security=domain bombs

Andrew Perrin - Demography aperrin at demog.Berkeley.EDU
Thu May 21 22:44:23 GMT 1998 

On advice of helpful folks from the list, I tried to switch our Samba
server from security=server with password server = <pdc name> over to
security=domain.  I get invalid password errors when connecting from NT,
and Session Setup failure when using smbclient.  Once I also got "Your
server software is being unfriendly" from smbclient.

Transcript of smbclient:
#@davis:/usr/local/src/ntdom/source>./smbclient '\\blake\aperrin' -U
aperrin -W SANDBOX
Server time is Thu May 21 15:37:17 1998
Timezone is UTC-7.0
Password: 
Session setup failed for username=aperrin myname=UTILITY destname=BLAKE
ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or
Session Setup are invalid.)
You might find the -U, -W or -n options useful
Sometimes you have to use `-n USERNAME' (particularly with OS/2)
Some servers also insist on uppercase-only passwords

Solaris 2.6, samba-1.9.19prealpha this morning's cvs.

smb conf's follow; logs are available at:
1.) NT to Samba, logs from PDC server:
http://demog.berkeley.edu/~aperrin/bos.twins.log
http://demog.berkeley.edu/~aperrin/bos.smb.log

2.) NT to Samba, logs from server serving homes:
http://demog.berkeley.edu/~aperrin/bla.twins.log
http://demog.berkeley.edu/~aperrin/bla.smb.log

3.) smbclient to Samba, log from home server:
http://demog.berkeley.edu/~aperrin/bla.utility.log

BLAKE: smb.conf (homes server):
[global]
        workgroup = SANDBOX
        smbrun = /usr/LOCAL/samba/bin/smbrun
        lock dir = /usr/LOCAL/samba/var/locks
        debug level = 10
        wins support = no
        wins server = 128.32.163.196
        os level = 0
        preferred master = no
        domain logons = no
        encrypt passwords = yes
        security = domain
;       password server = boserup
        log file = /var/log/samba.%m.log
        load printers = no
        hide dot files = no
        default service = homes
        time server = true
        guest account = nobody

[homes]
        guest ok = no
        read only = no
        browseable = yes
        wide links = yes
        printable = no
        Comment = Home Directory (%U)

[ntprofile]
        guest ok = no
        read only = no
        browseable = yes
        wide links = yes
        printable = no
        path = /home/davis/hdir1/%U
        Comment = Profile Directory (%U)

[test]
        guest ok = no
        read only = no
        browseable = yes
        wide links = yes
        path = /usr/LOCAL/samba
        Comment = Test Directory

[pdf]
        guest ok = no
        read only = no
        browseable = yes
        wide links = yes
        printable = yes
        print command = cat %s | /usr/local/bin/distill > %H/distilled.pdf
; rm
%s
        path = /tmp
        printer driver = Apple LaserWriter II NT v47.0


BOSERUP: smb.conf (PDC)
[global]
        workgroup = SANDBOX
        smbrun = /usr/LOCAL/samba/bin/smbrun
        lock dir = /usr/LOCAL/samba/var/locks
        debug level = 10
        log file = /var/log/samba.%m.log
        wins support = no
        wins server = 128.32.163.196
        os level = 100
        domain master = yes
        time server = true
        unix realname = yes
        preferred master = yes
        load printers = no
        hide dot files = no
        revalidate = yes
        default service = homes
        encrypt passwords = yes
        domain logons = yes
        domain sid =  S-1-5-21-123-456-789
        security = user
        case sensitive = no
        preserve case = yes
        short preserve case = yes
; The following deal with roaming profiles. Currently configured to send
;   them to utility\username as drive Y:.
        logon drive = Y:
        logon home = \\blake\%U
        logon path = \\blake\ntprofile\.ntprofile
        logon script = init.bat

        domain admin users = ntadmin
; Added the following at the suggestion of luke from the samba team 5/8/98
        domain groups = admins

[homes]
        guest ok = no
        read only = no
        browseable = yes
        wide links = yes
        printable = no
        create mask = 0775
        Comment = Home Directory (%U)

[test]
        guest ok = yes
        read only = no
        browseable = yes
        wide links = yes
        printable = no
        path = /usr/LOCAL/samba-test
        Comment = Sandbox Test Share

[netlogon]
        path = /usr/LOCAL/netlogon
        writeable = no
        guest ok = yes
        locking = no


---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography    -    University of California at Berkeley
2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199

More information about the samba-ntdom mailing list