I'm running openldap and samba3.0.1 from my debian system, but I have used many many hours trying to get samba to validate users on the ldap... And is now turning to the last resort ...
This is my configuration
__________________________________________________ the important lines in smb.conf looks like this... --------------------------------------------------
[global] workgroup = SKOLE passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=login ldap machine suffix = ou=machines ldap user suffix = ou=people ldap group suffix = ou=groups ldap admin dn = "cn=admin,dc=login" netbios name = thePri load printers = no security = user encrypt passwords = true socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 40 domain master = yes preferred master = yes domain logons = yes wins support = yes dns proxy = no ___________________________ slapd.conf look like this: ---------------------------
allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/samba.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd.args loglevel 256 modulepath /usr/lib/ldap moduleload back_ldbm database ldbm suffix "dc=login" rootdn "cn=admin,dc=login" rootpw <MyPaSsWoRd> directory "/var/lib/ldap" index objectClass,uid,uidNumber,gidNumber,memberUid eq lastmod on
access to attribute=userPassword by dn="cn=admin,dc=login" write by anonymous auth by self write by * none
access to dn.base="" by * read
access to * by dn="cn=admin,dc=login" write by * read _____________________________ /etc/ldap.conf ----------------------------- HOST 127.0.0.1 BASE dc=login _____________________________________________
the samba.schema is copyed from the samba 3.0.1 source (/examples/LDAP/samba.schema) and the ldap is populated with the polulate tool from smb-tools, and i can see the ldap tree is working with lam(lam.sf.net), and create new users from here... a pdbedit -L revels the users as well....
the populate tool creates an Administrator, and when I do "smbpasswd Administrator" it looks like it succeed, the values in sambaNTPassword changes anyway...
THE PROBLEM:
I use the two cases to show my problem, one case with correct passw, and one with wrong passwd.
[EMAIL PROTECTED]:~$ smbclient -L localhost -U Administrator
Password: (CORRECT PASSWORD)
session setup failed: NT_STATUS_LOGON_FAILURE
________________________________
The log for the above looks like this
---------------------------------
Feb 14 21:04:54 compaq slapd[3739]: conn=8 op=2 SRCH base="dc=login" scope=2 filter="(&(uid=Administrator)(objectClass=sambaSamAccount))"
Feb 14 21:04:54 compaq slapd[3739]: conn=8 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Feb 14 21:04:54 compaq slapd[3739]: conn=8 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 14 21:04:54 compaq smbd[3754]: [2004/02/14 21:04:54, 0] auth/auth_sam.c:check_sam_security(221)
Feb 14 21:04:54 compaq smbd[3754]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
Feb 14 21:04:54 compaq slapd[3737]: conn=8 fd=9 closed ---------------------------------------------------------------------------------------------
[EMAIL PROTECTED]:~$ smbclient -L localhost -U Administrator
Password: (WRONG PASSWORD)
session setup failed: NT_STATUS_LOGON_FAILURE
_______________________________________
The log for the above looks like this
---------------------------------------
Feb 14 21:20:56 compaq slapd[3739]: conn=9 op=2 SRCH base="dc=login" scope=2 filter="(&(uid=Administrator)(objectClass=sambaSamAccount))"
Feb 14 21:20:56 compaq slapd[3739]: conn=9 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Feb 14 21:20:56 compaq slapd[3739]: conn=9 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 14 21:20:56 compaq slapd[3737]: conn=9 fd=9 closed ---------------------------------------------------------------------------------
So, it seems that the samba-backend recognizes the Administrator, with the correct password, but still throws a NT_STATUS_NO_SUCH_USER
I susepect it has something to do with the unix-user sync, but i have no idea, at the moment how to deal with this problem!
In the future i would like to sync the samba-user with the unix-user, but there is still a LOONG way into the XP-pile before that problem has priority....
I sure could use some help!
Thanx /torben
------------------------------------------ The following is just a snip from a ldap search ------------------------------- cn: Administrator sn: Administrator objectclass: inetOrgPerson gidnumber: 512 uid: Administrator uidnumber: 998 homedirectory: HOMEPREFIX sambalogontime: 0 sambalogofftime: 2147483647 sambakickofftime: 2147483647 sambahomepath: \\PDCNAME\homes sambahomedrive: HOMEDRIVE sambaprofilepath: \\PDCNAME\profiles\ sambaprimarygroupsid: S-1-5-21-53176251-1034743845-4114978061-512 sambaacctflags: [U ] sambasid: S-1-5-21-53176251-1034743845-4114978061-2996 loginshell: /bin/false gecos: Netbios Domain Administrator sambapwdcanchange: 1076792501 sambapwdmustchange: 1078606901 sambalmpassword: 598DDCE2660D3193AAD3B435B51404EE sambantpassword: 2D20D252A479F485CDF5E171D93985BF sambapwdlastset: 1076792501 cn: nobody sn: nobody
objectclass: inetOrgPerson gidnumber: 514 uid: nobody uidnumber: 999 homedirectory: /dev/null sambapwdlastset: 0 sambalogontime: 0 sambalogofftime: 2147483647 sambakickofftime: 2147483647 sambapwdcanchange: 0 sambapwdmustchange: 2147483647 sambahomepath: \\PDCNAME\homes sambahomedrive: HOMEDRIVE sambaprofilepath: \\PDCNAME\profiles\ sambaprimarygroupsid: S-1-5-21-53176251-1034743845-4114978061-514 sambalmpassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambantpassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaacctflags: [NU ] sambasid: S-1-5-21-53176251-1034743845-4114978061-2998 loginshell: /bin/false
objectclass: posixGroup gidnumber: 512 cn: Domain Admins memberuid: Administrator description: Netbios Domain Administrators sambasid: S-1-5-21-53176251-1034743845-4114978061-512 sambagrouptype: 2 displayname: Domain Admins
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba