[Samba] problem login W2k-sp2 and 4 to samba 3.0.2: profiles

Miguel Casas-Sánchez m.casas at falk-meddv.de
Wed May 19 15:04:59 GMT 2004


Hi once again

Now I have almost everything working, that is, Samba 3.0.2 with Ldap 
database (messages ok when reading), and I want it to be a PDC, 
everything seems to work fine when registering machines or users, but 
when logging, I mean, entering W2k-Sp4, my computers (two of them) reset 
themselves: they begin to load the user defined stuff and then when one 
expects the the navigator bar to appear, comes the reset.

When I try to add a user to the domain from a computer, also seems to 
work well but with level-3 debugging appears the 'SAMR_Q_SET_USERINFO' 
sentence. (username: rasuser, machine fmdv-4tpb8aqct4$, domain fmdv, 
machine pdc: linuxtest, mcasas is another user messing around ?)

-------------------------
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=FMDV))]
smbldap_open_connection: connection opened
netbios connect: name1=LINUXTEST       name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: root
check_ntlm_password:  authentication for user [root] -> [root] -> [root] 
succeeded
Returning domain sid for domain FMDV -> 
S-1-5-21-78767638-71612024-1917398797
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
samr_io_userinfo_ctr: unknown switch level 0x1a
api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_ldap_from_sam: Setting entry for user: fmdv-4tpb8aqct4$
ldapsam_update_sam_account: successfully modified uid = fmdv-4tpb8aqct4$ 
in the LDAP database
init_sam_from_ldap: Entry found for user: rasuser
-------------------------

that seems to say it's impossible to write the profile... but the user 
is ok.

So far I have searched in google, sambalists, and the same 
'SAMR_Q_SET_USERINFO' problem was reported for WXP-Sp1,  (you can see 
the reported problems of W2k-Sp4 in http://www.w2knews.com/anecdotes.htm 
, anecdote 11). The more or less accepted solution is to include in 
smb.conf "profiles acls=yes" and/or "nt acl support = yes".  Even more, 
one machine has W2k-Sp2 so it shouldn't affect it but it does.

So in my case the two modifiers didn't work at all, so I wonder if it 
has sth to do with the profiles or the netlogon, that is, it is supposed 
to exist a file ntconfig.pol in \\server\netlogon, with a default user 
and a default computer defined in it, the way winnt.adm describes, am I 
wrong? and this must be put there by hand, or samba should do it 
automatic? can samba run without it?

Beside, when registering a new user, from any machine, then windows 
should copy a profile in \\server\profiles\%u, with an important file 
ntuser.dat, ok? well my system doesn't, has anybody experienced sth so 
tricky? Or do I have to copy manually the profiles from Win? Anyway I 
had copied it but doesn't work.

Here is the typical level-2 log of a connection attempt (fmdv-domain, 
linuxtest- samba pdc name, mcasas -usrname, FMDV-xxx machine name)
-----------------

netbios connect: name1=LINUXTEST       name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: mcasas
netsec_decode: FAILED: packet sequence number:
[000] 49 94 01 FB 41 EE 52 8A                           I...A.R.
should be:
[000] 00 00 00 00 80 00 00 00                           ........
failed to decode PDU
process_request_pdu: failed to do schannel processing.
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: mcasas
check_ntlm_password:  authentication for user [mcasas] -> [mcasas] -> 
[mcasas] succeeded
init_sam_from_ldap: Entry found for user: mcasas
check_ntlm_password:  authentication for user [mcasas] -> [mcasas] -> 
[mcasas] succeeded
fmdv-4tpb8aqct4 (192.168.1.3) connect to service netlogon initially as 
user mcasas (uid=1000, gid=100) (pid 8323)

<---- here comes the reset --->

netbios connect: name1=LINUXTEST       name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: mcasas


-----------------

Of course testparm functions without complaining, and I have brought 
together under 'users' in ldap database, the registered users and the 
computers. A copy of my smb.conf is after the signature

Somebody can help me? I have almost no ideas, so thanks in advance.

------------------------------
Miguel Casas-Sánchez
FDMV Lübeck
m.casas_at_falk-meddv.de
------------------------------




-------------- next part --------------
# Samba config file created by mcasas
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/05/13 16:04:41

# Global parameters
[global]
	workgroup = FMDV
	server string = Linuxtest server : SAMBA %v - LDAP
	interfaces = 192.168.1.70
	map to guest = Bad User
	passdb backend = ldapsam
	passwd program = /usr/local/sbin/smbldap-passwd -o %u
	passwd chat = *New*passwd* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*
	username map = /etc/samba/user.map
	unix password sync = Yes
#
	log level =2
	syslog = 0
	log file = /var/log/samba.log
#	max log size = 50
	timestamp logs= no
#
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
	add user script    = /usr/local/sbin/smbldap-useradd -m  %U
	add machine script = /usr/local/sbin/smbldap-useradd -w  %m$
#
#
	domain logons = Yes
	os level = 65
	preferred master = Yes
	domain master = Yes
	local master = yes
	security=user
#
	ldap ssl = no
	ldap suffix = "dc=local,dc=falk-meddv"
	ldap admin dn= "cn=Manager,dc=local,dc=falk-meddv"
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
#
	logon path=\\%L\profiles\%U
	profiles acls=yes
	nt acl support=yes
#
[hmcasas]
	comment = Home Directory of MCasas
	path = /home/mcasas
	valid users = mcasas
	read only = No
	create mask = 0640
	directory mask = 0750

[hhartmut]
	comment = Home Directory of Hartmut
	path = /home/hartmut
	valid users = hartmut
	read only = No
	create mask = 0640
	directory mask = 0750

[printers]
	comment = All Printers
	path = /var/tmp
	create mask = 0600
	printable = Yes
	browseable = No

[print]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @ntadmin, root
	force group = ntadmin
	create mask = 0664
	directory mask = 0775
	browseable=no
[linduns]
	comment = /tmp de Linux
	path = /tmp/
	valid users = root
	directory mask = 0750

[netlogon]
	path = /home/netlogon
	read only = yes
[profiles]
	path = /home/profiles/%U
	read only = No
	create mask = 0600
	directory mask = 0700
	browseable=no


More information about the samba mailing list