Adam Gritt
2005-Jun-22 02:13 UTC
[Samba] Problem Connecting from Windows to Samba-OpenLDAP PDC
Every time I try to add a pc to the domain I get the response that it
is an un-recognized user name. I have followed the instructions
located here:
http://samba.idealx.org/smbldap-howto.en.html
and am setting it up on a copy of Fedora Core 4 using the default
installed packages and versions. I am also unable to complete step
4.5 in the guide to test out the setup because it gives me the
following error:
[root@Fedora4 namedb]# ssh testuser1@xxx.xxx.xxx
testuser1@xxx.xxx.xxx's password:
Permission denied, please try again.
testuser1@xxx.xxx.xxxs password:
Permission denied, please try again.
testuser1@xxx.xxx.xxx's password:
Permission denied (publickey,gssapi-with-mic,password).
I have made sure that the user directory does in fact exist and has
permissions on it because I know that ssh can fail if there is no user
directory. I have pasted in my configuration files as well. I am
only working on it in a test environment so I don't care about any
passwords that may appear. I have included all the configuration
files for Samba, Ldap, Nss, System Auth, and the DNS information.
Following that will be some of the log entries. I hope this should
provide enough information as to what is going on so I can get the
most help possible. And thanks for any help that people can provide
into this.
====== NAMED.CONF ========//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/etc/namedb";
dump-file "/var/cache_dump.db";
statistics-file "/var/run/named.stats";
pid-file "/var/run/named.pid";
allow-query { 10.0.0.0/24; localhost; };
allow-recursion { 10.0.0.0/24; localhost; };
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
zone "mtgmilw.biz" {
type master;
notify no;
file "pz/mtgmilw.biz";
allow-query { any; };
};
zone "0.0.10.in-addr.arpa" {
type master;
notify no;
file "pz/10.0.0";
allow-query { any; };
};
include "/etc/rndc.key";
================================ 10.0.0 ================$TTL 3D
@ IN SOA ns.mtgmilw.biz. hostmaster.mtgmilw.biz. (
200506192 ; Serial, todays date + todays serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ) ; Minimum TTL
NS ns.mtgmilw.biz
1 PTR gw.mtgmilw.biz.
2 PTR ns.mtgmilw.biz.
3 PTR ftp.mtgmilw.biz.
4 PTR pdc-srv.mtgmilw.biz.
=========================================127.0.0===============$TTL 3D
@ IN SOA ns.mtgmilw.biz. hostmaster.mtgmilw.biz. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.mtgmilw.biz.
1 PTR localhost.
=======================================mtgmilw.biz===========;
; Zone file for mtgmilw.biz
;
; the full zone file
;
$TTL 3D
@ IN SOA ns.mtgmilw.biz. hostmaster.mtgmilw.biz. (
200506191 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
NS ns ; Inet Address of name server
;
localhost A 127.0.0.1
;
gw A 10.0.0.1
TXT "The router"
;
ns A 10.0.0.75
www CNAME ns
;
ftp A 10.0.0.75
;
pdc-srv A 10.0.0.75
TXT "Domain Controller"
=====================================SYSTEM-AUTH=======#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
============================================NSSWITCH.CONF==========#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries
you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
====================================== SLAPD.CONF ========#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
#allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
#modulepath /usr/sbin/openldap
#moduleload back_bdb.la
#moduleload back_ldap.la
#moduleload back_ldbm.la
#moduleload back_passwd.la
#moduleload back_shell.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing
permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
directory /var/lib/ldap
suffix dc=mtgmilw,dc=biz
rootdn "cn=Manager,dc=mtgmilw,dc=biz"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {MD5}z6esruJ0bazhCUSsbfqPnw=
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
# Indices to maintain for this database
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
# users can authenticate and change their password
access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=nssldap,ou=DSA,dc=mtgmilw,dc=biz" write
by self write
by anonymous auth
by * none
# some attributes need to be readable anonymously so that 'id user'
can answer correctly
access to
attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by * read
# somme attributes can be writable by users themselves
access to
attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by self write
by * read
# some attributes need to be writable for samba
access to
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by self read
by * none
# samba need to be able to create the samba domain account
access to dn.base="dc=mtgmilw,dc=biz"
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by * none
# samba need to be able to create new users account
access to dn="ou=Users,dc=mtgmilw,dc=biz"
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by * none
# samba need to be able to create new groups account
access to dn="ou=Groups,dc=mtgmilw,dc=biz"
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by * none
# samba need to be able to create new computers account
access to dn="ou=Computers,dc=mtgmilw,dc=biz"
