To start off, shit's about to hit the fan and i need your help! I'm so short of time that i can't begin to describe everything i've done and not done, but i have a problem and hope you can help!
- OpenLDAP (working with ldapsearch and php scripts)
- Working samba without LDAP
I'm trying to connect these two dots, I'm not sure what exactly you need but i'll give it to you if you as long as you ask!
This is waht my access.log says (where all my smb data gets dumped):
[2013/02/10 19:41:25, 2] passdb/init_sam_from_ldap(545): Entry found for user: ***<username>***
[2013/02/10 19:41:25, 0] passdb/pdb_get_group_sid: Failed to find Unix account for ***<username>***
[2013/02/10 19:41:25, 1] auth/make_server_info_sam(589): User ***<username>*** in passdb, but getpwnam() fails!
[2013/02/10 19:41:25, 0] auth/check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2013/02/10 19:41:25, 2] auth/check_ntlm_password: Authentication for user [***<username>***] -> [***<username>***] FAILED with error NT_STATUS_NO_SUCH_USER
It's like the password hashes in the OpenLDAP database doesn't match what samba assumes it should recieved, or something along those lines. note: When supplying a wrong password, it says wrong password.. these logs are for a perfect authentication using correct credentials, or at least i try to (via gnome filebrowser, username: username, workgroup: WORKGROUP, password: plain text password)
Here's my smb.conf:
[global]
unix charset = LOCALE
netbios name = test
server string = test
passdb backend = ldapsam:"ldap://<ip>"
username map = "/etc/samba/smbusers"
log level = 2
syslog = 0
log file = /var/log/samba/access.log
max log size = 0
name resolve order = hosts dns
load printers = No
add user script = /usr/bin/smbldap-useradd -m '%u'
delete user script = /usr/bin/smbldap-userdel '%u'
add group script = /usr/bin/smbldap-groupadd -p '%g'
delete group script = /usr/bin/smbldap-groupdel '%g'
add user to group script = /usr/bin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/bin/smbldap-groupmod -x '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
set primary group script = /usr/bin/smbldap-usermod -g '%g' '%u'
domain logons = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=test,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap suffix = dc=test,dc=local
ldap ssl = no
ldap passwd sync = yes
Here's my ldap.conf
** Server is down so i don't have this atm**
According to wireshark OpenLDAP sends the correct information when searching for the uid, but when doing the actual login i think that samba says something about "singelLevel" which i think might be relevant, this is where it fails and the "wrong" data is sent back to samba.
Again, I'm shit out of luck and time is against me and i've tried everything and anything, but samba just refuses to use any LDAP login.
shares:
They work without LDAP, so the share's fine! (even with non-ldap auth)
**Add a unix user** --------------- This works... Then i can access the share, but i've explicitly told samba to **not** use local authentication, i've chosen LDAP?