Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Samba Ldap PDC only logs Root
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lramos85
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jun 2004
Posts: 141
Location: Riverside, Ca
PostPosted: Wed Oct 11, 2006 9:23 pm    Post subject: Samba Ldap PDC only logs Root Reply with quote
Hi,

I have setup Ldap to work perfectly with Unix and I was also trying to get it work with Windows clients using Samba with an Ldap backend. I have set up a domain and I am able to log in to it through windows. My problem is that it only lets 'root' login but not other samba users like 'testuser'. I have been trying to figure whats wrong for hours with no luck, hope someone can help me.

smb.conf
Code:

[global]

 workgroup = MCS
 netbios name = ldap
 wins support = yes
 server string = LDAP PDC [on Ubuntu/Gentoo :: Samba server %v]

 security = user
 encrypt passwords = true
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 interfaces = eth1 lo
 bind interfaces only = yes

 local master = yes
 os level = 65
 domain master = yes
 preferred master = yes

 null passwords = no
 hide unreadable = yes
 hide dot files = yes

 domain logons = yes
 ;logon script = login.bat OR %U.bat
 logon path = \\%L\profiles\%U
 logon drive = Z:
 logon home = \\%L\%U

 wins support = yes
 name resolve order = wins lmhosts bcast host
 dns proxy = no

 time server = yes
 log file = /var/log/samba/log.%m
 max log size = 50

 add user script = /usr/sbin/smbldap-useradd -m "%u"
 add machine script = /usr/sbin/smbldap-useradd -w "%u"
 add group script = /usr/sbin/smbldap-groupadd -p "%g"
 add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
 delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
 set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

 passdb backend = ldapsam:ldap://127.0.0.1/
 ldap delete dn = Yes
 ldap ssl = no

 ldap suffix = dc=mcs,dc=edu
 ldap admin dn = cn=root,dc=mcs,dc=edu
 ldap group suffix = ou=Group
 ldap user suffix = ou=People
 ldap machine suffix = ou=Computers
 ldap idmap suffix = ou=People

 Dos charset = 850
 Unix charset = ISO8859-1

[netlogon]
 comment = Network Logon Service
 path = /var/lib/samba/netlogon
 guest ok = Yes
 browseable = no
 write list = root

[profiles]
 comment = User profiles
 path = /var/lib/samba/profiles
 writable = yes
 browsable = no
 create mode = 0644
 directory mode = 0755
 guest ok = yes

[homes]
 path = /nfs/mcs/%U
 browseable = no
 valid users = %S
 read only = no
 create mask = 0664
 directory mask = 0775


[public]
        comment = shared
        path = /mnt/public
        guest ok = yes
        browseable = yes


ldap.conf
Code:

suffix      "dc=mcs,dc=edu"

uri ldap://localhost/
pam_password exop

ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=Computers,dc=mcs,dc=edu
nss_base_passwd ou=People,dc=mcs,dc=edu
nss_base_shadow ou=People,dc=mcs,dc=edu
nss_base_group  ou=Group,dc=mcs,dc=edu
nss_base_hosts  ou=Hosts,dc=mcs,dc=edu

bind_policy soft


And I have create a 'testuser' for samba but it can't log in.

Also when I try net join mcs -U testuser:
Code:

#net join mcs -U testuser
testuser's password:
[2006/10/11 14:22:42, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: No results returned
[2006/10/11 14:22:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine LDAP pipe \samr fnum 0x708dreturned critical error. Error was Call timed out: server did not respond after 10000 milliseconds
[2006/10/11 14:22:52, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(295)
  error setting trust account password: NT_STATUS_IO_TIMEOUT
Unable to join domain MCS.
[2006/10/11 14:22:52, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375)
  cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x708d to machine LDAP.  Error was Call timed out: server did not respond after 10000 milliseconds


but if I use root it works fine.

Thanks.

EDIT:

The Log file claims:
Code:

Oct 11 14:57:40 localhost smbd[6319]: nss_ldap: reconnecting to LDAP server...
Oct 11 14:57:40 localhost smbd[6319]: nss_ldap: reconnected to LDAP server after 1 attempt(s)
Oct 11 14:58:09 localhost smbd[6335]: [2006/10/11 14:58:09, 0] auth/auth_sam.c:check_sam_security(331)
Oct 11 14:58:09 localhost smbd[6335]:   check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'

_________________
Registered Linux User #328996
Register Now!
Adpot an unanswered post today!
Back to top
View user's profile Send private message
lramos85
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jun 2004
Posts: 141
Location: Riverside, Ca
PostPosted: Wed Oct 11, 2006 10:16 pm    Post subject: Reply with quote
:D Okay got it.

Turns out that on my nss ldap config file (my case /etc/libnss-ldap.conf) I needed to remove the rootbinddn and make users readable to the network.
_________________
Registered Linux User #328996
Register Now!
Adpot an unanswered post today!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy