[Samba] session setup failed: NT_STATUS_LOGON_FAILURE

Roger Wu wu1004 at gmail.com
Thu Nov 5 10:58:08 UTC 2015 

2015-11-05 16:56 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 05/11/15 03:38, Roger Wu wrote:
>
>>
>>
>>
>>
>>                     Now we come to the new questions, will the Unix
>>         machines
>>                 need to
>>                     be part of the domain ?
>>
>>
>>                 What do you mean "to be part of the domain"?
>>                 We have unix/linux machines in each NIS domain, they are a
>>                 part of their domain.
>>                 Could you define your question more precisely?
>>
>>                     You mention that they are in different domains, do
>>         you mean
>>                     domains or do you mean workgroups?
>>
>>                 What I mean is NIS domain. We have three different
>>         domains, so
>>                 I plan to start up one samba server for each domain
>>         separately
>>                 As for workgroup, we only have one workgroup for
>>         windows, so
>>                 it won't be an issue.
>>
>>                     Are any machines in a windows domain already?
>>
>>                 No.
>>
>>                     Finally, if you cannot set up a new domain, do
>>         your users
>>                 need to
>>                     own files on your samba server or do they just
>>         need to read &
>>                     store files on the samba server.
>>
>>                     Rowland
>>
>>                 They just need to read & store files on the samba server.
>>
>>
>>
>> I'm try to study the above link you suggest, but I can't find samba-tool
>> for my installed packages
>> Where can I find samba-tool?
>> [root at testcad16 ~]# rpm -qa | grep samba
>> sernet-samba-4.2.5-19.el6.x86_64
>> sernet-samba-libs-4.2.5-19.el6.x86_64
>> sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64
>> sernet-samba-client-4.2.5-19.el6.x86_64
>> sernet-samba-common-4.2.5-19.el6.x86_64
>>
>
> If you install the sernet packages, you should just be able to run
> 'samba-tool --help'


No. It's weird that I can't find where it is.
That said samba-tools should be at /usr/local/samba/bin, but I can't find
anything

[root at testcad16 samba]# ls /usr/bin/samb*
/usr/bin/samba-regedit
[root at testcad16 samba]# ls /usr/sbin/samb*
ls: cannot access /usr/sbin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/bin/samb*
ls: cannot access /usr/local/bin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/sbin/samb*
ls: cannot access /usr/local/sbin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/samba/bin/samb*
ls: cannot access /usr/local/samba/bin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/samba/sbin/samb*
ls: cannot access /usr/local/samba/sbin/samb*: No such file or directory
[root at testcad16 samba]# ls /usr/local/sam*
ls: cannot access /usr/local/sam*: No such file or directory

>
>
>
>>         I have no experience creating a AD domain and DCs.
>>
>>
>>     Everybody has to start somewhere.
>>
>>
>>     OK, if you do not want to go down this path, then try this smb.conf
>>
>>     [global]
>>         workgroup = WORKGROUP
>>         server string = ****
>>         netbios name = *****
>>         printcap name = /dev/null
>>         load printers = no
>>         disable spoolss = yes
>>         printing = bsd
>>         dns proxy = no
>>         map to guest = Bad User
>>         guest ok = yes
>>
>>     This should work without adding any users to the server, anybody
>>     that connects gets mapped to the guest user, but this does mean
>>     that your users cannot own anything on the server and anybody will
>>     be able to read or delete anything!!!
>>
>> I've tried the above smb.conf, and ya, it worked, but it's definitely not
>> what I want.
>> I'll jump to the other option you suggested, but it will takes me time to
>> learn it.
>>
>>
> You have a few options here, you could create all your users on the samba
> machine, then recreate then again as samba users, this of course means
> knowing all your users passwords and changing them on the samba machine
> when they change them on the workstations. This way the files will be owned
> by whoever creates them.
>

I've tried this option on old samba version.
I know this can work, but users have to reset their passwords, and I have
to maintain one more account system
which is not the best option for me apparently.  I considered it as second
option.

Anyway, considering not so many users need this service, if setting a new
AD can't goes well,
I may go this way.

>
> You could setup a new NT4-style domain, but as these are on the way out, I
> wouldn't bother.
>
> Probably the best way to go is to setup a new AD domain, this may think
> this is hard, but once you get into it, it is fairly logical. There is a
> lot of info out there on the internet, but I would start with the Samba
> wiki:
>
>
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>
> Create your first domain in a test environment (this way it won't matter
> if you make a big error) and once you are sure it works as you want, you
> can move it to production.
>
> Any problems or questions, just ask.


Thanks for your suggestion, I'll try that.

>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list