[Samba] Samba LDAP troubleshooting
Brad C
bradmailinglist at gmail.com
Fri Mar 13 13:46:43 GMT 2009
Hi Julian,
It is not acting as a domain controller, I would like to use the ldap
backend of the pdc to authenticate instead of having to setup separate
passwords.
I have not reset passwords, its a duplicate database of the pdc.
net getlocalsid
SID for domain ITSHARE is: S-1-5-21-1243312448-3956249592-3341015638
Kind Regards
Brad
On Fri, Mar 13, 2009 at 12:39 PM, <jpb at bordengrammar.kent.sch.uk> wrote:
> Hiya,
>
> A few questions.
>
> Is the machine a PDC
>
> what's the output of the command "net getlocalsid" in a terminal
>
> What scripts are you using to change passwords? smbldaptools?
>
> Cheers,
>
> Julian
>
>
> > Hello
> >
> > I'm hoping someone can provide some insight, sample snippet from smb.conf
> > and the samba log.
> > Password authentication is working & succeeding, complains about an
> > invalid
> > SID which I know is the trust relationship that is formed between server
> > and
> > client, this is a duplicate ldap database from a samba domain controller.
> >
> > On the topic, anyone have a good book to recommend on Samba, I feel I am
> > only using 10% of its capability and not really well at that... something
> > is
> > staring me in the face and Im missing it.
> >
> > [global]
> > workgroup = companyx
> > printing = cups
> > hosts allow = 192.168.1. printcap name = cups
> > printcap cache time = 750
> > cups options = raw
> > map to guest = Bad User
> > include = /etc/samba/dhcp.conf
> > security = user
> > encrypt passwords = Yes
> > obey pam restrictions = No
> > log level = 2
> > passdb backend = ldapsam:ldap://127.0.0.1/
> > ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za
> > ldap suffix = dc=companyx,dc=co,dc=za
> > ldap group suffix = ou=Groups
> > ldap user suffix = ou=Users
> > ldap machine suffix = ou=Computers
> > ldap idmap suffix = ou=Users
> > ldap ssl = off
> > ldap delete dn = Yes
> >
> > [testdir]
> > comment = test1
> > path = "/data/test"
> > browseable = yes
> > writable = yes
> > read only = no
> > available = yes
> > valid users = bradleyc
> > admin users = bradleyc
> >
> >
> >
> > [2009/03/13 08:36:39, 2]
> > lib/access.c:check_access(406)
> >
> > Allowed connection from __ffff_192.168.2.154
> > (::ffff:192.168.2.154)
> >
> > [2009/03/13 08:36:39, 2]
> > lib/smbldap.c:smbldap_open_connection(796)
> >
> > smbldap_open_connection: connection
> > opened
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_sam_from_ldap(571)
> >
> > init_sam_from_ldap: Entry found for user:
> > bradleyc
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> > init_group_from_ldap: Entry found for group:
> > 513
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> > init_group_from_ldap: Entry found for group:
> > 513
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> > init_group_from_ldap: Entry found for group:
> > 1010
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> > init_group_from_ldap: Entry found for group:
> > 512
> >
> > [2009/03/13 08:36:39, 2]
> > auth/auth.c:check_ntlm_password(308)
> >
> > check_ntlm_password: authentication for user [bradleyc] -> [bradleyc]
> > ->
> > [bradleyc] succeeded
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> > init_group_from_ldap: Entry found for group:
> > 544
> >
> > [2009/03/13 08:36:39, 2]
> > lib/access.c:check_access(406)
> >
> > Allowed connection from ::ffff:192.168.2.154
> > (::ffff:192.168.2.154)
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_sam_from_ldap(571)
> >
> > init_sam_from_ldap: Entry found for user:
> > bradleyc
> >
> > [2009/03/13 08:36:39, 2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> > init_group_from_ldap: Entry found for group:
> > 513
> >
> > [2009/03/13 08:36:39, 0]
> > passdb/passdb.c:lookup_global_sam_name(595)
> >
> > User bradleyc with invalid SID
> > S-1-5-21-1571991244-1820204139-1100571284-3420 in
> > passdb
> > [2009/03/13 08:36:39, 2]
> > smbd/service.c:make_connection_snum(736)
> >
> > user 'bradleyc' (from session setup) not permitted to access this share
> > (testdir)
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
>
More information about the samba
mailing list