roaming profile werden nicht mehr geladen

[jingojango]

Hallo,
ich habe einen Samba PDC mit openldap, nss-ldap und ldap_pam.
Bisher funktionierte dieser wunderbar doch seit etwa einem Monat spinnt er etwas.
Die profile können nicht mehr Richtig geladen werden. (windowsmeldung: Die datei: .... konnte nicht nach C:\Dokumente... kopiert werden....)
Wenn dann auf dem Computer kein profil von dem user exestiert bekommt er das standart profil.
In der log zu dem jeweiligen computer kommt:

[2006/09/19 15:55:08, 1] auth/auth_util.c:make_server_info_sam(876)
User joda in passdb, but getpwnam() fails!
[2006/09/19 15:55:08, 0] auth/auth_sam.c:check_sam_security(331)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'

openldap: 2.3.24-r1
samba: 3.0.22-r3
distri: gentoo

getent passwd
delphin$:*:1080:408:Computer:/dev/null:/bin/false
...

gettend shadow
joda:*:::::::0
....

meine smb.conf :

[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = WYATTLINUX
netbios name = LINUXSERVER
server string = Primary Linux Server
interfaces = 192.168.10.0/24, lo
bind interfaces only = Yes
smb passwd file = /etc/samba/private/smbpasswd
passdb backend = ldapsam:ldap://127.0.0.1, smbpasswd
log file = /var/log/samba/%m.log
log level = 1
max log size = 10000
name resolve order = wins lmhosts bcast dns
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel -r "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon.cmd
logon path = \\%L\%U\profile
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=ldapadmin,dc=wte,dc=de
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=wte,dc=de
ldap user suffix = ou=Users
utmp = Yes
message command = echo "Nachricht von %f an %t: " `cat %s` >> /var/log/winpopup
remote browse sync = 172.20.1.1 172.20.1.2
printer admin = "@Domain Admins"
hosts allow = 192.168., 172.20.
map acl inherit = Yes
use client driver = Yes
hide unreadable = Yes
strict locking = No

[printers]
comment = All Printers
path = /var/spool/samba
printer admin = joda, root
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r
browseable = No

[print$]
path = /var/lib/samba/printers
write list = "@Domain Admin"
guest ok = Yes

[homes]
comment = Home Directories
read only = No
create mask = 0711
directory mask = 0700
inherit permissions = Yes
map hidden = Yes
map system = Yes

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = No
guest ok = Yes
share modes = No


Hat jemand ne idee was das sein könnte?



log level = 10 bei anmeldung mit fehgeschlagenen profile load:

