AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1 workstation
Arno Seidel
aseidel at aseidel.com
Tue Jul 27 15:56:47 GMT 2004
Hi,
did you check the ldap-entry for that user?? maybe there is a mistake...
are the other workstations you tried w2k too?
are the "local" permissions on the workstation for that user correct???
maybe there is a local-policy...
maybe there is a user-workstation entry in the ldapaccount...
i don?t think that it has something to do with the configuration of the
samba /ldap servers, because other pc?s on the same segment have no
problems.
> -----Ursprungliche Nachricht-----
> Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im Auftrag von
> Bert_De_Ridder at peopleware.be
> Gesendet: Dienstag, 27. Juli 2004 16:51
> An: Umberto Zanatta
> Cc: samba at lists.samba.org
> Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
> workstation
>
>
> Yes, but I hadn't included that in my previous post; I tried to trim the
> message
>
> winbind uid = 100-20000
> winbind gid = 100-20000
> winbind separator = +
> winbind use default domain = Yes
>
> I am not using password server, because i want Samba to think it's on the
> same server; however the LDAP on that server is a slave, so updates are
> sent to our master LDAP server. (and back to the slave via the replicator
> off course)
>
> I can use the shares via smbclient on the server; I really don't think
> there is an error on the server; since everything works when changing all
> other conditions (switch pc or another user on that pc); it's just that
> one user when working on that one machine.
>
>
> Bert De Ridder
>
>
>
>
>
> Umberto Zanatta <uzanatta at provincia.treviso.it>
> Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> 27/07/2004 15:28
>
> To
> Bert_De_Ridder at peopleware.be
> cc
> samba at lists.samba.org
> Subject
> Re: AW: AW: [Samba] Samba - LDAP - User cannot login from 1
> workstation
>
>
>
>
>
>
> Have you tried configuring winbind? Of course, it's very important on
> Samba PDC+BDC+File Server.
>
> Perhaps, you've forgotten 'password server': it hasn't to be the ip of
> bdc, but the ip of pdc
> and 'security = domain';
>
> You should as well (for name resolver) add bcast to 'name resolve
> order'.
>
>
> Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha scritto:
>
> > Ok, so the getpeername was a coincidence; I haven't seen it more than
> > once, that's true.
> >
> > smb.conf:
> > [global]
> > domain master = No
> > domain logons = Yes
> > map to guest = never
> > netbios name = FATTY
> > workgroup = PEOPLEWARE
> > server string = Linux BDC
> > encrypt passwords = Yes
> > log level = 2
> > name resolve order = lmhosts wins
> > time server = Yes
> > socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
> > guest account = nobody
> > logon script = login.bat
> > logon path =
> > logon drive = H:
> > os level = 99
> > preferred master = No
> > wins support = Yes
> > wins server = 192.168.0.22
> > remote browse sync = 192.168.0.22
> > remote announce = 192.168.3.255/PEOPLEWARE
> > printing = cups
> > local master = yes
> > load printers = yes
> > printcap name = cups
> > passwd program =/usr/local/sbin/smbldap-passwd %u
> > passwd chat = *new*password* %n\n *new*password:* %n\
> > *successfully*
> > add machine script = /usr/local/sbin/smbldap-useradd -w u%
> > add user script = /usr/local/sbin/smbldap-useradd -a %u
> > delete user script = /usr/local/sbin/smbldap-userdel %u
> > add group script = /usr/local/sbin/smbldap-groupadd %g
> > delete group script = /usr/local/sbin/smbldap-groupdel %g
> > add user to group script = /usr/local/sbin/smbldap-groupmod -m
> > %u %g
> > delete user from group script =
> > /usr/local/sbin/smbldap-groupmod -x %u %g
> > set primary group script = /usr/local/sbin/smbldap-usermod -G
> > %g %u
> > passdb backend = ldapsam:ldap://127.0.0.1
> > ldap suffix = dc=peopleware,dc=be
> > ldap admin dn = cn=Manager,dc=peopleware,dc=be
> > ldap user suffix = ou=Users
> > ldap group suffix = ou=Groups
> > ldap machine suffix = ou=Computers
> > ldap idmap suffix = ou=Users
> > ldap passwd sync = Yes
> > ldap ssl = off
> >
> > [netlogon]
> > path = /var/lib/samba/netlogon
> > read only = No
> > create mask = 0600
> > directory mask = 0700
> > browseable = No
> > [homes]
> > comment = Home directories
> > path = /home/%U
> > read only = No
> > create mask = 0640
> > directory mask = 0750
> > browseable = Yes
> > [cvs]
> > path = /local/cvs
> > read only = No
> > create mask = 0777
> > force group = users
> > public = yes
> > guest ok = yes
> >
> > Bert De Ridder
> >
> >
> >
> > Umberto Zanatta
> > <uzanatta at provincia.treviso.it>
> > Sent by:
> > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> >
> > 27/07/2004 14:57
> > To
> > Bert_De_Ridder at peopleware.be
> > cc
> > samba at lists.samba.org
> > Subject
> > Re: AW: AW:
> > [Samba] Samba -
> > LDAP - User
> > cannot login from
> > 1
> > workstation
> >
> >
> >
> >
> > No, isn't; but, there's some problems in resolvconf/hosts/dns.
> >
> > """
> > getpeername failed
> > """
> >
> > Meanwihile, should you post the smb.conf related to?
> >
> > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
> > scritto:
> >
> > > That's true...
> > >
> > > The message is :
> > >
> > > <sharename> is not accessible
> > > Network access is denied
> > > <OK>
> > >
> > > Even if I navigate to the share CVS (which works during login - see
> > my
> > > original mail) I get that message.
> > >
> > > I don't know whether it's related, but I now notice other messages
> > in the
> > > log :
> > >
> > > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
> > > allier (192.168.3.196) connect to service cvs initially as user
> > mschijva
> > > (uid=1015, gid=100) (pid 24964)
> > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
> > > getpeername failed. Error was Transport endpoint is not connected
> > > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
> > > read_socket_data: recv failure for 4. Error = Connection reset by
> > peer
> > >
> > >
> > > Do you think it's related?
> > >
> > >
> > >
> > > Bert
> > >
> > >
> > >
> > >
> > > "Arno Seidel" <aseidel at aseidel.com>
> > > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > 27/07/2004 13:15
> > > Please respond to
> > > aseidel at aseidel.com
> > >
> > >
> > > To
> > > "Samba" <samba at lists.samba.org>
> > > cc
> > >
> > > Subject
> > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1 workstation
> > >
> > >
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > > hm i don?t think that it has something to do with the
> > trus-relationship if
> > > it where so than every user on that pc would get a permision denied.
> > > what does the error message exactly says?
> > > example:
> > > Access denied, the network path was not found...
> > >
> > >
> > > -----Ursprungliche Nachricht-----
> > > Von: Bert_De_Ridder at peopleware.be
> > [mailto:Bert_De_Ridder at peopleware.be]
> > > Gesendet: Dienstag, 27. Juli 2004 12:57
> > > An: aseidel at aseidel.com
> > > Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 1
> > > workstation
> > >
> > >
> > >
> > > I have checked the user's permissions; I am convinced that it is
> > not a
> > > server setting since the error 'Access denied' (on the client -
> > Win2K)
> > > does
> > > not happen when the user logs on to another workstation.
> > > I think it has something to do with the trust relationship; but I
> > > haven't
> > > got a clue where to start looking for it.
> > >
> > > What loglevel would you suggest ?
> > >
> > >
> > > Bert
> > >
> > >
> > >
> > >
> > >
> > > "Arno Seidel" <aseidel at aseidel.com>
> > > Sent by:
> > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > 27/07/2004 12:30 Please respond to
> > > aseidel at aseidel.com
> > >
> > >
> > > To <samba at lists.samba.org>
> > > cc
> > > Subject AW: [Samba] Samba - LDAP - User cannot login
> > from 1
> > > workstation
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > > did you checked the users permissions??
> > > group-entrys... share/directory permissions
> > > which account flags does the user have.
> > > did you rise the loglevel to get some more informations?
> > > what error message do you receive on the windows-pc?
> > >
> > > this is no a solution... but may bring you on the right way
> > >
> > > > -----Ursprungliche Nachricht-----
> > > > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > > > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
> > Auftrag
> > > von
> > > > Bert_De_Ridder at peopleware.be
> > > > Gesendet: Dienstag, 27. Juli 2004 12:16
> > > > An: samba at lists.samba.org
> > > > Betreff: [Samba] Samba - LDAP - User cannot login from 1
> > workstation
> > > >
> > > >
> > > > Hello, everyone,
> > > >
> > > > This is the situation :
> > > >
> > > > We have 2 sites; one domain; 2 samba's on every site; one is
> > PDC, the
> > > > other is BDC.
> > > > They both use LDAP; the LDAP has a master on the site where the
> > PDC
> > > is;
> > > > the slave LDAP is on the site where the BDC is.
> > > >
> > > > There is a user (ONE to be precise) that gives problems when
> > working
> > > on
> > > a
> > > > specific machine.
> > > >
> > > > When the user logs in using his machine; he can't access shares
> > on
> > > either
> > > > of the servers. When he logs in on any other machine, there is
> > no
> > > problem
> > > > whatsoever. When anybody else logs in using this user's machine,
> > there
> > > is
> > > > no problem either.
> > > > It's only when the user logs in on that specific machine.
> > > > The login is fine; I can see the user in the logs:
> > > >
> > > > allier (192.168.3.196) connect to service netlogon initially
> > as user
> > > > mschijva (uid=1015, gid=100) (pid 25065)
> > > > [2004/07/26 14:34:29, 1]
> > smbd/service.c:make_connection_snum(619)
> > > > allier (192.168.3.196) connect to service cvs initially as
> > user
> > > > mschijva
> > > > (uid=1015, gid=100) (pid 25065)
> > > >
> > > > >From that point on, the shares can no longer be accessed.
> > > >
> > > > The machine HAS been used in the past in a domain with the same
> > name,
> > > but
> > > > with a different ID.
> > > > The user receives the 'old' sambasid from the server to avoid
> > local
> > > > profile loss (deleting the user's local profile is NOT an option
> > BTW).
> > > >
> > > > Where can I start looking for this ?
> > > > Any ideas anyone ?
> > > >
> > > > Thanks in advance
> > > >
> > > > Bert De Ridder
> > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read
> > the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> > _______________________
> > Umberto Zanatta
> > linuxDidattica
> >
> > tel: +39 (335) 54 71 385
> > email: umberto.z at tin.it
> > web: http://linuxdidattica.org
> > _______________________
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
> _______________________
> Umberto Zanatta
> linuxDidattica
>
> tel: +39 (335) 54 71 385
> email: umberto.z at tin.it
> web: http://linuxdidattica.org
> _______________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list