security = SERVER - Problem

Nils noldenburg at ctberlin.de
Mon Nov 5 04:43:07 GMT 2001


Hi Samba List,
Iam new to this list and want to describe my *little* Problem.
We are using in our company an Network with roundabout 200 Clients 
running W2k/SP2.
Our PDC is an W2k Server with Active Directory enabled. Any User is 
connected to the Active Directory fine , and holds his Profile on this 
PDC. As Home Share and one Public Share we use an Linux Box with SuSE 
7.3 (kernel 2.4.10, samba 2.2.1a, fs is an LVM with 175 GB reiserfs over 
3 disks). As Network Interface we use an D-LINK DFE-570-TX with 4-Port 
incl. the mod_sch on the Kernel , so that all 4 Interfaces using the 
same IP for Load Balancing. with FTP/SSH all seems to work fine on this 
virtual Interface. The Linux Box has no Connection to the Internet so we 
use an private Network 172.16.128.x/20 for 4096  unique addresses. The 
security off the smb is set to "security=SERVER" and the "password 
server = 172.16.128.9" points to the W2k PDC. (see smb.conf below)

 The Problem:
An User , who is attached to the DOMAIN on the PDC has sometimes (! not 
ever! ) the following Problem:
the users logs on local on his w2k Box, and sometimes he will corect 
connect to his drive H: ( Home directory) and drive Z: (public for all) 
in 8 of ten connects the password server rejects the password (why ?) 
and the user will connected as "nobody" to the samba server. in this 
case , there will no drive H: and on Z: is only read-only access possible.

I've read all manuals and FAQ but there is no hint for this problem. is 
there anybody here with the same problem and if , is there an solution 
therefore ?????

The second Problem is , that in some cases the wins-Server on the PDC no 
nmb lookup allows.
if i run "nmblookup arakis" (the pdc) will this correctly  displayed.

the smb.conf:

[global]
            workgroup = MYDOMAIN
            interfaces = 172.16.128.2/20
            bind interfaces only = Yes
            server string = Fileserver
            netbios name = BEDROCK
            security = SERVER
            encrypt passwords = Yes
            map to guest = Bad Password
            password server = 172.16.128.9
            log level = 1
            read raw = no
            write raw = yes
            max xmit = 65535
            dead time = 15
            getwd cache = Yes
            fake oplocks = Yes
            strict sync = Yes
            level2 oplocks = true
            name resolve order = wins bcast hosts
            socket options = SO_KEEPALIVE IPTOS_LOWDELAY 
IPTOS_THROUGHPUT TCP_NODELAY SO_SNDBUF=8576 SO_RCVBUF=8192
            character set = ISO8859-15
            add user script = /usr/bin/add_user.sh %u # create entry in 
/etc/passwd, create homedir and set the rights correct
            os level = 30
            wins server = 172.16.128.9 # the W2k PDC
            wins proxy = yes
            dns proxy = yes
            local master = no
            prefered master = yes
            domain master = no
            kernel oplocks = No
            nt acl support = no

[homes]
            comment = Home Directories
            read only = No
            create mask = 0700
            directory mask = 0755
            browseable =No
            path = /samba/homes/%U

[public]
            comment = Public Drive Z:
            path = /samba/public
            read only = no
            create mask = 0755
            directory mask = 0777
            guest ok = Yes
# end

bedrock -> the name of the Linux Box
arakis -> the name of the W2k PDC

/var/log/samba/log.smbd:
......
ctpc0113 (172.16.128.92) connect to service absmith as user absmith 
(uid=567, gid=10011) (pid 13777)
[2001/11/05 09:51:44, 1] smbd/service.c:close_cnum(646)
  ctpc0113 (172.16.128.92) closed connection to service absmith
[2001/11/05 09:51:44, 1] libsmb/cliconnect.c:cli_establish_connection(754)
  failed session setup
[2001/11/05 09:51:44, 0] libsmb/clientgen.c:cli_send_smb(89)
  Error writing 168 bytes to client. -1
[2001/11/05 09:51:44, 0] lib/util_sock.c:read_socket_with_timeout(300)
  read_socket_with_timeout: timeout read. read error = Connection reset 
by peer.
[2001/11/05 09:51:44, 1] smbd/password.c:server_validate(1236)
  password server  rejected the password
[2001/11/05 09:51:44, 1] smbd/password.c:pass_check_smb(554)
  Couldn't find user 'jwattenbach' in smb_passwd file.
[2001/11/05 09:51:44, 1] smbd/password.c:pass_check_smb(554)
  Couldn't find user 'jwattenbach' in smb_passwd file.
.....

in this time it isnt possible , to work with the network ! if i had make 
some stupid errors , please help for understanding  !

Thanx and Bye

Nils Oldenburg





More information about the samba mailing list