PDC
os: rh8
samba: 3.0.5rc1 as PDC with ldap backend
system memory: 512 mb
Client
os: XPprof
system memory: 512 mb
when i try to logon i've got this error (in event viewer)
(Type of event: Error
Source of event: Userenv
Category of event: none
ID: 1500
Date: 26.07.2004
Time: 16:20:54
User: LIIN\qwe
Computer: DS-SRV
Event:)
Windows cannot log you on because your profile cannot be loaded.
Check that you are connected to the network, or that your network is
functioning correctly. If this problem persists, contact your network
administrator.
DETAIL - "Not enough memory to proceede command" (or something like
that, it's my translation from russian)
And all back to logon screen
Logs says that user qwe downloaded his profile (and i see it... hdd led is
blinking)
<ds-srv.log>
[2004/07/27 00:27:32, 2] lib/access.c:check_access(324)
Allowed connection from (10.0.0.2)
[2004/07/27 00:27:32, 3] smbd/service.c:make_connection_snum(472)
Connect path is '/home/profiles/' for service [profiles]
[2004/07/27 00:27:32, 3] lib/util_seaccess.c:se_access_check(251)
[2004/07/27 00:27:32, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1962503549-619549196-1640636855-3000
se_access_check: also S-1-5-21-1962503549-619549196-1640636855-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2004/07/27 00:27:32, 3] smbd/vfs.c:vfs_init_default(203)
Initialising default vfs hooks
[2004/07/27 00:27:32, 3] lib/util_seaccess.c:se_access_check(251)
[2004/07/27 00:27:32, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1962503549-619549196-1640636855-3000
se_access_check: also S-1-5-21-1962503549-619549196-1640636855-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2004/07/27 00:27:32, 3] lib/util_seaccess.c:se_access_check(251)
[2004/07/27 00:27:32, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1962503549-619549196-1640636855-3000
se_access_check: also S-1-5-21-1962503549-619549196-1640636855-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2004/07/27 00:27:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0
[2004/07/27 00:27:32, 1] smbd/service.c:make_connection_snum(648)
ds-srv (10.0.0.2) connect to service profiles initially as user qwe (uid=1000,
gid=513) (pid 1513)
[2004/07/27 00:27:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/07/27 00:27:32, 3] smbd/reply.c:reply_tcon_and_X(440)
tconX service=PROFILES
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 60 of length 88
[2004/07/27 00:27:32, 3] smbd/process.c:switch_message(887)
switch message SMBtrans2 (pid 1513) conn 0x8357070
[2004/07/27 00:27:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1000, 513) - sec_ctx_stack_ndx = 0
[2004/07/27 00:27:32, 3] smbd/trans2.c:call_trans2qfilepathinfo(2335)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2004/07/27 00:27:32, 3] smbd/trans2.c:call_trans2qfilepathinfo(2369)
call_trans2qfilepathinfo qwe (fnum = -1) level=1004 call=5 total_data=0
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 61 of length 120
[2004/07/27 00:27:32, 3] smbd/process.c:switch_message(887)
switch message SMBntcreateX (pid 1513) conn 0x8357070
[2004/07/27 00:27:32, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(qwe/ntuser.man) returning 0744
[2004/07/27 00:27:32, 3] smbd/open.c:open_file(178)
Error opening file qwe/ntuser.man (No such file or directory) (local_flags=0)
(flags=0)
[2004/07/27 00:27:32, 3] smbd/error.c:error_packet(105)
error string = No such file or directory
[2004/07/27 00:27:32, 3] smbd/error.c:error_packet(129)
error packet at smbd/trans2.c(2229) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 62 of length 120
[2004/07/27 00:27:32, 3] smbd/process.c:switch_message(887)
switch message SMBntcreateX (pid 1513) conn 0x8357070
[2004/07/27 00:27:32, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(qwe/NTUSER.DAT) returning 0744
[2004/07/27 00:27:32, 2] smbd/open.c:open_file(245)
qwe opened file qwe/NTUSER.DAT read=Yes write=No (numopen=1)
[2004/07/27 00:27:32, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(185)
linux_set_kernel_oplock: got kernel oplock on file qwe/NTUSER.DAT, dev = 303,
inode = 212170, file_id = 2
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 63 of length 76
[2004/07/27 00:27:32, 3] smbd/process.c:switch_message(887)
switch message SMBtrans2 (pid 1513) conn 0x8357070
[2004/07/27 00:27:32, 3] smbd/trans2.c:call_trans2qfilepathinfo(2280)
call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006
[2004/07/27 00:27:32, 3] smbd/trans2.c:call_trans2qfilepathinfo(2369)
call_trans2qfilepathinfo qwe/NTUSER.DAT (fnum = 5902) level=1006 call=7
total_data=0
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 64 of length 120
[2004/07/27 00:27:32, 3] smbd/process.c:switch_message(887)
switch message SMBntcreateX (pid 1513) conn 0x8357070
[2004/07/27 00:27:32, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(qwe/ntuser.ini) returning 0744
[2004/07/27 00:27:32, 2] smbd/open.c:open_file(245)
qwe opened file qwe/ntuser.ini read=Yes write=No (numopen=2)
[2004/07/27 00:27:32, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(185)
linux_set_kernel_oplock: got kernel oplock on file qwe/ntuser.ini, dev = 303,
inode = 212168, file_id = 3
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 65 of length 76
[2004/07/27 00:27:32, 3] smbd/process.c:switch_message(887)
switch message SMBtrans2 (pid 1513) conn 0x8357070
[2004/07/27 00:27:32, 3] smbd/trans2.c:call_trans2qfilepathinfo(2280)
call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006
[2004/07/27 00:27:32, 3] smbd/trans2.c:call_trans2qfilepathinfo(2369)
call_trans2qfilepathinfo qwe/ntuser.ini (fnum = 5903) level=1006 call=7
total_data=0
[2004/07/27 00:27:32, 3] smbd/process.c:process_smb(1092)
Transaction 66 of length 63
<snip>
./pdbedit -Lv qwe
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LIIN))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LIIN))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
init_sam_from_ldap: Entry found for user: qwe
Unix username: qwe
NT username: qwe
Account Flags: [U ]
User SID: S-1-5-21-1962503549-619549196-1640636855-3000
Primary Group SID: S-1-5-21-1962503549-619549196-1640636855-513
Full Name: System User
Home Directory: \\toltec\homedrive\qwe
HomeDir Drive: U:
Logon Script: logon.cmd
Profile Path: \\toltec\profiles\qwe
Domain: LIIN
Account desc: System User
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 02:45:51 GMT
Kickoff time: Sat, 14 Dec 1901 02:45:51 GMT
Password last set: Mon, 26 Jul 2004 20:51:55 GMT
Password can change: 0
Password must change: Thu, 09 Sep 2004 20:51:55 GMT
Last bad password : 0
Bad password count : 0
When i put user qwe to Domain Admins(change Primary Group SID:
S-1-5-21-1962503549-619549196-1640636855-512)
I have allmost the same error(Windows cannot log you on because your profile
cannot be loaded. And you will be
logged with temporary profile), but user login. And the profile not temporary...
It's a qwe profile from profile share
here is my smb.conf
# Global parameters
[global]
# client code page = 866
# NetBIOS name of that comp
netbios name = TOLTEC
#Name of Domain
workgroup = liin
#Comment
server string = Samba PDC %v
#Interface where samba works
interfaces = 10.0.0.4/24 127.0.0.1/24
bind interfaces only = yes
hosts allow = 10.0.0.
name resolve order = hosts bcast
#DOMAIN CONFIG
encrypt passwords = Yes
domain master = Yes
local master = Yes
prefered master = Yes
security = user
domain logons = yes
# ONLY FOR 2K/XP!
client ntlmv2 auth = Yes
# NO WIN9X IN OUR DOMAIN!!!!!
client lanman auth = no
client plaintext auth = no
#TEst this
disable netbios = no
#OS level!!!
os level = 65
#ALL about Loggin ^)
log level = 3
log file = /var/log/samba/%m.log
max log size = 2000
#WINBIND CONFIG!!!!
winbind separator = +
winbind use default domain = Yes
winbind uid =10000-20000
winbind gid =10000-20000
winbind enum users = yes
winbind enum groups = yes
password server= *
logon path = \\%L\profiles\%U
logon script = logon.cmd
# logon drive = U:
# logon home = \\%L\%U\profile
# NO 9X HERE!!!
time server = yes
#LDAP STARTS HERE! yeah..... ;)
passdb backend = ldapsam:ldap://localhost
ldap admin dn = "cn=Manager,dc=liin,dc=org"
ldap server = localhost
ldap port = 389
ldap suffix = dc=liin,dc=org
ldap machine suffix = ou=people
ldap user suffix = ou=people
ldap group suffix = ou=groups
# ldap filter = "(&(uid%=%U)(ObjectClass=sambaSamAccount))"
#LDAP continue
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
#what is it?
