[Samba] login (W2K) takes very long
Wolfgang Pichler
madmin at dialog-telekom.at
Wed May 28 15:12:49 GMT 2003
hi,
i've configured samba-2.2.5 and openldap2-2.1.4 with the help of the
howto avaible at idealx. I can add users / delete them - login in pver
ssh - get the right groups and id's... - nearly everything works.
But when i try to login with a W2K Workstation (havn't tested other
OS'es) then i can type in the username/password - then it takes about 5
minutes (you can still see the username/password dialog grayed) and then
it tells me that it couldn't load my profile. I have the right
permissions set at the profile directory.
in the ldap.log file i get such messages:
May 28 16:01:54 zion slapd[18348]: <= bdb_equality_candidates:
index_param failed (18)
May 28 16:01:57 zion last message repeated 7 times
May 28 16:04:11 zion slapd[18348]: <= bdb_equality_candidates:
index_param failed (18)
why ?
is it a failure with the indexes in sldap.conf ?
i have:
index objectClass eq
index default sub
index uid pres,eq
## support pdb_getsampwrid()
index rid eq
## posixGroup entries in the directory as well
index uidNumber eq
index gidNumber eq
index cn eq
index memberUid eq
in the log.smbd i get:
[2003/05/28 16:06:00, 2] smbd/reply.c:reply_special(92)
netbios connect: name1=ZION name2=NOMICRO
[2003/05/28 16:06:00, 2] smbd/reply.c:reply_special(111)
netbios connect: local=zion remote=nomicro
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_open_connection(226)
ldap_open_connection: connection opened
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_connect_system(260)
ldap_connect_system: succesful connection to the LDAP server
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_search_one_user(272)
ldap_search_one_user: searching
for:[(&(uid=nomicro$)(objectclass=sambaAccount))]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [uid] = [nomicro$]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(505)
Entry found for user: nomicro$
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [pwdLastSet] = [1053939659]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [logonTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [logoffTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [kickoffTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [pwdCanChange] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [pwdMustChange] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [cn] = [NOMICRO$]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
get_single_attribute: [homeDrive] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
get_single_attribute: [smbHome] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
get_single_attribute: [scriptPath] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
get_single_attribute: [profilePath] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [description] = [Computer]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [rid] = [3000]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [primaryGroupID] = [2007]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [lmPassword] = [xxxxxxxxxxxxxxxxxxxx]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [ntPassword] = [xxxxxxxxxxxxxxxxxxxx]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [acctFlags] = [[W ]]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_open_connection(226)
ldap_open_connection: connection opened
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_connect_system(260)
ldap_connect_system: succesful connection to the LDAP server
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_search_one_user(272)
ldap_search_one_user: searching
for:[(&(uid=pichler)(objectclass=sambaAccount))]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [uid] = [pichler]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(505)
Entry found for user: pichler
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [pwdLastSet] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [logonTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [logoffTime] = [2147483647]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [kickoffTime] = [2147483647]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [pwdCanChange] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [pwdMustChange] = [2147483647]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [cn] = [pichler]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [homeDrive] = [U:]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [smbHome] = [\\zion\homes]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [scriptPath] = [\\zion\netlogon\logon.bat]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [profilePath] = [\\zion\profiles\pichler]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [description] = [System User]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [rid] = [3004]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [primaryGroupID] = [2005]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [lmPassword] =
[2E0596A8013A92C49C5014AE4718A7EE]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [ntPassword] =
[AAD2C3A87B2A40EE3A63E88AA374B116]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
get_single_attribute: [acctFlags] = [[UX ]]
and after this message the long waiting period cames
i have also on the same subnet another pdc running (the old one which i
am trying to replace - its a WinNT machine) - could it be that this
machine causes the troubles ?
my smb.conf:
[global]
workgroup = DIALOG-TELEKOM
netbios name = ZION
interfaces = eth0 172.16.0.27/24
bind interfaces only = Yes
security = user
encrypt passwords = Yes
username map = /etc/samba/usermap
log level = 2
syslog = 0
time server = Yes
unix extensions = Yes
kernel oplocks = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd.pl -w %u
logon path = \\%N\profiles\%u
logon script = logon.bat
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd.pl -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*successfully*
logon drive = U:
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
browseable = No
guest account = smbguest
domain admin group = @smbadmin
admin users = @smbadmin
printer admin = @smbadmin
# ldap parameters
ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at"
ldap server = localhost
ldap ssl = No
ldap port = 389
ldap suffix = "dc=dialog-telekom,dc=at"
character set = iso8859-1
[netlogon]
path = /home/samba/netlogon
write list = administrator
guest ok = yes
[profiles]
path = /home/samba/profiles
writeable = yes
read only = No
create mode = 0644
directory mode = 0755
guest ok = Yes
browseable = no
[homes]
comment = Home Directory
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
do you need some more informations ?
mfG
Wolfi
More information about the samba
mailing list