LDAP Benutzerauthentifizierung schlägt !?manchmal!? fehl
Hallo Liste, Ich habe nun während zwei Tagen einen Samba Server mit LDAP aufgesetzt. Nun komme ich aber nicht mehr weiter: Ich habe zwei Benutzer (raffi,tester) und root angelegt. Wenn ich mich von W2K auf den Server verbinde, kann ich mich mit raffi authentifizieren, mit tester aber nicht. Den Rechner der Domain hinzufügen funktioniert auch nicht (mit root). In den Logs (sambalog) sehe ich "User tester in passdb, but getpwnam() fails!" Was soll das?? Weiter entnehme ich messages, dass er in der falschen "db" sucht: Sep 21 13:22:54 mail slapd[3886]: conn=227 op=1 SRCH base="ou=Users,dc=mydomain,dc=org" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=tester))" das sollte er nicht! ich weiss nicht warum das so ist, in allen config-files habe ich es richtig, denke ich mal.... von Mac oder Linux (SuSE 9.3 getestet) kann ich mich problemlos per LDAP authentifizieren. Das System ist ein SuSE 9.3, Samba Version 3.0.13-1.1-SUSE, openldap slapd 2.2.23 Wenn ihr die config-Dateien noch braucht, einfach melden... Wo liegt mein Fehler? Vielen Dank schon im Vorraus Grüsse rs #################################################################### messages-logfile mit tester: ------------------------------------------------------------- Sep 21 13:22:54 mail slapd[3886]: conn=226 fd=22 ACCEPT from IP=127.0.0.1:4205 (IP=0.0.0.0:389) Sep 21 13:22:54 mail slapd[3886]: conn=226 op=0 BIND dn="cn=root,dc=yux" method=128 Sep 21 13:22:54 mail slapd[3886]: conn=226 op=0 BIND dn="cn=root,dc=yux" mech=SIMPLE ssf=0 Sep 21 13:22:54 mail slapd[3886]: conn=226 op=0 RESULT tag=97 err=0 text= Sep 21 13:22:54 mail slapd[3886]: conn=226 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Sep 21 13:22:54 mail slapd[3886]: conn=226 op=1 SRCH attr=supportedControl Sep 21 13:22:54 mail slapd[3886]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory Sep 21 13:22:54 mail slapd[3886]: conn=226 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 13:22:54 mail slapd[3886]: conn=226 op=2 SRCH base="ou=Users,dc=yux" scope=2 deref=0 filter="(&(uid=tester)(objectClass=sambaSamAccount))" Sep 21 13:22:54 mail slapd[3886]: conn=226 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Sep 21 13:22:54 mail slapd[3886]: conn=226 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 13:22:54 mail slapd[3886]: conn=227 fd=24 ACCEPT from IP=127.0.0.1:4206 (IP=0.0.0.0:389) Sep 21 13:22:54 mail slapd[3886]: conn=227 op=0 BIND dn="" method=128 Sep 21 13:22:54 mail slapd[3886]: conn=227 op=0 RESULT tag=97 err=0 text= Sep 21 13:22:54 mail slapd[3886]: conn=227 op=1 SRCH base="ou=Users,dc=mydomain,dc=org" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=tester))" Sep 21 13:22:54 mail slapd[3886]: conn=227 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Sep 21 13:22:54 mail slapd[3886]: conn=227 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= Sep 21 13:22:54 mail smbd[12188]: [2005/09/21 13:22:54, 0] auth/auth_sam.c:check_sam_security(324) Sep 21 13:22:54 mail smbd[12188]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Sep 21 13:22:54 mail slapd[3886]: conn=226 fd=22 closed Sep 21 13:22:54 mail slapd[3886]: conn=227 fd=24 closed ---------------------------------------------------------- samba-logfile mit tester: ---------------------------------------------------------- [2005/09/21 13:22:54, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/09/21 13:22:54, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/09/21 13:22:54, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/09/21 13:22:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: tester [2005/09/21 13:22:54, 1] auth/auth_util.c:make_server_info_sam(840) User tester in passdb, but getpwnam() fails! [2005/09/21 13:22:54, 0] auth/auth_sam.c:check_sam_security(324) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2005/09/21 13:22:54, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [tester] -> [tester] FAILED with error NT_STATUS_NO_SUCH_USER [2005/09/21 13:22:54, 2] smbd/server.c:exit_server(609) Closing connections ---------------------------------------------------------- messages-logfile mit raffi ---------------------------------------------------------- Sep 21 13:23:46 mail slapd[3886]: conn=228 fd=22 ACCEPT from IP=127.0.0.1:4299 (IP=0.0.0.0:389) Sep 21 13:23:46 mail slapd[3886]: conn=228 op=0 BIND dn="cn=root,dc=yux" method=128 Sep 21 13:23:46 mail slapd[3886]: conn=228 op=0 BIND dn="cn=root,dc=yux" mech=SIMPLE ssf=0 Sep 21 13:23:46 mail slapd[3886]: conn=228 op=0 RESULT tag=97 err=0 text= Sep 21 13:23:46 mail slapd[3886]: conn=228 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Sep 21 13:23:46 mail slapd[3886]: conn=228 op=1 SRCH attr=supportedControl Sep 21 13:23:46 mail slapd[3886]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory Sep 21 13:23:46 mail slapd[3886]: conn=228 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 13:23:46 mail slapd[3886]: conn=228 op=2 SRCH base="ou=Users,dc=yux" scope=2 deref=0 filter="(&(uid=raffi)(objectClass=sambaSamAccount))" Sep 21 13:23:46 mail slapd[3886]: conn=228 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Sep 21 13:23:46 mail slapd[3886]: conn=228 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 13:23:46 mail slapd[3886]: conn=229 fd=24 ACCEPT from IP=127.0.0.1:4300 (IP=0.0.0.0:389) Sep 21 13:23:46 mail slapd[3886]: conn=229 op=0 BIND dn="" method=128 Sep 21 13:23:46 mail slapd[3886]: conn=229 op=0 RESULT tag=97 err=0 text= Sep 21 13:23:46 mail slapd[3886]: conn=229 op=1 SRCH base="ou=Users,dc=mydomain,dc=org" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=raffi))" Sep 21 13:23:46 mail slapd[3886]: conn=229 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= Sep 21 13:23:46 mail slapd[3886]: conn=229 op=2 SRCH base="ou=Groups,dc=mydomain,dc=org" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=raffi))" Sep 21 13:23:46 mail slapd[3886]: conn=229 op=2 SRCH attr=gidNumber Sep 21 13:23:46 mail slapd[3886]: conn=229 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text= Sep 21 13:23:46 mail slapd[3886]: conn=228 op=3 SRCH base="ou=Groups,dc=yux,ou=Users,dc=yux" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=100))" Sep 21 13:23:46 mail slapd[3886]: conn=228 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Sep 21 13:23:46 mail slapd[3886]: conn=228 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text= Sep 21 13:23:46 mail smbd[12190]: [2005/09/21 13:23:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) Sep 21 13:23:46 mail smbd[12190]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) Sep 21 13:23:46 mail slapd[3886]: conn=228 op=4 SRCH base="ou=Groups,dc=yux,ou=Users,dc=yux" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=16))" Sep 21 13:23:46 mail slapd[3886]: conn=228 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Sep 21 13:23:46 mail slapd[3886]: conn=228 op=4 SEARCH RESULT tag=101 err=32 nentries=0 text= Sep 21 13:23:46 mail smbd[12190]: [2005/09/21 13:23:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) Sep 21 13:23:46 mail smbd[12190]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) Sep 21 13:23:46 mail slapd[3886]: conn=228 op=5 SRCH base="ou=Groups,dc=yux,ou=Users,dc=yux" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=33))" Sep 21 13:23:46 mail slapd[3886]: conn=228 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Sep 21 13:23:46 mail slapd[3886]: conn=228 op=5 SEARCH RESULT tag=101 err=32 nentries=0 text= Sep 21 13:23:46 mail smbd[12190]: [2005/09/21 13:23:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) Sep 21 13:23:46 mail smbd[12190]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) ------------------------------------------------------------- samba-logfile mit raffi: ------------------------------------------------------------- [2005/09/21 13:23:46, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/09/21 13:23:46, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/09/21 13:23:46, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/09/21 13:23:46, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: raffi [2005/09/21 13:23:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2005/09/21 13:23:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2005/09/21 13:23:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2005/09/21 13:23:46, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [raffi] -> [raffi] -> [raffi] succeeded [2005/09/21 13:24:00, 0] lib/util_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer [2005/09/21 13:24:00, 2] smbd/server.c:exit_server(609) Closing connections -------------------------------------------------------------------
Hallo, hat sich erledigt. Wichtig ist dieser Teil in der smb.conf: ------------------------------------------------- ldap suffix = dc=yux ldap user suffix = ou=Users,dc=yux ldap group suffix = ou=Groups,dc=yux ldap machine suffix= ou=Workstations,dc=yux ldap admin dn = cn=root,dc=yux ------------------------------------------------- ich hatte "ldap user suffix" nicht und ldap suffix falsch eingetragen..... Vielen Dank für die Antworten;-) grüsse rs
participants (1)
-
Raffael Schmid