by dn="cn=samba,ou=DSA,dc=mtgmilw,dc=biz" write
by dn="cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz" write
by * none
# this can be omitted but we leave it: there could be other branch
# in the directory
access to *
by self read
by * none
=================================LDAP.CONF========# @(#)$Id: ldap.conf,v 1.34
2004/09/16 23:32:02 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
#host 10.0.0.75
# The distinguished name of the search base.
base dc=mtgmilw,dc=biz
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=nssldap,ou=DSA,dc=mtgmilw,dc=biz
# The port.
# Optional: default is 389.
#port 389
# The search scope.
#scope sub
#scope one
#scope base
# Search timelimit
#timelimit 30
# Bind/connect timelimit
#bind_timelimit 30
# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.
#bind_policy hard
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
# Filter to AND with uid=%s
#pam_filter objectclass=account
# The user ID attribute (defaults to uid)
#pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
# Group member attribute
#pam_member_attribute uniquemember
# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# If you are using XAD, you can set pam_password
# to racf, ad, or exop. Make sure that you have
# SSL enabled.
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds
# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change
your password.
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=Users,dc=mtgmilw,dc=biz?one
nss_base_passwd ou=Computers,dc=mtgmilw,dc=biz?one
nss_base_shadow ou=Users,dc=mtgmilw,dc=biz?one
nss_base_group ou=Groups,dc=mtgmilw,dc=biz?one
#nss_base_hosts ou=Hosts,dc=example,dc=com?one
#nss_base_services ou=Services,dc=example,dc=com?one
#nss_base_networks ou=Networks,dc=example,dc=com?one
#nss_base_protocols ou=Protocols,dc=example,dc=com?one
#nss_base_rpc ou=Rpc,dc=example,dc=com?one
#nss_base_ethers ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=example,dc=com?one
#nss_base_aliases ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member
# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
#pam_filter objectclass=User
#pam_password ad
# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
#pam_password ad
# configure --enable-authpassword is no longer supported
# AuthPassword mappings
#nss_map_attribute userPassword authPassword
# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear
# Netscape SDK LDAPS
#ssl on
# Netscape SDK SSL options
#sslpath /etc/ssl/certs/cert7.db
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
#ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
#tls_checkpeer yes
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5
ssl no
#tls_cacertdir /etc/openldap/cacerts
pam_password md5
tls_cacertdir /etc/openldap/cacerts
#debug 256
#logdir /data/logs
===================================SMB.CONF======# This is the main Samba
configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings
====================================[global]
preserve case = yes
obey pam restrictions = No
enable privileges = yes
delete user from group script /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
time server = Yes
show add printer wizard = yes
nt acl support = No
netbios name = PDC-SRV
ldap passwd sync = Yes
printing = cups
logon script = logon.bat
min passwd length = 8
dos charset = 850
workgroup = MTGMILW.BIZ
os level = 33
ldap admin dn = cn=Manager,dc=mtgmilw,dc=biz
printcap name = cups
security = user
short preserve case = yes
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
max log size = 100000
log level = 5
log file = /var/log/samba/log.%m
load printers = yes
guest account = nobody
ldap user suffix = ou=Users
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
mangling method = hash2
logon drive = H:
deadtime = 10
create mask = 0640
domain master = yes
username map = /etc/samba/smbusers
interfaces = 10.0.0.75
map to guest = Bad User
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1/
logon home printer admin = @"Print Operators"
case sensitive = no
wins support = yes
ldap delete dn = Yes
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
server string = Samba Server %v
ldap suffix = dc=mtgmilw,dc=biz
logon path add user script = /usr/local/sbin/smbldap-useradd -m
"%u"
directory mask = 0750
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
syslog = 0
ldap idmap suffix = ou=Users
preferred master = Yes
unix charset = ISO8859-1
domain logons = Yes
ldap ssl = no
[homes]
comment = Home Directories
browseable = no
read only = No
create mask = 0644
directory mask = 0775
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
; comment = Network Logon Service
path = /home/netlogon
browseable = No
read only = yes
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /home/profiles
browseable = no
guest ok = yes
