samba - Mar 2005 - samba 3 and ldapsam_compat

Hi, i'm trying to configure a samba-3.0.9-2.3 with suse 9.2 and
openldap2-2.1.12-74 in another server  but i have a strange problem. My samba
schema is old and i have use the ldapsam_compat parameter on samba 3.

My problem:

I mount a share of samba 3 server on my linux:

# mount -t smbfs -o username=joanr //192.9.200.147/dpd /mnt
Password:
30004: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

The log:

[...]
[2005/03/09 13:00:19, 3] lib/smbldap.c:smbldap_connect_system(858)
  ldap_connect_system: succesful connection to the LDAP server
[2005/03/09 13:00:19, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: joanr
[2005/03/09 13:00:19, 5] passdb/login_cache.c:login_cache_init(41)
  Opening cache file at /var/lib/samba/login_cache.tdb
[2005/03/09 13:00:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/09 13:00:19, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
  ntlm_password_check: Checking NT MD4 password
[2005/03/09 13:00:19, 4] auth/auth_sam.c:sam_account_ok(119)
  sam_account_ok: Checking SMB password for user joanr
[2005/03/09 13:00:19, 5] auth/auth_sam.c:logon_hours_ok(101)
  logon_hours_ok: user joanr allowed to logon at this time (Wed Mar  9 13:00:19
2005
  )
[2005/03/09 13:00:19, 1] auth/auth_util.c:make_server_info_sam(822)
  User joanr in passdb, but getpwnam() fails!
[2005/03/09 13:00:19, 5] auth/auth_util.c:free_server_info(1387)
  attempting to free (and zero) a server_info structure
[2005/03/09 13:00:19, 0] auth/auth_sam.c:check_sam_security(312)
  check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2005/03/09 13:00:19, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [JOANR] FAILED with error
NT_STATUS_NO_SUCH_USER
[2005/03/09 13:00:19, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [JOANR] -> [JOANR] FAILED
with error NT_STATUS_NO_SUCH_USER
[2005/03/09 13:00:19, 5] auth/auth_util.c:free_user_info(1361)
  attempting to free (and zero) a user_info structure
[2005/03/09 13:00:19, 10] auth/auth_util.c:free_user_info(1364)
  structure was created for JOANR
[2005/03/09 13:00:19, 3] smbd/sesssetup.c:do_map_to_guest(41)
  No such user JOANR [LDAP] - using guest account
[...]

The most strange is that if i go to the entry of joanr on my openldap server,
some fields are deleted, for example the ntPassword lmPassword... and the user
is disabled.

My smb.cof:

# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-10-05
[global]
        workgroup = dpd
        username map = /etc/samba/smbusers
        map to guest = Bad User
        passdb backend = ldapsam_compat:ldap://192.168.1.146
        ldap admin dn = cn=Manager,o=unipost
        ldap suffix = o=unipost
        security = user
        encrypt passwords = yes
        netbios name = serverdpd
        hosts allow = 192.9. 127.0.0.1 localhost 192.168.
        wins server = 192.168.1.146
        name resolve order = host wins lmhosts bcast
        interfaces = lo, eth0, eth1, eth2
        os level = 65
        log level = 3 passdb:5 auth:10 winbind:2


[dpd]
        comment = dpd
        path = /home/dpd
        read only = no
        valid users = @informatica9

P.S: i have another samba 2 server and works correctly with this openldap
server.

Any help?

Thanks



Joan Ramos Ramos <mailto:joanr@uni-post.com>
Dpto. Inform?tica
Tel.: +34 932 232 552 (Ext. 260)
Fax.: +34 932 230 151
------------------------------------------------------------------------------------------------------------------------------------------------
Este mensaje es confidencial y ata?e exclusivamente a las personas a las que va
dirigido.
Cualquier opini?n en el contenida, es exclusivo de su autor y no representa
necesariamente
la opinion de UNIPOST, S.A.
Si Ud. no es el destinatario del  mensaje, considerese advertido que lo ha
recibido por error
y que cualquier difusi?n o copia estan terminantemente prohibidos. Si ha
recibido por error,
por favor comuniquelo a UNIPOST, S.A. al n?mero +34 93 223 25 52 o correo
electr?nico
a <support@unipost.es>.

This e-mail is confidential and intended solely for the use of the individual to
whom it is addressed.
Any opinions presented are solely those of the author and do not necessarily
represent those of
UNIPOST, S.A.
If you are not the intended recipient, be advised that you have received this
e-mail in error and that
dissemination, forwarding or copying of this e-mail is strictly prohibited. If
you have received this
e-mail in error please notify it to UNIPOST, S.A. by telephone on number +34 93
223 25 52 or by
e-mail to <support@unipost.es>.
------------------------------------------------------------------------------------------------------------------------------------------------

Joan Ramos Ramos:
> Hi, i'm trying to configure a samba-3.0.9-2.3 with suse 9.2 and
> openldap2-2.1.12-74 in another server  but i have a strange problem. My
> samba schema is old and i have use the ldapsam_compat parameter on samba
> 3.
I'm relatively new here (but have a successful 80 Win 2000/XP Professional
work station, 1150+ user/Openldap 2.0.17) running in production on Samba
3.0.11, but am an old LDAP hand. When I first started with Samba (couple
of weeks ago), I followed the Nevarra so-called HOWTO. It lead me toward
the abyss, which, because I'm an old hand LDAP person I knew instinctively
to avoid - compat and all such shit. It leads you, with Samba 3, to
destruction.

DO NOT USE COMPAT, go all out for samba3, with the complete wherewithall.
Right from the beginning.

And for goodness sake, if you've got as far as OpenLDAP 2.2, do at least
try to stay up to date. The latest stable is 2.2.23.

--Tonni

--
mail: tonye@billy.demon.nl
http://www.billy.demon.nl