Avoir des utilisateurs dans l'AD et dans le LDAP

Tout ce qui concerne le partage de fichier samba géré par Artica

Avoir des utilisateurs dans l'AD et dans le LDAP

New postby guidtz » Mon Apr 02, 2012 8:11 am

Bonjour,

comment je peux faire sur une installation Artica / Samba pour pouvoir autoriser des accès aux partages pour des utilisateurs de l'Active Directory et des utilisateurs du local ?

Pour le moment j'ai des utilisateurs de l'AD qui arrivent très bien à utiliser les partages, je voudrais de plus créer des utilisateurs dans un ldap local. Mais quand j'essaie de faire accéder un utilisateur local à un partage pour lequel il a les droits j'ai un NT_STATUS_ACCESS_DENIED.

Voici le debug plus complet :

Code: Select all
[2012/04/02 10:04:06.762742,  6] param/loadparm.c:7144(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Mon Apr  2 10:03:39 2012
 
[2012/04/02 10:04:06.762819,  5] auth/auth_util.c:211(make_user_info_map)
  Mapping user [LDAP]\[jmartin] from workstation [ONESYS-SAMBA01]
[2012/04/02 10:04:06.763804,  5] auth/auth_util.c:122(make_user_info)
  attempting to make a user_info for jmartin (jmartin)
[2012/04/02 10:04:06.763829,  5] auth/auth_util.c:132(make_user_info)
  making strings for jmartin's user_info struct
[2012/04/02 10:04:06.763843,  5] auth/auth_util.c:164(make_user_info)
  making blobs for jmartin's user_info struct
[2012/04/02 10:04:06.763858, 10] auth/auth_util.c:182(make_user_info)
  made an encrypted user_info for jmartin (jmartin)
[2012/04/02 10:04:06.763872,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [LDAP]\[jmartin]@[ONESYS-SAMBA01] with the new password interface
[2012/04/02 10:04:06.763909,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [LDAP]\[jmartin]@[ONESYS-SAMBA01]
[2012/04/02 10:04:06.763924, 10] auth/auth.c:228(check_ntlm_password)
  check_ntlm_password: auth_context challenge created by random
[2012/04/02 10:04:06.763936, 10] auth/auth.c:230(check_ntlm_password)
  challenge is:
[2012/04/02 10:04:06.763949,  5] ../lib/util/util.c:278(_dump_data)
  [0000] 3C F8 78 51 B7 BD 1A F1                            <.xQ....
[2012/04/02 10:04:06.763972, 10] auth/auth.c:256(check_ntlm_password)
  check_ntlm_password: guest had nothing to say
[2012/04/02 10:04:06.763989,  8] lib/util.c:1872(is_myname)
  is_myname("LDAP") returns 0
[2012/04/02 10:04:06.764003,  6] auth/auth_sam.c:556(check_samstrict_security)
  check_samstrict_security: LDAP is not one of my local names (ROLE_DOMAIN_MEMBER)
[2012/04/02 10:04:06.764034, 10] auth/auth.c:256(check_ntlm_password)
  check_ntlm_password: sam had nothing to say
[2012/04/02 10:04:06.764051,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/04/02 10:04:06.764086,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/04/02 10:04:06.764101,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/04/02 10:04:06.764118,  5] auth/token_util.c:525(debug_nt_user_token)
  NT user token: (NULL)
[2012/04/02 10:04:06.764131,  5] auth/token_util.c:551(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2012/04/02 10:04:06.819419,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/04/02 10:04:06.819451, 10] auth/auth_winbind.c:85(check_winbind_security)
  check_winbind_security: wbcAuthenticateUserEx failed: WBC_ERR_AUTH_ERROR
[2012/04/02 10:04:06.819475,  5] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: winbind authentication for user [jmartin] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/04/02 10:04:06.819538,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [jmartin] -> [jmartin] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/04/02 10:04:06.819589,  5] auth/auth_util.c:2119(free_user_info)
  attempting to free (and zero) a user_info structure
[2012/04/02 10:04:06.819603, 10] auth/auth_util.c:2123(free_user_info)
  structure was created for jmartin
[2012/04/02 10:04:06.819620,  3] smbd/sesssetup.c:50(do_map_to_guest)
  No such user jmartin [LDAP] - using guest account
[2012/04/02 10:04:06.819816,  5] lib/smbldap.c:1367(smbldap_search_ext)
  smbldap_search_ext: base => [dc=my-domain,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
[2012/04/02 10:04:06.820067,  5] lib/smbldap.c:1269(smbldap_close)
  The connection to the LDAP server was closed
[2012/04/02 10:04:06.820085, 10] lib/smbldap.c:751(smb_ldap_setup_conn)
  smb_ldap_setup_connection: ldap://127.0.0.1:389
[2012/04/02 10:04:06.820267,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/04/02 10:04:06.820300, 10] lib/smbldap.c:1122(smbldap_connect_system)
  ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=my-domain,dc=com"
[2012/04/02 10:04:06.821394,  3] lib/smbldap.c:1168(smbldap_connect_system)
  ldap_connect_system: successful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2012/04/02 10:04:06.821441,  4] lib/smbldap.c:1247(smbldap_open)
  The LDAP server is successfully connected
[2012/04/02 10:04:06.821774,  4] passdb/pdb_ldap.c:2562(ldapsam_getgroup)
  ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534))
[2012/04/02 10:04:06.821828,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/04/02 10:04:06.821845,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/04/02 10:04:06.821873,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/04/02 10:04:06.821888,  5] auth/token_util.c:525(debug_nt_user_token)
  NT user token: (NULL)
[2012/04/02 10:04:06.821901,  5] auth/token_util.c:551(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2012/04/02 10:04:06.822081, 10] lib/gencache.c:345(gencache_get_data_blob)
  Returning valid cache entry: key = ACCT_POL/password history, value = 0
  , timeout = Mon Apr  2 10:04:43 2012
[2012/04/02 10:04:06.822129,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/04/02 10:04:06.822189, 10] passdb/pdb_get_set.c:608(pdb_set_username)
  pdb_set_username: setting username nobody, was
[2012/04/02 10:04:06.822214, 10] passdb/pdb_get_set.c:631(pdb_set_domain)
  pdb_set_domain: setting domain ONESYS-SAMBA01, was
[2012/04/02 10:04:06.822229, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username)
  pdb_set_nt_username: setting nt username , was
[2012/04/02 10:04:06.822242, 10] passdb/pdb_get_set.c:677(pdb_set_fullname)
  pdb_set_full_name: setting full name nobody, was
[2012/04/02 10:04:06.822258, 10] passdb/pdb_get_set.c:770(pdb_set_homedir)
  pdb_set_homedir: setting home dir , was
[2012/04/02 10:04:06.822272, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive)
  pdb_set_dir_drive: setting dir drive , was NULL
[2012/04/02 10:04:06.822287, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script)
  pdb_set_logon_script: setting logon script , was
[2012/04/02 10:04:06.822302, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path)
  pdb_set_profile_path: setting profile path , was
[2012/04/02 10:04:06.822317, 10] passdb/pdb_get_set.c:813(pdb_set_workstations)
  pdb_set_workstations: setting workstations , was
[2012/04/02 10:04:06.822331,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/04/02 10:04:06.822345,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/04/02 10:04:06.822358,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/04/02 10:04:06.822372,  5] auth/token_util.c:525(debug_nt_user_token)
  NT user token: (NULL)
[2012/04/02 10:04:06.822385,  5] auth/token_util.c:551(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2012/04/02 10:04:06.822412, 10] lib/gencache.c:345(gencache_get_data_blob)
  Returning valid cache entry: key = ACCT_POL/password history, value = 0
  , timeout = Mon Apr  2 10:04:43 2012
[2012/04/02 10:04:06.822444,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/04/02 10:04:06.822472, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid)
  pdb_set_user_sid: setting user sid S-1-5-21-3019279250-539217767-2254250484-501
[2012/04/02 10:04:06.822512, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid)
  pdb_set_user_sid_from_rid:
     setting user sid S-1-5-21-3019279250-539217767-2254250484-501 from rid 501
[2012/04/02 10:04:06.822574, 10] lib/gencache.c:345(gencache_get_data_blob)
  Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-21-3019279250-539217767-2254250484-513, value = 513, timeout = Fri Apr  6 09:40:06 2012
[2012/04/02 10:04:06.822598, 10] passdb/lookup_sid.c:1518(sid_to_gid)
  sid S-1-5-21-3019279250-539217767-2254250484-513 -> gid 513
[2012/04/02 10:04:06.822616, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid)
  pdb_set_group_sid: setting group sid S-1-5-21-3019279250-539217767-2254250484-513
[2012/04/02 10:04:06.822638, 10] smbd/password.c:278(register_existing_vuid)
  register_existing_vuid: (65534,65534) nobody jmartin ONESYS-SAMBA01 guest=1
[2012/04/02 10:04:06.822653,  3] smbd/password.c:282(register_existing_vuid)
  register_existing_vuid: User name: nobody   Real name: nobody
[2012/04/02 10:04:06.822666,  3] smbd/password.c:292(register_existing_vuid)
  register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100
[2012/04/02 10:04:06.822699,  6] param/loadparm.c:7144(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Mon Apr  2 10:03:39 2012
 
