[Samba] Samba LDAP troubleshooting
Adam Williams
awilliam at mdah.state.ms.us
Tue Mar 17 17:47:28 GMT 2009
well the user's sid is invalid. does it match the domain's sid with net
getdomainsid?
Brad C wrote:
> Hello
>
> I'm hoping someone can provide some insight, sample snippet from smb.conf
> and the samba log.
> Password authentication is working & succeeding, complains about an invalid
> SID which I know is the trust relationship that is formed between server and
> client, this is a duplicate ldap database from a samba domain controller.
>
> On the topic, anyone have a good book to recommend on Samba, I feel I am
> only using 10% of its capability and not really well at that... something is
> staring me in the face and Im missing it.
>
> [global]
> workgroup = companyx
> printing = cups
> hosts allow = 192.168.1. printcap name = cups
> printcap cache time = 750
> cups options = raw
> map to guest = Bad User
> include = /etc/samba/dhcp.conf
> security = user
> encrypt passwords = Yes
> obey pam restrictions = No
> log level = 2
> passdb backend = ldapsam:ldap://127.0.0.1/
> ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za
> ldap suffix = dc=companyx,dc=co,dc=za
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> ldap ssl = off
> ldap delete dn = Yes
>
> [testdir]
> comment = test1
> path = "/data/test"
> browseable = yes
> writable = yes
> read only = no
> available = yes
> valid users = bradleyc
> admin users = bradleyc
>
>
>
> [2009/03/13 08:36:39, 2]
> lib/access.c:check_access(406)
>
> Allowed connection from __ffff_192.168.2.154
> (::ffff:192.168.2.154)
>
> [2009/03/13 08:36:39, 2]
> lib/smbldap.c:smbldap_open_connection(796)
>
> smbldap_open_connection: connection
> opened
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_sam_from_ldap(571)
>
> init_sam_from_ldap: Entry found for user:
> bradleyc
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
> init_group_from_ldap: Entry found for group:
> 513
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
> init_group_from_ldap: Entry found for group:
> 513
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
> init_group_from_ldap: Entry found for group:
> 1010
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
> init_group_from_ldap: Entry found for group:
> 512
>
> [2009/03/13 08:36:39, 2]
> auth/auth.c:check_ntlm_password(308)
>
> check_ntlm_password: authentication for user [bradleyc] -> [bradleyc] ->
> [bradleyc] succeeded
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
> init_group_from_ldap: Entry found for group:
> 544
>
> [2009/03/13 08:36:39, 2]
> lib/access.c:check_access(406)
>
> Allowed connection from ::ffff:192.168.2.154
> (::ffff:192.168.2.154)
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_sam_from_ldap(571)
>
> init_sam_from_ldap: Entry found for user:
> bradleyc
>
> [2009/03/13 08:36:39, 2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
> init_group_from_ldap: Entry found for group:
> 513
>
> [2009/03/13 08:36:39, 0]
> passdb/passdb.c:lookup_global_sam_name(595)
>
> User bradleyc with invalid SID
> S-1-5-21-1571991244-1820204139-1100571284-3420 in
> passdb
> [2009/03/13 08:36:39, 2]
> smbd/service.c:make_connection_snum(736)
>
> user 'bradleyc' (from session setup) not permitted to access this share
> (testdir)
>
More information about the samba
mailing list