zdennis
2006-Jul-11 17:54 UTC
[Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have seen this problem posted several times and the common answer doesn't seem to be doing it for me. Here's the error: Trying to load: ldapsam_compat:ldap://127.0.0.1/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat) Found pdb backend ldapsam_compat pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search_ext: base => [dc=mktec,dc=com], filter => [(&(uid=Aries$)(objectclass=sambaAccount))], scope => [2] The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://127.0.0.1/ smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=mktec,dc=com" ldap_connect_system: succesful connection to the LDAP server Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ? Failed to modify password entry for user Aries$ ldap_connect_system: LDAP server does support paged results The LDAP server is succesfully connected ldapsam_getsampwnam: Unable to locate user [Aries$] count=0 Finding user Aries$ Trying _Get_Pwnam(), username as lowercase is aries$ Trying _Get_Pwnam(), username as given is Aries$ Trying _Get_Pwnam(), username as uppercase is ARIES$ Checking combinations of 0 uppercase letters in aries$ Get_Pwnam_internals didn't find user [Aries$]! Here is the configuration: - -----------START CONFIGURATION------------------- [global] workgroup = mktec.com netbios name = MKTEC server string = %h server (Samba %v) wins support = yes dns proxy = yes name resolve order = wins lmhosts host bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam_compat:ldap://127.0.0.1/ obey pam restrictions = no invalid users = root ldap admin dn = cn=admin,dc=mktec,dc=com ldap suffix = dc=mktec,dc=com ldap group suffix= ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Users ldap idmap suffix = ou=Users ldap ssl = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" enable privileges = yes domain logons = yes domain master = yes preferred master = yes local master = yes load printers = no socket options = TCP_NODELAY [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes read only = yes write list writable = no share modes = no [profiles] comment = Users profiles path = /var/lib/samba/profiles read only = no guest ok = no browseable = no create mask = 0600 directory mask = 0700 - -----------END CONFIGURATION------------------- I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP directory layed out with the basic Users, Computers, Groups organizational units in existance. I am running on a Ubuntu Dapper server: samba 3.0.22-1 openldap (slapd) 2.2.26-5 Any input or help is greatly appreciated. Thanks, Zach -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEs+FgMyx0fW1d8G0RAmfwAJ0YSw/9CW+hJ0fvwbO/GozZsRN5ZQCfVCM/ MkuJjeCo+bjRZFXZM7TSUY0=Eyju -----END PGP SIGNATURE-----
zdennis
2006-Jul-11 20:47 UTC
[Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since I am using an LDAP backend, should I restrict myself from using the smbpasswd and like commands? I can add my machine account using smbldap-* utilities. Zach zdennis wrote:> I have seen this problem posted several times and the common answer doesn't seem to be doing it for me. > > Here's the error: > > Trying to load: ldapsam_compat:ldap://127.0.0.1/ > Attempting to register passdb backend ldapsam > Successfully added passdb backend 'ldapsam' > Attempting to register passdb backend ldapsam_compat > Successfully added passdb backend 'ldapsam_compat' > Attempting to register passdb backend NDS_ldapsam > Successfully added passdb backend 'NDS_ldapsam' > Attempting to register passdb backend NDS_ldapsam_compat > Successfully added passdb backend 'NDS_ldapsam_compat' > Attempting to register passdb backend smbpasswd > Successfully added passdb backend 'smbpasswd' > Attempting to register passdb backend tdbsam > Successfully added passdb backend 'tdbsam' > Attempting to register passdb backend guest > Successfully added passdb backend 'guest' > Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat) > Found pdb backend ldapsam_compat > pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > smbldap_search_ext: base => [dc=mktec,dc=com], filter => [(&(uid=Aries$)(objectclass=sambaAccount))], scope => [2] > The connection to the LDAP server was closed > smb_ldap_setup_connection: ldap://127.0.0.1/ > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=mktec,dc=com" > ldap_connect_system: succesful connection to the LDAP server > Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ? > Failed to modify password entry for user Aries$ > ldap_connect_system: LDAP server does support paged results > The LDAP server is succesfully connected > ldapsam_getsampwnam: Unable to locate user [Aries$] count=0 > Finding user Aries$ > Trying _Get_Pwnam(), username as lowercase is aries$ > Trying _Get_Pwnam(), username as given is Aries$ > Trying _Get_Pwnam(), username as uppercase is ARIES$ > Checking combinations of 0 uppercase letters in aries$ > Get_Pwnam_internals didn't find user [Aries$]! > > > Here