read only = no
create mask = 0600
directory mask = 0700
profile acls = yes
csc policy = disable
force user = %U
valid users = %U @"Domain Admins"
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = Network Printers
printer admin = @"Print Operators"
path = /home/spool/
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = no
printable = yes
read only = yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
[print$]
path = /home/printers
guest ok = No
browseable = yes
read only = yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
[public]
comment = Public Stuff
path = /home/public
browseable = yes
guest ok = yes
directory mask = 0775
create mask = 0664
read only = no
=======================================SMBLDAP-DSA.LDIFF=====dn:
ou=DSA,dc=mtgmilw,dc=biz
objectClass: top
objectClass: organizationalUnit
ou: DSA
description: security accounts for LDAP clients
dn: cn=samba,ou=DSA,dc=mtgmilw,dc=biz
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: {MD5}z6esruJ0bazhCUSsbfqPnw=cn: samba
dn: cn=nssldap,ou=DSA,dc=mtgmilw,dc=biz
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: {MD5}z6esruJ0bazhCUSsbfqPnw=cn: nssldap
dn: cn=smbldap-tools,ou=DSA,dc=mtgmilw,dc=biz
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: {MD5}z6esruJ0bazhCUSsbfqPnw=cn: smbldap-tools
=============================
======LOGFILE-1============[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1344
smb_uid=100
smb_mid=2240
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2005/06/21 16:31:08, 3] smbd/process.c:process_smb(1091)
Transaction 37 of length 45
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(486)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=2304
smt_wct=3
smb_vwv[ 0]=29784 (0x7458)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2005/06/21 16:31:08, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 9027) conn 0x929eb58
[2005/06/21 16:31:08, 4] smbd/uid.c:change_to_user(194)
change_to_user: Skipping user change - already user
[2005/06/21 16:31:08, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168)
search for pipe pnum=7458
[2005/06/21 16:31:08, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1172)
pipe name lsarpc pnum=7458 (pipes_open=1)
[2005/06/21 16:31:08, 5] smbd/pipes.c:reply_pipe_close(260)
reply_pipe_close: pnum:7458
[2005/06/21 16:31:08, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081)
closed pipe name lsarpc pnum=7458 (pipes_open=0)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(486)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=2304
smt_wct=0
smb_bcc=0
[2005/06/21 16:31:08, 3] smbd/process.c:process_smb(1091)
Transaction 38 of length 43
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(486)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=2368
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2005/06/21 16:31:08, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 9027) conn 0x0
[2005/06/21 16:31:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/06/21 16:31:08, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/06/21 16:31:08, 5] auth/auth_util.c:free_server_info(1406)
attempting to free (and zero) a server_info structure
[2005/06/21 16:31:08, 3] smbd/reply.c:reply_ulogoffX(1264)
ulogoffX vuid=100
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(486)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=2368
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2005/06/21 16:31:08, 3] smbd/process.c:process_smb(1091)
Transaction 39 of length 39
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(486)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=2432
smt_wct=0
smb_bcc=0
[2005/06/21 16:31:08, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 9027) conn 0x929eb58
[2005/06/21 16:31:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/06/21 16:31:08, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/06/21 16:31:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/06/21 16:31:08, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/06/21 16:31:08, 3] smbd/service.c:close_cnum(830)
sancho (10.0.0.150) closed connection to service IPC$
[2005/06/21 16:31:08, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/06/21 16:31:08, 4] smbd/vfs.c:vfs_ChDir(660)
vfs_ChDir to /
[2005/06/21 16:31:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/06/21 16:31:08, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(486)
[2005/06/21 16:31:08, 5] lib/util.c:show_msg(496)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=2432
smt_wct=0
smb_bcc=0
[2005/06/21 16:31:08, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/06/21 16:31:08, 5] lib/gencache.c:gencache_shutdown(88)
Closing cache file
[2005/06/21 16:31:08, 5] libsmb/namecache.c:namecache_shutdown(79)
namecache_shutdown: netbios namecache closed successfully.
[2005/06/21 16:31:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/06/21 16:31:08, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/06/21 16:31:08, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/06/21 16:31:08, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/06/21 16:31:08, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/06/21 16:31:08, 5] smbd/oplock.c:receive_local_message(107)
receive_local_message: doing select with timeout of 1 ms
[2005/06/21 16:31:08, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
=====================================================NMBD
LOG================[2005/06/21 19:38:46, 0] smbd/server.c:main(798)
smbd version 3.0.14a-2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/06/21 19:38:46, 1] param/loadparm.c:lp_do_parameter(3159)
WARNING: The "min passwd length" option is deprecated
[2005/06/21 19:38:46, 5] lib/debug.c:debug_dump_status(366)
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
doing parameter log file = /var/log/samba/log.%m
doing parameter load printers = yes
doing parameter guest account = nobody
doing parameter ldap user suffix = ou=Users
doing parameter add group script = /usr/local/sbin/smbldap-groupadd -p
"%g"
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter add user to group script /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
doing parameter mangling method = hash2
doing parameter logon drive = H:
doing parameter deadtime = 10
doing parameter create mask = 0640
doing parameter domain master = yes
doing parameter username map = /etc/samba/smbusers
doing parameter interfaces = 10.0.0.75
doing parameter map to guest = Bad User
doing parameter encrypt passwords = yes
doing parameter passdb backend = ldapsam:ldap://127.0.0.1/
doing parameter logon home doing parameter printer admin = @"Print
Operators"
doing parameter case sensitive = no
doing parameter wins support = yes
doing parameter ldap delete dn = Yes
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter server string = Samba Server %v
doing parameter ldap suffix = dc=mtgmilw,dc=biz
doing parameter logon path doing parameter add user script =
/usr/local/sbin/smbldap-useradd -m "%u"
doing parameter directory mask = 0750
doing parameter set primary group script /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
doing parameter syslog = 0
doing parameter ldap idmap suffix = ou=Users
doing parameter preferred master = Yes
doing parameter unix charset = ISO8859-1
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
doing parameter domain logons = Yes
doing parameter ldap ssl = no
[2005/06/21 19:38:46, 2] param/loadparm.c:do_section(3435)
Processing section "[homes]"
doing parameter comment = Home Directories
doing parameter browseable = no
doing parameter read only = No
doing parameter create mask = 0644
doing parameter directory mask = 0775
[2005/06/21 19:38:46, 2] param/loadparm.c:do_section(3435)
Processing section "[netlogon]"
doing parameter path = /home/netlogon
doing parameter browseable = No
doing parameter read only = yes
[2005/06/21 19:38:46, 2] param/loadparm.c:do_section(3435)
Processing section "[Profiles]"
doing parameter path = /home/profiles
doing parameter browseable = no
doing parameter guest ok = yes
doing parameter read only = no
doing parameter create mask = 0600
doing parameter directory mask = 0700
doing parameter profile acls = yes
doing parameter csc policy = disable
doing parameter force user = %U
doing parameter valid users = %U @"Domain Admins"
[2005/06/21 19:38:46, 2] param/loadparm.c:do_section(3435)
Processing section "[printers]"
doing parameter comment = Network Printers
doing parameter printer admin = @"Print Operators"
doing parameter path = /home/spool/
doing parameter browseable = no
doing parameter guest ok = yes
doing parameter writable = no
doing parameter printable = yes
doing parameter read only = yes
