On Jul 14, 2011, at 2:52 PM, Gaiseric Vandal wrote: > On 07/14/2011 04:31 PM, Ben Sigman wrote: >> >> On Jul 14, 2011, at 7:13 AM, Gaiseric Vandal wrote: >> >>> On 07/14/2011 01:21 AM, Ben Sigman wrote: >>>> After upgrading to 3.4.0, I can no longer add new users. Any users that >>>> were added beforehand work fine. Any users that I attempt to create cannot >>>> login (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user >>>> account to work (see below), but I cannot add any new users. >>>> >>>> The server is Ubuntu 9.10 running Samba 3.4.0. >>>> >>>> I am using: >>>> >>>> security = user >>>> pam password change = yes >>>> >>>> Updating passwords for existing users using passwd successfully updates on >>>> smbpass (auth.log): >>>> >>>> Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok): >>>> password for (smbuser/1001) changed by (root/0) >>>> >>>> ...And authentication over smb works (auth.log): >>>> >>>> Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session opened >>>> for user ben by (uid=0) >>>> >>>> ...In samba.log: >>>> >>>> [2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok) >>>> sam_account_ok: Checking SMB password for user smbuser >>>> [2011/07/13 21:42:53, 5] auth/auth.c:297(check_ntlm_password) >>>> check_ntlm_password: PAM Account for user [ben] succeeded >>>> >>>> However, if I do: >>>> >>>> smbpasswd -x user >>>> Failed to find entry for user smbuser. >>>> >>>> If I add a new user using: >>>> >>>> useradd newuser >>>> passwd newuser >>>> smbpasswd -a newuser >>>> >>>> This appears in auth.log: >>>> Jul 13 21:20:07 server passwd[3033]: pam_smbpass(passwd:chauthtok): Failed >>>> to find entry for user newuser. >>>> >>>> And if I attempt to authenticate (samba.log): >>>> >>>> [2011/07/13 21:50:11, 3] auth/auth_sam.c:282(check_sam_security) >>>> check_sam_security: Couldn't find user 'newuser' in passdb. >>>> [2011/07/13 21:50:11, 5] auth/auth.c:274(check_ntlm_password) >>>> check_ntlm_password: sam authentication for user [newuser] FAILED with >>>> error NT_STATUS_NO_SUCH_USER >>>> [2011/07/13 21:50:11, 2] auth/auth.c:320(check_ntlm_password) >>>> check_ntlm_password: Authentication for user [newuser] -> [newuser] >>>> FAILED with error NT_STATUS_NO_SUCH_USER >>>> >>>> Now... Here's where it gets interesting. At this point, I converted my >>>> smbpasswd containing newuser to tdb...: >>>> pdbedit -i smbpasswd -e tdbsam >>>> ...the account newuser now authenticate over SMB. However, adding any >>>> other new users is still not working. >>>> >>>> I have attempted to repeat the steps described above for adding a user and >>>> then converting smbpasswd to tdb again, but to no avail. >>>> >>>> I have not defined passdb backend in smb.conf. >>>> >>>> Anyone know what could be causing this? >>>> >>>> >>> Did you check the output of "testparm -v" to make sure the password backend >>> and password file is where you expect it to be? >>> >>> Did you try adding a user with "pdbedit" instead? >>> >>> Can you type "which smbpasswd" "which pdbedit" etc - I suspect you are >>> using "smbpasswd" command from the "old" version of samba. >>> >> >> Thanks for the reply. You're right, the documentation I had read said that >> smbpasswd would work with the new tdb backend. Can I not use it? >> >> For now, here are the outputs you requested: >> >> From testparm: >> >> passdb backend = tdbsam >> idmap backend = tdb >> idmap alloc backend = >> >> >> From which: >> >> /usr/bin/pdbedit >> /usr/bin/smbpasswd >> >> >> Maybe this will help, smbuser is a new user on my system who cannot >> authenticate over SMB. When I try to use smbpasswd -a -D10 smbuser I get an >> error in the middle of the output that says: >> >> Get_Pwnam_internals did find user [smbuser]! >> >> Here is the full output: >> >> [root@server:/]# smbpasswd -a -D10 smbuser >> >> (07-14 13:26) >> Netbios name list:- >> my_netbios_names[0]="SERVER" >> Attempting to register passdb backend ldapsam >> Successfully added passdb backend 'ldapsam' >> Attempting to register passdb backend ldapsam_compat >> Successfully added passdb backend 'ldapsam_compat' >> Attempting to register passdb backend NDS_ldapsam >> Successfully added passdb backend 'NDS_ldapsam' >> Attempting to register passdb backend NDS_ldapsam_compat >> Successfully added passdb backend 'NDS_ldapsam_compat' >> Attempting to register passdb backend smbpasswd >> Successfully added passdb backend 'smbpasswd' >> Attempting to register passdb backend tdbsam >> Successfully added passdb backend 'tdbsam' >> Attempting to register passdb backend wbc_sam >> Successfully added passdb backend 'wbc_sam' >> Attempting to find a passdb backend to match tdbsam (tdbsam) >> Found pdb backend tdbsam >> pdb backend tdbsam has a valid init >> New SMB password: >> Retype new SMB password: >> tdbsam_open: successfully opened /etc/samba/passdb.tdb >> pdb_set_username: setting username smbuser, was >> pdb_set_domain: setting domain SERVER, was >> pdb_set_nt_username: setting nt username , was >> pdb_set_full_name: setting full name , was >> pdb_set_homedir: setting home dir \\server\homes\%u, was >> pdb_set_dir_drive: setting dir drive m:, was NULL >> Finding user smbuser >> Trying _Get_Pwnam(), username as lowercase is smbuser >> Get_Pwnam_internals did find user [smbuser]! >> pdb_set_logon_script: setting logon script users.bat, was >> pdb_set_profile_path: setting profile path \\server\profiles\%u, was >> pdb_set_workstations: setting workstations , was >> account_policy_get: name: password history, val: 0 >> pdb_set_user_sid: setting user sid >> S-1-5-21-115255976-287349760-2125325791-1011 >> pdb_set_user_sid_from_rid: >> >> >> setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from rid 1011 >> account_policy_get: name: maximum password age, val: -1 >> Finding user smbuser >> Trying _Get_Pwnam(), username as lowercase is smbuser >> Get_Pwnam_internals did find user [smbuser]! >> account_policy_get: name: password history, val: 0 >> pdb_set_username: setting username smbuser, was >> pdb_set_domain: setting domain SERVER, was >> pdb_set_nt_username: setting nt username , was >> pdb_set_full_name: setting full name , was >> pdb_set_homedir: setting home dir \\server\homes\%u, was >> pdb_set_dir_drive: setting dir drive m:, was NULL >> Finding user smbuser >> Trying _Get_Pwnam(), username as lowercase is smbuser >> Get_Pwnam_internals did find user [smbuser]! >> pdb_set_logon_script: setting logon script users.bat, was >> pdb_set_profile_path: setting profile path \\server\profiles\%u, was >> pdb_set_workstations: setting workstations , was >> account_policy_get: name: password history, val: 0 >> pdb_set_user_sid: setting user sid >> S-1-5-21-115255976-287349760-2125325791-1011 >> pdb_set_user_sid_from_rid: >> >> >> setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from rid 1011 >> account_policy_get: name: password history, val: 0 >> pdb_set_username: setting username smbuser, was >> pdb_set_domain: setting domain SERVER, was >> pdb_set_nt_username: setting nt username , was >> pdb_set_full_name: setting full name , was >> pdb_set_homedir: setting home dir \\server\homes\%u, was >> pdb_set_dir_drive: setting dir drive m:, was NULL >> Finding user smbuser >> Trying _Get_Pwnam(), username as lowercase is smbuser >> Get_Pwnam_internals did find user [smbuser]! >> pdb_set_logon_script: setting logon script users.bat, was >> pdb_set_profile_path: setting profile path \\server\profiles\%u, was >> pdb_set_workstations: setting workstations , was >> account_policy_get: name: password history, val: 0 >> pdb_set_user_sid: setting user sid >> S-1-5-21-115255976-287349760-2125325791-1011 >> pdb_set_user_sid_from_rid: >> >> >> setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from rid 1011 >> account_policy_get: name: maximum password age, val: -1 >> account_policy_get: name: password history, val: 0 >> Storing account smbuser with RID 1011 >> Locking key 555345525F736D627573 >> Allocated locked data 0x0x28ea050 >> Unlocking key 555345525F736D627573 >> tdb_update_sam: Updating key for RID 1011 >> Locking key 5249445F303030303033 >> Allocated locked data 0x0x28e6ad0 >> Unlocking key 5249445F303030303033 >> > > "testparm -v" should verify that samba is also using "/etc/samba/passdb.tdb" > for the password file. You can use "tdbdump" to view the contents of that > file. > > Did you create the unix user first? Does that user exist in /etc/passwd? > (assuming you are not using winbind to automatically create unix uid's in an > idmap tbd file.) Does "getent passwd" show the unix user? >
You might be on to something! testparm -v|grep pass: encrypt passwords = Yes null passwords = No password server = * smb passwd file = /etc/samba/smbpasswd passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd '%u' passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n passwd chat debug = Yes passwd chat timeout = 120 check password script = password level = 20 unix password sync = Yes machine password timeout = 120 ldap passwd sync = no passdb expand explicit = No tdbdump of passdb contains the user: key(13) = "USER_smbuser\00" data(186) = "\00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\007Q\1FN\00\00\00\00\FF\FF\FF\7F\08\00\00\00smbuser\00\07\00\00\00SERVER\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\01\00\00\00\00\F3\03\00\00\01\02\00\00\00\00\00\00\10\00\00\00- \D2R\A4y\F4\85\CD\F5\E1q\D99\85\BF\00\00\00\00\10\00\00\00\A8\00\15\00\00\00 \00\00\00\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EC\04\00\00" } { key(13) = "INFO/version\00" data(4) = "\04\00\00\00" } { key(13) = "RID_000003f3\00" data(8) = "smbuser\00" } Yes, the user is in /etc/passwd and I do add linux user first getent passwd shows: smbuser:x:1020:100::/home/smbuser:/bin/sh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba