Judging from these lines in the log.smbd file: | [2005/09/01 01:00:02, 4] lib/smbldap.c:smbldap_open(869) | The LDAP server is succesfully connected | [2005/09/01 01:00:02, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335) | ldapsam_getsampwnam: Unable to locate user [] count=0
and the detailed output from ldap log file: | Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=2 SRCH | base="dc=labs,dc=ntrg,dc=com" scope=2 deref=0 | filter="(&(?=undefined)(objectClass=sambaSamAccount))" it would indeed appear that the "(?=undefined)" LDAP search filter is being generated by pdb_ldap.c but a grep through that file doesn't return any obvious hits Anybody got any suggestions here? On 9/1/2005 1:18 AM, Eric A. Hall wrote: > I'm running the samba-3.0.20-0.1 SUSE RPM. I was using the > version that came with 9.3 but upgraded to see if this specific > problem would go away. > > Guest access does not appear to be working correctly, and it looks > like the problem is due to guest not getting mapped into the LDAP > query correctly. > > Specifically, I can login with local account, join workstation to the > domain, browse shares, and everything else that requires > authentication, but cannot login to domain nor browse the domain in > explorer or anything else that requires guest access. > > Looking at the smbd log with loglevel 4 shows: > > [2005/09/01 01:00:02, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) > Got user=[] domain=[] workstation=[RHINO-VM-PC-1] len1=1 len2=0 > [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/09/01 01:00:02, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/09/01 01:00:02, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [EMAIL PROTECTED] with the new password interface > [2005/09/01 01:00:02, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/09/01 01:00:02, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/09/01 01:00:02, 2] lib/smbldap.c:smbldap_open_connection(630) > smbldap_open_connection: connection opened > [2005/09/01 01:00:02, 3] lib/smbldap.c:smbldap_connect_system(805) > ldap_connect_system: succesful connection to the LDAP server > [2005/09/01 01:00:02, 4] lib/smbldap.c:smbldap_open(869) > The LDAP server is succesfully connected > [2005/09/01 01:00:02, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335) > ldapsam_getsampwnam: Unable to locate user [] count=0 > [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/09/01 01:00:02, 3] auth/auth_sam.c:check_sam_security(260) > check_sam_security: Couldn't find user '' in passdb. > [2005/09/01 01:00:02, 2] auth/auth.c:check_ntlm_password(317) > check_ntlm_password: Authentication for user [] -> [] FAILED with > error NT_STATUS_NO_SUCH_USER > > Looking in the slapd log with loglevel 256 shows: > > Sep 1 01:00:02 rhino slapd[8360]: conn=123 fd=28 ACCEPT from > IP=207.65.71.3:55418 (IP=0.0.0.0:389) > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=0 BIND > dn="***hidden***" method=128 > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=0 BIND > dn="uid=root,ou=Users,dc=labs,dc=ntrg,dc=com" mech=SIMPLE ssf=0 > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=0 RESULT tag=97 err=0 > text= > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=1 SRCH base="" scope=0 > deref=0 filter="(objectClass=*)" > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=1 SRCH > attr=supportedControl > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=1 SEARCH RESULT tag=101 > err=0 nentries=1 text= > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=2 SRCH > base="dc=labs,dc=ntrg,dc=com" scope=2 deref=0 > filter="(&(?=undefined)(objectClass=sambaSamAccount))" > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=2 SRCH attr=uid > uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange > sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn > displayName sambaHomeDrive sambaHomePath sambaLogonScript > sambaProfilePath description sambaUserWorkstations sambaSID > sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName > objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount > sambaBadPasswordTime sambaPasswordHistory modifyTimestamp > sambaLogonHours modifyTimestamp > Sep 1 01:00:02 rhino slapd[8360]: conn=123 op=2 SEARCH RESULT tag=101 > err=0 nentries=0 text= > Sep 1 01:00:13 rhino slapd[8360]: conn=123 fd=28 closed > > It looks like "filter="(&(?=undefined)(objectClass=sambaSamAccount))"" > produces zero responses (as would be expected), which is resulting in > the "Unable to locate user [] count=0" SMB error. > > smb.conf has "guest account = guest" > > The output for "pdbedit --user=guest --verbose" is: > > Unix username: guest > NT username: guest > Account Flags: [U ] > User SID: S-1-5-21-284210356-3264030311-3336521042-501 > Primary Group SID: S-1-5-21-284210356-3264030311-3336521042-514 > Full Name: Unknown or guest user > Home Directory: \\rhino\guest\.9xprofile > HomeDir Drive: P: > Logon Script: logon.cmd > Profile Path: \\rhino\profiles\.msprofile > Domain: LABS > Account desc: Unknown or guest user > Workstations: > Munged dial: > Logon time: 0 > Logoff time: Mon, 18 Jan 2038 22:14:07 GMT > Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT > Password last set: Wed, 31 Aug 2005 22:44:22 GMT > Password can change: Wed, 31 Aug 2005 22:44:22 GMT > Password must change: Mon, 18 Jan 2038 22:14:07 GMT > Last bad password : 0 > Bad password count : 0 > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > The guest account is defined, is valid, and has a password. > > I'm pretty sure the whole problem here is with the malformed LDAP > lookup but I could be wrong. > > Anybody got any ideas or suggestions here? > > Thanks > > > -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
