LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-07-2009, 07:17 AM   #1
niraj.kumar
LQ Newbie
 
Registered: Nov 2008
Posts: 27

Rep: Reputation: 15
Restricting anonymous user in smbopenldap


Hi,

I want to restrict anonymous user as well as others users to
see another profiles through phpldapadmin in slapd.conf file of
OpenLDAP but when i give the following parameter in slapd.conf

access to attrs=SambaLMPassword,SambaNTPassword
by self write
by dn="cn=Manager,dc=myenh,dc=com" write
by * none

access to *
by self read
by dn="cn=Manager,dc=myenh,dc=com" write
by dn="ou=Users,dc=myenh,dc=com" read
by anonymous auth

it's working fine but it's restrict
samba users to login on their domain controller or when i
run the command "smbclient -L \\localhost -Uniraj%niraj"
it's show "session setup failed: NT_STATUS_LOGON_FAILURE"
error

logs for the user niraj is given below :-

[2009/07/07 17:35:00, 2] lib/smbldap.c:smbldap_open_connection(786)
smbldap_open_connection: connection opened
[2009/07/07 17:35:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: niraj
[2009/07/07 17:35:00, 0] passdb/pdb_get_set.cdb_get_group_sid(211)
pdb_get_group_sid: Failed to find Unix account for niraj
[2009/07/07 17:35:00, 1] auth/auth_util.c:make_server_info_sam(566)
User niraj in passdb, but getpwnam() fails!
[2009/07/07 17:35:00, 0] auth/auth_sam.c:check_sam_security(352)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2009/07/07 17:35:00, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [niraj] -> [niraj] FAILED with error NT_STATUS_NO_SUCH_USER

but when i comment anonymous auth its allows to
loging on the domain controller. I want to do so because when the
network security team scan the LDAP server for the security purpose
using retina or any other scanner tools it shows security bleach by
showing all users infomation of the domain controller. I think the
network scanner tool login anonymously. so i want to restrict
anonymous login. Now i am wondering to search the solution but
yet did not get. So please help.....

Niraj Kumar
 
Old 07-08-2009, 05:06 AM   #2
Matey
Member
 
Registered: Jan 2009
Posts: 114

Rep: Reputation: 17
Sorry I cant help you because I am not into ldap stuff but reading the files I think there is a problem with group (may be public?) or may be the anonymous user is in the same group as you ? I do not know but this seems to be the main problem;

getpwnam() fails!

I googled that and got several pages such as this:

http://www.mail-archive.com/samba@li.../msg67481.html

I may be totally off? I dont know, hopefully you will get it solved.

Last edited by Matey; 07-08-2009 at 05:10 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need direction on restricting user accounts Blitzkreig75 Linux - Software 6 09-21-2007 01:46 PM
Suse 10.0 restricting were new user can go? nappy501 SUSE / openSUSE 1 06-21-2006 06:40 PM
restricting user access with ssh rob_xx17 Linux - Security 4 01-05-2006 06:22 PM
Restricting Anonymous FTP access? Comatose51 Linux - Networking 2 10-06-2003 04:17 PM
Restricting user login abbey_lincoln Linux - Security 1 03-26-2002 11:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration