[Samba] samba+ldap: Simu.- login of 2 different users => user
rejected
Tim Boneko
lists at boneko.de
Mon Mar 5 17:02:37 GMT 2007
Has anybody had this problem before? If not, where should i start digging?
I'm running Samba 3.0.24 on Debian stable with slapd-2.2.23 backend.
smb.conf is attached below.
When two different users log in at the same moment, the login process
seems to freeze for a minute and the client (win2k) complains about
missing profile or missing access to profile. A single user login works
perfectly.
The log.smbd contains this:
krake smbd[28474]: [2007/03/05 15:06:09, 0]
auth/pampass.c:smb_pam_account(573)
krake smbd[28474]: smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during
Account Management for User: ws13
krake smbd[28474]: [2007/03/05 15:06:09, 0]
auth/pampass.c:smb_pam_accountcheck(781)
krake smbd[28474]: smb_pam_accountcheck: PAM: Account Validation
Failed - Rejecting User ws13!
Nothing interesting in auth.log and the same message in syslog (where
slapd logs to).
I don't know if this is a samba issue or ldap or network...
Any suggestions are highly welcome. We've got 20+ clients and users
typically log in simultaneously.
timbo
smb.conf:
panic action = /usr/share/samba/panic-action %d
dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15
netbios name = KRAKE
workgroup = GHSWA
hosts allow = 192.168.
inherit acls = yes
update encrypted = yes
obey pam restrictions = yes
pam password change = yes
socket options = IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768
passdb backend = ldapsam:ldap://127.0.0.1
os level = 65
preferred master = yes
domain master = yes
local master = yes
wins support = yes
time server = yes
security = user
admin users = supervisor
add user script = smbldap-useradd -m -a %u
delete user script = smbldap-userdel %u
add group script = smbldap-groupadd -p %g
delete group script = smbldap-groupdel %g
add user to group script = smbldap-groupmod -m %u %g
delete user from group script = smbldap-groupmod -x %u %g
set primary group script = smbldap-usermod -g %u %g
add machine script = smbldap-useradd -w %u
domain logons = yes
logon path = \\KRAKE\%U\.winprofile
logon home = \\%L\%U
logon script = logon.bat
preserve case = yes
short preserve case = yes
case sensitive = no
guest ok = no
printcap = cups
ldap admin dn = cn=supervisor,dc=ghswa
ldap delete dn = yes
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
ldap passwd sync = yes
ldap suffix = dc=ghswa
ldap ssl = no
host msdfs = yes
[netlogon]
path = /ghswa/home/netlogon
write list = supervisor
browseable = yes
[profiles]
path = /ghswa/home/%u
writeable = yes
write list = %u
browseable = no
[...other shares...]
More information about the samba
mailing list