Hi, I have an ldap provider and consumer that appear to work correctly, EG, new users are sync'ed and a search on either server (ldapsearch -x -b 'dc=example,dc=com' '(cn=djohn)') returns an oject. However when an XP user attempt to connect to the consumer server the authentication fails:
[2011/06/10 16:11:21, 0] lib/util_sock.c:write_data(1059) [2011/06/10 16:11:21, 0] lib/util_sock.c:get_peer_addr_internal(1607) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2011/06/10 16:11:21, 0] smbd/process.c:srv_send_smb(74) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2011/06/10 16:11:21, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for djohn [2011/06/10 16:11:21, 1] auth/auth_util.c:make_server_info_sam(562) User djohn in passdb, but getpwnam() fails! [2011/06/10 16:11:21, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2011/06/10 16:11:21, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for djohn [2011/06/10 16:11:21, 1] auth/auth_util.c:make_server_info_sam(562) User djohn in passdb, but getpwnam() fails! [2011/06/10 16:11:21, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' The XP user is prompted with a login dialogue box. I can see requests being made from the smb consumer server to the ldap provider Jun 10 15:54:43 provider slapd[11306]: conn=70 fd=19 ACCEPT from IP=162.128.168.137:49339 (IP=0.0.0.0:389) Jun 10 15:54:43 provider slapd[11306]: conn=70 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128 Jun 10 15:54:43 provider slapd[11306]: conn=70 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 Jun 10 15:54:43 provider slapd[11306]: conn=70 op=0 RESULT tag=97 err=0 text= Jun 10 15:54:43 provider slapd[11306]: conn=70 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jun 10 15:54:43 provider slapd[11306]: conn=70 op=1 SRCH attr=supportedControl Jun 10 15:54:43 provider slapd[11306]: conn=70 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 10 15:54:43 provider slapd[11306]: conn=70 op=2 SRCH base="sambaDomainName=LDNSPL,sambaDomainName=LDNSPL,dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=LDNSPL))" Jun 10 15:54:43 provider slapd[11306]: conn=70 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text= Jun 10 15:54:43 provider slapd[11306]: conn=70 op=3 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uid=djohn)(objectClass=sambaSamAccount))" Jun 10 15:54:43 provider slapd[11306]: conn=70 op=3 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn diLDNSPLayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber Jun 10 15:54:43 provider slapd[11306]: conn=70 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 10 15:54:43 provider slapd[11306]: conn=70 op=4 SRCH base="sambaDomainName=LDNSPL,dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" Jun 10 15:54:43 provider slapd[11306]: conn=70 op=4 SRCH attr=sambaPwdHistoryLength Jun 10 15:54:43 provider slapd[11306]: conn=70 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 10 15:54:43 provider slapd[11306]: conn=70 fd=19 closed (connection lost) Jun 10 15:54:43 provider slapd[11306]: conn=71 fd=19 ACCEPT from IP=162.128.168.137:49340 (IP=0.0.0.0:389) Jun 10 15:54:43 provider slapd[11306]: conn=71 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128 Jun 10 15:54:43 provider slapd[11306]: conn=71 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 Jun 10 15:54:43 provider slapd[11306]: conn=71 op=0 RESULT tag=97 err=0 text= Jun 10 15:54:43 provider slapd[11306]: conn=71 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jun 10 15:54:43 provider slapd[11306]: conn=71 op=1 SRCH attr=supportedControl Jun 10 15:54:43 provider slapd[11306]: conn=71 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 10 15:54:43 provider slapd[11306]: conn=71 op=2 SRCH base="sambaDomainName=LDNSPL,sambaDomainName=LDNSPL,dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=LDNSPL))" Jun 10 15:54:43 provider slapd[11306]: conn=71 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text= Jun 10 15:54:43 provider slapd[11306]: conn=71 op=3 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uid=djohn)(objectClass=sambaSamAccount))" Jun 10 15:54:43 provider slapd[11306]: conn=71 op=3 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn diLDNSPLayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber Jun 10 15:54:43 provider slapd[11306]: conn=71 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 10 15:54:43 provider slapd[11306]: conn=71 fd=19 closed (connection lost) I see an error 32 here and I also some see nentries=1 that I'm guessing matched responses. If I do ldapsearch -x -b "sambaDomainName=LDNSPL,dc=example,dc=com", I get # extended LDIF # # LDAPv3 # base <sambaDomainName=LDNSPL,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # LDNSPL, example.com dn: sambaDomainName=LDNSPL,dc=example,dc=com objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: LDNSPL sambaSID: S-1-5-21-1979685110-1467996072-351907979 gidNumber: 1000 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaNextRid: 1001 sambaForceLogoff: -1 uidNumber: 1116 The same query with cn=djohn returns nothing: ... # filter: cn=djohn # requesting: ALL # # search result search: 2 result: 0 Success So some parts of my configuration look to be working but something is not right but I can't figure out where the problems is. The smb config for the consumer is below. Can any one help track down where the problem lies? Thanks in advance, Dermot. ### SMB.CONF ### [global] unix charset = LOCALE workgroup = LDNSPL server string = Test Server netbios name = docstore # security = domain load printers = no ; printcap name = /etc/printcap ; printcap name = lpstat ; printing = cups cups options = raw ; guest account = pcguest log file = /var/log/samba/%m.log log level = 1 syslog = 0 max log size = 50 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = no passdb backend = ldapsam:"ldap://provider.example.com"; # passdb backend = ldapsam:"ldap://consumer.example.com ldap://provider.example.com"; domain logons = yes os level = 63 domain master = no logon script = login.bat logon path = wins server = provider.example.com ldap suffix = dc=example,dc=com ldap machine suffix = ou=Computers, ou=Users ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=example,dc=com utmp = Yes idmap backend = ldap://provider.example.com idmap uid = 15000-20000 idmap gid = 15000-20000 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
