Re: [Samba] Samba 3.4.7 with LDAP authentication
User Search failed! There's something seriously wrong with your LDAP configuration. Are you sure that the OUs exist and are in the proper place? Can you use some LDAP client (LAM,phpldapadmin, LDAPAdmin, Apache Directory Studio, etc) ro inspect the LDAP database? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
Hello Miguel, Thanks for your response. I used ldapsearch to querry the LDAP server from the system running samba and got the following output, Querry used: ldapsearch -LLL -x -D cn=root,dc=xetus,dc=com -W -H ldap://172.16.1.58; -b ou=people,dc=xetus,dc=com (uid=amore) Output: dn: cn=Amit More,ou=people,dc=xetus,dc=com givenName:: QW1pdCA= sn: More cn: Amit More uid: amore userPassword:: e01ENX1JRWZ1eVpaMkhscVJFUE8vTndGMkNnPT0= uidNumber: 5004 gidNumber: 5001 homeDirectory: /home/users/amore loginShell: /bin/bash objectClass: inetOrgPerson objectClass: posixAccount objectClass: hostObject objectClass: top host: fileserver i have also confirmed this using phpldapadmin. Now, when i issue pdbedit -L -u amore command i get the following output, doing parameter security = user doing parameter encrypt passwords = true doing parameter passdb backend = ldapsam:ldap://ldap1.xetus.com/ doing parameter ldap admin dn = cn=root,dc=xetus,dc=com doing parameter ldap user suffix = ou=people doing parameter ldap group suffix = ou=groups doing parameter ldap machine suffix = ou=people doing parameter ldap suffix = dc=xetus,dc=com doing parameter ldap ssl = no doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=FILESERVER))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected ldapsam_getsampwnam: Unable to locate user [amore] count=0 Username not found! I am not able to figure out where i am going wrong. Thanks, Amit On Oct 7, 2011, at 6:33 AM, Miguel Medalha wrote: User Search failed! There's something seriously wrong with your LDAP configuration. Are you sure that the OUs exist and are in the proper place? Can you use some LDAP client (LAM,phpldapadmin, LDAPAdmin, Apache Directory Studio, etc) ro inspect the LDAP database? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
objectClass: inetOrgPerson objectClass: posixAccount objectClass: hostObject objectClass: top Your user entries do not contain Samba attributes. They MUST include the following: objectClass: sambaSamAccount Are you sure that you enabled the samba.schema in /etc/openldap/slapd.conf? include/etc/openldap/schema/samba3.schema (In some systems it will be samba.schema instead of samba3.schema) How did you create your users in the LDAP database? Did you use smbldap-tools? It seems to me that you would benefit greatly by reading this: http://www.samba.org/samba/docs/man/Samba-Guide/happy.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.4.7 with LDAP authentication
Hello All, I have samba (Version 3.4.7) installed on a Ubuntu Server 10.04 (64-bit) using apt. I'm attempting to authenticate users connecting to the samba share over LDAP following the documentation https://help.ubuntu.com/10.04/serverguide/C/samba-ldap.html, but the authentication over LDAP fails. The OpenLDAP server was already configured to include the samba.schema, so i have skipped all the steps that fall under the OpenLDAP Configuration section of the manual referenced earlier. I have set the following directives in /etc/samba/smb.cnf file ### Authentication ### security = user encrypt passwords = true passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no ldap admin dn = cn=root,dc=example,dc=com ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user === Share Definitions === [Documents] comment = Ubuntu File Server Share path = /data/Documents browsable = yes guest ok = no read only = no create mask = 0755 When a user tries to connect to the samba share the /var/log/samba/log.user file is populated with the following messages, [2011/10/06 10:15:53, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface [2011/10/06 10:15:53, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99] [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/06 10:15:53, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/06 10:15:53, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2011/10/06 10:15:53, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2011/10/06 10:15:53, 4] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2011/10/06 10:15:53, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/06 10:15:53, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 10:15:53, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 10:15:53, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 10:15:53, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) The messages in the /var/log/syslog file on the LDAP server are as follows, Oct 6 10:03:06 ldap1 slapd[450]: = bdb_equality_candidates: (host) not indexed Oct 6 10:03:32 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:04:32 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:05:18 ldap1 slapd[450]: = bdb_equality_candidates: (cn) not indexed Oct 6 10:05:18 ldap1 slapd[450]: = bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (cn) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaDomainName) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaGroupType) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSIDList) not indexed Oct 6 10:05:58 ldap1 slapd[450]: last message repeated 4 times Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaGroupType) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSIDList) not indexed Oct 6 10:06:13 ldap1 slapd[450]: last message repeated 4 times Oct 6 10:06:13 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:07:22 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:08:33 ldap1 slapd[450]: last message repeated 3 times Here are some details of the packages installed, slapd: version 2.4.21-0ubuntu5.4 libnss-ldapd:
Re: [Samba] Samba 3.4.7 with LDAP authentication
passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no You have ldap ssl = no and yet you are trying to connect to ldaps? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com Since your suffix is already in ldap suffix, the other entries should be: ldap user suffix = ou=people ldap group suffix = ou=groups Don't you need the entry ldap machine suffix? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
Thank you for your response. I appreciate it. I changed the following directives, passdb backend = ldapsam:ldap://ldap1.example.com/ ldap user suffix = ou=people ldap group suffix = ou=groups Added the following, ldap admin dn = cn=root,dc=example,dc=com ldap machine suffix = ou=people LDAP users are still not able to authenticate to the samba share. The error is the same. Heres an extract from the log file (/var/log/samba/user.log) [2011/10/06 13:48:38, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface [2011/10/06 13:48:38, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99] [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/06 13:48:38, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/06 13:48:38, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2011/10/06 13:48:38, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2011/10/06 13:48:38, 4] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:210(push_sec_ctx) Thanks, Amit On Oct 6, 2011, at 1:27 PM, Miguel Medalha wrote: ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com Since your suffix is already in ldap suffix, the other entries should be: ldap user suffix = ou=people ldap group suffix = ou=groups Don't you need the entry ldap machine suffix? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
[2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) Are you sure that the LDAP database is correct? Are the user and group names in the correct places? What is the output of pdbedit -L ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
the output of `pdbedit -L` is doing parameter security = user doing parameter encrypt passwords = true doing parameter passdb backend = ldapsam:ldap://ldap1.xetus.com/ doing parameter ldap admin dn = cn=root,dc=xetus,dc=com doing parameter ldap user suffix = ou=people doing parameter ldap group suffix = ou=groups doing parameter ldap machine suffix = ou=people doing parameter ldap suffix = dc=xetus,dc=com doing parameter ldap ssl = no doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=FILESERVER))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected smbldap_search_paged: base = [dc=xetus,dc=com], filter = [((uid=*)(objectclass=sambaSamAccount))],scope = [2], pagesize = [1024] smbldap_search_paged: search was successful User Search failed! On Oct 6, 2011, at 2:38 PM, Miguel Medalha wrote: [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) Are you sure that the LDAP database is correct? Are the user and group names in the correct places? What is the output of pdbedit -L ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba