Problem creating Users

[Paulatia]

Hi everybody,

I have set up a Zimbra Environment on a Suse Linux Enterprise Server 10 with Samba and LDAP. I can create users through the Admin Console without problems. However, I cant connect a user to the Domain I created.

I'M following

Here Im stuck at "Creating Linux and Samba users using Zimbra Admin UI". When I run

Code:

 getent passwd

, I get a list where at the end my user shows up:

Code:

user2:*:10002:10002:User2:/home/user2:/bin/bash

Now I already cant su to the user. When I try, I get

Code:

su: user user2 does not exist

When I try

Code:

smbclient -U user2 //myserver/user2

it prompts me for password; once I enter it, I get

Code:

session setup failed: NT_STATUS_LOGON_FAILURE

Theres a samba log file showing me

Code:

[2010/02/22 23:56:06, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: user2
[2010/02/22 23:56:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/22 23:56:06, 1] auth/auth_util.c:make_server_info_sam(876)
  User user2 in passdb, but getpwnam() fails!
[2010/02/22 23:56:06, 0] auth/auth_sam.c:check_sam_security(331)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'

Does anybody know what the problem is? Im wondering if the ":*:" entry in the passwd is somehow wrong?

Thanks,
Nicolas

[zyrill]

well, I'm pretty sure your command "getent passwd" is supposed to return

Code:

user2:*:10002:10002:User2:/home/user2:/bin/bash

but then again, I don't think that's the problem...

could you post your pam configuration files?

[Paulatia]

Im still fighting on this issue.... I had it working, but it seems like after restarting the server, I am back with the problem.

I now get

Code:

smbclient -U user //zimbra.vwl.tu-darmstadt.de/user
Enter user's password:
session setup failed: NT_STATUS_LOGON_FAILURE

with the interesting part in the log:

Code:

[2010/03/05 16:53:07,  2] lib/smbldap.c:890(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2010/03/05 16:53:07,  3] lib/smbldap.c:1101(smbldap_connect_system)
  ldap_connect_system: successful connection to the LDAP server
[2010/03/05 16:53:07,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: user
[2010/03/05 16:53:07,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/05 16:53:07,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/05 16:53:07,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/05 16:53:07,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/05 16:53:07,  0] passdb/pdb_get_set.c:211(pdb_get_group_sid)
  pdb_get_group_sid: Failed to find Unix account for user
[2010/03/05 16:53:07,  1] auth/auth_util.c:577(make_server_info_sam)
  User user in passdb, but getpwnam() fails!

So I assume it finds the user in LDAP, but then checks GROUP somehow against passwd?

My nssswitch.conf is:

Code:

# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     ldap files
shadow:     ldap files
group:      ldap files

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   ldap files

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

Again, any help appreciated....

[Paulatia]

Anybody? My PAM-system-auth:

Code:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so