WIN2K/SAMBA PDC
Greg J. Zartman
greg at kwikfind.com
Mon Mar 26 15:54:39 GMT 2001
Elliot,
Very good.
I'd be interested to hear how Win2k-Samba is working for you. I'm currently
setup with Samba as a PDC for a small-mid sized network of WIn2k machines.
For the most part, things work pretty good. The only thing I can't seem to
do yet is modify security stuff on the Samba PDC remotely using the Win NT
4.0 domain admin tools.
Greg
----- Original Message -----
From: "Elliot Mackenzie" <s354199 at student.uq.edu.au>
To: "SAMBA - NTDOM" <samba-ntdom at lists.samba.org>
Sent: Sunday, March 25, 2001 2:53 PM
Subject: RE: WIN2K/SAMBA PDC
> I finally identified the problem. I was keeping up to date with the CVS
> distributions, but was consistently getting the same error. The error
> seemed characteristic of the error that some users reported when using an
> old CVS snapshot with Win2k service pack 1 machines - and indeed this was
> the case. Somehow my CVS snapshot got corrupted and some files were not
> being updated (I presume at least those related to Win2k logons). I got a
> very new CVS snapshot (from scratch) and the problem disappeared - without
> any changes to my smb.conf at all.
>
> However as per the recommendation below I chucked half of my smb.conf out
> anyway :)
>
> Thanks Greg.
>
> M.
>
> ======================END MSG
>
> I can't stress enough the need to thin down your smb.conf file. You have
> alot of the "bells and whistles" type parameters specified in you
> configuration file. Unless you are a samba guru, you are going to have a
> very difficult time troubleshooting. Get things going with just the
> essential items and then start adding the more complex parameters. When I
> first started with Samba, I had about four lines in my smb.conf file and
> only one share. I highly recommend the Using Samba book that comes with
the
> your Samba source tree. You can find it in the docs directory (I read the
> entire thing). It does a very good job at walking you through a simple,
> barebones, setup and then on to more complex configurations.
>
>
> Good luck.
>
> Greg J. Zartman.
>
>
>
> ----- Original Message -----
> From: "Elliot Mackenzie" <s354199 at student.uq.edu.au>
> To: "SAMBA - NTDOM" <samba-ntdom at us5.samba.org>
> Sent: Monday, March 12, 2001 3:38 AM
> Subject: WIN2K/SAMBA PDC
>
>
> > At this point I pray I have landed the right newsgroup.
> >
> > I (ultimately) want to run Samba as the PDC for my domain ADIXEIN.
> >
> > Samba system:
> > - PII-300
> > - RedHat 7.0 (new version of gcc, kernel 2.4.2 freshly compiled)
> > - Samba 2.2 (CVS version recent as at 8PM EST 12-Mar-2001).
> >
> > Connecting system:
> > - PIII-1G
> > - Windows 2000 Professional SP1
> >
> > Domain information:
> > - Domain: ADIXEIN
> > - Server name: SERVER
> > - Machine name: MACKA
> >
> > smb.conf as follows (located in /usr/local/samba/lib/)
> > [root at gw lib]# tail -n 100 smb.conf
> > # Global parameters
> > [global]
> > workgroup = ADIXEIN
> > netbios name = SERVER
> > server string = File server
> > interfaces = 192.168.1.1/255.255.255.0
> > add user script = /usr/sbin/adduser -n -g machines -c Machine -d
> > /dev/null -s /bin/false %m$
> > security = User
> > domain logons = Yes
> > domain master = Yes
> > domain admin group = @adm
> > domain admin users = root
> > preferred master = Yes
> > local master = Yes
> > os level = 65
> > wins support = Yes
> > encrypt passwords = Yes
> > passwd program = /usr/bin/passwd
> > passwd chat debug = Yes
> > unix password sync = Yes
> > restrict anonymous = Yes
> > log file = /var/log/samba/log.%m
> > max log size = 50
> > time server = Yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > strip dot = Yes
> > dns proxy = No
> > hosts allow = 192.168.1.0/255.255.255.0 127.0.0.1/255.255.255.0
> > hosts deny = 0.0.0.0/0.0.0.0
> >
> > <insert file shares>
> > ########################END SMB.CONF
> >
> > Plus all the file shares (no Windows profiles etc are listed/used).
> > root is a member of @adm.
> >
> > I can connect to the domain when I change the settings on MACKA such
that
> it
> > joins a domain. As per the FAQ I connect as root with the root passwd.
> It
> > says "Welcome to ADIXEIN domain." or something to that effect.
> >
> > I reboot the Win2k machine, and attempt a login on ADIXEIN. I try this
as
> > root, as administrator and as macka. All attempts fail with the same
> error:
> >
> > "The system cannot log you on to this domain because the system's
computer
> > account in its primary domain is missing or the password on that account
> is
> > incorrect."
> >
> > The adduser appears to work, I have macka$ listed in my smbpasswd (root
is
> > also listed in smbpasswd). The following is an extract of the logs (log
> > level 20).
> > ============================= LOG.MACKA
> > [2001/03/12 20:47:14, 3] smbd/service.c:close_cnum(655)
> > macka (192.168.1.4) closed connection to service IPC$
> > [2001/03/12 20:47:14, 3] smbd/connection.c:yield_connection(54)
> > Yielding connection to IPC$
> > [2001/03/12 20:47:14, 3] smbd/sec_ctx.c:set_sec_ctx(310)
> > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> > [2001/03/12 20:47:14, 5] smbd/uid.c:unbecome_user(210)
> > unbecome_user now uid=(0,0) gid=(0,0)
> > [2001/03/12 20:47:14, 5] lib/util.c:show_msg(292)
> > size=35
> > smb_com=0x71
> > smb_rcls=0
> > smb_reh=0
> > smb_err=0
> > smb_flg=136
> > smb_flg2=1
> > [2001/03/12 20:47:14, 5] lib/util.c:show_msg(298)
> > smb_tid=1
> > smb_pid=65279
> > smb_uid=100
> > smb_mid=832
> > smt_wct=0
> > [2001/03/12 20:47:14, 5] lib/util.c:show_msg(308)
> > smb_bcc=0
> > [2001/03/12 20:47:14, 6] lib/util_sock.c:write_socket(560)
> > write_socket(12,39)
> > [2001/03/12 20:47:14, 6] lib/util_sock.c:write_socket(563)
> > write_socket(12,39) wrote 39
> > [2001/03/12 20:47:14, 10] lib/util_sock.c:read_socket_data(473)
> > read_socket_data: recv of 4 returned 0. Error = Success
> > [2001/03/12 20:47:14, 10] lib/util_sock.c:receive_smb(654)
> > receive_smb: length < 0!
> > [2001/03/12 20:47:14, 3] smbd/process.c:timeout_processing(1055)
> > end of file from client
> > [2001/03/12 20:47:14, 3] smbd/sec_ctx.c:set_sec_ctx(310)
> > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> > [2001/03/12 20:47:14, 5] smbd/uid.c:unbecome_user(210)
> > unbecome_user now uid=(0,0) gid=(0,0)
> > [2001/03/12 20:47:14, 2] smbd/server.c:exit_server(440)
> > Closing connections
> > [2001/03/12 20:47:14, 3] smbd/connection.c:yield_connection(54)
> > Yielding connection to
> > [2001/03/12 20:47:14, 3] smbd/server.c:exit_server(473)
> > Server exit (normal exit)
> > ====================================================
> > =====================================LOG.NMBD
> > [2001/03/12 21:30:13, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
> > dump_workgroups()
> > dump workgroup on subnet 192.168.1.1: netmask= 255.255.255.0:
> > ADIXEIN(1) current master browser = SERVER
> > SERVER 400c9b2b (File server)
> > MACKA 40011003 ()
> > [2001/03/12 21:30:13, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
> > dump_workgroups()
> > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.1.1:
> > ADIXEIN(1) current master browser = UNKNOWN
> > SERVER 40099b2b (File server)
> > [2001/03/12 21:30:13, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164)
> > find_workgroup_on_subnet: workgroup search for ADIXEIN on subnet
> > UNICAST_SUBNE
> > T: found.
> > [2001/03/12 21:30:13, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164)
> > find_workgroup_on_subnet: workgroup search for ADIXEIN on subnet
> > UNICAST_SUBNE
> > T: found.
> > [2001/03/12 21:30:23, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164)
> > find_workgroup_on_subnet: workgroup search for ADIXEIN on subnet
> > 192.168.1.1:
> > found.
> > [2001/03/12 21:30:23, 10]
> > nmbd/nmbd_sendannounce.c:announce_myself_to_domain_mas
> > ter_browser(406)
> > announce_myself_to_domain_master_browser: t (984396613) -
> last(984396029)
> > < 90
> > 0
> > [2001/03/12 21:30:23, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
> > dump_workgroups()
> > dump workgroup on subnet 192.168.1.1: netmask= 255.255.255.0:
> > ADIXEIN(1) current master browser = SERVER
> > SERVER 400c9b2b (File server)
> > MACKA 40011003 ()
> > [2001/03/12 21:30:23, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
> > dump_workgroups()
> > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.1.1:
> > ADIXEIN(1) current master browser = UNKNOWN
> > SERVER 40099b2b (File server)
> > [2001/03/12 21:30:23, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164)
> > find_workgroup_on_subnet: workgroup search for ADIXEIN on subnet
> > UNICAST_SUBNE
> > T: found.
> > [2001/03/12 21:30:23, 4]
> > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164)
> > find_workgroup_on_subnet: workgroup search for ADIXEIN on subnet
> > UNICAST_SUBNE
> > T: found.
> > ===============================================LOG.SMBD
> > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf
> last
> > mod_
> > time: Mon Mar 12 20:15:16 2001
> >
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5-32 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5-32-546 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-1 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-1-0 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-3 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-3-0 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-0-0 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5-11 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5-2 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5-7 ok
> > [2001/03/12 20:46:20, 7] lib/util_sid.c:string_to_sid(352)
> > string_to_sid: converted SID S-1-5-21-4264856688-2005356754-492243628
> > ok
> > [2001/03/12 20:46:20, 3] smbd/oplock.c:init_oplocks(1198)
> > open_oplock_ipc: opening loopback UDP socket.
> > [2001/03/12 20:46:20, 3] lib/util_sock.c:open_socket_in(870)
> > bind succeeded on port 0
> > [2001/03/12 20:46:20, 3]
> smbd/oplock_linux.c:linux_init_kernel_oplocks(293)
> > Linux kernel oplocks enabled
> > [2001/03/12 20:46:20, 3] smbd/oplock.c:init_oplocks(1229)
> > open_oplock ipc: pid = 5042, global_oplock_port = 1614
> > [2001/03/12 20:46:20, 4] lib/time.c:TimeInit(110)
> > Serverzone is -36000
> > [2001/03/12 20:46:20, 10]
> > lib/util_sock.c:read_smb_length_return_keepalive(602)
> > got smb length of 68
> > [2001/03/12 20:46:20, 2] lib/access.c:check_access(258)
> > Allowed connection from macka.adixein.lnet (192.168.1.4)
> > [2001/03/12 20:46:20, 6] smbd/process.c:process_smb(830)
> > got message type 0x81 of len 0x44
> > [2001/03/12 20:46:20, 3] smbd/process.c:process_smb(831)
> > Transaction 0 of length 72
> > [2001/03/12 20:46:20, 2] smbd/reply.c:reply_special(94)
> > netbios connect: name1=SERVER name2=MACKA
> > =======================================================
> > Apologies for the really huge email guys. I suppose it saves me sending
> > another one as soon as someone asks for the logs :)
> >
> > Any assistance will be much appreciated.
> >
> > Elliot.
> >
> >
> >
> >
>
>
>
>
>
More information about the samba-ntdom
mailing list