[Samba] Weird issue with samba 3.4.7

Amit More amore at xetus.com
Wed Oct 26 14:13:00 MDT 2011 

Hello Chris,

Thank you for your response. I appreciate it. 

> Are you using a custom cert for your ldap server?
  - Yes i am using a custom cert for the ldap connection

> If so, do you have the root cert installed and do your ldap configuration
> files have the right tls_cacertfile entries?

- I have the root cert installed and the samba host has the right tls_certificate entries 
- 
> Is your ldap password password properly configured on the 10.04 host?


- Yes the ldap password is properly configured on the samba 10.04 host.


When i add the following directives to the smb.conf file and run "smbpasswd -W" to write the password to the secrets.tdb file, samba is able to connect to the LDAP server (verified through logs) and do a user lookup. Now  users trying to mount the shares are authenticated successfully only if  they have previously logged in to the system (via ssh), else i get errors (in logs) such as "NT_STATUS_WRONG_PASSWORD".  

I am stuck here. For now,  I am reading how authentication in samba works.

Thanks,
Amit


On Oct 26, 2011, at 12:22 PM, Chris Perry wrote:

> On Wed, Oct 26, 2011 at 2:59 PM, Amit More <amore at xetus.com> wrote:
> 
>> Hello All,
>> 
>> 
>> I have samba version 3.3.2 installed on a system running Ubuntu Server 9.04
>> (32-bit).  The users trying to mount the samba shares authenticate over the
>> LDAP server.
>> Here is how my configuration files look like,
>> 
> 
> Your /etc/nsswitch.conf and pam.d configurations look identical to my 10.04
> 64bit config, other than the fact that I don't have the pam_smbpass.so in
> password or pam_mkhomerdir.so in session, so I don't think your problem lies
> there.
> 
> I would check your ldap configuration to make sure that works properly
> before investigating the samba config.
> In that regard a few questions come to mind:
> 
> Are you using a custom cert for your ldap server?
> If so, do you have the root cert installed and do your ldap configuration
> files have the right tls_cacertfile entries?
> Is your ldap password password properly configured on the 10.04 host?
> 
> -Chris
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list