[Samba] ARGH!!! Samba and Re-installing Windows 2000

James Kreuziger jkreuzig at massun.peds.mc.uci.edu
Mon Apr 15 19:47:02 GMT 2002

Ok, I'll try the questions again and hopefully get
some help.

Current setup:

Samba 2.2.3a running on Solaris 8 set up as a PDC.
Various systems running Windows 95/98/NT 4.0.
TRYING to add new Windows 2000 machines.

Problem is, when I add the new machines to the domain,
the group "DOMAIN\unix_group.2147483404" gets added to
both the Administrators group and Users group.  So domain
users start with Administrator rights!  If I remove
the "DOMAIN\unix_group.2147483404" group from the Administrators
group, it mucks thinks up bad enough to require a reinstall
of Win2k.  I'd like to think that this is not a required
feature of using Samba with Win2k.  I would like to restrict
users to the same rights as normal users, so I can lock down
who can install software on each individual machine.  As it
stands now, I can't do that.

Now for the new part.  I've managed to get Win2k re-installed,
and I'm still having problems.  When I try to join the domain
is when I have problems.  I'm successful in joing the domain,
but after reboot is when weird things happen.  The
"DOMAIN\unix_group.2147483404" is back in the Administrators
group.  Whoever logs into the domain through THIS SPECIFIC
MACHINE gets logged on, and all of the mapped shares show up
with the "red x" through them.  This indicates that the shares
are not logged into.  However, the shares can be accessed.  If
I set log level = 3 (or greater) it shows a number of the following:

  [2002/04/15 19:21:53, 4] smbd/password.c:password_ok(602)
    Null passwords not allowed.

Followed by:

  [2002/04/15 19:21:53, 2] smbd/service.c:make_connection(328)
    Invalid username/password for share_name [samba]

These messages occur for each share I have, with the samba
user being my guest user.  Funny thing, the samba (guest) user
can log in and the same messages appear.  If I bump up the log level
high enough, I start getting the following:

  [2002/04/12 17:07:40, 2] smbd/service.c:make_connection(328)
    Invalid username/password for share_name [samba]
  [2002/04/12 17:07:40, 3] smbd/error.c:error_packet(103)
    error packet at smbd/reply.c(167) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD

I have my logs set up by machine (log file =
/samba/current/var/log.smbd.%m) and I don't see this in any other
log file.  I've tried a number of things, including
dropping out of the domain and re-joining, and this still

I'm really pulling my hair out, because nothing seems to
work right.  I might add that this is the only problem
that I have had with samba that I haven't been able to
get solved by reading the newsgroup or emailing someone.
So far, I've had nothing but good luck using samba.

I'm including the global section of my smb.conf, if it



Jim Kreuziger
jkreuzig at uci.edu

# Global parameters
#       include = /samba/current/lib/smb.conf.%U
        workgroup = <DOMAIN>
        preexec = csh -c `echo /usr/local/samba/bin/smbclient \
                                -M %m -I %I` &
        server string = Samba %v on (%L)
        security = user
        domain logons = yes
        encrypt passwords = Yes
        password level = 3
        log level = 1
        log file = /samba/current/var/log.smbd.%m
        wins support = Yes
        name resolve order = wins hosts lmhosts bcast
        dns proxy = yes
        deadtime = 30
        keepalive = 120
        client code page = 437
        os level = 65
        preferred master = Yes
        domain master = Yes
        guest account = samba
        invalid users = root daemon bin sys lp smtp uucp nuucp listen dcs
consult dumper nobody
#       invalid users = daemon bin sys lp smtp uucp nuucp listen dcs
consult dumper nobody
        veto oplock files = /*.mdb/*.dbm/*.doc/*.xls
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        getwd cache = yes
        logon script = %U.bat
        logon path = \\server\profile\%U
        remote announce = <IP ADDRESS>/<DOMAIN>
        utmp = True
#       utmp consolidate = yes
        username map = /samba/current/lib/usermap.txt
#       config file = /samba/current/lib/smb.conf.%U

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list