Alight, I've been working on this for too many hours straight. Any help would be much appreciated! (I posted this online to linux questions, it could be easier to read on there... http://www.linuxquestions.org/questions/linux-server-73/samba-and-openldap-authentication-issues-637647/) The problem is users created in smbldap-useradd can not login, unless they also are a local user. for example, kylec exists both locally and in smbldap-users, his smb passwd is differnt from his local passwd. Code: [root@beedril samba]# smbldap-userlist uid |username 0 |root 999 |nobody 1000 |kylec 1001 |test 1002 |test1 1003 |test2 1004 |test3 1005 |test4 1006 |test5 1007 |test6 1008 |test7$ 1009 |test8$ 1010 |test9 here is log output from samba when kylec connects Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec Password: Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4] smb: \> quit [2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: kylec here is when a bad user trys to connect, Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3 Password: session setup failed: NT_STATUS_LOGON_FAILURE [2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [WINIX] was for this SAM. [2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [test3] -> [test3] FAILED with error NT_STATUS_NO_SUCH_USER [2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE here is output from pbdedit -L Code: [root@beedril samba]# pdbedit -L map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory creating default valid table smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))] smbldap_open_connection: connection opened smbldap_check_root_dse: Expected one rootDSE, got 0 ldap_connect_system: succesful connection to the LDAP server smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))] smbldap_open_connection: connection opened smbldap_check_root_dse: Expected one rootDSE, got 0 ldap_connect_system: succesful connection to the LDAP server ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal init_sam_from_ldap: Entry found for user: root root:0:root init_sam_from_ldap: Entry found for user: nobody nobody:99:nobody init_sam_from_ldap: Entry found for user: kylec kylec:501:kylec init_sam_from_ldap: Entry found for user: test1 test1:4294967295:test1 init_sam_from_ldap: Entry found for user: test2 test2:4294967295:test2 init_sam_from_ldap: Entry found for user: test3 test3:4294967295:test3 init_sam_from_ldap: Entry found for user: test4 test4:504:test4 init_sam_from_ldap: Entry found for user: test5 test5:4294967295:test5 I think the problem has something to do with it not verifying that the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap working correctly (I believe). I can ldapsearch my ldap server, everything on that end seems to be working its just getting samba to authenticate against it! so again any help would be MUCH APPRECIATED!!! thanks guys! -- Kyle Corupe Unix Administrator Corpedia Corporation Desk:(602)443-2148 kcorupe@corpedia.com
Can you post a sanitized ldif of one of the user's ldap records? Do they have all the samba attributes? Kyle Corupe wrote:> Alight, I've been working on this for too many hours straight. Any > help would be much appreciated! > > (I posted this online to linux questions, it could be easier to read > on there... http://www.linuxquestions.org/questions/linux-server-73/samba-and-openldap-authentication-issues-637647/) > > The problem is users created in smbldap-useradd can not login, unless > they also are a local user. for example, > > kylec exists both locally and in smbldap-users, his smb passwd is > differnt from his local passwd. > > > Code: [root@beedril samba]# smbldap-userlist > uid |username > > 0 |root > 999 |nobody > 1000 |kylec > 1001 |test > 1002 |test1 > 1003 |test2 > 1004 |test3 > 1005 |test4 > 1006 |test5 > 1007 |test6 > 1008 |test7$ > 1009 |test8$ > 1010 |test9 > here is log output from samba when kylec connects > > > > Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U kylec > Password: > Domain=[WINIX] OS=[Unix] Server=[Samba 3.0.25b-1.el5_1.4] > smb: \> quit > > > [2008/04/24 17:33:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) > init_sam_from_ldap: Entry found for user: kylec > > here is when a bad user trys to connect, > > > > Code: kyle@kyle-laptop:~$ smbclient //10.0.0.218/clients -U test3 > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > > [2008/04/24 17:45:00, 0] auth/auth_sam.c:check_sam_security(352) > check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' > [2008/04/24 17:45:00, 3] auth/auth_winbind.c:check_winbind_security(80) > check_winbind_security: Not using winbind, requested domain [WINIX] > was for this SAM. > [2008/04/24 17:45:00, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [test3] -> [test3] > FAILED with error NT_STATUS_NO_SUCH_USER > [2008/04/24 17:45:00, 3] smbd/error.c:error_packet_set(106) > error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > > > here is output from pbdedit -L > > > > Code: [root@beedril samba]# pdbedit -L > map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory > creating default valid table > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))] > smbldap_open_connection: connection opened > smbldap_check_root_dse: Expected one rootDSE, got 0 > ldap_connect_system: succesful connection to the LDAP server > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=WINIX))] > smbldap_open_connection: connection opened > smbldap_check_root_dse: Expected one rootDSE, got 0 > ldap_connect_system: succesful connection to the LDAP server > ldapsam_setsampwent: 8 entries in the base dc=corpedia, dc=internal > init_sam_from_ldap: Entry found for user: root > root:0:root > init_sam_from_ldap: Entry found for user: nobody > nobody:99:nobody > init_sam_from_ldap: Entry found for user: kylec > kylec:501:kylec > init_sam_from_ldap: Entry found for user: test1 > test1:4294967295:test1 > init_sam_from_ldap: Entry found for user: test2 > test2:4294967295:test2 > init_sam_from_ldap: Entry found for user: test3 > test3:4294967295:test3 > init_sam_from_ldap: Entry found for user: test4 > test4:504:test4 > init_sam_from_ldap: Entry found for user: test5 > test5:4294967295:test5 > > I think the problem has something to do with it not verifying that > the UNIX (POSIX) accounts can be resolved via NSS. but I have nss_ldap > working correctly (I believe). > > I can ldapsearch my ldap server, everything on that end seems to be > working its just getting samba to authenticate against it! so again > any help would be MUCH APPRECIATED!!! > > thanks guys! > >