[Fwd: samba 30alpha21 + NT4/2K WS-s]

john at ylenurme.ee john at ylenurme.ee
Fri Feb 28 18:09:43 GMT 2003


I have some strange problems with 3.0a21 PDC (samba and nss use both
ldap) and I can't find any good help with google...

One strange thing is that logon script does'nt work anymore, it worked
at one point and now doesnt (I quite play around here and I dont know in
which point of changing smb.conf it stopped to work).

[netlogon] share is like that:

   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = no
   writable = no
   browseable = yes
   public = yes

and some lines from [global]:
        local master = yes
        os level = 99
        domain master = yes
        preferred master = yes

        domain logons = yes
        logon drive = U:
        logon path = \\server\%U\profiles
        logon home = \\server\%U\
        logon script = START.BAT

/home/samba/netlogn/START.BAT exists, line breaks are in dos -style ...
if I log into NT4 on 2K ws, then i can mount \\pdc1\netlogon share and
run START.BAT there..
So what the heck can it be?

Another thing was that smbgroupedit -v showd several Domain Admins and
Domain Users group (with different SIDs).. So i took experimental step
and deleted some of them, leaving exactly one of every group..
Can this be somehow connected to 1st problem?

Also samba complained that:

get_domain_user_groups: primary gid of user [john] is not a Domain group
! get_domain_user_groups: You should fix it, NT doesn't like that

so a added john's primary group to Domain Users ans Users group (but
seems to change nothing):
root at woody-samba:/var/log/samba# smbgroupedit -v
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-2072525299-305900136-1143589454-512) -> domadm
Domain Guests (S-1-5-21-2072525299-305900136-1143589454-514) -> -1
Domain Users (S-1-5-21-2072525299-305900136-1143589454-513) -> users
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> users
root at woody-samba:/var/log/samba#

Third problem is locally stored profiles. How I could make such set up
that when user logs out from WS , then WS would copy changed profile
back to server and delete it from WS ?
It's question of security and hard disk space..

How could i set up client name resolution so that X client canot
announce itself as DC/browse master etc?
I every client resolves names via boadcast then when my DC goes down and
someone brings up his nt/samba server he could do lotof damaga - collect
people passwords etc...

now if I had every WS configured to resolve names via WINS and wins
configured with static netbios/ip resolve table, then I wouldn have to
worry about this? But as I understand only way wins server works is like
it adds routing support to broadcast resove mechanism...

Thanks goes to everyone bothering to enlighten me..

More information about the samba-technical mailing list