[2012/04/02 10:04:06.822766,  5] lib/util.c:617(show_msg)
[2012/04/02 10:04:06.822776,  5] lib/util.c:627(show_msg)
  size=98
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51203
  smb_tid=0
  smb_pid=10631
  smb_uid=100
  smb_mid=3
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=    1 (0x1)
  smb_vwv[ 3]=    9 (0x9)
  smb_bcc=55
[2012/04/02 10:04:06.822842, 10] ../lib/util/util.c:278(_dump_data)
  [0000] A1 07 30 05 A0 03 0A 01   00 55 00 6E 00 69 00 78   ..0..... .U.n.i.x
  [0010] 00 00 00 53 00 61 00 6D   00 62 00 61 00 20 00 33   ...S.a.m .b.a. .3
  [0020] 00 2E 00 35 00 2E 00 31   00 31 00 00 00 4C 00 44   ...5...1 .1...L.D
  [0030] 00 41 00 50 00 00 00                              .A.P...
[2012/04/02 10:04:06.823392, 10] lib/util_sock.c:731(read_smb_length_return_keepalive)
  got smb length of 94
[2012/04/02 10:04:06.823414,  6] smbd/process.c:1486(process_smb)
  got message type 0x0 of len 0x5e
[2012/04/02 10:04:06.823429,  3] smbd/process.c:1489(process_smb)
  Transaction 3 of length 98 (0 toread)
[2012/04/02 10:04:06.823442,  5] lib/util.c:617(show_msg)
[2012/04/02 10:04:06.823451,  5] lib/util.c:627(show_msg)
  size=94
  smb_com=0x75
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=65535
  smb_pid=10631
  smb_uid=100
  smb_mid=4
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=    8 (0x8)
  smb_vwv[ 3]=    1 (0x1)
  smb_bcc=51
[2012/04/02 10:04:06.823523, 10] ../lib/util/util.c:278(_dump_data)
  [0000] 00 5C 00 5C 00 4F 00 4E   00 45 00 53 00 59 00 53   .\.\.O.N .E.S.Y.S
  [0010] 00 2D 00 53 00 41 00 4D   00 42 00 41 00 30 00 31   .-.S.A.M .B.A.0.1
  [0020] 00 5C 00 54 00 45 00 53   00 54 00 00 00 3F 3F 3F   .\.T.E.S .T...???
  [0030] 3F 3F 00                                          ??.
[2012/04/02 10:04:06.823614,  3] smbd/process.c:1298(switch_message)
  switch message SMBtconX (pid 10632) conn 0x0
[2012/04/02 10:04:06.823631,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/04/02 10:04:06.823645,  5] auth/token_util.c:525(debug_nt_user_token)
  NT user token: (NULL)
[2012/04/02 10:04:06.823658,  5] auth/token_util.c:551(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2012/04/02 10:04:06.823681,  5] smbd/uid.c:369(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2012/04/02 10:04:06.823726,  4] smbd/reply.c:786(reply_tcon_and_X)
  Client requested device type [?????] for share [TEST]
[2012/04/02 10:04:06.823815,  5] smbd/service.c:1227(make_connection)
  making a connection to 'normal' service test
[2012/04/02 10:04:06.823861,  2] smbd/service.c:587(create_connection_server_info)
  guest user (from session setup) not permitted to access this share (test)
[2012/04/02 10:04:06.824070,  1] smbd/service.c:678(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2012/04/02 10:04:06.824242,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/reply.c(795) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2012/04/02 10:04:06.824283,  5] lib/util.c:617(show_msg)
[2012/04/02 10:04:06.824293,  5] lib/util.c:627(show_msg)
  size=35
  smb_com=0x75
  smb_rcls=34
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51203
  smb_tid=65535
  smb_pid=10631
  smb_uid=100
  smb_mid=4
  smt_wct=0
  smb_bcc=0
[2012/04/02 10:04:06.824785,  5] lib/util_sock.c:462(read_fd_with_timeout)
  read_fd_with_timeout: blocking read. EOF from client.
[2012/04/02 10:04:06.824805, 10] smbd/process.c:286(receive_smb_raw_talloc)
  receive_smb_raw: NT_STATUS_END_OF_FILE
[2012/04/02 10:04:06.824821,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/04/02 10:04:06.824835,  5] auth/token_util.c:525(debug_nt_user_token)
  NT user token: (NULL)
[2012/04/02 10:04:06.824849,  5] auth/token_util.c:551(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2012/04/02 10:04:06.824890,  5] smbd/uid.c:369(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2012/04/02 10:04:06.824933,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2012/04/02 10:04:06.824989, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
  Locking key 88290000FFFFFFFF0000
[2012/04/02 10:04:06.825012, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
  Allocated locked data 0x0x2a34670
[2012/04/02 10:04:06.825033, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
  Unlocking key 88290000FFFFFFFF0000
[2012/04/02 10:04:06.825168,  3] smbd/server.c:924(exit_server_common)
  Server exit (failed to receive smb request)
[2012/04/02 10:04:06.869898,  5] lib/smbldap.c:1269(smbldap_close)
  The connection to the LDAP server was closed


Slts
guidtz
 
Posts: 2007
Joined: Sat Jan 17, 2009 3:08 am
Location: Vendée
Artica servers number: 3
Linux System: Debian
Technical skills: A Linux System Administrator

Return to Samba & Artica

Who is online

Users browsing this forum: No registered users and 1 guest

cron