ziech
(usa Ubuntu)
Enviado em 30/08/2011 - 08:35h
Bom dia pessoal,
tenho um servidor com CentOS 6, samba 3.5.4, openldap 2.4.19, smbldap-tools 0.9.6. Até pouco tempo estava tudo funcionando bem até que começou a dar erro no memento de ingressar máquinas com WinXP no domínio, o engraçado é que na primeira vez que tento ingressar a máquina da erro no windows (O caminho da rede não pode ser encontrado) e nos logs do samba:
[2011/08/29 17:01:00.159519, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2011/08/29 17:01:00.162504, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2011/08/29 17:01:00.162750, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2011/08/29 17:01:00.164643, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: ulisses.ziech
[2011/08/29 17:01:00.167183, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 501
[2011/08/29 17:01:00.168097, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 501
[2011/08/29 17:01:00.170122, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 512
[2011/08/29 17:01:00.170213, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [ulisses.ziech] -> [ulisses.ziech] -> [ulisses.ziech] succeeded
[2011/08/29 17:01:00.174248, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: root
[2011/08/29 17:01:00.175559, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 513
[2011/08/29 17:01:00.176482, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: root
[2011/08/29 17:01:00.177491, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: ulisses.ziech
[2011/08/29 17:01:00.178296, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 501
[2011/08/29 17:01:00.682867, 0] rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate: no challenge sent to client TESTEVIRTUAL1
mas se tento uma segunda vez sem reiniciar a máquina windows, consigo ingressar no domínio sem problema. Já procurei o que pode significar a última linha do log de erro: "no challenge sent to client", mas não consegui achar nada de interessante a respeito.
O smb.conf do servidor é o seguinte:
[global]
workgroup = DOMINIO
netbios name = servidor
server string = PDC-SRV
security = user
passdb backend = ldapsam:ldap://localhost:389
encrypt passwords = yes
client lanman auth = no
ldap passwd sync = yes
name resolve order = wins lmhosts hosts bcast
wins support = yes
admin users = ulisses.ziech
invalid users = root
enable privileges = yes
ldap admin dn = cn=administrador,dc=inmet,dc=gov,dc=br
ldap suffix = dc=inmet,dc=gov,dc=br
ldap ssl = no
ldap user suffix = ou=usuarios
ldap group suffix = ou=grupos
ldap machine suffix = ou=maquinas
ldap idmap suffix = ou=idmap
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
log level = 2 passdb:2 auth:2
log file = /var/log/samba/log.%m
max log size = 1024
syslog = 0
time server = yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = no
os level = 255
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
idmap uid = 10000-15000
idmap gid = 10000-15000
template shell = /sbin/nologin
username map = /etc/samba/smbusers
#Desabilita a funcao de perfil movel
logon path =
#####################
##Compartilhamentos ##
#####################
[homes]
path = /profiles/%u
comment = Direto Home
valid users = %S
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
force user = %U
hosts allow = 192.168.
O SELinux está configurado para funcionar com o SAMBA, inclusive estava funcionando com ele habilitado, em todo caso já tentei desabilitar o SELinux e o IPtables e continuou a mesma coisa.
Idéias ou sugestões? Obrigado