[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Alexander Harm || ApfelQ alexander.harm at apfelq.com
Fri Sep 23 10:46:24 UTC 2022 

No, winbind is not running.

#/etc/nsswitch.conf
passwd: files ldap
group: files ldap

> On Friday, Sep 23, 2022 at 12:39 PM, Rowland Penny via samba <samba at lists.samba.org (mailto:samba at lists.samba.org)> wrote:
>
>
> On 23/09/2022 11:31, Alexander Harm || ApfelQ via samba wrote:
> > I couldn’t help myself but dig some more. I compared the ldif as suggested and they are identical. From what I gather, the results that LDAP returns are fine but the process fails at a non-LDAP stage:
> >
> > The LDAP server is successfully connected
> > pdb backend ldapsam:ldap://ldap1.example.com has a valid init
> > smbldap_search_ext: base => [dc=example,dc=com], filter => [(&(uid=johndoe)(objectclass=sambaSamAccount))], scope => [2]
> > init_sam_from_ldap: Entry found for user: johndoe
> > pdb_set_username: setting username johndoe, was
> > pdb_set_domain: setting domain EXAMPLE, was
> > pdb_set_nt_username: setting nt username johndoe, was
> > pdb_set_user_sid_from_string: setting user sid S-1-5-21-1926693724-44905045-1282156110-25724
> > pdb_set_user_sid: setting user sid S-1-5-21-1926693724-44905045-1282156110-25724
> > attribute sambaLogonTime does not exist
> > attribute sambaLogoffTime does not exist
> > attribute sambaPwdCanChange does not exist
> > pdb_set_full_name: setting full name Doe, John, was
> > pdb_set_dir_drive: setting dir drive E:, was NULL
> > pdb_set_homedir: setting home dir \\univers\homes, was
> > pdb_set_logon_script: setting logon script johndoe, was
> > attribute sambaProfilePath does not exist
> > pdb_set_profile_path: setting profile path , was
> > attribute description does not exist
> > attribute sambaUserWorkstations does not exist
> > attribute sambaMungedDial does not exist
> > attribute sambaLMPassword does not exist
> > Opening cache file at /var/lib/samba/lock/gencache.tdb
> > attribute sambaBadPasswordCount does not exist
> > attribute sambaBadPasswordTime does not exist
> > attribute sambaLogonHours does not exist
> > Opening cache file at /var/lib/samba/login_cache.tdb
> > Looking up login cache for user johndoe
> > No cache entry found
> > No cache entry, bad count = 0, bad time = 0
> > Finding user johndoe
> > Trying _Get_Pwnam(), username as lowercase is johndoe
> > Trying _Get_Pwnam(), username as uppercase is JOHNDOE
> > Checking combinations of 0 uppercase letters in johndoe
> > Get_Pwnam_internals didn't find user [johndoe]!
> > Failed to find a Unix account for johndoe
> > pdb_set_username: setting username johndoe, was
> > pdb_set_domain: setting domain EXAMPLE, was
> > pdb_set_nt_username: setting nt username johndoe, was
> > pdb_set_full_name: setting full name Doe, John, was
> > pdb_set_homedir: setting home dir \\univers\homes, was
> > pdb_set_dir_drive: setting dir drive E:, was NULL
> > pdb_set_logon_script: setting logon script johndoe, was
> > pdb_set_profile_path: setting profile path , was
> > pdb_set_workstations: setting workstations , was
> > pdb_set_user_sid: setting user sid S-1-5-21-1926693724-44905045-1282156110-25724
> > pdb_set_user_sid_from_rid:
> > setting user sid S-1-5-21-1926693724-44905045-1282156110-25724 from rid 25724
> > Unix username: johndoe
> > NT username: johndoe
> > Account Flags: [U ]
> > User SID: S-1-5-21-1926693724-44905045-1282156110-25724
> > Finding user johndoe
> > Trying _Get_Pwnam(), username as lowercase is johndoe
> > Trying _Get_Pwnam(), username as uppercase is JOHNDOE
> > Checking combinations of 0 uppercase letters in johndoe
> > Get_Pwnam_internals didn't find user [johndoe]!
> > Failed to find a Unix account for johndoe
> >
> > So where the two differ are here:
> >
> > Finding user johndoe
> > Trying _Get_Pwnam(), username as lowercase is johndoe
> > Trying _Get_Pwnam(), username as uppercase is JOHNDOE
> > Checking combinations of 0 uppercase letters in johndoe
> > Get_Pwnam_internals didn't find user [johndoe]!
> > Failed to find a Unix account for johndoe
> >
> > and on the old server it just returns the user straight away. Is that a problem of PAM configuration?
>
> I take it that you are running winbind, but what is in /etc/nsswitch.conf ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list