[Samba] SAMBA+PDC+Mysql authentication Backend

Pablo Camera cameraphp at hotmail.com
Fri Jun 12 20:01:58 GMT 2009 

I ne w in samba world but i was configured a Samba with shares folder linkable to users and it was successfull.

Now i try to extend to PDC but the client can't logon into the server:

the log.smbd could this


	  [2009/06/12 15:51:21,  0] smbd/server.c:main(1209)
  smbd version 3.2.3 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/06/12 15:51:21,  1] pdb_mysql.c:mysqlsam_init(607)
  Connecting to database server, host: localhost, user: samba, database: samba_auth, port: 3306
[2009/06/12 15:52:58,  0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
  get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server trust account
[2009/06/12 15:52:58,  0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
  _netr_ServerAuthenticate2: failed to get machine password for account MULTI$: NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/06/12 15:52:58,  0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
  get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server trust account
[2009/06/12 15:52:58,  0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
  _netr_ServerAuthenticate2: failed to get machine password for account MULTI$: NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/06/12 15:53:01,  0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
  Error executing UPDATE user SET WHERE user_sid = 'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_sid = 'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1

My smb.conf is this.

[global]
workgroup = MULTI
netbios name = MULTI
security = user

#Modificaciones para hacer de samba un PDC
os level = 64
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon path = \\%N\%u
logon drive = H:
logon home = \\multi\%u\perfil
logon script = %u.bdat
add user script = /usr/local/samba/bin/./pdbedit -a "%u"
#add user to group script = /usr/sbin/groupmod -m "%u" "%g"
add machine script = /usr/local/samba/bin/./pdbedit -am "%m"
delete user script = /usr/local/samba/bin/./pdbedit -x "%u"
#delete group script = /usr/sbin/groupdel "%g"
#delete user from group script = /usr/sbin/groupmod -x "%u" "%g"
#set primary group script = /usr/sbin/usermod -g "%g" "%u"
passwd program = /usr/local/samba/bin/./pdbedit -am "%u"
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
idmap uid = 10000-15000
idmap gid = 10000-15000

#Para enviar password
#lanman auth = Yes
#ntlm auth = No
#lm announce = Yes
#client lanman auth = Yes 
#Fin de password

#Fin de Modificaciones para PDC

#Mapeo de usuarios
username map = /usr/local/samba/lib/smbusers
#Fin de Mapeo de usuarios
 
obey pam restrictions = Yes
#Ultimo cambio de yes a no
encrypt passwords = yes
#fin cambio
update encrypted = no

#client lanman auth = yes
#client plaintext auth = yes

#Para Autenticar usuarios
passdb backend           = mysql:mysql
mysql:mysql host         = localhost
mysql:mysql user         = samba
mysql:mysql password     = 
mysql:mysql database     = samba_auth
mysql:fullname column    = nt_fullname:
mysql:domain column      = 'multi':
mysql:lanman pass column = NULL:
mysql:nt pass column     = NULL:
mysql:plain pass column  = plain_pw:
mysql:unknown_3 column   = NULL
mysql:sid column = user_sid
mysql:nt username column = nt_username
#mysql:nt pass          
smb passwd file = /etc/samba/private/smbpasswd
#Fin de Autenticacion de Usuarios

#Para PDC
[netlogon]
path = /home/netlogon
read only = yes
write list = ntadmin

[profiles]
path = /usr/local/samba/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700

#Fin PDC



[homes]
comment = Home Directories;
path = /home/%U
browseable = yes
valid users = %U
writable = yes

[Grupo]
comment = Grupo de usuarios
path = /grupo
browseable = yes
writable = yes
valid users = usuario1
force user = nobody
force group = nogroup

[multi]
comment=Carpeta privada de..
path=/usuario_grupo/multi
browseable=yes
writable=yes
valid users= juanpablo sonia yeruti
create mask = 0777
directory mask = 0777

and my mysql database samba_auth  dump is

-- phpMyAdmin SQL Dump
-- version 3.1.5
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jun 12, 2009 at 04:00 PM
-- Server version: 5.0.51
-- PHP Version: 5.2.4-2ubuntu5.6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `samba_auth`
--

