Kristof Bruyninckx wrote: snipp > Sep 29 10:59:52 linux14 slapd: ==> ldbm_back_bind: dn: > cn=Manager,dc=thales,dc=be > Sep 29 10:59:52 linux14 slapd: send_ldap_result: err=49 matched="" text="" > Sep 29 10:59:52 linux14 slapd: daemon: select: listen=7 active_threads=0 > tvp=NULL > Sep 29 10:59:52 linux14 slapd: daemon: activity on 1 descriptors > Sep 29 10:59:52 linux14 slapd: daemon: activity on: 8r > Sep 29 10:59:52 linux14 slapd: daemon: read activity on 8 > Sep 29 10:59:52 linux14 slapd: connection_get(8) > snip" > > which to my opinion is odd since it is no longer used in samba. And it > fails to authenticate. I tried a reset off the password, and changed the > entries in ldap.conf and slapd.conf. Once done, I tried to modify an > existing entry with ldapmodify which was successfully. Is samba here > still trying to access the LDAP with this account? Probably not, but I'm pretty sure you have nss-ldap installed with a configured /etc/ldap.conf or wherever this file is on your distro.
> Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat: anonymous > Sep 29 10:59:52 linux14 slapd: <= acl_mask: [3] applying auth(=x) (stop) > Sep 29 10:59:52 linux14 slapd: <= acl_mask: [3] mask: auth(=x) > Sep 29 10:59:52 linux14 slapd: => access_allowed: auth access granted by > auth(=x) > Sep 29 10:59:52 linux14 slapd: daemon: select: listen=7 active_threads=0 > tvp=NULL > Sep 29 10:59:52 linux14 slapd: send_ldap_result: err=0 matched="" text="" > Sep 29 10:59:52 linux14 slapd: daemon: activity on 1 descriptors > Sep 29 10:59:52 linux14 slapd: daemon: activity on: > snip" > > What ever is happening here, it seems that the samba users is not > getting write permissions. Before the password is checked the bind is "anonymous" and it requests auth access to userPassword which is granted. That's how things are supposed to work. err=0 above indicates no error. > Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] applying write(=wrscx) > (stop) > Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] mask: write(=wrscx) > Sep 29 10:59:52 linux14 slapd: => access_allowed: read access granted by > write(=wrscx) > Sep 29 10:59:52 linux14 slapd: send_ldap_result: err=0 matched="" text="" > snip" > > But here LDAP does grant the samba user the proper permissions. Sure, the request was for "entry" and "objectClass" etc., so the condition in the "access to attrs=userPassword" doesn't match here. > Sep 29 10:59:52 linux14 slapd: modifications: > Sep 29 10:59:52 linux14 slapd: add: objectClass > Sep 29 10:59:52 linux14 slapd: one value, length 15 > Sep 29 10:59:53 linux14 slapd: add: uidNumber > Sep 29 10:59:53 linux14 slapd: one value, length 5 > Sep 29 10:59:53 linux14 slapd: add: gidNumber > Sep 29 10:59:53 linux14 slapd: one value, length 5 > *Sep 29 10:59:53 linux14 slapd: send_ldap_result: err=21 matched="" > text="objectClass: value #0 invalid per syntax"* Google would have told you this error stems from unrecognized objectClass definitions. You probably miss an "include" statement in slapd.conf. You need at least core.schema, cosine.schema, nis.schema, samba.schema (in that order). cheers Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