is the configuration: > > -----------START CONFIGURATION------------------- > [global] > workgroup = mktec.com > netbios name = MKTEC > server string = %h server (Samba %v) > wins support = yes > dns proxy = yes > name resolve order = wins lmhosts host bcast > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > security = user > encrypt passwords = true > > passdb backend = ldapsam_compat:ldap://127.0.0.1/ > obey pam restrictions = no > invalid users = root > > ldap admin dn = cn=admin,dc=mktec,dc=com > ldap suffix = dc=mktec,dc=com > ldap group suffix= ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Users > ldap idmap suffix = ou=Users > ldap ssl = no > > passwd program = /usr/sbin/smbldap-passwd %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* > > add user script = /usr/sbin/smbldap-useradd -m "%u" > > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > enable privileges = yes > > domain logons = yes > domain master = yes > preferred master = yes > local master = yes > > load printers = no > socket options = TCP_NODELAY > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > guest ok = yes > read only = yes > write list > writable = no > share modes = no > > [profiles] > comment = Users profiles > path = /var/lib/samba/profiles > read only = no > guest ok = no > browseable = no > create mask = 0600 > directory mask = 0700 > -----------END CONFIGURATION------------------- > > I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which > suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP > directory layed out with the basic Users, Computers, Groups organizational units in existance. > > I am running on a Ubuntu Dapper server: > samba 3.0.22-1 > openldap (slapd) 2.2.26-5 > > Any input or help is greatly appreciated. Thanks, > > Zach > > > >-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEtA/rMyx0fW1d8G0RAraFAJ9Z9kfEn03GuSGpkb7r0Rc86th8VACfTr25 cqX/gs+8H1VPe5XrnzX4gqQ=3YIr -----END PGP SIGNATURE-----
Cybionet
2006-Jul-12 04:43 UTC
[Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user
Greating Zach, Samba 3 with LDAP backend work perfectly without problem (For Windows and Linux client). But be sure that your configuration are OK. With the log, I can suppose that you can?t reach your LDAP directory entry and the Aries computer don?t exist in the LDAP directory. Here some input. First, make some modifications to your smb.conf. [global] # Change the next line, you can?t possess .com. workgroup = mktec netbios name = MKTEC server string = %h server (Samba %v) wins support = yes # Did your Samba is a DNS proxy?? Remove it. ; dns proxy = yes # Not usefull. The default value is ok. ; name resolve order = wins lmhosts host bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user encrypt passwords = true # Change the next line like this, you don?t want to use Samba2. passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=admin,dc=mktec,dc=com ldap suffix = dc=mktec,dc=com # The following lines are not necessary. You will specify these entries in the # /etc/openldap/ldap.conf. ; ldap group suffix= ou=Groups ; ldap user suffix = ou=Users ; ldap machine suffix = ou=Users ; ldap idmap suffix = ou=Users # Don?t need to specify, it?s by default. ; ldap ssl = no # Here you using idealix scripts I can?t help you. I think using phpLDAPAdmin is better?but it?s only a opinion. # ################################################################# passwd program = /usr/sbin/smbldap-passwd %u passwd chat = ****New*password** %n\n ****Retype*new*password** %n\n ****all*authentication*tokens*updated** add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" enable privileges = yes # ################################################################ domain logons = yes domain master = yes preferred master = yes local master = yes # Add this line to be sure that your server was DMB and LMB. os level = 65 # Very necessary to be specified? ; load printers = no socket options = TCP_NODELAY [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon # Just use. browseable = no read only = yes ; guest ok = yes ; read only = yes # The next line have incomplete syntax. ; write list ; writable = no ; share modes = no [profiles] comment = Users profiles path = /var/lib/samba/profiles read only = no # Not realy necessairy if you don?t use roaming profile. ; guest ok = no ; browseable = no ; create mask = 0600 ; directory mask = 0700 After that, be sure that you have done this command. Samba need it to access LDAP. It?s the cn=admin,dc=mktec,dc=com password. smbpasswd -w password Also check that the ldap.conf in /etc/openldap/ldap.conf is OK. He must be like that. BASE dc= mktec,dc=com URI ldap://127.0.0.1 rootbinddn cn=admin,dc=mktec,dc=com scope one ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid pam_password exop #Base parameters. nss_base_passwd dc=mktec,dc=com nss_base_shadow dc=mktec,dc=com # Advanced parameters. nss_base_passwd ou=Users,dc=mktec,dc=com?sub nss_base_shadow ou=Users,dc=mktec,dc=com?sub