LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-24-2008, 07:51 PM   #1
kcorupe
Member
 
Registered: Nov 2004
Location: Arizona
Distribution: Arch
Posts: 107

Rep: Reputation: 15
samba and openldap authentication issues!


Alight, I've been working on this for too many hours straight. Any help would be much appreciated!

The problem is users created in smbldap-useradd can not login, unless they also are a local user. for example,


kylec exists both locally and in smbldap-users, his smb passwd is differnt from his local passwd.
Code:
[root@beedril samba]# smbldap-userlist
uid  |username             

   0 |root                 
 999 |nobody               
1000 |kylec                
1001 |test                 
1002 |test1                
1003 |test2                
1004 |test3                
1005 |test4                
1006 |test5                
1007 |test6                
1008 |test7$               
1009 |test8$               
1010 |test9
here is log output from samba when kylec connects

Code:
kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec
Password: 
Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4]
smb: \> quit


[2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
  init_sam_from_ldap: Entry found for user: kylec

here is when a bad user trys to connect,

Code:
kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3
Password: 
session setup failed: NT_STATUS_LOGON_FAILURE

[2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [WINIX] was for this SAM.
[2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [test3] -> [test3] FAILED with error NT_STATUS_NO_SUCH_USER
[2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE



here is output from pbdedit -L

Code:
[root@beedril samba]# pdbedit -L
map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory
creating default valid table
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
smbldap_open_connection: connection opened
smbldap_check_root_dse: Expected one rootDSE, got 0
ldap_connect_system: succesful connection to the LDAP server
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))]
smbldap_open_connection: connection opened
smbldap_check_root_dse: Expected one rootDSE, got 0
ldap_connect_system: succesful connection to the LDAP server
ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal
init_sam_from_ldap: Entry found for user: root
root:0:root
init_sam_from_ldap: Entry found for user: nobody
nobody:99:nobody
init_sam_from_ldap: Entry found for user: kylec
kylec:501:kylec
init_sam_from_ldap: Entry found for user: test1
test1:4294967295:test1
init_sam_from_ldap: Entry found for user: test2
test2:4294967295:test2
init_sam_from_ldap: Entry found for user: test3
test3:4294967295:test3
init_sam_from_ldap: Entry found for user: test4
test4:504:test4
init_sam_from_ldap: Entry found for user: test5
test5:4294967295:test5

I think the problem has something to do with it not verifying that the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap working correctly (I believe).

I can ldapsearch my ldap server, everything on that end seems to be working its just getting samba to authenticate against it! so again any help would be MUCH APPRECIATED!!!

thanks guys!
 
Old 04-24-2008, 07:57 PM   #2
kcorupe
Member
 
Registered: Nov 2004
Location: Arizona
Distribution: Arch
Posts: 107

Original Poster
Rep: Reputation: 15
sorry, I also see this when I run nscd -d

Code:
2410: handle_request: request received (Version = 2) from PID 2417
2410:   GETPWBYNAME (test3)
2410: Haven't found "test3" in password cache!
2410: handle_request: request received (Version = 2) from PID 2417
2410:   GETPWBYNAME (TEST3)
2410: Haven't found "TEST3" in password cache!
2410: remove GETPWBYNAME entry "TEST3"
2410: remove GETPWBYNAME entry "test3"
 
Old 04-24-2008, 08:14 PM   #3
kcorupe
Member
 
Registered: Nov 2004
Location: Arizona
Distribution: Arch
Posts: 107

Original Poster
Rep: Reputation: 15
[root@beedril etc]# authconfig --test
nss_ldap is enabled
LDAP+TLS is disabled
LDAP server = "ldap://*******.*******.*****/"
LDAP base DN = "dc=*******,dc=internal"
nss_nis is disabled
NIS server = ""
NIS domain = "*********.internal"
nss_nisplus is disabled
nss_winbind is disabled
SMB workgroup = ""
SMB servers = ""
SMB security = "user"
SMB realm = ""
Winbind template shell = "/bin/false"
SMB idmap uid = "16777216-33554431"
SMB idmap gid = "16777216-33554431"
nss_wins is disabled
pam_unix is always enabled
shadow passwords are enabled
md5 passwords are enabled
pam_ldap is enabled

LDAP+TLS is disabled
LDAP server = "ldap://********.******.internal/"
LDAP base DN = "dc=********,dc=internal"
pam_pkcs11 is disabled

use only smartcard for login is disabled
smartcard module = "None"
smartcard removal action = ""
pam_smb_auth is disabled
SMB workgroup = ""
SMB servers = ""
pam_winbind is disabled
SMB workgroup = ""
SMB servers = ""
SMB security = "user"
SMB realm = ""
pam_cracklib is enabled (try_first_pass retry=3)
pam_passwdqc is disabled ()
Always authorize local users is disabled ()
Authenticate system accounts against network services is disabled
 
0 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System Authentication using openldap jpsingh Linux - Server 4 12-19-2006 10:33 PM
regarding openldap authentication Bharatsoni Linux - Enterprise 0 08-16-2006 04:59 AM
openldap authentication sunhui Linux - Software 1 08-03-2006 09:09 PM
OpenLDAP Authentication error paul_mat Linux - Networking 1 07-18-2005 12:48 AM
Samba authentication issues: IP/Network name juiced Linux - Networking 5 07-12-2004 12:13 AM


All times are GMT -5. The time now is 11:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration