This is really a more general question, but I am asking it in a specific context. How do you troubleshoot failed Samba/LDAP logins/authentications?
I am in the process of learning Samba/LDAP. I currently have a test machine on which I have Samba and openLDAP, and I created a single posix/samba user that I want to try logging onto a network share with. From my other machine running Debian, I use the Gnome "Connect to server" function to try and load the share. I enter all the relevant information, but after entering my password the prompt keeps coming back. It repeatedly asks for my password without giving me an error.
So far I have been tailing the /var/log/syslog file and looking at the slapd output:
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 fd=19 ACCEPT from IP=127.0.0.1:52280 (IP=0.0.0.0:389)
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=0 RESULT tag=97 err=0 text=
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SRCH attr=supportedControl
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(objectClass=sambaSamAccount))"
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SRCH base="sambaDomainName=ANDROCS,dc=androcs,dc=com" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SRCH attr=sambaPwdHistoryLength
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=20000))"
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=20000))"
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3743419441-701214183-3617868461-513)(objectClass=sambaSamAccount))"
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Aug 1 11:05:17 androserve slapd[3358]: bdb_equality_candidates: (sambaSID) not indexed
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3743419441-701214183-3617868461-513))"
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SRCH base="sambaDomainName=ANDROCS,dc=androcs,dc=com" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SRCH attr=sambaLockoutThreshold
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 1 11:05:17 androserve slapd[3358]: conn=1007 fd=19 closed (connection lost)`
In this case it looks like it is trying to reference a sambaGroupMapping class, which I have not configured.
How would one usually approach this problem?
Thanks!
Best Answer
It means that your username was found in LDAP directory. Take a look at
audit.logto see what happen with each stepauthentication,accounting,session, ...