doing parameter print command = /usr/bin/lpr -P%p -r %s
doing parameter lpq command = /usr/bin/lpq -P%p
doing parameter lprm command = /usr/bin/lprm -P%p %j
[2005/06/21 19:38:46, 2] param/loadparm.c:do_section(3435)
Processing section "[print$]"
doing parameter path = /home/printers
doing parameter guest ok = No
doing parameter browseable = yes
doing parameter read only = yes
doing parameter valid users = @"Print Operators"
doing parameter write list = @"Print Operators"
doing parameter create mask = 0664
doing parameter directory mask = 0775
[2005/06/21 19:38:46, 2] param/loadparm.c:do_section(3435)
Processing section "[public]"
doing parameter comment = Public Stuff
doing parameter path = /home/public
doing parameter browseable = yes
doing parameter guest ok = yes
doing parameter directory mask = 0775
doing parameter create mask = 0664
doing parameter read only = no
[2005/06/21 19:38:46, 4] param/loadparm.c:lp_load(3947)
pm_process() returned Yes
[2005/06/21 19:38:46, 3] param/loadparm.c:lp_add_ipc(2404)
adding IPC service
[2005/06/21 19:38:46, 3] param/loadparm.c:lp_add_ipc(2404)
adding IPC service
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:38:46, 3] printing/pcap.c:pcap_cache_reload(114)
reloading printcap cache
[2005/06/21 19:38:46, 5] printing/print_cups.c:cups_cache_reload(71)
reloading cups printcap cache
[2005/06/21 19:38:46, 3] printing/pcap.c:pcap_cache_reload(213)
reload status: ok
[2005/06/21 19:38:46, 3] printing/pcap.c:pcap_cache_reload(114)
reloading printcap cache
[2005/06/21 19:38:46, 5] printing/print_cups.c:cups_cache_reload(71)
reloading cups printcap cache
[2005/06/21 19:38:46, 3] printing/pcap.c:pcap_cache_reload(213)
reload status: ok
[2005/06/21 19:43:15, 0] smbd/server.c:main(798)
smbd version 3.0.14a-2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/06/21 19:43:15, 1] param/loadparm.c:lp_do_parameter(3159)
WARNING: The "min passwd length" option is deprecated
[2005/06/21 19:43:15, 5] lib/debug.c:debug_dump_status(366)
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
doing parameter log file = /var/log/samba/log.%m
doing parameter load printers = yes
doing parameter guest account = nobody
doing parameter ldap user suffix = ou=Users
doing parameter add group script = /usr/local/sbin/smbldap-groupadd -p
"%g"
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter add user to group script /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
doing parameter mangling method = hash2
doing parameter logon drive = H:
doing parameter deadtime = 10
doing parameter create mask = 0640
doing parameter domain master = yes
doing parameter username map = /etc/samba/smbusers
doing parameter interfaces = 10.0.0.75
doing parameter map to guest = Bad User
doing parameter encrypt passwords = yes
doing parameter passdb backend = ldapsam:ldap://127.0.0.1/
doing parameter logon home doing parameter printer admin = @"Print
Operators"
doing parameter case sensitive = no
doing parameter wins support = yes
doing parameter ldap delete dn = Yes
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter server string = Samba Server %v
doing parameter ldap suffix = dc=mtgmilw,dc=biz
doing parameter logon path doing parameter add user script =
/usr/local/sbin/smbldap-useradd -m "%u"
doing parameter directory mask = 0750
doing parameter set primary group script /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
doing parameter syslog = 0
doing parameter ldap idmap suffix = ou=Users
doing parameter preferred master = Yes
doing parameter unix charset = ISO8859-1
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
doing parameter domain logons = Yes
doing parameter ldap ssl = no
[2005/06/21 19:43:15, 2] param/loadparm.c:do_section(3435)
Processing section "[homes]"
doing parameter comment = Home Directories
doing parameter browseable = no
doing parameter read only = No
doing parameter create mask = 0644
doing parameter directory mask = 0775
[2005/06/21 19:43:15, 2] param/loadparm.c:do_section(3435)
Processing section "[netlogon]"
doing parameter path = /home/netlogon
doing parameter browseable = No
doing parameter read only = yes
[2005/06/21 19:43:15, 2] param/loadparm.c:do_section(3435)
Processing section "[Profiles]"
doing parameter path = /home/profiles
doing parameter browseable = no
doing parameter guest ok = yes
doing parameter read only = no
doing parameter create mask = 0600
doing parameter directory mask = 0700
doing parameter profile acls = yes
doing parameter csc policy = disable
doing parameter force user = %U
doing parameter valid users = %U @"Domain Admins"
[2005/06/21 19:43:15, 2] param/loadparm.c:do_section(3435)
Processing section "[printers]"
doing parameter comment = Network Printers
doing parameter printer admin = @"Print Operators"
doing parameter path = /home/spool/
doing parameter browseable = no
doing parameter guest ok = yes
doing parameter writable = no
doing parameter printable = yes
doing parameter read only = yes
doing parameter print command = /usr/bin/lpr -P%p -r %s
doing parameter lpq command = /usr/bin/lpq -P%p
doing parameter lprm command = /usr/bin/lprm -P%p %j
[2005/06/21 19:43:15, 2] param/loadparm.c:do_section(3435)
Processing section "[print$]"
doing parameter path = /home/printers
doing parameter guest ok = No
doing parameter browseable = yes
doing parameter read only = yes
doing parameter valid users = @"Print Operators"
doing parameter write list = @"Print Operators"
doing parameter create mask = 0664
doing parameter directory mask = 0775
[2005/06/21 19:43:15, 2] param/loadparm.c:do_section(3435)
Processing section "[public]"
doing parameter comment = Public Stuff
doing parameter path = /home/public
doing parameter browseable = yes
doing parameter guest ok = yes
doing parameter directory mask = 0775
doing parameter create mask = 0664
doing parameter read only = no
[2005/06/21 19:43:15, 4] param/loadparm.c:lp_load(3947)
pm_process() returned Yes
[2005/06/21 19:43:15, 3] param/loadparm.c:lp_add_ipc(2404)
adding IPC service
[2005/06/21 19:43:15, 3] param/loadparm.c:lp_add_ipc(2404)
adding IPC service
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/06/21 19:43:15, 3] printing/pcap.c:pcap_cache_reload(114)
reloading printcap cache
[2005/06/21 19:43:15, 5] printing/print_cups.c:cups_cache_reload(71)
reloading cups printcap cache
[2005/06/21 19:43:15, 3] printing/pcap.c:pcap_cache_reload(213)
reload status: ok
[2005/06/21 19:43:15, 3] printing/pcap.c:pcap_cache_reload(114)
reloading printcap cache
[2005/06/21 19:43:15, 5] printing/print_cups.c:cups_cache_reload(71)
reloading cups printcap cache
[2005/06/21 19:43:15, 3] printing/pcap.c:pcap_cache_reload(213)
reload status: ok
==================================================messages==================Jun
21 19:32:05 localhost gpm[1855]: *** info [startup.c(95)]:
Jun 21 19:32:05 localhost gpm[1855]: Started gpm successfully. Entered
daemon mode.
Jun 21 19:32:05 localhost gpm[1855]: *** info [mice.c(1766)]:
Jun 21 19:32:05 localhost gpm[1855]: imps2: Auto-detected intellimouse PS/2
Jun 21 19:32:09 localhost fstab-sync[1932]: removed all generated mount points
Jun 21 19:32:09 localhost fstab-sync[1941]: added mount point
/media/floppy for /dev/fd0
Jun 21 19:32:10 localhost fstab-sync[1944]: added mount point
/media/cdrom for /dev/hdc
Jun 21 19:32:21 localhost kernel: mtrr: your processor doesn't support
write-combining
Jun 21 19:33:55 localhost PAM-securetty[2234]: access denied: tty
'pts/1' is not secure !
Jun 21 19:34:00 localhost login[2234]: FAILED LOGIN 1 FROM 10.0.0.2
FOR root, Authentication failure
Jun 21 19:34:09 localhost login[2234]: pam_ldap: ldap_simple_bind
Can't contact LDAP server
Jun 21 19:34:09 localhost login[2234]: Authentication service cannot
retrieve authentication info.
Jun 21 19:34:58 localhost gdm[2179]: pam_ldap: ldap_simple_bind Can't
contact LDAP server
Jun 21 19:34:58 localhost gdm[2179]: Couldn't set acct. mgmt for admin
Jun 21 19:35:05 localhost gdm(pam_unix)[2179]: session opened for user
root by (uid=0)
Jun 21 19:35:08 localhost gconfd (root-2304): starting (version
2.10.0), pid 2304 user 'root'
Jun 21 19:35:08 localhost gconfd (root-2304): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
configuration source at position 0
Jun 21 19:35:08 localhost gconfd (root-2304): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at
position 1
Jun 21 19:35:08 localhost gconfd (root-2304): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only
configuration source at position 2
Jun 21 19:35:16 localhost gconfd (root-2304): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at
position 0
Jun 21 19:38:29 localhost named[2448]: starting BIND 9.3.1 -u named -t
/chroot/named -c /etc/named.conf -d 2
Jun 21 19:38:29 localhost named[2448]: found 1 CPU, using 1 worker thread
Jun 21 19:38:29 localhost named[2448]: loading configuration from
'/etc/named.conf'
Jun 21 19:38:29 localhost named[2448]: listening on IPv4 interface lo,
127.0.0.1#53
Jun 21 19:38:29 localhost named[2448]: listening on IPv4 interface
eth0, 10.0.0.75#53
Jun 21 19:38:29 localhost named[2448]: command channel listening on
127.0.0.1#953
Jun 21 19:38:29 localhost named[2448]: zone 0.0.10.in-addr.arpa/IN:
loaded serial 200506192
Jun 21 19:38:29 localhost named[2448]: zone 0.0.127.in-addr.arpa/IN:
loaded serial 1
Jun 21 19:38:29 localhost named[2448]: zone mtgmilw.biz/IN: loaded
serial 200506191
Jun 21 19:38:29 localhost named[2448]: zone mtgmilw-nt.biz/IN: loaded
serial 200506201
Jun 21 19:38:29 localhost named[2448]: running
Jun 21 19:39:28 localhost remote(pam_unix)[2499]: session opened for
user admin by (uid=0)
Jun 21 19:39:28 localhost -- admin[2499]: LOGIN ON pts/2 BY admin
FROM ns.mtgmilw.biz
Jun 21 19:40:03 localhost su(pam_unix)[2529]: session opened for user
root by (uid=500)
Jun 21 19:45:13 localhost su(pam_unix)[2529]: session closed for user root
Jun 21 19:45:15 localhost remote(pam_unix)[2499]: session closed for user admin
Jun 21 20:01:02 localhost crond(pam_unix)[2816]: session opened for
user root by (uid=0)
Jun 21 20:01:02 localhost crond(pam_unix)[2816]: session closed for user root
Jun 21 20:12:32 localhost remote(pam_unix)[2912]: session opened for
user root by (uid=0)
Jun 21 20:12:32 localhost -- root[2912]: ROOT LOGIN ON pts/2 FROM
ns.mtgmilw.biz
==============================================
Tomasz Chmielewski
2005-Jun-22 07:33 UTC
[Samba] Problem Connecting from Windows to Samba-OpenLDAP PDC
Adam Gritt schrieb:> Every time I try to add a pc to the domain I get the response that it > is an un-recognized user name. I have followed the instructions > located here: > > http://samba.idealx.org/smbldap-howto.en.html > > and am setting it up on a copy of Fedora Core 4 using the default > installed packages and versions. I am also unable to complete step > 4.5 in the guide to test out the setup because it gives me the > following error: > > [root@Fedora4 namedb]# ssh testuser1@xxx.xxx.xxx > testuser1@xxx.xxx.xxx's password: > Permission denied, please try again. > testuser1@xxx.xxx.xxxs password: > Permission denied, please try again. > testuser1@xxx.xxx.xxx's password: > Permission denied (publickey,gssapi-with-mic,password).surely you didn't do something important. does # getent passwd list all your users, including users from LDAP (and that testuser1, and machine accounts with $ at the end)? Try looking at samba logs for the computer you are joining to the domain. It can be so that machine accounts aren't added for some reason (see if your machine accoun is added when you do getent passwd after failed domain join). -- Tomek WPKG - manage software on your workstations with Samba http://wpkg.org
Tomasz Chmielewski
2005-Jun-22 13:48 UTC
[Samba] Problem Connecting from Windows to Samba-OpenLDAP PDC
Adam Gritt schrieb:> As a matter of fact neither the user name nor machine are appearing > when I do a getent. However when I view the openldap settings via imc > or webmin they do list the pc and username that were added so I guess > I did miss something important. I just don't know what at this point.You might check these: set "loglevel 256" in your /etc/openldap/slapd.conf - you will get some OpenLDAP logging. Then restart OpenLDAP, see if the logs appear if you do some LDAP operations. A handy way to clean this log is, while you "debug" your setup: # >/var/log/ldap.log (or other location with the log). Do "getent passwd" and see OpenLDAP logs - you should see some entries? Are there any errors? Do you have /etc/nsswitch.conf set properly? The passwd entry should look like below: passwd: files ldap What distribution are you running? Some of them have an easy way for setting LDAP authentication. -- Tomek WPKG - manage software on your workstations with Samba http://wpkg.org