Find the answer to your Linux question:
Results 1 to 3 of 3
I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6. I followed this guide. http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend LDAP is working good. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2010
    Posts
    16

    Unhappy Samba Configuration :: Invalid Credentials


    I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6.

    I followed this guide.
    http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend

    LDAP is working good. When I use the following command: (net groupmap list) I am getting the error.

    Code:
    [root@server1 samba]# net groupmap list
    [2010/10/26 16:26:09.135901,  0] lib/smbldap.c:1151(smbldap_connect_system)
      failed to bind to server ldap://127.0.0.1 / with dn="cn=root,dc=mtm,dc=testdomain,dc=com" Error: Invalid credentials
      
    [2010/10/26 16:26:39.180063,  0] passdb/pdb_ldap.c:3448(ldapsam_setsamgrent)
      ldapsam_setsamgrent: LDAP search failed: Time limit exceeded
    [2010/10/26 16:26:39.180109,  0] passdb/pdb_ldap.c:3523(ldapsam_enum_group_mapping)
      ldapsam_enum_group_mapping: Unable to open passdb
    I am sure that I have set the correct password in
    Code:
    smbpassword -w mypassword
    .
    Also, I can login to the LDAP thourgh PHPLDAPAdmin with the same password and the bind cn.

    Here is my smb.conf
    Code:
    # Global parameters
    [global]
    	ldap ssl = off
    	nt acl support = yes
    	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
    	workgroup = TESTDOMAIN
    	netbios name = SERVER1
    	security = user
    	enable privileges = yes
    	#interfaces = 192.168.5.11
    	#username map = /etc/samba/smbusers
    	server string = Samba Server %v
    	#security = ads
    	encrypt passwords = Yes
    	#min passwd length = 3
    	#pam password change = no
    	#obey pam restrictions = No
    
    	# method 1:
    	#unix password sync = no
    	#ldap passwd sync = yes
    
    	# method 2:
    	unix password sync = yes
    	ldap passwd sync = no
    	passwd program = /usr/sbin/smbldap-passwd -u "%u"
    	passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
    
    	log level = 10
    	syslog = 0
    	log file = /var/log/samba/log.%U
    	max log size = 50
    	time server = Yes
    	#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    	mangling method = hash2
    	Dos charset = 850
    	Unix charset = ISO8859-1
    
    	logon script = logon.bat
    	logon drive = H:
            logon home = 
            logon path = 
    
    	domain logons = Yes
    	domain master = Yes
    	os level = 65
    	preferred master = Yes
    	wins support = yes
    	passdb backend = ldapsam:ldap://127.0.0.1/
    	ldap admin dn = cn=root,dc=mtm,dc=testdomain,dc=c om
    	#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=c om
    	ldap suffix = dc=mtm,dc=testdomain,dc=c om
            ldap group suffix = ou=Groups
            ldap user suffix = ou=Users
            ldap machine suffix = ou=Computers
    	#ldap idmap suffix = ou=Idmap
            add user script = /usr/sbin/smbldap-useradd -m "%u"
            #ldap delete dn = Yes
            delete user script = /usr/sbin/smbldap-userdel "%u"
            add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
            add group script = /usr/sbin/smbldap-groupadd -p "%g" 
            delete group script = /usr/sbin/smbldap-groupdel "%g"
            add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
            delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
    	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    
    	# printers configuration
    	#printer admin = @"Print Operators"
    	load printers = Yes
    	create mask = 0640
    	directory mask = 0750
    	#force create mode = 0640
    	#force directory mode = 0750
    	#nt acl support = No
    	printing = cups
    	printcap name = cups
    	deadtime = 10
    	guest account = nobody
    	map to guest = Bad User
    	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
    	show add printer wizard = yes
    	; to maintain capital letters in shortcuts in any of the profile folders:
    	preserve case = yes
    	short preserve case = yes
    	case sensitive = no
    
    [netlogon]
    	path = /home/netlogon/
    	browseable = No
    	read only = yes
    
    [profiles]
    	path = /home/profiles
    	read only = no
    	create mask = 0600
    	directory mask = 0700
    	browseable = No
    	guest ok = Yes
    	profile acls = yes
    	csc policy = disable
    	# next line is a great way to secure the profiles 
    	#force user = %U 
    	# next line allows administrator to access all profiles 
    	#valid users = %U "Domain Admins"
    
    [printers]
            comment = Network Printers
            #printer admin = @"Print Operators"
            guest ok = yes 
            printable = yes
            path = /home/spool/
            browseable = No
            read only  = Yes
            printable = Yes
            print command = /usr/bin/lpr -P%p -r %s
            lpq command = /usr/bin/lpq -P%p
            lprm command = /usr/bin/lprm -P%p %j
            # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
            # lpq command = /usr/bin/lpq -U%U@%M -P%p
            # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
            # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
            # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
            # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
            # queueresume command = /usr/sbin/lpc -U%U@%M start %p
    
    [print$]
            path = /home/printers
            guest ok = No
            browseable = Yes
            read only = Yes
            valid users = @"Print Operators"
            write list = @"Print Operators"
            create mask = 0664
            directory mask = 0775
    
    [public]
    	path = /tmp
    	guest ok = yes
    	browseable = Yes
    	writable = yes
    Plz. help.

  2. #2
    Just Joined!
    Join Date
    Oct 2010
    Posts
    16
    Here is the ldap log file output.
    Code:
    Oct 27 12:07:51 server1 slapd[25420]: slapd starting 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 fd=13 ACCEPT from IP=127.0.0.1:57574 (IP=0.0.0.0:389) 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=0 BIND dn="" method=128 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=0 RESULT tag=97 err=0 text= 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=1 SRCH base="cn=root,dc=mtm,dc=testdomain,dc=com" scope=2 deref=0 filter="(objectClass=*)" 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=2 UNBIND 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 
    Oct 27 12:08:32 server1 slapd[25420]: conn=0 fd=13 closed 
    Oct 27 12:09:21 server1 slapd[25420]: conn=1 fd=13 ACCEPT from IP=127.0.0.1:57575 (IP=0.0.0.0:389) 
    Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=0 BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" method=128 
    Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=0 RESULT tag=97 err=49 text= 
    Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=1 UNBIND 
    Oct 27 12:09:21 server1 slapd[25420]: conn=1 fd=13 closed 
    Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=0 BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" method=128 
    Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=0 RESULT tag=97 err=49 text= 
    Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=1 UNBIND 
    Oct 27 12:09:22 server1 slapd[25420]: conn=2 fd=13 closed 
    Oct 27 12:09:22 server1 slapd[25420]: conn=2 fd=13 ACCEPT from IP=127.0.0.1:57576 (IP=0.0.0.0:389)

  3. #3
    Just Joined!
    Join Date
    Oct 2010
    Posts
    16
    Later found in ldap.log

    Code:
    BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" mech=SIMPLE ssf=0
    The above line is not there during samba authentication.

    Can anybody help with this?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •