[Samba] Samba3.5 + OpenLDAP config/install problem

[Volker Lendecke]

On Mon, Feb 11, 2013 at 05:55:22PM -0800, Wes Modes wrote:
> System Summary:
> 
> centos 6.2
> samba 3.5
> smbldap-tools 0.9.6
> openldap 2.4.23
> 
> Hello,
> 
> I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools.  I've
> previously installed a similar configuration on RHEL4 using smb 3.0 but
> CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the
> configurations cannot be moved straight across.
> 
> Currently, when I attempt to connect to an smb share with a valid ldap
> user and group on this host, I get "tree connect failed:
> NT_STATUS_ACCESS_DENIED"
> 
> The LDAP server is currently serving as the directory server for the
> existing Samba3.0 server.  I can connect to the identical share on that
> server as that user, so I know the user and group are okay.
> 
> With log level 2, I get:
> 
>     [2013/02/11 17:11:00.701864,  2]
>     lib/smbldap.c:950(smbldap_open_connection)
>       smbldap_open_connection: connection opened
>     [2013/02/11 17:11:00.704794,  2]
>     passdb/pdb_ldap.c:572(init_sam_from_ldap)
>       init_sam_from_ldap: Entry found for user: wmodes
>     [2013/02/11 17:11:00.735092,  2] auth/auth.c:304(check_ntlm_password)
>       check_ntlm_password:  authentication for user [wmodes] -> [wmodes]
>     -> [wmodes] succeeded
>     [2013/02/11 17:11:00.735608,  1]
>     passdb/pdb_ldap.c:2569(ldapsam_getgroup)
>       ldapsam_getgroup: Duplicate entries for filter
>     (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2

You should try again after removing one of those two entries
with S-1-5-32-544.

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de