[Samba-it] samba 3.2.3: join win2k fallisce, join xp funziona

Simone iceee2k3 at gmail.com
Mon Oct 27 09:18:25 MDT 2008 

Salve,

 ho recentemente upgradato da debian-etc a debian-lenny, passando da samba
3.0.* a samba 3.2.3.

Da quando ho effettuato l'upgrade, risulta impossibile joinare
macchine win2k(sp2/sp4) al dominio(samba+ldap). Il join fallisce
lamentando "nome utente o password errate".
Mi trovo nella stessa identica situazione in cui si è imbattuto *almeno* un
altro utente:
http://www.nabble.com/Problem-on-Update-Samba-3.0.31-to-Samba-3.2.3-to19797123.html#a19797123
al quale purtroppo nessuno ha saputo rispondere, pare.
Risultano identici anche i messaggi di log da lui riportati, che
purtroppo non so
come interpretare...

Le macchine XP SP2, diversamente dalle win2k, continuano a joinarsi
tranquillamente.

Qualcuno si è già imbattuto in questa situazione? Come ne è uscito? (il
downgrade non vale :p)

Grazie in anticipo per le risposte :-)

Simone

ps.

Accodo qualche informazione sulla configurazione in uso:

Versioni pacchetti:

samba 2:3.2.3-3
samba-common 2:3.2.3-3
smbclient 2:3.2.3-3
smbldap-tools 0.9.4-1
libcrypt-smbhash-perl 0.12-2


/etc/samba/smb.conf::
---cut---
[global]
   workgroup = DOMINIO
   netbios name = srv-dominio
   server string = %h
   dns proxy = No
   bind interfaces only = Yes
   interfaces = lo, eth1
   smb ports = 139

### registra i logon via samba
   utmp = Yes
   utmp directory = /var/log/samba/utmp
   wtmp directory = /var/log/samba/wtmp

### evita l'apertura di notepad con un file desktop.ini
   hide files = /desktop.ini/ntuser.ini/NTUSER.*/

### conserva i permessi e i privilegi dei file dell'utente
   inherit acls = yes
   inherit owner = yes

   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   log level = 4

   security = user
   encrypt passwords = true
   passdb backend = ldapsam:ldap://127.0.0.1/
   obey pam restrictions = no
   deadtime = 15
   browseable = no

   wins support = Yes
   name resolve order = lmhosts host wins bcast

   local master = yes
   domain master = Yes
   preferred master = Yes
   os level = 254
   domain logons = Yes

   unix password sync = no
   enable privileges = yes
   passwd program = /usr/sbin/smbldap-passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
   socket options = TCP_NODELAY, SO_KEEPALIVE

   ldap ssl = no
   ldap passwd sync = yes
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Idmaps
   ldap group suffix = ou=Groups
   ldap user suffix = ou=People
   ldap suffix = dc=isi,dc=lan
   ldap delete dn = Yes
   ldap admin dn = cn=admin,dc=isi,dc=lan

   logon home = \\%N\%U\.\\.profili\%a
   logon drive = H:
   logon path = \\%N\%U\.profili\%a
   logon script = logon.bat

   add machine script = /usr/sbin/smbldap-useradd -w  "%m"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add user script = /usr/sbin/smbldap-useradd -m "%u"

   check password script = /usr/bin/crackcheck -s

   panic action = /usr/share/samba/panic-action %d

[homes]
   comment = ISI-homes (NON MODIFICARE QUESTA RIGA)
   browseable = no
   writable = yes
   guest ok = no
   veto files = /public_html/

[perl]
   path = /usr/share/WinActivePerl
   comment = Per Windows Binaries
   public = yes
   writable = no
   guest ok = yes
   browseable = no


[netlogon]
    comment = ISI-NetLogon (NON MODIFICARE QUESTA RIGA)
    path = /home/samba/netlogon
    guest ok = yes
    browseable = no
    create mask = 0644
    directory mask = 0755
    writable = yes
    root preexec=/usr/sbin/setlogonvar '%U' '%G' '%m'
    root postexec=/usr/sbin/rmlogonvar '%m'
---cut---



/etc/smbldap-tools/smbldap.conf:
---cut---
SID="S-1-5-21-1479175027-3375466229-471917732"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
suffix="dc=isi,dc=lan"
usersdn="ou=People,dc=isi,dc=lan"
computersdn="ou=Computers,dc=isi,dc=lan"
groupsdn="ou=Groups,dc=isi,dc=lan"
idmapdn="ou=Idmap,dc=isi,dc=lan"
sambaUnixIdPooldn="sambaDomainName=DOMINIO,dc=isi,dc=lan"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="99"
userSmbHome=""
userProfile=""
userHomeDrive=""
mailDomain="isi.lan
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
defaultComputerGid0="515"
---cut---

More information about the samba-it mailing list