AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
workstation
Umberto Zanatta
uzanatta at provincia.treviso.it
Thu Jul 29 08:29:26 GMT 2004
Il gio, 2004-07-29 alle 07:55, Bert_De_Ridder at peopleware.be ha scritto:
> That is for roaming profiles, right ?
> Why would I want to set that ?
No, isn't. but you have to try; 'cos, in my opinion, of course, you
won't login in bdc;
but, the roaming profiles (home directory) must be in pdc;
if that works, you will try set (in bdc):
logon path = \\PDC\blablabla... (for win nt)
logon home = blablabla (for win 9x)
where PDC is the ip address of pdc. blablabla is the share;
u.
>
>
> That's not good if the user logs on from another site; the profile
> would have to come over the internet to his laptop.
>
> Or am I mistaking ?
>
>
> Bert
>
>
>
>
> Umberto Zanatta
> <uzanatta at provincia.treviso.it>
> Sent by:
> samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
>
> 28/07/2004 20:46
> To
> Bert_De_Ridder at peopleware.be
> cc
> samba at lists.samba.org
> Subject
> Re: AW: AW: AW:
> AW: [Samba] Samba
> - LDAP - User
> cannot
> loginfrom
> 1
> workstation
>
>
>
>
> You should try set
>
> logon path =
>
> u.
>
>
> Il mer, 2004-07-28 alle 15:09, Bert_De_Ridder at peopleware.be ha
> scritto:
>
> > It becomes VERY weird...
> >
> > This afternoon I witnessed the following : the user logged on to his
> pc;
> > accessed his home directory on the PDC; no problema; accessed
> another
> > share on the PDC; no problema; accessed a share on the BDC :
> connection
> > refused. Going back to the PDC to access the home directory :
> connection
> > refused.
> >
> > However; there were NO error entries in the logs on either Samba
> server.
> > Only entries like these :
> > [2004/07/28 13:29:38, 1] smbd/service.c:make_connection_snum(619)
> > allier (192.168.0.190) connect to service cvs initially as user
> mschijva
> > (uid=1015, gid=100) (pid 22284)
> >
> > I'm completely lost now....
> >
> >
> > Bert De Ridder
> >
> >
> >
> >
> > "Arno Seidel" <aseidel at aseidel.com>
> > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > 28/07/2004 11:24
> > Please respond to
> > aseidel at aseidel.com
> >
> >
> > To
> > <Bert_De_Ridder at peopleware.be>
> > cc
> > samba at lists.samba.org
> > Subject
> > AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom
> 1
> > workstation
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > what os does the client have? W98?
> >
> > in the system-controll folder there should be a icon (in german
> called
> > Verwaltung) whre the local policies , the settings for odbc ...and
> mor
> > are... there should be also an icon called
> > eventmanager / display... maybe there is a log entry?
> >
> > Did you see some errrors on the samba side (instead of the
> connection
> > reset
> > by peer) if you try a higher debug-/log-level?
> >
> > the other way is, that you back-up the users home-directory, and his
> > roaming-profile and completely remove him and (from windows / ldap /
> samba
> > ...) and readd him as a new
> > user with a empty home and profile-directory... and then just put
> the
> > saved-files (from the profile / homedirectory in the new created
> profile /
> > home-directory in.
> > it could be that there are some settings in the profile are wrong.
> >
> >
> >
> >
> > -----Ursprungliche Nachricht-----
> > Von: Bert_De_Ridder at peopleware.be
> [mailto:Bert_De_Ridder at peopleware.be]
> > Gesendet: Mittwoch, 28. Juli 2004 08:23
> > An: aseidel at aseidel.com
> > Cc: samba at lists.samba.org
> > Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot
> loginfrom 1
> > workstation
> >
> >
> >
> > Yes, I have checked the LDAP entry; I even recreated it; I tried
> the
> > user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP
> Prof.
> > The local permissions on the machine are OK; I can add the domain
> user
> > to
> > the local admin. group, so that should be ok.
> >
> > I agree that it is not a server-side issue; but where on the
> client can
> > I
> > start searching for errors ?
> >
> >
> > Regards,
> >
> > Bert De Ridder
> >
> > PeopleWare NV - Head Office
> > Cdt.Weynsstraat 85
> > B-2660 Hoboken
> > Tel: +32 3 448.33.38
> > Fax: +32 3 448.32.66
> >
> > PeopleWare NV - Branch Office Geel
> > Kleinhoefstraat 5
> > B-2440 Geel
> > Tel: +32 14 57.00.90
> > Fax: +32 14 58.13.25
> >
> > http://www.peopleware.be
> > http://www.mobileware.be
> >
> >
> > "Arno Seidel" <aseidel at aseidel.com>
> > Sent by:
> > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > 27/07/2004 17:56 Please respond to
> > aseidel at aseidel.com
> >
> >
> > To <samba at lists.samba.org>
> > cc
> > Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot
> > loginfrom 1 workstation
> >
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > did you check the ldap-entry for that user?? maybe there is a
> mistake...
