[Samba] samba and openldap authentication issues! - Samba

This is a discussion on [Samba] samba and openldap authentication issues! - Samba ; Alight, I've been working on this for too many hours straight. Any help would be much appreciated! (I posted this online to linux questions, it could be easier to read on there... http://www.linuxquestions.org/questi...issues-637647/ ) The problem is users created in ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] samba and openldap authentication issues!

  1. [Samba] samba and openldap authentication issues!

    Alight, I've been working on this for too many hours straight. Any
    help would be much appreciated!

    (I posted this online to linux questions, it could be easier to read
    on there... http://www.linuxquestions.org/questi...issues-637647/)

    The problem is users created in smbldap-useradd can not login, unless
    they also are a local user. for example,

    kylec exists both locally and in smbldap-users, his smb passwd is
    differnt from his local passwd.


    Code: [root@beedril samba]# smbldap-userlist
    uid |username

    0 |root
    999 |nobody
    1000 |kylec
    1001 |test
    1002 |test1
    1003 |test2
    1004 |test3
    1005 |test4
    1006 |test5
    1007 |test6
    1008 |test7$
    1009 |test8$
    1010 |test9
    here is log output from samba when kylec connects



    Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec
    Password:
    Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4]
    smb: \> quit


    [2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
    init_sam_from_ldap: Entry found for user: kylec

    here is when a bad user trys to connect,



    Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3
    Password:
    session setup failed: NT_STATUS_LOGON_FAILURE

    [2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352)
    check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
    [2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80)
    check_winbind_security: Not using winbind, requested domain [WINIX]
    was for this SAM.
    [2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319)
    check_ntlm_password: Authentication for user [test3] -> [test3]
    FAILED with error NT_STATUS_NO_SUCH_USER
    [2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106)
    error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
    NT_STATUS_LOGON_FAILURE



    here is output from pbdedit -L



    Code: [root@beedril samba]# pdbedit -L
    map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory
    creating default valid table
    smbldap_search_domain_info: Searching
    for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
    smbldap_open_connection: connection opened
    smbldap_check_root_dse: Expected one rootDSE, got 0
    ldap_connect_system: succesful connection to the LDAP server
    smbldap_search_domain_info: Searching
    for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
    smbldap_open_connection: connection opened
    smbldap_check_root_dse: Expected one rootDSE, got 0
    ldap_connect_system: succesful connection to the LDAP server
    ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal
    init_sam_from_ldap: Entry found for user: root
    root:0:root
    init_sam_from_ldap: Entry found for user: nobody
    nobody:99:nobody
    init_sam_from_ldap: Entry found for user: kylec
    kylec:501:kylec
    init_sam_from_ldap: Entry found for user: test1
    test1:4294967295:test1
    init_sam_from_ldap: Entry found for user: test2
    test2:4294967295:test2
    init_sam_from_ldap: Entry found for user: test3
    test3:4294967295:test3
    init_sam_from_ldap: Entry found for user: test4
    test4:504:test4
    init_sam_from_ldap: Entry found for user: test5
    test5:4294967295:test5

    I think the problem has something to do with it not verifying that
    the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap
    working correctly (I believe).

    I can ldapsearch my ldap server, everything on that end seems to be
    working its just getting samba to authenticate against it! so again
    any help would be MUCH APPRECIATED!!!

    thanks guys!

    --
    Kyle Corupe

    Unix Administrator
    Corpedia Corporation
    Desk602)443-2148
    kcorupe@corpedia.com
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] samba and openldap authentication issues!

    Can you post a sanitized ldif of one of the user's ldap records? Do
    they have all the samba attributes?

    Kyle Corupe wrote:
    > Alight, I've been working on this for too many hours straight. Any
    > help would be much appreciated!
    >
    > (I posted this online to linux questions, it could be easier to read
    > on there... http://www.linuxquestions.org/questi...issues-637647/)
    >
    > The problem is users created in smbldap-useradd can not login, unless
    > they also are a local user. for example,
    >
    > kylec exists both locally and in smbldap-users, his smb passwd is
    > differnt from his local passwd.
    >
    >
    > Code: [root@beedril samba]# smbldap-userlist
    > uid |username
    >
    > 0 |root
    > 999 |nobody
    > 1000 |kylec
    > 1001 |test
    > 1002 |test1
    > 1003 |test2
    > 1004 |test3
    > 1005 |test4
    > 1006 |test5
    > 1007 |test6
    > 1008 |test7$
    > 1009 |test8$
    > 1010 |test9
    > here is log output from samba when kylec connects
    >
    >
    >
    > Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec
    > Password:
    > Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4]
    > smb: \> quit
    >
    >
    > [2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
    > init_sam_from_ldap: Entry found for user: kylec
    >
    > here is when a bad user trys to connect,
    >
    >
    >
    > Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3
    > Password:
    > session setup failed: NT_STATUS_LOGON_FAILURE
    >
    > [2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352)
    > check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
    > [2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80)
    > check_winbind_security: Not using winbind, requested domain [WINIX]
    > was for this SAM.
    > [2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319)
    > check_ntlm_password: Authentication for user [test3] -> [test3]
    > FAILED with error NT_STATUS_NO_SUCH_USER
    > [2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106)
    > error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
    > NT_STATUS_LOGON_FAILURE
    >
    >
    >
    > here is output from pbdedit -L
    >
    >
    >
    > Code: [root@beedril samba]# pdbedit -L
    > map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory
    > creating default valid table
    > smbldap_search_domain_info: Searching
    > for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
    > smbldap_open_connection: connection opened
    > smbldap_check_root_dse: Expected one rootDSE, got 0
    > ldap_connect_system: succesful connection to the LDAP server
    > smbldap_search_domain_info: Searching
    > for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
    > smbldap_open_connection: connection opened
    > smbldap_check_root_dse: Expected one rootDSE, got 0
    > ldap_connect_system: succesful connection to the LDAP server
    > ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal
    > init_sam_from_ldap: Entry found for user: root
    > root:0:root
    > init_sam_from_ldap: Entry found for user: nobody
    > nobody:99:nobody
    > init_sam_from_ldap: Entry found for user: kylec
    > kylec:501:kylec
    > init_sam_from_ldap: Entry found for user: test1
    > test1:4294967295:test1
    > init_sam_from_ldap: Entry found for user: test2
    > test2:4294967295:test2
    > init_sam_from_ldap: Entry found for user: test3
    > test3:4294967295:test3
    > init_sam_from_ldap: Entry found for user: test4
    > test4:504:test4
    > init_sam_from_ldap: Entry found for user: test5
    > test5:4294967295:test5
    >
    > I think the problem has something to do with it not verifying that
    > the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap
    > working correctly (I believe).
    >
    > I can ldapsearch my ldap server, everything on that end seems to be
    > working its just getting samba to authenticate against it! so again
    > any help would be MUCH APPRECIATED!!!
    >
    > thanks guys!
    >
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread