yogi escreveu:
Hi all ,
I'm running Debian Etch . I just finished
configuring SAMBA
as PDC to authenticate against LDAP server which works.
The system in question uses default debian etch packages.
As My Linix/unix accounts can authenticate against it. The
LDAP works.
I Used the default shipped smbldap-populate script to
setup SAMBA.
Good, this is the reason that it is there :)
You will only not want to use if you have a reason, like it messing with
your already populated base.
Everything seems to work as Anonymous User or as
user root.
shark:/etc/samba# smbclient -L shark -N
Anonymous login successful
Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24]
Share name Type Comment
--------- ---- -------
netlogon Disk Network Logon Service
knoppix Disk
IPC$ IPC IPC Service (Samba Server
3.0.24)
Anonymous login successful
Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24]
Server Comment
--------- -------
SHARK Samba Server 3.0.24
Now when I try and login as normal user, which i have
enabled
with "smbldap-usermod -a yogesh"
smbldap-usershow yogesh
dn: uid=yogesh,ou=People,dc=biomax,dc=de
uid: yogesh
cn: yogesh
objectClass:
account,posixAccount,top,shadowAccount,sambaSamAccount
userPassword: {MD5}.SOMELONGHASH ....
shadowLastChange: 12900
shadowMax: 10000
loginShell: /bin/bash
uidNumber: 668
gidNumber: 100
homeDirectory: /sk-home/yogesh
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaSID: S-1-5-21-4033729970-1053622217-143831336-9886
sambaAcctFlags: [UX ]
-----
Now when I try and connect I get the following failure .
shark:/etc/samba# smbclient -L shark -U yogesh
session setup failed: NT_STATUS_LOGON_FAILURE
For me smbldap-usermod -a dont ask for a password, so your error appears
to be the right behavior of the server, when you try to access the samba
server with an account that have a posix password but don't have a samba
password.
If your posix password is hashed and it didn't asked for the password it
cannot guess it and fill the NT and LM samba hashes.
If you don't know, your account need to end up with three hashes for the
same password :)
After Digging thru the logs I figuered that if I enter
password using
"smbldap-password" . It works.
Ok, now you have defined your samba password, and it will be synced with
the posix one, and everyone will be happy.
Now my Stupid questions ?
I already have unix users working of LDAP, How can I
automate the addition of remaining accounts with SAMBA ?
Well, as already said your script cannot guess the content of a hash to
create another that samba needs (this is the purpose of hashes),
normally people add the samba part (with smbldap-usermod), change the
password to something else (with smbldap-passwd), mark the account to
only allow the login if the password is changed (with smbldap-usermod -B
1), then inform the user of the new password and ask to he to put his
password back when he tries to login and receive automatically a window
asking for that.
It will be a process very likely as adding a new user.
Also whenever a unix user changes passwd samba password is
not updated ?
Well, this is a little more complicated, depends of how and were they
are trying to do that, but normally posix tools don't know of the
existence of samba hashes, anyway its possible to do that too, but you
will need to be a little more specific. They are trying to do that using
their own workstations that have Linux or trying to do that accessing
the server shell?
Any pointers will be of great help.
Thanks in advace
yogesh
Appears that theres nothing wrong with your config, you just didn't
understood what you need to do.
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
