[Samba] another Win2KSP3/Samba2.2.8a-PDC Problem

[Jan Peuker]

Hi Marian,

thanks for your reply - I know, this was a bit confusing. I turned oplocks
off, because they are not natively supported by the kernel und caused
several errors - but I turned them on now for testing.
Thanks for your reference to my wrong parameter "update encrypted", too - I
changed it.
But the problems still apply ... on win2k/sp4 - I deinstalled it and all
clients are connecting as before.
Thank you,

jan

----- Original Message -----
From: "Marian Mlcoch, Ing" <mm at tsmp.sk>
To: "Jan Peuker" <jan.peuker at lst-deutschland.de>; <samba at lists.samba.org>
Sent: Monday, July 28, 2003 7:34 AM
Subject: Re: [Samba] another Win2KSP3/Samba2.2.8a-PDC Problem


> Hello
> your conf is complicated and errorous. Why you turn oplock off? Why change
> socket parameters?
> Why not send shares definition for resolve profile problem needed?
> Why not read manual for some conf parameter as
>
> update encrypted (G)
> This boolean parameter allows a user logging on with a plaintext password
to
> have their encrypted (hashed) password in the smbpasswd file to be updated
> automatically as they log on. This option allows a site to migrate from
> plaintext password authentication (users authenticate with plaintext
> password over the wire, and are checked against a UNIX account database)
to
> encrypted password authentication (the SMB challenge/response
authentication
> mechanism) without forcing all users to re-enter their passwords via
> smbpasswd at the time the change is made. This is a convenience option to
> allow the change over to encrypted passwords to be made over a longer
> period. Once all users have encrypted representations of their passwords
in
> the smbpasswd file this parameter should be set to no.
>
> !!!! In order for this parameter to work correctly the encrypt passwords
> parameter must be set to no when this parameter is set to yes.
>
> Note that even when this parameter is set a user authenticating to smbd
must
> still enter a valid password in order to connect correctly, and to update
> their hashed (smbpasswd) passwords.
>
> Default: update encrypted = no
>
> Set standart simply conf and then test domain machine if work optimize
then.
>
> Bye.
>
>
> ----- Original Message -----
> From: "Jan Peuker" <jan.peuker at lst-deutschland.de>
> To: <samba at lists.samba.org>
> Sent: Friday, July 25, 2003 9:51 PM
> Subject: [Samba] another Win2KSP3/Samba2.2.8a-PDC Problem
>
>
> > Hi list,
> >
> > I am faced by a strange problem w/ one of our 10 win2k/sp3 clients in a
> > samba2.2.8a pdc-network. If I want to logon I get a message like
> > this(translated from german): "Your profile has not been loaded, but you
> > will be logged in to a local Profile. Your serverside profile has not
been
> > loaded because its security-properties are not properly." and that's it.
> > Even if I blast my log level to 4, I can't see any suspicious lines in
my
> > logs (the one for the client as well as nmbd/smbd - I did this, because
> > after I installed this system, some users have not been allowed to log
in
> to
> > other systems as well, also without any suspicious logs.
> > The only hint I have is, that the systen can't updated the nameserver's
> > wins-table ("a possible reason would be a blocking zone-transfer"), that
> may
> > be necessary for the dhcp-named-wins controlled network.
> > Does anybody of you have any suggestions?
> > Thanks a lot,
> >
> > jan
> >
> > --- my smb.conf
> >
> > [global]
> > # basics
> > workgroup = [...]
> > netbios name = hauptserver
> > server string = Samba %v (PDC)
> > interfaces = lo eth0
> > bind interfaces only = yes
> > hosts allow = 192.168.1.,127.0.0.1
> > hosts deny = 0.0.0.0/0
> >
> > # logging
> > log file = /var/log/samba/log.%m
> > # log level = 3
> >
> > # password
> > smb passwd file = /etc/samba/smbpasswd
> > password level = 1
> > max log size = 1024
> > security = user
> > admin users = @winadmin
> > domain admin group = @winadmin
> > encrypt passwords = yes
> > update encrypted = yes
> > restrict anonymous = no
> > null passwords = yes
> > guest account = nobody
> > unix password sync = yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n
> > *password*successfully*updated*
> >
> > # Performance
> > share modes = no
> > kernel oplocks = no
> > oplocks = no
> > level2 oplocks = no
> > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8576
> > deadtime = 15
> > keepalive = 30
> >
> > # Filename Handlinhg
> > case sensitive = no
> > preserve case = yes
> > short preserve case = yes
> > default case = lower
> > mangle case = no
> > short preserve case = yes
> >
> > # PDC/WiNS
> > domain logons = yes
> > allow trusted domains = yes
> > os level = 65
> > preferred master = true
> > domain master = true
> > pam password change = yes
> > wins proxy = yes
> > wins support = yes
> > name resolve order = host wins hosts
> > nt acl support = no
> > logon path = \\...\profiles\%U
> > logon home = \\...\%U
> > add user script = /usr/sbin/useradd -g computers -d /dev/null -s
> > /bin/false -M %u
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>