[Samba] Samba - LDAP - User cannot loginfrom 1workstation
Arno Seidel
aseidel at aseidel.com
Thu Jul 29 22:54:58 GMT 2004
Hi,
but you can copy the local profile to another directroy and then create a
new user... log in first as this user...log out... log in as administrator
and copy the content of the
"original" profile in the new created profile... and then if everything
works...you can delete the old user... that doing would keep the specific
settings of the user...
the problem must be somewhere in the users-settings, because the username /
password works on other workstations, and on this workstation other users
/passwords work
correct.
Arno
-----Ursprungliche Nachricht-----
Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
Gesendet: Donnerstag, 29. Juli 2004 14:06
An: aseidel at aseidel.com
Cc: samba at lists.samba.org
Betreff: Re: AW: [Samba] Samba - LDAP - User cannot loginfrom 1workstation
I have tried everything : logging of the user; rebooting machines...
I have thought about giving a new username; but there are lots of programs
installed on his machine; all with registry dependencies (Delphi 5 for one)
and creating a new user would make him loose all his settings (we don't save
the profile on the servers)
Samba sid et all are correct.
Bert De Ridder
"Arno Seidel" <aseidel at aseidel.com>
Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
29/07/2004 11:01 Please respond to
aseidel at aseidel.com
To <samba at lists.samba.org>
cc
Subject AW: [Samba] Samba - LDAP - User cannot loginfrom
1workstation
Hi,
i?m wondering about that this behavior is only for one user..
why does another user in the same segment of the domain not behave
similar?
How did you changed the users to try?? Did you just log of the user
mschijva
and logged on with a diffrent user again..
or did you restart the computer and logged in as a diffrent user?
just a silly question: when this is the only one user with that behavior
why
you don?t give him a new
username?
Did you checked the uid / samba-SID and any nurmeric value of that user in
his ldap-entry?
-----Ursprungliche Nachricht-----
Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
Gesendet: Mittwoch, 28. Juli 2004 15:09
An: aseidel at aseidel.com
Cc: samba at lists.samba.org
Betreff: Re: AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom
1workstation
It becomes VERY weird...
This afternoon I witnessed the following : the user logged on to his pc;
accessed his home directory on the PDC; no problema; accessed another
share
on the PDC; no problema; accessed a share on the BDC : connection refused.
Going back to the PDC to access the home directory : connection refused.
However; there were NO error entries in the logs on either Samba server.
Only entries like these :
[2004/07/28 13:29:38, 1] smbd/service.c:make_connection_snum(619)
allier (192.168.0.190) connect to service cvs initially as user
mschijva
(uid=1015, gid=100) (pid 22284)
I'm completely lost now....
Bert De Ridder
"Arno Seidel" <aseidel at aseidel.com>
Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
28/07/2004 11:24 Please respond to
aseidel at aseidel.com
To <Bert_De_Ridder at peopleware.be>
cc samba at lists.samba.org
Subject AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot
loginfrom 1 workstation
Hi,
what os does the client have? W98?
in the system-controll folder there should be a icon (in german called
Verwaltung) whre the local policies , the settings for odbc ...and mor
are... there should be also an icon called
eventmanager / display... maybe there is a log entry?
Did you see some errrors on the samba side (instead of the connection
reset
by peer) if you try a higher debug-/log-level?
the other way is, that you back-up the users home-directory, and his
roaming-profile and completely remove him and (from windows / ldap /
samba
...) and readd him as a new
user with a empty home and profile-directory... and then just put the
saved-files (from the profile / homedirectory in the new created profile
/
home-directory in.
it could be that there are some settings in the profile are wrong.
-----Ursprungliche Nachricht-----
Von: Bert_De_Ridder at peopleware.be [mailto:Bert_De_Ridder at peopleware.be]
Gesendet: Mittwoch, 28. Juli 2004 08:23
An: aseidel at aseidel.com
Cc: samba at lists.samba.org
Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
workstation
Yes, I have checked the LDAP entry; I even recreated it; I tried the
user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP Prof.
The local permissions on the machine are OK; I can add the domain user
to
the local admin. group, so that should be ok.
I agree that it is not a server-side issue; but where on the client can
I
start searching for errors ?
Regards,
Bert De Ridder
PeopleWare NV - Head Office
Cdt.Weynsstraat 85
B-2660 Hoboken
Tel: +32 3 448.33.38
Fax: +32 3 448.32.66
PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25
http://www.peopleware.be
http://www.mobileware.be
"Arno Seidel" <aseidel at aseidel.com>
Sent by:
samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
27/07/2004 17:56 Please respond to
aseidel at aseidel.com
To <samba at lists.samba.org>
cc
Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot
loginfrom 1 workstation
Hi,
did you check the ldap-entry for that user?? maybe there is a mistake...
are the other workstations you tried w2k too?
are the "local" permissions on the workstation for that user correct???
maybe there is a local-policy...
maybe there is a user-workstation entry in the ldapaccount...
i don?t think that it has something to do with the configuration of the
samba /ldap servers, because other pc?s on the same segment have no
problems.
> -----Ursprungliche Nachricht-----
> Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im Auftrag
von
> Bert_De_Ridder at peopleware.be
> Gesendet: Dienstag, 27. Juli 2004 16:51
> An: Umberto Zanatta
> Cc: samba at lists.samba.org
> Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
> workstation
>
>
> Yes, but I hadn't included that in my previous post; I tried to trim
the
> message
>
> winbind uid = 100-20000
> winbind gid = 100-20000
> winbind separator = +
> winbind use default domain = Yes
>
> I am not using password server, because i want Samba to think it's on
the
> same server; however the LDAP on that server is a slave, so updates
are
> sent to our master LDAP server. (and back to the slave via the
replicator
> off course)
>
> I can use the shares via smbclient on the server; I really don't think
> there is an error on the server; since everything works when changing
all
> other conditions (switch pc or another user on that pc); it's just
that
> one user when working on that one machine.
>
>
> Bert De Ridder
>
>
>
>
>
> Umberto Zanatta <uzanatta at provincia.treviso.it>
> Sent by: samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> 27/07/2004 15:28
>
> To
> Bert_De_Ridder at peopleware.be
> cc
> samba at lists.samba.org
> Subject
> Re: AW: AW: [Samba] Samba - LDAP - User cannot login from 1
> workstation
>
>
>
>
>
>
> Have you tried configuring winbind? Of course, it's very important on
> Samba PDC+BDC+File Server.
>
> Perhaps, you've forgotten 'password server': it hasn't to be the ip of
> bdc, but the ip of pdc
> and 'security = domain';
>
> You should as well (for name resolver) add bcast to 'name resolve
> order'.
>
>
> Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder at peopleware.be ha
scritto:
>
> > Ok, so the getpeername was a coincidence; I haven't seen it more
than
> > once, that's true.
