[Samba] (no subject)
rodrigo tavares
rodrigofariat at yahoo.com.br
Tue Jul 24 13:47:54 MDT 2012
Hello People !
I´m using the new version Debian 6.0 (squeeze), so I configurate ldap and Samba.
But when i try log in windows machine, i enter with user and password, after click,
show the message for change your password, so come the message say: you not have permission to change the password. See mys commands:
root at debian:~# smbclient -L localhost -U secretary
Enter secretary's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
----------------------------------------------------------------
root at debian# smbclient -L localhost -U rodrigo
Enter rodrigo's password:
session setup failed: NT_STATUS_LOGON_FAILURE
-----------------------------------------------------------------
In the first the user is samba user, and second posix.
root at debian-fileserver:~# ldapsearch -xLLL uid=secretaria
dn: uid=secretaria,ou=Users,dc=defensoria,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: secretaria
sn: secretaria
givenName: secretaria
uid: secretaria
uidNumber: 1009
gidNumber: 513
homeDirectory: /home/secretaria
loginShell: /bin/bash
gecos: Secretaria
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: secretaria
sambaSID: S-1-5-21-3973246732-289451499-211008055-3018
sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513
sambaLogonScript: logon.bat
sambaProfilePath: \\PDC-SRV\profiles\secretaria
sambaHomePath: \\PDC-SRV\secretaria
sambaHomeDrive: H:
sambaLMPassword: 86A5FB68C21C24AAAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 6755830B5B0326545526B270AFFF4EEA
sambaPwdLastSet: 1343154178
sambaPwdMustChange: 1347042178
shadowMax: 45
root at debian-fileserver:~# ldapsearch -xLLL uid=rodrigo
dn: uid=rodrigo,ou=Users,dc=defensoria,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: rodrigo
sn: rodrigo
givenName: rodrigo
uid: rodrigo
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/rodrigo
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: rodrigo
sambaSID: S-1-5-21-3973246732-289451499-211008055-3004
sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513
sambaLogonScript: logon.bat
sambaProfilePath: \\PDC-SRV\profiles\rodrigo
sambaHomePath: \\PDC-SRV\rodrigo
sambaHomeDrive: H:
sambaLMPassword: 37CB7D408A71AB28AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: D8139AC71D1B08A58445C69F60DB30AD
sambaPwdLastSet: 1343157675
sambaPwdMustChange: 1347045675
shadowMax: 45
I have a red about sambaActFlags, I change this value with 0. But is not resolve.
My Smb.conf
[global]
workgroup = DEFENSORIABH
netbios name = DEFENSORIA
server string = %h server
interfaces = 127.0.0.0/8, eth0
bind interfaces only = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = lmhosts host wins bcast
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon.cmd
logon path = \\%N\profiles\%U
logon drive = H:
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=defensoria,dc=net
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=people
ldap suffix = dc=defensoria,dc=net
ldap ssl = no
ldap user suffix = ou=people
panic action = /usr/share/samba/panic-action %d
idmap backend = ldap:ldap://10.26.7.46
idmap uid = 10000-20000
idmap gid = 10000-20000
My /etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
#include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index default sub
index uidNumber eq
index gidNumber eq
index mail,givenName eq,subinitial
index dc eq
database bdb
suffix "dc=defensoria,dc=mg,dc=gov,dc=br"
rootdn "cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br"
#rootpw {SSHA}jtLR1an4EKJ7hKyMaPA7ZNvHzY7SG5M5
#rootpw {MD5}UURX0uvsL6q4+bFJJkUWew==
directory /var/lib/ldap
rootpw galo
access to *
by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write
by users read
by self write
by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write
by self write
by anonymous auth
by * none
access to attrs=shadowLastChange,shadowMax
by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write
by self write
by * read
index objectClass eq
Thanks !
Rodrigo
More information about the samba
mailing list