[Samba] cached credentials local login -- notebook domain members -- partly solved

Martin martin.povolny at solnet.cz
Thu Feb 17 11:35:46 GMT 2005


Paul Gienger wrote:
> 
>> Am I doing something wrong or does samba really not support cached 
>> credentials local logins?
> 

> 
> I can assure you that it works just fine.  I go home every night and log 
> in just fine off the company 'net.  It also works just fine on default 
> domain setups, so there must be some step you've added that isn't liked 
> very well.
> 
> What is the exact error you are getting?  For example, I get an error 
> about not finding my roaming profile, but that's expected.

win2k says something like (translation from Czech):

System can't log you on becouse the domain INVEX.CZ is not available.

winXP says:

System cannot log you on now becouse the domain INVEX.CZ is not available.


> What method did you use to set up your server?  Did you follow a howto 
> or something that we could reference to find out what is causing you 
> problems?
> 

No, i have a bit more complicated setup dealing with ldap replication, 
shared users for samba, exim, cyrus, etc...

Mathew Easton kicked me the right way:

 > Do you, by any chance, have an smbusers file? (Mine is
 > /etc/samba/smbusers,
 > yours may be located elsewhere) This file maps windows users to unix
 > users.
 > If you use this file to map legacy windows usernames to accounts on
 > your samba server, cached credentials will fail.

I LDAP i have names like 'martin.povolny at solnet.cz' and in smb.conf i 
have LDAP queries that do the right mapping for me.

This allows me to have in LDAP multiple domains for mail and choose one 
of them for samba.

The problem is that the real names are then the ones including '@' (in 
fact e-mail adresses) all other names are aliases. And you can't log 
into windows using a name with '@' :-(

When I tried changing an account in LDAP (remove the @domain.cz part) 
then cached credentials logins work.

I'm using the LDAP database also for e-mail services and eventually I 
would like to have multiple samba instances running with the same LDAP 
each with different domain (both the @domain.cz part and samba domain), 
so removing the @domain.cz part from all accounts in the LDAP database 
is not a sollution for me.

Thank you all very much!

Have you got any idea, how can I keep the e-mail address accounts and 
make the cached credentials logins work?

Regards,

-- 
Mgr. Martin Povolný, soLNet, s.r.o.,
+420777714458, <martin.povolny at solnet.cz>



More information about the samba mailing list