[Samba] Samba PDC - Solaris 8 or 9??

Jeff Gardiner gardiner at imaging.robarts.ca
Thu Nov 20 15:15:51 GMT 2003 

Hello Todd, I can't see exactly what is going on but I am willing to make some 
observations.

When I encounter problems, I often strip down my smb.conf to the bare minimum 
and base it upon the examples in any of the SAMBA Howtos.  I especially like 
the ones in John Terpstra's book.  Check out:

http://us3.samba.org/samba/docs/man/

Keeping a copy of the current file, I would strip down your smb.conf to a more 
basic level like:

[global]
netbios name = SAMBA1
#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#server string = BOA Samba
local master = yes
preferred master = yes
domain logons = yes
domain master = yes
# workgroup = anc-smb  Note: I don't know if a "-" is a valid char, but I'd \
  test without just in case
workgroup = TESTSMB
#interfaces = **************
logon home = /walrus/%U
logon path =\\%N\profiles\%u
log file = /var/log/samba-log.%m
log level = 2
#max log size = 50
#lock directory = /var/lock/samba
#printcap name = /etc/printcap
security = user
#wins support = yes
#dns proxy = yes
os level = 99
#remote announce = *****************
#deadtime = 15

#authenctication options
security =  user
encrypt passwords = yes
null passwords = no
#password level = 0
smb passwd file = /usr/local/samba/private/smbpasswd
#unix realname = no

; ***************  File System Configurations  ***************
[netlogon]
comment = Net Logon
path = /usr/local/samba/lib/netlogon
read only = yes
#write = ntadmin

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

I don't think I missed any of the essential pieces.  If you can get it working 
at this stage that start add the features you want testing each addition to 
ensure you don't break anything.  If it doesn't work at this point, look at 
the permissions on smbpasswd file, or /usr/local/samba/lib/netlogon, anything 
that might restrict access to the service.

Ensure you have the bit about profiles.  Also, if you're running WinXP you 
need to do two registry edits to join the machines to the domain:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] 
 "requiresignorseal"=dword:00000000 
 "signsecurechannel"=dword:00000000

I have found that you don't need to do this for win2k machines, but I have had 
to do it for winxp.  Samba 3.0.1pre3 seems to not require this.

Let me know how it works out.

Cheers
Jeff

PS to contact me remove the "nospam" from the email below.

-- 
Jeff Gardiner [ gardiner at nospam.imaging.robarts.ca ]
System Administrator - Imaging Research Laboratories
Robarts Research Institute - London ON, Canada
519.663.5777 x34089

       ~~~~~~~
  Those who do not understand Unix are condemned to reinvent it, poorly.
        -- Henry Spencer
~~~~~~

More information about the samba mailing list