[Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
Hello all, I'm following this guide: https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html in attempts to have a SAMBA server with freeipa as the back-end authentication method. My problem is that the command: ipa config-mod --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount fails with the message: ipa: ERROR: objectclass top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount not found. Using the web GUI I was able to add this field but it doesn't dynamically add it to my existing users and so I get errors such as: [2016/03/18 10:20:21.052605, 3] ../source3/lib/smbldap.c:579(smbldap_start_tls) StartTLS issued: using a TLS connection [2016/03/18 10:20:21.052661, 2] ../source3/lib/smbldap.c:794(smbldap_open_connection) smbldap_open_connection: connection opened [2016/03/18 10:20:21.055250, 3] ../source3/lib/smbldap.c:1013(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2016/03/18 10:20:21.056774, 4] ../source3/passdb/pdb_ldap.c:1496(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0 [2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:400(check_sam_security) check_sam_security: Couldn't find user 'jgoddard' in passdb. [2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) check_ntlm_password: sam authentication for user [jgoddard] FAILED with error NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard] FAILED with error NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.056972, 2] ../auth/gensec/spnego.c:746(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.057837, 3] ../source3/smbd/server_exit.c:249(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) When trying to authenticate to my share. The search from the samba server: ldapsearch -LLL -x -h id-management-1.internal.emerlyn.com uid=jgoddard does not return a value for sambaSAMAccount either. Can anyone provide me a pointer or documentation on where I'm going wrong? Thanks, Jeff -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
On Fri, Mar 18, 2016 at 12:08:04PM -0400, Jeff Goddard wrote:
> Found the syntax error. Apparently the DN is:
> dn:cn=ipaconfig,cn=etc,dc=internal,dc=emerlyn,dc=com rather than
> dn:cn=etc,cn=ipaconfig,dc=internal,dc=emerlyn,dc=com
>
>
>
> On Fri, Mar 18, 2016 at 11:35 AM, Christopher Lamb <
> christopher.l...@ch.ibm.com> wrote:
>
> > Hi Jeff
> >
> > When I last integrated FreeIPA and Samba I used ldapmodify to successfully
> > add sambaSAMAccount and sambaGroupMapping.
> >
> >
> > ldapmodify -Y GSSAPI < > dn: cn=etc,cn=ipaconfig,dc=my,dc=silly,dc=example,dc=com
> > changetype: modify
> > add: ipaUserObjectClasses
> > ipaUserObjectClasses: sambaSAMAccount
> > -
> > add: ipaGroupObjectClasses
> > ipaGroupObjectClasses: sambaGroupMapping
> > EOF
> >
> > Note, also there is a notorious spelling mistake under Point 5 of the
> > Fedora instructions you are following
> >
> > cosAttribute: sambaGrouptType
> >
> > should be:
> >
> > cosAttribute: sambaGroupType
> >
> > i.e. sambaGroupType has only one "T".
> >
> > Chris
> >
> > [image: Inactive hide details for Jeff Goddard ---18.03.2016
> > 16:11:10---Hello all, I'm following this guide:]Jeff Goddard
> > ---18.03.2016 16:11:10---Hello all, I'm following this guide:
> >
> > From: Jeff Goddard
> > To: freeipa-users@redhat.com
> > Date: 18.03.2016 16:11
> > Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
> > Sent by: freeipa-users-boun...@redhat.com
> > --
> >
> >
> >
> >
> > Hello all,
> >
> > I'm following this guide:
> > *https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html*
> > <https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html>
> > in attempts to have a SAMBA server with freeipa as the back-end
> > authentication method. My problem is that the command: ipa config-mod
> > --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount
--userobjectclasses only expects on argument, but the option can be used
multiple times. If you use bash you can use the brace expansion to make
this easier:
ipa config-mod
--userobjectclasses={top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount}
(please note no spaces are allowed between the braces}
As a general remark, you can find out about the real attribute names and
the DN by using the --all and --raw options:
ipa config-show --all --raw
HTH
bye,
Sumit
> > fails with the message: ipa: ERROR: objectclass
> > top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount
> > not found.
