The Ldap log sais nothing, every operation is fine, BUT, the samba log sais
that it can't find the 'uid' attribute for the user. As I understand samba
first tries to map the user with idmap (which I don't understand at all), then
it makes the bind against the Ldap and last but not least enters the share
specific permissions phase.
From the samba logging system I extracted this first lines with the "error":
[2008/07/01 23:24:50, 4] smbd/map_username.c:map_username(145)
Scanning username map /etc/samba/smbusers
[2008/07/01 23:24:50, 5] auth/auth_util.c:make_user_info_map(178)
make_user_info_map: Mapping user [WORKGROUP]\[silva] from workstation [ERNIE]
[2008/07/01 23:24:50, 5] auth/auth_util.c:make_user_info(92)
attempting to make a user_info for silva (silva)
[2008/07/01 23:24:50, 5] auth/auth_util.c:make_user_info(102)
making strings for silva's user_info struct
[2008/07/01 23:24:50, 5] auth/auth_util.c:make_user_info(134)
making blobs for silva's user_info struct
[2008/07/01 23:24:50, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED]
with the new password interface
[2008/07/01 23:24:50, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2008/07/01 23:24:50, 5] lib/util.c:dump_data(2226)
[000] 82 EB 85 FE 24 80 63 76 ....$.cv
[2008/07/01 23:24:50, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/01 23:24:50, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/01 23:24:50, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/01 23:24:50, 5] auth/token_util.c:debug_nt_user_token(464)
NT user token: (NULL)
[2008/07/01 23:24:50, 5] auth/token_util.c:debug_unix_user_token(490)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/07/01 23:24:50, 5] lib/smbldap.c:smbldap_search_ext(1183)
smbldap_search_ext: base => [dc=ort,dc=edu,dc=uy], filter =>
[(&(uid=silva)(objectclass=sambaSamAccount))], scope => [2]
[2008/07/01 23:24:50, 5] lib/smbldap.c:smbldap_close(1086)
The connection to the LDAP server was closed
[2008/07/01 23:24:50, 2] lib/smbldap.c:smbldap_open_connection(772)
smbldap_open_connection: connection opened
[2008/07/01 23:24:50, 3] lib/smbldap.c:smbldap_connect_system(983)
ldap_connect_system: successful connection to the LDAP server
[2008/07/01 23:24:50, 4] lib/smbldap.c:smbldap_open(1066)
The LDAP server is successfully connected
[2008/07/01 23:24:50, 1] passdb/pdb_ldap.c:init_sam_from_ldap(567)
init_sam_from_ldap: No uid attribute found for this user!
[2008/07/01 23:24:50, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
ldapsam_getsampwnam: init_sam_from_ldap failed for user 'silva'!
[2008/07/01 23:24:50, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/01 23:24:50, 3] auth/auth_sam.c:check_sam_security(281)
check_sam_security: Couldn't find user 'silva' in passdb.
[2008/07/01 23:24:50, 5] auth/auth.c:check_ntlm_password(272)
check_ntlm_password: sam authentication for user [silva] FAILED with error
NT_STATUS_NO_SUCH_USER
[2008/07/01 23:24:50, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [silva] -> [silva] FAILED with
error NT_STATUS_NO_SUCH_USER
This is the openLdap log from the transaction:
conn=129952 fd=153 ACCEPT from IP=172.30.150.100:14793 (IP=0.0.0.0:389)
conn=129952 op=0 BIND dn="cn=Manager,dc=my,dc=company" method=128
conn=129952 op=0 BIND dn="cn=Manager,dc=my,dc=company" mech=SIMPLE ssf=0
conn=129952 op=0 RESULT tag=97 err=0 text=
conn=129952 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
conn=129952 op=1 SRCH attr=supportedControl
conn=129952 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=129952 op=2 SRCH base="dc=my,dc=company" scope=2 deref=0
filter="(&(uid=silva)(objectClass=sambaSamAccount))"
slapd[2498]: conn=129952 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours
modifyTimestamp uidNumber
conn=129952 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=129952 op=3 SRCH base="ou=Groups,dc=my,dc=company" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
conn=129952 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList
description displayName cn objectClass
conn=129952 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=129952 op=4 SRCH base="sambaDomainName=OPEN,dc=my,dc=company" scope=0 deref=0
filter="(objectClass=*)"
conn=129952 op=4 SRCH attr=sambaPwdHistoryLength
conn=129952 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=129952 fd=153 closed (connection lost)
I've changed the share configuration to the following but still....
[www2]
comment = webpages
path = /path/to/webpages
public = no
writeable = yes
browseable = yes
valid users = silva
dont descend = /proc,/dev,/etc,/bin,/usr...
Best regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: [EMAIL PROTECTED]
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
[EMAIL PROTECTED] wrote:
[2008/07/01 04:54:01, 1] passdb/pdb_ldap.c:init_sam_from_ldap(567)
init_sam_from_ldap: No uid attribute found for this user!
[2008/07/01 04:54:01, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
ldapsam_getsampwnam: init_sam_from_ldap failed for user 'xxxxx'!
Have you looked in the LDAP log to see what attribute it's actually
looking for? I haven't used 3.2 yet but I guess it's possible that
something has changed with that.
[global]
os level = 64
I don't think you need or want this since you are not a WINS server...
ldap admin dn = cn=Manager,dc=my,dc=company
ldap suffix = dc=my,dc=company
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap user suffix = ou=People
ldap passwd sync = Yes
Have you run smbpasswd -w to write the LDAP admin password into secrets.tdb?
[www2]
valid users = +groupA +groupB
force user = www2
Only last night I was dealing with a terrible problem with 3.0.28a wih
these two parameters. Try commenting these out and see if you can get to
your share. Try naming individual users instead of groups. Also,
apparently the required syntax for expanding groups has changed and I
think it should be +DOMAIN\groupA and the like. Though I'm not sure that
the '+' syntax is still favored either. You'll need to look in the docs
for your version to verify this. Comment them out for testing anyway.
Also I was made aware last night that it is better to set the sticky bit
on the directory than to use 'force user' or 'force group' (thanks JHT).
It will solve the 'create mask' too, I think.
create mask = 0775
Best regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: [EMAIL PROTECTED]
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
