[Samba] difficulty setting up Samba PDC.. please help... out
of ideas
J
jae at platinumpsi.com
Thu Dec 20 21:58:55 GMT 2007
Incidentally, this is being written (at log level 2), when I attempt to
log bryan in:
[2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [bryan] -> [bryan] ->
[bryan] succeeded
If authentication is succeeding, why am I getting the message that the
user doesn't exist in Windows?
J wrote:
> I am trying to test a Samba PDC on our network that currently shares
> files as a workgroup (with a different name, of course). Microsoft
> states that this can be done, with no issues (so long as the workgroup
> and the domain have different names). The permanent home for the
> shares is on //receptionist. ( The temporary home for the Samba PDC
> is on //haze. ) Once the PDC has been set up successfully and tested,
> //receptionist will be switched to work as the PDC, and not a file
> share. The Windows client I'm testing on is a virtual machine,
> "virtualx-ray", on the network.
>
> Please, does anyone have any ideas??:
>
> I have successfully joined the domain, and I can log into the domain
> with the first user I set up on //haze. (jae) jae is able to log in,
> successfully loads the custom profile (changing the network
> neighborhood to use a customized list of network resources), but does
> not currently update the profile. (one thing at a time) bryan, on
> the other hand, gets the following messages (and does not log in):
>
>> Windows cannot locate the server copy of your roaming profile and is
>> attempting to log you on with your local profile. Changes to the
>> profile will not be copied to the server when you logoff. Possible
>> causes of this error include network problems or insufficient
>> security rights. If this problem persists, contact your network
>> administrator.
>>
>> DETAIL - Logon failure: unknown user name or bad password.
> bryan is a valid user name (see the passwd file settings below) , and
> I'm using the correct password. I have restarted both Samba servers
> every time I made a change in the smb.conf files. There is nothing in
> the logs (on //haze) that another user is trying to log on, other than
> jae.
>> Windows cannot log you on because your profile cannot be loaded.
>> Check that you are connected to the network, or that your network is
>> functioning correctly. If this problem persists, contact your network
>> administrator.
>>
>>
>> DETAIL - The system cannot find the path specified.
> bryan does NOT exist as a local account on the Windows client. "Jae"
> did exist, at one time on the Windows client. ( The login name was
> later changed to "jnorm". Logging in as "Jae" with the valid
> password on the local client does not work, as it shouldn't. )
>
>
> I have tinkered with the settings for weeks now, so they are more
> "open" than they started out.
> Here are the (appropriate) settings:
>
> (//receptionist):
>
> [receptionist 133] server.files > smbclient --version
> Version 3.0.23c-2.el5.2.0.2
>
> [ls -l]:
>
> /home/win-profiles:
> drwxr-xr-x 22 root root 4096 Dec 8 11:37 home
> drwxrwxrwx 4 jae users 4096 Dec 17 13:18
> win-profiles
>
> /misc2/shares/netlogon:
> drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares
> dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon
>
> [/etc/passwd]:
>
> jae:x:500:500:J:/home/jae:/bin/bash
> bryan:x:501:501::/home/bryan:/bin/bash
>
> [/etc/group]:
>
> users:x:100:bryan,jae
> jae:x:500:
> bryan:x:501:
> ntadmins:x:550:
>
> [/etc/samba/smb.conf]:
>
> [global]
> workgroup = platinum
> server string = Receptionist
> security = user
> hosts allow = 192.168.1. 192.168.0. 127.
> ; load printers = yes
> ; printing = cups
> cups options = raw
> log level = 2
> log file = /var/log/samba/%m.log
> max log size = 50
> interfaces = lo eth0
> os level = 33
> ;preferred master = yes
> wins support = yes
> dns proxy = no
> username map = /etc/samba/smbusers
> veto files = /lost+found
> encrypt passwords = yes
> ; guest ok = no
> ; guest account = nobody
> [homes]
> comment = Home Directories
> browseable = no
> writeable = yes
> [netlogon]
> comment = Network Logon Service
> path = /misc2/shares/netlogon
> guest ok = yes
> browseable = No
> [network-resources]
> path = /misc2/shares/network-resources
> guest ok = no
> browseable = yes
> writeable = yes
> writelist = jae
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> printable = yes
> guest ok = yes
> [win-profiles]
> path = /home/win-profiles
> browseable = yes
> writeable = yes
> # create mask = 0666
> # directory mask = 0777
> csc policy = disable
> [SharePPSI]
> path = /misc2/shares/share.ppsi
> writeable = yes
> force create mode = 0660
> force directory mode = 2771
>
> # More directory shares, omitted for sake of brevity;
> # No shares directly off of /home, except for win-profiles.
>
> (//haze):
>
> [jae at haze server.files]$ smbclient --version
> Version 3.0.24-11.fc6
>
> [ls -l]:
>
> /home/shares/: ( This is an NFS to //receptionist )
> dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon
> drwxrws--- 3 jae ppsi-employees 4096 Dec 10 12:25 network-resources
>
> [/etc/passwd]:
>
> jae:x:500:500:J:/home/jae:/bin/bash
> virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false
> bryan:x:501:501:bryan:/home/bryan:/bin/bash
>
> [/etc/group]:
>
> users:x:100:jae,games,bryan
> jae:x:500:
> machines:x:526:
> ntadmins:x:550:jae
> bryan:x:501:
>
> [/etc/samba/smb.conf]:
>
> [global]
> workgroup = ppsi-austin
> netbios name = fdesk
> server string = Front Desk
> security = user
> cups options = raw
> ; guest account = pcguest
> log file = /var/log/samba/%m.log
> max log size = 50
> ; password server = <NT-Server-Name>
> ; realm = MY_REALM
> ; passdb backend = tdbsam
> ; include = /usr/local/samba/lib/smb.conf.%m
> ; interfaces = lo eth0
> local master = yes
> os level = 99
> domain master = yes
> preferred master = yes
> domain logons = yes
> encrypt passwords = yes
> ; logon script = %m.bat
> ; logon script = %U.bat
> logon path = //receptionist/win-profiles/%U
> wins support = yes
> ; wins server = w.x.y.z
> ; wins proxy = yes
> dns proxy = no
> username map = /etc/samba/smbusers
>
> add user script = /usr/sbin/useradd %u
> add group script = /usr/sbin/groupadd %g
> add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
> /dev/null -s /bin/false %u
> ; delete user script = /usr/sbin/userdel %u
> ; delete user from group script = /usr/sbin/deluser %u %g
> ; delete group script = /usr/sbin/groupdel %g
>
>
> [homes]
> comment = Home Directories
> browseable = no
> writeable = yes
>
> [netlogon]
> ; path = /usr/local/samba/lib/netlogon
> path = /home/shares/netlogon
> guest ok = yes
> ; writeable = no
> share modes = no
> csc policy = disabled
>
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> browseable = no
> ; guest ok = no
> ; writeable = no
> printable = yes
>
>
> [net groupmap list (SIDs blocked out) ]:
> Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users
> Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody
> PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees
> Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins
>
>
> .. I can't think of anything else that could be involved. There is no
> LDAP in place here. Let me know if any other settings / information
> is needed.
>
> Thanks!!
>
> --J.
More information about the samba
mailing list