[Samba] Local account login failed when samba join to LDAP

L.P.H. van Belle belle at bazuin.nl
Wed Mar 26 02:41:26 MDT 2014 

wat does, 

getent passwd  
getent group

wbinfo -u
wbinfo -g 

tell you. 

 

>-----Oorspronkelijk bericht-----
>Van: Johnson.Cheng at QsanTechnology.com 
>[mailto:samba-bounces at lists.samba.org] Namens Johnson Cheng
>Verzonden: woensdag 26 maart 2014 8:11
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Local account login failed when samba 
>join to LDAP
>
>Dear All,
>
>I have upgraded samba version to 3.6.22.
>This issue still exists.
>
>Any suggestion will be appreciated.
>
>
>Regards,
>Johnson
>
>-----Original Message-----
>From: samba-bounces at lists.samba.org 
>[mailto:samba-bounces at lists.samba.org] On Behalf Of Johnson Cheng
>Sent: Friday, March 21, 2014 5:53 PM
>To: samba at lists.samba.org
>Subject: [Samba] Local account login failed when samba join to LDAP
>
>Dears,
>
>My samba version is 3.6.4
>I have a problem to co-work with open LDAP server. When samba 
>join to open LDAP server, my local account can NOT login samba 
>anymore, only LDAP account can login.
>When my samba come back to standalone, the local account is 
>OK. Did I miss something?
>
>The following is my configuration files, I list the part of 
>them, smb.conf server string = "Samba Server"
>workgroup = WORKGROUP
>security = user
>obey pam restrictions = yes
>passdb backend = ldapsam:ldap://192.168.8.143 ldap admin dn = 
>cn=admin, dc=ff,dc=com ldap suffix = dc=ff,dc=com domain 
>logons = yes ldap ssl = off ldap passwd sync = yes ldap group 
>suffix = ou=Groups ldap user suffix = ou=Users ldap machine 
>suffix = ou=Machines ldap delete dn = yes
>
>nslcd.conf
>uid admin
>gid Administrator_Group
>uri ldap://192.168.8.143
>base dc=ff,dc=com
>
>/etc/nssswitch.conf
>passwd: files ldap
>group:  files ldap
>shadow: files ldap
>
>/etc/pam.d/samba
>auth    sufficient      /usr/lib/security/pam_ldap.so
>auth    sufficient      /usr/lib/security/pam_unix.so
>account sufficient      /usr/lib/security/pam_ldap.so
>account sufficient      /usr/lib/security/pam_unix.so
>session sufficient      /usr/lib/security/pam_ldap.so
>session sufficient      /usr/lib/security/pam_unix.so
>
>I can use LDAP account to login samba via the below command, 
>smbclient -L 192.168.8.75 -U kevin2%123456123456
>
>But when I use local account to login samba via smbclient, it 
>reports "session setup failed: NT_STATUS_LOGON_FAILURE"
>smbclient -L 192.168.8.75 -U qq%qq
>
>One thing is interested that when I change "passdb backend = 
>ldapsam:ldap://192.168.8.143" to "passdb backend = tdbsam", 
>local account can login samba but LDAP account will fail to login.
>The below is samba output debug message,
>[2014/03/21 17:44:25.780867,  5] lib/smbldap.c:1439(smbldap_search_ext)
>  smbldap_search_ext: base => [dc=ff,dc=com], filter => 
>[(&(uid=qq)(objectclass=sambaSamAccount))], scope => [2]
>[2014/03/21 17:44:25.781685,  4] 
>passdb/pdb_ldap.c:1581(ldapsam_getsampwnam)
>  ldapsam_getsampwnam: Unable to locate user [qq] count=0
>[2014/03/21 17:44:25.781846,  4] smbd/sec_ctx.c:422(pop_sec_ctx)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2014/03/21 17:44:25.781931,  3] 
>auth/check_samsec.c:399(check_sam_security)
>  check_sam_security: Couldn't find user 'qq' in passdb.
>[2014/03/21 17:44:25.782108,  5] auth/auth.c:271(check_ntlm_password)
>  check_ntlm_password: sam authentication for user [qq] FAILED 
>with error NT_STATUS_NO_SUCH_USER
>[2014/03/21 17:44:25.782213, 10] 
>auth/auth_winbind.c:50(check_winbind_security)
>  Check auth for: [qq]
>[2014/03/21 17:44:25.782293,  3] 
>auth/auth_winbind.c:60(check_winbind_security)
>  check_winbind_security: Not using winbind, requested domain 
>[WORKGROUP] was for this SAM.
>[2014/03/21 17:44:25.782372, 10] auth/auth.c:259(check_ntlm_password)
>  check_ntlm_password: winbind had nothing to say
>[2014/03/21 17:44:25.787728,  2] auth/auth.c:334(check_ntlm_password)
>  check_ntlm_password:  Authentication for user [qq] -> [qq] 
>FAILED with error NT_STATUS_NO_SUCH_USER
>[2014/03/21 17:44:25.787936,  3] smbd/error.c:81(error_packet_set)
>  error packet at smbd/sesssetup.c(124) cmd=115 
>(SMBsesssetupX) NT_STATUS_LOGON_FAILURE
>
>
>Any suggestion will be appreciated.
>
>Regards,
>Johnson
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list