I have tried everything : logging of the user; rebooting machines... 

I have thought about giving a new username; but there are lots of programs 
installed on his machine; all with registry dependencies (Delphi 5 for 
one) and creating a new user would make him loose all his settings (we 
don't save the profile on the servers) 

Samba sid et all are correct. 

Bert De Ridder

"Arno Seidel" <[EMAIL PROTECTED]> 
29/07/2004 11:01
Please respond to


AW: [Samba] Samba - LDAP - User cannot loginfrom        1workstation


i?m wondering about that this behavior is only for one user..
why does another user in the same segment of the domain not behave 
How did you changed the users to try?? Did you just log of the user 
and logged on with a diffrent user again..
or did you restart the computer and logged in as a diffrent user?
just a silly question: when this is the only one user with that behavior 
you don?t give him a new
Did you checked the uid / samba-SID and any nurmeric value of that user in
his ldap-entry?

  -----Ursprungliche Nachricht-----
  Gesendet: Mittwoch, 28. Juli 2004 15:09
  Betreff: Re: AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot 

  It becomes VERY weird...

  This afternoon I witnessed the following : the user logged on to his pc;
accessed his home directory on the PDC; no problema; accessed another 
on the PDC; no problema; accessed a share on the BDC : connection refused.
Going back to the PDC to access the home directory : connection refused.

  However; there were NO error entries in the logs on either Samba server.
Only entries like these :
  [2004/07/28 13:29:38, 1] smbd/service.c:make_connection_snum(619)
    allier ( connect to service cvs initially as user 
(uid=1015, gid=100) (pid 22284)

  I'm completely lost now....

  Bert De Ridder

        "Arno Seidel" <[EMAIL PROTECTED]>
        Sent by: 
        28/07/2004 11:24 Please respond to
              [EMAIL PROTECTED]

              cc [EMAIL PROTECTED]
              Subject AW: AW: AW: AW: [Samba] Samba - LDAP - User cannot
loginfrom        1        workstation


  what os does the client have? W98?

  in the system-controll folder there should be a icon (in german called
  Verwaltung) whre the local policies , the settings for odbc ...and mor
  are... there should be also an icon called
  eventmanager / display... maybe there is a log entry?

  Did you see some errrors on the samba side (instead of the connection
  by peer) if you try a higher debug-/log-level?

  the other way is, that you back-up the users home-directory, and his
  roaming-profile and completely remove him and (from windows / ldap / 
  ...) and readd him as a new
  user with a empty home and profile-directory... and then just put the
  saved-files (from the profile / homedirectory in the new created profile 
  home-directory in.
  it could be that there are some settings in the profile are wrong.

  -----Ursprungliche Nachricht-----
  Gesendet: Mittwoch, 28. Juli 2004 08:23
  Betreff: Re: AW: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1

   Yes, I have checked the LDAP entry; I even recreated it; I tried the
  user/pwd on 3 other machines : 2000 Prof. Wks; 2000 Server and XP Prof.
   The local permissions on the machine are OK; I can add the domain user 
  the local admin. group, so that should be ok.

   I agree that it is not a server-side issue; but where on the client can 
  start searching for errors ?


   Bert De Ridder

   PeopleWare NV - Head Office
   Cdt.Weynsstraat 85
   B-2660 Hoboken
   Tel: +32 3 448.33.38
   Fax: +32 3 448.32.66

   PeopleWare NV - Branch Office Geel
   Kleinhoefstraat 5
   B-2440 Geel
   Tel: +32 14 57.00.90
   Fax: +32 14 58.13.25


         "Arno Seidel" <[EMAIL PROTECTED]>
         Sent by: 
         27/07/2004 17:56 Please respond to
               [EMAIL PROTECTED]

        To <[EMAIL PROTECTED]>
               Subject AW: AW: AW: [Samba] Samba - LDAP - User cannot
  loginfrom        1        workstation


   did you check the ldap-entry for that user?? maybe there is a 
   are the other workstations you tried w2k too?
   are the "local" permissions on the workstation for that user correct???
   maybe there is a local-policy...
   maybe there is a user-workstation entry in the ldapaccount...

   i don?t think that it has something to do with the configuration of the
   samba /ldap servers, because other pc?s on the same segment have no

