remote password change + defect profiles

desteny dseis at gmx.de
Mon Sep 18 17:08:06 GMT 2000


Hi,


I'm using suse 6.2 with samba 2.0.7 as a logon and file server server
für win98 clients.
The server and the workstations are configured for roaming profiles.

And here are the major problems:
1.
when a user tries to change his password remotly from a win98
workstation(with net password or
with the gui-pw-changer in the system control panel),  win98 always
reports  that the old
Password was wrong; the samb logfile says sth like "passwort doesn't
match lanmanager password"
but surprisingly after this error the password is really changed!!
This only works if the user enters the correct Password of course.
Unix Password sync is activated and /bin/passwd set as passwd programm.

2.
some user profiles seem to got corruptet, they don't syncronize anymore
with the server on logout,
so i tried the procedure mentioned in the samba documentation (deleting
User.dat, cleaning local
profiles etc.). After that failed i completely deleted the profile dir
on the server and recreated it empty
(and after that also with a template, which was known to work), also i
cleaned up the profile caches
and the registry on the win98 clients. but this didn't work either...
I searched for further entries in the registry matching the user name,
but didn't find anything useful.
the /profile/username entry contained Badlocal=010000, setting it to
000000 or deleting it didn't
have any effect, after the next logon the this entry was recreated
_even_ if i delteted all local caches
and the profile on the server...
i'm really desparate because this also affectet the admin account which
is the only one allowed to make
changes like screen resolution etc. on the win98 clients.

minor problems:
3.
i've setup a logon-script which deletes the profile cache an the win98
profiles for privacy reasons
(the clients are used by many untrustwothrty individuals: pupils! :)
This has the unwanted side effect,
that the users are asked everytime they logon whether they want to use
their profile from the
server (of course they(=I) want:).
Is there a way to avoid this? or another way to make windows cleaning up
the profile cache?
i'm currently doing this with a "deltree c:\windows\profiles".

4.
when a user logs on for the first time, windows asks him for a new local
windows password,
which is redundant because the logon server already authetificates the
users. To avoid confusion
i include a "del c:\windows\*.pwl" in the logon script. Of course this
makes windows
ask for a new pw everytime they logon.. still better than one pw for the
network and anotherone
for each machine, but nevertheless annoying. maybe there is a way to
create a empty user.pwl file
just before the user logs on (with the logon-script). The only problem
is that the
logon-script doesn't know the name of the user which is going to logon..

questions:
5.
are unix-user groups mapped to lanmager user groups?
this is importand because i'm using policy files to hinder the pupils
trashing the win98-clients
configuration. Currently only the superuser has all privileges.. the
others aren't allowed to change
anything.
Of course a more sophisticated system with groups(for teachers, admins,
pupils, me etc.) would be better.

6.
is there a way to create shares to which can be written to but not
overwritten or deleted
(like the store attribute on proftpd) ?


ok, that was it :)

it would be very nice if you could help me!

I'm not very experienced in samba yet but have to administrate our
whoole school network.. couse our teachers know
nothing about unix/linux or samba..


Thanks in advance & please excuse my bad english :)

Danny Seis



--
Quod me nutrit, me destruit

email: dseis at gmx.de







More information about the samba-ntdom mailing list