NT Controller NETLOGON script hosing connects to Samba shares
Dan K. Johnson
dan.johnson at noaa.gov
Thu Oct 28 16:28:50 GMT 1999
> Subject: NT Controller NETLOGON script hosing connects to Samba shares
> Date: Fri, 29 Oct 1999 01:58:49 +1000
> From: "Dan K. Johnson" <dan.johnson at noaa.gov>
> To: Multiple recipients of list SAMBA <samba at samba.org>
>
> Hello to all,
>
> Please forgive me if I seem naiive, but I'm a unix admin and don't do
> much with NT. We have an NT network here and a number of Unix servers.
> I manage the Unix end, someone else the NT network. I offer up homedirs
> and other shares to the NT clients to make their lives easier. Until
> recently, I set my Samba servers up with security=domain and set the
> password server param to one of the NT controllers. This worked OK, but
> not terribly well, since the NT controller might authenticate a user to
> one Samba server, but not another. Each time the user logged in, he
> might get authenticated to a completely different set of Samba servers
> and prompted for a password on others and there seems to be no rhyme or
> reason to this. In addition, the lack of security in NT makes me nervous
> about allowing an NT controller to authenticate users. The Samba
> servers are all configured the same way and the usernames are the same
> for all machines. Because this was confusing the users, I changed my
> security param to users and users have to always enter their passwords
> when mounting Samba shares. This was more work for them, but it worked
> consistently.
>
> Recently, our NT admin wrote a NETLOGON script, which, among other
> things, mounts a number of NT domain shares to specific drive letters on
> the client machines. Since this was implemented, users can mount a
> Samba share during a session, but can't access the share on subsequent
> logons, even though they tell NTWS to reconnect at logon. They can
> access the share during that session, but if they log off and log back
> on again, they are never authenticated to the Samba servers. The drive
> letters show the name of the shares, but if they try to open them, the
> get an "Access Denied" error. (of course, they've never been
> authenticated to the Samba server!). They must disconnect the share and
> remount it to get access. In other words, the Reconnect at Login
> function is ignored. Now if I change my Samba servers security param
> back to domain and define a NT domain controller as the password server,
> the users are authenticated to the Samba servers as expected. Things
> also work as expected if the users log onto the local machine rather
> than the NT domain. Therefore, the culprit has to the the NETLOGON
> script.
>
> Does any one know why this could be happening and a fix for the problem,
> either from the Samba side or something that can be changed in the NT
> NETLOGON script?
>
> Thanks!
> Dan
> --
> Dan K. Johnson
> Chief, Data and Information Services
> Risk Analysis and Information Management Branch
> Center for Coastal Environmental Health and Biomolecular Research
> NOAA - National Ocean Service
> Email: Dan.Johnson at noaa.gov Voice: (843) 762-8559 FAX: (843) 762-8700
--
Dan K. Johnson
Chief, Data and Information Services
Risk Analysis and Information Management Branch
Center for Coastal Environmental Health and Biomolecular Research
NOAA - National Ocean Service
Email: Dan.Johnson at noaa.gov Voice: (843) 762-8559 FAX: (843) 762-8700
More information about the samba
mailing list