samba - Jun 2005 - smbldap- only user root can login to windows.

After getting samba,ldap and smbtools setup and joining machines to the domain 
successfully,  the only user that can login to the win2k boxes is the user 
root created initially by the smbldap scripts.  Any other user comes up with 
a bad username and password message in windows.  

Any of the users I've tried to login to the windows box can login to other 
linux machines,  can connect using smbclient to it's home share,  can be
seen
on the domain controller using getent passwd|shadow.

I am using debian sarge with samba 3.0.14a-3, slapd 2.2.23-5 and smbldap-tools 
0.9.1

Below are log snippets from slapd and samba for both failed attempts (user 
windowsguy) and a successfull login (root). ip's and base have been sed 
filtered.  The guts of the problem is when a user other then root logs in and 
gets 

[2005/06/17 15:51:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: windowsguy
[2005/06/17 15:51:49, 1] auth/auth_util.c:make_server_info_sam(840)
  User windowsguy in passdb, but getpwnam() fails!
[2005/06/17 15:51:49, 0] auth/auth_sam.c:check_sam_security(324)
  check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_NO_SUCH_USER'

but all logs supplied.

Ryan



Failed attempt
slapd.log

Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 fd=10 ACCEPT from 
IP=127.0.0.1:34113 (IP=0.0.0.0:389)
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=0 BIND 
dn="cn=smbadmin,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=0 BIND 
dn="cn=smbadmin,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=0 RESULT tag=97 err=0 textJun
17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=1 SRCH 
attr=supportedControl
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=1 ENTRY dn=""
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=2 SRCH 
base="dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0
filter="(&(uid=win2k$)
(objectClass=sambaSamAccoun
t))"
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
s
ambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive 
sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstati
ons sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword 
sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBad
PasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours 
modifyTimestamp
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=2 ENTRY 
dn="uid=win2k$,ou=Computers,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=3 SRCH 
base="dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0
filter="(&(uid=windowsguy)
(objectClass=sambaSamAc
count))"
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=3 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
s
ambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive 
sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstati
ons sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword 
sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBad
PasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours 
modifyTimestamp
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=3 ENTRY 
dn="uid=windowsguy,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=101 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 fd=16
ACCEPT from
IP=192.168.240.17:34114 (IP=0.0.0.0:389)
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=0 BIND dn=""
method=128
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=0 RESULT tag=97 err=0 textJun
17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=1 SRCH
base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
filter="(&(objectClass=posixAccount)(uid
=windowsguy))"
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=1 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectCla
ss
Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=1 SEARCH RESULT tag=101 
err=0 nentries=0 textJun 17 15:54:26 ywgldap0 slapd[16885]: conn=101 op=4 UNBIND
Jun 17 15:54:26 ywgldap0 slapd[16885]: conn=101 fd=10 closed
Jun 17 15:54:26 ywgldap0 slapd[16885]: conn=102 fd=16 closed

SAMBA
[2005/06/17 15:51:42, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Connection reset by peer
[2005/06/17 15:51:42, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by 
peer
[2005/06/17 15:51:42, 0] lib/util_sock.c:send_smb(647)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/06/17 15:51:42, 2] smbd/server.c:exit_server(609)
  Closing connections
[2005/06/17 15:51:49, 2] rpc_parse/parse_prs.c:netsec_decode(1594)
  netsec_decode: FAILED: packet sequence number:
[2005/06/17 15:51:49, 2] lib/util.c:dump_data(1995)
  [000] 2F 5D 35 7D C5 F5 6E 88                           /]5}..n.
[2005/06/17 15:51:49, 2] rpc_parse/parse_prs.c:netsec_decode(1596)
  should be:
[2005/06/17 15:51:49, 2] lib/util.c:dump_data(1995)
  [000] 00 00 00 00 80 00 00 00                           ........
[2005/06/17 15:51:49, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/06/17 15:51:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: win2k$
[2005/06/17 15:51:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: windowsguy
[2005/06/17 15:51:49, 1] auth/auth_util.c:make_server_info_sam(840)
  User windowsguy in passdb, but getpwnam() fails!
[2005/06/17 15:51:49, 0] auth/auth_sam.c:check_sam_security(324)
  check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_NO_SUCH_USER'
[2005/06/17 15:51:49, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [windowsguy] -> [windowsguy] 
FAILED with error NT_STATUS_NO_SUCH_USER
[2005/06/17 15:54:26, 2] smbd/server.c:exit_server(609)
  Closing connections

Now the working example for user root (snipped)
Jun 17 17:15:13 ywgldap0 slapd[16885]: conn=163 fd=10 closed
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 fd=10 ACCEPT from 
IP=192.168.240.17:34126 (IP=0.0.0.0:389)
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=0 RESULT tag=97 err=0 textJun
17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=1 SRCH
base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
filter="(&(objectClass=posixAccount)(uid=root))"
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=1 ENTRY 
dn="uid=root,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=2 UNBIND
Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 fd=10 closed
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 fd=10 ACCEPT from 
IP=192.168.240.181:38493 (IP=0.0.0.0:389)
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=0 RESULT tag=97 err=0 textJun
17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=1 SRCH
base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0
filter="(uid=root)"
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=1 ENTRY 
dn="uid=root,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=2 SRCH 
base="ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=root)
(uniqueMember=uid=root,ou=users,dc=xxx,dc=xx,dc=xx,dc=xx)))"
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=2 SRCH attr=cn userPassword 
memberUid uniqueMember gidNumber
Jun 17 17:17:12 ywgldap0 slapd[16885]: <= bdb_equality_candidates:
(memberUid)
index_param failed (18)
Jun 17 17:17:12 ywgldap0 slapd[16885]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=2 ENTRY dn="cn=Domain 
Admins,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:17:12 ywgldap0 slapd[16885]: conn=165 fd=10
closed
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 fd=10 ACCEPT from 
IP=192.168.240.181:38494 (IP=0.0.0.0:389)
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=0 RESULT tag=97 err=0 textJun
17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=1 SRCH
base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0
filter="(uid=root)"
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=1 ENTRY 
dn="uid=root,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=2 SRCH 
base="ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=root)
(uniqueMember=uid=root,ou=users,dc=xxx,dc=xx,dc=xx,dc=xx)))"
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=2 SRCH attr=cn userPassword 
memberUid uniqueMember gidNumber
Jun 17 17:19:13 ywgldap0 slapd[16885]: <= bdb_equality_candidates:
(memberUid)
index_param failed (18)
Jun 17 17:19:13 ywgldap0 slapd[16885]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=2 ENTRY dn="cn=Domain 
Admins,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:19:13 ywgldap0 slapd[16885]: conn=166 fd=10
closed
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 fd=10 ACCEPT from 
IP=192.168.240.181:38495 (IP=0.0.0.0:389)
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=0 RESULT tag=97 err=0 textJun
17 17:21:13 ywgldap0 slapd[16885]: connection_input: conn=167 deferring
operation: binding
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=1 SRCH 
base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0
filter="(uid=root)"
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=1 ENTRY 
dn="uid=root,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=2 SRCH 
base="ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=root)
(uniqueMember=uid=root,ou=users,dc=xxx,dc=xx,dc=xx,dc=xx)))"
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=2 SRCH attr=cn userPassword 
memberUid uniqueMember gidNumber
Jun 17 17:21:13 ywgldap0 slapd[16885]: <= bdb_equality_candidates:
(memberUid)
index_param failed (18)
Jun 17 17:21:13 ywgldap0 slapd[16885]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=2 ENTRY dn="cn=Domain 
Admins,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:21:13 ywgldap0 slapd[16885]: conn=167 fd=10
closed
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 fd=10 ACCEPT from 
IP=192.168.240.181:38498 (IP=0.0.0.0:389)
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=0 BIND 
dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=0 RESULT tag=97 err=0 textJun
17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=1 SRCH
base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0
filter="(uid=root)"
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=1 ENTRY 
dn="uid=root,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=2 SRCH 
base="ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=root)
(uniqueMember=uid=root,ou=users,dc=xxx,dc=xx,dc=xx,dc=xx)))"
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=2 SRCH attr=cn userPassword 
memberUid uniqueMember gidNumber
Jun 17 17:23:13 ywgldap0 slapd[16885]: <= bdb_equality_candidates:
(memberUid)
index_param failed (18)
Jun 17 17:23:13 ywgldap0 slapd[16885]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=2 ENTRY dn="cn=Domain 
Admins,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx"
Jun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 textJun 17 17:23:13 ywgldap0 slapd[16885]: conn=168 fd=10
closed

SAMBA
[2005/06/17 17:32:38, 2] rpc_parse/parse_prs.c:netsec_decode(1594)
  netsec_decode: FAILED: packet sequence number:
[2005/06/17 17:32:38, 2] lib/util.c:dump_data(1995)
  [000] 80 2D 47 E9 01 AF E2 AA                           .-G.....
[2005/06/17 17:32:38, 2] rpc_parse/parse_prs.c:netsec_decode(1596)
  should be:
[2005/06/17 17:32:38, 2] lib/util.c:dump_data(1995)
  [000] 00 00 00 00 80 00 00 00                           ........
[2005/06/17 17:32:38, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/06/17 17:32:38, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: win2k$
[2005/06/17 17:32:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root
[2005/06/17 17:32:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 512
[2005/06/17 17:32:39, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2005/06/17 17:32:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root
[2005/06/17 17:32:40, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2005/06/17 17:32:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: root
[2005/06/17 17:32:40, 1] smbd/service.c:make_connection_snum(642)
  win2k (192.16.240.141) connect to service profiles initially as user root 
(uid=0, gid=0) (pid 17693)
[2005/06/17 17:32:40, 2] smbd/open.c:open_file(245)
  root opened file root/NTUSER.DAT read=Yes write=No (numopen=1)
[2005/06/17 17:32:40, 2] smbd/open.c:open_file(245)
  root opened file root/ntuser.ini read=Yes write=No (numopen=2)
[2005/06/17 17:32:40, 2] smbd/close.c:close_normal_file(272)
  root closed file root/NTUSER.DAT (numopen=1)
[2005/06/17 17:32:40, 2] smbd/close.c:close_normal_file(272)
  root closed file root/ntuser.ini (numopen=0)
[2005/06/17 17:32:40, 2] smbd/open.c:open_file(245)
  root opened file root/ntuser.ini read=Yes write=No (numopen=1)
[2005/06/17 17:32:40, 2] smbd/open.c:open_file(245)
  root opened file root/ntuser.ini read=Yes write=No (numopen=2)
[2005/06/17 17:32:40, 2] smbd/close.c:close_normal_file(272)
  root closed file root/ntuser.ini (numopen=1)
[2005/06/17 17:32:40, 2] smbd/close.c:close_normal_file(272)
  root closed file root/ntuser.ini (numopen=0)
[2005/06/17 17:32:44, 1] smbd/service.c:make_connection_snum(642)
  win2k (192.16.240.141) connect to service netlogon initially as user root 
(uid=0, gid=0) (pid 17693)
[2005/06/17 17:32:44, 1] smbd/service.c:make_connection_snum(642)
  win2k (192.16.240.141) connect to service root initially as user root 
(uid=0, gid=0) (pid 17693)
[2005/06/17 17:32:45, 1] smbd/service.c:make_connection_snum(642)
  win2k (192.16.240.141) connect to service root initially as user root 
(uid=0, gid=0) (pid 17693)
[2005/06/17 17:33:27, 1] smbd/service.c:close_cnum(830)
  win2k (192.16.240.141) closed connection to service profiles
[2005/06/17 17:33:27, 1] smbd/service.c:close_cnum(830)
  win2k (192.16.240.141) closed connection to service netlogon
[2005/06/17 17:33:27, 1] smbd/service.c:close_cnum(830)
  win2k (192.16.240.141) closed connection to service root

Ryan Braun wrote:
> Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=0 BIND dn=""
method=128
> Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=0 RESULT tag=97 err=0
text> Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=1 SRCH
> base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
> filter="(&(objectClass=posixAccount)(uid
> =windowsguy))"
> Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=1 SRCH attr=uid 
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
> description objectCla
> ss
> Jun 17 15:51:49 ywgldap0 slapd[16885]: conn=102 op=1 SEARCH RESULT tag=101 
> err=0 nentries=0 textthis is an anonymous bind from NSS and it returns no
entry for
uid=windowsguy. It seems anonymous binds have no read access to the
Users container, check your ACLs.

> SAMBA
> [2005/06/17 15:51:42, 0] lib/util_sock.c:write_socket_data(430)
>   write_socket_data: write failure. Error = Connection reset by peer
> [2005/06/17 15:51:42, 0] lib/util_sock.c:write_socket(455)
>   write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset
by
> peer
> [2005/06/17 15:51:42, 0] lib/util_sock.c:send_smb(647)
>   Error writing 4 bytes to client. -1. (Connection reset by peer)
> [2005/06/17 15:51:42, 2] smbd/server.c:exit_server(609)
>   Closing connections
> [2005/06/17 15:51:49, 2] rpc_parse/parse_prs.c:netsec_decode(1594)
>   netsec_decode: FAILED: packet sequence number:
> [2005/06/17 15:51:49, 2] lib/util.c:dump_data(1995)
>   [000] 2F 5D 35 7D C5 F5 6E 88                           /]5}..n.
> [2005/06/17 15:51:49, 2] rpc_parse/parse_prs.c:netsec_decode(1596)
>   should be:
> [2005/06/17 15:51:49, 2] lib/util.c:dump_data(1995)
>   [000] 00 00 00 00 80 00 00 00                           ........
> [2005/06/17 15:51:49, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/06/17 15:51:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: win2k$
> [2005/06/17 15:51:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: windowsguy
> [2005/06/17 15:51:49, 1] auth/auth_util.c:make_server_info_sam(840)
>   User windowsguy in passdb, but getpwnam() fails!
that is what samba makes from the empty search result for
(&(objectClass=posixAccount)(uid=windowsguy))
> [2005/06/17 15:51:49, 0] auth/auth_sam.c:check_sam_security(324)
>   check_sam_security: make_server_info_sam() failed with 
> 'NT_STATUS_NO_SUCH_USER'
> [2005/06/17 15:51:49, 2] auth/auth.c:check_ntlm_password(312)
>   check_ntlm_password:  Authentication for user [windowsguy] ->
[windowsguy]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2005/06/17 15:54:26, 2] smbd/server.c:exit_server(609)
>   Closing connections
> 
> Now the working example for user root (snipped)
> Jun 17 17:15:13 ywgldap0 slapd[16885]: conn=163 fd=10 closed
> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 fd=10 ACCEPT from 
> IP=192.168.240.17:34126 (IP=0.0.0.0:389)
> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=0 BIND 
> dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" method=128
> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=0 BIND 
> dn="cn=nss,ou=Admins,dc=xxx,dc=xx,dc=xx,dc=xx" mech=SIMPLE ssf=0
> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=0 RESULT tag=97 err=0
text> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=1 SRCH
> base="ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 deref=0 
> filter="(&(objectClass=posixAccount)(uid=root))"
> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=1 ENTRY 
> dn="uid=root,ou=Users,dc=xxx,dc=xx,dc=xx,dc=xx"
> Jun 17 17:17:02 ywgldap0 slapd[16885]: conn=164 op=1 SEARCH RESULT tag=101 
> err=0 nentries=1 texthere, NSS binds with DN and password and the search
succeeds.
It seems samba is performing the NSS call as the user trying to log on
to the domain, hence if root logs in NSS uses the DN from
"rootbinddn",
and in all other cases the DN from "binddn" which is anonymous by
default. Check your settings for "binddn" and "rootbinddn"
in ldap.conf
(the  config for libnss_ldap.so, use strace and getent to find out where
the file is, most likely /etc/ldap.conf). If you don't want to allow
anonymous searches for your users you can use a proxy DN for "binddn"
and put the cleartext password in /etc/ldap.secret (600).

hth
 Paul