« previous next »
Pages: [1]

Author Topic: 2.2-2 Userlogin from Win Machines  (Read 2384 times)

grizzlybear

  • Zen Apprentice
  • *
  • Posts: 41
  • Karma: +1/-0
  • Live long and prosper!
    • View Profile
2.2-2 Userlogin from Win Machines
« on: July 22, 2012, 08:38:38 am »
I have installed a 2.2-2 Version with domain controller (for later use). Right now we want to start slow with zentyal server with workgroup cappabilities - its our first live customer project.
We created groups and folders, as well as 10 users with passwords and quotas at the customer site.

User Template
Default user quota = 10000MB
While saving the user we get an error message that the quota can not be saved. Changing the value back to 100MB does not help.
Modifying the very same user shows the saved quota of 10000MB.

Using Win7 or WinXP machines to connect to zentyal server with workgroup not domain by a mounting script results in an error message. The network login has failed. Please check your password.
Changing the passwords - same error.
getent passwd shows perfect entries
getent groups shows the users in the necessary groups
Deletion of an user and recreating with the same credentials - same error.
Using smbldap tools to put 1 user into Domain Users - same error

The logfiles show no entries for this user.

Using the user space on port 8888 allows the user to login.

The first created user however connects to the server and has rights on the relevant folders. It works fine and comparison to the others showed no obvious difference.

Out of desparation I used "smbpasswd -a username" and set the password again on all 10 users. Suddenly it works fine.

With my testinstallation on a lokal virtualBax machine I cannot reproduce any of this.

Suggestions?
Logged
Regards Bernhard

Mehr als die Vergangenheit interessiert mich die Zukunft denn in ihr gedenke ich zu leben.   "Albert Einstein"

christian

  • Guest
Re: 2.2-2 Userlogin from Win Machines
« Reply #1 on: July 22, 2012, 08:55:35 am »
Side effect of the Samba 3 LDAP implementation  ???
Unless other "standard" applications that are using LDAP with LDAPBINd command to authenticate users, Samba went for specific implementation based on sambaLMPassword and sambaNTPassword (i.e. additional password hashes) in order to support direct Windows authentication. For what I understand, it means that if you have an LDAP server (here Zentyal) with existing users and decide later to implement Samba, if will not work for existing users unless you manually populate these new attributes.

But I might be wrong...

Edit: notice that implementation based on Unix which relies on PAM & NSS would not exhibit same (negative) side effect but will also offer something less "Windows domain" compliant. For workgroup this is however more than enough. Unfortunately, this is not direction taken by Samba team, neither by Zentyal team.
« Last Edit: July 22, 2012, 10:14:05 am by christian »
Logged

grizzlybear

  • Zen Apprentice
  • *
  • Posts: 41
  • Karma: +1/-0
  • Live long and prosper!
    • View Profile
Re: 2.2-2 Userlogin from Win Machines
« Reply #2 on: July 22, 2012, 08:32:54 pm »
Thanks for the insight into LDAP and Samba.
To solve the prob do you think I should delete the users in the LDAP tree and create them again?
Logged
Regards Bernhard

Mehr als die Vergangenheit interessiert mich die Zukunft denn in ihr gedenke ich zu leben.   "Albert Einstein"
Pages: [1]
« previous next »