Hi all,
I've configured my samba server to work with my ldap backend, the
configuration of ldap is correct and in fact my users can interactively
login. The problem is with samba, that is always returning a
NT_STATUS_LOGON_FAILURE when a user tries to access a share. I'm in doubt if
I have to add ldap accounts through the ldap-tools of samba or not, at the
moment I did not add any account to samba (thinking it should read them from
the ldap server directly). In the logs I'm not able to find anything useful,
does anyone have any clue?
The following is an excerpt of my configuration file:
[global]
netbios name = SEDELDAP
workgroup = LDAP
security = user
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=myDomain,dc=com
ldap suffix = dc=myDomain, dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
domain logons = yes
[coge]
browsable = no
available = no
guest ok = no
valid users = luca
writable = yes
printable = no
Any idea about that?
Thanks,
Luca
On Monday 25 February 2008 Luca Ferrari's cat, walking on the keyboard, wrote:> Hi all, > I've configured my samba server to work with my ldap backend, the > configuration of ldap is correct and in fact my users can interactively > login. The problem is with samba, that is always returning a > NT_STATUS_LOGON_FAILURE when a user tries to access a share. I'm in doubt > if I have to add ldap accounts through the ldap-tools of samba or not, at > the moment I did not add any account to samba (thinking it should read them > from the ldap server directly). In the logs I'm not able to find anything > useful, does anyone have any clue?I found that the server is connecting right to the ldap server: [2008/02/26 17:06:45, 3] lib/smbldap.c:smbldap_connect_system(997) ldap_connect_system: succesful connection to the LDAP server but that the user trying to authenticate does not exists: [2008/02/26 17:06:45, 3] auth/auth_sam.c:check_sam_security(281) check_sam_security: Couldn't find user 'luca' in passdb. [2008/02/26 17:06:45, 5] auth/auth.c:check_ntlm_password(273) check_ntlm_password: sam authentication for user [luca] FAILED with error NT_STATUS_NO_SUCH_USER The problem is that if I try to create the user with the smbldap-useradd I got the error: Error looking for next uid at /usr/share/perl5/smbldap_tools.pm line 1044. Now, two questions: 1) why do I have to add accounts to samba if it should get them from the ldap server? 2) how to solve the problem of the smbldap-useradd? Thanks, Luca