[Samba] session setup failed: NT_STATUS_LOGON_FAILURE
Roger Wu
wu1004 at gmail.com
Thu Nov 5 10:58:08 UTC 2015
2015-11-05 16:56 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 05/11/15 03:38, Roger Wu wrote:
>
>>
>>
>>
>>
>> Now we come to the new questions, will the Unix
>> machines
>> need to
>> be part of the domain ?
>>
>>
>> What do you mean "to be part of the domain"?
>> We have unix/linux machines in each NIS domain, they are a
>> part of their domain.
>> Could you define your question more precisely?
>>
>> You mention that they are in different domains, do
>> you mean
>> domains or do you mean workgroups?
>>
>> What I mean is NIS domain. We have three different
>> domains, so
>> I plan to start up one samba server for each domain
>> separately
>> As for workgroup, we only have one workgroup for
>> windows, so
>> it won't be an issue.
>>
>> Are any machines in a windows domain already?
>>
>> No.
>>
>> Finally, if you cannot set up a new domain, do
>> your users
>> need to
>> own files on your samba server or do they just
>> need to read &
>> store files on the samba server.
>>
>> Rowland
>>
>> They just need to read & store files on the samba server.
>>
>>
>>
>> I'm try to study the above link you suggest, but I can't find samba-tool
>> for my installed packages
>> Where can I find samba-tool?
>> [root at testcad16 ~]# rpm -qa | grep samba
>> sernet-samba-4.2.5-19.el6.x86_64
>> sernet-samba-libs-4.2.5-19.el6.x86_64
>> sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64
>> sernet-samba-client-4.2.5-19.el6.x86_64
>> sernet-samba-common-4.2.5-19.el6.x86_64
>>
>
> If you install the sernet packages, you should just be able to run
> 'samba-tool --help'
No. It's weird that I can't find where it is.
That said samba-tools should be at /usr/local/samba/bin, but I can't find
anything
[root at testcad16 samba]# ls /usr/bin/samb*
/usr/bin/samba-regedit
[root at testcad16 samba]# ls /usr/sbin/samb*
ls: cannot access /usr/sbin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/bin/samb*
ls: cannot access /usr/local/bin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/sbin/samb*
ls: cannot access /usr/local/sbin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/samba/bin/samb*
ls: cannot access /usr/local/samba/bin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/samba/sbin/samb*
ls: cannot access /usr/local/samba/sbin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/sam*
ls: cannot access /usr/local/sam*: No such file or directory
>
>
>
>> I have no experience creating a AD domain and DCs.
>>
>>
>> Everybody has to start somewhere.
>>
>>
>> OK, if you do not want to go down this path, then try this smb.conf
>>
>> [global]
>> workgroup = WORKGROUP
>> server string = ****
>> netbios name = *****
>> printcap name = /dev/null
>> load printers = no
>> disable spoolss = yes
>> printing = bsd
>> dns proxy = no
>> map to guest = Bad User
>> guest ok = yes
>>
>> This should work without adding any users to the server, anybody
>> that connects gets mapped to the guest user, but this does mean
>> that your users cannot own anything on the server and anybody will
>> be able to read or delete anything!!!
>>
>> I've tried the above smb.conf, and ya, it worked, but it's definitely not
>> what I want.
>> I'll jump to the other option you suggested, but it will takes me time to
>> learn it.
>>
>>
> You have a few options here, you could create all your users on the samba
> machine, then recreate then again as samba users, this of course means
> knowing all your users passwords and changing them on the samba machine
> when they change them on the workstations. This way the files will be owned
> by whoever creates them.
>
I've tried this option on old samba version.
I know this can work, but users have to reset their passwords, and I have
to maintain one more account system
which is not the best option for me apparently. I considered it as second
option.
Anyway, considering not so many users need this service, if setting a new
AD can't goes well,
I may go this way.
>
> You could setup a new NT4-style domain, but as these are on the way out, I
> wouldn't bother.
>
> Probably the best way to go is to setup a new AD domain, this may think
> this is hard, but once you get into it, it is fairly logical. There is a
> lot of info out there on the internet, but I would start with the Samba
> wiki:
>
>
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>
> Create your first domain in a test environment (this way it won't matter
> if you make a big error) and once you are sure it works as you want, you
> can move it to production.
>
> Any problems or questions, just ask.
Thanks for your suggestion, I'll try that.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list