   > -----Ursprungliche Nachricht-----
   > [mailto:[EMAIL PROTECTED] Auftrag
   > Gesendet: Dienstag, 27. Juli 2004 16:51
   > An: Umberto Zanatta
   > Betreff: Re: AW: AW: [Samba] Samba - LDAP - User cannot loginfrom 1
   > workstation
   > Yes, but I hadn't included that in my previous post; I tried to trim
   > message
   > winbind uid = 100-20000
   > winbind gid = 100-20000
   > winbind separator = +
   > winbind use default domain = Yes
   > I am not using password server, because i want Samba to think it's on
   > same server; however the LDAP on that server is a slave, so updates 
   > sent to our master LDAP server. (and back to the slave via the
   > off course)
   > I can use the shares via smbclient on the server; I really don't 
   > there is an error on the server; since everything works when changing
   > other conditions (switch pc or another user on that pc); it's just 
   > one user when working on that one machine.
   > Bert De Ridder
   > Umberto Zanatta <[EMAIL PROTECTED]>
   > Sent by: [EMAIL PROTECTED]
   > 27/07/2004 15:28
   > To
   > cc
   > Subject
   > Re: AW: AW: [Samba] Samba - LDAP - User cannot login from       1
   > workstation
   > Have you tried configuring winbind? Of course, it's very important on
   > Samba PDC+BDC+File Server.
   > Perhaps, you've forgotten 'password server': it hasn't to be the ip 
   > bdc, but the ip of pdc
   > and 'security = domain';
   > You should as well (for name resolver) add bcast to 'name resolve
   > order'.
   > Il mar, 2004-07-27 alle 15:15, [EMAIL PROTECTED] ha 
   > > Ok, so the getpeername was a coincidence; I haven't seen it more 
   > > once, that's true.
   > >
   > > smb.conf:
   > > [global]
   > >         domain master = No
   > >         domain logons = Yes
   > >         map to guest = never
   > >         netbios name = FATTY
   > >         workgroup = PEOPLEWARE
   > >         server string = Linux BDC
   > >         encrypt passwords = Yes
   > >         log level = 2
   > >         name resolve order = lmhosts wins
   > >         time server = Yes
   > >         socket options = SO_SNDBUF=8192 SO_RCVBUF=8192
   > >         guest account = nobody
   > >         logon script = login.bat
   > >         logon path =
   > >         logon drive = H:
   > >         os level = 99
   > >         preferred master = No
   > >         wins support = Yes
   > >         wins server =
   > >         remote browse sync =
   > >         remote announce =
   > >         printing = cups
   > >         local master = yes
   > >         load printers = yes
   > >         printcap name = cups
   > >         passwd program =/usr/local/sbin/smbldap-passwd %u
   > >         passwd chat = *new*password* %n\n *new*password:* %n\
   > > *successfully*
   > >         add machine script = /usr/local/sbin/smbldap-useradd -w u%
   > >         add user script = /usr/local/sbin/smbldap-useradd -a %u
   > >         delete user script = /usr/local/sbin/smbldap-userdel %u
   > >         add group script = /usr/local/sbin/smbldap-groupadd %g
   > >         delete group script = /usr/local/sbin/smbldap-groupdel %g
   > >         add user to group script =
/usr/local/sbin/smbldap-groupmod -m
   > > %u %g
   > >         delete user from group script =
   > > /usr/local/sbin/smbldap-groupmod -x %u %g
   > >         set primary group script = /usr/local/sbin/smbldap-usermod 
   > > %g %u
   > >         passdb backend = ldapsam:ldap://
   > >         ldap suffix = dc=peopleware,dc=be
   > >         ldap admin dn = cn=Manager,dc=peopleware,dc=be
   > >         ldap user suffix = ou=Users
   > >         ldap group suffix = ou=Groups
   > >         ldap machine suffix = ou=Computers
   > >         ldap idmap suffix = ou=Users
   > >         ldap passwd sync = Yes
   > >         ldap ssl = off
   > >
   > > [netlogon]
   > >         path = /var/lib/samba/netlogon
   > >         read only = No
   > >         create mask = 0600
   > >         directory mask = 0700
   > >         browseable = No
   > > [homes]
   > >         comment = Home directories
   > >         path = /home/%U
   > >         read only = No
   > >         create mask = 0640
   > >         directory mask = 0750
   > >         browseable = Yes
   > > [cvs]
   > >      path = /local/cvs
   > >      read only = No
   > >      create mask = 0777
   > >      force group = users
   > >      public = yes
   > >      guest ok = yes
   > >
   > > Bert De Ridder
   > >
   > >
   > >
   > > Umberto Zanatta
   > > Sent by:
   > >
   > > 27/07/2004 14:57
   > >                To
   > >                cc
   > >           Subject
   > > Re: AW: AW:
   > > [Samba] Samba -
   > > LDAP - User
   > > cannot login from
   > > 1
   > > workstation
   > >
   > >
   > >
   > >
   > > No, isn't; but, there's some problems in resolvconf/hosts/dns.
   > >
   > > """
   > > getpeername failed
   > > """
   > >
   > > Meanwihile, should you post the smb.conf related to?
   > >
   > > Il mar, 2004-07-27 alle 14:46, [EMAIL PROTECTED] ha
   > > scritto:
   > >
   > > > That's true...
   > > >
   > > > The message is :
   > > >
   > > > <sharename> is not accessible
   > > > Network access is denied
   > > >                  <OK>
   > > >
   > > > Even if I navigate to the share CVS (which works during login - 
   > > my
   > > > original mail) I get that message.
   > > >
   > > > I don't know whether it's related, but I now notice other 
   > > in the
   > > > log :
   > > >
   > > > [2004/07/26 14:24:32, 1] smbd/service.c:make_connection_snum(619)
   > > > allier ( connect to service cvs initially as user
   > > mschijva
   > > > (uid=1015, gid=100) (pid 24964)
   > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:get_peer_addr(978)
   > > >   getpeername failed. Error was Transport endpoint is not 
   > > > [2004/07/26 14:24:48, 0] lib/util_sock.c:read_socket_data(367)
   > > >   read_socket_data: recv failure for 4. Error = Connection reset 
   > > peer
   > > >
   > > >
   > > > Do you think it's related?
   > > >
   > > >
   > > >
   > > > Bert
   > > >
   > > >
   > > >
   > > >
   > > > "Arno Seidel" <[EMAIL PROTECTED]>
   > > > Sent by: 
   > > > 27/07/2004 13:15
   > > > Please respond to
   > > >
   > > >
   > > > To
   > > > "Samba" <[EMAIL PROTECTED]>
   > > > cc
   > > >
   > > > Subject
   > > > AW: AW: [Samba] Samba - LDAP - User cannot login from 1 
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >
   > > > Hi,
   > > >
   > > > hm i don?t think that it has something to do with the
   > > trus-relationship if
   > > > it where so than every user on that pc would get a permision
   > > > what does the error message exactly says?
   > > > example:
   > > > Access denied, the network path was not found...
   > > >
   > > >
   > > >   -----Ursprungliche Nachricht-----
   > > >   Von: [EMAIL PROTECTED]
   > > [mailto:[EMAIL PROTECTED]
   > > >   Gesendet: Dienstag, 27. Juli 2004 12:57
   > > >   An: [EMAIL PROTECTED]
   > > >   Betreff: Re: AW: [Samba] Samba - LDAP - User cannot login from 
   > > > workstation
   > > >
   > > >
   > > >
   > > >   I have checked the user's permissions; I am convinced that it 
   > > not a
   > > > server setting since the error 'Access denied' (on the client -
   > > Win2K)
   > > > does
   > > > not happen when the user logs on to another workstation.
   > > >   I think it has something to do with the trust relationship; but 
   > > > haven't
   > > > got a clue where to start looking for it.
   > > >
   > > >   What loglevel would you suggest ?
   > > >
   > > >
   > > >   Bert
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >         "Arno Seidel" <[EMAIL PROTECTED]>
   > > >         Sent by:
   > > >         27/07/2004 12:30 Please respond to
   > > >               [EMAIL PROTECTED]
   > > >
   > > >
   > > >        To <[EMAIL PROTECTED]>
   > > >               cc
   > > >               Subject AW: [Samba] Samba - LDAP - User cannot 
   > > from 1
   > > > workstation
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >
   > > >   Hi,
   > > >
   > > >   did you checked the users permissions??
   > > >   group-entrys... share/directory permissions
   > > >   which account flags does the user have.
