Please can anyone provide me with some pointers as to what is wrong with my setup. I've searched the archives, googled and RTFM but either I'm being stupid or I've done something silly.
I run 2 nearly identical systems; a solaris backend server supporting Linux clients. One system uses NIS+ for *nix authentication, one uses iDS5. I wish to migrate from samba2 to samba3 on both systems, I also need the *nix systems to keep authenticating off their own information stores (I don't want SSO), but samba users to authenticate to the site AD. I have samba3 installed on both systems, it is identical as I built it on one and copied it all across to the other. The system using NIS+ works great. Samba users authenticate against the site AD and then samba uses NIS+ to get home directory info so that users get their share off the samba server. The system using iDS5 doesn't let the user attach, with the error "make_server_info_info3: pdb_init_sam failed!" If I put a user entry in /etc/passwd on the iDS5 system it all works great. the relevant bit of my smb.conf is: [global] workgroup = cfs ldap admin dn = CN=MCS Samba LDAP Authentication,OU=Special Accounts,DC=cfs,DC=le,DC=ac,DC=uk ldap server = spearmint.cfs.le.ac.uk ldap suffix = dc=cfs,dc=le,dc=ac,dc=uk security = ads realm = cfs.le.ac.uk passdb backend = ldapsam:ldap://spearmint.cfs.le.ac.uk and the logs generated by smbd -i -d 3 are identical until it tries to authenticate. Rather than post the full log, I'll post from where smbd does a spnego session setup; take my word it is identical before this. using SPNEGO Selected protocol NT LANMAN 1.0 Transaction 2 of length 166 switch message SMBsesssetupX (pid 14857) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc801 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 47 Got NTLMSSP neg_flags=0x60080215 Transaction 3 of length 262 switch message SMBsesssetupX (pid 14857) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc801 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got user=[jal] domain=[DEBIAN_FANS] workstation=[PC14] len1=24 len2=24 Connected to LDAP server 143.210.35.83 got ldap server name [EMAIL PROTECTED], using bind path: dc=CFS,dc=LE,dc=AC,dc=UK Connecting to host=SPEARMINT Connecting to 143.210.35.83 at port 445 lsa_io_sec_qos: length c does not match size 8 check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface check_ntlm_password: mapped user is: [EMAIL PROTECTED] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Connected to LDAP server 143.210.35.83 got ldap server name [EMAIL PROTECTED], using bind path: dc=CFS,dc=LE,dc=AC,dc=UK Connecting to host=SPEARMINT Connecting to 143.210.35.83 at port 445 At this point when using iDS5 the logs give: User jal does not exist, trying to add it make_server_info_info3: pdb_init_sam failed! check_ntlm_password: Authentication for user [jal] -> [jal] FAILED with error NT_STATUS_NO_SUCH_USER timeout_processing: End of file from client (client has disconnected). setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Closing connections and when using /etc/passwd or NIS+ the logs give: push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: winbind authentication for user [jal] succeeded To me this looks like, when using iDS5, the underlying OS is telling samba that jal doesn't exist but he does, honest. I'm just using the Solaris nsswitch.conf with "passwd: files ldap" Anyone come across this or know what I need to do? The Solaris system is patched up to date btw Thanks for any advice. John Landamore School of Mathematics & Computer Science University of Leicester University Road, LEICESTER, LE1 7RH [EMAIL PROTECTED] Phone: +44 (0)116 2523410 Fax: +44 (0)116 2523604 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
