security=domain bombs
Andrew Perrin - Demography
aperrin at demog.Berkeley.EDU
Thu May 21 22:44:23 GMT 1998
On advice of helpful folks from the list, I tried to switch our Samba
server from security=server with password server = <pdc name> over to
security=domain. I get invalid password errors when connecting from NT,
and Session Setup failure when using smbclient. Once I also got "Your
server software is being unfriendly" from smbclient.
Transcript of smbclient:
#@davis:/usr/local/src/ntdom/source>./smbclient '\\blake\aperrin' -U
aperrin -W SANDBOX
Server time is Thu May 21 15:37:17 1998
Timezone is UTC-7.0
Password:
Session setup failed for username=aperrin myname=UTILITY destname=BLAKE
ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or
Session Setup are invalid.)
You might find the -U, -W or -n options useful
Sometimes you have to use `-n USERNAME' (particularly with OS/2)
Some servers also insist on uppercase-only passwords
Solaris 2.6, samba-1.9.19prealpha this morning's cvs.
smb conf's follow; logs are available at:
1.) NT to Samba, logs from PDC server:
http://demog.berkeley.edu/~aperrin/bos.twins.log
http://demog.berkeley.edu/~aperrin/bos.smb.log
2.) NT to Samba, logs from server serving homes:
http://demog.berkeley.edu/~aperrin/bla.twins.log
http://demog.berkeley.edu/~aperrin/bla.smb.log
3.) smbclient to Samba, log from home server:
http://demog.berkeley.edu/~aperrin/bla.utility.log
BLAKE: smb.conf (homes server):
[global]
workgroup = SANDBOX
smbrun = /usr/LOCAL/samba/bin/smbrun
lock dir = /usr/LOCAL/samba/var/locks
debug level = 10
wins support = no
wins server = 128.32.163.196
os level = 0
preferred master = no
domain logons = no
encrypt passwords = yes
security = domain
; password server = boserup
log file = /var/log/samba.%m.log
load printers = no
hide dot files = no
default service = homes
time server = true
guest account = nobody
[homes]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
Comment = Home Directory (%U)
[ntprofile]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
path = /home/davis/hdir1/%U
Comment = Profile Directory (%U)
[test]
guest ok = no
read only = no
browseable = yes
wide links = yes
path = /usr/LOCAL/samba
Comment = Test Directory
[pdf]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = yes
print command = cat %s | /usr/local/bin/distill > %H/distilled.pdf
; rm
%s
path = /tmp
printer driver = Apple LaserWriter II NT v47.0
BOSERUP: smb.conf (PDC)
[global]
workgroup = SANDBOX
smbrun = /usr/LOCAL/samba/bin/smbrun
lock dir = /usr/LOCAL/samba/var/locks
debug level = 10
log file = /var/log/samba.%m.log
wins support = no
wins server = 128.32.163.196
os level = 100
domain master = yes
time server = true
unix realname = yes
preferred master = yes
load printers = no
hide dot files = no
revalidate = yes
default service = homes
encrypt passwords = yes
domain logons = yes
domain sid = S-1-5-21-123-456-789
security = user
case sensitive = no
preserve case = yes
short preserve case = yes
; The following deal with roaming profiles. Currently configured to send
; them to utility\username as drive Y:.
logon drive = Y:
logon home = \\blake\%U
logon path = \\blake\ntprofile\.ntprofile
logon script = init.bat
domain admin users = ntadmin
; Added the following at the suggestion of luke from the samba team 5/8/98
domain groups = admins
[homes]
guest ok = no
read only = no
browseable = yes
wide links = yes
printable = no
create mask = 0775
Comment = Home Directory (%U)
[test]
guest ok = yes
read only = no
browseable = yes
wide links = yes
printable = no
path = /usr/LOCAL/samba-test
Comment = Sandbox Test Share
[netlogon]
path = /usr/LOCAL/netlogon
writeable = no
guest ok = yes
locking = no
---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography - University of California at Berkeley
2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199
More information about the samba-ntdom
mailing list