2.0.0beta4 problems
Matthew Kirkwood
weejock at ferret.lmh.ox.ac.uk
Sun Dec 20 23:36:22 GMT 1998
Hi,
I've been trying to migrate an horrible NT Small Business
Server box to Linux (RH5.2) and I thought that I'd try to
replicate the domain stuff, since it seems to be getting
rather complete (well done, BTW).
Unfortunately, I have come across several problems which
will, no doubt, prove to be related to misconfiguration
or NT problems, rather than bugs... :)
Situation:
* Clients all NT4WS (SP4), currently quite happy with NT
SBS as domain controller for the domain "EHR". About
8-9 of them.
* Current server an intel P200 or some sort running the
aforementioned NT SBS.
* New server - the same box running RedHat 5.2, kernel
2.0.36pre6 (stock RH kernel, anyway) and samba 2.0.0b4
(made from makerpms.sh). Tried with domain EHR2, as
keeping the same domain name seemed to confuse the
clients.
It has entries for all clients in both /etc/hosts and in
/etc/lmhosts (lmhosts has the M flag only on the server
name). NetBIOS names are the same as DNS names (although
the network is on 10.0.0.x and there is no actualy DNS
for them). DNS domain is .ehr (which obviously doesn't
exist).
Configured as a workgroup, clients can connect and read
and write files with no performance problems. Authentication
works fine (from /etc/passwd - no shadow, no MD5).
Much of the network relies upon world-writable files and, even
with "create mode = 777" in the share definitions and "create
mask = 0" in the global section, directories were getting created
mode 755 and files mode 766. The 766 files did not seem to be
writable by other users.
With encrypted passwords, the next problem comes. I
create a Unix user (sally) and run:
makesmbpasswd.sh </etc/passwd >/etc/smbpasswd
and then remove all disallowed samba users (daemon users, etc)
from the file.
I run smbpasswd sally (all as root so far) and set her
password to sally. This seems to work, but then:
# smbclient //p75/sally -U sally
Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
Password: <sally>
session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair
in a Tree Connect or Session Setup are invalid.)
and this appears in log.<client>:
[1998/12/20 23:09:01, 0] smbd/reply.c:reply_sesssetup_and_X(771)
NT Password did not match ! Defaulting to Lanman
Doing a similar thing for a different user, however, worked.
I don't know what's happening there. I also verified that the
/etc/smbpasswd file was being used by setting an smbpasswd different
to the Unix password. The smb one worked and the Unix one
didn't.
Having acquired a small set of working usernames and passwords,
I proceeded to the clients.
(Question: If NT thinks it's in a domain, how do I change that without
first logging in to a local account without network connections?)
After changing random NT settings until the clients could find
the domain server, they started to complain about the absence of
machine accounts on the server. So far, so good.
However, adding machine accounts with smbpasswd -m didn't work so well:
# smbpasswd -m client$
User "client$" was not found in system password file.
(If real accounts are necessary, perhaps NTDOMAIN.txt could explain this?)
# adduser client$
# smbclient -m client$
New SMB password: <machine>
Retype new SMB password: <machine>
Failed to find entry for user client$.
Failed to change password entry for client$
# smbpasswd -a -m client$
Added user client$.
Password changed for user client$
#
However, here we got stuck, since samba refused to acknowledge the
existance of the machine accounts to NT or smbclient:
# smbclient //p75/client\$ -U client\$
Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
Password:
session setup failed: code 0
# smbpasswd client\$
New SMB password: <machine>
Retype new SMB password: <machine>
Password changed for user client$
# smbclient //p75/client\$ -U client\$
Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
Password:
session setup failed: code 0
#
and at this stage I got pretty stuck.
Any help on this would be greatly appreciated - I'm sure that most of my
problems are self-caused, but I'm pretty stuck nevertheless.
I'll be more than happy to provide any more details...
Cheers,
Matthew.
Here are selected entries from /etc/passwd (please don't try to break this
machine :):
matthew:.Df3IjbUKyF7Q:500:500:Matthew Kirkwood:/home/matthew:/bin/bash
patrick:tD0ULQMzd6Hn6:501:502:Patrick Kirk:/home/patrick:/bin/bash
sally:6pa/ajBkTDaCY:502:503:Sally O'neal:/home/sally:/bin/bash
p20$:F0PRBeLD9TriE:511:511::/home/p20:/bin/bash
nila:b1v8KK106B2p.:514:514::/home/nila:/bin/bash
guest:5HNj2FBf8tbFE:515:515::/home/guest:/bin/bash
and smbpasswd (commented out things may prove useful to us later):
matthew:500:4C1FCC560AF18970AAD3B435B51404EE:15882D2CD740919C2F41D351FD3A77DD:[DU ]:LCT-367D13D7:Matthew Kirkwood
sally:502:93FB9D0D47317806AAD3B435B51404EE:16B0A9CF926612E200AAD2B07D924059:[DU ]:LCT-367D10AC:Sally O'neal
support:503:93E28745B8BF4BA6AAD3B435B51404EE:C3F541BAF5C46E5169E95691975D12BC:[DU ]:LCT-367D10CB:
p20$:511:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[DU ]:LCT-367D15E4:
patrick:501:2EF6D2E7EA769781AAD3B435B51404EE:12FA788906B2BDB667477E2A91099F37:Patrick Kirk:/home/patrick:/bin/bash
nila:514:A751691F48A80B36AAD3B435B51404EE:29AF1083076602C9D14191B1041E252F::/home/nila:/bin/bash
guest:515:A0E150C75A17008EAAD3B435B51404EE:823893ADFAD2CDA6E1A414F3EBDF58F7:[U ]:LCT-367D54CF:
And here is smb.conf:
[global]
workgroup = EHR2
server string = P75 (Linux)
hosts allow = 10.0.0.
printcap name = /etc/printcap
load printers = yes
; printing = bsd
browseable = yes
public = yes
log file = /var/log/samba/log.%m
max log size = 50
security = user
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
username map = /etc/smbusers
; include = /etc/smb.conf.%m
socket options = TCP_NODELAY
interfaces = 10.0.0.2/24
; local master = no
os level = 60
domain master = yes
preferred master = yes
domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
; logon path = \\%L\Profiles\%U
; name resolve order = wins lmhosts bcast
wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = yes
preserve case = yes
short preserve case = yes
; default case = lower
; case sensitive = no
create mask = 0
[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
[faxes]
comment = Received Faxes
path = /var/spool/fax/recvq
writable = no
[system]
comment = Application files
path = /home/samba/system
writable = yes
create mode = 777
[data]
comment = Application data
path = /home/samba/data
writable = yes
create mode = 777
[m]
comment = Milemaster
path = /home/samba/m
writable = yes
create mode = 777
[archives]
comment = Backup directory
path = /home/samba/archives
writable = yes
valid users = @admin
create mode = 777
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
More information about the samba-ntdom
mailing list