Find the answer to your Linux question:
Results 1 to 3 of 3
I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6. I followed this guide. http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend LDAP is working good. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 10-26-2010 #1
    praveenkv1988
    praveenkv1988 is offline
    Just Joined!
    Join Date
    Oct 2010
    Posts
    16

    Unhappy Samba Configuration :: Invalid Credentials

    I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6.

    I followed this guide.
    http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend

    LDAP is working good. When I use the following command: (net groupmap list) I am getting the error.

    Code:
    [root@server1 samba]# net groupmap list
[2010/10/26 16:26:09.135901,  0] lib/smbldap.c:1151(smbldap_connect_system)
  failed to bind to server ldap://127.0.0.1 / with dn="cn=root,dc=mtm,dc=testdomain,dc=com" Error: Invalid credentials
  
[2010/10/26 16:26:39.180063,  0] passdb/pdb_ldap.c:3448(ldapsam_setsamgrent)
  ldapsam_setsamgrent: LDAP search failed: Time limit exceeded
[2010/10/26 16:26:39.180109,  0] passdb/pdb_ldap.c:3523(ldapsam_enum_group_mapping)
  ldapsam_enum_group_mapping: Unable to open passdb
    I am sure that I have set the correct password in
    Code:
    smbpassword -w mypassword
    .
    Also, I can login to the LDAP thourgh PHPLDAPAdmin with the same password and the bind cn.

    Here is my smb.conf
    Code:
    # Global parameters
[global]
	ldap ssl = off
	nt acl support = yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
	workgroup = TESTDOMAIN
	netbios name = SERVER1
	security = user
	enable privileges = yes
	#interfaces = 192.168.5.11
	#username map = /etc/samba/smbusers
	server string = Samba Server %v
	#security = ads
	encrypt passwords = Yes
	#min passwd length = 3
	#pam password change = no
	#obey pam restrictions = No

	# method 1:
	#unix password sync = no
	#ldap passwd sync = yes

	# method 2:
	unix password sync = yes
	ldap passwd sync = no
	passwd program = /usr/sbin/smbldap-passwd -u "%u"
	passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

	log level = 10
	syslog = 0
	log file = /var/log/samba/log.%U
	max log size = 50
	time server = Yes
	#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	mangling method = hash2
	Dos charset = 850
	Unix charset = ISO8859-1

	logon script = logon.bat
	logon drive = H:
        logon home = 
        logon path = 

	domain logons = Yes
	domain master = Yes
	os level = 65
	preferred master = Yes
	wins support = yes
	passdb backend = ldapsam:ldap://127.0.0.1/
	ldap admin dn = cn=root,dc=mtm,dc=testdomain,dc=c om
	#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=c om
	ldap suffix = dc=mtm,dc=testdomain,dc=c om
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
	#ldap idmap suffix = ou=Idmap
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        #ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

	# printers configuration
	#printer admin = @"Print Operators"
	load printers = Yes
	create mask = 0640
	directory mask = 0750
	#force create mode = 0640
	#force directory mode = 0750
	#nt acl support = No
	printing = cups
	printcap name = cups
	deadtime = 10
	guest account = nobody
	map to guest = Bad User
	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
	show add printer wizard = yes
	; to maintain capital letters in shortcuts in any of the profile folders:
	preserve case = yes
	short preserve case = yes
	case sensitive = no

[netlogon]
	path = /home/netlogon/
	browseable = No
	read only = yes

[profiles]
	path = /home/profiles
	read only = no
	create mask = 0600
	directory mask = 0700
	browseable = No
	guest ok = Yes
	profile acls = yes
	csc policy = disable
	# next line is a great way to secure the profiles 
	#force user = %U 
	# next line allows administrator to access all profiles 
	#valid users = %U "Domain Admins"

[printers]
        comment = Network Printers
        #printer admin = @"Print Operators"
        guest ok = yes 
        printable = yes
        path = /home/spool/
        browseable = No
        read only  = Yes
        printable = Yes
        print command = /usr/bin/lpr -P%p -r %s
        lpq command = /usr/bin/lpq -P%p
        lprm command = /usr/bin/lprm -P%p %j
        # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
        # lpq command = /usr/bin/lpq -U%U@%M -P%p
        # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
        # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
        # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
        # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
        # queueresume command = /usr/sbin/lpc -U%U@%M start %p

[print$]
        path = /home/printers
        guest ok = No
        browseable = Yes
        read only = Yes
        valid users = @"Print Operators"
        write list = @"Print Operators"
        create mask = 0664
        directory mask = 0775

[public]
	path = /tmp
	guest ok = yes
	browseable = Yes
	writable = yes
    Plz. help.
    Reply With Quote Reply With Quote
  2. 10-27-2010 #2
    praveenkv1988
    praveenkv1988 is offline
    Just Joined!
    Join Date
    Oct 2010
    Posts
    16
    Here is the ldap log file output.
    Code:
    Oct 27 12:07:51 server1 slapd[25420]: slapd starting 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 fd=13 ACCEPT from IP=127.0.0.1:57574 (IP=0.0.0.0:389) 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=0 BIND dn="" method=128 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=0 RESULT tag=97 err=0 text= 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=1 SRCH base="cn=root,dc=mtm,dc=testdomain,dc=com" scope=2 deref=0 filter="(objectClass=*)" 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=2 UNBIND 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 
Oct 27 12:08:32 server1 slapd[25420]: conn=0 fd=13 closed 
Oct 27 12:09:21 server1 slapd[25420]: conn=1 fd=13 ACCEPT from IP=127.0.0.1:57575 (IP=0.0.0.0:389) 
Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=0 BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" method=128 
Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=0 RESULT tag=97 err=49 text= 
Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=1 UNBIND 
Oct 27 12:09:21 server1 slapd[25420]: conn=1 fd=13 closed 
Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=0 BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" method=128 
Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=0 RESULT tag=97 err=49 text= 
Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=1 UNBIND 
Oct 27 12:09:22 server1 slapd[25420]: conn=2 fd=13 closed 
Oct 27 12:09:22 server1 slapd[25420]: conn=2 fd=13 ACCEPT from IP=127.0.0.1:57576 (IP=0.0.0.0:389)
    Reply With Quote Reply With Quote
  3. 10-27-2010 #3
    praveenkv1988
    praveenkv1988 is offline
    Just Joined!
    Join Date
    Oct 2010
    Posts
    16
    Later found in ldap.log

    Code:
    BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" mech=SIMPLE ssf=0
    The above line is not there during samba authentication.

    Can anybody help with this?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules