[Samba] W2k, SP4 and Domain logon
Damiano G. Preatoni
prea at uninsubria.it
Sat Aug 30 18:06:51 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Yesterday I had the funny idea of upgrading all my Windows 2000 Professional
worksations (20 W2k boxes more or less) to SP4.
I run Samba 2.2.8a on a glorious RedHat 6.2, and after the endless
download-and-reboot I found with no W2K client able to logging in.
I skimmed the mail archives, tried a bunch of suggestion from really a lot of
postings (a big thank to all who contributed, I should have penciled down a
list...) and here I am with half a solution.
check your smb.conf, in particular the [profiles] section. Mine says:
path = /home/profile
read only = no
create mask = 0600
directory mask = 0700
force directory mode = 0700
inherit permissions = yes
nt acl support = yes
map system = yes
map hidden = yes
browseable = no
comment = User profile directory on %L (Samba %v PDC)
profile acls = yes
Note that my server is acting as a PDC:
add user script = /usr/sbin/useradd -d /dev/null -g workstations -s
/bin/false -M %u
create mask = 0664
dead time = 0
debug level = 3
default case = lower
dfree command = /sbin/diskfree
directory mask = 0770
dns proxy = no
domain logons = yes
domain master = yes
dos filetimes = yes
encrypt passwords = yes
hide dot files = yes
hosts allow = 192.168.1. 127.
interfaces = 192.168.1.250/255.255.255.0
load printers = no
local master = yes
log file = /var/log/samba/%m.log
log level = 2
logon drive = G:
logon home = \\%L\%u
logon path = \\%L\profiles\%u
logon script = logon.bat
max log size = 50
name resolve order = host wins bcast
netbios name = MALAUSSENE
os level = 64
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
passwd program = /usr/bin/passwd %u
password level = 8
preferred master = yes
printcap name = /etc/printcap
security = user
server string = UAGB Primary Domain Controller (Samba %v PDC)
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
smb passwd file = /etc/samba/smbpasswd
time server = yes
unix password sync = yes
username level = 8
username map = /etc/samba/smbusers
wins support = yes
workgroup = UAGB
null passwords = no
Here comes the workload... one day ot the other I will switch to LTSP
It seems that with SP4 and the so-called "fix" for the blaster worm the way in
which a W2K client works changed abruptly.
Anyway, roll up your sleeves and
login as Administrator
Go to System/Network Identification and place the machine into a WORKGROUP,
leaving the domain. Don't waste your time rebooting.
Go to Control Panel/Network and Dial-up Connections, pick your LAN connection
(should be called "Local Area Connection") and go to Properties of the TCP/IP
Set Preferred DNS: 192.168.1.250 (i.e. the samba server IP, it acts also as a
Click on "Advanced", go to DNS tab and set
Append primary and connection specific DNS suffixes
Append parent suffixes of the primary DNS suffix
other checkboxes/radiobuttons should be unchecked.
Go to WINS tab. Set the WINS server IP to the IP of the samba server.
DISABLE "Enable LMHOSTS lookup"
ENABLE "Enable NEtBIOS over TCP/IP"
I didn't touch the "Options" tab. No IPSEC, No filtering.
Close everything, go back to System/Network Identification
Make sure that, clicking on "More", the domain where your boxes are is
specified. I put in "dipbsf.uninsubria.it", which is mine.
UNCHECK the "Change primary DNS suffix when domain membership changes"
Now click the "Domain" radio button, and rejoin the domain.
Close everything, and this time reboot.
I advise, after the reboot, to log in as Administrator again, and to launch
(Window/R, or Start/Run) LUSRMGR.MSC and to remove "Domain Users" from the
"Users" group, and adding it instead to the "Power Users" group.
This way my poor W2k boxes are still able to join the domain and next Monday
users will be able to login.
Still, the [netlogon] share is unaccessible, and logon script processing still
doesn't work. My logon script does only a net time \\malaussene /set /yes,
and mounts six or seven shares.
At present I copied it in the most used share, and I will say to my users to
manually mount this and launch MOUNT.BAT.
Any further suggestion will be welcome!
BTW: I read about an almost-up-to-date HOWTO that Scott Phelps promised to
write about PDC, LDAP and so on... any news?
Thanks to all!
"I changed my headlights the other day. I put in strobe lights instead! Now
when I drive at night, it looks like everyone else is standing still ..."
-- Steven Wright
Damiano G. Preatoni, PhD
Unità di Analisi e Gestione delle Biocenosi
Dipartimento di Biologia Strutturale e Funzionale
Università degli Studi dell'Insubria
Via J.H. Dunant, 3 - 21100 Varese (ITALY)
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the samba