[Samba] samba+ldap: Simu.- login of 2 different users => user rejected

Tim Boneko lists at boneko.de
Mon Mar 5 17:02:37 GMT 2007 

Has anybody had this problem before? If not, where should i start digging?

I'm running Samba 3.0.24 on Debian stable with slapd-2.2.23 backend.
smb.conf is attached below.
When two different users log in at the same moment, the login process
seems to freeze for a minute and the client (win2k) complains about
missing profile or missing access to profile. A single user login works
perfectly.

The log.smbd contains this:

krake smbd[28474]: [2007/03/05 15:06:09, 0]
auth/pampass.c:smb_pam_account(573)
krake smbd[28474]:   smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during
Account Management for User: ws13
krake smbd[28474]: [2007/03/05 15:06:09, 0]
auth/pampass.c:smb_pam_accountcheck(781)
krake smbd[28474]:   smb_pam_accountcheck: PAM: Account Validation
Failed - Rejecting User ws13!

Nothing interesting in auth.log and the same message in syslog (where
slapd logs to).
I don't know if this is a samba issue or ldap or network...

Any suggestions are highly welcome. We've got 20+ clients and users
typically log in simultaneously.

	timbo

smb.conf:

panic action = /usr/share/samba/panic-action %d
dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15

netbios name =          KRAKE
workgroup = GHSWA
hosts allow =           192.168.
inherit acls =          yes
update encrypted =      yes
obey pam restrictions = yes
pam password change =   yes
socket options =        IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768
passdb backend =        ldapsam:ldap://127.0.0.1
os level =              65
preferred master =      yes
domain master =         yes
local master =          yes
wins support =          yes
time server =           yes
security =              user
admin users =           supervisor

add user script =       smbldap-useradd -m -a %u
delete user script =    smbldap-userdel %u
add group script =      smbldap-groupadd -p %g
delete group script =   smbldap-groupdel %g
add user to group script = smbldap-groupmod -m %u %g
delete user from group script = smbldap-groupmod -x %u %g
set primary group script = smbldap-usermod -g %u %g
add machine script = smbldap-useradd -w %u

domain logons =         yes
logon path =            \\KRAKE\%U\.winprofile
logon home =            \\%L\%U
logon script =          logon.bat
preserve case =         yes
short preserve case =   yes
case sensitive =        no
guest ok =              no
printcap =              cups

ldap admin dn =         cn=supervisor,dc=ghswa
ldap delete dn =        yes
ldap user suffix =      ou=Users
ldap group suffix =     ou=Groups
ldap machine suffix =   ou=Machines
ldap passwd sync =      yes
ldap suffix =           dc=ghswa
ldap ssl =              no
host msdfs =            yes


[netlogon]
        path = /ghswa/home/netlogon
        write list = supervisor
        browseable = yes

[profiles]
        path = /ghswa/home/%u
        writeable = yes
        write list = %u
        browseable = no

[...other shares...]

More information about the samba mailing list