On 07/14/2011 04:31 PM, Ben Sigman wrote:
On Jul 14, 2011, at 7:13 AM, Gaiseric Vandal wrote:
On 07/14/2011 01:21 AM, Ben Sigman wrote:
After upgrading to 3.4.0, I can no longer add new users. Any users
that were added beforehand work fine. Any users that I attempt to
create cannot login (error: NT_STATUS_LOGON_FAILURE). I was able to
get one new user account to work (see below), but I cannot add any
new users.
The server is Ubuntu 9.10 running Samba 3.4.0.
I am using:
security = user
pam password change = yes
Updating passwords for existing users using passwd successfully
updates on smbpass (auth.log):
Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok):
password for (smbuser/1001) changed by (root/0)
...And authentication over smb works (auth.log):
Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session
opened for user ben by (uid=0)
...In samba.log:
[2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok)
sam_account_ok: Checking SMB password for user smbuser
[2011/07/13 21:42:53, 5] auth/auth.c:297(check_ntlm_password)
check_ntlm_password: PAM Account for user [ben] succeeded
However, if I do:
smbpasswd -x user
Failed to find entry for user smbuser.
If I add a new user using:
useradd newuser
passwd newuser
smbpasswd -a newuser
This appears in auth.log:
Jul 13 21:20:07 server passwd[3033]: pam_smbpass(passwd:chauthtok):
Failed to find entry for user newuser.
And if I attempt to authenticate (samba.log):
[2011/07/13 21:50:11, 3] auth/auth_sam.c:282(check_sam_security)
check_sam_security: Couldn't find user 'newuser' in passdb.
[2011/07/13 21:50:11, 5] auth/auth.c:274(check_ntlm_password)
check_ntlm_password: sam authentication for user [newuser] FAILED
with error NT_STATUS_NO_SUCH_USER
[2011/07/13 21:50:11, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [newuser] ->
[newuser] FAILED with error NT_STATUS_NO_SUCH_USER
Now... Here's where it gets interesting. At this point, I converted
my smbpasswd containing newuser to tdb...:
pdbedit -i smbpasswd -e tdbsam
...the account newuser now authenticate over SMB. However, adding
any other new users is still not working.
I have attempted to repeat the steps described above for adding a
user and then converting smbpasswd to tdb again, but to no avail.
I have not defined passdb backend in smb.conf.
Anyone know what could be causing this?
Did you check the output of "testparm -v" to make sure the password
backend and password file is where you expect it to be?
Did you try adding a user with "pdbedit" instead?
Can you type "which smbpasswd" "which pdbedit" etc - I suspect you
are using "smbpasswd" command from the "old" version of samba.
Thanks for the reply. You're right, the documentation I had read said
that smbpasswd would work with the new tdb backend. Can I not use it?
For now, here are the outputs you requested:
From testparm:
passdb backend = tdbsam
idmap backend = tdb
idmap alloc backend =
From which:
/usr/bin/pdbedit
/usr/bin/smbpasswd
Maybe this will help, smbuser is a new user on my system who cannot
authenticate over SMB. When I try to use smbpasswd -a -D10 smbuser I
get an error in the middle of the output that says:
Get_Pwnam_internals did find user [smbuser]!
Here is the full output:
[root@server:/]# smbpasswd -a -D10 smbuser
(07-14 13:26)
Netbios name list:-
my_netbios_names[0]="SERVER"
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
New SMB password:
Retype new SMB password:
tdbsam_open: successfully opened /etc/samba/passdb.tdb
pdb_set_username: setting username smbuser, was
pdb_set_domain: setting domain SERVER, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name , was
pdb_set_homedir: setting home dir \\server\homes\%u
<smb://server/homes/%u>, was
pdb_set_dir_drive: setting dir drive m:, was NULL
Finding user smbuser
Trying _Get_Pwnam(), username as lowercase is smbuser
Get_Pwnam_internals did find user [smbuser]!
pdb_set_logon_script: setting logon script users.bat, was
pdb_set_profile_path: setting profile path \\server\profiles\%u
<smb://server/profiles/%u>, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid
S-1-5-21-115255976-287349760-2125325791-1011
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from
rid 1011
account_policy_get: name: maximum password age, val: -1
Finding user smbuser
Trying _Get_Pwnam(), username as lowercase is smbuser
Get_Pwnam_internals did find user [smbuser]!
account_policy_get: name: password history, val: 0
pdb_set_username: setting username smbuser, was
pdb_set_domain: setting domain SERVER, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name , was
pdb_set_homedir: setting home dir \\server\homes\%u
<smb://server/homes/%u>, was
pdb_set_dir_drive: setting dir drive m:, was NULL
Finding user smbuser
Trying _Get_Pwnam(), username as lowercase is smbuser
Get_Pwnam_internals did find user [smbuser]!
pdb_set_logon_script: setting logon script users.bat, was
pdb_set_profile_path: setting profile path \\server\profiles\%u
<smb://server/profiles/%u>, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid
S-1-5-21-115255976-287349760-2125325791-1011
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from
rid 1011
account_policy_get: name: password history, val: 0
pdb_set_username: setting username smbuser, was
pdb_set_domain: setting domain SERVER, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name , was
pdb_set_homedir: setting home dir \\server\homes\%u
<smb://server/homes/%u>, was
pdb_set_dir_drive: setting dir drive m:, was NULL
Finding user smbuser
Trying _Get_Pwnam(), username as lowercase is smbuser
Get_Pwnam_internals did find user [smbuser]!
pdb_set_logon_script: setting logon script users.bat, was
pdb_set_profile_path: setting profile path \\server\profiles\%u
<smb://server/profiles/%u>, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid
S-1-5-21-115255976-287349760-2125325791-1011
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from
rid 1011
account_policy_get: name: maximum password age, val: -1
account_policy_get: name: password history, val: 0
Storing account smbuser with RID 1011
Locking key 555345525F736D627573
Allocated locked data 0x0x28ea050
Unlocking key 555345525F736D627573
tdb_update_sam: Updating key for RID 1011
Locking key 5249445F303030303033
Allocated locked data 0x0x28e6ad0
Unlocking key 5249445F303030303033
"testparm -v" should verify that samba is also using
"/etc/samba/passdb.tdb" for the password file. You can use "tdbdump"
to view the contents of that file.
Did you create the unix user first? Does that user exist in
/etc/passwd? (assuming you are not using winbind to automatically
create unix uid's in an idmap tbd file.) Does "getent passwd" show the
unix user?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
