[Samba] problem login W2k-sp2 and 4 to samba 3.0.2: profiles
Miguel Casas-Sánchez
m.casas at falk-meddv.de
Wed May 19 15:04:59 GMT 2004
Hi once again
Now I have almost everything working, that is, Samba 3.0.2 with Ldap
database (messages ok when reading), and I want it to be a PDC,
everything seems to work fine when registering machines or users, but
when logging, I mean, entering W2k-Sp4, my computers (two of them) reset
themselves: they begin to load the user defined stuff and then when one
expects the the navigator bar to appear, comes the reset.
When I try to add a user to the domain from a computer, also seems to
work well but with level-3 debugging appears the 'SAMR_Q_SET_USERINFO'
sentence. (username: rasuser, machine fmdv-4tpb8aqct4$, domain fmdv,
machine pdc: linuxtest, mcasas is another user messing around ?)
-------------------------
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=FMDV))]
smbldap_open_connection: connection opened
netbios connect: name1=LINUXTEST name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: root
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
Returning domain sid for domain FMDV ->
S-1-5-21-78767638-71612024-1917398797
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
samr_io_userinfo_ctr: unknown switch level 0x1a
api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_ldap_from_sam: Setting entry for user: fmdv-4tpb8aqct4$
ldapsam_update_sam_account: successfully modified uid = fmdv-4tpb8aqct4$
in the LDAP database
init_sam_from_ldap: Entry found for user: rasuser
-------------------------
that seems to say it's impossible to write the profile... but the user
is ok.
So far I have searched in google, sambalists, and the same
'SAMR_Q_SET_USERINFO' problem was reported for WXP-Sp1, (you can see
the reported problems of W2k-Sp4 in http://www.w2knews.com/anecdotes.htm
, anecdote 11). The more or less accepted solution is to include in
smb.conf "profiles acls=yes" and/or "nt acl support = yes". Even more,
one machine has W2k-Sp2 so it shouldn't affect it but it does.
So in my case the two modifiers didn't work at all, so I wonder if it
has sth to do with the profiles or the netlogon, that is, it is supposed
to exist a file ntconfig.pol in \\server\netlogon, with a default user
and a default computer defined in it, the way winnt.adm describes, am I
wrong? and this must be put there by hand, or samba should do it
automatic? can samba run without it?
Beside, when registering a new user, from any machine, then windows
should copy a profile in \\server\profiles\%u, with an important file
ntuser.dat, ok? well my system doesn't, has anybody experienced sth so
tricky? Or do I have to copy manually the profiles from Win? Anyway I
had copied it but doesn't work.
Here is the typical level-2 log of a connection attempt (fmdv-domain,
linuxtest- samba pdc name, mcasas -usrname, FMDV-xxx machine name)
-----------------
netbios connect: name1=LINUXTEST name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: mcasas
netsec_decode: FAILED: packet sequence number:
[000] 49 94 01 FB 41 EE 52 8A I...A.R.
should be:
[000] 00 00 00 00 80 00 00 00 ........
failed to decode PDU
process_request_pdu: failed to do schannel processing.
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: mcasas
check_ntlm_password: authentication for user [mcasas] -> [mcasas] ->
[mcasas] succeeded
init_sam_from_ldap: Entry found for user: mcasas
check_ntlm_password: authentication for user [mcasas] -> [mcasas] ->
[mcasas] succeeded
fmdv-4tpb8aqct4 (192.168.1.3) connect to service netlogon initially as
user mcasas (uid=1000, gid=100) (pid 8323)
<---- here comes the reset --->
netbios connect: name1=LINUXTEST name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: mcasas
-----------------
Of course testparm functions without complaining, and I have brought
together under 'users' in ldap database, the registered users and the
computers. A copy of my smb.conf is after the signature
Somebody can help me? I have almost no ideas, so thanks in advance.
------------------------------
Miguel Casas-Sánchez
FDMV Lübeck
m.casas_at_falk-meddv.de
------------------------------
-------------- next part --------------
# Samba config file created by mcasas
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/05/13 16:04:41
# Global parameters
[global]
workgroup = FMDV
server string = Linuxtest server : SAMBA %v - LDAP
interfaces = 192.168.1.70
map to guest = Bad User
passdb backend = ldapsam
passwd program = /usr/local/sbin/smbldap-passwd -o %u
passwd chat = *New*passwd* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*
username map = /etc/samba/user.map
unix password sync = Yes
#
log level =2
syslog = 0
log file = /var/log/samba.log
# max log size = 50
timestamp logs= no
#
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
add user script = /usr/local/sbin/smbldap-useradd -m %U
add machine script = /usr/local/sbin/smbldap-useradd -w %m$
#
#
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = yes
security=user
#
ldap ssl = no
ldap suffix = "dc=local,dc=falk-meddv"
ldap admin dn= "cn=Manager,dc=local,dc=falk-meddv"
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
#
logon path=\\%L\profiles\%U
profiles acls=yes
nt acl support=yes
#
[hmcasas]
comment = Home Directory of MCasas
path = /home/mcasas
valid users = mcasas
read only = No
create mask = 0640
directory mask = 0750
[hhartmut]
comment = Home Directory of Hartmut
path = /home/hartmut
valid users = hartmut
read only = No
create mask = 0640
directory mask = 0750
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
browseable=no
[linduns]
comment = /tmp de Linux
path = /tmp/
valid users = root
directory mask = 0750
[netlogon]
path = /home/netlogon
read only = yes
[profiles]
path = /home/profiles/%U
read only = No
create mask = 0600
directory mask = 0700
browseable=no
More information about the samba
mailing list