> >
> > smb.conf:
> > [global]
> > domain master = No
> > domain logons = Yes
> > map to guest = never
> > netbios name = FATTY
> > workgroup = PEOPLEWARE
> > server string = Linux BDC
> > encrypt passwords = Yes
> > log level = 2
> > name resolve order = lmhosts wins
> > time server = Yes
> > socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
> > guest account = nobody
> > logon script = login.bat
> > logon path =
> > logon drive = H:
> > os level = 99
> > preferred master = No
> > wins support = Yes
> > wins server = 192.168.0.22
> > remote browse sync = 192.168.0.22
> > remote announce = 192.168.3.255/PEOPLEWARE
> > printing = cups
> > local master = yes
> > load printers = yes
> > printcap name = cups
> > passwd program =/usr/local/sbin/smbldap-passwd %u
> > passwd chat = *new*password* %n\n *new*password:* %n\
> > *successfully*
> > add machine script = /usr/local/sbin/smbldap-useradd -w u%
> > add user script = /usr/local/sbin/smbldap-useradd -a %u
> > delete user script = /usr/local/sbin/smbldap-userdel %u
> > add group script = /usr/local/sbin/smbldap-groupadd %g
> > delete group script = /usr/local/sbin/smbldap-groupdel %g
> > add user to group script =
/usr/local/sbin/smbldap-groupmod -m
> > %u %g
> > delete user from group script =
> > /usr/local/sbin/smbldap-groupmod -x %u %g
> > set primary group script =
/usr/local/sbin/smbldap-usermod -G
> > %g %u
> > passdb backend = ldapsam:ldap://127.0.0.1
> > ldap suffix = dc=peopleware,dc=be
> > ldap admin dn = cn=Manager,dc=peopleware,dc=be
> > ldap user suffix = ou=Users
> > ldap group suffix = ou=Groups
> > ldap machine suffix = ou=Computers
> > ldap idmap suffix = ou=Users
> > ldap passwd sync = Yes
> > ldap ssl = off
> >
> > [netlogon]
> > path = /var/lib/samba/netlogon
> > read only = No
> > create mask = 0600
> > directory mask = 0700
> > browseable = No
> > [homes]
> > comment = Home directories
> > path = /home/%U
> > read only = No
> > create mask = 0640
> > directory mask = 0750
> > browseable = Yes
> > [cvs]
> > path = /local/cvs
> > read only = No
> > create mask = 0777
> > force group = users
> > public = yes
> > guest ok = yes
> >
> > Bert De Ridder
> >
> >
> >
> > Umberto Zanatta
> > <uzanatta at provincia.treviso.it>
> > Sent by:
> > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> >
> > 27/07/2004 14:57
> > To
> > Bert_De_Ridder at peopleware.be
> > cc
> > samba at lists.samba.org
> > Subject
> > Re: AW: AW:
> > [Samba] Samba -
> > LDAP - User
> > cannot login from
> > 1
> > workstation
> >
> >
> >
> >
> > No, isn't; but, there's some problems in resolvconf/hosts/dns.
> >
> > """
> > getpeername failed
> > """
> >
> > Meanwihile, should you post the smb.conf related to?
> >
> > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder at peopleware.be ha
> > scritto:
> >
> > > That's true...
> > >
> > > The message is :
> > >
> > > <sharename> is not accessible
> > > Network access is denied
> > > <OK>
> > >
> > > Even if I navigate to the share CVS (which works during login -
see
> > my
> > > original mail) I get that message.
> > >
> > > I don't know whether it's related, but I now notice other messages
> > in the
> > > log :
> > >
> > > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
> > > allier (192.168.3.196) connect to service cvs initially as user
> > mschijva
> > > (uid=1015, gid=100) (pid 24964)
> > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
> > > getpeername failed. Error was Transport endpoint is not
connected
> > > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
> > > read_socket_data: recv failure for 4. Error = Connection reset
by
> > peer
> > >
> > >
> > > Do you think it's related?
> > >
> > >
> > >
> > > Bert
> > >
> > >
> > >
> > >
> > > "Arno Seidel" <aseidel at aseidel.com>
> > > Sent by:
samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > 27/07/2004 13:15
> > > Please respond to
> > > aseidel at aseidel.com
> > >
> > >
> > > To
> > > "Samba" <samba at lists.samba.org>
> > > cc
> > >
> > > Subject
> > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1
workstation
> > >
> > >
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > > hm i don?t think that it has something to do with the
> > trus-relationship if
> > > it where so than every user on that pc would get a permision
denied.
> > > what does the error message exactly says?
> > > example:
> > > Access denied, the network path was not found...
> > >
> > >
> > > -----Ursprungliche Nachricht-----
> > > Von: Bert_De_Ridder at peopleware.be
> > [mailto:Bert_De_Ridder at peopleware.be]
> > > Gesendet: Dienstag, 27. Juli 2004 12:57
> > > An: aseidel at aseidel.com
> > > Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 1
> > > workstation
> > >
> > >
> > >
> > > I have checked the user's permissions; I am convinced that it is
> > not a
> > > server setting since the error 'Access denied' (on the client -
> > Win2K)
> > > does
> > > not happen when the user logs on to another workstation.
