Downloading Profiles/Policies (slow connection)

Nuno Loureiro nuno at lwp.si.ualg.pt
Sun Feb 28 15:02:56 GMT 1999


On 28-Feb-99 Brendon Meyer wrote this and I have to respond:

->  Nuno Loureiro wrote:
->  
->  
-> > But, its slower.. I did the test with about 7 or 8 accounts.. 1 of them I
-> > just created. I rm -r profiles from those users, and I deleted local
-> > profiles too on NT.
-> >
-> > On 1 of them the login is fast.. On the others the login is slower and
-> > that msg about slow link appears, and on the account I just created
-> > the login is very slow.
-> >
-> > what could explain this?
->  
->  Hmmm .... now that *is* interesting.
->  
->  In our situation, the speed of logins is quite consistent.  There is a
->  semi-saturated E3 link between us and the domain controllers.  As a result,
->  there is usually a few seconds delay so we get this message consistently. 

But in my case is 10BaseT, so we should never get this message :/

-> When we have previously stored users NT login profiles on a NT server we
-> sometimes got this message (though over the course of time, the message came
-> up more often than not).  With SAMBA this message came up consistently but
-> it was not "significantly" slower.
->  
->  Let me ask a silly question here.
->  
->  How are you authenticating your users?
->  
->  Are you using the SAMBA domain authentication or are you telling Samba to
->  pass off authentication to a NT domain controller (possibly a SAMBA DC)?

I have samba as PDC. All the NTs are Workstations.

->  ... and this begs the question, are you getting messages such as:
->  
->  password server xxxxxx rejected the password
->  NT Password did not match ! Defaulting to Lanman

Yes, I noticed *sometimes* I got that message, and sometimes not.
I will paste you some logs..

[1999/02/28 02:13:16, 0] passdb/sampass.c:getsamfile21pwent(108)
  trust account lig30$ should be in DOMAIN_GROUP_RID_USERS
[1999/02/28 02:13:32, 0] smbd/reply.c:reply_sesssetup_and_X(710)
  NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:14:03, 0] smbd/reply.c:reply_sesssetup_and_X(710)
  NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:15:36, 0] smbd/reply.c:reply_sesssetup_and_X(710)
  NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:16:08, 0] smbd/reply.c:reply_sesssetup_and_X(710)
  NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:16:40, 0] smbd/reply.c:reply_sesssetup_and_X(710)
...
  lig14 (10.11.85.114) connect to service a123456 as user a123456 (uid=1250,
gid=111) (pid 11146)
[1999/02/28 02:26:47, 1] smbd/service.c:make_connection(486)
 lig14 (10.11.85.114) connect to service Netlogon as user a123456 (uid=1250,
 gid=111) (pid 11146)
[1999/02/28 02:26:47, 1] smbd/service.c:make_connection(486)
  lig14 (10.11.85.114) connect to service dj670 as user a123456 (uid=1250,
  gid=111)(pid 11146)
[1999/02/28 02:26:48, 1] smbd/service.c:make_connection(486)
  lig14 (10.11.85.114) connect to service laser as user a123456 (uid=1250,
  gid=111)(pid 11146)
...
[1999/02/28 05:11:59, 0] passdb/sampass.c:getsamfile21pwent(108)
  trust account lig30$ should be in DOMAIN_GROUP_RID_USERS
[1999/02/28 05:12:00, 0] smbd/uid.c:become_root(366)
  ERROR: become root depth is non zero
[1999/02/28 05:12:00, 0] smbd/uid.c:unbecome_root(387)
  ERROR: unbecome root depth is 0
[1999/02/28 05:12:07, 1] smbd/service.c:make_connection(486)
  lig10 (10.11.85.110) connect to service a10330 as user a10330 (uid=2056,
gid=111)(pid 6497)
[1999/02/28 05:12:08, 1] smbd/service.c:make_connection(486)
  lig10 (10.11.85.110) connect to service dj670 as user a10330 (uid=2056,
gid=111) (pid 6497)
[1999/02/28 05:12:09, 1] smbd/service.c:make_connection(486)
  lig10 (10.11.85.110) connect to service laser as user a10330 (uid=2056,
gid=111) (pid 6497)              


I will also paste some parts of my smb.conf:

;======================= Global Settings =====================================
[global]

   workgroup = CIG
   remote announce = 10.11.91.1/CIG
   remote browse sync = 10.11.91.1
   comment = CI-Gambelas Samba Server
;   domain sid = S-1-5-21-123-456-789-123

;   debuglevel = 20
   security = USER
   encrypt passwords = yes
   local master = yes
   os level = 75
   domain master = yes
   preferred master = yes
   domain logons = yes
   wins support = yes
   dns proxy = yes
   logon drive = u:
   logon home = "\\rtfm\%U"
   logon path = \\%L\Profiles\%U
   logon script = %m.bat
   unix realname = yes
   time server = True
   guest account = nobody
;   domain admin users = nuno, bpedro, victor, antobar, viseu
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *assword changed*
   load printers = no
   domain group map = /etc/domaingroup.map
   local group map = /etc/localgroup.map

; Logs
   log file = /usr/local/samba/var/log.%m
   max log size = 500
;   log level = 50

   short preserve case = yes
   preserve case = yes

; Security and file integrity related options
   lock directory = /usr/local/samba/var/locks
   locking = yes
   share modes = yes
   guest ok = no

; Performance Related Options
; Before setting socket options read the smb.conf man page!!
   socket options = TCP_NODELAY
; Use keep alive only if really needed!!!!
;   keep alive = 60

dead time = 0

# Unix users can map to different SMB User names
username map = /etc/users.map

;============================ Share Definitions ==============================

(...)

[Netlogon]
   comment = Samba Network Logon Service
   path = /home/samba/netlogon
; Case sensitivity breaks logon script processing!!!
   case sensitive = no
   default case = yes
   guest ok = no
   locking = no
   public = no
   writable = yes
;   For browseable say NO if you want to hide the NETLOGON share
   browseable = no

[Profiles]
    path = /home/samba/profiles
    browseable = yes
    printable = no
    guest ok = yes
    writable = yes

(...)


-----
Nuno Andre Henriques Loureiro        
http://lwp.ualg.pt/~nuno          
PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC  E8 4D DC 23 8E 2B 72 B4
Finger nuno at lwp.ualg.pt for more info


More information about the samba-ntdom mailing list