Weird problem with Windows NT 4 Workstation & Samba PDC

Allan Jensen alj at terma.dk
Wed Mar 18 14:51:52 GMT 1998 

Hi there,

First, forgive me for writing immediately after joining a list, but I've
fought with Samba for 3 full days now, and people here have lost a bit of
their patience with Samba as a PDC.

The summary:

Server : Samba 1.9.18p3, under Solaris 2.5.1 on a Sparcstation IPX, no
patches, running NIS.

Clients : Windows 95 / NT4-SP3 Workstation, logging on to a NT 3.51 PDC
(for the time being) - accounts and passwords are manually synchronized
by each user between the NIS and the NT domain.

My problem is, that the PDC function doesn't seem to work. I (should) use
encrypted passwords, but I've added the NT4 registry entry for being able
to talk 'plain text' Samba<->NT4.
The problem is this : 
I go to Start->Run on my NT4, type \\Sparc5 (the name of my server) - I
instantly get an Access Denied. I can type \\Sparc5\tmp and it tells me
that the network path doesn't exist. But if I do a smbstatus, I see this:

Samba version 1.9.18p3
Service      uid      gid      pid     machine
----------------------------------------------
tmp          alj      users    10489   ntp3     (172.22.32.105) Wed Mar 18 14:25:12 1998

So I should be logged in, right?

Even 'funnier' - I go to a command shell and type:
net use p: \\sparc5\tmp 
And it maps the drive, regardless of that it just said that the network
path didn't exist!

I can do a 'dir \\sparc5\tmp' or 'dir p:\' without any problems. smbclient
works without any problems at all.

I can't join the domain from within NT4, nor can I use any of the NT4
tools to browse the domain. I can see it the domain in Network
Neighbourhood, and I can also _see_ Sparc5 within the domain, but I can't
open it. The only thing I can is to do a Properties on it - then it tells
me it's a Windows NT 5.4 Primary Domain Controller.

Can anyone tell me what is wrong here? I'm getting _real_ frustrated with
this, because it doesn't really make any sense that it allows me access in
one way, but not another!

All files are located within /users/alj/samba and downwards (just during 
the testing phase - I'll recompile it later)

Flags used when compiling:
Using CFLAGS = 
-O 
-DNTDOMAIN 
-DSYSLOG
-DSMBLOGFILE="/users/alj/samba/var/log.smb"
-DNMBLOGFILE="/users/alj/samba/var/log.nmb"
-DCONFIGFILE="/users/alj/samba/lib/smb.conf"
-DLMHOSTSFILE="/users/alj/samba/lib/lmhosts" 
-DWEB_ROOT="/users/alj/samba"
-DLOCKDIR="/users/alj/samba/var/locks"
-DSMBRUN="/users/alj/samba/bin/smbrun"
-DCODEPAGEDIR="/users/alj/samba/lib/codepages" 
-DWORKGROUP="WORKGROUP"
-DGUEST_ACCOUNT="nobody" 
-DDRIVERFILE="/users/alj/samba/lib/printers.def"
-DSUNOS5 
-DSHADOW_PWD 
-DNETGROUP 
-DFAST_SHARE_MODES
-DALLOW_CHANGE_PASSWORD 
-DSMBGETPASS
-DSMB_PASSWD="/users/alj/samba/bin/smbpasswd"
-DSMB_PASSWD_FILE="/users/alj/samba/private/smbpasswd"

The smbpasswd file contains (amongst other things) this:

alj:234:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:Allan Jensen:/users/alj:/bin/bash
ntp3$:60001:NO PASSWORDXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:ntp3$:/:

(my NT4 client is called ntp3, by the way)

The output of testparm is:

Load smb config files from /users/alj/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
No path in service printers - using /tmp
Processing section "[tmp]"
Loaded services file OK.
Press enter to see a dump of your service definitions
# Global parameters
	debuglevel = 2
	syslog = 1
	syslog only = No
	protocol = NT1
	security = USER
	max disk size = 0
	lpq cache time = 10
	announce as = NT
	encrypt passwords = Yes
	getwd cache = Yes
	read prediction = No
	read bmpx = Yes
	read raw = Yes
	write raw = Yes
	use rhosts = No
	load printers = No
	null passwords = Yes
	strip dot = No
	interfaces = 172.22.4.5/255.255.0.0
	bind interfaces only = Yes
	networkstation user login = Yes
	password server = 
	socket options = 
	netbios name = SPARC5
	netbios aliases = 
	smbrun = /users/alj/samba/bin/smbrun
	log file = /users/alj/samba/log/log.%m
	config file = 
	smb passwd file = /users/alj/samba/private/smbpasswd
	hosts equiv = 
	preload = 
	server string = Samba Server
	printcap name = /etc/printcap
	lock dir = /users/alj/samba/var/%h/locks
	root directory = /
	default service = 
	message command = 
	dfree command = 
	passwd program = /users/alj/samba/bin/smbpasswd
	passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*
	valid chars = 
	workgroup = SIMBADOM
	domain sid = S-1-5-21-666-666-666
	domain other sids = 
	domain groups = 
	domain controller = Yes
	domain admin users = alj
	domain guest users = nobody
	domain hosts allow = 
	domain hosts deny = 
	username map = 
	character set = 
	logon script = 
	logon path = \\%N\%U\profile
	logon drive = 
	logon home = \\%N\%U
	remote announce = 
	remote browse sync = 
	socket address = 0.0.0.0
	homedir map = 
	announce version = 4.2
	max log size = 50
	mangled stack = 50
	max mux = 50
	max xmit = 65535
	max packet = 65535
	password level = 10
	username level = 0
	keepalive = 0
	deadtime = 0
	time offset = 0
	read size = 16384
	shared mem size = 102400
	coding system = 
	client code page = 850
	os level = 66
	max ttl = 14400
	max wins ttl = 259200
	min wins ttl = 21600
	lm announce = Auto
	lm interval = 60
	dns proxy = Yes
	wins support = Yes
	wins proxy = No
	wins server = 
	preferred master = Yes
	local master = Yes
	domain master = Yes
	domain logons = Yes
	browse list = Yes
	unix realname = No
	NIS homedir = No
	time server = No
	printer driver file = /users/alj/samba/lib/printers.def


# Default service parameters
	comment = 
	copy = 
	include = 
	exec = 
	postexec = 
	root preexec = 
	root postexec = 
	alternate permissions = No
	revalidate = No
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = No
	mangle case = No
	mangling char = ~
	browseable = Yes
	available = Yes
	path = 
	username = 
	guest account = nobody
	invalid users = 
	valid users = 
	admin users = 
	read list = 
	write list = 
	volume = 
	force user = 
	force group = 
	read only = Yes
	max connections = 0
	min print space = 0
	create mask = 0744
	force create mode = 00
	directory mask = 0755
	force directory mode = 00
	set directory = No
	status = Yes
	hide dot files = Yes
	delete veto files = No
	veto files = 
	hide files = 
	veto oplock files = 
	guest only = No
	guest ok = No
	print ok = No
	postscript = No
	map system = No
	map hidden = No
	map archive = Yes
	locking = Yes
	strict locking = No
	share modes = Yes
	oplocks = Yes
	only user = No
	wide links = Yes
	follow symlinks = Yes
	sync always = No
	mangled names = Yes
	fake oplocks = No
	printing = bsd
	print command = lpr -r -P%p %s
	lpq command = lpq -P%p
	lprm command = lprm -P%p %j
	lppause command = 
	lpresume command = 
	printer = 
	printer driver = NULL
	printer driver location = 
	hosts allow = 172.22.
	hosts deny = 
	dont descend = 
	magic script = 
	magic output = 
	mangled map = 
	delete readonly = No
	dos filetimes = No
	dos filetime resolution = No

[homes]
	comment = Home Directories
	browseable = No
	read only = No
	create mask = 0775

[printers]
	comment = All Printers
	browseable = No
	path = /tmp
	create mask = 0700
	print ok = Yes

[tmp]
	comment = Temporary file space
	path = /tmp
	read only = No
	guest ok = Yes

[IPC$]
	comment = IPC Service (Samba Server)
	path = /tmp
	status = No
	guest ok = Yes

If you can figure out why this isn't working, I'll be _very_ happy indeed!

Thanks in advance.

Best regards,
---------------------------------------------------
  Allan Jensen                Email:  alj at terma.dk
  TERMA Elektronik AS         Phone:  +45 8622 2000
  Hovmarken 4-6               Fax:    +45 8622 2799
  DK-8520  Lystrup, Denmark
---------------------------------------------------

More information about the samba mailing list