[Samba] [Fwd: samba 30alpha21 + NT4/2K WS-s]

john at ylenurme.ee john at ylenurme.ee
Fri Feb 28 18:09:43 GMT 2003 

Hi,

I have some strange problems with 3.0a21 PDC (samba and nss use both
ldap) and I can't find any good help with google...

One strange thing is that logon script does'nt work anymore, it worked
at one point and now doesnt (I quite play around here and I dont know in
which point of changing smb.conf it stopped to work).

[netlogon] share is like that:

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = no
   writable = no
   browseable = yes
   public = yes

and some lines from [global]:
        local master = yes
        os level = 99
        domain master = yes
        preferred master = yes

        domain logons = yes
        logon drive = U:
        logon path = \\server\%U\profiles
        logon home = \\server\%U\
        logon script = START.BAT

/home/samba/netlogn/START.BAT exists, line breaks are in dos -style ...
if I log into NT4 on 2K ws, then i can mount \\pdc1\netlogon share and
run START.BAT there..
So what the heck can it be?

Another thing was that smbgroupedit -v showd several Domain Admins and
Domain Users group (with different SIDs).. So i took experimental step
and deleted some of them, leaving exactly one of every group..
Can this be somehow connected to 1st problem?

Also samba complained that:

get_domain_user_groups: primary gid of user [john] is not a Domain group
! get_domain_user_groups: You should fix it, NT doesn't like that

so a added john's primary group to Domain Users ans Users group (but
seems to change nothing):
root at woody-samba:/var/log/samba# smbgroupedit -v
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-2072525299-305900136-1143589454-512) -> domadm
Domain Guests (S-1-5-21-2072525299-305900136-1143589454-514) -> -1
Domain Users (S-1-5-21-2072525299-305900136-1143589454-513) -> users
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> users
root at woody-samba:/var/log/samba#



Third problem is locally stored profiles. How I could make such set up
that when user logs out from WS , then WS would copy changed profile
back to server and delete it from WS ?
It's question of security and hard disk space..

4)
How could i set up client name resolution so that X client canot
announce itself as DC/browse master etc?
I every client resolves names via boadcast then when my DC goes down and
someone brings up his nt/samba server he could do lotof damaga - collect
people passwords etc...

now if I had every WS configured to resolve names via WINS and wins
configured with static netbios/ip resolve table, then I wouldn have to
worry about this? But as I understand only way wins server works is like
it adds routing support to broadcast resove mechanism...


Thanks goes to everyone bothering to enlighten me..

More information about the samba mailing list