[Samba] user authentication issue

Harry Jede walk2sun at arcor.de
Mon Apr 20 07:23:37 MDT 2015 

On 15:14:40 wrote Itamar Gal:
> Hey Samba list,
> 
> First a brief comment regarding my background and situation. This is
> my first time posting to this list. I've been asked to resolve a
> Samba authentication issue, but I have next to no experience using
> Samba. Unfortunately no one else here knows how to use it either;
> we're operating with an inherited environment from a sysadmin who
> left minimal documentation, and we have limited human resources in
> the context of IT.
> 
> Now on to my problem! A user is unable to access a Samba share. My
> company has a web interface for adding new users, but apparently
> it's not doing the trick this time for some reason. That's all of
> the information I've been given, along with the user's UID.
> Preferring to work at the command line, I've tried the following
> (from the host running the Samba server):
> 
> 1. First I checked that the user has an entry in our LDAP server:
> 
> ldapsearch -h sambahost -x -LLL uid=userid
> 
> This returns an entry of the following form:
> 
> dn: uid=userid,ou=people,o=org
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaSamAccount
> uid:: c2tkNjg0IA==
> uidNumber: 1076
> homeDirectory:: L2hvbWUvc2tkNjg0IA==
> loginShell: /bin/bash
> gidNumber: 1076
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaSID: S-1-5-21-3439207220-2335887646-243107566-3152
> sambaPrimaryGroupSID: S-1-5-21-3439207220-2335887646-243107566-3153
> sn: Lastname
> cn: Firstname Lastname
> displayName: Firstname Lastname
> givenName: Firstname
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
>  00000000
> sambaAcctFlags: [UX         ]
> sambaPwdLastSet: 1429299642
> 
> 2. Next, I tried using pdbedit to search for the user:
> 
> sudo pdbedit -L | grep userid
> 
> This yielded the following output:
> 
> init_sam_from_ldap: Entry found for user: userid
> userid :4294967295:Firstname Lastname
> 
> I also tried pdbclient with verbose output enabled:
> 
> sudo pdbedit -L -v | grep userid
> 
> This resulted in the following output:
> 
> init_sam_from_ldap: Entry found for user: userid
> Failed to find a Unix account for userid init_sam_from_ldap: Entry
> found for user: otheruserid
> Unix username:        userid
> NT username:          userid
> Home Directory:       \\files\userid
> Profile Path:         \\files\userid \profile
> 
> 3. I reset the user's password:
> 
> echo -e "password\npassword\n" | passwordsudo smbpasswd -s
> 
> Then I tried to connect to the Samba server as the user:
> 
> smbclient //fileserver/domain -U userid
> 
> Unfortunately I was unable to authenticate; I get the following error
> message:
> 
> Domain=[domain] OS=[Unix] Server=[Samba 3.6.3]
> tree connect failed: NT_STATUS_ACCESS_DENIED
> 
> 4. I checked to see if there was in fact a Unix account for the user,
> and there wasn't, so I added one, and set the UNIX password to match
> the password set with smbpasswd. Then I tried again to connect to
> the Samba server, but was still unable to connect.
> 
> Can anyone shed any light on this? Help!
No problem

1. DO NOT CREATE USERS WITH A TRAILING SPACE !!!
2. Use the same name in DN and UID !!! 

dn: uid=userid,ou=people,o=org
uid:: c2tkNjg0IA==

uid here is base64 encoded, because of the trailing space.

# echo -n c2tkNjg0IA== |base64 -d
"skd684 "

The dn is build with "uid=userid", but
"uid=skd684 "

> 
> Thanks in advance for your time and consideration.
> 
> Cheers,
> Itamar


-- 

Regards
	Harry Jede

More information about the samba mailing list