2.0.0beta4 problems

Matthew Kirkwood weejock at ferret.lmh.ox.ac.uk
Sun Dec 20 23:36:22 GMT 1998 

Hi,

I've been trying to migrate an horrible NT Small Business
Server box to Linux (RH5.2) and I thought that I'd try to
replicate the domain stuff, since it seems to be getting
rather complete (well done, BTW).

Unfortunately, I have come across several problems which
will, no doubt, prove to be related to misconfiguration
or NT problems, rather than bugs... :)

Situation:
 * Clients all NT4WS (SP4), currently quite happy with NT
   SBS as domain controller for the domain "EHR".  About
   8-9 of them.
 * Current server an intel P200 or some sort running the
   aforementioned NT SBS.
 * New server - the same box running RedHat 5.2, kernel
   2.0.36pre6 (stock RH kernel, anyway) and samba 2.0.0b4
   (made from makerpms.sh).  Tried with domain EHR2, as
   keeping the same domain name seemed to confuse the
   clients.

It has entries for all clients in both /etc/hosts and in
/etc/lmhosts (lmhosts has the M flag only on the server
name).  NetBIOS names are the same as DNS names (although
the network is on 10.0.0.x and there is no actualy DNS
for them).  DNS domain is .ehr (which obviously doesn't
exist).

Configured as a workgroup, clients can connect and read
and write files with no performance problems.  Authentication
works fine (from /etc/passwd - no shadow, no MD5).

Much of the network relies upon world-writable files and, even
with "create mode = 777" in the share definitions and "create
mask = 0" in the global section, directories were getting created
mode 755 and files mode 766.  The 766 files did not seem to be
writable by other users.

With encrypted passwords, the next problem comes.  I
create a Unix user (sally) and run:

 makesmbpasswd.sh </etc/passwd >/etc/smbpasswd

and then remove all disallowed samba users (daemon users, etc)
from the file.

I run smbpasswd sally (all as root so far) and set her
password to sally.  This seems to work, but then:

# smbclient //p75/sally -U sally
Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
Password: <sally>
session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair
in a Tree Connect or Session Setup are invalid.)

and this appears in log.<client>:
[1998/12/20 23:09:01, 0] smbd/reply.c:reply_sesssetup_and_X(771)
  NT Password did not match ! Defaulting to Lanman

Doing a similar thing for a different user, however, worked.
I don't know what's happening there.  I also verified that the
/etc/smbpasswd file was being used by setting an smbpasswd different
to the Unix password.  The smb one worked and the Unix one
didn't.

Having acquired a small set of working usernames and passwords,
I proceeded to the clients.

(Question: If NT thinks it's in a domain, how do I change that without
first logging in to a local account without network connections?)

After changing random NT settings until the clients could find
the domain server, they started to complain about the absence of
machine accounts on the server.  So far, so good.

However, adding machine accounts with smbpasswd -m didn't work so well:
# smbpasswd -m client$
User "client$" was not found in system password file.

(If real accounts are necessary, perhaps NTDOMAIN.txt could explain this?)

# adduser client$
# smbclient -m client$
New SMB password: <machine>
Retype new SMB password: <machine>
Failed to find entry for user client$.
Failed to change password entry for client$
# smbpasswd -a -m client$
Added user client$.
Password changed for user client$
# 


However, here we got stuck, since samba refused to acknowledge the
existance of the machine accounts to NT or smbclient:

# smbclient //p75/client\$ -U client\$
Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
Password:
session setup failed: code 0
# smbpasswd client\$
New SMB password: <machine>
Retype new SMB password: <machine>
Password changed for user client$
# smbclient //p75/client\$ -U client\$
Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
Password:
session setup failed: code 0
#

and at this stage I got pretty stuck.

Any help on this would be greatly appreciated - I'm sure that most of my
problems are self-caused, but I'm pretty stuck nevertheless.

I'll be more than happy to provide any more details...

Cheers,
Matthew.

Here are selected entries from /etc/passwd (please don't try to break this
machine :):
matthew:.Df3IjbUKyF7Q:500:500:Matthew Kirkwood:/home/matthew:/bin/bash
patrick:tD0ULQMzd6Hn6:501:502:Patrick Kirk:/home/patrick:/bin/bash
sally:6pa/ajBkTDaCY:502:503:Sally O'neal:/home/sally:/bin/bash
p20$:F0PRBeLD9TriE:511:511::/home/p20:/bin/bash
nila:b1v8KK106B2p.:514:514::/home/nila:/bin/bash
guest:5HNj2FBf8tbFE:515:515::/home/guest:/bin/bash

and smbpasswd (commented out things may prove useful to us later):
matthew:500:4C1FCC560AF18970AAD3B435B51404EE:15882D2CD740919C2F41D351FD3A77DD:[DU         ]:LCT-367D13D7:Matthew Kirkwood
sally:502:93FB9D0D47317806AAD3B435B51404EE:16B0A9CF926612E200AAD2B07D924059:[DU         ]:LCT-367D10AC:Sally O'neal
support:503:93E28745B8BF4BA6AAD3B435B51404EE:C3F541BAF5C46E5169E95691975D12BC:[DU         ]:LCT-367D10CB:
p20$:511:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[DU         ]:LCT-367D15E4:
patrick:501:2EF6D2E7EA769781AAD3B435B51404EE:12FA788906B2BDB667477E2A91099F37:Patrick Kirk:/home/patrick:/bin/bash
nila:514:A751691F48A80B36AAD3B435B51404EE:29AF1083076602C9D14191B1041E252F::/home/nila:/bin/bash
guest:515:A0E150C75A17008EAAD3B435B51404EE:823893ADFAD2CDA6E1A414F3EBDF58F7:[U          ]:LCT-367D54CF:

And here is smb.conf:
[global]
   workgroup = EHR2
   server string = P75 (Linux)
   hosts allow = 10.0.0.
   printcap name = /etc/printcap
   load printers = yes
;   printing = bsd
   browseable = yes
   public = yes

   log file = /var/log/samba/log.%m
   max log size = 50

   security = user
   encrypt passwords = yes
   smb passwd file = /etc/smbpasswd
   username map = /etc/smbusers

;   include = /etc/smb.conf.%m
   socket options = TCP_NODELAY 
   interfaces = 10.0.0.2/24
;   local master = no

   os level = 60
   domain master = yes 
   preferred master = yes

   domain logons = yes
;   logon script = %m.bat
;   logon script = %U.bat
;   logon path = \\%L\Profiles\%U

; name resolve order = wins lmhosts bcast

   wins support = yes
;   wins server = w.x.y.z
;   wins proxy = yes

   dns proxy = yes 

   preserve case = yes
   short preserve case = yes
;  default case = lower
;  case sensitive = no

   create mask = 0

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   writable = no
   share modes = no

[faxes]
   comment = Received Faxes
   path = /var/spool/fax/recvq
   writable = no

[system]
   comment = Application files
   path = /home/samba/system
   writable = yes
   create mode = 777

[data]
   comment = Application data
   path = /home/samba/data
   writable = yes
   create mode = 777

[m]
   comment = Milemaster
   path = /home/samba/m
   writable = yes
   create mode = 777

[archives]
   comment = Backup directory
   path = /home/samba/archives
   writable = yes
   valid users = @admin
   create mode = 777

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

More information about the samba-ntdom mailing list