abebe lsslp <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 28.07.2004 22:11
To: Samba Samba <[EMAIL PROTECTED]> cc: Subject: Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED >Back to the real deal... I have decided not to assume anything and to take it step by step :) Craig..I have >followed your advice and I am using 'people' instead of 'Computers'. OK, if you store Computers and Users in ou=People that's ok >NOTE: >- Have 'root= administrator' in /etc/samba/smbusers no remove it >- Have done the appropriate chages to the xp registery You do not need any modifications >[EMAIL PROTECTED] root]# smbldap-usershow administrator >dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu I think you use ou=People ?! >cn: Administrator >sn: Administrator >objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount >gidNumber: 512 >uid: Administrator >uidNumber: 0 >homeDirectory: /home/ >sambaLogonTime: 0 >sambaLogoffTime: 2147483647 >sambaKickoffTime: 2147483647 >sambaPwdCanChange: 0 >sambaHomePath: \\EAGLEX\homes >sambaHomeDrive: H: >sambaPrimaryGroupSID: S-1-5-21-3864350619-1217412381-2490860374-512 >sambaSID: S-1-5-21-3864350619-1217412381-2490860374-2996 >loginShell: /bin/false >gecos: Netbios Domain Administrator >sambaAcctFlags: [U] >sambaPwdMustChange: 1098811932 >sambaLMPassword: F70389E8F4B94063AAD3B435B51404EE >sambaPwdLastSet: 1091035932 >sambaNTPassword: 60BED106E19D7A3F919FA1919125FFBA >userPassword: {SSHA}3zMR3Ds/5knGujxtByOIYPjl0mVBhJgr >ERROR: (having trouble joining XP (xptest) to domain). >The following error occured attempting to join the domain "AGUILAS": >'Access is denied.' Error is shown in the LOG And here is part of the error message in 'xptest.log': >[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(219) >check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new >password interface >[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(222) >check_ntlm_password: mapped user is: [EMAIL PROTECTED] Here is the error. Remove usermapping in smbusers. Administrator should not be mapped to root !!! >[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) >push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2004/07/28 13:59:39, 3] smbd/uid.c:push_conn_ctx(364) >push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) >setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) >pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2004/07/28 13:59:39, 3] auth/auth_sam.c:check_sam_security(202) >check_sam_security: Couldn't find user 'root' in passdb file. >[2004/07/28 13:59:39, 3] auth/auth_winbind.c:check_winbind_security(80) >check_winbind_security: Not using winbind, requested domain [AGUILAS] was for this SAM. >[2004/07/28 13:59:39, 2] auth/auth.c:check_ntlm_password(312) >check_ntlm_password: Authentication for user [administrator] -> [root] FAILED with error NT_STATUS_NO_SUCH_USER >[2004/07/28 13:59:39, 3] smbd/sesssetup.c:do_map_to_guest(41) >No such user administrator [AGUILAS] - using guest account >QUESTION: >1) Do I have to add 'smbpasswd -a root' or 'smbpasswd -a administrator'? No. See comment in LOG >2) NT_STATUS_NO_SUCH_USER ? 'pdbedit -LV administrator' shows that the user exist Try 'smbclient -L [YOURHOST] -UAdministrator%password' where password is the the password you gave Administrator you can check if you can access shares on your samba >3) do 'root' and 'administrator' have to have the same password? No, Admnistrator only need to have the uid=0, and he has it. If you have 2 ou, one for Users and one for Computers then you need to have /etc/ldap.conf like as following. This is a must have when not using NIS !!!! # # This is the configuration file for the LDAP nameservice # switch library, the LDAP PAM module and the shadow package. # .....snip # RFC2307bis naming contexts # Syntax: # nss_base_XXX base?scope?filter # where scope is {base,one,sub} # and filter is a filter to be &'d with the # default filter. # You can omit the suffix eg: # nss_base_passwd ou=People, # to append the default base DN but this # may incur a small performance impact. #nss_base_passwd ou=People,dc=icw,dc=com?sub # uncomment when usin NIS #nss_base_shadow ou=People,dc=icw,dc=com?sub # uncomment when using NIS nss_base_group ou=Groups,dc=icw,dc=com?sub nss_base_hosts ou=Machines,dc=icw,dc=com?sub .... When any other Questions will come along, just mail me. Christian --------------------------------- Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba