Hello,
I’m a Linux newb (this is my first install attempt) and I’ve set up a small OpenSUSE v12.3 server running Samba 4.1.0 (STABLE repository) and OpenLDAP with TLS.
I’ve gotten most everything running but I’ve run into an issue I can’t get past. I am in the process of creating file shares in Samba, and when I tried to attach to one with one of my Windows PCs I got an invalid username or password error. When I checked the Samba logs it said that the NT password was missing from the user, which I confirmed with the LDAP Browser. Most of the sambaX fields are blank under the user, including the NT password field. I tried using smbpasswd to set the password, but the fields won’t update. smbpasswd will successfully attach to OpenLDAP and create/delete the Samba fields but neglects to update them for an unknown reason.
Any help that can be given for this issue would be appreciated. I’m posting any relevant info below.
smb.conf:
[global]
ldap ssl = Start_tls
log level = 10
ldap user suffix = ou=people
wins server =
domain master = No
encrypt passwords = yes
idmap backend = ldap:ldap://server.tyjason.local
passdb backend = ldapsam:ldap://server.tyjason.local
wins support = No
ldap delete dn = No
ldap group suffix = ou=group
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap suffix = dc=tyjason,dc=local
ldap timeout = 5
workgroup = TYJASON
ldap admin dn = cn=Administrator,dc=tyjason,dc=local
security = user
ldap idmap suffix = ou=Idmap
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
usershare allow guests = No
ldap replication sleep = 1000
domain logons = No
Share disabled by YaST
[netlogon]
[share]
comment = User Share
writeable = yes
path = /home/Share
Konsole output (log level 10) when I try to set the password:
smbldap_search_ext: base => [dc=tyjason,dc=local], filter => (&(uid=tyler)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: tyler
pdb_set_username: setting username tyler, was
pdb_set_domain: setting domain SERVER, was
pdb_set_nt_username: setting nt username tyler, was
pdb_set_user_sid_from_string: setting user sid S-1-5-21-4029618779-187064524-2814023659-1001
pdb_set_user_sid: setting user sid S-1-5-21-4029618779-187064524-2814023659-1001
attribute sambaPwdLastSet does not exist
attribute sambaLogonTime does not exist
attribute sambaLogoffTime does not exist
attribute sambaKickoffTime does not exist
attribute sambaPwdCanChange does not exist
pdb_set_full_name: setting full name Tyler Retelle, was
attribute sambaHomeDrive does not exist
pdb_set_dir_drive: setting dir drive , was NULL
attribute sambaHomePath does not exist
Home server: server
pdb_set_homedir: setting home dir \server yler, was
attribute sambaLogonScript does not exist
pdb_set_logon_script: setting logon script , was
attribute sambaProfilePath does not exist
Home server: server
pdb_set_profile_path: setting profile path \server yler\profile, was
attribute description does not exist
attribute sambaUserWorkstations does not exist
attribute sambaMungedDial does not exist
attribute sambaLMPassword does not exist
attribute sambaNTPassword does not exist
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/lib/samba/gencache_notrans.tdb
Adding cache entry with key=[ACCT_POL/password history] and timeout=[Wed Dec 31 06:00:00 PM 1969 CST] (-1383894292 seconds in the past)
ldapsam_get_account_policy_from_ldap
smbldap_search_ext: base => [sambaDomainName=SERVER,dc=tyjason,dc=local], filter => (objectClass=sambaDomain)], scope => [0]
cache_account_policy_set: updating account pol cache
Adding cache entry with key=[ACCT_POL/password history] and timeout=[Fri Nov 8 01:05:52 AM 2013 CST] (60 seconds ahead)
attribute sambaBadPasswordCount does not exist
attribute sambaBadPasswordTime does not exist
attribute sambaLogonHours does not exist
Opening cache file at /var/cache/samba/login_cache.tdb
Looking up login cache for user tyler
No cache entry found
No cache entry, bad count = 0, bad time = 0
Finding user tyler
Trying _Get_Pwnam(), username as lowercase is tyler
Get_Pwnam_internals did find user [tyler]!
gid_to_sid: winbind failed to find a sid for gid 100
smbldap_search_ext: base => [dc=tyjason,dc=local], filter => (&(objectClass=sambaGroupMapping)(gidNumber=100))], scope => [2]
init_group_from_ldap: Entry found for group: 100
LEGACY: gid 100 → sid S-1-5-21-4029618779-187064524-2814023659-1003
do lookup_sid(S-1-5-21-4029618779-187064524-2814023659-1003) for group of user tyler
lookup_sid called for SID ‘S-1-5-21-4029618779-187064524-2814023659-1003’
Accepting SID S-1-5-21-4029618779-187064524-2814023659 in level 1
lookup_rids called for domain sid ‘S-1-5-21-4029618779-187064524-2814023659’
lookup_global_sam_rid: looking up RID 1003.
smbldap_search_ext: base => [dc=tyjason,dc=local], filter => (&(sambaSID=S-1-5-21-4029618779-187064524-2814023659-1003)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: jason
pdb_set_username: setting username jason, was
pdb_set_domain: setting domain SERVER, was
pdb_set_nt_username: setting nt username jason, was
pdb_set_user_sid_from_string: setting user sid S-1-5-21-4029618779-187064524-2814023659-1003
pdb_set_user_sid: setting user sid S-1-5-21-4029618779-187064524-2814023659-1003
attribute sambaPwdLastSet does not exist
attribute sambaLogonTime does not exist
attribute sambaLogoffTime does not exist
attribute sambaKickoffTime does not exist
attribute sambaPwdCanChange does not exist
pdb_set_full_name: setting full name Jason Scacciaferro, was
attribute sambaHomeDrive does not exist
pdb_set_dir_drive: setting dir drive , was NULL
attribute sambaHomePath does not exist
Home server: server
pdb_set_homedir: setting home dir \server\jason, was
attribute sambaLogonScript does not exist
pdb_set_logon_script: setting logon script , was
attribute sambaProfilePath does not exist
Home server: server
pdb_set_profile_path: setting profile path \server\jason\profile, was
attribute description does not exist
attribute sambaUserWorkstations does not exist
attribute sambaMungedDial does not exist
attribute sambaLMPassword does not exist
attribute sambaNTPassword does not exist
attribute sambaBadPasswordCount does not exist
attribute sambaBadPasswordTime does not exist
attribute sambaLogonHours does not exist
Looking up login cache for user jason
No cache entry found
No cache entry, bad count = 0, bad time = 0
lookup_rids: jason:1
Sid S-1-5-21-4029618779-187064524-2814023659-1003 → SERVER\jason(1)
Primary group S-1-5-21-4029618779-187064524-2814023659-1003 for user tyler is a User and not a domain group
Forcing Primary Group to ‘Domain Users’ for tyler
pdb_set_username: setting username tyler, was
pdb_set_domain: setting domain SERVER, was
pdb_set_nt_username: setting nt username tyler, was
pdb_set_full_name: setting full name Tyler Retelle, was
Home server: server
pdb_set_homedir: setting home dir \server yler, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: server
pdb_set_profile_path: setting profile path \server yler\profile, was
pdb_set_workstations: setting workstations , was
pdb_set_user_sid: setting user sid S-1-5-21-4029618779-187064524-2814023659-1001
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-4029618779-187064524-2814023659-1001 from rid 1001
pdb_set_group_sid: setting group sid S-1-5-21-4029618779-187064524-2814023659-513
ldapsam_update_sam_account: user tyler to be modified has dn: uid=tyler,ou=people,dc=tyjason,dc=local
init_ldap_from_sam: Setting entry for user: tyler
smbldap_get_single_attribute: [sambaLMPassword] = <does not exist>]
smbldap_get_single_attribute: [sambaNTPassword] = <does not exist>]
smbldap_make_mod: adding attribute |sambaNTPassword| value |<removed>|
smbldap_get_single_attribute: [sambaPasswordHistory] = <does not exist>]
smbldap_make_mod: adding attribute |sambaPasswordHistory| value |0000000000000000000000000000000000000000000000000000000000000000|
smbldap_get_single_attribute: [sambaPwdLastSet] = <does not exist>]
smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1383894292|
smbldap_make_mod: attribute |sambaAcctFlags| not changed.
Extended operation failed with error: 65 (Object class violation) (unknown)
Could not set userPassword attribute due to an objectClass violation – ignoring
ldapsam_update_sam_account: successfully modified uid = tyler in the LDAP database
Screenshot of the blank fields:
http://i88.photobucket.com/albums/k189/darklight_tr/snapshot1.png