Re: [Samba] samba+ldap: Simu.- login of 2 different users = user rejected
obey pam restrictions = yes pam password change = yes I reconfigured the server at these points (and profile acls = yes). At least it improved the unaccessible profile: One of the 2 concurrent clients gets its profile instantly, the other one has a minute of waiting before getting its data. I'll still have to increase the log level. Didn't have time for much the past few days. Thanks again, timbo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba+ldap: Simu.- login of 2 different users = user rejected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/2007 02:02 PM, Tim Boneko wrote: Has anybody had this problem before? If not, where should i start digging? By the logs you sent, definetely PAM. :-) I'm running Samba 3.0.24 on Debian stable with slapd-2.2.23 backend. smb.conf is attached below. When two different users log in at the same moment, the login process seems to freeze for a minute and the client (win2k) complains about missing profile or missing access to profile. A single user login works perfectly. The log.smbd contains this: krake smbd[28474]: [2007/03/05 15:06:09, 0] auth/pampass.c:smb_pam_account(573) krake smbd[28474]: smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: ws13 krake smbd[28474]: [2007/03/05 15:06:09, 0] auth/pampass.c:smb_pam_accountcheck(781) krake smbd[28474]: smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User ws13! PAM: UNKNOWN PAM ERROR is not something nice to see on your longs. By the description of the problem, I would say that the try to access the profile (specially if it is a big one) could lead do RO/RW problems, but I'm not sure, that's just MHO. Nothing interesting in auth.log and the same message in syslog (where slapd logs to). I don't know if this is a samba issue or ldap or network... It seems something in the middle. ;) Did you already increase the log level of Samba? Any suggestions are highly welcome. We've got 20+ clients and users typically log in simultaneously. Simultaneously should be interpreted at the exactly same time, or should be interpreted as a user logs in the morning and the same user logs in the afternoon. timbo smb.conf: [...] obey pam restrictions = yes pam password change = yes You are using PAM, so you really should check there, it could be the problem. socket options =IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768 Are you aware that under kernel 2.6.x you can have a better network performance if you remove SO_SNDBUF and SO_RCVBUF? [netlogon] path = /ghswa/home/netlogon write list = supervisor browseable = yes [profiles] path = /ghswa/home/%u writeable = yes write list = %u browseable = no Maybe you should try 'csc policy = disable' and maybe 'profile acls' can help you on this one. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7XpfCj65ZxU4gPQRArDWAJ0T7jbRlTwSdcS9dpOQsmExj5h5/QCbBV6X m6NLCHaK2kRH2GlafeZROyU= =Mzz/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba+ldap: Simu.- login of 2 different users = user rejected
Felipe Augusto van de Wiel schrieb: PAM: UNKNOWN PAM ERROR is not something nice to see on your longs. That's sad but true... Did you already increase the log level of Samba? I'll check that tomorrow (hopefully). Simultaneously should be interpreted at the exactly same time, or should be interpreted as a user logs in the morning and the same user logs in the afternoon. They hit the return key at the same second. Found it out when i did some performance tuning and testing (which showed that the SO_xBUF options indeed increased it. I'm at 8 MB/sec netto data rate on a 100Mbit net. Is that acceptable for you?) obey pam restrictions = yes pam password change = yes You are using PAM, so you really should check there, it could be the problem. OK, I'll try it tomorrow. I'm not sure why these options are set, must have been me some months ago... darn amateurs... Many thanks for your hints, i'll let you know the effects! timbo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba+ldap: Simu.- login of 2 different users = user rejected
Has anybody had this problem before? If not, where should i start digging? I'm running Samba 3.0.24 on Debian stable with slapd-2.2.23 backend. smb.conf is attached below. When two different users log in at the same moment, the login process seems to freeze for a minute and the client (win2k) complains about missing profile or missing access to profile. A single user login works perfectly. The log.smbd contains this: krake smbd[28474]: [2007/03/05 15:06:09, 0] auth/pampass.c:smb_pam_account(573) krake smbd[28474]: smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: ws13 krake smbd[28474]: [2007/03/05 15:06:09, 0] auth/pampass.c:smb_pam_accountcheck(781) krake smbd[28474]: smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User ws13! Nothing interesting in auth.log and the same message in syslog (where slapd logs to). I don't know if this is a samba issue or ldap or network... Any suggestions are highly welcome. We've got 20+ clients and users typically log in simultaneously. timbo smb.conf: panic action = /usr/share/samba/panic-action %d dos charset = 850 unix charset = ISO-8859-15 display charset = ISO-8859-15 netbios name = KRAKE workgroup = GHSWA hosts allow = 192.168. inherit acls = yes update encrypted = yes obey pam restrictions = yes pam password change = yes socket options =IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768 passdb backend =ldapsam:ldap://127.0.0.1 os level = 65 preferred master = yes domain master = yes local master = yes wins support = yes time server = yes security = user admin users = supervisor add user script = smbldap-useradd -m -a %u delete user script =smbldap-userdel %u add group script = smbldap-groupadd -p %g delete group script = smbldap-groupdel %g add user to group script = smbldap-groupmod -m %u %g delete user from group script = smbldap-groupmod -x %u %g set primary group script = smbldap-usermod -g %u %g add machine script = smbldap-useradd -w %u domain logons = yes logon path =\\KRAKE\%U\.winprofile logon home =\\%L\%U logon script = logon.bat preserve case = yes short preserve case = yes case sensitive =no guest ok = no printcap = cups ldap admin dn = cn=supervisor,dc=ghswa ldap delete dn =yes ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=ghswa ldap ssl = no host msdfs =yes [netlogon] path = /ghswa/home/netlogon write list = supervisor browseable = yes [profiles] path = /ghswa/home/%u writeable = yes write list = %u browseable = no [...other shares...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba