IOhannes zmoelnig
2002-Aug-20 05:35 UTC
[Samba] ldap authentification suddenly fails partially
hi ! my systems started to behave weird today. i am running a debian/linux-fileserver (woody/2.4.18) that exports the user-homes and acts as a PDC via samba (2.2.4 --with-ldapsam) to my windoze-clients (w2k/nt). i am using ldap as authentification database. everything worked like a charme, until today. suddenly some users cannot authenticate against the windoze-machines any more. other users still work ! -the users exist -they can log in under unix (against the posixAccount in their LDAP-entry) -i can do a "smbclient -L \\sambaserver -U faultyuser" and authentication works ! -when i log into the win-machine with a local account, i can then mount the user's-directories from the sambaserver. (as would be without the PDC functionality) when such faulty users try to login, they get an error like "i couldn't authenticate you! check, whether your CAPS-LOCK is pressed...". This errors flushes promptly after hitting "OK" (i mean: there is not much file-exchange between PDC and client) i experimented with my personal account: 1. i could log into windoze machines (like most users) 2. i exported my ldap-entry into a ldif-file 3. i changed things (uid) 4. i could NOT log into windoze with the new username (but still old settings) 5. i deleted the modified ldap-entry and imported the original from the saved ldif-file 6. i still cannot log into any windoze machine ! the problem first occured with a person, who's username is 9 characters long. (and i think, he had never logged into windoze (or linux) before). so i thought this might have been the problem, but new test-users i create (with short usernames) won't work too, and finally my own account became also faulty any ideas ?? i would have sent log-files, but i don't have a clue about what log-level to use (these are badly documented). a log level of 10 didn't really give quite the information i looked for - no errors or the like (but maybe, i should look again) mfg.ds.sdaf IOhannes
IOhannes zmoelnig
2002-Aug-20 07:22 UTC
[Samba] ldap authentification suddenly fails partially
IOhannes zmoelnig wrote:> hi ! > > my systems started to behave weird today. >hi again my workaround for now (which hopefully fixed the problems) was: take the "infected" windoze-clients away from the domain. reboot re-add them to the domain. then it works again. is this a samba (less likely) or a windoze (more likely) bug ?? mfg.dcs.sar IOhannes