[Samba] SAMBA PDC
John H Terpstra
jht at samba.org
Mon Dec 23 20:03:00 GMT 2002
On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:
> Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 .
Strongly suggest you update to samba-2.2.7a as there have been MANY fixes
and updates since 2.2.1. You can obtain the RPM packages from the samba
FTP sites.
>
> I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware of WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg registry update is separate from SP1. I will attempt to obtain the registry update and apply it to the XP workstation.
>
> Any direction you can give on this issue would be greatly appreciated.
Attached. It can be found in all recent releases of samba in the
docs/Registry directory.
Send me your smb.conf file to <jht at samba.org> and I will try to help you.
- John T.
>
> Here is an additional observation: From the SAMBA Troubleshooting Guide, I have encountered the precise anomaly that I am experiencing:
>
> Symptom: It is possible to "ping" the HOST from the client (on port 7; the echo port) but the client is unable to obtain the list of shares on HOST. [I can ping either the IP addr or the NetBIOS name of the server from the workstation].
>
> Cause: Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) are blocked. To verify this, type one of the following commands:
>
> nbtstat -A 172.17.60.6
>
> If this command shows a list of NetBIOS names, then port 137 is open. Otherwise, it is blocked. [The COFR3 server is listed along with the COFRNY domain as shown in the separate section below].
>
> Resolution: Find the router, firewall, switch or other device that is blocking ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and 138, and TCP traffic must be permitted on port 139. [Since this Linux server is a Virtual Machine, could this be interpreted as an issue with its TCP/IP configuration?].
>
> I could not run a traceroute on the workstations NetBIOS name from the Linux server as it was an unknown host. However, I was able to obtain the following using the workstations leased IP address:
>
> traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets
> 1 172.17.60.5 (172.17.60.5) 7.462 ms 0.812 ms 0.678 ms
> 2 172.16.4.251 (172.16.4.251) 3.379 ms 23.449 ms 5.059 ms
>
> --------------------------------------------------------------------------------------------------------
> Here are the results of the nbstat command above:
>
> C:\>nbtstat -A 172.17.60.6
>
> Local Area Connection:
> Node IpAddress: [172.16.4.251] Scope Id: []
>
> NetBIOS Remote Machine Name Table
>
> Name Type Status
> ---------------------------------------------
> COFR3 <00> UNIQUE Registered
> COFR3 <03> UNIQUE Registered
> COFR3 <20> UNIQUE Registered
> ..__MSBROWSE__.<01> GROUP Registered
> COFRNY <00> GROUP Registered
> COFRNY <1B> UNIQUE Registered
> COFRNY <1C> GROUP Registered
> COFRNY <1D> UNIQUE Registered
> COFRNY <1E> GROUP Registered
>
> MAC Address = 00-00-00-00-00-00
>
> COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I am trying to use to set up the domain.
> --------------------------------------------------------------------------------------------------------
>
> >>> John H Terpstra <jht at samba.org> 12/23/02 12:48PM >>>
> Kenneth,
>
> You did not mention the samba version. Suspect you are using 2.2.x.
> Did you apply the WinXP_SignOrSeal.reg registry update?
> You will need to as XP defaults to this and samba-2.2.x does not support
> it yet.
>
> - John T.
>
>
> On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:
>
> > I followed the procedure to configure SAMBA as a PDC as outlined in samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was generated instead. Furthermore, I cannot see the COFRNY domain listed within MS Networks on my XP workstation. Any ideas on what I did wrong?
> >
> > Here is the procedure in detail:
> >
> > [global]
> > workgroup = COFRNY
> > domain logons = yes
> > security = user
> > os level = 34
> > local master = yes
> > preferred master = yes
> > domain master = yes
> >
> > ------------------------------------------------
> > For Windows NT clients you must also ensure that Samba is using encrypted passwords:
> >
> > encrypted passwords = yes
> >
> > Furthermore, also exclusively for Windows NT clients, create Trust accounts which allow a machine to log in to the PDC itself. Create a "dummy" account in the /etc/passwd file with the following entry:
> >
> > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null
> >
> > Note that we have also disabled the password field by placing a * in it. This is because Samba will use the smbpasswd file to contain the password instead, and we don't want anyone to telnet into the machine using that account. Additionally, '1000' is the UID of the account for the encrypted password database.
> >
> > Next, add the encrypted password using the smbpasswd command, as follows:
> >
> > # smbpasswd -a -m city-f5pfa29xta
> > Added user city-f5pfa29xta$
> > Password changed for user city-f5pfa29xta$
> >
> > The -m option specifies that a machine trust account is being generated. The smbpasswd program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters. When specifying this option on the command line, do not put a dollar sign after the machine name - it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
>
--
John H Terpstra
Email: jht at samba.org
-------------- next part --------------
REGEDIT4
;Contributor: John H Terpstra
;Updated: December 17, 2002
;Status: Current
;
;Subject: Registry file update to delete roaming profiles on logout
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon
"DeleteRoamingCache"=dword:00000001
More information about the samba
mailing list