> > > I think it has something to do with the trust relationship; but
I
> > > haven't
> > > got a clue where to start looking for it.
> > >
> > > What loglevel would you suggest ?
> > >
> > >
> > > Bert
> > >
> > >
> > >
> > >
> > >
> > > "Arno Seidel" <aseidel at aseidel.com>
> > > Sent by:
> > > samba-bounces+bert_de_ridder=peopleware.be at lists.samba.org
> > > 27/07/2004 12:30 Please respond to
> > > aseidel at aseidel.com
> > >
> > >
> > > To <samba at lists.samba.org>
> > > cc
> > > Subject AW: [Samba] Samba - LDAP - User cannot login
> > from 1
> > > workstation
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > > did you checked the users permissions??
> > > group-entrys... share/directory permissions
> > > which account flags does the user have.
> > > did you rise the loglevel to get some more informations?
> > > what error message do you receive on the windows-pc?
> > >
> > > this is no a solution... but may bring you on the right way
> > >
> > > > -----Ursprungliche Nachricht-----
> > > > Von: samba-bounces+aseidel=aseidel.com at lists.samba.org
> > > > [mailto:samba-bounces+aseidel=aseidel.com at lists.samba.org]Im
> > Auftrag
> > > von
> > > > Bert_De_Ridder at peopleware.be
> > > > Gesendet: Dienstag, 27. Juli 2004 12:16
> > > > An: samba at lists.samba.org
> > > > Betreff: [Samba] Samba - LDAP - User cannot login from 1
> > workstation
> > > >
> > > >
> > > > Hello, everyone,
> > > >
> > > > This is the situation :
> > > >
> > > > We have 2 sites; one domain; 2 samba's on every site; one is
> > PDC, the
> > > > other is BDC.
> > > > They both use LDAP; the LDAP has a master on the site where
the
> > PDC
> > > is;
> > > > the slave LDAP is on the site where the BDC is.
> > > >
> > > > There is a user (ONE to be precise) that gives problems when
> > working
> > > on
> > > a
> > > > specific machine.
> > > >
> > > > When the user logs in using his machine; he can't access
shares
> > on
> > > either
> > > > of the servers. When he logs in on any other machine, there is
> > no
> > > problem
> > > > whatsoever. When anybody else logs in using this user's
machine,
> > there
> > > is
> > > > no problem either.
> > > > It's only when the user logs in on that specific machine.
> > > > The login is fine; I can see the user in the logs:
> > > >
> > > > allier (192.168.3.196) connect to service netlogon initially
> > as user
> > > > mschijva (uid=1015, gid=100) (pid 25065)
> > > > [2004/07/26 14:34:29, 1]
> > smbd/service.c:make_connection_snum(619)
> > > > allier (192.168.3.196) connect to service cvs initially as
> > user
> > > > mschijva
> > > > (uid=1015, gid=100) (pid 25065)
> > > >
> > > > >From that point on, the shares can no longer be accessed.
> > > >
> > > > The machine HAS been used in the past in a domain with the
same
> > name,
> > > but
> > > > with a different ID.
> > > > The user receives the 'old' sambasid from the server to avoid
> > local
> > > > profile loss (deleting the user's local profile is NOT an
option
> > BTW).
> > > >
> > > > Where can I start looking for this ?
> > > > Any ideas anyone ?
> > > >
> > > > Thanks in advance
> > > >
> > > > Bert De Ridder
> > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read
> > the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> > _______________________
> > Umberto Zanatta
> > linuxDidattica
> >
> > tel: +39 (335) 54 71 385
> > email: umberto.z at tin.it
> > web: http://linuxdidattica.org
> > _______________________
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
> _______________________
> Umberto Zanatta
> linuxDidattica
>
> tel: +39 (335) 54 71 385
> email: umberto.z at tin.it
> web: http://linuxdidattica.org
> _______________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list