> > are the other workstations you tried w2k too?
> > are the "local" permissions on the workstation for that user
> correct???
> > maybe there is a local-policy...
> > maybe there is a user-workstation entry in the ldapaccount...
> >
> > i don?t think that it has something to do with the configuration
> of the
> > samba /ldap servers, because other pc?s on the same segment have
> no
> > problems.
> >
> >
> > > -----Ursprungliche Nachricht-----
> > > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
> Auftrag
> > von
> > > Bert_De_Ridder at peopleware.be
> > > Gesendet: Dienstag, 27. Juli 2004 16:51
> > > An: Umberto Zanatta
> > > Cc: samba at lists.samba.org
> > > Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot
> loginfrom 1
> > > workstation
> > >
> > >
> > > Yes, but I hadn't included that in my previous post; I tried to
> trim
> > the
> > > message
> > >
> > > winbind uid = 100-20000
> > > winbind gid = 100-20000
> > > winbind separator = +
> > > winbind use default domain = Yes
> > >
> > > I am not using password server, because i want Samba to think
> it's on
> > the
> > > same server; however the LDAP on that server is a slave, so
> updates
> > are
> > > sent to our master LDAP server. (and back to the slave via the
> > replicator
> > > off course)
> > >
> > > I can use the shares via smbclient on the server; I really don't
> think
> > > there is an error on the server; since everything works when
> changing
> > all
> > > other conditions (switch pc or another user on that pc); it's
> just
> > that
> > > one user when working on that one machine.
> > >
> > >
> > > Bert De Ridder
> > >
> > >
> > >
> > >
> > >
> > > Umberto Zanatta <uzanatta at provincia.treviso.it>
> > > Sent by:
> samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > 27/07/2004 15:28
> > >
> > > To
> > > Bert_De_Ridder at peopleware.be
> > > cc
> > > samba at lists.samba.org
> > > Subject
> > > Re: AW: AW: [Samba] Samba - LDAP - User cannot login from
> 1
> > > workstation
> > >
> > >
> > >
> > >
> > >
> > >
> > > Have you tried configuring winbind? Of course, it's very
> important on
> > > Samba PDC+BDC+File Server.
> > >
> > > Perhaps, you've forgotten 'password server': it hasn't to be the
> ip of
> > > bdc, but the ip of pdc
> > > and 'security = domain';
> > >
> > > You should as well (for name resolver) add bcast to 'name
> resolve
> > > order'.
> > >
> > >
> > > Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha
> > scritto:
> > >
> > > > Ok, so the getpeername was a coincidence; I haven't seen it
> more
> > than
> > > > once, that's true.
> > > >
> > > > smb.conf:
> > > > [global]
> > > > domain master = No
> > > > domain logons = Yes
> > > > map to guest = never
> > > > netbios name = FATTY
> > > > workgroup = PEOPLEWARE
> > > > server string = Linux BDC
> > > > encrypt passwords = Yes
> > > > log level = 2
> > > > name resolve order = lmhosts wins
> > > > time server = Yes
> > > > socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
> > > > guest account = nobody
> > > > logon script = login.bat
> > > > logon path =
> > > > logon drive = H:
> > > > os level = 99
> > > > preferred master = No
> > > > wins support = Yes
> > > > wins server = 192.168.0.22
> > > > remote browse sync = 192.168.0.22
> > > > remote announce = 192.168.3.255/PEOPLEWARE
> > > > printing = cups
> > > > local master = yes
> > > > load printers = yes
> > > > printcap name = cups
> > > > passwd program =/usr/local/sbin/smbldap-passwd %u
> > > > passwd chat = *new*password* %n\n *new*password:* %n\
> > > > *successfully*
> > > > add machine script = /usr/local/sbin/smbldap-useradd
> -w u%
> > > > add user script = /usr/local/sbin/smbldap-useradd -a
> %u
> > > > delete user script = /usr/local/sbin/smbldap-userdel
> %u
> > > > add group script = /usr/local/sbin/smbldap-groupadd %g
> > > > delete group script = /usr/local/sbin/smbldap-groupdel
> %g
> > > > add user to group script =
> /usr/local/sbin/smbldap-groupmod
> > -m
> > > > %u %g
> > > > delete user from group script =
> > > > /usr/local/sbin/smbldap-groupmod -x %u %g
> > > > set primary group script =
> /usr/local/sbin/smbldap-usermod
> > -G
> > > > %g %u
> > > > passdb backend = ldapsam:ldap://127.0.0.1
> > > > ldap suffix = dc=peopleware,dc=be
> > > > ldap admin dn = cn=Manager,dc=peopleware,dc=be
> > > > ldap user suffix = ou=Users
> > > > ldap group suffix = ou=Groups
> > > > ldap machine suffix = ou=Computers
> > > > ldap idmap suffix = ou=Users
> > > > ldap passwd sync = Yes
> > > > ldap ssl = off
> > > >
> > > > [netlogon]
> > > > path = /var/lib/samba/netlogon
> > > > read only = No
> > > > create mask = 0600
> > > > directory mask = 0700
> > > > browseable = No
> > > > [homes]
> > > > comment = Home directories
> > > > path = /home/%U
> > > > read only = No
> > > > create mask = 0640
> > > > directory mask = 0750
> > > > browseable = Yes
> > > > [cvs]
> > > > path = /local/cvs
> > > > read only = No
> > > > create mask = 0777
> > > > force group = users
> > > > public = yes
> > > > guest ok = yes
> > > >
> > > > Bert De Ridder
> > > >
> > > >
> > > >
> > > > Umberto Zanatta
> > > > <uzanatta at provincia.treviso.it>
> > > > Sent by:
> > > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > >
> > > > 27/07/2004 14:57
> > > > To
> > > > Bert_De_Ridder at peopleware.be
> > > > cc
> > > > samba at lists.samba.org
> > > > Subject
> > > > Re: AW: AW:
> > > > [Samba] Samba -
> > > > LDAP - User
> > > > cannot login from
> > > > 1
> > > > workstation
> > > >
> > > >
> > > >
> > > >
> > > > No, isn't; but, there's some problems in resolvconf/hosts/dns.
> > > >
> > > > """
> > > > getpeername failed
> > > > """
> > > >
> > > > Meanwihile, should you post the smb.conf related to?
> > > >
> > > > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
> > > > scritto:
> > > >
> > > > > That's true...
> > > > >
> > > > > The message is :
> > > > >
> > > > > <sharename> is not accessible
> > > > > Network access is denied
> > > > > <OK>
> > > > >
> > > > > Even if I navigate to the share CVS (which works during
> login -
> > see
> > > > my
> > > > > original mail) I get that message.
> > > > >
> > > > > I don't know whether it's related, but I now notice other
> messages
> > > > in the
> > > > > log :
> > > > >
> > > > > [2004/07/26 14:24:32, 1]
> smbd/service.c:make_connection_snum(619)
> > > > > allier (192.168.3.196) connect to service cvs initially as
> user
> > > > mschijva
> > > > > (uid=1015, gid=100) (pid 24964)
> > > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
> > > > > getpeername failed. Error was Transport endpoint is not
> > connected
> > > > > [2004/07/26 14:24:48, 0]
> lib/util_sock.c:read_socket_data(367)
> > > > > read_socket_data: recv failure for 4. Error = Connection
> reset
> > by
> > > > peer
> > > > >
> > > > >
> > > > > Do you think it's related?
> > > > >
> > > > >
> > > > >
> > > > > Bert
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > "Arno Seidel" <aseidel at aseidel.com>
> > > > > Sent by:
> > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > > > 27/07/2004 13:15
> > > > > Please respond to
> > > > > aseidel at aseidel.com
> > > > >
> > > > >
> > > > > To
> > > > > "Samba" <samba at lists.samba.org>
> > > > > cc
> > > > >
> > > > > Subject
> > > > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1
> > workstation
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > hm i don?t think that it has something to do with the
> > > > trus-relationship if
> > > > > it where so than every user on that pc would get a permision
> > denied.
> > > > > what does the error message exactly says?
> > > > > example:
> > > > > Access denied, the network path was not found...
> > > > >
> > > > >
> > > > > -----Ursprungliche Nachricht-----
> > > > > Von: Bert_De_Ridder at peopleware.be
> > > > [mailto:Bert_De_Ridder at peopleware.be]
> > > > > Gesendet: Dienstag, 27. Juli 2004 12:57
> > > > > An: aseidel at aseidel.com
> > > > > Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login
> from 1
> > > > > workstation
> > > > >
> > > > >
> > > > >
> > > > > I have checked the user's permissions; I am convinced that
> it is
> > > > not a
> > > > > server setting since the error 'Access denied' (on the
> client -
> > > > Win2K)
> > > > > does
> > > > > not happen when the user logs on to another workstation.
> > > > > I think it has something to do with the trust
> relationship; but
> > I
> > > > > haven't
> > > > > got a clue where to start looking for it.
> > > > >
> > > > > What loglevel would you suggest ?
> > > > >
> > > > >
> > > > > Bert
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > "Arno Seidel" <aseidel at aseidel.com>
> > > > > Sent by:
> > > > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > > > 27/07/2004 12:30 Please respond to
> > > > > aseidel at aseidel.com
> > > > >
> > > > >
> > > > > To <samba at lists.samba.org>
> > > > > cc
> > > > > Subject AW: [Samba] Samba - LDAP - User cannot
> login
> > > > from 1
> > > > > workstation
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > did you checked the users permissions??
> > > > > group-entrys... share/directory permissions
> > > > > which account flags does the user have.
> > > > > did you rise the loglevel to get some more informations?
> > > > > what error message do you receive on the windows-pc?
> > > > >
> > > > > this is no a solution... but may bring you on the right
> way
> > > > >
> > > > > > -----Ursprungliche Nachricht-----
> > > > > > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > > > > >
> [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
> > > > Auftrag
> > > > > von
> > > > > > Bert_De_Ridder at peopleware.be
> > > > > > Gesendet: Dienstag, 27. Juli 2004 12:16
> > > > > > An: samba at lists.samba.org
> > > > > > Betreff: [Samba] Samba - LDAP - User cannot login from 1
> > > > workstation
> > > > > >
> > > > > >
> > > > > > Hello, everyone,
> > > > > >
> > > > > > This is the situation :
> > > > > >
> > > > > > We have 2 sites; one domain; 2 samba's on every site;
> one is
> > > > PDC, the
> > > > > > other is BDC.
> > > > > > They both use LDAP; the LDAP has a master on the site
> where
> > the
> > > > PDC
> > > > > is;
> > > > > > the slave LDAP is on the site where the BDC is.
> > > > > >
> > > > > > There is a user (ONE to be precise) that gives problems
> when
> > > > working
> > > > > on
> > > > > a
> > > > > > specific machine.
> > > > > >
> > > > > > When the user logs in using his machine; he can't access
> > shares
> > > > on
> > > > > either
> > > > > > of the servers. When he logs in on any other machine,
> there is
> > > > no
> > > > > problem
> > > > > > whatsoever. When anybody else logs in using this user's
> > machine,
> > > > there
> > > > > is
> > > > > > no problem either.
> > > > > > It's only when the user logs in on that specific
> machine.
> > > > > > The login is fine; I can see the user in the logs:
> > > > > >
> > > > > > allier (192.168.3.196) connect to service netlogon
> initially
> > > > as user
> > > > > > mschijva (uid=1015, gid=100) (pid 25065)
> > > > > > [2004/07/26 14:34:29, 1]
> > > > smbd/service.c:make_connection_snum(619)
> > > > > > allier (192.168.3.196) connect to service cvs
> initially as
> > > > user
> > > > > > mschijva
> > > > > > (uid=1015, gid=100) (pid 25065)
> > > > > >
> > > > > > >From that point on, the shares can no longer be
> accessed.
> > > > > >
> > > > > > The machine HAS been used in the past in a domain with
> the
> > same
> > > > name,
> > > > > but
> > > > > > with a different ID.
> > > > > > The user receives the 'old' sambasid from the server to
> avoid
> > > > local
> > > > > > profile loss (deleting the user's local profile is NOT
> an
> > option
> > > > BTW).
> > > > > >
> > > > > > Where can I start looking for this ?
> > > > > > Any ideas anyone ?
> > > > > >
> > > > > > Thanks in advance
> > > > > >
> > > > > > Bert De Ridder
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL
> and read
> > > > the
> > > > > > instructions:
> http://lists.samba.org/mailman/listinfo/samba
> > > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and
> read
> > the
> > > > > instructions:
> http://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and
> read the
> > > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > >
> > > > _______________________
> > > > Umberto Zanatta
> > > > linuxDidattica
> > > >
> > > > tel: +39 (335) 54 71 385
> > > > email: umberto.z at tin.it
> > > > web: http://linuxdidattica.org
> > > > _______________________
> > > > --
> > > > To unsubscribe from this list go to the following URL and read
> the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> > > _______________________
> > > Umberto Zanatta
> > > linuxDidattica
> > >
> > > tel: +39 (335) 54 71 385
> > > email: umberto.z at tin.it
> > > web: http://linuxdidattica.org
> > > _______________________
> > > --
> > > To unsubscribe from this list go to the following URL and read
> the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
> the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
> _______________________
> Umberto Zanatta
> linuxDidattica
>
> tel: +39 (335) 54 71 385
> email: umberto.z at tin.it
> web: http://linuxdidattica.org
> _______________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z at tin.it
web: http://linuxdidattica.org
_______________________
More information about the samba
mailing list