srtt.be - Michel Lombart
2014-Sep-11 14:42 UTC
[Samba] Samba and LDAP authentication backend
Hello, I'm facing a weird problem and I really do not know where I can find how to debug it. Since some years, we have a LDAP server ( Debian 6 and OpenLDAP 2.4.23 ) and a Samba server ( Debian 6 and Samba 3.5.6 ). They work pefectly well in a workgroup. The LDAP server is also used for some other applications like Squid, Zimbra, ... Now, we would to add a second Samba server ( Debian 7 and Samba 3.6.6 ). After having set up the server as I did for the other one, any login is allowed for LDAP users. On the console, getenv passwd works perfectly, but the users list in the Samba module of Webmin is empty while the group list is correct ! Both are correct in the older Samba. In Samba's log, I see errors like : The primary group domain sid(S-.... ) does not match the domain sid(S-... ) for username(S-...) and : [2014/09/11 15:07:29.548824, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [username] -> [username] FAILED with error NT_STATUS_UNSUCCESSFUL Where can I find more debugging info ? Do you have any idea of what I'm missing. Thank for your help. Michel
Hi, do you want it add like for what purpose? Like BDC to your existing PDC? If so, i think the domain SID of PDC and BDC should be same. Rowland from list pointed to me not so long ago the differnce between: net getlocalsid and net getdomainsid I think the 'net getdomainsid' should be same on both servers. Can you check it out? cheers, On 09/11/2014 04:42 PM, srtt.be - Michel Lombart wrote:> Hello, > > I'm facing a weird problem and I really do not know where I can find how > to debug it. > > Since some years, we have a LDAP server ( Debian 6 and OpenLDAP 2.4.23 ) > and a Samba server ( Debian 6 and Samba 3.5.6 ). They work pefectly well > in a workgroup. The LDAP server is also used for some other applications > like Squid, Zimbra, ... > > Now, we would to add a second Samba server ( Debian 7 and Samba 3.6.6 ). > After having set up the server as I did for the other one, any login is > allowed for LDAP users. > > On the console, getenv passwd works perfectly, but the users list in the > Samba module of Webmin is empty while the group list is correct ! Both > are correct in the older Samba. > > In Samba's log, I see errors like : > > The primary group domain sid(S-.... ) does not match the domain > sid(S-... ) for username(S-...) > > and : > > [2014/09/11 15:07:29.548824, 2] auth/auth.c:319(check_ntlm_password) > check_ntlm_password: Authentication for user [username] -> > [username] FAILED with error NT_STATUS_UNSUCCESSFUL > > Where can I find more debugging info ? Do you have any idea of what I'm > missing. > > Thank for your help. > > Michel