Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP

Thu, 11 Aug 2005 10:43:19 -0700 

Dear Horst,
as far as I understand from Chapter 5 in "Samba by example", users AND machines are treated the same way. Thats why JHT (by the way thanks to John for writing this chapter, otherwise I would not have gotten Samba + LDAP to work) is using in his smb.conf both for users AND machines 

/|ldap machine suffix = ou=People|//|
ldap user suffix = ou=People|/

In the IDEALX-tools you should correct also

computersdn="ou=People,${suffix}"



At least with my installation that's working. If you find a way that it 
works with ou=computers, please let me know.


Best

Joachim


Horst Simon wrote:


On Thu, 11 Aug 2005 10:35, Geoffrey Scott wrote:

 


Horst B. Simon wrote:

   


Hi All,

I have OX with Samba 3 and Ldap working fine, except that workstation
can not join the domain. When I try to join the domain I get
following error message: The following error occurred attempting to
join the domain. Can not find user name in Domain. But the user is
there and it creates the computer in ou=computers in ldap. All users
have no problems accessing the samba shares and using OX. Anyone in
this group has successful joined a computer into ldap with OX and
Samba3?

Regards,
Horst

     


Horst,
        Is the user either root account in LDAP or been given sepriveledges
as per chapter 5 of JHT example book?  Does your smb.conf point to the
correct part of ldap for your users?  Have nss and pam been configured
pointing correctly to where to the users are?  Is the user that you are
trying actually in that part of LDAP?  Eg.  You aren't trying to use:

cn=Manager,dc=hsimon,dc=com,dc=au

When your users are in :

ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au

Are you?

Cheers Geoff

   



Hi,

Following are part of slapd.conf, smb.conf and samba log for the client.
Maybe someone know what the log file output mean.

Regards,
Horst

in /etc/openldap/slapd.conf
suffix          "dc=hsc-consulting,dc=com,dc=au"
rootdn          "uid=mailadmin,dc=hsc-consulting,dc=com,dc=au"

in /etc/ldap.conf
host 127.0.0.1
base dc=hsc-consulting,dc=com,dc=au
ldap_version 3
binddn uid=mailadmin,dc=hsc-consulting,dc=com,dc=au
timelimit 50
bind_timelimit 50
bind_policy hard
nss_base_passwd ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
nss_base_shadow ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
nss_base_group  ou=Groups,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one

in smb.conf
       passdb backend = ldapsam:ldap://127.0.0.1/
       ldap admin dn = uid=mailadmin,dc=hsc-consulting,dc=com,dc=au
       ldap suffix = dc=hsc-consulting,dc=com,dc=au
       ldap group suffix = ou=Groups,ou=OxObjects
       ldap user suffix = ou=Users,ou=OxObjects
       ldap machine suffix = ou=Computers,ou=OxObjects
       ldap ssl = No
       add user script = /usr/local/sbin/smbldap-useradd -m "%u"
       add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
       add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

       add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" 
"%g"
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
       set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" 
"%u"

       enable privileges = yes
       domain master = yes
       domain logons = yes
       encrypt passwords = yes
       ldap passwd sync = Yes
       log level = 3
       syslog = 0
       log file = /var/log/samba/log.%m

part of client log
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219)

 check_ntlm_password:  Checking password for unmapped user 
[EMAIL PROTECTED] with the new password interface

[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222)
 check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866)
 ldap_connect_system: succesful connection to the LDAP server
 ldap_connect_system: LDAP server does support paged results
[2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
 init_sam_from_ldap: Entry found for user: root
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)

 get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-500]

[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)

 get_privileges: No privileges assigned to SID [S-1-5-2]  pop_sec_ctx (0, 0) 
- sec_ctx_stack_ndx = 1

[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)

 get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-500]

[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
 get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)

 get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-1001]

[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
 check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)

 check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded

[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
 NTLMSSP Sign/Seal - Initialising with flags:
[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
 Got NTLMSSP neg_flags=0x60088215
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
 User name: root       Real name: root
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
 UNIX uid 0 is UNIX user root, and will be vuid 100
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
 Adding homes service for user 'root' using home directory: '/root'
[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
 adding home's share [root] for user 'root' at '/root'
[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
 Transaction 3 of length 84
[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
 switch message SMBtconX (pid 7053) conn 0x0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
 get_privileges: No privileges assigned to SID [S-1-5-11]

[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)  pop_sec_ctx (0, 
0) - sec_ctx_stack_ndx = 1

[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)

 get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-500]

[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
 get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)

 get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-1001]

[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
 check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)

 check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded

[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
 NTLMSSP Sign/Seal - Initialising with flags:
[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
 Got NTLMSSP neg_flags=0x60088215
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
 User name: root       Real name: root
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
 UNIX uid 0 is UNIX user root, and will be vuid 100
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
 Adding homes service for user 'root' using home directory: '/root'
[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
 adding home's share [root] for user 'root' at '/root'
[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
 Transaction 3 of length 84
[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
 switch message SMBtconX (pid 7053) conn 0x0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0


 get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-1001]

[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
 check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)

 check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded

[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
 NTLMSSP Sign/Seal - Initialising with flags:
[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
 Got NTLMSSP neg_flags=0x60088215
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
 User name: root       Real name: root
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
 UNIX uid 0 is UNIX user root, and will be vuid 100
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
 Adding homes service for user 'root' using home directory: '/root'
[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
 adding home's share [root] for user 'root' at '/root'
[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
 Transaction 3 of length 84
[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
 switch message SMBtconX (pid 7053) conn 0x0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to