PDC user authentication

Wed Jun 7 11:36:32 GMT 2000

I'm not sure about other stuff, but problem #1 I
solved using a suggestion from the John Blair Samba
book, page 236. He says set "valid users = %S" in
the [homes] definition to keep unauthorized users
out of home directories they don't own. It works
for me.

Regards,
Randy Parker

Wilson Yau <wilson at coms.com> wrote:
>Dear all Samba Gurus,
>
>Recently, I have looked into the possibility of the complete replacement
>of NT4 server by deploying Samba.
>
>As an experiment, I am trying to configure a Linux box running Debian
>Potato with kernel 2.2.15 as a Samba server, which will eventually
>emulate a NT PDC.  On top of that, I am running NT4 workstation client
>by using VMware 2.0.
>
>I first started with the latest production version 2.0.7a, but
>encountered some problems when came to the PDC implementation.  After
>consulting some resources from books (e.g. Using Samba, O'Reilly) and
>several web sites (e.g. http://www.ping.be/linux-and-samba/ ), I decided
>to get the latest development version from the cvs site of samba.org so
>as to get the best PDC support.  The one I've got is
>'release-alpha-2-5-3'.  The source codes have been successfully
>compiled.  Although I could make the NT domain logon live,  the same
>problems persist.
>
>There are two main problems:
>
>1./  When different users has been logged in and out of the NT client,
>the late users can actually browse the home directories of the previous
>ones;
>
>2./  When a user logs in, an error message pops up saying 'The operating
>system was unable to create profile directory \\mole\Profiles\%U.pds.
>You will be logged on with a local profile only....'.  This looks like
>something is wrong with the logon path in the [global] section or the
>path specified in the [Profiles] service.
>
>I tried to search the mailing list archive -
>http://us1.samba.org/listproc/samba-ntdom, but the URL could not be
>found.  Therefore, I decided to subscibe this mailing list to learn more
>and hopefully someone can give me a helping hand.
>
>
>FYI, my server is called 'mole', my workstation is 'koala' and NT Domain
>name is 'YAU'
>
>Here are the main settings in my smb.conf file:
>
>[global]
>   workgroup = YAU
>   netbios name = mole
>   server string = %h (Samba Server %v)
>   guest account = smbguest
>
># Debug Level
>   log level = 2
>
>   security = user
>   encrypt passwords = yes
>   unix password sync = false
>
>   local master = yes
>   os level = 255
>   domain master = yes
>   preferred master = yes
>   domain logons = yes
>
>   logon home = \\%L\%U
>   logon path = \\%L\Profiles\%U
>   log file = /usr/local/samba/var/log.%m
>   max log size = 50
>
>[homes]
>   comment = Home Directories
>   browseable = no
>   guest ok = no
>   read only = no
>   create mask = 0700
>   directory mask = 0700
>
>[Profiles]
>    comment = Windows-User-Profiles
>    path = /usr/local/samba/profiles
>    browseable = no
>    guest ok = yes
>    writeable = yes
>
>
>I have created the /usr/local/samba/profiles directory manually, and it
>attributes are as follows:
>drwxr-xr-x    2 root     root         4096 Jun  5 14:00 profiles
>
>If you need more information, please let me know.
>
>Many thanks for your help!
>
>Wilson Yau
>