samba-tng-alpha-1.0.tar.gz

Luke Kenneth Casson Leighton lkcl at samba.org
Sat Mar 18 00:16:13 GMT 2000 

michael!  you are a star.

ok, this is a known issue with the domain_namemap.c code.

you _cannot_ have the same username as a groupname or vice-versa on the
unix side.

if you do, the lookups from unix names to nt names will fail, because nt
namespace is expected to be unique, therefore login and access _will_ also
fail.

nt namespace uses unique names amongst users, groups, aliases and domains.
a name is resolved to a SID _and_ a type, therefore must be unique in
order to do this.

check your /etc/group and /etc/passwd: make sure that all non-unique names
are mapped to unique nt names, using the domain user/group/alias/builtin
map options.

On Fri, 17 Mar 2000, Michael S. Hulet wrote:

> OK Luke, sorry I didn't get back with you in a timely manner.  I
> downloaded samba-tng-alpha-1.0.tar.gz.  Compiled with configure.developer
> no problems.  I was able to join my NT Workstation Service Pack 3 to the
> new domain using the create a Computer Account in the Domain checkbox.
> The smbpasswd looked correct.  Only the root user was able to create a
> computer account, however.  After rebooting, I still received the computer
> account is invalid.  I stripped almost everything out /etc/group and all
> of a sudden root can log in.  I logged in as myself and it took about 12
> minutes to log in. I also lost my administrator priviledges.   These logs
> were being written to a lot with these messages:
> 
> log.smb
> free_connections: closing all MSRPC connections
> 
> log.netlogon
> receive_message_or_msrpc: timeout 10000 fd 7
> timeout on loop-back socket
> 
> I'm off till Monday but I'll try and find out what /etc/group was doing to
> the login.  Our group file is fairly large.  If I put the original group
> file back, I get the "...system cannot log you on ...." message so the
> behavior is reproducible.
> 
> Michael Hulet
> Network System Administrator
> ITTC, University of Kansas
> 
> 
> On Sat, 18 Mar 2000, Luke Kenneth Casson Leighton wrote:
> 
> > ftp://samba.org/pub/samba/alpha or mirror sites.
> > 
> > using nt5 beta1 (desperate measures, i know), i confirmed that there was a
> > problem with joining-to-domain, which _may_ not be a problem with nt4
> > because nt5beta1 may use different password-set mechanisms from nt4.
> > 
> > i still have not been able to confirm that non-intel-byte-order password
> > sets will work, although i _have_ added the code to do this.
> > 
> > if anyone is having difficulty with TNG, still, i recommend that you
> > delete the entire var/ directory and if you are using smbpasswd as your
> > SAM back-end, delete the entire private/ directory, recreate var/,
> > var/locks/, private/, do a touch private/smbpasswd and start again.
> > 
> > luke
> > 
> > <a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
> > <a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
> > <a href=" http://samba.org"      > Samba Web site                  </a>
> > <a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
> >  
> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
> > 
> > 
> 

<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
<a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
<a href=" http://samba.org"      > Samba Web site                  </a>
<a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
 
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list