AW: [Samba] Samba - LDAP - User cannot loginfrom 1workstation

Bert_De_Ridder at peopleware.be Bert_De_Ridder at peopleware.be
Thu Jul 29 12:05:32 GMT 2004


I have tried everything : logging of the user; rebooting machines... 

I have thought about giving a new username; but there are lots of programs 
installed on his machine; all with registry dependencies (Delphi 5 for 
one) and creating a new user would make him loose all his settings (we 
don't save the profile on the servers) 

Samba sid et all are correct. 

Bert De Ridder
 




"Arno Seidel" <aseidel at aseidel.com> 
Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
29/07/2004 11:01
Please respond to
aseidel at aseidel.com


To
<samba at lists.samba.org>
cc

Subject
AW: [Samba] Samba - LDAP - User cannot loginfrom        1workstation






Hi,

i?m wondering about that this behavior is only for one user..
why does another user in the same segment of the domain not behave 
similar?
How did you changed the users to try?? Did you just log of the user 
mschijva
and logged on with a diffrent user again..
or did you restart the computer and logged in as a diffrent user?
just a silly question: when this is the only one user with that behavior 
why
you don?t give him a new
username?
Did you checked the uid / samba-SID and any nurmeric value of that user in
his ldap-entry?

  -----Ursprungliche Nachricht-----
  Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
  Gesendet: Mittwoch, 28. Juli 2004 15:09
  An: aseidel at aseidel.com
  Cc: samba at lists.samba.org
  Betreff: Re: AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot 
loginfrom
1workstation



  It becomes VERY weird...

  This afternoon I witnessed the following : the user logged on to his pc;
accessed his home directory on the PDC; no problema; accessed another 
share
on the PDC; no problema; accessed a share on the BDC : connection refused.
Going back to the PDC to access the home directory : connection refused.

  However; there were NO error entries in the logs on either Samba server.
Only entries like these :
  [2004/07/28 13:29:38, 1] smbd/service.c:make_connection_snum(619)
    allier (192.168.0.190) connect to service cvs initially as user 
mschijva
(uid=1015, gid=100) (pid 22284)

  I'm completely lost now....


  Bert De Ridder



        "Arno Seidel" <aseidel at aseidel.com>
        Sent by: 
samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
        28/07/2004 11:24 Please respond to
              aseidel at aseidel.com


       To <Bert_De_Ridder at peopleware.be>
              cc samba at lists.samba.org
              Subject AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot
loginfrom        1        workstation







  Hi,

  what os does the client have? W98?

  in the system-controll folder there should be a icon (in german called
  Verwaltung) whre the local policies , the settings for odbc ...and mor
  are... there should be also an icon called
  eventmanager / display... maybe there is a log entry?

  Did you see some errrors on the samba side (instead of the connection
reset
  by peer) if you try a higher debug-/log-level?

  the other way is, that you back-up the users home-directory, and his
  roaming-profile and completely remove him and (from windows / ldap / 
samba
  ...) and readd him as a new
  user with a empty home and profile-directory... and then just put the
  saved-files (from the profile / homedirectory in the new created profile 
/
  home-directory in.
  it could be that there are some settings in the profile are wrong.




  -----Ursprungliche Nachricht-----
  Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
  Gesendet: Mittwoch, 28. Juli 2004 08:23
  An: aseidel at aseidel.com
  Cc: samba at lists.samba.org
  Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
  workstation



   Yes, I have checked the LDAP entry; I even recreated it; I tried the
  user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP Prof.
   The local permissions on the machine are OK; I can add the domain user 
to
  the local admin. group, so that should be ok.

   I agree that it is not a server-side issue; but where on the client can 
I
  start searching for errors ?


   Regards,

   Bert De Ridder

   PeopleWare NV - Head Office
   Cdt.Weynsstraat 85
   B-2660 Hoboken
   Tel: +32 3 448.33.38
   Fax: +32 3 448.32.66

   PeopleWare NV - Branch Office Geel
   Kleinhoefstraat 5
   B-2440 Geel
   Tel: +32 14 57.00.90
   Fax: +32 14 58.13.25

   http://www.peopleware.be
   http://www.mobileware.be


         "Arno Seidel" <aseidel at aseidel.com>
         Sent by: 
samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
         27/07/2004 17:56 Please respond to
               aseidel at aseidel.com


        To <samba at lists.samba.org>
               cc
               Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot
  loginfrom        1        workstation







   Hi,

   did you check the ldap-entry for that user?? maybe there is a 
mistake...
   are the other workstations you tried w2k too?
   are the "local" permissions on the workstation for that user correct???
   maybe there is a local-policy...
   maybe there is a user-workstation entry in the ldapaccount...

   i don?t think that it has something to do with the configuration of the
   samba /ldap servers, because other pc?s on the same segment have no
   problems.


   > -----Ursprungliche Nachricht-----
   > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
   > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im Auftrag
von
   > Bert_De_Ridder at peopleware.be
   > Gesendet: Dienstag, 27. Juli 2004 16:51
   > An: Umberto Zanatta
   > Cc: samba at lists.samba.org
   > Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
   > workstation
   >
   >
   > Yes, but I hadn't included that in my previous post; I tried to trim
the
   > message
   >
   > winbind uid = 100-20000
   > winbind gid = 100-20000
   > winbind separator = +
   > winbind use default domain = Yes
   >
   > I am not using password server, because i want Samba to think it's on
  the
   > same server; however the LDAP on that server is a slave, so updates 
are
   > sent to our master LDAP server. (and back to the slave via the
  replicator
   > off course)
   >
   > I can use the shares via smbclient on the server; I really don't 
think
   > there is an error on the server; since everything works when changing
  all
   > other conditions (switch pc or another user on that pc); it's just 
that
   > one user when working on that one machine.
   >
   >
   > Bert De Ridder
   >
   >
   >
   >
   >
   > Umberto Zanatta <uzanatta at provincia.treviso.it>
   > Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
   > 27/07/2004 15:28
   >
   > To
   > Bert_De_Ridder at peopleware.be
   > cc
   > samba at lists.samba.org
   > Subject
   > Re: AW: AW: [Samba] Samba - LDAP - User cannot login from       1
   > workstation
   >
   >
   >
   >
   >
   >
   > Have you tried configuring winbind? Of course, it's very important on
   > Samba PDC+BDC+File Server.
   >
   > Perhaps, you've forgotten 'password server': it hasn't to be the ip 
of
   > bdc, but the ip of pdc
   > and 'security = domain';
   >
   > You should as well (for name resolver) add bcast to 'name resolve
   > order'.
   >
   >
   > Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha 
scritto:
   >
   > > Ok, so the getpeername was a coincidence; I haven't seen it more 
than
   > > once, that's true.
   > >
   > > smb.conf:
   > > [global]
   > >         domain master = No
   > >         domain logons = Yes
   > >         map to guest = never
   > >         netbios name = FATTY
   > >         workgroup = PEOPLEWARE
   > >         server string = Linux BDC
   > >         encrypt passwords = Yes
   > >         log level = 2
   > >         name resolve order = lmhosts wins
   > >         time server = Yes
   > >         socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
   > >         guest account = nobody
   > >         logon script = login.bat
   > >         logon path =
   > >         logon drive = H:
   > >         os level = 99
   > >         preferred master = No
   > >         wins support = Yes
   > >         wins server = 192.168.0.22
   > >         remote browse sync = 192.168.0.22
   > >         remote announce = 192.168.3.255/PEOPLEWARE
   > >         printing = cups
   > >         local master = yes
   > >         load printers = yes
   > >         printcap name = cups
   > >         passwd program =/usr/local/sbin/smbldap-passwd %u
   > >         passwd chat = *new*password* %n\n *new*password:* %n\
   > > *successfully*
   > >         add machine script = /usr/local/sbin/smbldap-useradd -w u%
   > >         add user script = /usr/local/sbin/smbldap-useradd -a %u
   > >         delete user script = /usr/local/sbin/smbldap-userdel %u
   > >         add group script = /usr/local/sbin/smbldap-groupadd %g
   > >         delete group script = /usr/local/sbin/smbldap-groupdel %g
   > >         add user to group script =
/usr/local/sbin/smbldap-groupmod -m
   > > %u %g
   > >         delete user from group script =
   > > /usr/local/sbin/smbldap-groupmod -x %u %g
   > >         set primary group script = /usr/local/sbin/smbldap-usermod 
-G
   > > %g %u
   > >         passdb backend = ldapsam:ldap://127.0.0.1
   > >         ldap suffix = dc=peopleware,dc=be
   > >         ldap admin dn = cn=Manager,dc=peopleware,dc=be
   > >         ldap user suffix = ou=Users
   > >         ldap group suffix = ou=Groups
   > >         ldap machine suffix = ou=Computers
   > >         ldap idmap suffix = ou=Users
   > >         ldap passwd sync = Yes
   > >         ldap ssl = off
   > >
   > > [netlogon]
   > >         path = /var/lib/samba/netlogon
   > >         read only = No
   > >         create mask = 0600
   > >         directory mask = 0700