> >
> > Using the web GUI I was able to add this field but it doesn't dynamically
> > add it to my existing users and so I get errors such as:
> >
> > [2016/03/18 10:20:21.052605, 3]
> > ../source3/lib/smbldap.c:579(smbldap_start_tls)
> > StartTLS issued: using a TLS connection
> > [2016/03/18 10:20:21.052661, 2]
> > ../source3/lib/smbldap.c:794(smbldap_open_connection)
> > smbldap_open_connection: connection opened
> > [2016/03/18 10:20:21.055250, 3]
> > ../source3/lib/smbldap.c:1013(smbldap_connect_system)
> > ldap_connect_system: successful connection to the LDAP server
> > [2016/03/18 10:20:21.056774, 4]
> > ../source3/passdb/pdb_ldap.c:1496(ldapsam_getsampwnam)
> > ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0
> > [2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/check_samsec.c:400(check_sam_security)
> > check_sam_security: Couldn't find user 'jgoddard' in passdb.
> > [2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
> > check_ntlm_password: sam authentication for user [jgoddard] FAILED with
> > error NT_STATUS_NO_SUCH_USER
> > [2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
> > check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard]
> > FAILED with error NT_STATUS_NO_SUCH_USER
> > [2016/03/18 10:20:21.056972, 2]
> > ../auth/gensec/spnego.c:746(gensec_spnego_server_negTokenTarg)
> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER
&
Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
Christopher, Thank you for the response. IT seems my syntax is still not correct. HEre is the command and output I received: [root@id-management-1 ~]# ldapmodify -Y GSSAPI < wrote: > Hi Jeff > > When I last integrated FreeIPA and Samba I used ldapmodify to successfully > add sambaSAMAccount and sambaGroupMapping. > > > ldapmodify -Y GSSAPI < dn: cn=etc,cn=ipaconfig,dc=my,dc=silly,dc=example,dc=com > changetype: modify > add: ipaUserObjectClasses > ipaUserObjectClasses: sambaSAMAccount > - > add: ipaGroupObjectClasses > ipaGroupObjectClasses: sambaGroupMapping > EOF > > Note, also there is a notorious spelling mistake under Point 5 of the > Fedora instructions you are following > > cosAttribute: sambaGrouptType > > should be: > > cosAttribute: sambaGroupType > > i.e. sambaGroupType has only one "T". > > Chris > > [image: Inactive hide details for Jeff Goddard ---18.03.2016 > 16:11:10---Hello all, I'm following this guide:]Jeff Goddard > ---18.03.2016 16:11:10---Hello all, I'm following this guide: > > From: Jeff Goddard > To: freeipa-users@redhat.com > Date: 18.03.2016 16:11 > Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount > Sent by: freeipa-users-boun...@redhat.com > -- > > > > > Hello all, > > I'm following this guide: > *https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html* > <https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html> > in attempts to have a SAMBA server with freeipa as the back-end > authentication method. My problem is that the command: ipa config-mod > --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount > fails with the message: ipa: ERROR: objectclass > top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount > not found. > > Using the web GUI I was able to add this field but it doesn't dynamically > add it to my existing users and so I get errors such as: > > [2016/03/18 10:20:21.052605, 3] > ../source3/lib/smbldap.c:579(smbldap_start_tls) > StartTLS issued: using a TLS connection > [2016/03/18 10:20:21.052661, 2] > ../source3/lib/smbldap.c:794(smbldap_open_connection) > smbldap_open_connection: connection opened > [2016/03/18 10:20:21.055250, 3] > ../source3/lib/smbldap.c:1013(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > [2016/03/18 10:20:21.056774, 4] > ../source3/passdb/pdb_ldap.c:1496(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0 > [2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/check_samsec.c:400(check_sam_security) > check_sam_security: Couldn't find user 'jgoddard' in passdb. > [2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) > check_ntlm_password: sam authentication for user [jgoddard] FAILED with > error NT_STATUS_NO_SUCH_USER > [2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard] > FAILED with error NT_STATUS_NO_SUCH_USER > [2016/03/18 10:20:21.056972, 2] > ../auth/gensec/spnego.c:746(gensec_spnego_server_negTokenTarg) > SPNEGO login failed: NT_STATUS_NO_SUCH_USER > [2016/03/18 10:20:21.057837, 3] > ../source3/smbd/server_exit.c:249(exit_server_common) > Server exit (NT_STATUS_CONNECTION_RESET) > > When trying to authenticate to my share. > > The search from the samba server: ldapsearch -LLL -x -h > *id-management-1.internal.emerlyn.com* > <http://id-management-1.internal.emerlyn.com/> uid=jgoddard > does not return a value for sambaSAMAccount either. Can anyone provide me > a pointer or documentation on where I'm going wrong? > > Thanks, > > Jeff-- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
