct and in fact my users can interactively
>> login. The problem is with samba, that is always returning a
>> NT_STATUS_LOGON_FAILURE when a user tries to access a share. I'm in doubt
>> if I have to add ldap accounts through the ldap-tools of samba or not, at
>> the moment I did not add any account to samba (thinking it should read them
>> from the ldap server directly). In the logs I'm not able to find anything
>> useful, does anyone have any clue?
> I found that the server is connecting right to the ldap server:
> [2008/02/26 17:06:45, 3] lib/smbldap.c:smbldap_connect_system(997)
>   ldap_connect_system: succesful connection to the LDAP server
> but that the user trying to authenticate does not exists:
> [2008/02/26 17:06:45, 3] auth/auth_sam.c:check_sam_security(281)
>   check_sam_security: Couldn't find user 'luca' in passdb.
> [2008/02/26 17:06:45, 5] auth/auth.c:check_ntlm_password(273)
>   check_ntlm_password: sam authentication for user [luca] FAILED with error 
> The problem is that if I try to create the user with the smbldap-useradd I got 
> the error:
> Error looking for next uid at /usr/share/perl5/smbldap_tools.pm line 1044.
> Now, two questions:
> 1) why do I have to add accounts to samba if it should get them from the ldap 
> server?
> 2) how to solve the problem of the smbldap-useradd?
> Thanks,
> Luca

More information about the samba mailing list