Try to set "obey pam restrictions = No" and see if it solves your problem. In most cases, it's not required to use PAM for authenticating domain clients.
2008/7/16 Achim Frank <[EMAIL PROTECTED]>: > Hi List, > > since the upgrade of a LDAP based PDC/BDC system to PDC/BDC and fileserver > we > have problems with users sporadic loolsing their homedirs. > These events are unreproducible and only sporadic. Only the homedir not any > of > the other shares mounted from the fileserver are subject to this connection > breakoff. The logs seem to suggest the username has been "forgotten" by the > fileserver as the user wants to access this private share. > > Attached find a portion of the logs from fileserver at the event of loosing > a > homedir (loglevel 3): > > [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(221) > check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] > with the new password interface > [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(224) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(270) > check_ntlm_password: guest authentication for user [] succeeded > > In the morning everything works ok like this: > > [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(221) > check_ntlm_password: Checking password for unmapped user > [EMAIL PROTECTED] with the new password interface > [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(224) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(270) > check_ntlm_password: winbind authentication for user [myself] succeeded > [2008/07/15 08:09:44, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [myself] -> [myself] -> > [myself] succeeded > > > Versions of Samba: > The systems are running Debian Etch. PDC/BDC on Backports kernel > 2.6.24-1-686, > fileserver on stock Etch Kernel. Samba is installed as Sernet Etch Packages > (http://ftp.sernet.de/pub/samba/debian/ sernet-samba_3.0.28-21_i386.deb > sernet-samba-common_3.0.28-21_i386.deb sernet-samba-doc_3.0.28-21_all.deb > sernet-smbclient_3.0.28-21_i386.deb). We also tried sernet-samba versions > 3.0.30-22 and 3.2.0-22 but to no avail. > > Samba configuration: > > PDC/BDC: > [global] > ... > map to guest = Bad User > obey pam restrictions = Yes > template homedir = /home/%U > veto files = /lost+found/users/ > ... > only shares [profiles] and [netlogon] > > fileserver: > [global] > ... > security = domain > map to guest = Bad User > obey pam restrictions = Yes > template homedir = /home/%U > veto files = /lost+found/users/ > > [homes] > comment = Heimatverzeichnis > read only = No > create mask = 0700 > browseable = No > > > Has anybody a clue why this could happen? Are there "magic" switches to be > set > with smb.conf on PDC/BDC if homedirs are not present on the authenticating > servers or anything else we migght have overlooked? > > Any recommendation on how to track down this misbehaving? > > Thanks for your answers, > --achim > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
