排除 Samba/LDAP 身份验证失败故障

排除 Samba/LDAP 身份验证失败故障

这实际上是一个比较普遍的问题,但我是在特定背景下提出这个问题的。如何解决 Samba/LDAP 登录/身份验证失败的问题?

我正在学习 Samba/LDAP。我目前有一台测试机,上面安装了 Samba 和 openLDAP,我创建了一个 posix/samba 用户,我想尝试用它登录网络共享。从我另一台运行 Debian 的机器上,我使用 Gnome 的“连接到服务器”功能尝试加载共享。我输入了所有相关信息,但输入密码后,提示不断出现。它反复询问我的密码,但没有给出错误。

到目前为止,我一直在跟踪该/var/log/syslog文件并查看 slapd 输出:

Aug  1 11:05:16 androserve slapd[3358]: conn=1007 fd=19 ACCEPT from IP=127.0.0.1:52280 (IP=0.0.0.0:389)
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=0 RESULT tag=97 err=0 text=
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SRCH attr=supportedControl
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(objectClass=sambaSamAccount))"
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SRCH base="sambaDomainName=ANDROCS,dc=androcs,dc=com" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SRCH attr=sambaPwdHistoryLength
Aug  1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=20000))"
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=20000))"
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3743419441-701214183-3617868461-513)(objectClass=sambaSamAccount))"
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Aug  1 11:05:17 androserve slapd[3358]: bdb_equality_candidates: (sambaSID) not indexed
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3743419441-701214183-3617868461-513))"
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SRCH base="sambaDomainName=ANDROCS,dc=androcs,dc=com" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SRCH attr=sambaLockoutThreshold
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug  1 11:05:17 androserve slapd[3358]: conn=1007 fd=19 closed (connection lost)`

在这种情况下,它看起来正在尝试引用一个sambaGroupMapping我尚未配置的类。

人们通常如何解决这个问题?

谢谢!

答案1

8 月 1 日 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)( objectClass=sambaSamAccount))" 8 月 1 日 11:05:16 androserve slapd[3358]: conn=1007 op=2 搜索结果 tag=101 err=0条目数=1 文本=

这意味着您的用户名已在 LDAP 目录中找到。查看每个audit.log步骤发生的情况authentication,,,...accountingsession

相关内容