[Samba] serious problem with W2K TS and 2.2.7 PDC
Robert.Stuart at qsa.qld.edu.au
Tue Dec 10 01:34:00 GMT 2002
Per Kjetil Grotnes wrote:
> > Windows 2000 Terminal Server with SP3, with various pre SP4 updates
> > too. Various Win2K Pro, Win95 OSR2 clients.
> > ÆhomesÅ
> Can we see the Global section aswell please? Do you have Security = DOMAIN which is
> the prefered setting for Terminal Servers? (See previous postings about problem with
> Security = SERVER vs. Security = DOMAIN)
The RedHat samba server is the PDC, so security = user with ldap as the
repositry for account info; bits of the smb.conf at the bottom of the
email. We don't experience authentication problems. We don't use
The Win2k clients that have problems are ONLY Terminal Server machines.
Workstations do NOT have the problem. Win2k Terminal Server shares
multiple users over the one connection. One connection = one pid.
After applying the 2.2.6-2.2.7 patch minus bits regarding the %U, we
have had no further problems with the home share issue that I
described. Yesterday, I happened to be watching the log file (tail -f)
of one of the TSs as someone else logged on. I was on the same Terminal
server. Just after they connected, I tried to access my H: drive
(mapped to the home share) and got errors accessing both on the W2k
screen and in the log file.
> Some in the samba team wrote earlier that they hoped SP3 for W2K would solve this
> problem. SP3 has not solved this problem. Just for their information.
> > The log for each TS has many of these errors (for various users):
> > Æ2002/12/06 16:39:14, 0Å smbd/service.c:make_connection(597) ts5
> > (10.2.3.15) Can't change directory to /md3/profiles/rstu (Permission
> > denied)
> This is typical for some sort of auth failure in my experience. Try running loglevel 2 and see
> if the authentication fails (as in the problem with security = server).
I had the log at 3 for a while and we had no authentication problems,
but I think you are talking about a different problem.
> > On another issue, we get a lot of errors regarding failed connections to
> > truncated service names. For example we have a service called 'apps'
> > It only ever drops the last character and happens fairly frequently on
> > different shares. This has happened for quite a while, but hasn't had
> > any noticeable effect on users.
> We also saw this on a HP-UX 10.20 machine. We didnt notice any problems either, just that
> the log would notify a connection to a share with one letter missing.
I've seen it for a while - at least 2.2.5 onwards probably 2.2. too.
some relevant bits from smb.conf:
workgroup = ANTARCTICA
NETBIOS name = fsx
NETBIOS aliases = Elephant PrintServer
server string = Samba Server
guest account = smbnobody
log file = /var/log/samba/log.%m
debug level = 1
max log size = 5000
security = user
password level = 3
encrypt passwords = yes
domain admin group = @domadm
unix password sync = Yes
ldap server = 127.0.0.1
ldap port = 389
ldap ssl = off
ldap admin dn = "uid=something,dc=us,dc=au"
ldap suffix = "dc=us,dc=au"
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon script = login.bat
logon drive = h:
name resolve order = wins bcast host
wins support = yes
browseable = yes
nt acl support = no
# I snipped some printing, locking and other similar junk out.
comment = Home
writable = yes
valid users = %S
nt acl support = no
oplocks = no
path = /md3/profiles/%U
share modes = no
path = /md1/netlogon
read only = yes
locking = no
comment = Apps
path = /md3/Apps
valid users = @lots,administrator
public = no
readonly = no
More information about the samba