AW: AW: [Samba] Samba - LDAP - User cannot login
from 1 workstation
Bert_De_Ridder at peopleware.be
Bert_De_Ridder at peopleware.be
Tue Jul 27 14:50:57 GMT 2004
Yes, but I hadn't included that in my previous post; I tried to trim the
message
winbind uid = 100-20000
winbind gid = 100-20000
winbind separator = +
winbind use default domain = Yes
I am not using password server, because i want Samba to think it's on the
same server; however the LDAP on that server is a slave, so updates are
sent to our master LDAP server. (and back to the slave via the replicator
off course)
I can use the shares via smbclient on the server; I really don't think
there is an error on the server; since everything works when changing all
other conditions (switch pc or another user on that pc); it's just that
one user when working on that one machine.
Bert De Ridder
Umberto Zanatta <uzanatta at provincia.treviso.it>
Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
27/07/2004 15:28
To
Bert_De_Ridder at peopleware.be
cc
samba at lists.samba.org
Subject
Re: AW: AW: [Samba] Samba - LDAP - User cannot login from 1
workstation
Have you tried configuring winbind? Of course, it's very important on
Samba PDC+BDC+File Server.
Perhaps, you've forgotten 'password server': it hasn't to be the ip of
bdc, but the ip of pdc
and 'security = domain';
You should as well (for name resolver) add bcast to 'name resolve
order'.
Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha scritto:
> Ok, so the getpeername was a coincidence; I haven't seen it more than
> once, that's true.
>
> smb.conf:
> [global]
> domain master = No
> domain logons = Yes
> map to guest = never
> netbios name = FATTY
> workgroup = PEOPLEWARE
> server string = Linux BDC
> encrypt passwords = Yes
> log level = 2
> name resolve order = lmhosts wins
> time server = Yes
> socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
> guest account = nobody
> logon script = login.bat
> logon path =
> logon drive = H:
> os level = 99
> preferred master = No
> wins support = Yes
> wins server = 192.168.0.22
> remote browse sync = 192.168.0.22
> remote announce = 192.168.3.255/PEOPLEWARE
> printing = cups
> local master = yes
> load printers = yes
> printcap name = cups
> passwd program =/usr/local/sbin/smbldap-passwd %u
> passwd chat = *new*password* %n\n *new*password:* %n\
> *successfully*
> add machine script = /usr/local/sbin/smbldap-useradd -w u%
> add user script = /usr/local/sbin/smbldap-useradd -a %u
> delete user script = /usr/local/sbin/smbldap-userdel %u
> add group script = /usr/local/sbin/smbldap-groupadd %g
> delete group script = /usr/local/sbin/smbldap-groupdel %g
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
> %u %g
> delete user from group script =
> /usr/local/sbin/smbldap-groupmod -x %u %g
> set primary group script = /usr/local/sbin/smbldap-usermod -G
> %g %u
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap suffix = dc=peopleware,dc=be
> ldap admin dn = cn=Manager,dc=peopleware,dc=be
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> ldap passwd sync = Yes
> ldap ssl = off
>
> [netlogon]
> path = /var/lib/samba/netlogon
> read only = No
> create mask = 0600
> directory mask = 0700
> browseable = No
> [homes]
> comment = Home directories
> path = /home/%U
> read only = No
> create mask = 0640
> directory mask = 0750
> browseable = Yes
> [cvs]
> path = /local/cvs
> read only = No
> create mask = 0777
> force group = users
> public = yes
> guest ok = yes
>
> Bert De Ridder
>
>
>
> Umberto Zanatta
> <uzanatta at provincia.treviso.it>
> Sent by:
> samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
>
> 27/07/2004 14:57
> To
> Bert_De_Ridder at peopleware.be
> cc
> samba at lists.samba.org
> Subject
> Re: AW: AW:
> [Samba] Samba -
> LDAP - User
> cannot login from
> 1
> workstation
>
>
>
>
> No, isn't; but, there's some problems in resolvconf/hosts/dns.
>
> """
> getpeername failed
> """
>
> Meanwihile, should you post the smb.conf related to?
>
> Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
> scritto:
>
> > That's true...
> >
> > The message is :
> >
> > <sharename> is not accessible
> > Network access is denied
> > <OK>
> >
> > Even if I navigate to the share CVS (which works during login - see
> my
> > original mail) I get that message.
> >
> > I don't know whether it's related, but I now notice other messages
> in the
> > log :
> >
> > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
> > allier (192.168.3.196) connect to service cvs initially as user
> mschijva
> > (uid=1015, gid=100) (pid 24964)
> > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
> > getpeername failed. Error was Transport endpoint is not connected
> > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
> > read_socket_data: recv failure for 4. Error = Connection reset by
> peer
> >
> >
> > Do you think it's related?
> >
> >
> >
> > Bert
> >
> >
> >
> >
> > "Arno Seidel" <aseidel at aseidel.com>
> > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > 27/07/2004 13:15
> > Please respond to
> > aseidel at aseidel.com
> >
> >
> > To
> > "Samba" <samba at lists.samba.org>
> > cc
> >
> > Subject
> > AW: AW: [Samba] Samba - LDAP - User cannot login from 1 workstation
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > hm i don?t think that it has something to do with the
> trus-relationship if
> > it where so than every user on that pc would get a permision denied.
> > what does the error message exactly says?
> > example:
> > Access denied, the network path was not found...
> >
> >
> > -----Ursprungliche Nachricht-----
> > Von: Bert_De_Ridder at peopleware.be
> [mailto:Bert_De_Ridder at peopleware.be]
> > Gesendet: Dienstag, 27. Juli 2004 12:57
> > An: aseidel at aseidel.com
> > Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 1
> > workstation
> >
> >
> >
> > I have checked the user's permissions; I am convinced that it is
> not a
> > server setting since the error 'Access denied' (on the client -
> Win2K)
> > does
> > not happen when the user logs on to another workstation.
> > I think it has something to do with the trust relationship; but I
> > haven't
> > got a clue where to start looking for it.
> >
> > What loglevel would you suggest ?
> >
> >
> > Bert
> >
> >
> >
> >
> >
> > "Arno Seidel" <aseidel at aseidel.com>
> > Sent by:
> > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > 27/07/2004 12:30 Please respond to
> > aseidel at aseidel.com
> >
> >
> > To <samba at lists.samba.org>
> > cc
> > Subject AW: [Samba] Samba - LDAP - User cannot login
> from 1
> > workstation
> >
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > did you checked the users permissions??
> > group-entrys... share/directory permissions
> > which account flags does the user have.
> > did you rise the loglevel to get some more informations?
> > what error message do you receive on the windows-pc?
> >
> > this is no a solution... but may bring you on the right way
> >
> > > -----Ursprungliche Nachricht-----
> > > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
> Auftrag
> > von
> > > Bert_De_Ridder at peopleware.be
> > > Gesendet: Dienstag, 27. Juli 2004 12:16
> > > An: samba at lists.samba.org
> > > Betreff: [Samba] Samba - LDAP - User cannot login from 1
> workstation
> > >
> > >
> > > Hello, everyone,
> > >
> > > This is the situation :
> > >
> > > We have 2 sites; one domain; 2 samba's on every site; one is
> PDC, the
> > > other is BDC.
> > > They both use LDAP; the LDAP has a master on the site where the
> PDC
> > is;
> > > the slave LDAP is on the site where the BDC is.
> > >
> > > There is a user (ONE to be precise) that gives problems when
> working
> > on
> > a
> > > specific machine.
> > >
> > > When the user logs in using his machine; he can't access shares
> on
> > either
> > > of the servers. When he logs in on any other machine, there is
> no
> > problem
> > > whatsoever. When anybody else logs in using this user's machine,
> there
> > is
> > > no problem either.
> > > It's only when the user logs in on that specific machine.
> > > The login is fine; I can see the user in the logs:
> > >
> > > allier (192.168.3.196) connect to service netlogon initially
> as user
> > > mschijva (uid=1015, gid=100) (pid 25065)
> > > [2004/07/26 14:34:29, 1]
> smbd/service.c:make_connection_snum(619)
> > > allier (192.168.3.196) connect to service cvs initially as
> user
> > > mschijva
> > > (uid=1015, gid=100) (pid 25065)
> > >
> > > >From that point on, the shares can no longer be accessed.
> > >
> > > The machine HAS been used in the past in a domain with the same
> name,
> > but
> > > with a different ID.
> > > The user receives the 'old' sambasid from the server to avoid
> local
> > > profile loss (deleting the user's local profile is NOT an option
> BTW).
> > >
> > > Where can I start looking for this ?
> > > Any ideas anyone ?
> > >
> > > Thanks in advance
> > >
> > > Bert De Ridder
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
> the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
> _______________________
> Umberto Zanatta
> linuxDidattica
>
> tel: +39 (335) 54 71 385
> email: umberto.z at tin.it
> web: http://linuxdidattica.org
> _______________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z at tin.it
web: http://linuxdidattica.org
_______________________
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list