[Samba] Samba + LDAP Login problem

Yehuda Gilbaum eg at e-doar.co.il
Thu Sep 29 21:40:08 GMT 2005

Sorry if something wrong with this question - i'm pretty new in the field...
But i really need some help or link...

I have strange problem:

Linux by Fedora 3 with latest updates
Samba 3.0.14a
LDAP 2.2.13

small 10-users server without any security needs. 2 users of them sometimes 
fail to login and in nt user manager when i try to open them i get the 
message "The username could not be found". Then even restart of the server 
does not help to release them from this koma. After time (hours, day or two) 
they begin to respond without any action from me.

here is the smb.conf, but log level = 10 log is too ig to put here (its about 
6000 lines for this incident) - i can send it by e-mail

        workgroup = AVRH
        netbios name = SERVER
        enable privileges = yes
        interfaces =
        username map = /etc/samba/smbusers
        server string = Server
        security = user
        encrypt passwords = Yes
        obey pam restrictions = No
        ldap passwd sync = Yes
        log level = 10
        syslog = 1
        log file = /var/log/samba/%m.log
        max log size = 1000000
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        mangling method = hash2
        map acl inherit = yes
        nt acl support=yes
	acl compatibility = auto
	inherit acls = yes
	template homedir = /data/domain/users/%U
	lock directory = /data/organisation/sambalocks
	logon script = U%.bat
        logon drive = U:
        logon home = \\server\homes\%U
        logon path = \\server\profiles\%U

        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        passdb backend = ldapsam:ldap://
        ldap admin dn = cn=samba,ou=DSA,dc=avrh,dc=com
        ldap suffix = dc=avrh,dc=com
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Users
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

        # printers configuration
        printer admin = @"Print Operators"
        load printers = Yes
        create mask = 0666
        directory mask = 0777
        nt acl support = No
        printing = cups
        printcap name = cups
        deadtime = 10
        guest account = root
        map to guest = Bad User
        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
        show add printer wizard = yes
        ; to maintain capital letters in shortcuts in any of the profile 
        preserve case = yes
        short preserve case = yes
        case sensitive = no
	use client driver = Yes

   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = no

	path = /data/domain/users
        comment = Storage of %U, %u
        read only = No
        create mask = 0666
        directory mask = 0777
        browseable = no

I'll very appreciate any help. 

More information about the samba mailing list