# map acl inherit = yes
# printing = cups
# printer admin = Administrator
#IDEALx SCRIPT's Rulezz
add user script = /usr/local/smbldap-tools-0.8.5/smbldap-useradd -a -m
"%u"
delete user script = /usr/local/smbldap-tools-0.8.5/smbldap-userdel
"%u"
add group script = /usr/local/smbldap-tools-0.8.5/smbldap-groupadd
"%g"
delete group script = /usr/local/smbldap-tools-0.8.5/smbldap-groupdel
"%g"
add user to group script = /usr/local/smbldap-tools-0.8.5/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/smbldap-tools-0.8.5/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/smbldap-tools-0.8.5/smbldap-usermod -g
"%g" "%u"
add machine script = /usr/local/smbldap-tools-0.8.5/smbldap-useradd -w
"%u"
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# load printers = No
# dns proxy = No
guest account = nobody
[netlogon]
path = /usr/local/netlogon
writable = no
browsable = no
locking = no
guest ok = yes
[profiles]
path = /home/profiles/
# path = /var/lib/samba/profiles
# path = /home/%U/profile
comment = Profile Share
browsable = no
writable = yes
#create mask = 0600
#directory mask = 0700
#guest ok = yes
#profile acls = Yes
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[profdata]
comment = Profile datA share
# path = /var/lib/samba/profdata
# path = /home/%U/profdata/
path = /home/profdata/
browsable = no
writable = yes
#create mask = 0600
#directory mask = 0700
#profile acls = Yes
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[homes]
writable = yes
browsable = no
guest ok = no
map archive = yes
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
#create mask = 0600
#directory mask = 0700
ls -al /home
drwx-----T 3 root Domain Users 4096 Jul 26 23:28 homedrive
drwxrwx--T 3 root Domain Users 4096 Jul 26 22:10 profdata
drwxrwxrwt 3 root Domain Users 4096 Jul 26 21:29 profiles
PS: in event viewer i'v got this
"Windows has detected that Offline Caching is enabled on the Roaming
Profile share - to avoid potential profile corruption,
Offline Caching must be disabled on shares where roaming user profiles are
stored. "
PS2:
some more logs (i am not sure they helpfull)
[2004/07/27 00:27:22, 3] smbd/process.c:switch_message(887)
switch message SMBwriteX (pid 1513) conn 0x834a9b0
[2004/07/27 00:27:22, 2] rpc_parse/parse_prs.c:netsec_decode(1578)
netsec_decode: FAILED: packet sequence number:
[2004/07/27 00:27:22, 2] lib/util.c:dump_data(1839)
[000] FE E9 23 80 65 08 A9 46 ..#.e..F
[2004/07/27 00:27:22, 2] rpc_parse/parse_prs.c:netsec_decode(1580)
should be:
[2004/07/27 00:27:22, 2] lib/util.c:dump_data(1839)
[000] 00 00 00 00 80 00 00 00 ........
[2004/07/27 00:27:22, 3] rpc_server/srv_pipe.c:api_pipe_netsec_process(1400)
failed to decode PDU
[2004/07/27 00:27:22, 3] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
[2004/07/27 00:27:22, 3] rpc_server/srv_pipe_hnd.c:process_complete_pdu(752)
process_complete_pdu: DCE/RPC fault sent on pipe lsass
[2004/07/27 00:27:22, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7313 nwritten=320
[2004/07/27 00:27:22, 3] smbd/process.c:process_smb(1092)
Transaction 9 of length 63
[2004/07/27 00:27:22, 3] smbd/process.c:switch_message(887)
switch message SMBreadX (pid 1513) conn 0x834a9b0
[2004/07/27 00:27:22, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7313 min=1024 max=1024 nread=32
--
Best regards,
ds_shadof mailto:ds_shadof@uni-altai.ru
