Hallo all,
last weekend, We have installed a new server with debian squeeze and samba
3.6.5. This sever replace the old samba-PDC and BDC (samba 3.2.5). We also
install new server vor ldap and kerberos with a new ldap structure and the
move the config from slap.conf to slad.d/. The ldapdatabase ware restore with
the necessery changes from dump of the old datatabase. Also the kerberos
database. We only use Kerberos for user authentfication.
Now I have a strangely Problem. Some user can login to our windows domain
without problems, some user can login sometimes and other user can login only
at morining or evening, if the most user at home. It soever the same user that
can login or not to the windows domain.
The errors, that the user see is after authenzification, access denied, can not
login.
At the windows server (Windowsserver 2003), I found the following log entries.
Login rejectet for DOMAIN\user Unable to obtain Terminal server User
Configuration. Access denied. In the Debug-Windows I can see the eventid 1219
and the Programm winlogon.exe.
The eventlog for security show, that the user can login.
I have set the logs for samba to 10, but I cant see anny error.
My smb.conf:
[global]
workgroup = DOMAIN
server string = samba
netbios name = fileserver
wins support = yes
name resolve order = wins host lmhosts bcast
dns proxy = no
interfaces = eth0 10.1.0.3/255.255.0.0
bind interfaces only = yes
security = user
encrypt passwords = true
lanman auth = yes
passdb backend = ldapsam:"ldap://ldap.mynet.local"
obey pam restrictions = no
guest account = nobody
invalid users = root
unix password sync = no
ldap passwd sync = yes
ldap admin dn = cn=admin,dc=mynet
ldap ssl = off
ldap delete dn = no
ldap suffix = dc=fli
ldapsam:trusted = no
ldap timeout = 30
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
domain logons = yes
domain master = yes
os level = 200
preferred master = yes
local master = yes
logon path = \\fs1\profiles\%U
logon drive = H:
# The script must be stored in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
logon script = logon.bat
load printers = yes
printing = cups
printcap name = cups
socket options = TCP_NODELAY
log file = /var/log/samba/log.%m
log level = 10
max log size = 500
syslog = 0
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
[profiles]
comment = Users profiles
path = /home/samba/profiles
guest ok = no
browseable = no
writable = yes
share modes = no
; Verstecke System-Dateien (16.11.07 - most)
hide files = /?esktop.ini/ntuser.ini/NTUSER.*/?humbs.db/
I hope someone can halp me. It is necessary for our work here.
Thanks in advance.
Monika
--
________________________________________________________________________________
Monika Strack
Institut fuer Nutztiergenetik
Friedrich-Loeffler-Institut
31535 Neustadt e-mail: monika.strack at fli.bund.de
Germany Tel: +49 5034 /871 154
Fax: +49 5034 /871 239
_______________________________________________________________________________