nss_base_group ou=Groups,dc=mktec,dc=com?sub # Why don?t use Computers in your DIT? # nss_base_hosts ou=Computers,dc=mktec,dc=com nss_base_hosts ou=Users,dc=mktec,dc=com Did your Samba server can ping yourservername.mkteck.com? If not, ajust your resolv.conf (if you use BIND) or/and add the map in the hosts file. And at last, be sure the mktec.com, the computer Aries$ and cn=admin,dc=mktec,dc=com exist in LDAP directory. Hope that can help! Robert>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I have seen this problem posted several times and the common answer doesn't seem to be doing it for me. > >Here's the error: > >Trying to load: ldapsam_compat:ldap://127.0.0.1/ >Attempting to register passdb backend ldapsam >Successfully added passdb backend 'ldapsam' >Attempting to register passdb backend ldapsam_compat >Successfully added passdb backend 'ldapsam_compat' >Attempting to register passdb backend NDS_ldapsam >Successfully added passdb backend 'NDS_ldapsam' >Attempting to register passdb backend NDS_ldapsam_compat >Successfully added passdb backend 'NDS_ldapsam_compat' >Attempting to register passdb backend smbpasswd >Successfully added passdb backend 'smbpasswd' >Attempting to register passdb backend tdbsam >Successfully added passdb backend 'tdbsam' >Attempting to register passdb backend guest >Successfully added passdb backend 'guest' >Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat) >Found pdb backend ldapsam_compat >pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init >Attempting to find an passdb backend to match guest (guest) >Found pdb backend guest >pdb backend guest has a valid init >smbldap_search_ext: base => [dc=mktec,dc=com], filter => [(&(uid=Aries$)(objectclass=sambaAccount))], scope => [2] >The connection to the LDAP server was closed >smb_ldap_setup_connection: ldap://127.0.0.1/ >smbldap_open_connection: connection opened >ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=mktec,dc=com" >ldap_connect_system: succesful connection to the LDAP server >Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ? >Failed to modify password entry for user Aries$ >ldap_connect_system: LDAP server does support paged results >The LDAP server is succesfully connected >ldapsam_getsampwnam: Unable to locate user [Aries$] count=0 >Finding user Aries$ >Trying _Get_Pwnam(), username as lowercase is aries$ >Trying _Get_Pwnam(), username as given is Aries$ >Trying _Get_Pwnam(), username as uppercase is ARIES$ >Checking combinations of 0 uppercase letters in aries$ >Get_Pwnam_internals didn't find user [Aries$]! > > >Here is the configuration: > >- -----------START CONFIGURATION------------------- >[global] >workgroup = mktec.com >netbios name = MKTEC >server string = %h server (Samba %v) >wins support = yes >dns proxy = yes >name resolve order = wins lmhosts host bcast >log file = /var/log/samba/log.%m >max log size = 1000 >syslog = 0 >panic action = /usr/share/samba/panic-action %d >security = user >encrypt passwords = true > >passdb backend = ldapsam_compat:ldap://127.0.0.1/ >obey pam restrictions = no >invalid users = root > >ldap admin dn = cn=admin,dc=mktec,dc=com >ldap suffix = dc=mktec,dc=com >ldap group suffix= ou=Groups >ldap user suffix = ou=Users >ldap machine suffix = ou=Users >ldap idmap suffix = ou=Users >ldap ssl = no > >passwd program = /usr/sbin/smbldap-passwd %u >passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* > >add user script = /usr/sbin/smbldap-useradd -m "%u" > >ldap delete dn = Yes >delete user script = /usr/sbin/smbldap-userdel "%u" >add machine script = /usr/sbin/smbldap-useradd -w "%u" >add group script = /usr/sbin/smbldap-groupadd -p "%g" >delete group script = /usr/sbin/smbldap-groupdel "%g" >add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" >set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >enable privileges = yes > >domain logons = yes >domain master = yes >preferred master = yes >local master = yes > >load printers = no >socket options = TCP_NODELAY > >[netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > guest ok = yes > read only = yes > write list > writable = no > share modes = no > >[profiles] > comment = Users profiles > path = /var/lib/samba/profiles > read only = no > guest ok = no > browseable = no > create mask = 0600 > directory mask = 0700 >- -----------END CONFIGURATION------------------- > >I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which >suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP >directory layed out with the basic Users, Computers, Groups organizational units in existance. > >I am running on a Ubuntu Dapper server: > samba 3.0.22-1 > openldap (slapd) 2.2.26-5 > >Any input or help is greatly appreciated. Thanks, > >Zach > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.1 (GNU/Linux) >Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > >iD8DBQFEs+FgMyx0fW1d8G0RAmfwAJ0YSw/9CW+hJ0fvwbO/GozZsRN5ZQCfVCM/ >MkuJjeCo+bjRZFXZM7TSUY0>=Eyju >-----END PGP SIGNATURE----- > >