[Fwd: samba 30alpha21 + NT4/2K WS-s]
john at ylenurme.ee
john at ylenurme.ee
Fri Feb 28 18:09:43 GMT 2003
I have some strange problems with 3.0a21 PDC (samba and nss use both
ldap) and I can't find any good help with google...
One strange thing is that logon script does'nt work anymore, it worked
at one point and now doesnt (I quite play around here and I dont know in
which point of changing smb.conf it stopped to work).
[netlogon] share is like that:
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = no
writable = no
browseable = yes
public = yes
and some lines from [global]:
local master = yes
os level = 99
domain master = yes
preferred master = yes
domain logons = yes
logon drive = U:
logon path = \\server\%U\profiles
logon home = \\server\%U\
logon script = START.BAT
/home/samba/netlogn/START.BAT exists, line breaks are in dos -style ...
if I log into NT4 on 2K ws, then i can mount \\pdc1\netlogon share and
run START.BAT there..
So what the heck can it be?
Another thing was that smbgroupedit -v showd several Domain Admins and
Domain Users group (with different SIDs).. So i took experimental step
and deleted some of them, leaving exactly one of every group..
Can this be somehow connected to 1st problem?
Also samba complained that:
get_domain_user_groups: primary gid of user [john] is not a Domain group
! get_domain_user_groups: You should fix it, NT doesn't like that
so a added john's primary group to Domain Users ans Users group (but
seems to change nothing):
root at woody-samba:/var/log/samba# smbgroupedit -v
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-2072525299-305900136-1143589454-512) -> domadm
Domain Guests (S-1-5-21-2072525299-305900136-1143589454-514) -> -1
Domain Users (S-1-5-21-2072525299-305900136-1143589454-513) -> users
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> users
root at woody-samba:/var/log/samba#
Third problem is locally stored profiles. How I could make such set up
that when user logs out from WS , then WS would copy changed profile
back to server and delete it from WS ?
It's question of security and hard disk space..
How could i set up client name resolution so that X client canot
announce itself as DC/browse master etc?
I every client resolves names via boadcast then when my DC goes down and
someone brings up his nt/samba server he could do lotof damaga - collect
people passwords etc...
now if I had every WS configured to resolve names via WINS and wins
configured with static netbios/ip resolve table, then I wouldn have to
worry about this? But as I understand only way wins server works is like
it adds routing support to broadcast resove mechanism...
Thanks goes to everyone bothering to enlighten me..
More information about the samba-technical