[Samba] another Win2KSP3/Samba2.2.8a-PDC Problem

Marian Mlcoch, Ing mm at tsmp.sk
Mon Jul 28 05:34:34 GMT 2003 

Hello
your conf is complicated and errorous. Why you turn oplock off? Why change
socket parameters?
Why not send shares definition for resolve profile problem needed?
Why not read manual for some conf parameter as

update encrypted (G)
This boolean parameter allows a user logging on with a plaintext password to
have their encrypted (hashed) password in the smbpasswd file to be updated
automatically as they log on. This option allows a site to migrate from
plaintext password authentication (users authenticate with plaintext
password over the wire, and are checked against a UNIX account database) to
encrypted password authentication (the SMB challenge/response authentication
mechanism) without forcing all users to re-enter their passwords via
smbpasswd at the time the change is made. This is a convenience option to
allow the change over to encrypted passwords to be made over a longer
period. Once all users have encrypted representations of their passwords in
the smbpasswd file this parameter should be set to no.

!!!! In order for this parameter to work correctly the encrypt passwords
parameter must be set to no when this parameter is set to yes.

Note that even when this parameter is set a user authenticating to smbd must
still enter a valid password in order to connect correctly, and to update
their hashed (smbpasswd) passwords.

Default: update encrypted = no

Set standart simply conf and then test domain machine if work optimize then.

Bye.


----- Original Message ----- 
From: "Jan Peuker" <jan.peuker at lst-deutschland.de>
To: <samba at lists.samba.org>
Sent: Friday, July 25, 2003 9:51 PM
Subject: [Samba] another Win2KSP3/Samba2.2.8a-PDC Problem


> Hi list,
>
> I am faced by a strange problem w/ one of our 10 win2k/sp3 clients in a
> samba2.2.8a pdc-network. If I want to logon I get a message like
> this(translated from german): "Your profile has not been loaded, but you
> will be logged in to a local Profile. Your serverside profile has not been
> loaded because its security-properties are not properly." and that's it.
> Even if I blast my log level to 4, I can't see any suspicious lines in my
> logs (the one for the client as well as nmbd/smbd - I did this, because
> after I installed this system, some users have not been allowed to log in
to
> other systems as well, also without any suspicious logs.
> The only hint I have is, that the systen can't updated the nameserver's
> wins-table ("a possible reason would be a blocking zone-transfer"), that
may
> be necessary for the dhcp-named-wins controlled network.
> Does anybody of you have any suggestions?
> Thanks a lot,
>
> jan
>
> --- my smb.conf
>
> [global]
> # basics
> workgroup = [...]
> netbios name = hauptserver
> server string = Samba %v (PDC)
> interfaces = lo eth0
> bind interfaces only = yes
> hosts allow = 192.168.1.,127.0.0.1
> hosts deny = 0.0.0.0/0
>
> # logging
> log file = /var/log/samba/log.%m
> # log level = 3
>
> # password
> smb passwd file = /etc/samba/smbpasswd
> password level = 1
> max log size = 1024
> security = user
> admin users = @winadmin
> domain admin group = @winadmin
> encrypt passwords = yes
> update encrypted = yes
> restrict anonymous = no
> null passwords = yes
> guest account = nobody
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n
> *password*successfully*updated*
>
> # Performance
> share modes = no
> kernel oplocks = no
> oplocks = no
> level2 oplocks = no
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8576
> deadtime = 15
> keepalive = 30
>
> # Filename Handlinhg
> case sensitive = no
> preserve case = yes
> short preserve case = yes
> default case = lower
> mangle case = no
> short preserve case = yes
>
> # PDC/WiNS
> domain logons = yes
> allow trusted domains = yes
> os level = 65
> preferred master = true
> domain master = true
> pam password change = yes
> wins proxy = yes
> wins support = yes
> name resolve order = host wins hosts
> nt acl support = no
> logon path = \\...\profiles\%U
> logon home = \\...\%U
> add user script = /usr/sbin/useradd -g computers -d /dev/null -s
> /bin/false -M %u
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list