samba - Jan 2007 - Some users can connect and others can't

I have the following configuration on one of my file shares using 
3.0.10.  And I have found out that some users can get files off of the 
server and some cannot.
The users that cannot connect get the error.
"Incorrect password or unknown username"
  Connect as;
  Password:

After playing around awhile I added one of the users to the computer 
with useradd.  They were then able to connect.  I am not sure why this 
was required, because I have a number of other users which don't have a 
accounts on this server and they can login just fine.

I add a local account  using
useradd user1
and they can login
userdel user1
and they can't login

Using a SambaPDC with LDAP backend.  So I am guessing that there is a 
property in there that some accounts have and some don't.  I just haven'
t been able to figure out what it is.  Any help would be appreciated.


# Global parameters
[global]
    workgroup = DOM
    netbios name = STANDARD_SERVER
    server string = Standard Data
    security = DOMAIN
    password server = 192.168.5.2 192.168.5.3
    log level = 0 vfs:2
    log file = /var/log/samba/%U.%m.log
    max log size = 50
    smb ports = 139
    lpq cache time = 20
    printcap name = /etc/printcap
    dns proxy = No
    wins server = 192.168.5.2
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template primary group = "Domain Users"
    template shell = /bin/bash
    winbind separator = +
    printer admin = DOM+phwashington, root-clark, phwashington
    hosts allow = 192.168.5., 10.10.9., 192.168.6., 127.
    veto files = /.*/lost*/
    vfs objects = extd_audit

[Char_Data]
    comment = STANDARD DATA
    path = /STANDARD_DATA
    valid users = "@DOM+Domain Users"
    read list = "@DOM+Domain Users"
    write list = "@DOM+Domain Users"
    read only = No
    create mask = 0774
    security mask = 0774
    force security mode = 0770
    directory mask = 02777
    directory security mask = 0770
    force directory security mode = 0770
    inherit permissions = Yes
    veto oplock files = /DOM.*/
    dos filetimes = Yes
    vfs objects = recycle
    recycle:exclude = *.tmp,*.temp
    recycle:keeptree = yes
    recycle:repository = .recycle/%U
    recycle:touch = yes
    recycle:versions = yes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/02/2007 11:57 PM, Philip Washington escreveu:
> I have the following configuration on one of my file 
> shares using 3.0.10.  And I have found out that some
> users can get files off of the server and some cannot.
	Just as an advice, not related with your actual problem,
you should think about upgrading your Samba version, there are
lots of bug fixes and new features after Samba 3.0.14 and 3.0.2x.
And don't forget to check the Changelog to see how it is going to
impact your actual Samba implementation.

> The users that cannot connect get the error.
> "Incorrect password or unknown username"
>  Connect as;
>  Password:
> 
> After playing around awhile I added one of the users to the computer
> with useradd.  They were then able to connect.  I am not sure why this
> was required, because I have a number of other users which don't have a
> accounts on this server and they can login just fine.
> 
> I add a local account  using
> useradd user1
> and they can login
> userdel user1
> and they can't login
> 
> Using a SambaPDC with LDAP backend.  So I am guessing that there is a
> property in there that some accounts have and some don't.  I just
haven'
> t been able to figure out what it is.  Any help would be appreciated.
	How is your NSS configuration? Samba needs to find unix
accounts to properly works, if you are using LDAP, you should be
able to find your LDAP users/accounts in your unix system using
getent.

> # Global parameters
> [global]
>    workgroup = DOM
>    netbios name = STANDARD_SERVER
>    server string = Standard Data
>    security = DOMAIN
>    password server = 192.168.5.2 192.168.5.3
	Is this a PDC?  It doesn't looks like as a PDC.


>    log level = 0 vfs:2
>    log file = /var/log/samba/%U.%m.log
>    max log size = 50
>    smb ports = 139
>    lpq cache time = 20
>    printcap name = /etc/printcap
>    dns proxy = No
>    wins server = 192.168.5.2
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    template primary group = "Domain Users"
>    template shell = /bin/bash
>    winbind separator = +
>    printer admin = DOM+phwashington, root-clark, phwashington
>    hosts allow = 192.168.5., 10.10.9., 192.168.6., 127.
>    veto files = /.*/lost*/
>    vfs objects = extd_audit
[...]


	Kind regards,


- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFpkPACj65ZxU4gPQRAlOZAJ9VAGiPBt7uUSU8ItR/t9OH+dMgcgCdErC+
iTS30wvs+c4Gdq230opivPU=CGGa
-----END PGP SIGNATURE-----