[Date Prev][Date Next] [Chronological] [Thread] [Top]

Creating samba3 users with phpldapadmin

To: openldap-technical <openldap-technical@openldap.org>
Subject: Creating samba3 users with phpldapadmin
From: Juan Diego Calle <juandiego.calle@soportelibre.com>
Date: Mon, 10 Oct 2011 17:17:31 -0500 (ECT)
In-reply-to: <9106336.228681318284748947.JavaMail.root@zimbra.soportelibre.com>

Hi

I have a problem with samba3 users created over phpldapadmin, the users created over phpldapadmin can log in from their windows machines.  I if try to use smbclient to log I receive this NT_STATUS_PASSWORD_MUST_CHANGE
if I try to change the password with smbldap-passwd I receive this

Failed to modify shadowLastChange: attribute 'shadowLastChange' not allowed at /usr/sbin/smbldap-passwd line 292, <STDIN> line 2.
Failed to modify shadowMax: attribute 'shadowMax' not allowed at /usr/sbin/smbldap-passwd line 299, <STDIN> line 2.

So looking around it seems like the problem is that users dont have the objectClass shadowAccount.  It seems that phpldapadmin doesnt use.

When I add the objectClass shadow account, from windows, I manage to log on to windows the first time then It asks me to change the password, then I can log in anymore.  For some reason all the users created from phpldapadmin have the uid 1000, i changed one from my test users to 6000 but i have the same results:
windows users: The User name or password is incorrect.

When use smbclient i have no problems listing the file. I can find any error on samba or ldap.

This is the log when I try to log with the user "testuser2"

6927679-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: <= bdb_equality_candidates: (sambaSID) not indexed 
6927680-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=38 SEARCH RESULT tag=101 err=0 nentries=0 text= 
6927681-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=39 SRCH base="dc=mydomain,dc=com,dc=ec" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))" 
6927682-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=39 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass 
6927683-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: <= bdb_equality_candidates: (sambaSID) not indexed 
6927684-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=39 SEARCH RESULT tag=101 err=0 nentries=0 text= 
6927685-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=40 SRCH base="dc=mydomain,dc=com,dc=ec" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))" 
6927686-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=40 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass 
6927687-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: <= bdb_equality_candidates: (sambaSID) not indexed 
6927688-Oct 10 17:06:27 prosrvuiosmb151 slapd[13037]: conn=52 op=40 SEARCH RESULT tag=101 err=0 nentries=0 text= 
6927689:Oct 10 17:06:34 prosrvuiosmb151 slapd[13037]: conn=5 op=697 SRCH base="dc=mydomain,dc=com,dc=ec" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=testuser2))" 
6927690-Oct 10 17:06:34 prosrvuiosmb151 slapd[13037]: conn=5 op=697 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass 
6927691-Oct 10 17:06:34 prosrvuiosmb151 slapd[13037]: conn=5 op=697 SEARCH RESULT tag=101 err=0 nentries=1 text= 
6927692-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=41 SRCH base="dc=mydomain,dc=com,dc=ec" scope=2 deref=0 filter="(&(uid=administrator)(objectClass=sambaSamAccount))" 
6927693-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=41 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos 
6927694-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=41 SEARCH RESULT tag=101 err=0 nentries=1 text= 
6927695-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=42 SRCH base="dc=mydomain,dc=com,dc=ec" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" 
6927696-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=42 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass 
6927697-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=42 SEARCH RESULT tag=101 err=0 nentries=0 text= 
6927698-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=43 SRCH base="dc=mydomain,dc=com,dc=ec" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" 
6927699-Oct 10 17:06:37 prosrvuiosmb151 slapd[13037]: conn=52 op=43 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass 


I can log with users created with smbldap-tools,

Juan Diego

Prev by Date: Re: TLS very strange behaviour
Next by Date: syncrepl tls_cert file not red ?
Index(es):
- Chronological
- Thread