You are not logged in.
Hi.
I want to get samba authorizing from openldap server. I red a lot of tutorials about that. They all say almost the same thing, but I am unable to get the server running. I think that the problem is in mu user record. When I start the slapd and samba demon in debugging mode, I can see that the samba server is connecting to the ldap server and it is searching for the data, but still, the users are not able to authorize. That is a part of the log that I got:
pdb_update_autolock_flag: Account linux not autolocked, no check needed
ntlm_password_check: Checking NT MD4 password
sam_account_ok: Checking SMB password for user linux
logon_hours_ok: user linux allowed to logon at this time (Wed Oct 1 10:49:47 2008
)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
User linux in passdb, but getpwnam() fails!
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
check_ntlm_password: sam authentication for user [linux] FAILED with error NT_STATUS_NO_SUCH_USER
check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
check_ntlm_password: winbind had nothing to say
check_ntlm_password: Authentication for user [linux] -> [linux] FAILED with error NT_STATUS_NO_SUCH_USER
attempting to free (and zero) a user_info structure
structure was created for linux
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
I have the user and I thing that the samba server is finding the user, but I am missing something from the attributes. When I try to log in using nautilus, and I write a wrong password, that is what I got:
init_ldap_from_sam: Setting entry for user: linux
ldapsam_update_sam_account: mods is empty: nothing to update for user: linux
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
check_ntlm_password: sam authentication for user [linux] FAILED with error NT_STATUS_WRONG_PASSWORD
check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
check_ntlm_password: winbind had nothing to say
check_ntlm_password: Authentication for user [linux] -> [linux] FAILED with error NT_STATUS_WRONG_PASSWORD
attempting to free (and zero) a user_info structure
structure was created for linux
This an export of an user of mine:
dn: uid=linux, ou=people, dc=sepbulgaria
sambaLMPassword: 50831B500C427533AAD3B435B51404EE
sambaPrimaryGroupSID: S-1-5-21-2228765767-1095968239-4226493662-513
displayName: linux
givenName: linux
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
shadowLastChange: 14153
userPassword:: e1NTSEF9SzZlRWdYdng0dEdlN0Nwdit1VmNkN3RhQUNOeFdubGo=
sambaLogonTime: 0
uid: linux
uidNumber: 1003
cn: linux
sambaLogoffTime: 2147483647
sambaPwdLastSet: 1222857216
sambaAcctFlags: [u]
loginShell: /bin/bash
sambaProfilePath: \\\profiles\linux
gidNumber: 513
shadowMax: 45
sambaPwdMustChange: 1226745216
sambaNTPassword: F0873F3268072C7B1150B15670291137
sambaPwdCanChange: 0
gecos: System User
sambaSID: S-1-5-21-2228765767-1095968239-4226493662-3006
homeDirectory: /home/linux
sambaKickoffTime: 2147483647
sn: linux
sambaHomePath: \\\linux
and this is how I create a group:
# Common Group
dn: cn=samba,ou=groups,dc=sepbulgaria
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: samba
sambaSID: S-1-5-21-2228765767-1095968239-4226493662-513
sambaGroupType: 2
displayName: Domain Users
description: Domain User
What am I missing? Can someone of you export an user and group and show it to me. I can provide more information if you need.
Thank you.
Last edited by Gruntz (2008-10-03 12:43:49)
Offline
Hi
I solved the problem. I forgot to set up pam.d and nss files. Samba need them to be set, to use ldap (I think that way because now it is working).
Regards
Offline