Francisco Santis
2004-Jul-14 15:34 UTC
[Samba] Samba 3 + ldap "Domain Users" Can't Logon....
Hi, I have a problem with samba3. I run samba 3.0.2 with ldap 2.1.23 and smbldap tools 0.8.4, when i logging to the domain i don't have problems with "Domain Admins" groups, but i try logging to the domain from user in the "Domain Users" groups the client (Windows 2000) send me the message "You do not have access to logon to this Session". When I add the user to the "Domains Admins" groups he log without problems. Somebody had east problem?. Greetings FSP pd: This is my smb.conf: [global] unix charset = LOCALE workgroup = TPI netbios name = TITAN winbind uid = 1 - 65535 interfaces = eth1, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://127.0.0.1 username map = /etc/samba/smbusers log level = 10 syslog = 0 log file = /var/log/samba/%m max log size = 50000 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /usr/local/sbin/smbldap-useradd -a -m "%u" delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes ldap suffix = dc=tpi,dc=cl ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,dc=tpi,dc=cl map acl inherit = Yes idmap uid = 1000-20000 idmap gid = 1000-20000 printing = cups printer admin = Administrator [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon read only = yes guest ok = Yes locking = No [profiles] comment = Profile Share path = /home/samba/profiles read only = yes
Francisco, I have almost the same setup and a similar problem, I can logon with a "Domain User" but the profile does not work correctly. Outlook for example can not even start. As a "Domain Admin" everything works well. I think this is something about missing local rights, hope we can solve this prob :) Andre> -----Urspr?ngliche Nachricht----- > Von: samba-bounces+andre.helberg=juwimm.com@lists.samba.org > [mailto:samba-bounces+andre.helberg=juwimm.com@lists.samba.org > ] Im Auftrag von Francisco Santis > Gesendet: Mittwoch, 14. Juli 2004 17:34 > An: samba@lists.samba.org > Betreff: [Samba] Samba 3 + ldap "Domain Users" Can't Logon.... > > Hi, I have a problem with samba3. I run samba 3.0.2 with ldap > 2.1.23 and smbldap tools 0.8.4, when i logging to the domain > i don't have problems with "Domain Admins" groups, but i try > logging to the domain from user in the "Domain Users" groups > the client (Windows 2000) send me the message "You do not > have access to logon to this Session". When I add the user > to the "Domains Admins" groups he log without problems. > Somebody had east problem?. > > > Greetings > FSP > > pd: This is my smb.conf: > > [global] > unix charset = LOCALE > workgroup = TPI > netbios name = TITAN > winbind uid = 1 - 65535 > interfaces = eth1, lo > bind interfaces only = Yes > passdb backend = ldapsam:ldap://127.0.0.1 username map = > /etc/samba/smbusers log level = 10 syslog = 0 log file = > /var/log/samba/%m max log size = 50000 smb ports = 139 445 > name resolve order = wins bcast hosts time server = Yes > printcap name = CUPS show add printer wizard = No add user > script = /usr/local/sbin/smbldap-useradd -a -m "%u" > delete user script = /usr/local/sbin/smbldap-userdel %u add > group script = /usr/local/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/local/sbin/smbldap-groupdel "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod > -m '%u' '%g' > delete user from group script = > /usr/local/sbin/smbldap-groupmod -x '%u' > '%g' > set primary group script = /usr/local/sbin/smbldap-usermod -g > '%g' '%u' > add machine script = /usr/local/sbin/smbldap-useradd -w '%u' > domain logons = Yes > preferred master = Yes > domain master = Yes > wins support = Yes > ldap suffix = dc=tpi,dc=cl > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = cn=root,dc=tpi,dc=cl > map acl inherit = Yes > idmap uid = 1000-20000 > idmap gid = 1000-20000 > printing = cups > printer admin = Administrator > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > read only = yes > guest ok = Yes > locking = No > > [profiles] > comment = Profile Share > path = /home/samba/profiles > read only = yes > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > >