samba - Apr 2008 - openldap - samba

I am having a problem getting users that were added in smbldap-useradd to be
able to login.

After I add them they are visible, but you can see I get this error -
pdb_get_group_sid:
Failed to find Unix account for test10

I believe that this has something to do with nss_ldap. because doing a
getent passwd, it doesn't display any smb info.

Any debugging info or help would be amazing, I'm beating my head against the
desk because Ive been at this for a few days now.

[root@beedril smbldap-tools]# pdbedit -Lv test10
map_file: Failed to load /usr/lib/samba/valid.dat - No such file or
directory
creating default valid table
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=MSHOME))]
smbldap_open_connection: connection opened
smbldap_check_root_dse: Expected one rootDSE, got 0
ldap_connect_system: succesful connection to the LDAP server
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=MSHOME))]
smbldap_open_connection: connection opened
smbldap_check_root_dse: Expected one rootDSE, got 0
ldap_connect_system: succesful connection to the LDAP server
init_sam_from_ldap: Entry found for user: test10
Unix username:        test10
NT username:          test10
Account Flags:        [U          ]
User SID:             S-1-5-21-3453806834-3164002366-1818093606-3022
pdb_get_group_sid: Failed to find Unix account for test10
Primary Group SID:    (NULL SID)
Full Name:            test10
Home Directory:       test10
HomeDir Drive:        H:
Logon Script:         scripts\logon.bat
Profile Path:         \\beedril\profiles\test10
Domain:               MSHOME
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Fri, 25 Apr 2008 11:45:09 MST
Password can change:  Fri, 25 Apr 2008 11:45:09 MST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@beedril smbldap-tools]#


-- 
Kyle Corupe

Unix Administrator
Corpedia Corporation
2020 North Central Avenue, Suite 1050
Phoenix, Arizona 85004-4576
Desk:(602)443-2148
Cell: (623)261-2874
kcorupe@corpedia.com

paste the output of this command.

ldapsearch -D 'cn=Manager,dc=yourdomain,dc=com' -b 
"uid=test10,ou=People,dc=yourdomain,dc=com" -w xxxxxxxxx -x

can you su -l test10 ?

i think you just don't have that user included in any groups.  For 
example, here's me, and i'm in group 100.

[root@roark scripts]# pdbedit -Lv awilliam
WARNING: The "printer admin" option is deprecated
smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=ADMIN))]
smbldap_open_connection: connection opened
smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=ADMIN))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: awilliam
Unix username:        awilliam
NT username:          awilliam
Account Flags:        [U          ]
User SID:             S-1-5-21-4231144054-2518398651-1985341777-2022
init_group_from_ldap: Entry found for group: 100
init_group_from_ldap: Entry found for group: 100
Primary Group SID:    S-1-5-21-4231144054-2518398651-1985341777-513
Full Name:            Adam Williams
Home Directory:       \\roark\awilliam
HomeDir Drive:        R:
Logon Script:         scripts\awilliam.bat
Profile Path:         \\roark\profiles\awilliam
Domain:               ADMIN
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Thu, 05 Apr 2007 18:13:29 CDT
Password can change:  Thu, 05 Apr 2007 18:13:29 CDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@roark scripts]#

[root@roark scripts]# ldapsearch -D 
'cn=Manager,dc=mdah,dc=state,dc=ms,dc=us' -b 
"uid=awilliam,ou=People,dc=mdah,dc=state,dc=ms,dc=us" -w
xxxxxxxxxxxxxx -x
# extended LDIF
#
# LDAPv3
# base <uid=awilliam,ou=People,dc=mdah,dc=state,dc=ms,dc=us> with scope 
subtree
# filter: (objectclass=*)
# requesting: ALL
#

# awilliam, People, mdah.state.ms.us
dn: uid=awilliam,ou=People,dc=mdah,dc=state,dc=ms,dc=us
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: hostObject
objectClass: sambaSamAccount
cn: Adam Williams
sn: Williams
givenName: Adam
uid: awilliam
uidNumber: 511
homeDirectory: /home/awilliam
shadowLastChange: 13896
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
gecos: Adam Williams
gidNumber: 100
userPassword:: xxxxxxxxxxxxxxxxxx
mail: awilliam@mdah.state.ms.us
host: roark
host: welty
host: manship
host: archives4
host: arrowhead
host: saxon
host: adminsav
host: project
host: wmounds
host: archives3
host: filebox
host: awilliam
sambaSID: S-1-5-21-4231144054-2518398651-1985341777-2022
displayName: Adam Williams
sambaPwdCanChange: 1175814809
sambaLMPassword: xxxxxxxxxxxxxxxx
sambaNTPassword: xxxxxxxxxxxxxxxx
sambaPwdLastSet: 1175814809
sambaAcctFlags: [U          ]
sambaProfilePath: \\roark\profiles\awilliam
sambaHomePath: \\roark\awilliam
sambaHomeDrive: R:
sambaLogonScript: scripts\awilliam.bat

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@roark scripts]#


Kyle Corupe wrote:
> I am having a problem getting users that were added in smbldap-useradd to
be
> able to login.
>
> After I add them they are visible, but you can see I get this error -
> pdb_get_group_sid:
> Failed to find Unix account for test10
>
> I believe that this has something to do with nss_ldap. because doing a
> getent passwd, it doesn't display any smb info.
>
> Any debugging info or help would be amazing, I'm beating my head
against the
> desk because Ive been at this for a few days now.
>
> [root@beedril smbldap-tools]# pdbedit -Lv test10
> map_file: Failed to load /usr/lib/samba/valid.dat - No such file or
> directory
> creating default valid table
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=MSHOME))]
> smbldap_open_connection: connection opened
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap_connect_system: succesful connection to the LDAP server
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=MSHOME))]
> smbldap_open_connection: connection opened
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap_connect_system: succesful connection to the LDAP server
> init_sam_from_ldap: Entry found for user: test10
> Unix username:        test10
> NT username:          test10
> Account Flags:        [U          ]
> User SID:             S-1-5-21-3453806834-3164002366-1818093606-3022
> pdb_get_group_sid: Failed to find Unix account for test10
> Primary Group SID:    (NULL SID)
> Full Name:            test10
> Home Directory:       test10
> HomeDir Drive:        H:
> Logon Script:         scripts\logon.bat
> Profile Path:         \\beedril\profiles\test10
> Domain:               MSHOME
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          never
> Kickoff time:         never
> Password last set:    Fri, 25 Apr 2008 11:45:09 MST
> Password can change:  Fri, 25 Apr 2008 11:45:09 MST
> Password must change: never
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> [root@beedril smbldap-tools]#
>
>
>

> I am having a problem getting users that were added in smbldap-useradd to
be
> able to login.
> After I add them they are visible, but you can see I get this error -
> pdb_get_group_sid:
> Failed to find Unix account for test10
> I believe that this has something to do with nss_ldap. because doing a
> getent passwd, it doesn't display any smb info.
Probably.  Stop nscd if you have it running "service nscd stop" /
"rcnscd stop" and do an "id test10" - if that says "No
such user" you're
nss_ldap isn't setup correctly.   pam/nss questions are better on the
ldap@umich.edu list
<https://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap> and/or
the nssldap@palm.com list (send "subscribe nssldap" to
majordomo@padl.com).

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org