[Samba] Samba LDAP troubleshooting

Brad C bradmailinglist at gmail.com
Fri Mar 13 13:46:43 GMT 2009 

Hi Julian,

It is not acting as a domain controller, I would like to use the ldap
backend of the pdc to authenticate instead of having to setup separate
passwords.
I have not reset passwords, its a duplicate database of the pdc.

net getlocalsid

SID for domain ITSHARE is: S-1-5-21-1243312448-3956249592-3341015638

Kind Regards
Brad


On Fri, Mar 13, 2009 at 12:39 PM, <jpb at bordengrammar.kent.sch.uk> wrote:

> Hiya,
>
> A few questions.
>
> Is the machine a PDC
>
> what's the output of the command "net getlocalsid" in a terminal
>
> What scripts are you using to change passwords? smbldaptools?
>
> Cheers,
>
> Julian
>
>
> > Hello
> >
> > I'm hoping someone can provide some insight, sample snippet from smb.conf
> > and the samba log.
> > Password authentication is working & succeeding, complains about an
> > invalid
> > SID which I know is the trust relationship that is formed between server
> > and
> > client, this is a duplicate ldap database from a samba domain controller.
> >
> > On the topic, anyone have a good book to recommend on Samba, I feel I am
> > only using 10% of its capability and not really well at that... something
> > is
> > staring me in the face and Im missing it.
> >
> > [global]
> >         workgroup = companyx
> >         printing = cups
> > hosts allow = 192.168.1.        printcap name = cups
> >         printcap cache time = 750
> >         cups options = raw
> >         map to guest = Bad User
> >         include = /etc/samba/dhcp.conf
> >         security = user
> >         encrypt passwords = Yes
> >         obey pam restrictions = No
> >         log level = 2
> >         passdb backend = ldapsam:ldap://127.0.0.1/
> >         ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za
> >         ldap suffix = dc=companyx,dc=co,dc=za
> >         ldap group suffix = ou=Groups
> >         ldap user suffix = ou=Users
> >         ldap machine suffix = ou=Computers
> >         ldap idmap suffix = ou=Users
> >         ldap ssl = off
> >         ldap delete dn = Yes
> >
> > [testdir]
> >     comment = test1
> >     path = "/data/test"
> >     browseable = yes
> >     writable = yes
> >     read only = no
> >     available = yes
> >     valid users = bradleyc
> >     admin users = bradleyc
> >
> >
> >
> > [2009/03/13 08:36:39,  2]
> > lib/access.c:check_access(406)
> >
> >   Allowed connection from __ffff_192.168.2.154
> > (::ffff:192.168.2.154)
> >
> > [2009/03/13 08:36:39,  2]
> > lib/smbldap.c:smbldap_open_connection(796)
> >
> >   smbldap_open_connection: connection
> > opened
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_sam_from_ldap(571)
> >
> >   init_sam_from_ldap: Entry found for user:
> > bradleyc
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> >   init_group_from_ldap: Entry found for group:
> > 513
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> >   init_group_from_ldap: Entry found for group:
> > 513
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> >   init_group_from_ldap: Entry found for group:
> > 1010
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> >   init_group_from_ldap: Entry found for group:
> > 512
> >
> > [2009/03/13 08:36:39,  2]
> > auth/auth.c:check_ntlm_password(308)
> >
> >   check_ntlm_password:  authentication for user [bradleyc] -> [bradleyc]
> > ->
> > [bradleyc] succeeded
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> >   init_group_from_ldap: Entry found for group:
> > 544
> >
> > [2009/03/13 08:36:39,  2]
> > lib/access.c:check_access(406)
> >
> >   Allowed connection from ::ffff:192.168.2.154
> > (::ffff:192.168.2.154)
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_sam_from_ldap(571)
> >
> >   init_sam_from_ldap: Entry found for user:
> > bradleyc
> >
> > [2009/03/13 08:36:39,  2]
> > passdb/pdb_ldap.c:init_group_from_ldap(2344)
> >
> >   init_group_from_ldap: Entry found for group:
> > 513
> >
> > [2009/03/13 08:36:39,  0]
> > passdb/passdb.c:lookup_global_sam_name(595)
> >
> >   User bradleyc with invalid SID
> > S-1-5-21-1571991244-1820204139-1100571284-3420 in
> > passdb
> > [2009/03/13 08:36:39,  2]
> > smbd/service.c:make_connection_snum(736)
> >
> >   user 'bradleyc' (from session setup) not permitted to access this share
> > (testdir)
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
>

More information about the samba mailing list