[Samba] Samba 3.4.7 with LDAP authentication

Amit More Thu, 06 Oct 2011 13:06:42 -0700

Hello All,

I have samba (Version 3.4.7) installed on a Ubuntu Server 10.04 (64-bit) using 
apt. I'm attempting to authenticate users connecting to the samba share over 
LDAP following the documentation 
https://help.ubuntu.com/10.04/serverguide/C/samba-ldap.html, but the 
authentication over LDAP fails. The OpenLDAP server was already configured to 
include the samba.schema, so i have skipped all the steps that fall under the 
"OpenLDAP Configuration" section of the manual referenced earlier.


I have set the following directives in /etc/samba/smb.cnf file
        
####### Authentication #######
        security = user
        encrypt passwords = true
        passdb backend = ldapsam:ldaps://ldap1.example.com/
        ldap ssl = no
        ldap admin dn = cn=root,dc=example,dc=com
        ldap user suffix = ou=people,dc=example,dc=com
        ldap group suffix = ou=groups,dc=example,dc=com
        ldap suffix = dc=example,dc=com
        obey pam restrictions = yes
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        pam password change = yes
        map to guest = bad user

=========== Share Definitions ===
        [Documents]
        comment = Ubuntu File Server Share
        path = /data/Documents
        browsable = yes
        guest ok = no
        read only = no
        create mask = 0755
        
When a user tries to connect to the samba share the /var/log/samba/log.user 
file is populated with the following messages,

[2011/10/06 10:15:53,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user 
[FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface
[2011/10/06 10:15:53,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99]
[2011/10/06 10:15:53,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2011/10/06 10:15:53,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2011/10/06 10:15:53,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2011/10/06 10:15:53,  2] lib/smbldap.c:890(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2011/10/06 10:15:53,  3] lib/smbldap.c:1101(smbldap_connect_system)
  ldap_connect_system: successful connection to the LDAP server
[2011/10/06 10:15:53,  4] lib/smbldap.c:1177(smbldap_open)
  The LDAP server is successfully connected
[2011/10/06 10:15:53,  4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam)
  ldapsam_getsampwnam: Unable to locate user [amore] count=0
[2011/10/06 10:15:53,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/06 10:15:53,  3] auth/auth_sam.c:282(check_sam_security)
  check_sam_security: Couldn't find user 'amore' in passdb.
[2011/10/06 10:15:53,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [amore] -> [amore] FAILED with 
error NT_STATUS_NO_SUCH_USER
[2011/10/06 10:15:53,  3] smbd/sesssetup.c:42(do_map_to_guest)
  No such user amore [FILESERVER] - using guest account
[2011/10/06 10:15:53,  4] passdb/pdb_ldap.c:2550(ldapsam_getgroup)
  ldapsam_getgroup: Did not find group, filter was 
(&(objectClass=sambaGroupMapping)(gidNumber=65534))


The messages in the /var/log/syslog file on the LDAP server are as follows,

Oct  6 10:03:06 ldap1 slapd[450]: <= bdb_equality_candidates: (host) not indexed
Oct  6 10:03:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not 
indexed
Oct  6 10:04:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not 
indexed
Oct  6 10:05:18 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed
Oct  6 10:05:18 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not 
indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not 
indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaDomainName) 
not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaGroupType) 
not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSIDList) 
not indexed
Oct  6 10:05:58 ldap1 slapd[450]: last message repeated 4 times
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaGroupType) 
not indexed
Oct  6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSIDList) 
not indexed
Oct  6 10:06:13 ldap1 slapd[450]: last message repeated 4 times
Oct  6 10:06:13 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not 
indexed
Oct  6 10:07:22 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not 
indexed
Oct  6 10:08:33 ldap1 slapd[450]: last message repeated 3 times

Here are some details of the packages installed,
slapd: version  2.4.21-0ubuntu5.4    
libnss-ldapd: version 0.7.13   

Samba and OpenLDAP are running on two different systems. LDAP users can ssh 
into the machine running samba without any issues.

Can anybody point me in the right direction? I would appreciate all your time 
and help.

Thanks, 
Amit
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.4.7 with LDAP authentication

Reply via email to