   > >         browseable = No
   > > [homes]
   > >         comment = Home directories
   > >         path = /home/%U
   > >         read only = No
   > >         create mask = 0640
   > >         directory mask = 0750
   > >         browseable = Yes
   > > [cvs]
   > >      path = /local/cvs
   > >      read only = No
   > >      create mask = 0777
   > >      force group = users
   > >      public = yes
   > >      guest ok = yes
   > >
   > > Bert De Ridder
   > >
   > >
   > >
   > > Umberto Zanatta
   > > <uzanatta at provincia.treviso.it>
   > > Sent by:
   > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
   > >
   > > 27/07/2004 14:57
   > >                To
   > > Bert_De_Ridder at peopleware.be
   > >                cc
   > > samba at lists.samba.org
   > >           Subject
   > > Re: AW: AW:
   > > [Samba] Samba -
   > > LDAP - User
   > > cannot login from
   > > 1
   > > workstation
   > >
   > >
   > >
   > >
   > > No, isn't; but, there's some problems in resolvconf/hosts/dns.
   > >
   > > """
   > > getpeername failed
   > > """
   > >
   > > Meanwihile, should you post the smb.conf related to?
   > >
   > > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
   > > scritto:
   > >
   > > > That's true...
   > > >
   > > > The message is :
   > > >
   > > > <sharename> is not accessible
   > > > Network access is denied
   > > >                  <OK>
   > > >
   > > > Even if I navigate to the share CVS (which works during login - 
see
   > > my
   > > > original mail) I get that message.
   > > >
   > > > I don't know whether it's related, but I now notice other 
messages
   > > in the
   > > > log :
   > > >
   > > > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
   > > > allier (192.168.3.196) connect to service cvs initially as user
   > > mschijva
   > > > (uid=1015, gid=100) (pid 24964)
   > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
   > > >   getpeername failed. Error was Transport endpoint is not 
connected
   > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
   > > >   read_socket_data: recv failure for 4. Error = Connection reset 
by
   > > peer
   > > >
   > > >
   > > > Do you think it's related?
   > > >
   > > >
   > > >
   > > > Bert
   > > >
   > > >
   > > >
   > > >
   > > > "Arno Seidel" <aseidel at aseidel.com>
   > > > Sent by: 
samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
   > > > 27/07/2004 13:15
   > > > Please respond to
   > > > aseidel at aseidel.com
   > > >
   > > >
   > > > To
   > > > "Samba" <samba at lists.samba.org>
   > > > cc
   > > >
   > > > Subject
   > > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1 
workstation
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >
   > > > Hi,
   > > >
   > > > hm i don?t think that it has something to do with the
   > > trus-relationship if
   > > > it where so than every user on that pc would get a permision
denied.
   > > > what does the error message exactly says?
   > > > example:
   > > > Access denied, the network path was not found...
   > > >
   > > >
   > > >   -----Ursprungliche Nachricht-----
   > > >   Von: Bert_De_Ridder at peopleware.be
   > > [mailto:Bert_De_Ridder at peopleware.be]
   > > >   Gesendet: Dienstag, 27. Juli 2004 12:57
   > > >   An: aseidel at aseidel.com
   > > >   Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 
1
   > > > workstation
   > > >
   > > >
   > > >
   > > >   I have checked the user's permissions; I am convinced that it 
is
   > > not a
   > > > server setting since the error 'Access denied' (on the client -
   > > Win2K)
   > > > does
   > > > not happen when the user logs on to another workstation.
   > > >   I think it has something to do with the trust relationship; but 
I
   > > > haven't
   > > > got a clue where to start looking for it.
   > > >
   > > >   What loglevel would you suggest ?
   > > >
   > > >
   > > >   Bert
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >         "Arno Seidel" <aseidel at aseidel.com>
   > > >         Sent by:
   > > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
   > > >         27/07/2004 12:30 Please respond to
   > > >               aseidel at aseidel.com
   > > >
   > > >
   > > >        To <samba at lists.samba.org>
   > > >               cc
   > > >               Subject AW: [Samba] Samba - LDAP - User cannot 
login
   > > from 1
   > > > workstation
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >   Hi,
   > > >
