Nathaniel N.Petersen (CNS Student Support) cthulu at
Fri May 31 07:28:45 GMT 2002

After talking this over with a friend, I realize that I have made a
mistake.  I should never have responded in the manner that I did.  I
was the one who asked for help.  You don't know the situation, and you
are correct in that most people who do have problems either didn't read
the existing information, or didn't understand what they read.

I should not have taken the standard responses so personally.  I'm

I inicially wrote in because I thought the errors I was receiving were
rather unique.  My past problems with Samba were never this bad.  They
WERE solved most times by just doing a quite search on google or reading
other individual's posts.

But this time, with authentication working fine, I was perplexed.  Why
the corrupt write from the W2K client?  Why did the NT machine write a
profile but not use it?  Or more precisely, why did it use it but say it

Again, my frustration exists more from my lack of progress than from the
comments I received.  I humbly submit my whole-hearted appologies to
those I may have angered and/or offended.

-Nathaniel N. Petersen

PS - I will look into the 'Z' drive issue as well as the location of the
profile.  Thank you for giving me some direction to research.

On Fri, May 31, 2002 at 04:02:35PM +0200, Simo Sorce wrote:
> On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote:
> > Note that from the client's point of view security = domain is the same
> > as security = user . It only affects how the server deals with the
> > authentication, it does not in any way affect what the client sees.
> > 
> > Since the systems are able to authenticate, this is not an issue.
> I have yet not understood if your server is a PDC or not.
> If it is, these 4 parameters MUST be set this way:
> domain logons = yes
> domain master = yes
> security = user
> encrypt password = yes
> > > try a path with no leading '.'
> > >         logon path = \\student\homes\%u\ntprofile
> > 
> > Even if you were correct, it worked before (and still is working
> > elsewhere), it should work now.
> I think this is not a problem.
> > I thought about dealing with this diplomaticly - but enough is enough.
> > There is nothing wrong with using the homes directories like I do.  The
> > lines refered to in the man pages simply don't recommend it.  Well, if
> > you have ever worked for a University, you would understand the amount
> > of overhead involved.  Creating essentially two account locations for
> > evey user is ridiculous.
> I have an my setup involved a simple [profile] share with 1777
> permissions on it, and that's not a lot of work to do (I had more than
> 1000 users).
> Recommendations exist for a purpose ... it's up to you to decide if they
> match your case.
> thinking a bit more in this case I think you may have 2 combined
> problems:
> 1. the use of the home directory to store profiles
> 2. the use of letter Z to map the home directory
> unfortunately I do not have handing any url, but I remember clearly that
> with later clients (w2k, XP) there are problems with the Z drive.
> In fact it is not available to be mapped until the user logged in and at
> that point the profile thing is yet over!
> It is not a samba problem, Microsoft changed it this way (can't remember
> why).
> So I would advice you do 2 things:
> change the home drive letter or setup a profile share and change the
> logon path directive.
> > Furthermore, this PDC is set to "local master = no" for a reason.
> > Election.  I have 14 other colleges at this university that are NOT
> > running Linux (yes, there are still people out there that use Windows).
> > Windows PDC's have fits when this is set to yes.  They lose out on
> > elections.  If set to false then nmbd will not attempt to become a
> > local master browser on a subnet and will also lose in all browsing
> > elections.  With a class B subnet, this is a GOOD THING.
> a class B NOT subnetted to C classes? That's should be a broadcast
> nightmare ... 
> (if your server is not a PDc you should NOT made it be a domain master!,
> local master should be ok, and would be better to use a wins server)
> > And finally, as far as that whole '.a = patch' thing goes - NO SH!T.
> > REALLY?  Well, I'll be... I thought only M$ released patches.
> > Seriously,  I was trying (appearantly not hard enough) to make light of 
> > my supervisor's lack of knowledge about Samba (AND all the extra work 
> > it forced me to do). <sarcasm>Lord knows I would much rather be seen 
> > a fool by the Samba community.</sarcasm>  This should never have been 
> > an issue.
> ?? you are stressed, take a breath
> > I want to appologize to those of you who work tirelessly on the Samba
> > project.  I also want to thank the attempts at trying to help me.  But,
> > they were of ZERO aid.  Nit-picking at these minor issues does not help
> > me with the big picture.  Just answer me this - If the windows systems
> > are able to verify the domain and authenticate, why does the w2k system
> > right corrupt profile data?  If the NT system is able to create a
> > profile, why can't it us it?  That's it.
> ok, let's try to stay tune and find the roots of your problems!
> I do not know what you have made before and how much you get frustrated,
> but 90% of users that ask for help generally have simple (!?)
> configuration problems so the way I personally answered is my standard
> first stage answer, no insulting were intended, and if so I apologize.
> Simo.
> -- 
> Simo Sorce - simo.sorce at
> Xsec s.r.l.
> via Durando 10 Ed. G - 20158 - Milano
> tel. +39 02 2399 7130 - fax: +39 02 700 442 399

More information about the samba-technical mailing list