Status of our 1.9.19-prealpha Installation
Andrew Perrin - Demography
aperrin at demog.Berkeley.EDU
Thu Apr 23 20:15:14 GMT 1998
Many thanks to everyone who's responded to the issues I posted over the
past few days. We've made quite a bit of progress today; current status
follows.
Environment:
Server: Solaris 2.6 (Sparc), NIS, Samba 1.9.19-prealpha, BOSERUP
Clients: NT 4.0, SP3
We can currently log into our domain ("SANDBOX") from an NT client
("KITAGAWA") and authenticate user and password. It appears that, at the
moment, the server's netbios and DNS names must be the same.
We cannot access shares on BOSERUP (the domain server); it seems to
authenticate domain logins and browse requests fine, but rejects share
requests with "invalid username/password for <sharename>". However,
shares with guest ok = yes seem to work fine, reverting to the guest
privilege. This includes [netlogon]; it works if (and only if) guest ok
is set to yes. Also, time service returns "access denied."
HOWEVER... if we start Samba-1.9.18p4 on another machine (BLAKE), put it
in the SANDBOX workgroup, and set BOSERUP's smb.conf to look there for
home and profile directories, we get full service: profiles, automatic
home directories, etc.
So, remaining issues we have run into:
1.) It appears that the netbios and DNS names must be the same for domain
control;
2.) ../samba/bin/smbpasswd still is unable to manipulate the smbpasswd
file except on the first try; all subsequent tries return Error 0.
However, using it with the -r option (smbpasswd -r boserup <username>)
allows changing it fine; just can't add.
3.) We are unable to access shares on the domain controller except as
nobody.
4.) Minor issue: the Makefile seems to have created permissions to
restrictive on ../samba/var/locks/browse.dat; had to open them up a bit to
allow browsing.
Again, many thanks -- this is looking really good.
smb.conf from the domain controller side follows:
#@boserup:/usr/LOCAL/samba/lib>cat smb.conf
[global]
workgroup = SANDBOX
smbrun = /usr/LOCAL/samba/bin/smbrun
lock dir = /usr/LOCAL/samba/var/locks
debug level = 10
log file = /var/log/samba.%m.log
wins support = no
wins server = 128.32.163.196
os level = 100
domain master = yes
time server = true
unix realname = yes
preferred master = yes
load printers = no
hide dot files = no
revalidate = yes
default service = homes
encrypt passwords = yes
domain logons = yes
domain sid = S-1-5-21-123-456-789
security = user
; The following deal with roaming profiles. Currently configured to send
; them to utility\username as drive Z:.
logon drive = z:
logon home = \\blake\%U
logon path = \\blake\%U\.ntprofile
logon script = init.bat
[homes]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
create mask = 0775
Comment = Home Directory (%U)
[test]
guest ok = yes
read only = no
browseable = yes
wide links = yes
printable = no
path = /usr/LOCAL/samba-test
Comment = Sandbox Test Share
[netlogon]
path = /usr/LOCAL/netlogon
writeable = no
guest ok = yes
---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography - University of California at Berkeley
2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199
More information about the samba-ntdom
mailing list