[Samba] OpenLDAP and Samba configuration woes
Hello everyone, I am having an awful time getting Samba to authenticate against my LDAP database. I am presently receiving the following error when I attempt to run smbd: smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CENTOSTEST))] smbldap_search_ext: base => [dc=dresults,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=CENTOSTEST))], scope => [2] The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://192.168.1.37 smbldap_open_connection: connection opened fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb The full log can be viewed here: http://pastebin.com/i1up0AQS I have the secrets.tdb file showing what I think is correct for Samba, but I am not certain. Here's a tdbdump output: http://pastebin.com/2vBU7q6H I am running 389 Director Services which is a front end for a CentOS/Fedora openLDAP database. The user that is meant to be the querying/managing user by 389 is "directory manager". That user name was used by default when I ran "smbpasswd -w". The secrets.tdb file is located in /etc/samba/secrets.tdb My smb.conf appears as follows: http://pastebin.com/CLTiXvaX I am almost positive the problems I am having lie somewhere in the configuration file above, but I am not sure what it's supposed to look like. I have since given up on referring to the 389 documents, because I have found a lot of inconsistencies, which lead me to believe the docs are outdated. Lastly, here's my ldap.conf: http://pastebin.com/rU9cnXNh Now, I am presently able to authenticate against ldap with normal UNIX users. Getent passwd works fine, and I can use ldapsearch to check accounts. Someone please tell me what I am missing. I feel like I am really close to having this resolved, but I am not really sure where I have gone wrong. I have this funny feeling that there is a configuration issue. For the record, iptables is totally open, and selinux has been disabled. Thanks for reading! Joel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenLDAP and Samba - password expiration.
Julian Pilfold-Bagwell wrote: Hi all, I have a Samba PDC with an LDAP backend. Yesterday, I tried to add a new machine to the network and received the following message: The following error occurred attempting to join the domain: The password of this user has expired Not a problem I thought, and then ran smbldap-usermod -e "2010-12-30 00:00:00" root to extend the password date. If I now try to connect a machine with the root account I receive an error "user doesn't exist". If I go to a machine that's already connected to the network and log in as root it lets me in and I can see root's home directory and access the shares. I have the ldif file backed up so I can restore myself back to the initial state whenever I like. Any suggetions would be gratefully received regarding how I can get around this one. Thanks in advance, Jools Well...I have found that you must reset the password before you do the previous command. Of course I have not got the previous command to actually work. My passwords are still expiring every 30 days and I have to reset them all again. I am reading back through the archives to see if I can actually find an answer to stop the passwords from expiring. If anyone knows this right off hand, I would like to know what it is. Thanks. -- Scott Mayo Technology Coordinator Bloomfield Schools Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OpenLDAP and Samba - password expiration.
Hi all, I have a Samba PDC with an LDAP backend. Yesterday, I tried to add a new machine to the network and received the following message: The following error occurred attempting to join the domain: The password of this user has expired Not a problem I thought, and then ran smbldap-usermod -e "2010-12-30 00:00:00" root to extend the password date. If I now try to connect a machine with the root account I receive an error "user doesn't exist". If I go to a machine that's already connected to the network and log in as root it lets me in and I can see root's home directory and access the shares. I have the ldif file backed up so I can restore myself back to the initial state whenever I like. Any suggetions would be gratefully received regarding how I can get around this one. Thanks in advance, Jools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP and SAMBA
And as an aside - please accept my (and many others) heartfelt thanks for this wonderful book. I don't often wax lyrical but this is a lifesaver. Rgds Nigel. On Wed, 2005-11-16 at 02:19, John H Terpstra wrote: > In the first edition of "Samba-3 by Example" chapters 6 and 7 dealt with > Samba-3 plus LDAP. In the second editiona this is in chapters 5 and 6. > > The second edition also added section 5.1.3.7 which adds diagnostic guidance. > > The second edition is available from Amazon.Com - check ISBN: 013188221X, or > it can be downloaded from: > > http://www.samba.org/samba/docs/Samba3-ByExample.pdf > > The on-line version on Samba.Org is updated within 24 hours of any change or > update. > > - John T. -- Nigel Allen, Snr Consultant, ProSmart Consulting Australia 48 Tiarri Avenue, Terrey Hills, NSW 2084, Australia Tel: +61 2 9450 2690 Fax: +61 2 9450 2691 Mob: +61 4 1494 5269 http://www.prosmart.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP and SAMBA
I have done the similar in my company and had the same problem, I have now a centralized authentication of the linux local user, email and samba user. You need to check for the ACS's in the slapd.conf file first, making sure that every one has the full rights on their account in LDAP and the root or ldap admin has the full rights on all the records in the ldap. then make the changes in the nssswitch.conf file and then change the entries in the /etc/pam.d directory for samba & login & passwd files. this should solve your problem but when playing with pam.d directory, make sure you are logged in some other terminal as you may lock yourself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP and SAMBA
On Tuesday 15 November 2005 02:00, Tomasz Chmielewski wrote: > Miguel Lopez schrieb: > > Hi everybody! > > > > In my company, we want to migrate from Windows NT to a Linux PDC. I am > > responsible for the change so I am searching for the best solution. > > After some time surfnig in google, I decide to use a LDAP server for > > users maintenance and SAMBA as a file server. and PDC controller > > > > The first step was configure LDAP for autenticating linux users, which > > works fine. Then I configure SAMBA for file sharing using local > > autentication (ie against passwd file) and works fine too. My problem > > appears when i try to autenticate the SAMBA users against the LDAP > > > > I think the problem is getting the right pass or user or sthing similar. > > I will be very grateful if someone can help me. > > try reading and following Samba by Example, I think it was in the > chapter 6 where Samba + LDAP setup was explained in detail. In the first edition of "Samba-3 by Example" chapters 6 and 7 dealt with Samba-3 plus LDAP. In the second editiona this is in chapters 5 and 6. The second edition also added section 5.1.3.7 which adds diagnostic guidance. The second edition is available from Amazon.Com - check ISBN: 013188221X, or it can be downloaded from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf The on-line version on Samba.Org is updated within 24 hours of any change or update. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP and SAMBA
Miguel Lopez schrieb: Hi everybody! In my company, we want to migrate from Windows NT to a Linux PDC. I am responsible for the change so I am searching for the best solution. After some time surfnig in google, I decide to use a LDAP server for users maintenance and SAMBA as a file server. and PDC controller The first step was configure LDAP for autenticating linux users, which works fine. Then I configure SAMBA for file sharing using local autentication (ie against passwd file) and works fine too. My problem appears when i try to autenticate the SAMBA users against the LDAP I think the problem is getting the right pass or user or sthing similar. I will be very grateful if someone can help me. try reading and following Samba by Example, I think it was in the chapter 6 where Samba + LDAP setup was explained in detail. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OpenLDAP and SAMBA
Hi everybody! In my company, we want to migrate from Windows NT to a Linux PDC. I am responsible for the change so I am searching for the best solution. After some time surfnig in google, I decide to use a LDAP server for users maintenance and SAMBA as a file server. and PDC controller The first step was configure LDAP for autenticating linux users, which works fine. Then I configure SAMBA for file sharing using local autentication (ie against passwd file) and works fine too. My problem appears when i try to autenticate the SAMBA users against the LDAP I think the problem is getting the right pass or user or sthing similar. I will be very grateful if someone can help me. P.D. Sorry for my bad English. These are my *.conf files: --> SMB.CONF [global] workgroup = NT.DPT.ES server string = LDAP Samba load printers = yes guest account = nobody log file = /usr/local/samba/var/log.%m max log size = 50 encrypt passwords = yes passdb backend = tdbsam guest passdb backend = ldapsam:ldap://172.21.2.160 debug level = 20 LDAP## ldap admin dn = cn=administrador,dc=BECARIOS,dc=dpt,dc=es ldap ssl = off ldap delete dn = no ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldap suffix = dc=BECARIOS,dc=DPT,dc=ES security = user passwd program = smbldap-passwd -o %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [compartida] comment = Carpeta compartida path = /home/compartida browseable = yes public = yes guest ok = yes writable = yes encrypt passwords = true --> SLAPD.CONF include /usr/local/openldap-2.3.9/etc/openldap/schema/core.schema include /usr/local/openldap-2.3.9/etc/openldap/schema/cosine.schema include /usr/local/openldap-2.3.9/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap-2.3.9/etc/openldap/schema/nis.schema include /usr/local/openldap-2.3.9/etc/openldap/schema/samba.schema SLAPD_USER="slapd" SLAPD_GROUP="slapd" pidfile /usr/local/openldap-2.3.9/var/run/slapd.pid argsfile /usr/local/openldap-2.3.9/var/run/slapd.args access to * by self write by dn="cn=Administrador,dc=NT,dc=DPT,dc=ES" write by * read access to attr=sambaLMPassword,sambaNTPassword by dn="cn=Administrador,dc=BECARIOS,dc=DPT,dc=ES" write by * none access to attr=userpassword by self write by * read # BDB database definitions database ldbm suffix "dc=BECARIOS,dc=DPT,dc=ES" rootdn "cn=administrador,dc=BECARIOS,dc=DPT,dc=ES" rootpw admin directory /usr/local/openldap-2.3.9/var/openldap-data # Indices to maintain index objectClass eq index default sub index cn pres,sub,eq index sn pres,sub,eq index mail eq,subinitial index givenname eq,subinitial # Requerido para soportar pdb_getsampwnam index uid pres,sub,eq # Requerido para soportar pdb_getsambapwrid() index displayName pres,sub,eq # Descomente las siguientes líneas si está almacenando entradas # posixAccount y posixGroup en el directorio index uidNumber eq index gidNumber eq index memberUid eq # Samba 3.* index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq --> I get this error when i execute 'smbclient -d 488 172.21.2.160\\compartida -U juanma' from a client Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE write_socket(3,178) write_socket(3,178) wrote 178 got smb length of 258 size=258 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2715 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 156 (0x9C) smb_bcc=215 [000] A1 81 99 30 81 96 A0 03 0A 01 01 A1 0C 06 0A 2B ...0 ...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 80 04 7E 4E 54 .7.. .~NT [020] 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 00 LMSSP... ..0. [030] 00 00 15 02 8A 60 52 12 65 25 D7 4E 7D EA 00 00 .`R. e%.N}... [040] 00 00 00 00 00 00 48 00 48 00 36 00 00 00 31 00 ..H. H.6...1. [050] 37 00 32 00 02 00 06 00 31 00 37 00 32 00 01 00 7.2. 1.7.2... [060] 06 00 31 00 37 00 32 00 04 00 10 00 32 00 31 00 ..1.7.2. 2.1. [070] 2E 00 32 00 2E 00 31 00 36 00 30 00 03 00 18 00 ..2...1. 6.0. [080] 31 00 37 00 32 00 2E 00 32 00 31 00 2E 00 32 00 1.7.2... 2.1...2. [090] 2E 00 31 00 36 00 30 00 00 00 00 00 00 55 00 6E ..1.6.0. .U.n [0A0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0B0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 30 00 62 . .3...0 ...2.0.b [0C0] 00 00 00 4E 00 54 00 2E 00 44 00 50 00 54 00 2E ...N.T.. .D.P.T.. [0D0] 00 45 00 53 00 00 00 .E.S... size=258 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2715 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 156 (0x9C) smb_bcc=215 [000] A1 81 99 30 81 96 A