[Samba] Strange Roaming Profiles problem
Hi experts, I encounter a serious problem using Roaming Profiles unter XP Prof. I don't know if this is realy a Samba issue, mybe someone has already solved the same problem. I am running Samba 2.2.5 as an PDC using LDAP. The first time I log on with user tom, all looks perfect and a profile is downloaded from the Samba PDC, say into D:\Documents and Settings\tom. Then I log out and re-login. Sometimes the System complains something like not able to copy the profile from the server because D:\Documents and Settings\tom\Cookies\index.dat is inaccessable. You are logon to a temporary profile (the exact message is different but thats the essence). Question: Who could have still the index.dat File in look??? To isolate the problem, I set the Registry Key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = DeleteRoamingCache=dword:0001, so the profile should be delete on logout. What happens now is as follows: (1) I Reboot the maschine and delete all local Profile-Directories for user tom (as Admin) (2) Login as tom - Profiledirectory D:\Documents and Settings\tom is created and copied (3) Loginout tom (4) Login as tom again and now: (4a) Profiledirectory D:\Documents and Settings\tom.DOMAIN (???) is created and copied (4b) A fraction of D:\Documents and Settings\tom still exists (???). The remaining files are: D:\Documents and Settings\tom\Cookies\index.dat D:\Documents and Settings\tom\Local Settings\History\History.IE5\index.dat D:\Documents and Settings\tom\\Local Settings\Temporary Internet Files\Content.IE5\index.dat all other files are delated as expected. When I now logout and login again, the same will happend and one new profile directory tom.DOMAIN.001 will be created, while tom.DOMAIN conatins the same files as in tom. When I try to delete the files by hand, I get an error message from XP: Cannot delete index: It is beeing used by another person or program. Close any programs that might be using the file and try again. I cannot imagine what program or user that can be! I restart Samba but that - clearly - doesn't matter. I even kill several XP processes using the task-manager, but that doesn't help. After I reboot the XP maschine I can delete the files in question by hand without complain. I google around but find no matching article. But I find \usr\share\doc\packages\samba\Registry\NT4-Locking.reg: Does this may help? Under which circumstances one have to apply these settings? Second, I'm playing around with the profiles on the server: Copying parts of them from one user to the other, modifying the SID Field in the LDAP Schemata and re-joining the Domain multiple times. May this cause such problems? Any ideas? Respose would be VERY wellcome!!! Thanks, Thorsten Marsen. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passwd: Authentication token manipulation error
Hi John, The smbpasswd utilitiy only changes the password in /etc/samba/smbpasswd. It does NOT use PAM at all. The system tool 'passwd' (/bin/passwd or /usr/bin/passwd) will use PAM. Whatever you configure PAM to do it will follow. Firstly, pam_smbpass.so does NOT do unix system password changing! It can be added to your PAM configuration to update the /etc/samba/smbpasswd file. In the case LDAP is configured, smbpasswd will change the lm/ntPassword Fields in the Samba Schemata instead of /etc/samba/smbpasswd. Do you know if pam_smbpass.so also regognizes this configuration? Thanks, Thorsten. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap_modify_s Insufficient access
Hi, we are running Samba 2.2.5 using LDAP und pam_ldap (pam_unix2 with
auth+account+password=use_ldap) as PDC out of the SuSE 8.1 distribution. It
runs very well: Login für UnixSamba ok, Passwort-Change for Samba via
smbpasswd Ok and we are able to manipulate the Linux Password in LDAP using
the GQ Client. The only thing that doesn't work is passwd itself:
venezuela:/home/tdm # passwd guest
Changing password for guest.
Enter login(LDAP) password:
New password:
Bad password: a palindrome
Re-enter new password:
LDAP password information update failed: Unknown error
Password changed
venezuela:/home/tdm #
and in /var/log/messages:
Jan 28 13:39:47 venezuela passwd[28505]: pam_ldap: ldap_modify_s
Insufficient access
Can you please help, because this is a very important issue for us! Thanks
in advance,
Thorsten.
Some conf-staff:
/etc/openldap/ldap.conf
host192.168.1.1
basedc=tdm-consult, dc=com
ssl no
# für nss_ldap
crypt des
# für pam_ldap
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_crypt local
pam_passwordcrypt
ldap_version3
/etc/openldap/slap.conf
suffix dc=tdm-consult,dc=com
rootdn cn=tdm,dc=tdm-consult,dc=com
rootpw {crypt}...
/etc/pam.d/passwd
auth required pam_unix2.sonullok
account requiredpam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.sonullok use_first_pass use_authtok
session requiredpam_unix2.so
/etc/security/pam_unix2
auth: use_ldap nullok
account:use_ldap
password: use_ldap nullok
session:none
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
ldap_modify_s Insufficient access
Hi, we are running Samba 2.2.5 using LDAP und pam_ldap (pam_unix2 with
auth+account+password=use_ldap) as PDC out of the SuSE 8.1 distribution. It
runs very well: Login für UnixSamba ok, Passwort-Change for Samba via
smbpasswd Ok and we are able to manipulate the Linux Password in LDAP using
the GQ Client. The only thing that doesn't work is passwd itself:
venezuela:/home/tdm # passwd guest
Changing password for guest.
Enter login(LDAP) password:
New password:
Bad password: a palindrome
Re-enter new password:
LDAP password information update failed: Unknown error
Password changed
venezuela:/home/tdm #
and in /var/log/messages:
Jan 28 13:39:47 venezuela passwd[28505]: pam_ldap: ldap_modify_s
Insufficient access
Can you please help, because this is a very important issue for us! Thanks
in advance,
Thorsten.
Some conf-staff:
/etc/openldap/ldap.conf
host192.168.1.1
basedc=tdm-consult, dc=com
ssl no
# für nss_ldap
crypt des
# für pam_ldap
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_crypt local
pam_passwordcrypt
ldap_version3
/etc/openldap/slap.conf
suffix dc=tdm-consult,dc=com
rootdn cn=tdm,dc=tdm-consult,dc=com
rootpw {crypt}...
/etc/pam.d/passwd
auth required pam_unix2.sonullok
account requiredpam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.sonullok use_first_pass use_authtok
session requiredpam_unix2.so
/etc/security/pam_unix2
auth: use_ldap nullok
account:use_ldap
password: use_ldap nullok
session:none
[Samba] Error attempt_netbios_session_request
Hella List, regularily I get Syslog Messages of following form: Jan 24 03:39:03 venezuela smbd-ldap[9175]: attempt_netbios_session_request: WINXPHOME rejected the session for name *SMBSERVER with error Not listening on called name Jan 24 03:39:03 venezuela smbd-ldap[9175]: connect_to_client: machine WINXPHOME rejected the NetBIOS session request. My Server called "venezuela" ist PDC and configured to use LDAP as you can see. The system is running very stable, but sometimes - not every time - I have extreme Login-/Logout Times at my Windows Client "WINXPHOME" running Windows XP. In my opinion, this is no DNS problem. Im running Roaming Profiles at der PDC and Linux is the WINS Server (wins support = dns proxy = yes, name resolve order = hosts bcast). Others is standard - there is no complex network architecture involved. Any suggestions? Thanks, Thorsten.