-- --------------------------------------------------------

--
-- Table structure for table `user`
--

CREATE TABLE IF NOT EXISTS `user` (
  `logon_time` int(9) default NULL,
  `logoff_time` int(9) default NULL,
  `kickoff_time` int(9) default NULL,
  `pass_last_set_time` int(9) default NULL,
  `pass_can_change_time` int(9) default '0',
  `pass_must_change_time` int(9) default '2147483647',
  `username` varchar(255) default NULL,
  `domain` varchar(255) default NULL,
  `nt_username` varchar(255) default NULL,
  `nt_fullname` varchar(255) default NULL,
  `home_dir` varchar(255) default NULL,
  `dir_drive` varchar(4) default NULL,
  `logon_script` varchar(255) default NULL,
  `profile_path` varchar(255) default NULL,
  `acct_desc` varchar(255) default NULL,
  `workstations` varchar(255) default NULL,
  `unknown_str` varchar(255) default NULL,
  `munged_dial` varchar(255) default NULL,
  `uid` int(9) NOT NULL auto_increment,
  `gid` int(9) default NULL,
  `user_sid` varchar(255) default NULL,
  `group_sid` varchar(255) default NULL,
  `lm_pw` varchar(255) default NULL,
  `nt_pw` varchar(255) default NULL,
  `acct_ctrl` int(9) default '528',
  `logon_divs` int(9) default '168',
  `hours_len` int(9) default '21',
  `unknown_6` int(9) default '1260',
  `bad_password_count` int(9) default NULL,
  `logon_count` int(9) default '0',
  `logon_hours` varchar(42) default NULL,
  `password_history` text,
  `palin_pw` varchar(255) default NULL,
  `plain_pw` varchar(255) default NULL,
  PRIMARY KEY  (`uid`),
  KEY `username` (`username`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=13009 ;

--
-- Dumping data for table `user`
--

INSERT INTO `user` (`logon_time`, `logoff_time`, `kickoff_time`, `pass_last_set_time`, `pass_can_change_time`, `pass_must_change_time`, `username`, `domain`, `nt_username`, `nt_fullname`, `home_dir`, `dir_drive`, `logon_script`, `profile_path`, `acct_desc`, `workstations`, `unknown_str`, `munged_dial`, `uid`, `gid`, `user_sid`, `group_sid`, `lm_pw`, `nt_pw`, `acct_ctrl`, `logon_divs`, `hours_len`, `unknown_6`, `bad_password_count`, `logon_count`, `logon_hours`, `password_history`, `palin_pw`, `plain_pw`) VALUES
(0, 2147483647, 2147483647, 1244679702, 1244679702, 2147483647, 'juanpablo', NULL, NULL, NULL, '\\\\multi\\home\\juanpablo', NULL, NULL, '\\\\multi\\home\\juanpablo\\profile', NULL, NULL, NULL, NULL, 13005, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1226', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '123456'),
(0, 2147483647, 2147483647, 1244836148, 1244679704, 2147483647, 'yeruti', 'MULTI', NULL, NULL, '\\\\multi\\yeruti', NULL, NULL, '\\\\multi\\yeruti\\profile', NULL, NULL, NULL, NULL, 32, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1228', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '654321'),
(0, 2147483647, 2147483647, 1244727087, 1244679705, 2147483647, 'fulano', 'MULTI', NULL, NULL, '\\\\multi\\fulano', NULL, NULL, '\\\\multi\\fulano\\profile', NULL, NULL, NULL, NULL, 33, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1230', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '456789'),
(0, 2147483647, 2147483647, 1244679706, 1244679706, 2147483647, 'sonia', NULL, NULL, NULL, '\\\\multi\\sonia', NULL, NULL, '\\\\multi\\sonia\\profile', NULL, NULL, NULL, NULL, 34, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1232', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '123456789'),
(0, 2147483647, 2147483647, 1244732302, 1244732302, 2147483647, 'root', NULL, NULL, NULL, '\\\\multi\\root\\perfil', 'H:', 'root.bdat', '\\\\multi\\root', NULL, NULL, NULL, NULL, 13002, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1000', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '765A0C5EF4F663C750AC4433E136915F', NULL, '29881111'),
(0, 2147483647, 2147483647, 1244831051, 1244831051, 2147483647, 'multi$', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 13008, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1234', 'S-1-5-21-2398918909-2979869015-1347180298-513', '123456', '123456', 128, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', 'EFBCE5C663A37FC0850ED4FBDF0369C1', NULL, '123456');

Can you explain me why I wasn't logon into server as PDC client.


Thnaks and Luck

_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE

More information about the samba mailing list