security = SERVER - Problem
Nils
noldenburg at ctberlin.de
Mon Nov 5 04:43:07 GMT 2001
Hi Samba List,
Iam new to this list and want to describe my *little* Problem.
We are using in our company an Network with roundabout 200 Clients
running W2k/SP2.
Our PDC is an W2k Server with Active Directory enabled. Any User is
connected to the Active Directory fine , and holds his Profile on this
PDC. As Home Share and one Public Share we use an Linux Box with SuSE
7.3 (kernel 2.4.10, samba 2.2.1a, fs is an LVM with 175 GB reiserfs over
3 disks). As Network Interface we use an D-LINK DFE-570-TX with 4-Port
incl. the mod_sch on the Kernel , so that all 4 Interfaces using the
same IP for Load Balancing. with FTP/SSH all seems to work fine on this
virtual Interface. The Linux Box has no Connection to the Internet so we
use an private Network 172.16.128.x/20 for 4096 unique addresses. The
security off the smb is set to "security=SERVER" and the "password
server = 172.16.128.9" points to the W2k PDC. (see smb.conf below)
The Problem:
An User , who is attached to the DOMAIN on the PDC has sometimes (! not
ever! ) the following Problem:
the users logs on local on his w2k Box, and sometimes he will corect
connect to his drive H: ( Home directory) and drive Z: (public for all)
in 8 of ten connects the password server rejects the password (why ?)
and the user will connected as "nobody" to the samba server. in this
case , there will no drive H: and on Z: is only read-only access possible.
I've read all manuals and FAQ but there is no hint for this problem. is
there anybody here with the same problem and if , is there an solution
therefore ?????
The second Problem is , that in some cases the wins-Server on the PDC no
nmb lookup allows.
if i run "nmblookup arakis" (the pdc) will this correctly displayed.
the smb.conf:
[global]
workgroup = MYDOMAIN
interfaces = 172.16.128.2/20
bind interfaces only = Yes
server string = Fileserver
netbios name = BEDROCK
security = SERVER
encrypt passwords = Yes
map to guest = Bad Password
password server = 172.16.128.9
log level = 1
read raw = no
write raw = yes
max xmit = 65535
dead time = 15
getwd cache = Yes
fake oplocks = Yes
strict sync = Yes
level2 oplocks = true
name resolve order = wins bcast hosts
socket options = SO_KEEPALIVE IPTOS_LOWDELAY
IPTOS_THROUGHPUT TCP_NODELAY SO_SNDBUF=8576 SO_RCVBUF=8192
character set = ISO8859-15
add user script = /usr/bin/add_user.sh %u # create entry in
/etc/passwd, create homedir and set the rights correct
os level = 30
wins server = 172.16.128.9 # the W2k PDC
wins proxy = yes
dns proxy = yes
local master = no
prefered master = yes
domain master = no
kernel oplocks = No
nt acl support = no
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0755
browseable =No
path = /samba/homes/%U
[public]
comment = Public Drive Z:
path = /samba/public
read only = no
create mask = 0755
directory mask = 0777
guest ok = Yes
# end
bedrock -> the name of the Linux Box
arakis -> the name of the W2k PDC
/var/log/samba/log.smbd:
......
ctpc0113 (172.16.128.92) connect to service absmith as user absmith
(uid=567, gid=10011) (pid 13777)
[2001/11/05 09:51:44, 1] smbd/service.c:close_cnum(646)
ctpc0113 (172.16.128.92) closed connection to service absmith
[2001/11/05 09:51:44, 1] libsmb/cliconnect.c:cli_establish_connection(754)
failed session setup
[2001/11/05 09:51:44, 0] libsmb/clientgen.c:cli_send_smb(89)
Error writing 168 bytes to client. -1
[2001/11/05 09:51:44, 0] lib/util_sock.c:read_socket_with_timeout(300)
read_socket_with_timeout: timeout read. read error = Connection reset
by peer.
[2001/11/05 09:51:44, 1] smbd/password.c:server_validate(1236)
password server rejected the password
[2001/11/05 09:51:44, 1] smbd/password.c:pass_check_smb(554)
Couldn't find user 'jwattenbach' in smb_passwd file.
[2001/11/05 09:51:44, 1] smbd/password.c:pass_check_smb(554)
Couldn't find user 'jwattenbach' in smb_passwd file.
.....
in this time it isnt possible , to work with the network ! if i had make
some stupid errors , please help for understanding !
Thanx and Bye
Nils Oldenburg
More information about the samba
mailing list