Hi, did you try to do it with winbind, ldap-sam:trusted=yes ldapsam:editposix=yes
net sam provision ----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Wes Modes Gesendet: Dienstag, 12. Februar 2013 23:04 An: samba@lists.samba.org Betreff: [Samba] Samba3.5 + OpenLDAP config/install problem System Summary: centos 6.2 samba 3.5 smbldap-tools 0.9.6 openldap 2.4.23 Hello, I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. Currently, when I attempt to connect to an smb share with a valid ldap user and group on this host, I get "tree connect failed: NT_STATUS_ACCESS_DENIED" The LDAP server is currently serving as the directory server for the existing Samba3.0 server. I can connect to the identical share on that server as that user, so I know the user and group are okay. With log level 2, I get: [2013/02/11 17:11:00.701864, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2013/02/11 17:11:00.704794, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: wmodes [2013/02/11 17:11:00.735092, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [wmodes] -> [wmodes] -> [wmodes] succeeded [2013/02/11 17:11:00.735608, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2 [2013/02/11 17:11:00.736254, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2 [2013/02/11 17:11:00.740024, 2] lib/access.c:409(check_access) Allowed connection from ::ffff:128.114.163.34 (::ffff:128.114.163.34) [2013/02/11 17:11:00.741041, 2] lib/access.c:409(check_access) Allowed connection from ::ffff:128.114.163.34 (::ffff:128.114.163.34) [2013/02/11 17:11:00.742383, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 30001 [2013/02/11 17:11:00.743305, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 30034 [2013/02/11 17:11:00.744600, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1001 [2013/02/11 17:11:00.745181, 2] smbd/service.c:598(create_connection_server_info) user 'wmodes' (from session setup) not permitted to access this share (cns) [2013/02/11 17:11:00.745225, 1] smbd/service.c:678(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED It seems like I was auth'd okay, my group was okay, but still it failed. Here we are again at log level 3: [root@edgar2 samba]# tail -n 0 -f log.smbd 2013/02/11 17:40:43.096677, 3] smbd/sesssetup.c:1254(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2013/02/11 17:40:43.096780, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[wmodes] domain=[MYGROUP] workstation=[MONITOR] len1=24 len2=24 [2013/02/11 17:40:43.096974, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2013/02/11 17:40:43.099000, 3] lib/smbldap.c:1166(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2013/02/11 17:40:43.099455, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MYGROUP]\[wmodes]@[MONITOR] with the new password interface [2013/02/11 17:40:43.099475, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [MCHSTAFF]\[wmodes]@[MONITOR] [2013/02/11 17:40:43.100076, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: wmodes [2013/02/11 17:40:43.129095, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: sam authentication for user [wmodes] succeeded [2013/02/11 17:40:43.129173, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [wmodes] -> [wmodes] -> [wmodes] succeeded [2013/02/11 17:40:43.129785, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2 [2013/02/11 17:40:43.130779, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2 [2013/02/11 17:40:43.133151, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-62278] [2013/02/11 17:40:43.133176, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61151] [2013/02/11 17:40:43.133200, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/02/11 17:40:43.133219, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2013/02/11 17:40:43.133239, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2642364908-3785178431-1037763545-3003] [2013/02/11 17:40:43.133259, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2642364908-3785178431-1037763545-61003] [2013/02/11 17:40:43.133279, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-509675986-796770002-1500055658-61055] [2013/02/11 17:40:43.133299, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61137] [2013/02/11 17:40:43.133320, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61139] [2013/02/11 17:40:43.133354, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61141] [2013/02/11 17:40:43.133382, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61143] [2013/02/11 17:40:43.133404, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61171] [2013/02/11 17:40:43.133424, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2154974163-3334587364-3558233830-61277] [2013/02/11 17:40:43.135112, 3] smbd/password.c:282(register_existing_vuid) register_existing_vuid: User name: wmodes Real name: Wes Modes [2013/02/11 17:40:43.135129, 3] smbd/password.c:292(register_existing_vuid) register_existing_vuid: UNIX uid 502 is UNIX user wmodes, and will be vuid 100 [2013/02/11 17:40:43.135202, 3] smbd/password.c:223(register_homes_share) Adding homes service for user 'wmodes' using home directory: '/home/wmodes' [2013/02/11 17:40:43.135254, 3] param/loadparm.c:6290(lp_add_home) adding home's share [wmodes] for user 'wmodes' at '/data/home/%S' [2013/02/11 17:40:43.135644, 3] lib/access.c:365(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (127.) [2013/02/11 17:40:43.135683, 3] lib/access.c:399(check_access) check_access: hostnames in host allow/deny list. [2013/02/11 17:40:43.135779, 2] lib/access.c:409(check_access) Allowed connection from ::ffff:128.114.163.34 (::ffff:128.114.163.34) [2013/02/11 17:40:43.136056, 3] smbd/service.c:807(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/02/11 17:40:43.136462, 3] smbd/service.c:1070(make_connection_snum) monitor (::ffff:128.114.163.34) connect to service IPC$ initially as user wmodes (uid=502, gid=503) (pid 14343) [2013/02/11 17:40:43.136899, 3] smbd/msdfs.c:840(get_referred_path) get_referred_path: |cns| in dfs path \edgar2\cns is not a dfs root. [2013/02/11 17:40:43.136922, 3] smbd/error.c:80(error_packet_set) error packet at smbd/trans2.c(8056) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2013/02/11 17:40:43.137259, 3] smbd/service.c:1251(close_cnum) monitor (::ffff:128.114.163.34) closed connection to service IPC$ [2013/02/11 17:40:43.137277, 3] smbd/connection.c:31(yield_connection) Yielding connection to IPC$ [2013/02/11 17:40:43.137619, 3] lib/access.c:365(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (127.) [2013/02/11 17:40:43.137638, 3] lib/access.c:399(check_access) check_access: hostnames in host allow/deny list. [2013/02/11 17:40:43.137673, 2] lib/access.c:409(check_access) Allowed connection from ::ffff:128.114.163.34 (::ffff:128.114.163.34) [2013/02/11 17:40:43.137788, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @cns does not start with 'S-'. [2013/02/11 17:40:43.139344, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 30001 [2013/02/11 17:40:43.139894, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @cns-read does not start with 'S-'. [2013/02/11 17:40:43.141015, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 30034 [2013/02/11 17:40:43.141528, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @admin does not start with 'S-'. [2013/02/11 17:40:43.142516, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1001 [2013/02/11 17:40:43.143057, 2] smbd/service.c:598(create_connection_server_info) user 'wmodes' (from session setup) not permitted to access this share (cns) [2013/02/11 17:40:43.143087, 1] smbd/service.c:678(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2013/02/11 17:40:43.143105, 3] smbd/error.c:80(error_packet_set) error packet at smbd/reply.c(795) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2013/02/11 17:40:43.143414, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2013/02/11 17:40:43.143470, 3] smbd/server.c:924(exit_server_common) Server exit (failed to receive smb request) Any clues as to what my problem here is? Wes -- Wes Modes Systems Designer, Developer, and Administrator University Library ITS University of California, Santa Cruz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba