PDC user authentication
wilson at coms.com
Wed Jun 7 16:11:10 GMT 2000
I apologise for the incomplete comments of the previous email replying to
What I've found is the option "valid users = %S" in the [homes] section does
help keep unauthorized users out of home directories they don't own.
However, it won't work on its own.
The following were the tips given by Gerry George:
>1./ When different users has been logged in and out of the NT client,
>the late users can actually browse the home directories of the previous
There is some documentation on this issue. See the FAQ
at www.samba.org. You should try to comment out the " logon home =
\\%L\%U " line and see if it soles this problem. The issue revolves
around your shares declarations.
The above two treatments have to be done in order to fix the authentication
problem. They are actually mutual independent. They must go hand-in hand.
Do one without doing the other won't solve the problem.
I don't understand the mechanism inside. but it's my experience.
Please correct me if I'm wrong.
If anyone can explain to me this phenomenon, I'd be very grateful.
Concerning the second problem, the previous error message appears no more
now. However, roaming profiles of individual user still cannot be created.
Randy Parker wrote:
> I'm not sure about other stuff, but problem #1 I
> solved using a suggestion from the John Blair Samba
> book, page 236. He says set "valid users = %S" in
> the [homes] definition to keep unauthorized users
> out of home directories they don't own. It works
> for me.
> Randy Parker
> Wilson Yau <wilson at coms.com> wrote:
> >Dear all Samba Gurus,
> >Recently, I have looked into the possibility of the complete replacement
> >of NT4 server by deploying Samba.
> >As an experiment, I am trying to configure a Linux box running Debian
> >Potato with kernel 2.2.15 as a Samba server, which will eventually
> >emulate a NT PDC. On top of that, I am running NT4 workstation client
> >by using VMware 2.0.
> >I first started with the latest production version 2.0.7a, but
> >encountered some problems when came to the PDC implementation. After
> >consulting some resources from books (e.g. Using Samba, O'Reilly) and
> >several web sites (e.g. http://www.ping.be/linux-and-samba/ ), I decided
> >to get the latest development version from the cvs site of samba.org so
> >as to get the best PDC support. The one I've got is
> >'release-alpha-2-5-3'. The source codes have been successfully
> >compiled. Although I could make the NT domain logon live, the same
> >problems persist.
> >There are two main problems:
> >1./ When different users has been logged in and out of the NT client,
> >the late users can actually browse the home directories of the previous
> >2./ When a user logs in, an error message pops up saying 'The operating
> >system was unable to create profile directory \\mole\Profiles\%U.pds.
> >You will be logged on with a local profile only....'. This looks like
> >something is wrong with the logon path in the [global] section or the
> >path specified in the [Profiles] service.
> >I tried to search the mailing list archive -
> >http://us1.samba.org/listproc/samba-ntdom, but the URL could not be
> >found. Therefore, I decided to subscibe this mailing list to learn more
> >and hopefully someone can give me a helping hand.
> >FYI, my server is called 'mole', my workstation is 'koala' and NT Domain
> >name is 'YAU'
> >Here are the main settings in my smb.conf file:
> > workgroup = YAU
> > netbios name = mole
> > server string = %h (Samba Server %v)
> > guest account = smbguest
> ># Debug Level
> > log level = 2
> > security = user
> > encrypt passwords = yes
> > unix password sync = false
> > local master = yes
> > os level = 255
> > domain master = yes
> > preferred master = yes
> > domain logons = yes
> > logon home = \\%L\%U
> > logon path = \\%L\Profiles\%U
> > log file = /usr/local/samba/var/log.%m
> > max log size = 50
> > comment = Home Directories
> > browseable = no
> > guest ok = no
> > read only = no
> > create mask = 0700
> > directory mask = 0700
> > comment = Windows-User-Profiles
> > path = /usr/local/samba/profiles
> > browseable = no
> > guest ok = yes
> > writeable = yes
> >I have created the /usr/local/samba/profiles directory manually, and it
> >attributes are as follows:
> >drwxr-xr-x 2 root root 4096 Jun 5 14:00 profiles
> >If you need more information, please let me know.
> >Many thanks for your help!
> >Wilson Yau
More information about the samba-ntdom