let me say it really loud!!RE: can't login in mornings

Tue Jan 23 23:57:52 GMT 2001

Chris Herrmann asks: and I replied:
>
> if you don't use server authentication, but try and log into a samba box
in
> it's own right how does it go?

**you mean not have it go thru the NT pDC? or what ? please
elaborate...thanks

I mean, backup your smb.conf file, and then change password  = server to
password = user.
Add a user:

smbpasswd -a someuser

where this user already exists in unix, and give them a password.

Try connecting to yourself from the samba server:

smbclient //sambaserver/share -U username

where the aforementioned user has permission to use the share. You'll need
to check this in two places - in the shares section of smb.conf, and on the
disk : ls -la will tell you who can do what.

If you can connect, then you've just done most of what isn't working for you
elsewhere, from the machine.

You should probably also try this before changing smb.conf to see what kind
of errors you get, but using a username from the domain.

>
> A couple of things that have made logins slow/problematic for us in the
> past:

**here I have answered these questions:
>
> - Novell / IPX

** we are using novell netware on the wire too...!!!

I know. That's why I mentioned it. Unfortunately my solution was to get rid
of Novell.

> - Default protocol order - you don't want a client to try and find the
samba
> server first by ipx and then by ip, as it will time out before the server
> responds

** default protocol order, in what ? the samba server? or the win9x
boxes? we do not use NT workstation here at this company....

In Windows 9x/NT you can set a protocol to be the default protocol. Open up
TCP/IP and tell it to be the default protocol.

> - Does the samba server announce itself?

** remote announce? yes it does, in this way: remote announce =
192.168.0.255/discflo

what is discflo? I'm not sure if you can use an acl for this. The IP address
looks right though. We don't use it because it's the only smb server, but
our relevant section looks like:

;   remote browse sync = 192.168.3.25 192.168.5.255
;   remote announce = 192.168.1.255 192.168.2.44
  local master = yes
  os level = 33
  domain master = yes
  preferred master = yes
  domain logons = yes
  domain admin group = ntdomadm
  logon script = login.bat

Note that we're a PDC here - you don't want to copy our PDC settings into
the smb.conf file that is trying to talk to the NT PDC - they'll have a
fight with each other.

A couple of other thoughts - Have you added the samba machine to the
domain - there's a process you have to go through to actually add the samba
server to the domain. Not sure where the doco is for it though...

> - Can you do a reverse lookup on clients - samba tries to do this, and if
it
> doesn't find the name fast enough the client will miss the response.

** I am a little insure what you mean by a reverse lookup, there are
something I am still learning the terms to... I can ping by netbios name
though....

When you ping a netbios name, what returns? Ideally you should get either an
IP, or a fully qualified address. If not, samba may be telling workstations
to go away because it can't verify who they are. There have been several
posts earlier today on ways to get around this - browse through them for
ideas.

 You'll
> see lots of broken pipe/connection messages in machine.log

** have looked for machine.log, can't find it. looking for samba
logs.....

where machine name == name_of_computer

should be in /var/log/samba

and will either be:

log.machinename

or

machinename.log

The samba log is:

/var/log/samba/smb.log

or possibly

log.smb

and well as nmb.log in the same place.