reproducable netlogon problem

[Matthew Flanagan]

Hi,

I have been trying to get the following setup working:

* "jin" - SAMBA_TNG (checked out 13/6/2000) running on stock RedHat 6.2
( kernel 2.2.14) configured as PDC.
* "nwrsvr" - NT 4.0 SP 5 (standalone) as client.

I have followed the setup instructions in the TNG FAQ and created the
appropriate workstation accounts and user accounts (and domain user
mappings) as shown below.

[root at jin var]# samedit -S . -U root
added interface ip=192.168.1.51 bcast=192.168.1.255 nmask=255.255.255.0
Enter Password:
[root at .]$ enumusers 
enumusers 
SAM Enumerate Users
User RID:      1f4  User Name: Administrator
User RID:     13b4  User Name: mpf
User RID:     13c8  User Name: nwrsvr$


The problem I am having occurs when I log in as user. First of all I am
informed that my "roaming profile is not available, the operating system
is attempting to log you on with your local profile". Clicking OK
proceeds to the desktop. Then when I try to browse the shares on the
SAMBA_TNG server I am prompted for a username and password. Entering a
valid username and password here fails every time.

If I then immediately restart samba and try the browse the shares again
it succeeds without prompting me for a username or password.

I can reproduce this very reliably by just logging out and repeating the
above steps for any user.

Below is the smb.conf that I am using. It is basically the same as the
SAMBA_TNG FAQ example config. I can provide the logs and packet traces
on request.

Has anyone else seen this problem?

Is there a solution/patch for this?

regards

matthew

--- smb.conf ---

[global]

#NetBIOS name isn't needed if it's the same as the hostname 
#netbios name = JIN 
workgroup = DOMAIN 
#password level = 8

#flat files that map Unix groups to NT type groups. 
#these files take the form unix_group = `Windows NT group'' 
domain group map = /usr/local/samba-tng/lib/domaingroup.map
domain user map = /usr/local/samba-tng/lib/domainuser.map
#domain alias map = /opt/samba-tng/private/domainalias.map 

#Domain controllers use user security and we need encrypted 
#passwords (see ENCRYPTION.txt) 
security = user 
domain logons = yes 
encrypt passwords = yes 

#And in order for us to be *sure* to win browser elections 
os level = 65 
domain master = yes 
preferred master = yes 
local master = yes 

#WINS is the equivalent of DNS for NetBIOS. 
wins support = yes 
time server = yes 

#the next lines are equivalent to the various profile details 
#found in NT's User Manager 
#logon script = login.bat 
logon drive = U: 
logon home = \\jin\%U
logon path = \\jin\profile\%U

#share all home directories 
[homes] 
browseable = no 
writable = yes 
comment = Users' home directories 

#set up netlogon share for system policies and login scripts 
[netlogon] 
path = /usr/local/samba-tng/netlogon
writable = no 
guest ok = no 
comment = PDC netlogon share 

#the profiles share
#to create automatic subdirs for the different users
#chmod 1777 /opt/samba-tng/profile
[profile]
path = /usr/local/samba-tng/profile
writeable = yes
comment = PDC profile share 

#a public share 
[public] 
path = /tmp
browseable = yes 
public = yes 
comment = Public share
--------------

-- 
Matthew Flanagan                     Phone: 02 9900 2104
matthew.flanagan at enstor.com.au      Mobile: 0414 642 557
EnStor Pty Ltd                         Fax: 02 9900 2199