Robert Silvia
2004-Nov-25 18:57 UTC
[Samba] A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
I keep getting the following errors when I try to log on to my domain or access a share (some how I have no clue I was able to get one computer to access the samba domain). It is a standalone PDC, ldap on the same computer. This problem has been killing me for about a week, any help would be greatly appreciated I'm running samba 3.0.9 on redhat 9 stock ldap server that comes with redhat 9 nss_ldap installed from apt (include nss_pam) Used idealx to do all my prep. testuser does indeed exist as I can login with him from the one computer that I managed to get onot the domain. I added the user via smbldap-tools. Which is configured correctly with the linux box SID... I'm at a complete loss... Here's the error: [2004/11/25 12:19:58, 5] auth/auth_util.c:is_trusted_domain(1448) is_trusted_domain: Checking for domain trust with [PDS-SUPPORT] [2004/11/25 12:19:58, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(334) secrets_fetch failed! [2004/11/25 12:19:59, 1] auth/auth_util.c:make_server_info_sam(822) User testuser in passdb, but getpwnam() fails! [2004/11/25 12:19:59, 5] auth/auth_util.c:free_server_info(1344) attempting to free (and zero) a server_info structure [2004/11/25 12:19:59, 0] auth/auth_sam.c:check_sam_security(306) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2004/11/25 12:19:59, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [testuser] FAILED with error NT_STATUS_NO_SUCH_USER [2004/11/25 12:19:59, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [PDS-SUPPORT] was for this SAM. [2004/11/25 12:19:59, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: winbind had nothing to say [2004/11/25 12:19:59, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [testuser] -> [testuser] FAILED with error NT_STATUS_NO_SUCH_USER [2004/11/25 12:19:59, 5] auth/auth_util.c:free_user_info(1318) attempting to free (and zero) a user_info structure [2004/11/25 12:19:59, 10] auth/auth_util.c:free_user_info(1321) structure was created for testuser [2004/11/25 12:19:59, 3] smbd/sesssetup.c:do_map_to_guest(41) No such user testuser [PDS-SUPPORT] - using guest account [2004/11/25 12:19:59, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 Here's my configuration: My system auth looks like: auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 typepassword sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so My /etc/ldap.conf is setup as (world readable): base dc=pds-support,dc=net rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net nss_base_passwd dc=pds-support,dc=net?sub nss_base_shadow dc=pds-support,dc=net?sub nss_base_group ou=Groups,dc=pds-support,dc=net?one ssl no pam_password md5 and my /etc/nsswitch.conf (world readable) passwd: files ldap shadow: files ldap group: files ldap I have /etc/ldap.secret set to world readable atm moment with the password (I plan on changing this once I have it working)
Tomasz Chmielewski
2004-Nov-25 19:47 UTC
[Samba] A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Robert Silvia wrote:> Here's my configuration: > > > My system auth looks like: > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > auth sufficient /lib/security/pam_ldap.so use_first_pass > auth required /lib/security/pam_deny.so > > account required /lib/security/pam_unix.so > account sufficient /lib/security/pam_ldap.so > > password required /lib/security/pam_cracklib.so retry=3 type> password sufficient /lib/security/pam_unix.so nullok use_authtok > md5 shadow > password sufficient /lib/security/pam_ldap.so use_authtok > password required /lib/security/pam_deny.so > > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > session optional /lib/security/pam_ldap.so > > My /etc/ldap.conf is setup as (world readable): > base dc=pds-support,dc=net > rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net > nss_base_passwd dc=pds-support,dc=net?sub > nss_base_shadow dc=pds-support,dc=net?sub > nss_base_group ou=Groups,dc=pds-support,dc=net?one > ssl no > pam_password md5 > > and my /etc/nsswitch.conf (world readable) > passwd: files ldap > shadow: files ldap > group: files ldap > > > I have /etc/ldap.secret > set to world readable atm moment with the password (I plan on changing > this once I have it working)Yeah setting Samba to work with LDAP properly can be really painful. Could you try setting /etc/ldap.conf like below (witout ldap.secret file): SIZELIMIT 200 TIMELIMIT 15 DEREF never host 127.0.0.1 base dc=magista,dc=de binddn cn=Manager,dc=magista,dc=de bindpw secret-password-in-plain pam_password exop nss_base_passwd dc=magista,dc=de?sub nss_base_shadow dc=magista,dc=de?sub nss_base_group ou=Groups,dc=magista,dc=de?one Tomek
Possibly Parallel Threads
- Problem with OpenLDAP/Samba/NSS -> ERROR : User xxx in passdb, but getpwnam() fails!
- can't join domain / smbldap-useradd -w machine not working
- LDAP users/groups not showing up with nis, pam, & ldap
- Problem with User and Group Ownership listing
- TLSVerifyClient demand or try