[Samba-it] (no subject)
Francesco Malvezzi
malvezzi.francesco at unimo.it
Wed Aug 4 17:25:02 MDT 2004
Il problema che vorrei descrivere si verifica su client
windows XP (256MB RAM) service pack 1 membri di un dominio retto da
un server debian linux sarge con samba_3.0.5,
backend di password ldapsam (ldap con schemi di samba2.2).
Il client non riesce a fare il login al dominio ed esce con
questo errore:
"impossibile caricare il profilo, accesso non consentito.
Controllare che la rete sia connessa o che stia funzionando
correttamente"
Dettagli: Memoria insufficiente per eseguire il comando.
Negli eventi di windows questo errore ha lo ID 1500,
Origine Userenv
Invece, nei log di linux (log level 1)
[2004/08/04 16:29:31, 1] smbd/service.c:make_connection_snum(619)
pc08 (155.185.200.108) connect to service profiles initially as user n26001
(uid=5405, gid=5405) (pid 6647)
[2004/08/04 16:29:31, 1] smbd/service.c:make_connection_snum(619)
pc08 (155.185.200.108) connect to service netlogon initially as user n26001
(uid=5405, gid=5405) (pid 6647)
[2004/08/04 16:29:35, 1] smbd/service.c:close_cnum(801)
pc08 (155.185.200.108) closed connection to service profiles
[2004/08/04 16:30:35, 1] smbd/service.c:close_cnum(801)
pc08 (155.185.200.108) closed connection to service netlogon
[2004/08/04 16:45:07, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397)
failed to decode PDU
[2004/08/04 16:45:07, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
[2004/08/04 16:45:08, 1] smbd/service.c:make_connection_snum(619)
pc08 (155.185.200.108) connect to service netlogon initially as user n26001
(uid=5405, gid=5405) (pid 6670)
[2004/08/04 16:45:18, 1] smbd/service.c:close_cnum(801)
pc08 (155.185.200.108) closed connection to service netlogon
[2004/08/04 16:47:26, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397)
failed to decode PDU
[2004/08/04 16:47:26, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
Cioe' vedo che l'utente n26001 e' riuscito a connettersi alle
share netlogon e profiles.
In \profiles, la directory n26001 appare creata (corretto),
ma non l'albero di directory che vi dovrebbero essere contenute.
julio:/home/SAMBA/profiles# smbclient -Un26001%***** \\\\julio\\homes
Domain=[LABRESAM] OS=[Unix] Server=[Samba 3.0.5]
smb: \>
funziona (anche per profiles).
Ho cercato su google e l'errore Userenv id 1500 dovrebbe essere
collegato a una corruzione del registry a cui si rimedia con
un'utility chiamata UHPCLEAN. L'ho usata ma senza risultato.
Ho provato a togliere i profili roaming:
#logon path = \\%L\profiles\%U
logon path =
Ma ho ancora lo stesso errore.
Sono realmente disperato. Allego il file smb.conf, ma davvero
ho finito tutte le idee, tutte.
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
# $Id: smb.conf,v 1.2.4.6 2002/03/13 18:56:16 peloy Exp $
#
#
#======================= Global Settings =======================
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = LABMOSAM
# server string is the equivalent of the NT Description field
server string = %h server (PDC for MultiMedia LAB)
netbios name = junio
# set di caratteri come in Samba2: questo risolve il
# problema dell'inconmpatibilita` con caratteri speciali
# come le lettere accentate
dos charset = CP850
unix charset = ISO-8859-15
# unix charset = UTF-8
# display charset = LOCALE
display charset = UTF-8
ldap server = maya.unimo.it
ldap suffix = dc=unimo,dc=it
#questo e' l'utente amministratore di ldap.La password va inserita da linea di
comando
#con il comando smbpasswd -w <password>
ldap admin dn = cn=adminread,dc=unimore,dc=it
#SICUREZZA
ldap port = 389
ldap ssl = start tls
#restrict access to lab clients
#hosts allow = 155.185.54.64/255.255.255.224
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# You may wish to override the location of the printcap file
; printcap name = /etc/printcap
# 'printing = cups' works nicely
; printing = bsd
; guest account = nobody
; invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
log level = 1
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# If you want Samba to log though syslog only then set the following
# parameter to 'yes'. Please note that logging through syslog in
# Samba is still experimental.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 1
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = true
passdb backend = tdbsam ldapsam_compat
smb passwd file =
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# --- Browser Control Options ---
# Please _read_ BROWSING.txt and set the next four parameters according
# to your network setup. The defaults are specified below (commented
# out.) It's important that you read BROWSING.txt so you don't break
# browsing in your network!
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
# secondo il Samba_Collection_HOWTO dovrebbe essere almeno 32
os level = 63
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# --- End of Browser Control Options ---
#--- PDC emulation options ---
domain logons = yes
logon path = \\%L\profiles\%U
#Mappa la home directory sul server samba come unita' U dei client
logon drive = U:
logon home = \\%L\%U
#logon home =
machine password timeout = 1000000
# disattiva il caching dei nomi (per evitare il periodico disservizio)
# per default, questo timeout ha un valore di 660 secondi
name cache timeout = 0
#--- End PDC emulation options
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
name resolve order = wins lmhosts host bcast
# Name mangling options
; preserve case = yes
; short preserve case = yes
# This boolean parameter controlls whether Samba attempts to sync. the Unix
# password with the SMB password when the encrypted SMB password in the
# /etc/samba/smbpasswd file is changed.
# unix password sync = true
# For Unix password sync. to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <aluton at hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian Potato).
# passwd program = /usr/bin/passwd %u
# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
# pam password change = yes
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
obey pam restrictions = yes
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; winbind uid = 10000-20000
; winbind gid = 10000-20000
; template shell = /bin/bash
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
path = /homel/%U
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /home/SAMBA/netlogon
guest ok = yes
writable = no
share modes = no
#Profile share for users logon
[profiles]
path = /home/SAMBA/profiles
browseable = no
guest ok = yes
writeable = yes
create mask = 0600
directory mask = 0750
profile acls = yes
Grazie davvero a chi riesce a dare un'occhiata a questo disastro. Se servono
piu' log, non c'e' problema. In /var/log/auth, in corrispondenza a ogni
tentativo di connessione, ci sono due righe, una di login e una di logoff
(altra cosa strana: vuol dire che windows si prende la liberta' di
interrompere il processo di login? E perche', poi?).
Francesco
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
More information about the samba-it
mailing list