[2006/09/19 16:10:15, 5] auth/auth_util.c:make_user_info_map(163)
make_user_info_map: Mapping user [WYATTLINUX]\[joda] from workstation [DELPHIN]
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/09/19 16:10:15, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:set_sec_ctx(28
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/09/19 16:10:15, 5] auth/auth_util.c:debug_nt_user_token(433)
NT user token: (NULL)
[2006/09/19 16:10:15, 5] auth/auth_util.c:debug_unix_user_token(454)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/19 16:10:15, 5] auth/auth_util.c:is_trusted_domain(1665)
is_trusted_domain: Checking for domain trust with [WYATTLINUX]
[2006/09/19 16:10:15, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(337)
secrets_fetch failed!
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/19 16:10:15, 10] lib/gencache.c:gencache_get(294)
Cache entry with key = TDOM/WYATTLINUX couldn't be found
[2006/09/19 16:10:15, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain WYATTLINUX found.
[2006/09/19 16:10:15, 5] auth/auth_util.c:make_user_info(69)
attempting to make a user_info for joda (joda)
[2006/09/19 16:10:15, 5] auth/auth_util.c:make_user_info(79)
making strings for joda's user_info struct
[2006/09/19 16:10:15, 5] auth/auth_util.c:make_user_info(121)
making blobs for joda's user_info struct
[2006/09/19 16:10:15, 10] auth/auth_util.c:make_user_info(139)
made an encrypted user_info for joda (joda)
[2006/09/19 16:10:15, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user [WYATTLINUX]\[joda]@[DELPHIN] with the new password interface
[2006/09/19 16:10:15, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [WYATTLINUX]\[joda]@[DELPHIN]
[2006/09/19 16:10:15, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
[2006/09/19 16:10:15, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2006/09/19 16:10:15, 5] lib/util.c:dump_data(205
[000] 2E 5F BF 8C 17 62 8B 50 ._...b.P
[2006/09/19 16:10:15, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: guest had nothing to say
[2006/09/19 16:10:15, 8] lib/util.c:is_myname(1879)
is_myname("WYATTLINUX") returns 0
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/09/19 16:10:15, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:set_sec_ctx(28
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/09/19 16:10:15, 5] auth/auth_util.c:debug_nt_user_token(433)
NT user token: (NULL)
[2006/09/19 16:10:15, 5] auth/auth_util.c:debug_unix_user_token(454)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/19 16:10:15, 5] lib/smbldap.c:smbldap_search_ext(1080)
smbldap_search_ext: base => [dc=wte,dc=de], filter => [(&(uid=joda)(objectclass=sambaSamAccount))], scope => [2]
[2006/09/19 16:10:15, 5] lib/smbldap.c:smbldap_close(989)
The connection to the LDAP server was closed
[2006/09/19 16:10:15, 10] lib/smbldap.c:smb_ldap_setup_conn(566)
smb_ldap_setup_connection: ldap://127.0.0.1
[2006/09/19 16:10:15, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_connect_system(862)
ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=ldapadmin,dc=wte,dc=de"
[2006/09/19 16:10:15, 3] lib/smbldap.c:smbldap_connect_system(905)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2006/09/19 16:10:15, 4] lib/smbldap.c:smbldap_open(969)
The LDAP server is succesfully connected
[2006/09/19 16:10:15, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: joda
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_username(617)
pdb_set_username: setting username joda, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_domain(644)
pdb_set_domain: setting domain WYATTLINUX, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671)
pdb_set_nt_username: setting nt username joda, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557)
pdb_set_user_sid_from_string: setting user sid S-1-5-21-3367167136-1670667878-4152942068-3000
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544)
pdb_set_user_sid: setting user sid S-1-5-21-3367167136-1670667878-4152942068-3000
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592)
pdb_set_group_sid_from_string: setting group sid S-1-5-21-3367167136-1670667878-4152942068-513
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580)
pdb_set_group_sid: setting group sid S-1-5-21-3367167136-1670667878-4152942068-513
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_fullname(69
pdb_set_full_name: setting full name Sven Höhn, was
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>]
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779)
pdb_set_dir_drive: setting dir drive Z:, was NULL
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>]
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_homedir(806)
pdb_set_homedir: setting home dir \\linuxserver\joda, was
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>]
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725)
pdb_set_logon_script: setting logon script logon.cmd, was
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>]
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752)
pdb_set_profile_path: setting profile path \\linuxserver\joda\profile, was
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [description] = [<does not exist>]
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>]
[2006/09/19 16:10:15, 10] lib/account_pol.c:account_policy_get(332)
account_policy_get: name: password history, val: 5
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>]
[2006/09/19 16:10:15, 10] lib/smbldap.c:smbldap_get_single_attribute(297)
smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>]
[2006/09/19 16:10:15, 7] passdb/login_cache.c:login_cache_read(83)
Looking up login cache for user joda
[2006/09/19 16:10:15, 7] passdb/login_cache.c:login_cache_read(97)
No cache entry found
[2006/09/19 16:10:15, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1004)
No cache entry, bad count = 0, bad time = 0
[2006/09/19 16:10:15, 10] lib/account_pol.c:account_policy_get(332)
account_policy_get: name: password history, val: 5
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_username(617)
pdb_set_username: setting username joda, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_domain(644)
pdb_set_domain: setting domain WYATTLINUX, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671)
pdb_set_nt_username: setting nt username joda, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_fullname(69
pdb_set_full_name: setting full name Sven Höhn, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_homedir(806)
pdb_set_homedir: setting home dir \\linuxserver\joda, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779)
pdb_set_dir_drive: setting dir drive Z:, was NULL
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725)
pdb_set_logon_script: setting logon script logon.cmd, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752)
pdb_set_profile_path: setting profile path \\linuxserver\joda\profile, was
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_workstations(885)
pdb_set_workstations: setting workstations , was
[2006/09/19 16:10:15, 10] lib/account_pol.c:account_policy_get(332)
account_policy_get: name: password history, val: 5
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544)
pdb_set_user_sid: setting user sid S-1-5-21-3367167136-1670667878-4152942068-3000
[2006/09/19 16:10:15, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-3367167136-1670667878-4152942068-3000 from rid 3000
[2006/09/19 16:10:15, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580)
pdb_set_group_sid: setting group sid S-1-5-21-3367167136-1670667878-4152942068-513
[2006/09/19 16:10:15, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-3367167136-1670667878-4152942068-513 from rid 513
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/19 16:10:15, 9] passdb/passdb.c:pdb_update_autolock_flag(233
pdb_update_autolock_flag: Account joda not autolocked, no check needed
[2006/09/19 16:10:15, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2006/09/19 16:10:15, 4] auth/auth_sam.c:sam_account_ok(123)
sam_account_ok: Checking SMB password for user joda
[2006/09/19 16:10:15, 5] auth/auth_sam.c:logon_hours_ok(105)
logon_hours_ok: user joda allowed to logon at this time (Tue Sep 19 16:10:15 2006
)
[2006/09/19 16:10:15, 1] auth/auth_util.c:make_server_info_sam(876)
User joda in passdb, but getpwnam() fails!
[2006/09/19 16:10:15, 5] auth/auth_util.c:free_server_info(1511)
attempting to free (and zero) a server_info structure
[2006/09/19 16:10:15, 0] auth/auth_sam.c:check_sam_security(331)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2006/09/19 16:10:15, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [joda] FAILED with error NT_STATUS_NO_SUCH_USER
[2006/09/19 16:10:15, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [WYATTLINUX] was for this SAM.
[2006/09/19 16:10:15, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: winbind had nothing to say
[2006/09/19 16:10:15, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [joda] -> [joda] FAILED with error NT_STATUS_NO_SUCH_USER
[2006/09/19 16:10:15, 5] auth/auth_util.c:free_user_info(1485)
attempting to free (and zero) a user_info structure
[2006/09/19 16:10:15, 10] auth/auth_util.c:free_user_info(148
structure was created for joda
[2006/09/19 16:10:15, 5] lib/util.c:show_msg(454)
[2006/09/19 16:10:15, 5] lib/util.c:show_msg(464)
size=110
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=128
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=67
[2006/09/19 16:10:15, 10] lib/util.c:dump_data(205
[000] A1 07 30 05 A0 03 0A 01 02 55 00 6E 00 69 00 78 ..0..... .U.n.i.x
[010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3
[020] 00 2E 00 30 00 2E 00 32 00 32 00 00 00 57 00 59 ...0...2 .2...W.Y
[030] 00 41 00 54 00 54 00 4C 00 49 00 4E 00 55 00 58 .A.T.T.L .I.N.U.X
[040] 00 00 00 ...
[2006/09/19 16:10:15, 10] smbd/process.c:setup_select_timeout(1372)
change_notify_timeout: -1
[2006/09/19 16:10:15, 10] smbd/process.c:run_events(299)
run_events: No events
[2006/09/19 16:10:15, 10] lib/util_sock.c:read_data(520)
read_data: read of 4 returned 0. Error = Success
[2006/09/19 16:10:15, 10] lib/util_sock.c:receive_smb_raw(669)
receive_smb_raw: length < 0!
[2006/09/19 16:10:15, 3] smbd/process.c:timeout_processing(1447)
timeout_processing: End of file from client (client has disconnected).
[2006/09/19 16:10:15, 5] lib/gencache.c:gencache_shutdown(89)
Closing cache file
[2006/09/19 16:10:15, 5] libsmb/namecache.c:namecache_shutdown(79)
namecache_shutdown: netbios namecache closed successfully.
[2006/09/19 16:10:15, 3] smbd/sec_ctx.c:set_sec_ctx(28
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/19 16:10:15, 5] auth/auth_util.c:debug_nt_user_token(433)
NT user token: (NULL)
[2006/09/19 16:10:15, 5] auth/auth_util.c:debug_unix_user_token(454)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/19 16:10:15, 5] smbd/uid.c:change_to_root_user(324)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/09/19 16:10:15, 2] smbd/server.c:exit_server(614)
Closing connections
[2006/09/19 16:10:15, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2006/09/19 16:10:15, 3] smbd/server.c:exit_server(655)
Server exit (normal exit)

 

[theton]

Dein Samba benutzt ja als passdb-Backend LDAP, also ist es erstmal egal, ob die User als Systemuser existieren. Kannst du denn mit einem LDAP-Clienten die Daten vom LDAP-Server abfragen?

 

[jingojango]

Klar slapcat und ldapsearch funktionieren problemlos:
# search result
search: 2
result: 0 Success

# numResponses: 64
# numEntries: 63

ich hatte oder habe allerdings ein problem mit meinem radius server der auch die ldap datenbank benutzt. Dort konnte sich ein user 1-3 mal hintereinander anmelden doch spätestens beim 4ten mal hat es nicht mehr funktioniert. Doch weiss ich nicht ob es an dem radius server liegt oder an openldap.
Vielleicht liegt es auch an dem anderen Problem was ich auf dem Rechner habe: http://forums.gentoo.org/viewtopic-t-499750.html ?

 

[AndreasMeyer]

Kontrolliere mit pdbedit -u -L joda, ob Samba alle Einstellungen korrekt vom LDAP einliest.
http://wiki.bsdforen.de/index.php/FreeBSD_-_Samba_PDC#Pdbedit