[Samba] ldap authentification suddenly fails partially

IOhannes zmoelnig zmoelnig at iem.kug.ac.at
Tue Aug 20 05:35:01 GMT 2002 

hi !

my systems started to behave weird today.

i am running a debian/linux-fileserver (woody/2.4.18) that exports the 
user-homes and acts as a PDC via samba (2.2.4 --with-ldapsam) to my 
windoze-clients (w2k/nt).
i am using ldap as authentification database.

everything worked like a charme, until today.
suddenly some users cannot authenticate against the windoze-machines any 
more.
other users still work !

-the users exist
-they can log in under unix (against the posixAccount in their LDAP-entry)
-i can do a "smbclient -L \\sambaserver -U faultyuser" and 
authentication works !
-when i log into the win-machine with a local account, i can then mount 
the user's-directories from the sambaserver. (as would be without the 
PDC functionality)

when such faulty users try to login, they get an error like "i couldn't 
authenticate you! check, whether your CAPS-LOCK is pressed...".
This errors flushes promptly after hitting "OK" (i mean: there is not 
much file-exchange between PDC and client)

i experimented with my personal account:
1. i could log into windoze machines (like most users)
2. i exported my ldap-entry into a ldif-file
3. i changed things (uid)
4. i could NOT log into windoze with the new username (but still old 
settings)
5. i deleted the modified ldap-entry and imported the original from the 
saved ldif-file
6. i still cannot log into any windoze machine !

the problem first occured with a person, who's username is 9 characters 
long. (and i think, he had never logged into windoze (or linux) before).
so i thought this might have been the problem,
but new test-users i create (with short usernames) won't work too, and 
finally my own account became also faulty


any ideas ??

i would have sent log-files, but i don't have a clue about what 
log-level to use (these are badly documented). a log level of 10 didn't 
really give quite the information i looked for - no errors or the like 
(but maybe, i should look again)


mfg.ds.sdaf
IOhannes

More information about the samba mailing list