10.5 Common Errors


10.5.1 Users Cannot Logon

" I've installed Samba, but now I can't log on with my UNIX account! "

Make sure your user has been added to the current Samba passdb backend . Read the section Section 10.3 for details.

10.5.2 Users Being Added to the Wrong Backend Database

A few complaints have been received from users that just moved to Samba-3. The following smb.conf file entries were causing problems, new accounts were being added to the old smbpasswd file, not to the tdbsam passdb.tdb file:

 
 ...  passdb backend = smbpasswd, tdbsam  ... 

Samba will add new accounts to the first entry in the passdb backend parameter entry. If you want to update to the tdbsam, then change the entry to:

 
  passdb backend = tdbsam, smbpasswd  

10.5.3 Configuration of auth methods

When explicitly setting an auth methods parameter, guest must be specified as the first entry on the line, for example, auth methods = guest sam.

This is the exact opposite of the requirement for the passdb backend option, where it must be the LAST parameter on the line.

Table 10.1. Attributes in the sambaSamAccount objectclass (LDAP) ” Part A

sambaLMPassword

The LANMAN password 16-byte hash stored as a character representation of a hexadecimal string.

sambaNTPassword

The NT password hash 16-byte stored as a character representation of a hexadecimal string.

sambaPwdLastSet

The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set.

sambaAcctFlags

String of 11 characters surrounded by square brackets [] representing account flags such as U (user), W (workstation), X (no password expiration), I (Domain trust account), H (Home dir required), S (Server trust account), and D (disabled).

sambaLogonTime

Integer value currently unused

sambaLogoffTime

Integer value currently unused

sambaKickoffTime

Specifies the time (UNIX time format) when the user will be locked down and cannot login any longer. If this attribute is ommited, then the account will never expire. If you use this attribute together with 'shadowExpire' of the 'shadowAccount' objectClass, will enable accounts to expire completly on an exact date.

sambaPwdCanChange

Specifies the time (UNIX time format) from which on the user is allowed to change his password. If attribute is not set, the user will be free to change his password whenever he wants.

sambaPwdMustChange

Specifies the time (UNIX time format) since when the user is forced to change his password. If this value is set to '0', the user will have to change his password at first login. If this attribute is not set, then the password will never expire.

sambaHomeDrive

Specifies the drive letter to which to map the UNC path specified by sambaHomePath. The drive letter must be specified in the form " X: " where X is the letter of the drive to map. Refer to the " logon drive " parameter in the smb.conf(5) man page for more information.

sambaLogonScript

The sambaLogonScript property specifies the path of the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path is relative to the netlogon share. Refer to the logon script parameter in the smb.conf man page for more information.

sambaProfilePath

Specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path. Refer to the logon path parameter in the smb.conf man page for more information.

sambaHomePath

The sambaHomePath property specifies the path of the home directory for the user. The string can be null. If sambaHomeDrive is set and specifies a drive letter, sambaHomePath should be a UNC path. The path must be a network UNC path of the form \\server\share\directory . This value can be a null string. Refer to the logon home parameter in the smb.conf man page for more information.

Table 10.2. Attributes in the sambaSamAccount objectclass (LDAP) ” Part B

sambaUserWorkstations

Here you can give a comma-seperated list of machines on which the user is allowed to login. You may observe problems when you try to connect to an Samba Domain Member. Bacause Domain Members are not in this list, the Domain Controllers will reject them. Where this attribute is ommited, the default implies no restrictions.

sambaSID

The security identifier(SID) of the user. The Windows equivalent of UNIX UIDs.

sambaPrimaryGroupSID

The Security IDentifier (SID) of the primary group of the user.

sambaDomainName

Domain the user is part of.

Table 10.3. Possible ldap passwd sync values

Value

Description

yes

When the user changes his password, update ntPassword , lmPassword and the password fields.

no

Only update ntPassword and lmPassword .

only

Only update the LDAP password and let the LDAP server worry about the other fields. This option is only available on some LDAP servers. Only when the LDAP server supports LDAP_EXOP_X_MODIFY_PASSWD.

Table 10.4. Basic smb.conf options for MySQL passdb backend

Field

Contents

mysql host

Host name , defaults to 'localhost'

mysql password

 

mysql user

Defaults to 'samba'

mysql database

Defaults to 'samba'

mysql port

Defaults to 3306

table

Name of the table containing the users

Table 10.5. MySQL field names for MySQL passdb backend

Field

Type

Contents

logon time column

int(9)

UNIX time stamp of last logon of user

logoff time column

int(9)

UNIX time stamp of last logoff of user

kickoff time column

int(9)

UNIX time stamp of moment user should be kicked off workstation (not enforced)

pass last set time column

int(9)

UNIX time stamp of moment password was last set

pass can change time column

int(9)

UNIX time stamp of moment from which password can be changed

pass must change time column

int(9)

UNIX time stamp of moment on which password must be changed

username column

varchar(255)

UNIX username

domain column

varchar(255)

NT domain user belongs to

nt username column

varchar(255)

NT username

fullname column

varchar(255)

Full name of user

home dir column

varchar(255)

UNIX homedir path

dir drive column

varchar(2)

Directory drive path (e.g., " H: ")

logon script column

varchar(255)

Batch file to run on client side when logging on

profile path column

varchar(255)

Path of profile

acct desc column

varchar(255)

Some ASCII NT user data

workstations column

varchar(255)

Workstations user can logon to (or NULL for all)

unknown string column

varchar(255)

Unknown string

munged dial column

varchar(255)

Unknown

user sid column

varchar(255)

NT user SID

group sid column

varchar(255)

NT group SID

lanman pass column

varchar(255)

Encrypted lanman password

nt pass column

varchar(255)

Encrypted nt passwd

plain pass column

varchar(255)

Plaintext password

acct ctrl column

int(9)

NT user data

unknown 3 column

int(9)

Unknown

logon divs column

int(9)

Unknown

hours len column

int(9)

Unknown

bad password count column

int(5)

Number of failed password tries before disabling an account

logon count column

int(5)

Number of logon attempts

unknown 6 column

int(9)

Unknown



Official Samba-3 HOWTO and Reference Guide
The Official Samba-3 HOWTO and Reference Guide, 2nd Edition
ISBN: 0131882228
EAN: 2147483647
Year: 2005
Pages: 297

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net