[Samba] W2K SP4, Samba 3.0.0beta2 and Profiles
MH - Entwicklung
entwicklung at heubach-edv.de
Tue Jul 22 12:31:36 GMT 2003
Hello,
now I still have a problem with my Samba installation. Userprofiles don't work under W2K SP4. They work fine with Windows NT 4. When loggin on for the first time the user profile directory is created. After loggin off however no data is written to the profile directory on the Samba PDC.
My smb.conf looks like this:
=====>
# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2003/07/22 12:24:13
# Global parameters
[global]
debug level = 4
unix charset = ISO-8859-15
workgroup = DVS
server string = %h server (Samba %v)
obey pam restrictions = Yes
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
logon path = \\samba\profiles\%u
logon drive = h:
logon home = \\samba\%u
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
invalid users = root
admin users = administrator
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[netlogon]
path = /var/exports/data/netlogon
write list = domainadmins
[profiles]
path = /var/exports/data/profiles
read only = No
create mask = 0600
directory mask = 0700
profile acls = yes
[gl]
path = /var/exports/data/gl
valid users = @gl, @domainadmins
force group = @gl
read only = No
create mask = 0660
directory mask = 0770
[ma]
path = /var/exports/data/ma
valid users = @ma, @domainadmins
force group = @ma
read only = No
create mask = 0660
directory mask = 0770
<=====
the profile directory looks like this:
drwxrwxrwx 2 root domainusers 4096 Jul 22 13:35 profiles
(777 permissions are for testing, they will become 770 again)
When logging on there ist the following activity in the logs (log.pc1):
=====>
[2003/07/22 14:11:41, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1351)
failed to decode PDU
[2003/07/22 14:11:41, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
[2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692)
pc1 (192.168.0.1) connect to service netlogon initially as user test (uid=1006, gid=1006) (pid 823)
[2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692)
pc1 (192.168.0.1) connect to service test initially as user test (uid=1006, gid=1006) (pid 823)
[2003/07/22 14:11:43, 1] smbd/service.c:make_connection_snum(692)
pc1 (192.168.0.1) connect to service test initially as user test (uid=1006, gid=1006) (pid 823)
<=====
When logging off there is just this:
[2003/07/22 14:13:50, 1] smbd/service.c:close_cnum(873)
pc1 (192.168.0.1) closed connection to service test
If I log on at a Windows NT 4 Workstation the log is different (log.heu2):
======>
[2003/07/22 14:17:19, 1] smbd/service.c:make_connection_snum(692)
heu2 (192.168.0.2) connect to service profiles initially as user test (uid=1006, gid=1006) (pid 846)
[2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692)
heu2 (192.168.0.2) connect to service netlogon initially as user test (uid=1006, gid=1006) (pid 846)
[2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692)
heu2 (192.168.0.2) connect to service test initially as user test (uid=1006, gid=1006) (pid 846)
[2003/07/22 14:17:20, 0] smbd/nttrans.c:call_nt_transact_ioctl(1831)
call_nt_transact_ioctl(0x90028): Currently not implemented.
<======
In the logs I can see that W2K SP4 doesn't connect to the profiles share instead there are some errors in the log (failed to do schannel processing, failed to decode PDU).
Logging off from the W2K workstation takes about 1 1/2 minutes. W2K writes the following to the eventlog (german log):
=====>
Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich an den Administrator.
DETAIL - Zugriff verweigert , Buildnummer ((2195)).
<=====
Samba is only logging that the connection to home share is closed:
--
manfred heubach edv und neue medien
Hindenburgstr. 47
D-73728 Esslingen
Tel. +49 711 9315824
Fax +49 711 9315825
www.heubach-edv.de
Informationstechnologie und Telekommunikation für Unternehmen
More information about the samba
mailing list