Downloading Profiles/Policies (slow connection)
Nuno Loureiro
nuno at lwp.si.ualg.pt
Sun Feb 28 15:02:56 GMT 1999
On 28-Feb-99 Brendon Meyer wrote this and I have to respond:
-> Nuno Loureiro wrote:
->
->
-> > But, its slower.. I did the test with about 7 or 8 accounts.. 1 of them I
-> > just created. I rm -r profiles from those users, and I deleted local
-> > profiles too on NT.
-> >
-> > On 1 of them the login is fast.. On the others the login is slower and
-> > that msg about slow link appears, and on the account I just created
-> > the login is very slow.
-> >
-> > what could explain this?
->
-> Hmmm .... now that *is* interesting.
->
-> In our situation, the speed of logins is quite consistent. There is a
-> semi-saturated E3 link between us and the domain controllers. As a result,
-> there is usually a few seconds delay so we get this message consistently.
But in my case is 10BaseT, so we should never get this message :/
-> When we have previously stored users NT login profiles on a NT server we
-> sometimes got this message (though over the course of time, the message came
-> up more often than not). With SAMBA this message came up consistently but
-> it was not "significantly" slower.
->
-> Let me ask a silly question here.
->
-> How are you authenticating your users?
->
-> Are you using the SAMBA domain authentication or are you telling Samba to
-> pass off authentication to a NT domain controller (possibly a SAMBA DC)?
I have samba as PDC. All the NTs are Workstations.
-> ... and this begs the question, are you getting messages such as:
->
-> password server xxxxxx rejected the password
-> NT Password did not match ! Defaulting to Lanman
Yes, I noticed *sometimes* I got that message, and sometimes not.
I will paste you some logs..
[1999/02/28 02:13:16, 0] passdb/sampass.c:getsamfile21pwent(108)
trust account lig30$ should be in DOMAIN_GROUP_RID_USERS
[1999/02/28 02:13:32, 0] smbd/reply.c:reply_sesssetup_and_X(710)
NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:14:03, 0] smbd/reply.c:reply_sesssetup_and_X(710)
NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:15:36, 0] smbd/reply.c:reply_sesssetup_and_X(710)
NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:16:08, 0] smbd/reply.c:reply_sesssetup_and_X(710)
NT Password did not match ! Defaulting to Lanman
[1999/02/28 02:16:40, 0] smbd/reply.c:reply_sesssetup_and_X(710)
...
lig14 (10.11.85.114) connect to service a123456 as user a123456 (uid=1250,
gid=111) (pid 11146)
[1999/02/28 02:26:47, 1] smbd/service.c:make_connection(486)
lig14 (10.11.85.114) connect to service Netlogon as user a123456 (uid=1250,
gid=111) (pid 11146)
[1999/02/28 02:26:47, 1] smbd/service.c:make_connection(486)
lig14 (10.11.85.114) connect to service dj670 as user a123456 (uid=1250,
gid=111)(pid 11146)
[1999/02/28 02:26:48, 1] smbd/service.c:make_connection(486)
lig14 (10.11.85.114) connect to service laser as user a123456 (uid=1250,
gid=111)(pid 11146)
...
[1999/02/28 05:11:59, 0] passdb/sampass.c:getsamfile21pwent(108)
trust account lig30$ should be in DOMAIN_GROUP_RID_USERS
[1999/02/28 05:12:00, 0] smbd/uid.c:become_root(366)
ERROR: become root depth is non zero
[1999/02/28 05:12:00, 0] smbd/uid.c:unbecome_root(387)
ERROR: unbecome root depth is 0
[1999/02/28 05:12:07, 1] smbd/service.c:make_connection(486)
lig10 (10.11.85.110) connect to service a10330 as user a10330 (uid=2056,
gid=111)(pid 6497)
[1999/02/28 05:12:08, 1] smbd/service.c:make_connection(486)
lig10 (10.11.85.110) connect to service dj670 as user a10330 (uid=2056,
gid=111) (pid 6497)
[1999/02/28 05:12:09, 1] smbd/service.c:make_connection(486)
lig10 (10.11.85.110) connect to service laser as user a10330 (uid=2056,
gid=111) (pid 6497)
I will also paste some parts of my smb.conf:
;======================= Global Settings =====================================
[global]
workgroup = CIG
remote announce = 10.11.91.1/CIG
remote browse sync = 10.11.91.1
comment = CI-Gambelas Samba Server
; domain sid = S-1-5-21-123-456-789-123
; debuglevel = 20
security = USER
encrypt passwords = yes
local master = yes
os level = 75
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
dns proxy = yes
logon drive = u:
logon home = "\\rtfm\%U"
logon path = \\%L\Profiles\%U
logon script = %m.bat
unix realname = yes
time server = True
guest account = nobody
; domain admin users = nuno, bpedro, victor, antobar, viseu
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *assword changed*
load printers = no
domain group map = /etc/domaingroup.map
local group map = /etc/localgroup.map
; Logs
log file = /usr/local/samba/var/log.%m
max log size = 500
; log level = 50
short preserve case = yes
preserve case = yes
; Security and file integrity related options
lock directory = /usr/local/samba/var/locks
locking = yes
share modes = yes
guest ok = no
; Performance Related Options
; Before setting socket options read the smb.conf man page!!
socket options = TCP_NODELAY
; Use keep alive only if really needed!!!!
; keep alive = 60
dead time = 0
# Unix users can map to different SMB User names
username map = /etc/users.map
;============================ Share Definitions ==============================
(...)
[Netlogon]
comment = Samba Network Logon Service
path = /home/samba/netlogon
; Case sensitivity breaks logon script processing!!!
case sensitive = no
default case = yes
guest ok = no
locking = no
public = no
writable = yes
; For browseable say NO if you want to hide the NETLOGON share
browseable = no
[Profiles]
path = /home/samba/profiles
browseable = yes
printable = no
guest ok = yes
writable = yes
(...)
-----
Nuno Andre Henriques Loureiro
http://lwp.ualg.pt/~nuno
PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC E8 4D DC 23 8E 2B 72 B4
Finger nuno at lwp.ualg.pt for more info
More information about the samba-ntdom
mailing list