AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1 workstation

Arno Seidel aseidel at aseidel.com
Wed Jul 28 09:24:07 GMT 2004


Hi,

what os does the client have? W98?

in the system-controll folder there should be a icon (in german called
Verwaltung) whre the local policies , the settings for odbc ...and mor
are... there should be also an icon called
eventmanager / display... maybe there is a log entry?

Did you see some errrors on the samba side (instead of the connection reset
by peer) if you try a higher debug-/log-level?

the other way is, that you back-up the users home-directory, and his
roaming-profile and completely remove him and (from windows / ldap / samba
...) and readd him as a new
user with a empty home and profile-directory... and then just put the
saved-files (from the profile / homedirectory in the new created profile /
home-directory in.
it could be that there are some settings in the profile are wrong.




 -----Ursprungliche Nachricht-----
Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
Gesendet: Mittwoch, 28. Juli 2004 08:23
An: aseidel at aseidel.com
Cc: samba at lists.samba.org
Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
workstation



  Yes, I have checked the LDAP entry; I even recreated it; I tried the
user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP Prof.
  The local permissions on the machine are OK; I can add the domain user to
the local admin. group, so that should be ok.

  I agree that it is not a server-side issue; but where on the client can I
start searching for errors ?


  Regards,

  Bert De Ridder

  PeopleWare NV - Head Office
  Cdt.Weynsstraat 85
  B-2660 Hoboken
  Tel: +32 3 448.33.38
  Fax: +32 3 448.32.66

  PeopleWare NV - Branch Office Geel
  Kleinhoefstraat 5
  B-2440 Geel
  Tel: +32 14 57.00.90
  Fax: +32 14 58.13.25

  http://www.peopleware.be
  http://www.mobileware.be


        "Arno Seidel" <aseidel at aseidel.com>
        Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
        27/07/2004 17:56 Please respond to
              aseidel at aseidel.com


       To <samba at lists.samba.org>
              cc
              Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot
loginfrom        1        workstation







  Hi,

  did you check the ldap-entry for that user?? maybe there is a mistake...
  are the other workstations you tried w2k too?
  are the "local" permissions on the workstation for that user correct???
  maybe there is a local-policy...
  maybe there is a user-workstation entry in the ldapaccount...

  i don?t think that it has something to do with the configuration of the
  samba /ldap servers, because other pc?s on the same segment have no
  problems.


  > -----Ursprungliche Nachricht-----
  > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
  > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im Auftrag von
  > Bert_De_Ridder at peopleware.be
  > Gesendet: Dienstag, 27. Juli 2004 16:51
  > An: Umberto Zanatta
  > Cc: samba at lists.samba.org
  > Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
  > workstation
  >
  >
  > Yes, but I hadn't included that in my previous post; I tried to trim the
  > message
  >
  > winbind uid = 100-20000
  > winbind gid = 100-20000
  > winbind separator = +
  > winbind use default domain = Yes
  >
  > I am not using password server, because i want Samba to think it's on
the
  > same server; however the LDAP on that server is a slave, so updates are
  > sent to our master LDAP server. (and back to the slave via the
replicator
  > off course)
  >
  > I can use the shares via smbclient on the server; I really don't think
  > there is an error on the server; since everything works when changing
all
  > other conditions (switch pc or another user on that pc); it's just that
  > one user when working on that one machine.
  >
  >
  > Bert De Ridder
  >
  >
  >
  >
  >
  > Umberto Zanatta <uzanatta at provincia.treviso.it>
  > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
  > 27/07/2004 15:28
  >
  > To
  > Bert_De_Ridder at peopleware.be
  > cc
  > samba at lists.samba.org
  > Subject
  > Re: AW: AW: [Samba] Samba - LDAP - User cannot login from       1
  > workstation
  >
  >
  >
  >
  >
  >
  > Have you tried configuring winbind? Of course, it's very important on
  > Samba PDC+BDC+File Server.
  >
  > Perhaps, you've forgotten 'password server': it hasn't to be the ip of
  > bdc, but the ip of pdc
  > and 'security = domain';
  >
  > You should as well (for name resolver) add bcast to 'name resolve
  > order'.
  >
  >
  > Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha scritto:
  >
  > > Ok, so the getpeername was a coincidence; I haven't seen it more than
  > > once, that's true.
  > >
  > > smb.conf:
  > > [global]
  > >         domain master = No
  > >         domain logons = Yes
  > >         map to guest = never
  > >         netbios name = FATTY
  > >         workgroup = PEOPLEWARE
  > >         server string = Linux BDC
  > >         encrypt passwords = Yes
  > >         log level = 2
  > >         name resolve order = lmhosts wins
  > >         time server = Yes
  > >         socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
  > >         guest account = nobody
  > >         logon script = login.bat
  > >         logon path =
  > >         logon drive = H:
  > >         os level = 99
  > >         preferred master = No
  > >         wins support = Yes
  > >         wins server = 192.168.0.22
  > >         remote browse sync = 192.168.0.22
  > >         remote announce = 192.168.3.255/PEOPLEWARE
  > >         printing = cups
  > >         local master = yes
  > >         load printers = yes
  > >         printcap name = cups
  > >         passwd program =/usr/local/sbin/smbldap-passwd %u
  > >         passwd chat = *new*password* %n\n *new*password:* %n\
  > > *successfully*
  > >         add machine script = /usr/local/sbin/smbldap-useradd -w u%
  > >         add user script = /usr/local/sbin/smbldap-useradd -a %u
  > >         delete user script = /usr/local/sbin/smbldap-userdel %u
  > >         add group script = /usr/local/sbin/smbldap-groupadd %g
  > >         delete group script = /usr/local/sbin/smbldap-groupdel %g
  > >         add user to group script = /usr/local/sbin/smbldap-groupmod -m
  > > %u %g
  > >         delete user from group script =
  > > /usr/local/sbin/smbldap-groupmod -x %u %g
  > >         set primary group script = /usr/local/sbin/smbldap-usermod -G
  > > %g %u
  > >         passdb backend = ldapsam:ldap://127.0.0.1
  > >         ldap suffix = dc=peopleware,dc=be
  > >         ldap admin dn = cn=Manager,dc=peopleware,dc=be
  > >         ldap user suffix = ou=Users
  > >         ldap group suffix = ou=Groups
  > >         ldap machine suffix = ou=Computers
  > >         ldap idmap suffix = ou=Users
  > >         ldap passwd sync = Yes
  > >         ldap ssl = off
  > >
  > > [netlogon]
  > >         path = /var/lib/samba/netlogon
  > >         read only = No
  > >         create mask = 0600
  > >         directory mask = 0700
  > >         browseable = No
  > > [homes]
  > >         comment = Home directories
  > >         path = /home/%U
  > >         read only = No
  > >         create mask = 0640
  > >         directory mask = 0750
  > >         browseable = Yes
  > > [cvs]
  > >      path = /local/cvs
  > >      read only = No
  > >      create mask = 0777
  > >      force group = users
  > >      public = yes
  > >      guest ok = yes
  > >
  > > Bert De Ridder
  > >
  > >
  > >
  > > Umberto Zanatta
  > > <uzanatta at provincia.treviso.it>
  > > Sent by:
  > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
  > >
  > > 27/07/2004 14:57
  > >                To
  > > Bert_De_Ridder at peopleware.be
  > >                cc
  > > samba at lists.samba.org
  > >           Subject
  > > Re: AW: AW:
  > > [Samba] Samba -
  > > LDAP - User
  > > cannot login from
  > > 1
  > > workstation
  > >
  > >
  > >
  > >
  > > No, isn't; but, there's some problems in resolvconf/hosts/dns.
  > >
  > > """
  > > getpeername failed
  > > """
  > >
  > > Meanwihile, should you post the smb.conf related to?
  > >
  > > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
  > > scritto:
  > >
  > > > That's true...
  > > >
  > > > The message is :
  > > >
  > > > <sharename> is not accessible
  > > > Network access is denied
  > > >                  <OK>
  > > >
  > > > Even if I navigate to the share CVS (which works during login - see
  > > my
  > > > original mail) I get that message.
  > > >
  > > > I don't know whether it's related, but I now notice other messages
  > > in the
  > > > log :
  > > >
  > > > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
  > > > allier (192.168.3.196) connect to service cvs initially as user
  > > mschijva
  > > > (uid=1015, gid=100) (pid 24964)
  > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
  > > >   getpeername failed. Error was Transport endpoint is not connected
  > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
  > > >   read_socket_data: recv failure for 4. Error = Connection reset by
  > > peer
  > > >
  > > >
  > > > Do you think it's related?
  > > >
  > > >
  > > >
  > > > Bert
  > > >
  > > >
  > > >
  > > >
  > > > "Arno Seidel" <aseidel at aseidel.com>
  > > > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
  > > > 27/07/2004 13:15
  > > > Please respond to
  > > > aseidel at aseidel.com
  > > >
  > > >
  > > > To
  > > > "Samba" <samba at lists.samba.org>
  > > > cc
  > > >
  > > > Subject
  > > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1 workstation
  > > >
  > > >
  > > >
  > > >
  > > >
  > > >
  > > > Hi,
  > > >
  > > > hm i don?t think that it has something to do with the
  > > trus-relationship if
  > > > it where so than every user on that pc would get a permision denied.
  > > > what does the error message exactly says?
  > > > example:
  > > > Access denied, the network path was not found...
  > > >
  > > >
  > > >   -----Ursprungliche Nachricht-----
  > > >   Von: Bert_De_Ridder at peopleware.be
  > > [mailto:Bert_De_Ridder at peopleware.be]
  > > >   Gesendet: Dienstag, 27. Juli 2004 12:57
  > > >   An: aseidel at aseidel.com
  > > >   Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 1
  > > > workstation
  > > >
  > > >
  > > >
  > > >   I have checked the user's permissions; I am convinced that it is
  > > not a
  > > > server setting since the error 'Access denied' (on the client -
  > > Win2K)
  > > > does
  > > > not happen when the user logs on to another workstation.
  > > >   I think it has something to do with the trust relationship; but I
  > > > haven't
  > > > got a clue where to start looking for it.
  > > >
  > > >   What loglevel would you suggest ?
  > > >
  > > >
  > > >   Bert
  > > >
  > > >
  > > >
  > > >
  > > >
  > > >         "Arno Seidel" <aseidel at aseidel.com>
  > > >         Sent by:
  > > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
  > > >         27/07/2004 12:30 Please respond to
  > > >               aseidel at aseidel.com
  > > >
  > > >
  > > >        To <samba at lists.samba.org>
  > > >               cc
  > > >               Subject AW: [Samba] Samba - LDAP - User cannot login
  > > from 1
  > > > workstation
  > > >
  > > >
  > > >
  > > >
  > > >
  > > >
  > > >
  > > >   Hi,
  > > >
  > > >   did you checked the users permissions??
  > > >   group-entrys... share/directory permissions
  > > >   which account flags does the user have.
  > > >   did you rise the loglevel to get some more informations?
  > > >   what error message do you receive on the windows-pc?
  > > >
  > > >   this is no a solution... but may bring you on the right way
  > > >
  > > >   > -----Ursprungliche Nachricht-----
  > > >   > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
  > > >   > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
  > > Auftrag
  > > > von
  > > >   > Bert_De_Ridder at peopleware.be
  > > >   > Gesendet: Dienstag, 27. Juli 2004 12:16
  > > >   > An: samba at lists.samba.org
  > > >   > Betreff: [Samba] Samba - LDAP - User cannot login from 1
  > > workstation
  > > >   >
  > > >   >
  > > >   > Hello, everyone,
  > > >   >
  > > >   > This is the situation :
  > > >   >
  > > >   > We have 2 sites; one domain; 2 samba's on every site; one is
  > > PDC, the
  > > >   > other is BDC.
  > > >   > They both use LDAP; the LDAP has a master on the site where the
  > > PDC
  > > > is;
  > > >   > the slave LDAP is on the site where the BDC is.
  > > >   >
  > > >   > There is a user (ONE to be precise) that gives problems when
  > > working
  > > > on
  > > > a
  > > >   > specific machine.
  > > >   >
  > > >   > When the user logs in using his machine; he can't access shares
  > > on
  > > > either
  > > >   > of the servers. When he logs in on any other machine, there is
  > > no
  > > > problem
  > > >   > whatsoever. When anybody else logs in using this user's machine,
  > > there
  > > > is
  > > >   > no problem either.
  > > >   > It's only when the user logs in on that specific machine.
  > > >   > The login is fine; I can see the user in the logs:
  > > >   >
  > > >   >   allier (192.168.3.196) connect to service netlogon initially
  > > as user
  > > >   > mschijva (uid=1015, gid=100) (pid 25065)
  > > >   > [2004/07/26 14:34:29, 1]
  > > smbd/service.c:make_connection_snum(619)
  > > >   >   allier (192.168.3.196) connect to service cvs initially as
  > > user
  > > >   > mschijva
  > > >   > (uid=1015, gid=100) (pid 25065)
  > > >   >
  > > >   > >From that point on, the shares can no longer be accessed.
  > > >   >
  > > >   > The machine HAS been used in the past in a domain with the same
  > > name,
  > > > but
  > > >   > with a different ID.
  > > >   > The user receives the 'old' sambasid from the server to avoid
  > > local
  > > >   > profile loss (deleting the user's local profile is NOT an option
  > > BTW).
  > > >   >
  > > >   > Where can I start looking for this ?
  > > >   > Any ideas anyone ?
  > > >   >
  > > >   > Thanks in advance
  > > >   >
  > > >   > Bert De Ridder
  > > >   >
  > > >   >
  > > >   >
  > > >   > --
  > > >   > To unsubscribe from this list go to the following URL and read
  > > the
  > > >   > instructions:  http://lists.samba.org/mailman/listinfo/samba
  > > >   >
  > > >
  > > >   --
  > > >   To unsubscribe from this list go to the following URL and read the
  > > >   instructions:  http://lists.samba.org/mailman/listinfo/samba
  > > >
  > > > --
  > > > To unsubscribe from this list go to the following URL and read the
  > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
  > >
  > > _______________________
  > > Umberto Zanatta
  > > linuxDidattica
  > >
  > > tel: +39 (335) 54 71 385
  > > email: umberto.z at tin.it
  > > web: http://linuxdidattica.org
  > > _______________________
  > > --
  > > To unsubscribe from this list go to the following URL and read the
  > > instructions:  http://lists.samba.org/mailman/listinfo/samba
  >
  > _______________________
  > Umberto Zanatta
  > linuxDidattica
  >
  > tel: +39 (335) 54 71 385
  > email: umberto.z at tin.it
  > web: http://linuxdidattica.org
  > _______________________
  > --
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  http://lists.samba.org/mailman/listinfo/samba
  >
  > --
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  http://lists.samba.org/mailman/listinfo/samba
  >

  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list