Samba: Users can log in remotely, but not from inside the network

[mallen324]

I have a user (plynn) that can log into the samba server either from outside the network, or from inside the network - only if she is connecting via WinSCP or filezilla. The username and pass don't work if accessing it from the LAN like normal on a windows or linux (ubuntu) box. I have had the problem before with my own username (newer to the company), but completely forgot how to fix it.

I do remember getting my username on the 'pdbedit -L' list got it to work, but I am unable to add the username to the list with 'sudo pdbedit -a -u plynn' or 'sudo pdbedit -a plynn'. It returns with:

$ sudo pdbedit -a -u plynn
Password:
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=****))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
new password:
retype new password:
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SPRINGFIELD))]
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: plynn
ldapsam_add_sam_account: failed to modify/add user with uid = plynn (dn = uid=plynn,ou=people,"dc=****,dc=com")
Failed to add entry for user plynn.

(I starred out potentially identifiable information)

Any ideas?


Samba 3.4
FreeBSD 8.1

 

[mallen324]

Ok so I was just trying things out and I can add them to the list of pdbedit -L after I delete their account off local machine using 'sudo rmuser plynn'.

But once I do that, they cannot log in remotely! I think it is because then they don't have an account in /etc/passwd. I tried doing what I just said, but when I run 'sudo adduser' (to try and get the username added to /etc/passwd), when I supply the username plynn it yells at me that it already exists.

EDIT:
I have another username that is listed with 'pdbedit -L', and not in the /etc/passwd file, that is able to log in whichever way. So I am now even more dumbfounded.

 

[Sylhouette]

You must make sure you are checking against the right user password database.

Samba users as i can tell from your story are stored in the LDAP database.

If they use winscp, they do a ssh to the machine, only ssh will check the local /etc/passwd database.

i think you can solve this with the /etc/pam.d/sshd

http://www.freebsd.org/doc/en/articles/ldap-auth/index.html

BE VERY CAREFULL , you can lock yourself out.

So never log out as root before you know you can still login.

I never have done this, but this is your problem.

regards,
Johan

 

[mallen324]

Ok, for some reason I entered 'sudo pdbedit -a -u plynn' and it successfully added! I have no idea why it worked this time. Is it possible for a server to only accept new usernames during certain times or something? Oh well, I added her, but when I went to add another user, it seemed to have added him, but it is not working. Here's my 'pdbedit -L' (edited to show only the username-changed- I am now trying to get to work.)"

init_sam_from_ldap: Entry found for user: username01
ERROR: Got 0 entries for gid 2645, expected one
ERROR: Got 0 entries for gid 2645, expected one
ERROR: Got 0 entries for gid 2645, expected one
username01:2645:Full Name

This is a weird username to tell you the truth. I have no idea where it came from. It didn't have a local account, and it wasn't even mentioned in the pdbedit -L until I tried adding it. I think I am going to ask the user if he's even aware of the login. If he isn't I'll try and delete the username completely and make a local account and try the 'pdbedit -a -u username01' throughout the day til it adds.