here we go, tstudent is a working user - yo.dog is a non working user. I am not seeing any difference between the two.
SAMBA1:/etc/samba # net rpc user info tstudent -U administrator Enter administrator's password: None Default Staff User Group SAMBA1:/etc/samba # net rpc user info yo.dog -U administrator Enter administrator's password: None Default Staff User Group SAMBA1:/etc/samba # groups tstudent tstudent : All_Staff SAMBA1:/etc/samba # groups yo.dog yo.dog : All_Staff StartTLS issued: using a TLS connection smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server init_sam_from_ldap: Entry found for user: tstudent init_group_from_ldap: Entry found for group: 10000 init_group_from_ldap: Entry found for group: 10000 Primary group S-1-5-21-1545272169-3882205488-3325164475-21001 for user tstudent is a User and not a domain group Forcing Primary Group to 'Domain Users' for tstudent Unix username: tstudent NT username: tstudent Account Flags: [UX ] User SID: S-1-5-21-1545272169-3882205488-3325164475-21002 Primary Group SID: S-1-5-21-1545272169-3882205488-3325164475-513 Full Name: test Student Home Directory: \\SAMBA1\tstudent HomeDir Drive: H: Logon Script: Profile Path: \\samba1\profiles\tstudent Domain: NEVSD Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Wed, 09 May 2012 14:32:12 EDT Password can change: Wed, 09 May 2012 14:32:12 EDT Password must change: Mon, 18 Jan 2038 22:14:07 EST Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF StartTLS issued: using a TLS connection smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server init_sam_from_ldap: Entry found for user: yo.dog init_group_from_ldap: Entry found for group: 10000 init_group_from_ldap: Entry found for group: 10000 Primary group S-1-5-21-1545272169-3882205488-3325164475-21001 for user yo.dog is a User and not a domain group Forcing Primary Group to 'Domain Users' for yo.dog Unix username: yo.dog NT username: yo.dog Account Flags: [UX ] User SID: S-1-5-21-1545272169-3882205488-3325164475-21006 Primary Group SID: S-1-5-21-1545272169-3882205488-3325164475-513 Full Name: Yo Dog Home Directory: \\SAMBA1\yo.dog HomeDir Drive: H: Logon Script: Profile Path: \\samba1\profiles\yo.dog Domain: NEVSD Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: Mon, 31 Dec 2029 19:00:00 EST Password last set: Mon, 04 Jun 2012 14:34:26 EDT Password can change: Mon, 04 Jun 2012 14:34:26 EDT Password must change: Mon, 18 Jan 2038 22:14:07 EST Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF On Mon, Jun 4, 2012 at 8:47 PM, Gaiseric Vandal <[email protected]>wrote: > Maybe the group membership or primary group is getting messed up for the > new > users? > > Can you compare the unix, ldap and windows group properties for a new and > an > older user > > #pbdedit -Lv username > > # net rpc user info username -U administrator > > # groups username > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Shawn Dakin > Sent: Monday, June 04, 2012 3:07 PM > To: [email protected] > Subject: [Samba] group policy client service failed the logon > > I am in the process of implementing a new SAMBA install Version > 3.6.3-34.12.1-2797-SUSE-SL12.1-x86_64 on OpenSuse 12.1 I am using LDAP as > my > backend and LAM to manage my LDAP accounts. Thing were going well until > recently. Suddenly any newly created user can not logon (win7). Any > accounts > that I created prior to last week can still logon to the workstation. > > The only changes I recall making involve add machine script. I moved from > using useradd to using smbldap-useradd so machine accounts would only be > created in LDAP and not locally. Also, in yast, I changed the LDAP client > Naming Context from ou=users,dc=nctschools,dc=org to > dc=nctschools,dc=org to allow the local LDAP client to find machine > accounts, as they are not created in the user context. > > However, I don't believe any of these changes could be causing the "group > policy client service failed the logon. Access denied" error I am > receiving. > I could be wrong though. Any help would be GREAT. > Thanks > > Here is my smb.conf > > [global] > workgroup = NEVSD > map to guest = Bad User > passdb backend = ldapsam:ldap://SAMBA1.nctschools.org > log level = 3 > log file = /var/log/samba/log.%m > printcap name = cups > add machine script = /usr/sbin/smbldap-useradd -t 1 -w -c Machine > -d /var/lib/nobody -s /bin/false %m$ > logon path = \\%L\profiles\%U > logon drive = P: > logon home = \\%L\%U\.9xprofile > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap admin dn = cn=Administrator,dc=nctschools,dc=org > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Machines > ldap passwd sync = yes > ldap suffix = dc=nctschools,dc=org > ldap user suffix = ou=Users > idmap config * : backend = ldap:ldap://SAMBA1.nctschools.org > cups options = raw > > [homes] > comment = Home Directories > valid users = %S, %D%w%S > read only = No > inherit acls = Yes > browseable = No > > > [profiles] > comment = Network Profiles Service > path = %H > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > > > -- > Shawn Dakin (CNE) > Director of Technology > Newcomerstown Schools > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- Shawn Dakin (CNE) Director of Technology Newcomerstown Schools 659 S. Beaver St. Newcomerstown Oh, 43832 Office 740-498-4999 Cell 740-227-0339 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
