Hi All,
Trying to get freenas work with standalone ldap server for user auth.
i have set up openldap and imported samba schema as well. The LDAP directory works perfectly fine ("getent passwd" lists all ldap users). i am able to view ldap users and groups in CIFS share permission settings as well. But when user with ldap account tries to access share with correct password, i am getting "Access Denied" response.
Below is from the samba log.
What should my next course of action should be? is this a samba config error or from ldap?
Kindly let me know if any more information is needed.
Any help is much appreciated!
Thanks,
Sharath TS
Trying to get freenas work with standalone ldap server for user auth.
i have set up openldap and imported samba schema as well. The LDAP directory works perfectly fine ("getent passwd" lists all ldap users). i am able to view ldap users and groups in CIFS share permission settings as well. But when user with ldap account tries to access share with correct password, i am getting "Access Denied" response.
Below is from the samba log.
Code:
[2017/09/10 21:35:44.661536, 2] ../source3/param/loadparm.c:2686(lp_do_section) Processing section "[cifs_01]" [2017/09/10 21:35:44.661967, 3] ../source3/param/loadparm.c:1586(lp_add_ipc) adding IPC service [2017/09/10 21:35:44.662320, 2] ../source3/lib/smbldap.c:794(smbldap_open_connection) smbldap_open_connection: connection opened [2017/09/10 21:35:44.668273, 3] ../source3/lib/smbldap.c:1013(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2017/09/10 21:35:44.670295, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MSTRI]\[ldapuser1]@[BLRESC0265] with the new password interface [2017/09/10 21:35:44.670349, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [BLRCMSAMBA]\[ldapuser1]@[BLRESC0265] [2017/09/10 21:35:44.672334, 3] ../source3/auth/check_samsec.c:400(check_sam_security) check_sam_security: Couldn't find user 'ldapuser1' in passdb. [2017/09/10 21:35:44.672385, 3] ../source3/auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [BLRCMSAMBA] was for this SAM. [2017/09/10 21:35:44.672416, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [ldapuser1] -> [ldapuser1] FAILED with error NT_STATUS_NO_SUCH_USER [2017/09/10 21:35:44.672453, 3] ../source3/auth/auth_util.c:1611(do_map_to_guest_server_info) No such user ldapuser1 [MSTRI] - using guest account [2017/09/10 21:35:44.728793, 3] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.187.120.126 (10.187.120.126) [2017/09/10 21:35:44.728902, 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2017/09/10 21:35:44.728961, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2017/09/10 21:35:44.728991, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2017/09/10 21:35:44.729205, 3] ../source3/smbd/service.c:822(make_connection_snum) blresc0265 (ipv4:10.187.120.126:53146) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 99321) [2017/09/10 21:35:44.788469, 3] ../source3/smbd/msdfs.c:1010(get_referred_path) get_referred_path: |cifs_01| in dfs path \blrcm-freenas\cifs_01 is not a dfs root. [2017/09/10 21:35:44.788525, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309 [2017/09/10 21:35:44.848700, 3] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.187.120.126 (10.187.120.126) [2017/09/10 21:35:44.848748, 2] ../source3/smbd/service.c:319(create_connection_session_info) guest user (from session setup) not permitted to access this share (cifs_01) [2017/09/10 21:35:44.848790, 1] ../source3/smbd/service.c:502(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2017/09/10 21:35:44.848831, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135
What should my next course of action should be? is this a samba config error or from ldap?
Kindly let me know if any more information is needed.
Any help is much appreciated!
Thanks,
Sharath TS