[Samba] samba+ldap: Simu.- login of 2 different users => user rejected

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Tue Mar 6 14:27:43 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/05/2007 02:02 PM, Tim Boneko wrote:
> Has anybody had this problem before? If not, where should i 
> start digging?

	By the logs you sent, definetely PAM. :-)


> I'm running Samba 3.0.24 on Debian stable with slapd-2.2.23 backend.
> smb.conf is attached below.
> When two different users log in at the same moment, the login process
> seems to freeze for a minute and the client (win2k) complains about
> missing profile or missing access to profile. A single user login works
> perfectly.
> 
> The log.smbd contains this:
> 
> krake smbd[28474]: [2007/03/05 15:06:09, 0]
> auth/pampass.c:smb_pam_account(573)
> krake smbd[28474]:   smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during
> Account Management for User: ws13
> krake smbd[28474]: [2007/03/05 15:06:09, 0]
> auth/pampass.c:smb_pam_accountcheck(781)
> krake smbd[28474]:   smb_pam_accountcheck: PAM: Account Validation
> Failed - Rejecting User ws13!

	PAM: UNKNOWN PAM ERROR is not something nice to see
on your longs. By the description of the problem, I would
say that the try to access the profile (specially if it is
a big one) could lead do RO/RW problems, but I'm not sure,
that's just MHO.


> Nothing interesting in auth.log and the same message in 
> syslog (where slapd logs to).
> I don't know if this is a samba issue or ldap or network...

	It seems something in the middle. ;)

	Did you already increase the log level of Samba?


> Any suggestions are highly welcome. We've got 20+ clients and users
> typically log in simultaneously.

	Simultaneously should be interpreted "at the exactly
same time", or should be interpreted as "a user logs in the
morning and the same user logs in the afternoon".



> 	timbo
> 
> smb.conf:

[...]
> obey pam restrictions = yes
> pam password change =   yes

	You are using PAM, so you really should check
there, it could be the problem.


> socket options =        IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768

	Are you aware that under kernel 2.6.x you
can have a better network performance if you remove
SO_SNDBUF and SO_RCVBUF?


> [netlogon]
>         path = /ghswa/home/netlogon
>         write list = supervisor
>         browseable = yes
> 
> [profiles]
>         path = /ghswa/home/%u
>         writeable = yes
>         write list = %u
>         browseable = no

	Maybe you should try 'csc policy = disable' and maybe
'profile acls' can help you on this one.


	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF7XpfCj65ZxU4gPQRArDWAJ0T7jbRlTwSdcS9dpOQsmExj5h5/QCbBV6X
m6NLCHaK2kRH2GlafeZROyU=
=Mzz/
-----END PGP SIGNATURE-----

More information about the samba mailing list