[Samba] user authentication issue

Itamar Gal itamarggal at gmail.com
Fri Apr 17 14:15:48 MDT 2015 

Hey Samba list,

First a brief comment regarding my background and situation. This is my
first time posting to this list. I've been asked to resolve a Samba
authentication issue, but I have next to no experience using Samba.
Unfortunately no one else here knows how to use it either; we're operating
with an inherited environment from a sysadmin who left minimal
documentation, and we have limited human resources in the context of IT.

Now on to my problem! A user is unable to access a Samba share. My company
has a web interface for adding new users, but apparently it's not doing the
trick this time for some reason. That's all of the information I've been
given, along with the user's UID. Preferring to work at the command line,
I've tried the following (from the host running the Samba server):

1. First I checked that the user has an entry in our LDAP server:

ldapsearch -h sambahost -x -LLL uid=userid

This returns an entry of the following form:

dn: uid=userid,ou=people,o=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
uid:: c2tkNjg0IA==
uidNumber: 1076
homeDirectory:: L2hvbWUvc2tkNjg0IA==
loginShell: /bin/bash
gidNumber: 1076
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-3439207220-2335887646-243107566-3152
sambaPrimaryGroupSID: S-1-5-21-3439207220-2335887646-243107566-3153
sn: Lastname
cn: Firstname Lastname
displayName: Firstname Lastname
givenName: Firstname
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaAcctFlags: [UX         ]
sambaPwdLastSet: 1429299642

2. Next, I tried using pdbedit to search for the user:

sudo pdbedit -L | grep userid

This yielded the following output:

init_sam_from_ldap: Entry found for user: userid
userid :4294967295:Firstname Lastname

I also tried pdbclient with verbose output enabled:

sudo pdbedit -L -v | grep userid

This resulted in the following output:

init_sam_from_ldap: Entry found for user: userid
Failed to find a Unix account for userid init_sam_from_ldap: Entry found
for user: otheruserid
Unix username:        userid
NT username:          userid
Home Directory:       \\files\userid
Profile Path:         \\files\userid \profile

3. I reset the user's password:

echo -e "password\npassword\n" | passwordsudo smbpasswd -s

Then I tried to connect to the Samba server as the user:

smbclient //fileserver/domain -U userid

Unfortunately I was unable to authenticate; I get the following error
message:

Domain=[domain] OS=[Unix] Server=[Samba 3.6.3]
tree connect failed: NT_STATUS_ACCESS_DENIED

4. I checked to see if there was in fact a Unix account for the user, and
there wasn't, so I added one, and set the UNIX password to match the
password set with smbpasswd. Then I tried again to connect to the Samba
server, but was still unable to connect.

Can anyone shed any light on this? Help!

Thanks in advance for your time and consideration.

Cheers,
Itamar

More information about the samba mailing list