[Samba] Win 95/98/Me problem.

John H Terpstra jht at samba.org
Mon Mar 17 19:21:12 GMT 2003 

On Mon, 17 Mar 2003, Marcin Wolcendorf wrote:

> On Sunday 16 March 2003 17:19, you wrote:
> > On Sun, 16 Mar 2003, Marcin Wolcendorf wrote:
> > > Hi,
> > >
> > > 	As I was unable to find solution anywhere else, I write here: I have a
> > > problem sharing win 95/98/Me resources with samba (2.2.7a) as a PDC.
> > > Windows can't get userlist from PDC (it seems, that windows times out).
> > > Win 2k and XP don't have that problem. Is it just a configuration
> > > problem,  or is it a general problem with samba?? How can I add a user
> > > to share's access list???
> >
> > For starters, if you want help you will have to tell us what you have
> > done. We do not have a crystal ball.
> >
> > I have three (3) WinMe machines that all use User Level Access Control
> > without problems since 2.2.2. Was running 2.2.7a until a week ago, now
> > 2.2.8. Recommend that you update - 2.2.8 is a security release.
> >
> > So tell us now: Specifically what have you configured in your Win 9x/Me
> > network configuration?
>
> W98 configuration:
> Network in Control panel:
> Net. conf.:
> 	client for M$ Netw., file sharing on,
> Auth.:
> 	comp. name: goodoldsam
> 	wrk grp: chelmska
> Acc. Ctrl:
> 	user-level, userlist from chelmska
>
> IP from DHCP, DNS domain name: 'home',

In your DHCP server config do you have?:

	option netbios-name-servers x.x.x.x;
	option netbios-node-type 8;

This will help MS Windows clients to resolve the domain controller name to
it's IP address. Timinig is very critical in environments that use User
Level Access Control.

Make sure that you have a NETLOGON share (even if you do not use it!). ie:

[netlogon]
	path = /blah/blah
;	(path can be /tmp if you like)
	available = yes
	browseable = No
	read only = yes

Will do.

I know it sounds obvious, but make sure that for each MS Windows client
user (logon name) you have an entry in smbpasswd with:
	smbpasswd -a 'logon name'

If the MS Windows logon name has a space of a '_' in it, then use a
username on your Unix/Linux system that is fewer than 8 characters and
does NOT have a space or '_' char in it, but then add to smb.conf
[globals]:
	username map = /etc/samba/smbusers

And then in /etc/samba/smbusers put (for example):

	root = Administrator
	fredm = "Fred Morse"
	maryk = mary_katrinski

Please also see comments below.

> > Also show us the globals section of your smb.conf
> > file.
>
> Samba server DNS name: debian.chelmska & debian.home
>
> [global]
>
> interfaces = eth0 eth2 127.0.0.1
> bind interfaces only = yes
>
> # Change this for the workgroup/NT-domain name your Samba server will part of
>    workgroup = CHELMSKA
>
> # server string is the equivalent of the NT Description field
>    server string = %h server (Samba %v)
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
> ;   load printers = yes
>
> # You may wish to override the location of the printcap file
> ;   printcap name = /etc/printcap
>
> # 'printing = cups' works nicely
> ;   printing = bsd
>
>    guest account = nobody
>    invalid users = root
>
> # This tells Samba to use a separate log file for each machine
> # that connects
>    log file = /var/log/samba/log.%m
>
> # Put a capping on the size of the log files (in Kb).
>    max log size = 1000
>
> # If you want Samba to log though syslog only then set the following
> # parameter to 'yes'. Please note that logging through syslog in
> # Samba is still experimental.
> ;   syslog only = no
>
> # We want Samba to log a minimum amount of information to syslog. Everything
> # should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
> # through syslog you should set the following parameter to something higher.
>    syslog = 0
>
> # "security = user" is always a good idea. This will require a Unix account
> # in this server for every user accessing the server. See
> # security_level.txt for details.
>    security = user
>
> # You may wish to use password encryption. Please read ENCRYPTION.txt,
> # Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
> # option unless you have read those documents
>    encrypt passwords = true
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting
> ;   include = /home/samba/etc/smb.conf.%m
>
> # Most people will find that this option gives better performance.
> # See speed.txt and the manual pages for details
> # You may want to add the following on a Linux system:
> #         SO_RCVBUF=8192 SO_SNDBUF=8192
>    socket options = TCP_NODELAY
>
> # --- Browser Control Options ---
>
> # Please _read_ BROWSING.txt and set the next four parameters according
> # to your network setup. The defaults are specified below (commented
> # out.) It's important that you read BROWSING.txt so you don't break
> # browsing in your network!
>
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
>    local master = yes
>
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
>    os level = 255

Suggest:
	os level = 35

Setting above 35 does not help any.

>
> domain logons = yes
>
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
>    domain master = yes
>
> # Preferred Master causes Samba to force a local browser election on startup
> # and gives it a slightly higher chance of winning the election
>    preferred master = yes
>
> # --- End of Browser Control Options ---
>
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
>    wins support = yes
> #   wins support = no
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
> # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> ;   wins server = w.x.y.z
>
> # This will prevent nmbd to search for NetBIOS names through DNS.
>    dns proxy = no
>
> # What naming service and in what order should we use to resolve host names
> # to IP addresses
> ;   name resolve order = lmhosts host wins bcast

Add:
      name resolve order = wins bcast host

>
> # Name mangling options
> ;   preserve case = yes
> ;   short preserve case = yes
>
> # This boolean parameter controlls whether Samba attempts to sync. the Unix
> # password with the SMB password when the encrypted SMB password in the
> # /etc/samba/smbpasswd file is changed.
> ;   unix password sync = false
>
> # For Unix password sync. to work on a Debian GNU/Linux system, the following
> # parameters must be set (thanks to Augustin Luton <aluton at hybrigenics.fr> for
> # sending the correct chat script for the passwd program in Debian Potato).
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
>
> # This boolean controls whether PAM will be used for password changes
> # when requested by an SMB client instead of the program listed in
> # 'passwd program'. The default is 'no'.
> ;   pam password change = no
>
> # The following parameter is useful only if you have the linpopup package
> # installed. The samba maintainer and the linpopup maintainer are
> # working to ease installation and configuration of linpopup and samba.
> ;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
>
> ;   obey pam restrictions = yes
>
> # Some defaults for winbind (make sure you're not using the ranges
> # for something else.)
> ;   winbind uid = 10000-20000
> ;   winbind gid = 10000-20000
> ;   template shell = /bin/bash
>
>
>
>
>
Cheers,
John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list