thr3ads.net - samba - [Samba] SuSE 9.3 + Samba 3 + LDAP [Aug 2005]

If this information is useful, please help other people find it:
Share via:

Geoffrey Scott

2005-Aug-11 00:36 UTC

[Samba] SuSE 9.3 + Samba 3 + LDAP

Horst B. Simon wrote:> Hi All,
> 
> I have OX with Samba 3 and Ldap working fine, except that workstation
> can not join the domain. When I try to join the domain I get
> following error message: The following error occurred attempting to
> join the domain. Can not find user name in Domain. But the user is
> there and it creates the computer in ou=computers in ldap. All users
> have no problems accessing the samba shares and using OX. Anyone in
> this group has successful joined a computer into ldap with OX and
> Samba3?      
> 
> Regards,
> Horst
Horst,
	Is the user either root account in LDAP or been given sepriveledges
as per chapter 5 of JHT example book?  Does your smb.conf point to the
correct part of ldap for your users?  Have nss and pam been configured
pointing correctly to where to the users are?  Is the user that you are
trying actually in that part of LDAP?  Eg.  You aren't trying to use:

cn=Manager,dc=hsimon,dc=com,dc=au

When your users are in :

ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au

Are you?

Cheers Geoff

Horst B. Simon

2005-Aug-11 02:21 UTC

head link

[Samba] Re: SuSE 9.3 + Samba 3 + LDAP

On Aug 11, 2005 10:35 AM, Geoffrey Scott <geoffs@guestshire.com> wrote:
>Horst B. Simon wrote:
>>Hi All,
>>
>>I have OX with Samba 3 and Ldap working fine, except that workstation
>>can not join the domain. When I try to join the domain I get
>>following error message: The following error occurred attempting to
>>join the domain. Can not find user name in Domain. But the user is
>>there and it creates the computer in ou=computers in ldap. All users
>>have no problems accessing the samba shares and using OX. Anyone in
>>this group has successful joined a computer into ldap with OX and
>>Samba3?
>>
>>Regards,
>>Horst
>
>Horst,
>Is the user either root account in LDAP or been given sepriveledges
>as per chapter 5 of JHT example book? Does your smb.conf point to the
>correct part of ldap for your users? Have nss and pam been configured
>pointing correctly to where to the users are? Is the user that you are
>trying actually in that part of LDAP? Eg. You aren't trying to use:
>
>cn=Manager,dc=hsimon,dc=com,dc=au
>
>When your users are in :
>
>ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au
>
>Are you?
>
>Cheers Geoff
>Hi Geoff,
?
I am not near the box now, I think you are on the right track. I will
post tonight the relevant parts of my ldap.conf and smb.conf. Yes my
binddn?is uid=Manager,dc=hsimon,dc=com,dc=au and the user are in
ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au. I tried to use the root
user and I set up a administrator according
to the information?in the?IDEALX document.
?
Cheers,
Horst

Horst Simon

2005-Aug-11 13:32 UTC

head link

[Samba] Re: SuSE 9.3 + Samba 3 + LDAP

On Thu, 11 Aug 2005 10:35, Geoffrey Scott wrote:> Horst B. Simon wrote:
> > Hi All,
> >
> > I have OX with Samba 3 and Ldap working fine, except that workstation
> > can not join the domain. When I try to join the domain I get
> > following error message: The following error occurred attempting to
> > join the domain. Can not find user name in Domain. But the user is
> > there and it creates the computer in ou=computers in ldap. All users
> > have no problems accessing the samba shares and using OX. Anyone in
> > this group has successful joined a computer into ldap with OX and
> > Samba3?
> >
> > Regards,
> > Horst
>
> Horst,
> 	Is the user either root account in LDAP or been given sepriveledges
> as per chapter 5 of JHT example book?  Does your smb.conf point to the
> correct part of ldap for your users?  Have nss and pam been configured
> pointing correctly to where to the users are?  Is the user that you are
> trying actually in that part of LDAP?  Eg.  You aren't trying to use:
>
> cn=Manager,dc=hsimon,dc=com,dc=au
>
> When your users are in :
>
> ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au
>
> Are you?
>
> Cheers Geoff
Hi,

Following are part of slapd.conf, smb.conf and samba log for the client.
Maybe someone know what the log file output mean.

