RE: [Samba] Two Locations, One Domain - LDAP Auth Failure
This is a discussion on RE: [Samba] Two Locations, One Domain - LDAP Auth Failure within the Samba forums, part of the Networking and Network Related category; Hi, here's the problem: check_ntlm_password: Authentication for user [andy] -> [andy] FAILED = with error NT_STATUS_NO_SUCH_USER [2005/09/20 12:...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-20-2005
|
|||
|
|||
RE: [Samba] Two Locations, One Domain - LDAP Auth Failure
Hi,
here's the problem: check_ntlm_password: Authentication for user [andy] -> [andy] FAILED = with error NT_STATUS_NO_SUCH_USER [2005/09/20 12:44:41, 3] smbd/process.c:timeout_processing(1334) has the user the sambasid attribute? Is it filled? did you use = smbldap-tools? Mit freundlichem Gru=DF, Dirk Laurenz Systems Engineer=09 Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland=20 Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax: +49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:dirk.laurenz@fujitsu-siemens.com Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html ************************************************** ***********************= ****************************************** =20 -| -----Original Message----- -| From:=20 -| samba-bounces+dirk.laurenz=3Dfujitsu-siemens.com@lists.samba.o -| rg=20 -| [mailto:samba-bounces+dirk.laurenz=3Dfujitsu-siemens.com@lists -| .samba.org] On Behalf Of Andy -| Sent: Tuesday, September 20, 2005 2:49 PM -| To: Laurenz, Dirk -| Cc: samba@lists.samba.org -| Subject: RE: [Samba] Two Locations, One Domain - LDAP Auth Failure -| =20 -| Hi Dirk, thanks for your reply! -| =20 -| I definatly want to go down the BDC route so that I always=20 -| log on to the nearest server. The link between the two=20 -| isn't really an issue - both have a DSL connection to the=20 -| internet. -| =20 -| I started by modifying my smb.conf files so that each=20 -| server is a local master for their subnet, but only the uni=20 -| box is domain master. After fiddling with the 'remote=20 -| announce' and 'remote browse sync' I can now view both=20 -| servers from a workstation at home (*not* joined to the=20 -| domain yet). So far so good! -| =20 -| Ok, so LDAP it is... I've followed the tutorial at=20 -| http://www.idealx.org/prj/samba/smbldap-howto.en.html up to=20 -| the end of section 5.1, and although I can sucesully create=20 -| and remove accounts, and log on to said accounts over SSH,=20 -| I cannot connect to the samba server at uni using the=20 -| credentials of a user in LDAP. The only problem I ran=20 -| into with that tutorial was the following error when=20 -| starting slapd after making the changes in section 5.1: -| =20 -| Checking configuration files for slapd: =20 -| /etc/openldap/slapd.conf: line 93: unknown attr=20 -| "sambaPrivilegeList" in to clause -| =20 -| So I simply removed 'sambaPrivilegeList' from slapd.conf. I=20 -| don't know if this is causing samba's authentication to=20 -| fail... any ideas why slapd moaned about this and how to=20 -| fix it? -| =20 -| Anyway, Uni server is ALPHA, the PDC for domain OMEGA. Home=20 -| server is GAMMA, home workstation is DELTA. User 'andy' can=20 -| log in to ALPHA over SSH, but not samba.=20 -| Increasing the log level to 3 and looking at the access log=20 -| for DELTA on ALPHA when DELTA tries to connect as user=20 -| 'andy' to view shares: -| =20 -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) -| push_sec_ctx(0, 0) : sec_ctx_stack_ndx =3D 1 -| [2005/09/20 12:44:41, 3] smbd/uid.c:push_conn_ctx(365) -| push_conn_ctx(0) : conn_ctx_stack_ndx =3D 0 -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) -| setting sec ctx (0, 0) - sec_ctx_stack_ndx =3D 1 -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) -| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx =3D 0 -| [2005/09/20 12:44:41, 3] auth/auth.c:check_ntlm_password(219) -| check_ntlm_password: Checking password for unmapped user=20 -| [DELTA]\[andy]@[DELTA] with the new password interface -| [2005/09/20 12:44:41, 3] auth/auth.c:check_ntlm_password(222) -| check_ntlm_password: mapped user is: [OMEGA]\[andy]@[DELTA] -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) -| push_sec_ctx(0, 0) : sec_ctx_stack_ndx =3D 1 -| [2005/09/20 12:44:41, 3] smbd/uid.c:push_conn_ctx(365) -| push_conn_ctx(0) : conn_ctx_stack_ndx =3D 0 -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) -| setting sec ctx (0, 0) - sec_ctx_stack_ndx =3D 1 -| [2005/09/20 12:44:41, 2] lib/smbldap.c:smbldap_open_connection(692) -| smbldap_open_connection: connection opened -| [2005/09/20 12:44:41, 3] lib/smbldap.c:smbldap_connect_system(866) -| ldap_connect_system: succesful connection to the LDAP server -| ldap_connect_system: LDAP server does not support paged results -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) -| pop_sec_ctx (0, 0) - sec_ctx_stack_ndx =3D 0 -| [2005/09/20 12:44:41, 3] auth/auth_sam.c:check_sam_security(257) -| check_sam_security: Couldn't find user 'andy' in passdb. -| [2005/09/20 12:44:41, 3]=20 -| auth/auth_winbind.c:check_winbind_security(80) -| check_winbind_security: Not using winbind, requested=20 -| domain [OMEGA] was for this SAM. -| [2005/09/20 12:44:41, 2] auth/auth.c:check_ntlm_password(312) -| check_ntlm_password: Authentication for user [andy] ->=20 -| [andy] FAILED with error NT_STATUS_NO_SUCH_USER -| [2005/09/20 12:44:41, 3] smbd/process.c:timeout_processing(1334) -| timeout_processing: End of file from client (client has=20 -| disconnected). -| [2005/09/20 12:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) -| setting sec ctx (0, 0) - sec_ctx_stack_ndx =3D 0 -| [2005/09/20 12:44:41, 2] smbd/server.c:exit_server(609) -| Closing connections -| [2005/09/20 12:44:41, 3] smbd/connection.c:yield_connection(69) -| Yielding connection to=20 -| [2005/09/20 12:44:41, 3] smbd/server.c:exit_server(652) -| Server exit (normal exit) -| =20 -| It looks like the line "ldap_connect_system: LDAP server=20 -| does not support paged results" indcates the problem here,=20 -| however I have no idea what it means or how to fix=20 -| it. (Running OpenLDAP 2.2.23-5) -| =20 -| Any suggestions as to whats wrong? -| =20 -| Thanks again, -| =20 -| Andy -| =20 -| =20 -| --- On Tue Sep 20 10:53 ,=20 -| <Dirk.Laurenz@fujitsu-siemens.com> sent: --- -| =20 -| >Hello Andy, -| > -| >you should setup a samba domain w/ a PDC and BDC or a dial=20 -| up line and a local wins server at home (but using a bdc is better). -| >more over you should use an ldap backend. this should be=20 -| your setup: -| > -| > -| > [HOME] ---DIAL UP LINE---> [UNI] -| > -| > [SERVER 1] =09 -| [SERVER 2] -| > -OpenLDAP / Slave =20 -| -OpenLDAP / Master -| > -Samba / BDC =09 -| -Samba / PDC -| > -| >I recommend to have a flat rate between UNI and HOME -| > -| >Mit freundlichem Gru=DF, -| > -| > -| > -| >Dirk Laurenz -| >Systems Engineer=09 -| > -| >Fujitsu Siemens Computers -| >S CE DE SE PS N/O -| >Sales Central Europe Deutschland=20 -| >Professional Service Nord / Ost -| > -| >Hildesheimer Strasse 25 -| >30880 Laatzen -| >Germany -| > -| >Telephone: +49 (511) 84 89 - 18 08 -| >Telefax: +49 (511) 84 89 - 25 18 08 -| >Mobile: +49 (170) 22 10 781 -| >Email: dirk.laurenz@fujitsu-siemens.com -| >Internet: http://www.fujitsu-siemens.com -| > http://www.fujitsu-siemens.de/services/index.html -| >************************************************* ********** -| ************************************************** ****** -| --=20 -| To unsubscribe from this list go to the following URL and read the -| instructions: https://lists.samba.org/mailman/listinfo/samba -| =20 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
