PDC user authentication

Wilson Yau wilson at coms.com
Wed Jun 7 14:51:59 GMT 2000 

Gerry wrote:

> There is some documentation on this issue.  See the FAQ
> at  www.samba.org.  You should try to comment out the "   logon home =
> \\%L\%U " line and see if it  soles this problem.  The issue revolves
> around your shares declarations.
>
>

Dear Gerry,

I tried your tips and it works!   This somewhat has solved my first problem -
user authentication.
Now the home directory of the previous user can still be seen by the newly log
in user, but ACCESS IS DENIED.  When I kept an eyes on the smbstatus, I
discovered even a user had logged out, share connection was still maintained
for some time (quite long).  Is this a problem with Windows or Samba?  Can we
do anything to 'fix' it?

FYI, here I attach the messages given by smbstatus and
/usr/local/samba/var/log.koala:

When a user called wilson logged in & HAD LOGGED OUT from koala (NT
workstation), I got the following:

(I) FROM smbstatus:

Samba version pre-3.0.0
Service      uid      gid      pid     machine
----------------------------------------------
Profiles     wilson   wilson    7484   koala    (192.168.1.62) Wed Jun  7
15:33:16 2000


(II) FROM /usr/local/samba/var/log.koala:

Closing connections
Allowed connection from koala.hq.coms.com (192.168.1.62)
koala (192.168.1.62) connect to service Profiles as user wilson (uid=1000,
gid=1000) (pid 7484)
Allowed connection from koala.hq.coms.com (192.168.1.62)

----------

Then I logged in as another user called eric:


(I) FROM smbstatus:

Samba version pre-3.0.0
Service      uid      gid      pid     machine
----------------------------------------------
netlogon     eric     eric      7484   koala    (192.168.1.62) Wed Jun  7
15:39:36 2000
Profiles     wilson   wilson    7484   koala    (192.168.1.62) Wed Jun  7
15:33:16 2000


(II) FROM /usr/local/samba/var/log.koala:

con't from (II) above:
Allowed connection from koala.hq.coms.com (192.168.1.62)
koala (192.168.1.62) connect to service netlogon as user eric (uid=1001,
gid=1001) (pid 7484)

Now when clicking network neighbourhood then mole (samber server),  both
eric's and wilson's home directory could be seen.  Fortunately, after the fix,
eric could not open wilson's home directory this time.

Many thanks for your help.

Wilson

P.S.  If you have more tricks to enhance this security feature further, please
let me know.

More information about the samba-ntdom mailing list