   > > >   did you checked the users permissions??
   > > >   group-entrys... share/directory permissions
   > > >   which account flags does the user have.
   > > >   did you rise the loglevel to get some more informations?
   > > >   what error message do you receive on the windows-pc?
   > > >
   > > >   this is no a solution... but may bring you on the right way
   > > >
   > > >   > -----Ursprungliche Nachricht-----
   > > >   > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
   > > >   > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
   > > Auftrag
   > > > von
   > > >   > Bert_De_Ridder at peopleware.be
   > > >   > Gesendet: Dienstag, 27. Juli 2004 12:16
   > > >   > An: samba at lists.samba.org
   > > >   > Betreff: [Samba] Samba - LDAP - User cannot login from 1
   > > workstation
   > > >   >
   > > >   >
   > > >   > Hello, everyone,
   > > >   >
   > > >   > This is the situation :
   > > >   >
   > > >   > We have 2 sites; one domain; 2 samba's on every site; one is
   > > PDC, the
   > > >   > other is BDC.
   > > >   > They both use LDAP; the LDAP has a master on the site where 
the
   > > PDC
   > > > is;
   > > >   > the slave LDAP is on the site where the BDC is.
   > > >   >
   > > >   > There is a user (ONE to be precise) that gives problems when
   > > working
   > > > on
   > > > a
   > > >   > specific machine.
   > > >   >
   > > >   > When the user logs in using his machine; he can't access 
shares
   > > on
   > > > either
   > > >   > of the servers. When he logs in on any other machine, there 
is
   > > no
   > > > problem
   > > >   > whatsoever. When anybody else logs in using this user's
machine,
   > > there
   > > > is
   > > >   > no problem either.
   > > >   > It's only when the user logs in on that specific machine.
   > > >   > The login is fine; I can see the user in the logs:
   > > >   >
   > > >   >   allier (192.168.3.196) connect to service netlogon 
initially
   > > as user
   > > >   > mschijva (uid=1015, gid=100) (pid 25065)
   > > >   > [2004/07/26 14:34:29, 1]
   > > smbd/service.c:make_connection_snum(619)
   > > >   >   allier (192.168.3.196) connect to service cvs initially as
   > > user
   > > >   > mschijva
   > > >   > (uid=1015, gid=100) (pid 25065)
   > > >   >
   > > >   > >From that point on, the shares can no longer be accessed.
   > > >   >
   > > >   > The machine HAS been used in the past in a domain with the 
same
   > > name,
   > > > but
   > > >   > with a different ID.
   > > >   > The user receives the 'old' sambasid from the server to avoid
   > > local
   > > >   > profile loss (deleting the user's local profile is NOT an
option
   > > BTW).
   > > >   >
   > > >   > Where can I start looking for this ?
   > > >   > Any ideas anyone ?
   > > >   >
   > > >   > Thanks in advance
   > > >   >
   > > >   > Bert De Ridder
   > > >   >
   > > >   >
   > > >   >
   > > >   > --
   > > >   > To unsubscribe from this list go to the following URL and 
read
   > > the
   > > >   > instructions:  http://lists.samba.org/mailman/listinfo/samba
   > > >   >
   > > >
   > > >   --
   > > >   To unsubscribe from this list go to the following URL and read
the
   > > >   instructions:  http://lists.samba.org/mailman/listinfo/samba
   > > >
   > > > --
   > > > To unsubscribe from this list go to the following URL and read 
the
   > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
   > >
   > > _______________________
   > > Umberto Zanatta
   > > linuxDidattica
   > >
   > > tel: +39 (335) 54 71 385
   > > email: umberto.z at tin.it
   > > web: http://linuxdidattica.org
   > > _______________________
   > > --
   > > To unsubscribe from this list go to the following URL and read the
   > > instructions:  http://lists.samba.org/mailman/listinfo/samba
   >
   > _______________________
   > Umberto Zanatta
   > linuxDidattica
   >
   > tel: +39 (335) 54 71 385
   > email: umberto.z at tin.it
   > web: http://linuxdidattica.org
   > _______________________
   > --
   > To unsubscribe from this list go to the following URL and read the
   > instructions:  http://lists.samba.org/mailman/listinfo/samba
   >
   > --
   > To unsubscribe from this list go to the following URL and read the
   > instructions:  http://lists.samba.org/mailman/listinfo/samba
   >

   --
   To unsubscribe from this list go to the following URL and read the
   instructions:  http://lists.samba.org/mailman/listinfo/samba

  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list