Marcelo M. Lopes
2005-Feb-12 01:00 UTC
[Samba] Any ideas - samba3+openldap2.2.15-5: problems loggin users onto domain
Hi, I've got this cenario in my Suse 9.2 box: samba-3.0.7-5 openldap2-2.2.15-5 smbldap-tools-0.8.4-1 So when I try to logon with a defaul user (winnt) I receive C0000001 error code (unsuficient auth). Here the logs for this request: #/var/log /messages Feb 11 19:59:36 glasgow slapd[6674]: conn=583 op=4 SRCH base="dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=2 deref=0 filter="(&(uid=andre)(objectClass=sambaSamAccount))" Feb 11 19:59:36 glasgow slapd[6674]: conn=583 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Feb 11 19:59:36 glasgow slapd[6674]: conn=583 op=4 SEARCH RESULT tag=101 err=0 nentries=1 textFeb 11 19:59:36 glasgow slapd[6674]: conn=581 op=3 UNBIND Feb 11 19:59:36 glasgow slapd[6674]: conn=581 fd=23 closed Feb 11 19:59:36 glasgow slapd[6674]: conn=585 fd=23 ACCEPT from IP=127.0.0.1:41679 (IP=0.0.0.0:389) Feb 11 19:59:36 glasgow slapd[6674]: conn=585 op=0 BIND dn="" method=128 Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=0 RESULT tag=97 err=0 textFeb 11 19:59:37 glasgow slapd[6674]: conn=585 op=1 SRCH base="ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=andre))" Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=1 SEARCH RESULT tag=101 err=0 nentries=1 textFeb 11 19:59:37 glasgow slapd[6674]: conn=586 fd=29 ACCEPT from IP=127.0.0.1:41680 (IP=0.0.0.0:389) Feb 11 19:59:37 glasgow slapd[6674]: conn=585 op=2 UNBIND Feb 11 19:59:37 glasgow slapd[6674]: conn=585 fd=23 closed Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=0 BIND dn="cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br" method=128 Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=0 BIND dn="cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br" mech=SIMPLE ssf=0 Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=0 RESULT tag=97 err=0 textFeb 11 19:59:37 glasgow slapd[6674]: conn=586 op=1 SRCH base="ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=andre))" Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=2 SRCH base="ou=Groups,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope=1 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=andre) (uniqueMember=uid=andre,ou=users,dc=labredes,dc=tre-sc,dc=gov,dc=br)))" Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Feb 11 19:59:37 glasgow slapd[6674]: conn=586 op=1 SEARCH RESULT tag=101 err=0 nentries=1 textFeb 11 19:59:37 glasgow slapd[6674]: conn=586 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text Here user attribs: # andre, Users, labredes.tre-sc.gov.br dn: uid=andre,ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: andre sn: andre uid: andre uidNumber: 1008 gidNumber: 513 homeDirectory: /home//andre loginShell: /bin/bash gecos: System User description: System User sambaSID: S-1-5-21-1320336019-1651555980-3662787651-3016 sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-512 displayName: System User sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaAcctFlags: [U ] sambaProfilePath: \\glasgow\profilesandre sambaHomePath: \\glasgow\homes sambaPwdCanChange: 1108157871 sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409 sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 sambaPwdLastSet: 1108157871 userPassword:: e01ENX1KZFZhMG9PcVFBcjBaTWR0Y1R3SHJRPT0 Any ideas???? Thanks in advance, -- Marcelo M. Lopes Tribunal Regional Eleitoral de Santa Catarina SIE/CI/Redes e Comunica??o de Dados E-mail: marcelo@tre-sc.gov.br Fone/Fax: 55 48 251-3700 Site: www.tre-sc.gov.br Follow my conf files: #slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/openldap/modules access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attr=userPassword,userPKCS12 by self write by * auth access to attr=shadowLastChange by self write by * read access to * by * read database ldbm checkpoint 1024 5 cachesize 10000 suffix "dc=labredes,dc=tre-sc,dc=gov,dc=br" rootdn "cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br" rootpw ******** directory /var/lib/ldap index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read #smb.conf [global] workgroup = LABREDES netbios name = GLASGOW server string = SAMBA-LDAP PDC Server unix password sync = yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes ; SAMBA-LDAP declarations passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br ldap suffix = dc=labredes,dc=tre-sc,dc=gov,dc=br ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$ add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = yes delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" security = user encrypt passwords = yes domain logons = yes domain master = yes idmap backend = ldap:ldap://127.0.0.1/ ldap idmap suffix = ou=Idmap local master = yes os level = 65 preferred master = yes [homes] comment = Home Directories valid users = %S read only = no create mask = 0664 directory mask = 0775 browseable = no [export] comment = path = /windows/C printable = no browseable = yes force create mode = 0777 force directory mode = 0777 guest ok = yes writeable = Yes [profiles] comment = Network Profiles Service path = %H read only = no store dos attributes = yes create mask = 0600 directory mask = 0700 [users] comment = All users path = /home read only = no inherit acls = yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = no inherit acls = yes [pdf] comment = PDF creator path = /var/tmp printable = yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 [printers] comment = All Printers path = /var/tmp printable = yes create mask = 0600 browseable = no [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 #ldap.conf TLS_REQCERT allow host 127.0.0.1 base dc=labredes,dc=tre-sc,dc=gov,dc=br rootbinddn cn=Manager,dc=labredes,dc=tre-sc,dc=gov,dc=br nss_base_passwd ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br?one nss_base_passwd ou=Computers,dc=labredes,dc=tre-sc,dc=gov,dc=br?one nss_base_shadow ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br?one nss_base_group ou=Groups,dc=labredes,dc=tre-sc,dc=gov,dc=br?one ssl no pam_password md5 #smbldap.conf UID_START="1000" GID_START="1000" SID="S-1-5-21-3703471949-3718591838-2324585696" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" suffix="dc=labredes,dc=tre-sc,dc=gov,dc=br" usersdn="ou=Users,dc=labredes,dc=tre-sc,dc=gov,dc=br" computersdn="ou=Computers,dc=labredes,dc=tre-sc,dc=gov,dc=br" groupsdn="ou=Groups,dc=labredes,dc=tre-sc,dc=gov,dc=br" scope="sub" hash_encrypt="SSHA" userLoginShell="/bin/bash" userHomePrefix="/home/" userGecos="System User" defaultUserGid="513" defaultComputerGid="553" skeletonDir="/etc/skel" defaultMaxPasswordAge="55" userSmbHome="\\glasgow\homes" userProfile="\\glasgow\profiles" userHomeDrive="F:" userScript="\\drivef\rede\public\.dominio\winnt\profile.cmd" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" mk_ntpasswd="/usr/local/sbin/mkntpwd"
paul kölle
2005-Feb-12 12:07 UTC
[Samba] Re: Any ideas - samba3+openldap2.2.15-5: problems loggin users onto domain
Marcelo M. Lopes wrote: > Hi, > > I've got this cenario in my Suse 9.2 box: > > samba-3.0.7-5 > openldap2-2.2.15-5 > smbldap-tools-0.8.4-1 > > So when I try to logon with a defaul user (winnt) I receive C0000001 error > code (unsuficient auth). Here the logs for this request: > <-- snip --> Marcelo, At a first glance, there is no error in you log from slapd. All queries return err=0 and nentries=1 right? Maybe looking for errors in your samba logs might help. hth Paul
Reasonably Related Threads
- LDAP issue, access denied adding machine to domain, and LDAP user can't make unix-login on the box.
- Fwd: Migrating server
- Samba 3.0.22-11 as PDC with openLDAP 2.3.19 => Problem with Shares
- Cannot join to domain: Username could not be found.
- Samba+LDAP Groups resolving problem