[Samba] Samba 3.4.7 with LDAP authentication

Amit More amore at xetus.com
Thu Oct 6 13:58:15 MDT 2011 

Hello All,

I have samba (Version 3.4.7) installed on a Ubuntu Server 10.04 (64-bit) using apt. I'm attempting to authenticate users connecting to the samba share over LDAP following the documentation https://help.ubuntu.com/10.04/serverguide/C/samba-ldap.html, but the authentication over LDAP fails. The OpenLDAP server was already configured to include the samba.schema, so i have skipped all the steps that fall under the "OpenLDAP Configuration" section of the manual referenced earlier.

I have set the following directives in /etc/samba/smb.cnf file
	
####### Authentication #######
	security = user
	encrypt passwords = true
	passdb backend = ldapsam:ldaps://ldap1.example.com/
	ldap ssl = no
	ldap admin dn = cn=root,dc=example,dc=com
 	ldap user suffix = ou=people,dc=example,dc=com
 	ldap group suffix = ou=groups,dc=example,dc=com
	ldap suffix = dc=example,dc=com
	obey pam restrictions = yes
	unix password sync = yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	pam password change = yes
	map to guest = bad user

=========== Share Definitions ===
	[Documents]
	comment = Ubuntu File Server Share
	path = /data/Documents
	browsable = yes
	guest ok = no
	read only = no
	create mask = 0755
	
When a user tries to connect to the samba share the /var/log/samba/log.user file is populated with the following messages,

[2011/10/06 10:15:53,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface
[2011/10/06 10:15:53,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99]
[2011/10/06 10:15:53,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2011/10/06 10:15:53,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2011/10/06 10:15:53,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2011/10/06 10:15:53,  2] lib/smbldap.c:890(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2011/10/06 10:15:53,  3] lib/smbldap.c:1101(smbldap_connect_system)
  ldap_connect_system: successful connection to the LDAP server
[2011/10/06 10:15:53,  4] lib/smbldap.c:1177(smbldap_open)
  The LDAP server is successfully connected
[2011/10/06 10:15:53,  4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam)
  ldapsam_getsampwnam: Unable to locate user [amore] count=0
[2011/10/06 10:15:53,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/06 10:15:53,  3] auth/auth_sam.c:282(check_sam_security)
  check_sam_security: Couldn't find user 'amore' in passdb.
[2011/10/06 10:15:53,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [amore] -> [amore] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/10/06 10:15:53,  3] smbd/sesssetup.c:42(do_map_to_guest)
  No such user amore [FILESERVER] - using guest account
[2011/10/06 10:15:53,  4] passdb/pdb_ldap.c:2550(ldapsam_getgroup)
  ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534))


The messages in the /var/log/syslog file on the LDAP server are as follows,

Oct  6 10:03:06 ldap1 slapd[450]: <= bdb_equality_candidates: (host) not indexed
Oct  6 10:03:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed
Oct  6 10:04:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed
Oct  6 10:05:18 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed
Oct  6 10:05:18 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaDomainName) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: last message repeated 4 times
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Oct  6 10:06:13 ldap1 slapd[450]: last message repeated 4 times
Oct  6 10:06:13 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed
Oct  6 10:07:22 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed
Oct  6 10:08:33 ldap1 slapd[450]: last message repeated 3 times

Here are some details of the packages installed,
slapd: version  2.4.21-0ubuntu5.4    
libnss-ldapd: version 0.7.13   

Samba and OpenLDAP are running on two different systems. LDAP users can ssh into the machine running samba without any issues.

Can anybody point me in the right direction? I would appreciate all your time and help.

Thanks, 
Amit

More information about the samba mailing list