Guest fbreves Posted November 11, 2004 Report Share Posted November 11, 2004 Hi all, I've been searching for answers for my problems with win2k Pro and Server to logon a Samba 3 PDC for some time and still don't have a clue. the scenario seems to be simple. I'm using MDK 10.0 + Samba3 + OpenLDAP. The versions are samba-winbind-3.0.6-4.1.100mdk samba-swat-3.0.6-4.1.100mdk samba-common-3.0.6-4.1.100mdk samba-doc-3.0.6-4.1.100mdk samba-server-3.0.6-4.1.100mdk samba-client-3.0.6-4.1.100mdk smbldap-tools 0.8.5 openldap-back_passwd-2.1.25-6mdk openldap-2.1.25-6mdk openldap-servers-2.1.25-6mdk openldap-back_dnssrv-2.1.25-6mdk openldap-clients-2.1.25-6mdk libldap2-2.1.25-6mdk nss_ldap-212-3mdk openldap-back_ldap-2.1.25-6mdk openldap-back_sql-2.1.25-6mdk pam_ldap-167-3mdk I'm able to joing my Windows 2000 Pro and Servers to the domain without problems(the machine account is added automatically under the Computers OU) . But once the system is restarted I'm not able to logon to the domain. I already deactivate the registry entries for secure channel and Signor Seal (the standard ones everyone talk about). Still can't logon. I can see by the logs that the request is getting to the LDAP authentication directory. But the win2k workstation returns an username or password error. any help will be appreciated regards, Fabiano Breves Quote Link to comment Share on other sites More sharing options...
Guest fbreves Posted November 11, 2004 Report Share Posted November 11, 2004 Above is a part of the samba log file log.desenv02 check_ntlm_password: Checking password for unmapped user [sMB3]\[patrick]@[DESENV02] with the new password interface [2004/11/11 15:45:59, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [sMB3]\[patrick]@[DESENV02] [2004/11/11 15:45:59, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/11/11 15:45:59, 3] smbd/uid.c:push_conn_ctx(364) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/11/11 15:45:59, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/11 15:45:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: patrick [2004/11/11 15:45:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/11/11 15:45:59, 1] auth/auth_util.c:make_server_info_sam(822) User patrick in passdb, but getpwnam() fails! [2004/11/11 15:45:59, 0] auth/auth_sam.c:check_sam_security(306) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' any ideas of what is happennig ?? Quote Link to comment Share on other sites More sharing options...
Guest fbreves Posted November 15, 2004 Report Share Posted November 15, 2004 Someone may have interest to know that I solve the problem. There were 3 problems. The firt one was a misconfiguration. The SID number was diferent from the users SID part of the sambaPrimaryGroupSID and sambaSID attributes. The second was the permissions on the netlogon share I had to set it to 1777. The third one seems to be a BUG of the samba version. I had manually add all my Ldap users to the /etc/passwd. Now my getent passwd output shows me each LDAP users twice... Now I can logon from Win2K servers and Workstation... Regards, Fabiano Breves Quote Link to comment Share on other sites More sharing options...
spinynorman Posted November 15, 2004 Report Share Posted November 15, 2004 Thanks for the update. :) Quote Link to comment Share on other sites More sharing options...
Gowator Posted November 15, 2004 Report Share Posted November 15, 2004 Group mod request.... can we put this into tips 'n' tricks. Obviously not an issue we could help with but very thoughtful of fbres to post just the same.... Quote Link to comment Share on other sites More sharing options...
spinynorman Posted November 15, 2004 Report Share Posted November 15, 2004 Done. B) Quote Link to comment Share on other sites More sharing options...
Guest Urias Cruz Posted August 12, 2007 Report Share Posted August 12, 2007 Hi, I had the same problem when I was setting PDC with SAMBA + LDAP. The problem is that, in spite of SAMBA is using ldap as backend to look up the user's and machine's account, SAMBA will use a function called "getpwnam" to confirm if those accounts really exist in NIS database. So you have set NIS to search in the ldap database. To set NIS to look up in the ldap database, you need to edit the "/etc/nsswitch.conf" file and "/etc/ldap.conf" - don't mistake /etc/ldap.conf for /etc/openldap/ldap.conf, cause /etc/ldap.conf is used for NIS and /etc/openldap/ldap.conf is used for ldap client. the /etc/nsswitch.conf must have these lines: ------------------------ group: files ldap shadow: files ldap passwd: files ldap ----------------------- the /etc/ldap.conf must have these lines: --------------------------------- HOST the_ip_address_of_your_ldap_server URI ldap://the_ip_address_of_your_ldap_server binddn cn=user_with_permission_to_look_up_in_ldap_sever,d c=your_suffix,dc=your_suffix bindpw secret_of_the_user --------------------------- I hope having helped you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.