help needed
Ladislav Ardo
Ladislav.Ardo at aoes.com
Thu Sep 28 13:05:20 GMT 2006
greetings,
since a couple of weeks, we got a strange problem and since I can't find
any reference to it I though I post it here.
Here is the situation:
We've got Samba version 3.0.23c running of FreeBSD 6.2 in our NT Active
Directory domain. We got an NT4 Terminal Server SP6 (Yes I know...)
where users are connecting into using ICA, mapping their profile and
homedirs at logon, located on aforementioned SAMBA server.
Users get intermittently a problem - their homedirectory gets
occassionally disconnected. When attempting to reconnect (click on the
drive) users get a message that "the drive letter is in use". Runing
"net use Z: /DELETE" and "net use Z: \\servername\homedir" reconnects
the drive and all is working perfectly again.
This does not happen when using older SAMBA box not configured for
Kerberos authentication.
At the time this happens following appears in the log file (when
attmpting to use for example disconnected "Z:" drive (Note I did not
remove username or machine name, it is simply not there):
check_ntlm_password: Checking password for unmapped user []\[]@[] with
the new password interface
check_ntlm_password: mapped user is: []\[]@[]
check_ntlm_password: Authentication for user [] -> [] FAILED with error
NT_STATUS_NO_SUCH_USER
check_ntlm_password: Checking password for unmapped user []\[]@[] with
the new password interface
check_ntlm_password: mapped user is: []\[]@[]
check_ntlm_password: Authentication for user [] -> [] FAILED with error
NT_STATUS_NO_SUCH_USER
check_ntlm_password: Checking password for unmapped user []\[]@[] with
the new password interface
check_ntlm_password: mapped user is: []\[]@[]
check_ntlm_password: Authentication for user [] -> [] FAILED with error
NT_STATUS_NO_SUCH_USER
check_ntlm_password: Checking password for unmapped user []\[]@[] with
the new password interface
...
This is not manually reproducible as it happens at random. There are no
apparent network problems, NT4 network drivers have been reinstalled,
there are no problems with enumerating users/ groups all seem to be
mapped correctly. There are no obvious Kerberos errors. Outside of the
above, no errors appear in either Windows or SAMBA logs. I have tested,
searched, did not got get what I was looking for - and thus now I am
here. We got a workaround, a script pple can run when this happens, but
not knowing the cause is eating me up. Can you guys point me to the
right direction?
Thanks,
-laco.
PS: SMB.CONF
[global]
workgroup = ADDOMAINNAME
server string = PROBLEM File Server
netbios name = SAMBASERVER
netbios aliases = SAMBASERVER SAMBASERVER1
security = ads
realm = DOMAIN.NAME.REALM
password server = DC1 DC2
encrypt passwords = yes
client use spnego = no
local master = no
domain master = no
preferred master = no
host msdfs = yes
log file = /var/log/samba/log.%m
; max log size = 500
log level = 3
max log size = 25000
hosts allow = 192.168.0.0/16 127.0.0.1
socket options = TCP_NODELAY IPTOS_LOWDELAY
oplocks = no
level2 oplocks = no
use kerberos keytab = true
# winbind separator = +
winbind trusted domains only = yes
winbind enum users = yes
winbind enum groups = yes
auth methods = sam winbind
idmap gid = 10000-20000
idmap uid = 50000-60000
# load printers = yes
# printcap name = /etc/printcap
inherit permissions = yes
# we don't need fam
fam change notify = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directory
path = /export/home/%S
read only = No
browseable = yes
follow symlinks = yes
msdfs root = yes
create mask = 0774
directory mask = 0774
inherit permissions = yes
# admin users =
admin users = +DOMAIN.NAME.COM\ADMINS
map acl inherit = yes
# # valid users = %S
# read list = %S
# write list = %S
valid users = DOMAIN.NAME.COM\%S +DOMAIN.NAME.COM\ADMINS
read list = DOMAIN.NAME.COM\%S
write list = DOMAIN.NAME.COM\%S
dos filemode = yes
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
More information about the samba-technical
mailing list