Status of our 1.9.19-prealpha Installation

Andrew Perrin - Demography aperrin at demog.Berkeley.EDU
Thu Apr 23 20:15:14 GMT 1998 

Many thanks to everyone who's responded to the issues I posted over the
past few days.  We've made quite a bit of progress today; current status
follows.

Environment:
Server: Solaris 2.6 (Sparc), NIS, Samba 1.9.19-prealpha, BOSERUP
Clients: NT 4.0, SP3

We can currently log into our domain ("SANDBOX") from an NT client
("KITAGAWA") and authenticate user and password.  It appears that, at the
moment, the server's netbios and DNS names must be the same.

We cannot access shares on BOSERUP (the domain server); it seems to
authenticate domain logins and browse requests fine, but rejects share
requests with "invalid username/password for <sharename>".  However,
shares with guest ok = yes seem to work fine, reverting to the guest
privilege.  This includes [netlogon]; it works if (and only if) guest ok
is set to yes.  Also, time service returns "access denied."

HOWEVER... if we start Samba-1.9.18p4 on another machine (BLAKE), put it
in the SANDBOX workgroup, and set BOSERUP's smb.conf to look there for
home and profile directories, we get full service: profiles, automatic
home directories, etc.

So, remaining issues we have run into:
1.) It appears that the netbios and DNS names must be the same for domain
control;
2.) ../samba/bin/smbpasswd still is unable to manipulate the smbpasswd
file except on the first try; all subsequent tries return Error 0.
However, using it with the -r option (smbpasswd -r boserup <username>)
allows changing it fine; just can't add.
3.) We are unable to access shares on the domain controller except as
nobody.
4.) Minor issue: the Makefile seems to have created permissions to
restrictive on ../samba/var/locks/browse.dat; had to open them up a bit to
allow browsing.

Again, many thanks -- this is looking really good.

smb.conf from the domain controller side follows:
#@boserup:/usr/LOCAL/samba/lib>cat smb.conf 
[global]
        workgroup = SANDBOX
        smbrun = /usr/LOCAL/samba/bin/smbrun
        lock dir = /usr/LOCAL/samba/var/locks
        debug level = 10
        log file = /var/log/samba.%m.log
        wins support = no
        wins server = 128.32.163.196
        os level = 100
        domain master = yes
        time server = true
        unix realname = yes
        preferred master = yes
        load printers = no
        hide dot files = no
        revalidate = yes
        default service = homes
        encrypt passwords = yes
        domain logons = yes
        domain sid =  S-1-5-21-123-456-789
        security = user
; The following deal with roaming profiles. Currently configured to send
;   them to utility\username as drive Z:.
        logon drive = z:
        logon home = \\blake\%U
        logon path = \\blake\%U\.ntprofile
        logon script = init.bat

[homes]
        guest ok = no
        read only = no
        browseable = yes
        wide links = yes
        printable = no
        create mask = 0775
        Comment = Home Directory (%U)

[test]
        guest ok = yes
        read only = no
        browseable = yes
        wide links = yes
        printable = no
        path = /usr/LOCAL/samba-test
        Comment = Sandbox Test Share

[netlogon]
        path = /usr/LOCAL/netlogon
        writeable = no
        guest ok = yes
 
---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography    -    University of California at Berkeley
2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199

More information about the samba-ntdom mailing list