Try to set "obey pam restrictions = No" and see if it solves your
problem.
In most cases, it's not required to use PAM for authenticating domain
clients.
2008/7/16 Achim Frank <achim.frank@erfrakon.de>:
> Hi List,
>
> since the upgrade of a LDAP based PDC/BDC system to PDC/BDC and fileserver
> we
> have problems with users sporadic loolsing their homedirs.
> These events are unreproducible and only sporadic. Only the homedir not any
> of
> the other shares mounted from the fileserver are subject to this connection
> breakoff. The logs seem to suggest the username has been
"forgotten" by the
> fileserver as the user wants to access this private share.
>
> Attached find a portion of the logs from fileserver at the event of loosing
> a
> homedir (loglevel 3):
>
> [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(221)
> check_ntlm_password: Checking password for unmapped user []\[]@[MACHINE]
> with the new password interface
> [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(224)
> check_ntlm_password: mapped user is: [DOMAIN]\[]@[MACHINE]
> [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(270)
> check_ntlm_password: guest authentication for user [] succeeded
>
> In the morning everything works ok like this:
>
> [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(221)
> check_ntlm_password: Checking password for unmapped user
> [DOMAIN]\[myself]@[MACHINE] with the new password interface
> [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(224)
> check_ntlm_password: mapped user is: [DOMAIN]\[myself]@[MACHINE]
> [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(270)
> check_ntlm_password: winbind authentication for user [myself] succeeded
> [2008/07/15 08:09:44, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [myself] -> [myself]
->
> [myself] succeeded
>
>
> Versions of Samba:
> The systems are running Debian Etch. PDC/BDC on Backports kernel
> 2.6.24-1-686,
> fileserver on stock Etch Kernel. Samba is installed as Sernet Etch Packages
> (http://ftp.sernet.de/pub/samba/debian/ sernet-samba_3.0.28-21_i386.deb
> sernet-samba-common_3.0.28-21_i386.deb sernet-samba-doc_3.0.28-21_all.deb
> sernet-smbclient_3.0.28-21_i386.deb). We also tried sernet-samba versions
> 3.0.30-22 and 3.2.0-22 but to no avail.
>
> Samba configuration:
>
> PDC/BDC:
> [global]
> ...
> map to guest = Bad User
> obey pam restrictions = Yes
> template homedir = /home/%U
> veto files = /lost+found/users/
> ...
> only shares [profiles] and [netlogon]
>
> fileserver:
> [global]
> ...
> security = domain
> map to guest = Bad User
> obey pam restrictions = Yes
> template homedir = /home/%U
> veto files = /lost+found/users/
>
> [homes]
> comment = Heimatverzeichnis
> read only = No
> create mask = 0700
> browseable = No
>
>
> Has anybody a clue why this could happen? Are there "magic"
switches to be
> set
> with smb.conf on PDC/BDC if homedirs are not present on the authenticating
> servers or anything else we migght have overlooked?
>
> Any recommendation on how to track down this misbehaving?
>
> Thanks for your answers,
> --achim
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>