This is really a more general question, but I am asking it in a specific context. How do you troubleshoot failed Samba/LDAP logins/authentications?
I am in the process of learning Samba/LDAP. I currently have a test machine on which I have Samba and openLDAP, and I created a single posix/samba user that I want to try logging onto a network share with. From my other machine running Debian, I use the Gnome "Connect to server" function to try and load the share. I enter all the relevant information, but after entering my password the prompt keeps coming back. It repeatedly asks for my password without giving me an error.
So far I have been tailing the /var/log/syslog file and looking at the slapd output:
Aug 1 11:05:16 androserve slapd[3358]: conn=1007 fd=19 ACCEPT from IP=127.0.0.1:52280 (IP=0.0.0.0:389) Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128 Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0 Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=0 RESULT tag=97 err=0 text= Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SRCH attr=supportedControl Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(objectClass=sambaSamAccount))" Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SRCH base="sambaDomainName=ANDROCS,dc=androcs,dc=com" scope=0 deref=0 filter="(objectClass=sambaDomain)" Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SRCH attr=sambaPwdHistoryLength Aug 1 11:05:16 androserve slapd[3358]: conn=1007 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=20000))" Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=20000))" Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3743419441-701214183-3617868461-513)(objectClass=sambaSamAccount))" Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Aug 1 11:05:17 androserve slapd[3358]: bdb_equality_candidates: (sambaSID) not indexed Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3743419441-701214183-3617868461-513))" Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SRCH base="sambaDomainName=ANDROCS,dc=androcs,dc=com" scope=0 deref=0 filter="(objectClass=sambaDomain)" Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SRCH attr=sambaLockoutThreshold Aug 1 11:05:17 androserve slapd[3358]: conn=1007 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 1 11:05:17 androserve slapd[3358]: conn=1007 fd=19 closed (connection lost)` In this case it looks like it is trying to reference a sambaGroupMapping class, which I have not configured.
How would one usually approach this problem?
Thanks!
smbclientover GNOME's graphical "Connect to Server".