Bad machine accounts
Andrew Perrin - Demography
aperrin at demog.Berkeley.EDU
Thu May 21 18:44:38 GMT 1998
OK, here's the full info. Background:
1.) BOSERUP, a Solaris 2.6 machine running Samba-1.9.19-prealpha as a PDC
for domain SANDBOX.
2.) BLAKE, a Solaris 2.6 machine running Samba-1.9.18p7 as a member of the
SANDBOX domain.
3.) KITAGAWA, a Windows NT 4.0(SP3) machine as a member of the SANDBOX
domain.
KITAGAWA can log into the domain fine; however, it cannot:
- get any shares whatsoever from BOSERUP (invalid password); or
- browse BLAKE (but it *can* NET USE \\blake\homes).
BOSERUP:smb.conf:
[global]
workgroup = SANDBOX
smbrun = /usr/LOCAL/samba/bin/smbrun
lock dir = /usr/LOCAL/samba/var/locks
debug level = 10
log file = /var/log/samba.%m.log
wins support = no
wins server = <ip address here>
os level = 100
domain master = yes
time server = true
unix realname = yes
preferred master = yes
load printers = no
hide dot files = no
revalidate = yes
default service = homes
encrypt passwords = yes
domain logons = yes
domain sid = S-1-5-21-123-456-789 ; sorry to be so boring
security = user
case sensitive = no
preserve case = yes
short preserve case = yes
; The following deal with roaming profiles. Currently configured to send
; them to utility\username as drive Y:.
logon drive = Y:
logon home = \\blake\%U
logon path = \\blake\ntprofile\.ntprofile
logon script = init.bat
domain admin users = ntadmin
; Added the following at the suggestion of luke from the samba team 5/8/98
domain groups = admins
[homes]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
create mask = 0775
Comment = Home Directory (%U)
[test]
guest ok = yes
read only = no
browseable = yes
wide links = yes
printable = no
path = /usr/LOCAL/samba-test
Comment = Sandbox Test Share
[netlogon]
path = /usr/LOCAL/netlogon
writeable = no
guest ok = yes
locking = no
BLAKE: smb.conf
[global]
workgroup = SANDBOX
smbrun = /usr/LOCAL/samba/bin/smbrun
lock dir = /usr/LOCAL/samba/var/locks
debug level = 1
wins support = no
wins server = <ip address here>
os level = 0
preferred master = no
domain logons = no
encrypt passwords = yes
security = server ; just got the =domain recc. and will try.
password server = boserup
log file = /var/log/samba.%m.log
load printers = no
hide dot files = no
default service = homes
time server = true
guest account = nobody
[homes]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
Comment = Home Directory (%U)
[ntprofile]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
path = /home/davis/hdir1/%U
Comment = Profile Directory (%U)
[test]
guest ok = no
read only = no
browseable = yes
wide links = yes
path = /usr/LOCAL/samba
Comment = Test Directory
[pdf]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = yes
print command = cat %s | /usr/local/bin/distill > %H/distilled.pdf
; rm
%s
path = /tmp
printer driver = Apple LaserWriter II NT v47.0
---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography - University of California at Berkeley
2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199
On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:
> > 3.) Today's new issue is that the scheme above doesn't work quite right
> > anymore. I can no longer browse the machine above, a Samba server but
> > not a PDC, running 1.9.18p7 with security=server and password server =
> > (our Samba PDC server). Browsing gets "access denied" but mounting works
> > fine using NET USE.
>
> send us sone smb.conf files to the list: let's have a look.
More information about the samba-ntdom
mailing list