lramos85 Tux's lil' helper
Joined: 29 Jun 2004 Posts: 141 Location: Riverside, Ca
|
Posted: Wed Oct 11, 2006 9:23 pm Post subject: Samba Ldap PDC only logs Root |
|
|
Hi,
I have setup Ldap to work perfectly with Unix and I was also trying to get it work with Windows clients using Samba with an Ldap backend. I have set up a domain and I am able to log in to it through windows. My problem is that it only lets 'root' login but not other samba users like 'testuser'. I have been trying to figure whats wrong for hours with no luck, hope someone can help me.
smb.conf
Code: |
[global]
workgroup = MCS
netbios name = ldap
wins support = yes
server string = LDAP PDC [on Ubuntu/Gentoo :: Samba server %v]
security = user
encrypt passwords = true
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth1 lo
bind interfaces only = yes
local master = yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
;logon script = login.bat OR %U.bat
logon path = \\%L\profiles\%U
logon drive = Z:
logon home = \\%L\%U
wins support = yes
name resolve order = wins lmhosts bcast host
dns proxy = no
time server = yes
log file = /var/log/samba/log.%m
max log size = 50
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
passdb backend = ldapsam:ldap://127.0.0.1/
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=mcs,dc=edu
ldap admin dn = cn=root,dc=mcs,dc=edu
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
Dos charset = 850
Unix charset = ISO8859-1
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = no
write list = root
[profiles]
comment = User profiles
path = /var/lib/samba/profiles
writable = yes
browsable = no
create mode = 0644
directory mode = 0755
guest ok = yes
[homes]
path = /nfs/mcs/%U
browseable = no
valid users = %S
read only = no
create mask = 0664
directory mask = 0775
[public]
comment = shared
path = /mnt/public
guest ok = yes
browseable = yes
|
ldap.conf
Code: |
suffix "dc=mcs,dc=edu"
uri ldap://localhost/
pam_password exop
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=Computers,dc=mcs,dc=edu
nss_base_passwd ou=People,dc=mcs,dc=edu
nss_base_shadow ou=People,dc=mcs,dc=edu
nss_base_group ou=Group,dc=mcs,dc=edu
nss_base_hosts ou=Hosts,dc=mcs,dc=edu
bind_policy soft
|
And I have create a 'testuser' for samba but it can't log in.
Also when I try net join mcs -U testuser:
Code: |
#net join mcs -U testuser
testuser's password:
[2006/10/11 14:22:42, 0] utils/net_ads.c:ads_startup(191)
ads_connect: No results returned
[2006/10/11 14:22:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
rpc_api_pipe: Remote machine LDAP pipe \samr fnum 0x708dreturned critical error. Error was Call timed out: server did not respond after 10000 milliseconds
[2006/10/11 14:22:52, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(295)
error setting trust account password: NT_STATUS_IO_TIMEOUT
Unable to join domain MCS.
[2006/10/11 14:22:52, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375)
cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x708d to machine LDAP. Error was Call timed out: server did not respond after 10000 milliseconds
|
but if I use root it works fine.
Thanks.
EDIT:
The Log file claims:
Code: |
Oct 11 14:57:40 localhost smbd[6319]: nss_ldap: reconnecting to LDAP server...
Oct 11 14:57:40 localhost smbd[6319]: nss_ldap: reconnected to LDAP server after 1 attempt(s)
Oct 11 14:58:09 localhost smbd[6335]: [2006/10/11 14:58:09, 0] auth/auth_sam.c:check_sam_security(331)
Oct 11 14:58:09 localhost smbd[6335]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' |
_________________ Registered Linux User #328996
Register Now!
Adpot an unanswered post today! |
|