AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
workstation
Umberto Zanatta
uzanatta at provincia.treviso.it
Wed Jul 28 18:46:13 GMT 2004
You should try set
logon path =
u.
Il mer, 2004-07-28 alle 15:09, Bert_De_Ridder at peopleware.be ha scritto:
> It becomes VERY weird...
>
> This afternoon I witnessed the following : the user logged on to his pc;
> accessed his home directory on the PDC; no problema; accessed another
> share on the PDC; no problema; accessed a share on the BDC : connection
> refused. Going back to the PDC to access the home directory : connection
> refused.
>
> However; there were NO error entries in the logs on either Samba server.
> Only entries like these :
> [2004/07/28 13:29:38, 1] smbd/service.c:make_connection_snum(619)
> allier (192.168.0.190) connect to service cvs initially as user mschijva
> (uid=1015, gid=100) (pid 22284)
>
> I'm completely lost now....
>
>
> Bert De Ridder
>
>
>
>
> "Arno Seidel" <aseidel at aseidel.com>
> Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> 28/07/2004 11:24
> Please respond to
> aseidel at aseidel.com
>
>
> To
> <Bert_De_Ridder at peopleware.be>
> cc
> samba at lists.samba.org
> Subject
> AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
> workstation
>
>
>
>
>
>
> Hi,
>
> what os does the client have? W98?
>
> in the system-controll folder there should be a icon (in german called
> Verwaltung) whre the local policies , the settings for odbc ...and mor
> are... there should be also an icon called
> eventmanager / display... maybe there is a log entry?
>
> Did you see some errrors on the samba side (instead of the connection
> reset
> by peer) if you try a higher debug-/log-level?
>
> the other way is, that you back-up the users home-directory, and his
> roaming-profile and completely remove him and (from windows / ldap / samba
> ...) and readd him as a new
> user with a empty home and profile-directory... and then just put the
> saved-files (from the profile / homedirectory in the new created profile /
> home-directory in.
> it could be that there are some settings in the profile are wrong.
>
>
>
>
> -----Ursprungliche Nachricht-----
> Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
> Gesendet: Mittwoch, 28. Juli 2004 08:23
> An: aseidel at aseidel.com
> Cc: samba at lists.samba.org
> Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
> workstation
>
>
>
> Yes, I have checked the LDAP entry; I even recreated it; I tried the
> user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP Prof.
> The local permissions on the machine are OK; I can add the domain user
> to
> the local admin. group, so that should be ok.
>
> I agree that it is not a server-side issue; but where on the client can
> I
> start searching for errors ?
>
>
> Regards,
>
> Bert De Ridder
>
> PeopleWare NV - Head Office
> Cdt.Weynsstraat 85
> B-2660 Hoboken
> Tel: +32 3 448.33.38
> Fax: +32 3 448.32.66
>
> PeopleWare NV - Branch Office Geel
> Kleinhoefstraat 5
> B-2440 Geel
> Tel: +32 14 57.00.90
> Fax: +32 14 58.13.25
>
> http://www.peopleware.be
> http://www.mobileware.be
>
>
> "Arno Seidel" <aseidel at aseidel.com>
> Sent by:
> samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> 27/07/2004 17:56 Please respond to
> aseidel at aseidel.com
>
>
> To <samba at lists.samba.org>
> cc
> Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot
> loginfrom 1 workstation
>
>
>
>
>
>
>
> Hi,
>
> did you check the ldap-entry for that user?? maybe there is a mistake...
> are the other workstations you tried w2k too?
> are the "local" permissions on the workstation for that user correct???
> maybe there is a local-policy...
> maybe there is a user-workstation entry in the ldapaccount...
>
> i don?t think that it has something to do with the configuration of the
> samba /ldap servers, because other pc?s on the same segment have no
> problems.
>
>
> > -----Ursprungliche Nachricht-----
> > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im Auftrag
> von
> > Bert_De_Ridder at peopleware.be
> > Gesendet: Dienstag, 27. Juli 2004 16:51
> > An: Umberto Zanatta
> > Cc: samba at lists.samba.org
> > Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
> > workstation
> >
> >
> > Yes, but I hadn't included that in my previous post; I tried to trim
> the
> > message
> >
> > winbind uid = 100-20000
> > winbind gid = 100-20000
> > winbind separator = +
> > winbind use default domain = Yes
> >
> > I am not using password server, because i want Samba to think it's on
> the
> > same server; however the LDAP on that server is a slave, so updates
> are
> > sent to our master LDAP server. (and back to the slave via the
> replicator
> > off course)
> >
> > I can use the shares via smbclient on the server; I really don't think
> > there is an error on the server; since everything works when changing
> all
> > other conditions (switch pc or another user on that pc); it's just
> that
> > one user when working on that one machine.
> >
> >
> > Bert De Ridder
> >
> >
> >
> >
> >
> > Umberto Zanatta <uzanatta at provincia.treviso.it>
> > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > 27/07/2004 15:28
> >
> > To
> > Bert_De_Ridder at peopleware.be
> > cc
> > samba at lists.samba.org
> > Subject
> > Re: AW: AW: [Samba] Samba - LDAP - User cannot login from 1
> > workstation
> >
> >
> >
> >
> >
> >
> > Have you tried configuring winbind? Of course, it's very important on
> > Samba PDC+BDC+File Server.
> >
> > Perhaps, you've forgotten 'password server': it hasn't to be the ip of
> > bdc, but the ip of pdc
> > and 'security = domain';
> >
> > You should as well (for name resolver) add bcast to 'name resolve
> > order'.
> >
> >
> > Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha
> scritto:
> >
> > > Ok, so the getpeername was a coincidence; I haven't seen it more
> than
> > > once, that's true.
> > >
> > > smb.conf:
> > > [global]
> > > domain master = No
> > > domain logons = Yes
> > > map to guest = never
> > > netbios name = FATTY
> > > workgroup = PEOPLEWARE
> > > server string = Linux BDC
> > > encrypt passwords = Yes
> > > log level = 2
> > > name resolve order = lmhosts wins
> > > time server = Yes
> > > socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
> > > guest account = nobody
> > > logon script = login.bat
> > > logon path =
> > > logon drive = H:
> > > os level = 99
> > > preferred master = No
> > > wins support = Yes
> > > wins server = 192.168.0.22
> > > remote browse sync = 192.168.0.22
> > > remote announce = 192.168.3.255/PEOPLEWARE
> > > printing = cups
> > > local master = yes
> > > load printers = yes
> > > printcap name = cups
> > > passwd program =/usr/local/sbin/smbldap-passwd %u
> > > passwd chat = *new*password* %n\n *new*password:* %n\
> > > *successfully*
> > > add machine script = /usr/local/sbin/smbldap-useradd -w u%
> > > add user script = /usr/local/sbin/smbldap-useradd -a %u
> > > delete user script = /usr/local/sbin/smbldap-userdel %u
> > > add group script = /usr/local/sbin/smbldap-groupadd %g
> > > delete group script = /usr/local/sbin/smbldap-groupdel %g
> > > add user to group script = /usr/local/sbin/smbldap-groupmod
> -m
> > > %u %g
> > > delete user from group script =
> > > /usr/local/sbin/smbldap-groupmod -x %u %g
> > > set primary group script = /usr/local/sbin/smbldap-usermod
> -G
> > > %g %u
> > > passdb backend = ldapsam:ldap://127.0.0.1
> > > ldap suffix = dc=peopleware,dc=be
> > > ldap admin dn = cn=Manager,dc=peopleware,dc=be
> > > ldap user suffix = ou=Users
> > > ldap group suffix = ou=Groups
> > > ldap machine suffix = ou=Computers
> > > ldap idmap suffix = ou=Users
> > > ldap passwd sync = Yes
> > > ldap ssl = off
> > >
> > > [netlogon]
> > > path = /var/lib/samba/netlogon
> > > read only = No
> > > create mask = 0600
> > > directory mask = 0700
> > > browseable = No
> > > [homes]
> > > comment = Home directories
> > > path = /home/%U
> > > read only = No
> > > create mask = 0640
> > > directory mask = 0750
> > > browseable = Yes
> > > [cvs]
> > > path = /local/cvs
> > > read only = No
> > > create mask = 0777
> > > force group = users
> > > public = yes
> > > guest ok = yes
> > >
> > > Bert De Ridder
> > >
> > >
> > >
> > > Umberto Zanatta
> > > <uzanatta at provincia.treviso.it>
> > > Sent by:
> > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > >
> > > 27/07/2004 14:57
> > > To
> > > Bert_De_Ridder at peopleware.be
> > > cc
> > > samba at lists.samba.org
> > > Subject
> > > Re: AW: AW:
> > > [Samba] Samba -
> > > LDAP - User
> > > cannot login from
> > > 1
> > > workstation
> > >
> > >
> > >
> > >
> > > No, isn't; but, there's some problems in resolvconf/hosts/dns.
> > >
> > > """
> > > getpeername failed
> > > """
> > >
> > > Meanwihile, should you post the smb.conf related to?
> > >
> > > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
> > > scritto:
> > >
> > > > That's true...
> > > >
> > > > The message is :
> > > >
> > > > <sharename> is not accessible
> > > > Network access is denied
> > > > <OK>
> > > >
> > > > Even if I navigate to the share CVS (which works during login -
> see
> > > my
> > > > original mail) I get that message.
> > > >
> > > > I don't know whether it's related, but I now notice other messages
> > > in the
> > > > log :
> > > >
> > > > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
> > > > allier (192.168.3.196) connect to service cvs initially as user
> > > mschijva
> > > > (uid=1015, gid=100) (pid 24964)
> > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
> > > > getpeername failed. Error was Transport endpoint is not
> connected
> > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
> > > > read_socket_data: recv failure for 4. Error = Connection reset
> by
> > > peer
> > > >
> > > >
> > > > Do you think it's related?
> > > >
> > > >
> > > >
> > > > Bert
> > > >
> > > >
> > > >
> > > >
> > > > "Arno Seidel" <aseidel at aseidel.com>
> > > > Sent by:
> samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > > 27/07/2004 13:15
> > > > Please respond to
> > > > aseidel at aseidel.com
> > > >
> > > >
> > > > To
> > > > "Samba" <samba at lists.samba.org>
> > > > cc
> > > >
> > > > Subject
> > > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1
> workstation
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > hm i don?t think that it has something to do with the
> > > trus-relationship if
> > > > it where so than every user on that pc would get a permision
> denied.
> > > > what does the error message exactly says?
> > > > example:
> > > > Access denied, the network path was not found...
> > > >
> > > >
> > > > -----Ursprungliche Nachricht-----
> > > > Von: Bert_De_Ridder at peopleware.be
> > > [mailto:Bert_De_Ridder at peopleware.be]
> > > > Gesendet: Dienstag, 27. Juli 2004 12:57
> > > > An: aseidel at aseidel.com
> > > > Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 1
> > > > workstation
> > > >
> > > >
> > > >
> > > > I have checked the user's permissions; I am convinced that it is
> > > not a
> > > > server setting since the error 'Access denied' (on the client -
> > > Win2K)
> > > > does
> > > > not happen when the user logs on to another workstation.
> > > > I think it has something to do with the trust relationship; but
> I
> > > > haven't
> > > > got a clue where to start looking for it.
> > > >
> > > > What loglevel would you suggest ?
> > > >
> > > >
> > > > Bert
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "Arno Seidel" <aseidel at aseidel.com>
> > > > Sent by:
> > > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > > 27/07/2004 12:30 Please respond to
> > > > aseidel at aseidel.com
> > > >
> > > >
> > > > To <samba at lists.samba.org>
> > > > cc
> > > > Subject AW: [Samba] Samba - LDAP - User cannot login
> > > from 1
> > > > workstation
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > did you checked the users permissions??
> > > > group-entrys... share/directory permissions
> > > > which account flags does the user have.
> > > > did you rise the loglevel to get some more informations?
> > > > what error message do you receive on the windows-pc?
> > > >
> > > > this is no a solution... but may bring you on the right way
> > > >
> > > > > -----Ursprungliche Nachricht-----
> > > > > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > > > > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
> > > Auftrag
> > > > von
> > > > > Bert_De_Ridder at peopleware.be
> > > > > Gesendet: Dienstag, 27. Juli 2004 12:16
> > > > > An: samba at lists.samba.org
> > > > > Betreff: [Samba] Samba - LDAP - User cannot login from 1
> > > workstation
> > > > >
> > > > >
> > > > > Hello, everyone,
> > > > >
> > > > > This is the situation :
> > > > >
> > > > > We have 2 sites; one domain; 2 samba's on every site; one is
> > > PDC, the
> > > > > other is BDC.
> > > > > They both use LDAP; the LDAP has a master on the site where
> the
> > > PDC
> > > > is;
> > > > > the slave LDAP is on the site where the BDC is.
> > > > >
> > > > > There is a user (ONE to be precise) that gives problems when
> > > working
> > > > on
> > > > a
> > > > > specific machine.
> > > > >
> > > > > When the user logs in using his machine; he can't access
> shares
> > > on
> > > > either
> > > > > of the servers. When he logs in on any other machine, there is
> > > no
> > > > problem
> > > > > whatsoever. When anybody else logs in using this user's
> machine,
> > > there
> > > > is
> > > > > no problem either.
> > > > > It's only when the user logs in on that specific machine.
> > > > > The login is fine; I can see the user in the logs:
> > > > >
> > > > > allier (192.168.3.196) connect to service netlogon initially
> > > as user
> > > > > mschijva (uid=1015, gid=100) (pid 25065)
> > > > > [2004/07/26 14:34:29, 1]
> > > smbd/service.c:make_connection_snum(619)
> > > > > allier (192.168.3.196) connect to service cvs initially as
> > > user
> > > > > mschijva
> > > > > (uid=1015, gid=100) (pid 25065)
> > > > >
> > > > > >From that point on, the shares can no longer be accessed.
> > > > >
> > > > > The machine HAS been used in the past in a domain with the
> same
> > > name,
> > > > but
> > > > > with a different ID.
> > > > > The user receives the 'old' sambasid from the server to avoid
> > > local
> > > > > profile loss (deleting the user's local profile is NOT an
> option
> > > BTW).
> > > > >
> > > > > Where can I start looking for this ?
> > > > > Any ideas anyone ?
> > > > >
> > > > > Thanks in advance
> > > > >
> > > > > Bert De Ridder
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read
> > > the
> > > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read
> the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> > > _______________________
> > > Umberto Zanatta
> > > linuxDidattica
> > >
> > > tel: +39 (335) 54 71 385
> > > email: umberto.z at tin.it
> > > web: http://linuxdidattica.org
> > > _______________________
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> > _______________________
> > Umberto Zanatta
> > linuxDidattica
> >
> > tel: +39 (335) 54 71 385
> > email: umberto.z at tin.it
> > web: http://linuxdidattica.org
> > _______________________
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z at tin.it
web: http://linuxdidattica.org
_______________________
More information about the samba
mailing list