Hi Jeff When I last integrated FreeIPA and Samba I used ldapmodify to successfully add sambaSAMAccount and sambaGroupMapping. ldapmodify -Y GSSAPI < To: freeipa-users@redhat.com Date: 18.03.2016 16:11 Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount Sent by:freeipa-users-boun...@redhat.com Hello all, I'm following this guide: https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html in attempts to have a SAMBA server with freeipa as the back-end authentication method. My problem is that the command: ipa config-mod --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount fails with the message: ipa: ERROR: objectclass top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount not found. Using the web GUI I was able to add this field but it doesn't dynamically add it to my existing users and so I get errors such as: [2016/03/18 10:20:21.052605, 3] ../source3/lib/smbldap.c:579 (smbldap_start_tls) StartTLS issued: using a TLS connection [2016/03/18 10:20:21.052661, 2] ../source3/lib/smbldap.c:794 (smbldap_open_connection) smbldap_open_connection: connection opened [2016/03/18 10:20:21.055250, 3] ../source3/lib/smbldap.c:1013 (smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2016/03/18 10:20:21.056774, 4] ../source3/passdb/pdb_ldap.c:1496 (ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0 [2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:400(check_sam_security) check_sam_security: Couldn't find user 'jgoddard' in passdb. [2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) check_ntlm_password: sam authentication for user [jgoddard] FAILED with error NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard] FAILED with error NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.056972, 2] ../auth/gensec/spnego.c:746 (gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.057837, 3] ../source3/smbd/server_exit.c:249 (exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) When trying to authenticate to my share. The search from the samba server: ldapsearch -LLL -x -h id-management-1.internal.emerlyn.com uid=jgoddard does not return a value for sambaSAMAccount either. Can anyone provide me a pointer or documentation on where I'm going wrong? Thanks, Jeff-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
Found the syntax error. Apparently the DN is: dn:cn=ipaconfig,cn=etc,dc=internal,dc=emerlyn,dc=com rather than dn:cn=etc,cn=ipaconfig,dc=internal,dc=emerlyn,dc=com On Fri, Mar 18, 2016 at 11:35 AM, Christopher Lamb < christopher.l...@ch.ibm.com> wrote: > Hi Jeff > > When I last integrated FreeIPA and Samba I used ldapmodify to successfully > add sambaSAMAccount and sambaGroupMapping. > > > ldapmodify -Y GSSAPI < dn: cn=etc,cn=ipaconfig,dc=my,dc=silly,dc=example,dc=com > changetype: modify > add: ipaUserObjectClasses > ipaUserObjectClasses: sambaSAMAccount > - > add: ipaGroupObjectClasses > ipaGroupObjectClasses: sambaGroupMapping > EOF > > Note, also there is a notorious spelling mistake under Point 5 of the > Fedora instructions you are following > > cosAttribute: sambaGrouptType > > should be: > > cosAttribute: sambaGroupType > > i.e. sambaGroupType has only one "T". > > Chris > > [image: Inactive hide details for Jeff Goddard ---18.03.2016 > 16:11:10---Hello all, I'm following this guide:]Jeff Goddard > ---18.03.2016 16:11:10---Hello all, I'm following this guide: > > From: Jeff Goddard > To: freeipa-users@redhat.com > Date: 18.03.2016 16:11 > Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount > Sent by: freeipa-users-boun...@redhat.com > -- > > > > > Hello all, > > I'm following this guide: > *https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html* > <https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html> > in attempts to have a SAMBA server with freeipa as the back-end > authentication method. My problem is that the command: ipa config-mod > --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount > fails with the message: ipa: ERROR: objectclass > top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount > not found. > > Using the web GUI I was able to add this field but it doesn't dynamically > add it to my existing users and so I get errors such as: > > [2016/03/18 10:20:21.052605, 3] > ../source3/lib/smbldap.c:579(smbldap_start_tls) > StartTLS