Исходное сообщение
"PDC не даёт логиниться пользователям" Отправлено tven, 03-Май-06 15:52
Уважаемые, уже всю голову сломал. Ситуация: настраивается PDC под самбой. Всё прекрасно, пользователи заводятся, рабочие станции присоединяются к домену, но войти на станцию могут только администраторы. FreeBSD 6.0 Samba 3.0.12 OpenLDAP 2.2.23 smbldap-tools 0.8.7 nss_ldap 1.204 pam_ldap 1.7.6 Фрагмент лога самбы, где ругается: ============================================ [2006/05/02 17:25:12, 3] rpc_server/srv_netlog_nt.c:net_sam_logon(623) SAM Logon (Interactive). Domain:[DOM]. User:[voffka@WSTAT] Requested Domain:[DOM] [2006/05/02 17:25:12, 5] rpc_server/srv_netlog_nt.c:net_sam_logon(647) Attempting validation level 1 for unmapped username voffka. [2006/05/02 17:25:12, 5] auth/auth.c:make_auth_context_subsystem(477) Making default auth method list for DC, security=user, encrypt passwords = yes [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match guest [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method guest has a valid init [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match sam [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method sam has a valid init [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match trustdomain [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method trustdomain has a valid init [2006/05/02 17:25:12, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method winbind has a valid init [2006/05/02 17:25:12, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module guest did not want to specify a challenge [2006/05/02 17:25:12, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module sam did not want to specify a challenge [2006/05/02 17:25:12, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module winbind did not want to specify a challenge [2006/05/02 17:25:12, 5] auth/auth.c:get_ntlm_challenge(135) auth_context challenge created by random [2006/05/02 17:25:12, 5] auth/auth.c:get_ntlm_challenge(136) challenge is: [2006/05/02 17:25:12, 5] lib/util.c:dump_data(1995) [000] 55 CE 80 98 F8 7D 2E D7 U....}.. [2006/05/02 17:25:12, 5] auth/auth_util.c:make_user_info_map(224) make_user_info_map: Mapping user [DOM]\[voffka] from workstation [WSTAT] [2006/05/02 17:25:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2006/05/02 17:25:12, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/05/02 17:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/05/02 17:25:12, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/05/02 17:25:12, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/05/02 17:25:12, 5] auth/auth_util.c:is_trusted_domain(1560) is_trusted_domain: Checking for domain trust with [DOM] [2006/05/02 17:25:12, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(334) secrets_fetch failed! [2006/05/02 17:25:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2006/05/02 17:25:12, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain DOM found. [2006/05/02 17:25:12, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for voffka (voffka) [2006/05/02 17:25:12, 5] auth/auth_util.c:make_user_info(142) making strings for voffka's user_info struct [2006/05/02 17:25:12, 5] auth/auth_util.c:make_user_info(184) making blobs for voffka's user_info struct [2006/05/02 17:25:12, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [DOM]\[voffka]@[WSTAT] with the new password interface [2006/05/02 17:25:12, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [DOM]\[voffka]@[WSTAT] [2006/05/02 17:25:12, 5] lib/util.c:dump_data(1995) [000] 55 CE 80 98 F8 7D 2E D7 U....}.. [2006/05/02 17:25:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2006/05/02 17:25:12, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/05/02 17:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/05/02 17:25:12, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/05/02 17:25:12, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/05/02 17:25:12, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => [dc=dom,dc=local], filter => [(&(uid=voffka)(objectclass=sambaSamAccount))], scope => [2] [2006/05/02 17:25:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: voffka [2006/05/02 17:25:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2006/05/02 17:25:12, 4] auth/auth_sam.c:sam_account_ok(119) sam_account_ok: Checking SMB password for user voffka [2006/05/02 17:25:12, 5] auth/auth_sam.c:logon_hours_ok(101) logon_hours_ok: user voffka allowed to logon at this time (Tue May 2 17:25:12 2006) [2006/05/02 17:25:12, 1] auth/auth_util.c:make_server_info_sam(840) User voffka in passdb, but getpwnam() fails! [2006/05/02 17:25:12, 5] auth/auth_util.c:free_server_info(1406) attempting to free (and zero) a server_info structure [2006/05/02 17:25:12, 0] auth/auth_sam.c:check_sam_security(324) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2006/05/02 17:25:12, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [voffka] FAILED with error NT_STATUS_NO_SUCH_USER [2006/05/02 17:25:12, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [DOM] was for this SAM. [2006/05/02 17:25:12, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [voffka] -> [voffka] FAILED with error NT_STATUS_NO_SUCH_USER [2006/05/02 17:25:12, 5] auth/auth_util.c:free_user_info(1380) attempting to free (and zero) a user_info structure [2006/05/02 17:25:12, 5] rpc_server/srv_netlog_nt.c:_net_sam_logon(716) _net_sam_logon: check_password returned status NT_STATUS_NO_SUCH_USER [2006/05/02 17:25:12, 5] auth/auth_util.c:free_server_info(1406) attempting to free (and zero) a server_info structure ============================================ Я так понимаю, что он не может проверить существование локального пользователя. Настройки nss_ldap: ================== nsswitch.conf ================== group: files ldap group_compat: nis hosts: files dns networks: files passwd: files ldap passwd_compat: nis shells: files ============================================== ============= nss_ldap.conf ======================= host 127.0.0.1 base dc=dom,dc=local uri ldapi:///var/run/openldap/ldapi/ binddn cn=root,dc=dom,dc=local bindpw password rootbinddn cn=root,dc=dom,dc=local scope one pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute gidNumber nss_base_passwd ou=users,dc=dom,dc=local?sub nss_base_passwd ou=computers,dc=dom,dc=local?sub nss_base_shadow ou=users,dc=dom,dc=local?sub nss_base_group ou=groups,dc=dom,dc=local?sub pam_password md5 ============================================== Куда копать?