Regards,
Horst

in /etc/openldap/slapd.conf
suffix          "dc=hsc-consulting,dc=com,dc=au"
rootdn          "uid=mailadmin,dc=hsc-consulting,dc=com,dc=au"

in /etc/ldap.conf
host 127.0.0.1
base dc=hsc-consulting,dc=com,dc=au
ldap_version 3
binddn uid=mailadmin,dc=hsc-consulting,dc=com,dc=au
timelimit 50
bind_timelimit 50
bind_policy hard
nss_base_passwd ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
nss_base_shadow ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one
nss_base_group  ou=Groups,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one

in smb.conf
        passdb backend = ldapsam:ldap://127.0.0.1/
        ldap admin dn = uid=mailadmin,dc=hsc-consulting,dc=com,dc=au
        ldap suffix = dc=hsc-consulting,dc=com,dc=au
        ldap group suffix = ou=Groups,ou=OxObjects
        ldap user suffix = ou=Users,ou=OxObjects
        ldap machine suffix = ou=Computers,ou=OxObjects
        ldap ssl = No
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u"
"%g"
       delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g"
"%u"
        enable privileges = yes
        domain master = yes
        domain logons = yes
        encrypt passwords = yes
        ldap passwd sync = Yes
        log level = 3
        syslog = 0
        log file = /var/log/samba/log.%m

part of client log
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user 
[HSC-CONSULTING]\[root]@[JUPITER-KO] with the new password interface
[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [HSC-CONSULTING]\[root]@[JUPITER-KO]
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-500]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-2]  pop_sec_ctx (0, 0) 
- sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-500]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-1001]
[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
  User name: root       Real name: root
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
  UNIX uid 0 is UNIX user root, and will be vuid 100
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
  Adding homes service for user 'root' using home directory:
'/root'
[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
  adding home's share [root] for user 'root' at '/root'
[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
  Transaction 3 of length 84
[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
  switch message SMBtconX (pid 7053) conn 0x0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)  pop_sec_ctx (0, 
0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-500]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/08/07 10:22:31, 3] lib/privileges.c:get_privileges(249)
  get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-1001]
[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
  User name: root       Real name: root
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
  UNIX uid 0 is UNIX user root, and will be vuid 100
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
  Adding homes service for user 'root' using home directory:
'/root'
[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
  adding home's share [root] for user 'root' at '/root'
[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
  Transaction 3 of length 84
[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
  switch message SMBtconX (pid 7053) conn 0x0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

  get_privileges: No privileges assigned to SID 
[S-1-5-21-2848152307-2665265979-542469840-1001]
[2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [root] succeeded
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/08/07 10:22:31, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2005/08/07 10:22:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/08/07 10:22:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(222)
  User name: root       Real name: root
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(241)
  UNIX uid 0 is UNIX user root, and will be vuid 100
[2005/08/07 10:22:31, 3] smbd/password.c:register_vuid(270)
  Adding homes service for user 'root' using home directory:
'/root'
[2005/08/07 10:22:31, 3] param/loadparm.c:lp_add_home(2360)
  adding home's share [root] for user 'root' at '/root'
[2005/08/07 10:22:31, 3] smbd/process.c:process_smb(1091)
  Transaction 3 of length 84
[2005/08/07 10:22:31, 3] smbd/process.c:switch_message(886)
  switch message SMBtconX (pid 7053) conn 0x0
[2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

Possibly Parallel Threads

Search for more apparently analagous threads

samba - Aug 2005 - SuSE 9.3 + Samba 3 + LDAP

[Samba] SuSE 9.3 + Samba 3 + LDAP

[Samba] Re: SuSE 9.3 + Samba 3 + LDAP

[Samba] Re: SuSE 9.3 + Samba 3 + LDAP

Possibly Parallel Threads