issued: using a TLS connection > [2016/03/18 10:20:21.052661, 2] > ../source3/lib/smbldap.c:794(smbldap_open_connection) > smbldap_open_connection: connection opened > [2016/03/18 10:20:21.055250, 3] > ../source3/lib/smbldap.c:1013(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > [2016/03/18 10:20:21.056774, 4] > ../source3/passdb/pdb_ldap.c:1496(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0 > [2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/check_samsec.c:400(check_sam_security) > check_sam_security: Couldn't find user 'jgoddard' in passdb. > [2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) > check_ntlm_password: sam authentication for user [jgoddard] FAILED with > error NT_STATUS_NO_SUCH_USER > [2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard] > FAILED with error NT_STATUS_NO_SUCH_USER > [2016/03/18 10:20:21.056972, 2] > ../auth/gensec/spnego.c:746(gensec_spnego_server_negTokenTarg) > SPNEGO login failed: NT_STATUS_NO_SUCH_USER > [2016/03/18 10:20:21.057837, 3] > ../source3/smbd/server_exit.c:249(exit_server_common) > Server exit (NT_STATUS_CONNECTION_RESET) > > When trying to authenticate to my share. > > The search from the samba server: ldapsearch -LLL -x -h > *id-management-1.internal.emerlyn.com* > <http://id-management-1.internal.emerlyn.com/> uid=jgoddard > does not return a value for sambaSAMAccount either. Can anyone provide me > a pointer or documentation on where I'm going wrong? > > Thanks, > > Jeff-- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
Hi Jeff
As far as I can see, your command looks ok (though I don't know what your
dn should look like).
Did you run the "kinit admin" command before?
When I was doing the Samba + FreeIPA integration I found using an LDAP
browser (Apache Directory Studio) very useful to visualise the LDAP
"tree" (and even if required to manually edit objects )
Chris
From: Jeff Goddard
To: Christopher Lamb/Switzerland/IBM@IBMCH
Cc: freeipa-users@redhat.com
Date: 18.03.2016 16:43
Subject: Re: [Freeipa-users] Trouble creating userobjectlass
sambaSAMAccount
Christopher,
Thank you for the response. IT seems my syntax is still not correct. HEre
is the command and output I received:
[root@id-management-1 ~]# ldapmodify -Y GSSAPI < wrote:
Hi Jeff
When I last integrated FreeIPA and Samba I used ldapmodify to
successfully add sambaSAMAccount and sambaGroupMapping.
ldapmodify -Y GSSAPI <
To: freeipa-users@redhat.com
Date: 18.03.2016 16:11
Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
Sent by: freeipa-users-boun...@redhat.com
Hello all,
I'm following this guide:
https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html
in attempts to have a SAMBA server with freeipa as the back-end
authentication method. My problem is that the command: ipa config-mod
--userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount
fails with the message: ipa: ERROR: objectclass
top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount
not found.
Using the web GUI I was able to add this field but it doesn't dynamically
add it to my existing users and so I get errors such as:
[2016/03/18 10:20:21.052605, 3] ../source3/lib/smbldap.c:579
(smbldap_start_tls)
StartTLS issued: using a TLS connection
[2016/03/18 10:20:21.052661, 2] ../source3/lib/smbldap.c:794
(smbldap_open_connection)
smbldap_open_connection: connection opened
[2016/03/18 10:20:21.055250, 3] ../source3/lib/smbldap.c:1013
(smbldap_connect_system)
ldap_connect_system: successful connection to the LDAP server
[2016/03/18 10:20:21.056774, 4] ../source3/passdb/pdb_ldap.c:1496
(ldapsam_getsampwnam)
ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0
[2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/check_samsec.c:400(check_sam_security)
check_sam_security: Couldn't find user 'jgoddard' in passdb.
[2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [jgoddard] FAILED with
error NT_STATUS_NO_SUCH_USER
[2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard]
FAILED with error NT_STATUS_NO_SUCH_USER
[2016/03/18 10:20:21.056972, 2] ../auth/gensec/spnego.c:746
(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2016/03/18 10:20:21.057837, 3] ../source3/smbd/server_exit.c:249
(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
When trying to authenticate to my share.
The search from the samba server: ldapsearch -LLL -x -h
id-management-1.internal.emerlyn.com uid=jgoddard
does not return a value for sambaSAMAccount either. Can anyone provide
me a pointer or documentation on where I'm going wrong?
Thanks,
Jeff--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
