A autenticação SAMBA / LDAP falhou no FreeNAS

1

Eu tenho um servidor FreeNAS e estou tentando compartilhar pastas usando o SAMBA. Meus usuários estão em um servidor OpenLDAP. O OpenLDAP tem o samba.schema carregado. Eu verifiquei o sambaSID no meu FreeNAS e é o mesmo que eu tenho no meu LDAP. Mas quando eu conecto um cliente, recebo o erro NT_STATUS_ACCESS_DENIED (eu registrei em um arquivo usando debuglevel = 3):

Maximum core file size limits now -1(soft) -1(hard)
smbd version 4.1.17 started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
uid=0 gid=0 euid=0 egid=0
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[homes]"
adding IPC service
added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface em0 ip=192.168.1.5 bcast=192.168.1.255 netmask=255.255.255.0
loaded services
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WORKGROUP))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
ERROR: Got 0 entries for gid 65534, expected one
Initialise the svcctl registry keys if needed.
Initialise the eventlog registry keys if needed.
waiting for connections
Allowed connection from dbass (192.168.1.4)
init_oplocks: initializing messages.
Transaction 0 of length 194 (0 toread)
switch message SMBnegprot (pid 10596) conn 0x0
Requested protocol [PC NETWORK PROGRAM 1.0]
Requested protocol [MICROSOFT NETWORKS 1.03]
Requested protocol [MICROSOFT NETWORKS 3.0]
Requested protocol [LANMAN1.0]
Requested protocol [LM1.2X002]
Requested protocol [DOS LANMAN2.1]
Requested protocol [LANMAN2.1]
Requested protocol [Samba]
Requested protocol [NT LANMAN 1.0]
Requested protocol [NT LM 0.12]
interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known]
get_mydnsfullname: getaddrinfo failed for name freenas.local [Success]
interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known]
get_mydnsfullname: getaddrinfo failed for name freenas.local [Success]
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
using SPNEGO
Selected protocol NT LANMAN 1.0
Transaction 1 of length 166 (0 toread)
switch message SMBsesssetupX (pid 10596) conn 0x0
wct=12 flg2=0xc843
Doing spnego session setup
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known]
get_mydnsfullname: getaddrinfo failed for name freenas.local [Success]
interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known]
get_mydnsfullname: getaddrinfo failed for name freenas.local [Success]
Got NTLMSSP neg_flags=0x60088215
Transaction 2 of length 338 (0 toread)
switch message SMBsesssetupX (pid 10596) conn 0x0
wct=12 flg2=0xc843
Doing spnego session setup
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
Got user=[myuser] domain=[WORKGROUP] workstation=[DBASS] len1=24 len2=96
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[homes]"
adding IPC service
check_ntlm_password:  Checking password for unmapped user [WORKGROUP]\[myuser]@[DBASS] with the new password interface
check_ntlm_password:  mapped user is: [WORKGROUP]\[myuser]@[DBASS]
check_sam_security: Couldn't find user 'myuser' in passdb.
check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM.
check_ntlm_password:  Authentication for user [myuser] -> [myuser] FAILED with error NT_STATUS_NO_SUCH_USER
No such user myuser [WORKGROUP] - using guest account
Transaction 3 of length 90 (0 toread)
switch message SMBtconX (pid 10596) conn 0x0
Allowed connection from dbass (192.168.1.4)
Connect path is '/tmp' for service [IPC$]
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
dbass (ipv4:192.168.1.4:44401) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 10596)
tconX service=IPC$
Transaction 4 of length 116 (0 toread)
switch message SMBtrans2 (pid 10596) conn 0x8120e77e0
checking for home directory myuser gave /mnt/volume_test/homedirs/myuser/myuser
adding home's share [myuser] for user 'myuser' at '/mnt/volume_test/homedirs/myuser/myuser/%U'
get_referred_path: |myuser| in dfs path 2.168.1.5\myuser is not a dfs root.
NT error packet at ../source3/smbd/trans2.c(8572) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
Transaction 5 of length 39 (0 toread)
switch message SMBtdis (pid 10596) conn 0x8120e77e0
dbass (ipv4:192.168.1.4:44401) closed connection to service IPC$
Transaction 6 of length 96 (0 toread)
switch message SMBtconX (pid 10596) conn 0x0
Allowed connection from dbass (192.168.1.4)
guest user (from session setup) not permitted to access this share (myuser)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
NT error packet at ../source3/smbd/reply.c(952) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
Server exit (failed to receive smb request)    

Eu realmente não sei porque me negou acesso. O que eu posso ver é: meu usuário que tenta efetuar login (myuser) não está dentro do domínio (WORKGROUP) Espero que alguém me ajude. Agradecemos antecipadamente

    
por verovan 27.03.2015 / 16:38

0 respostas