Umberto Zanatta
2004-Jul-29 08:31 UTC
AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1 workstation
Il gio, 2004-07-29 alle 07:55, Bert_De_Ridder@peopleware.be ha scritto:> That is for roaming profiles, right ? > Why would I want to set that ?No, isn't. but you have to try; 'cos, in my opinion, of course, you won't login in bdc; but, the roaming profiles (home directory) must be in pdc; if that works, you will try set (in bdc): logon path = \\PDC\blablabla... (for win nt) logon home = blablabla (for win 9x) where PDC is the ip address of pdc. blablabla is the share; u.> > > That's not good if the user logs on from another site; the profile > would have to come over the internet to his laptop. > > Or am I mistaking ? > > > Bert > > > > > Umberto Zanatta > <uzanatta@provincia.treviso.it> > Sent by: > samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > 28/07/2004 20:46 > To > Bert_De_Ridder@peopleware.be > cc > samba@lists.samba.org > Subject > Re: AW: AW: AW: > AW: [Samba] Samba > - LDAP - User > cannot > loginfrom > 1 > workstation > > > > > You should try set > > logon path > > u. > > > Il mer, 2004-07-28 alle 15:09, Bert_De_Ridder@peopleware.be ha > scritto: > > > It becomes VERY weird... > > > > This afternoon I witnessed the following : the user logged on to his > pc; > > accessed his home directory on the PDC; no problema; accessed > another > > share on the PDC; no problema; accessed a share on the BDC : > connection > > refused. Going back to the PDC to access the home directory : > connection > > refused. > > > > However; there were NO error entries in the logs on either Samba > server. > > Only entries like these : > > [2004/07/28 13:29:38, 1] smbd/service.c:make_connection_snum(619) > > allier (192.168.0.190) connect to service cvs initially as user > mschijva > > (uid=1015, gid=100) (pid 22284) > > > > I'm completely lost now.... > > > > > > Bert De Ridder > > > > > > > > > > "Arno Seidel" <aseidel@aseidel.com> > > Sent by: samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > 28/07/2004 11:24 > > Please respond to > > aseidel@aseidel.com > > > > > > To > > <Bert_De_Ridder@peopleware.be> > > cc > > samba@lists.samba.org > > Subject > > AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom > 1 > > workstation > > > > > > > > > > > > > > Hi, > > > > what os does the client have? W98? > > > > in the system-controll folder there should be a icon (in german > called > > Verwaltung) whre the local policies , the settings for odbc ...and > mor > > are... there should be also an icon called > > eventmanager / display... maybe there is a log entry? > > > > Did you see some errrors on the samba side (instead of the > connection > > reset > > by peer) if you try a higher debug-/log-level? > > > > the other way is, that you back-up the users home-directory, and his > > roaming-profile and completely remove him and (from windows / ldap / > samba > > ...) and readd him as a new > > user with a empty home and profile-directory... and then just put > the > > saved-files (from the profile / homedirectory in the new created > profile / > > home-directory in. > > it could be that there are some settings in the profile are wrong. > > > > > > > > > > -----Ursprungliche Nachricht----- > > Von: Bert_De_Ridder@peopleware.be > [mailto:Bert_De_Ridder@peopleware.be] > > Gesendet: Mittwoch, 28. Juli 2004 08:23 > > An: aseidel@aseidel.com > > Cc: samba@lists.samba.org > > Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot > loginfrom 1 > > workstation > > > > > > > > Yes, I have checked the LDAP entry; I even recreated it; I tried > the > > user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP > Prof. > > The local permissions on the machine are OK; I can add the domain > user > > to > > the local admin. group, so that should be ok. > > > > I agree that it is not a server-side issue; but where on the > client can > > I > > start searching for errors ? > > > > > > Regards, > > > > Bert De Ridder > > > > PeopleWare NV - Head Office > > Cdt.Weynsstraat 85 > > B-2660 Hoboken > > Tel: +32 3 448.33.38 > > Fax: +32 3 448.32.66 > > > > PeopleWare NV - Branch Office Geel > > Kleinhoefstraat 5 > > B-2440 Geel > > Tel: +32 14 57.00.90 > > Fax: +32 14 58.13.25 > > > > http://www.peopleware.be > > http://www.mobileware.be > > > > > > "Arno Seidel" <aseidel@aseidel.com> > > Sent by: > > samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > 27/07/2004 17:56 Please respond to > > aseidel@aseidel.com > > > > > > To <samba@lists.samba.org> > > cc > > Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot > > loginfrom 1 workstation > > > > > > > > > > > > > > > > Hi, > > > > did you check the ldap-entry for that user?? maybe there is a > mistake... > > are the other workstations you tried w2k too? > > are the "local" permissions on the workstation for that user > correct??? > > maybe there is a local-policy... > > maybe there is a user-workstation entry in the ldapaccount... > > > > i don?t think that it has something to do with the configuration > of the > > samba /ldap servers, because other pc?s on the same segment have > no > > problems. > > > > > > > -----Ursprungliche Nachricht----- > > > Von: samba-bounces+aseidel=aseidel.com@lists.samba.org > > > [mailto:samba-bounces+aseidel=aseidel.com@lists.samba.org]Im > Auftrag > > von > > > Bert_De_Ridder@peopleware.be > > > Gesendet: Dienstag, 27. Juli 2004 16:51 > > > An: Umberto Zanatta > > > Cc: samba@lists.samba.org > > > Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot > loginfrom 1 > > > workstation > > > > > > > > > Yes, but I hadn't included that in my previous post; I tried to > trim > > the > > > message > > > > > > winbind uid = 100-20000 > > > winbind gid = 100-20000 > > > winbind separator = + > > > winbind use default domain = Yes > > > > > > I am not using password server, because i want Samba to think > it's on > > the > > > same server; however the LDAP on that server is a slave, so > updates > > are > > > sent to our master LDAP server. (and back to the slave via the > > replicator > > > off course) > > > > > > I can use the shares via smbclient on the server; I really don't > think > > > there is an error on the server; since everything works when > changing > > all > > > other conditions (switch pc or another user on that pc); it's > just > > that > > > one user when working on that one machine. > > > > > > > > > Bert De Ridder > > > > > > > > > > > > > > > > > > Umberto Zanatta <uzanatta@provincia.treviso.it> > > > Sent by: > samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > > 27/07/2004 15:28 > > > > > > To > > > Bert_De_Ridder@peopleware.be > > > cc > > > samba@lists.samba.org > > > Subject > > > Re: AW: AW: [Samba] Samba - LDAP - User cannot login from > 1 > > > workstation > > > > > > > > > > > > > > > > > > > > > Have you tried configuring winbind? Of course, it's very > important on > > > Samba PDC+BDC+File Server. > > > > > > Perhaps, you've forgotten 'password server': it hasn't to be the > ip of > > > bdc, but the ip of pdc > > > and 'security = domain'; > > > > > > You should as well (for name resolver) add bcast to 'name > resolve > > > order'. > > > > > > > > > Il mar, 2004-07-27 alle 15:15, Bert_De_Ridder@peopleware.be ha > > scritto: > > > > > > > Ok, so the getpeername was a coincidence; I haven't seen it > more > > than > > > > once, that's true. > > > > > > > > smb.conf: > > > > [global] > > > > domain master = No > > > > domain logons = Yes > > > > map to guest = never > > > > netbios name = FATTY > > > > workgroup = PEOPLEWARE > > > > server string = Linux BDC > > > > encrypt passwords = Yes > > > > log level = 2 > > > > name resolve order = lmhosts wins > > > > time server = Yes > > > > socket options = SO_SNDBUF=8192 SO_RCVBUF=8192 > > > > guest account = nobody > > > > logon script = login.bat > > > > logon path > > > > logon drive = H: > > > > os level = 99 > > > > preferred master = No > > > > wins support = Yes > > > > wins server = 192.168.0.22 > > > > remote browse sync = 192.168.0.22 > > > > remote announce = 192.168.3.255/PEOPLEWARE > > > > printing = cups > > > > local master = yes > > > > load printers = yes > > > > printcap name = cups > > > > passwd program =/usr/local/sbin/smbldap-passwd %u > > > > passwd chat = *new*password* %n\n *new*password:* %n\ > > > > *successfully* > > > > add machine script = /usr/local/sbin/smbldap-useradd > -w u% > > > > add user script = /usr/local/sbin/smbldap-useradd -a > %u > > > > delete user script = /usr/local/sbin/smbldap-userdel > %u > > > > add group script = /usr/local/sbin/smbldap-groupadd %g > > > > delete group script = /usr/local/sbin/smbldap-groupdel > %g > > > > add user to group script > /usr/local/sbin/smbldap-groupmod > > -m > > > > %u %g > > > > delete user from group script > > > > /usr/local/sbin/smbldap-groupmod -x %u %g > > > > set primary group script > /usr/local/sbin/smbldap-usermod > > -G > > > > %g %u > > > > passdb backend = ldapsam:ldap://127.0.0.1 > > > > ldap suffix = dc=peopleware,dc=be > > > > ldap admin dn = cn=Manager,dc=peopleware,dc=be > > > > ldap user suffix = ou=Users > > > > ldap group suffix = ou=Groups > > > > ldap machine suffix = ou=Computers > > > > ldap idmap suffix = ou=Users > > > > ldap passwd sync = Yes > > > > ldap ssl = off > > > > > > > > [netlogon] > > > > path = /var/lib/samba/netlogon > > > > read only = No > > > > create mask = 0600 > > > > directory mask = 0700 > > > > browseable = No > > > > [homes] > > > > comment = Home directories > > > > path = /home/%U > > > > read only = No > > > > create mask = 0640 > > > > directory mask = 0750 > > > > browseable = Yes > > > > [cvs] > > > > path = /local/cvs > > > > read only = No > > > > create mask = 0777 > > > > force group = users > > > > public = yes > > > > guest ok = yes > > > > > > > > Bert De Ridder > > > > > > > > > > > > > > > > Umberto Zanatta > > > > <uzanatta@provincia.treviso.it> > > > > Sent by: > > > > samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > > > > > > > 27/07/2004 14:57 > > > > To > > > > Bert_De_Ridder@peopleware.be > > > > cc > > > > samba@lists.samba.org > > > > Subject > > > > Re: AW: AW: > > > > [Samba] Samba - > > > > LDAP - User > > > > cannot login from > > > > 1 > > > > workstation > > > > > > > > > > > > > > > > > > > > No, isn't; but, there's some problems in resolvconf/hosts/dns. > > > > > > > > """ > > > > getpeername failed > > > > """ > > > > > > > > Meanwihile, should you post the smb.conf related to? > > > > > > > > Il mar, 2004-07-27 alle 14:46, Bert_De_Ridder@peopleware.be ha > > > > scritto: > > > > > > > > > That's true... > > > > > > > > > > The message is : > > > > > > > > > > <sharename> is not accessible > > > > > Network access is denied > > > > > <OK> > > > > > > > > > > Even if I navigate to the share CVS (which works during > login - > > see > > > > my > > > > > original mail) I get that message. > > > > > > > > > > I don't know whether it's related, but I now notice other > messages > > > > in the > > > > > log : > > > > > > > > > > [2004/07/26 14:24:32, 1] > smbd/service.c:make_connection_snum(619) > > > > > allier (192.168.3.196) connect to service cvs initially as > user > > > > mschijva > > > > > (uid=1015, gid=100) (pid 24964) > > > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978) > > > > > getpeername failed. Error was Transport endpoint is not > > connected > > > > > [2004/07/26 14:24:48, 0] > lib/util_sock.c:read_socket_data(367) > > > > > read_socket_data: recv failure for 4. Error = Connection > reset > > by > > > > peer > > > > > > > > > > > > > > > Do you think it's related? > > > > > > > > > > > > > > > > > > > > Bert > > > > > > > > > > > > > > > > > > > > > > > > > "Arno Seidel" <aseidel@aseidel.com> > > > > > Sent by: > > samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > > > > 27/07/2004 13:15 > > > > > Please respond to > > > > > aseidel@aseidel.com > > > > > > > > > > > > > > > To > > > > > "Samba" <samba@lists.samba.org> > > > > > cc > > > > > > > > > > Subject > > > > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1 > > workstation > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > hm i don?t think that it has something to do with the > > > > trus-relationship if > > > > > it where so than every user on that pc would get a permision > > denied. > > > > > what does the error message exactly says? > > > > > example: > > > > > Access denied, the network path was not found... > > > > > > > > > > > > > > > -----Ursprungliche Nachricht----- > > > > > Von: Bert_De_Ridder@peopleware.be > > > > [mailto:Bert_De_Ridder@peopleware.be] > > > > > Gesendet: Dienstag, 27. Juli 2004 12:57 > > > > > An: aseidel@aseidel.com > > > > > Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login > from 1 > > > > > workstation > > > > > > > > > > > > > > > > > > > > I have checked the user's permissions; I am convinced that > it is > > > > not a > > > > > server setting since the error 'Access denied' (on the > client - > > > > Win2K) > > > > > does > > > > > not happen when the user logs on to another workstation. > > > > > I think it has something to do with the trust > relationship; but > > I > > > > > haven't > > > > > got a clue where to start looking for it. > > > > > > > > > > What loglevel would you suggest ? > > > > > > > > > > > > > > > Bert > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > "Arno Seidel" <aseidel@aseidel.com> > > > > > Sent by: > > > > > samba-bounces+bert_de_ridder=peopleware.be@lists.samba.org > > > > > 27/07/2004 12:30 Please respond to > > > > > aseidel@aseidel.com > > > > > > > > > > > > > > > To <samba@lists.samba.org> > > > > > cc > > > > > Subject AW: [Samba] Samba - LDAP - User cannot > login > > > > from 1 > > > > > workstation > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > did you checked the users permissions?? > > > > > group-entrys... share/directory permissions > > > > > which account flags does the user have. > > > > > did you rise the loglevel to get some more informations? > > > > > what error message do you receive on the windows-pc? > > > > > > > > > > this is no a solution... but may bring you on the right > way > > > > > > > > > > > -----Ursprungliche Nachricht----- > > > > > > Von: samba-bounces+aseidel=aseidel.com@lists.samba.org > > > > > > > [mailto:samba-bounces+aseidel=aseidel.com@lists.samba.org]Im > > > > Auftrag > > > > > von > > > > > > Bert_De_Ridder@peopleware.be > > > > > > Gesendet: Dienstag, 27. Juli 2004 12:16 > > > > > > An: samba@lists.samba.org > > > > > > Betreff: [Samba] Samba - LDAP - User cannot login from 1 > > > > workstation > > > > > > > > > > > > > > > > > > Hello, everyone, > > > > > > > > > > > > This is the situation : > > > > > > > > > > > > We have 2 sites; one domain; 2 samba's on every site; > one is > > > > PDC, the > > > > > > other is BDC. > > > > > > They both use LDAP; the LDAP has a master on the site > where > > the > > > > PDC > > > > > is; > > > > > > the slave LDAP is on the site where the BDC is. > > > > > > > > > > > > There is a user (ONE to be precise) that gives problems > when > > > > working > > > > > on > > > > > a > > > > > > specific machine. > > > > > > > > > > > > When the user logs in using his machine; he can't access > > shares > > > > on > > > > > either > > > > > > of the servers. When he logs in on any other machine, > there is > > > > no > > > > > problem > > > > > > whatsoever. When anybody else logs in using this user's > > machine, > > > > there > > > > > is > > > > > > no problem either. > > > > > > It's only when the user logs in on that specific > machine. > > > > > > The login is fine; I can see the user in the logs: > > > > > > > > > > > > allier (192.168.3.196) connect to service netlogon > initially > > > > as user > > > > > > mschijva (uid=1015, gid=100) (pid 25065) > > > > > > [2004/07/26 14:34:29, 1] > > > > smbd/service.c:make_connection_snum(619) > > > > > > allier (192.168.3.196) connect to service cvs > initially as > > > > user > > > > > > mschijva > > > > > > (uid=1015, gid=100) (pid 25065) > > > > > > > > > > > > >From that point on, the shares can no longer be > accessed. > > > > > > > > > > > > The machine HAS been used in the past in a domain with > the > > same > > > > name, > > > > > but > > > > > > with a different ID. > > > > > > The user receives the 'old' sambasid from the server to > avoid > > > > local > > > > > > profile loss (deleting the user's local profile is NOT > an > > option > > > > BTW). > > > > > > > > > > > > Where can I start looking for this ? > > > > > > Any ideas anyone ? > > > > > > > > > > > > Thanks in advance > > > > > > > > > > > > Bert De Ridder > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > To unsubscribe from this list go to the following URL > and read > > > > the > > > > > > instructions: > http://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and > read > > the > > > > > instructions: > http://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and > read the > > > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > > _______________________ > > > > Umberto Zanatta > > > > linuxDidattica > > > > > > > > tel: +39 (335) 54 71 385 > > > > email: umberto.z@tin.it > > > > web: http://linuxdidattica.org > > > > _______________________ > > > > -- > > > > To unsubscribe from this list go to the following URL and read > the > > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > _______________________ > > > Umberto Zanatta > > > linuxDidattica > > > > > > tel: +39 (335) 54 71 385 > > > email: umberto.z@tin.it > > > web: http://linuxdidattica.org > > > _______________________ > > > -- > > > To unsubscribe from this list go to the following URL and read > the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > -- > > > To unsubscribe from this list go to the following URL and read > the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > _______________________ > Umberto Zanatta > linuxDidattica > > tel: +39 (335) 54 71 385 > email: umberto.z@tin.it > web: http://linuxdidattica.org > _______________________ > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba_______________________ Umberto Zanatta linuxDidattica tel: +39 (335) 54 71 385 email: umberto.z@tin.it web: http://linuxdidattica.org _______________________