   > > >   did you rise the loglevel to get some more informations?
   > > >   what error message do you receive on the windows-pc?
   > > >
   > > >   this is no a solution... but may bring you on the right way
   > > >
   > > >   > -----Ursprungliche Nachricht-----
   > > >   > Von: [EMAIL PROTECTED]
   > > >   > [mailto:[EMAIL PROTECTED]
   > > Auftrag
   > > > von
   > > >   > [EMAIL PROTECTED]
   > > >   > Gesendet: Dienstag, 27. Juli 2004 12:16
   > > >   > An: [EMAIL PROTECTED]
   > > >   > Betreff: [Samba] Samba - LDAP - User cannot login from 1
   > > workstation
   > > >   >
   > > >   >
   > > >   > Hello, everyone,
   > > >   >
   > > >   > This is the situation :
   > > >   >
   > > >   > We have 2 sites; one domain; 2 samba's on every site; one is
   > > PDC, the
   > > >   > other is BDC.
   > > >   > They both use LDAP; the LDAP has a master on the site where 
   > > PDC
   > > > is;
   > > >   > the slave LDAP is on the site where the BDC is.
   > > >   >
   > > >   > There is a user (ONE to be precise) that gives problems when
   > > working
   > > > on
   > > > a
   > > >   > specific machine.
   > > >   >
   > > >   > When the user logs in using his machine; he can't access 
   > > on
   > > > either
   > > >   > of the servers. When he logs in on any other machine, there 
   > > no
   > > > problem
   > > >   > whatsoever. When anybody else logs in using this user's
   > > there
   > > > is
   > > >   > no problem either.
   > > >   > It's only when the user logs in on that specific machine.
   > > >   > The login is fine; I can see the user in the logs:
   > > >   >
   > > >   >   allier ( connect to service netlogon 
   > > as user
   > > >   > mschijva (uid=1015, gid=100) (pid 25065)
   > > >   > [2004/07/26 14:34:29, 1]
   > > smbd/service.c:make_connection_snum(619)
   > > >   >   allier ( connect to service cvs initially as
   > > user
   > > >   > mschijva
   > > >   > (uid=1015, gid=100) (pid 25065)
   > > >   >
   > > >   > >From that point on, the shares can no longer be accessed.
   > > >   >
   > > >   > The machine HAS been used in the past in a domain with the 
   > > name,
   > > > but
   > > >   > with a different ID.
   > > >   > The user receives the 'old' sambasid from the server to avoid
   > > local
   > > >   > profile loss (deleting the user's local profile is NOT an
   > > BTW).
   > > >   >
   > > >   > Where can I start looking for this ?
   > > >   > Any ideas anyone ?
   > > >   >
   > > >   > Thanks in advance
   > > >   >
   > > >   > Bert De Ridder
   > > >   >
   > > >   >
   > > >   >
   > > >   > --
   > > >   > To unsubscribe from this list go to the following URL and 
   > > the
   > > >   > instructions:  http://lists.samba.org/mailman/listinfo/samba
   > > >   >
   > > >
   > > >   --
   > > >   To unsubscribe from this list go to the following URL and read
   > > >   instructions:  http://lists.samba.org/mailman/listinfo/samba
   > > >
   > > > --
   > > > To unsubscribe from this list go to the following URL and read 
   > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
   > >
   > > _______________________
   > > Umberto Zanatta
   > > linuxDidattica
   > >
   > > tel: +39 (335) 54 71 385
   > > email: [EMAIL PROTECTED]
   > > web: http://linuxdidattica.org
   > > _______________________
   > > --
   > > To unsubscribe from this list go to the following URL and read the
   > > instructions:  http://lists.samba.org/mailman/listinfo/samba
   > _______________________
   > Umberto Zanatta
   > linuxDidattica
   > tel: +39 (335) 54 71 385
   > email: [EMAIL PROTECTED]
   > web: http://linuxdidattica.org
   > _______________________
   > --
   > To unsubscribe from this list go to the following URL and read the
   > instructions:  http://lists.samba.org/mailman/listinfo/samba
   > --
   > To unsubscribe from this list go to the following URL and read the
   > instructions:  http://lists.samba.org/mailman/listinfo/samba

   To unsubscribe from this list go to the following URL and read the
   instructions:  http://lists.samba.org/mailman/listinfo/samba

  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to