[Samba] SuSE 9.1 Pro

Chuck Chauvin clchauvin at edcaugusta.com
Tue Oct 5 04:03:09 GMT 2004 

My entire smb.conf file is listed in the thread "[Samba] Samba 3.0.4 Profile 
Permissions".

I'll post it here as well.

My layout is fairly simple. I have one machine in my network running Linux 
and Samba that acts as a Primary Domain Controller. It resides at IP addres 
192.168.1.100 while all of the other machines on my network (all Windows XP 
clients) have an IP address of 192.168.1.xxx

I currently have this setup running in Mandrake (from about 2 years ago) and 
everything works as it should regarding Samba (version 2.2.4 btw).

All of my clients login to the server using an account and password that 
exists on the Linux machine.

Following this message is my smb.conf and my log files from last night. This 
was with the firewall disabled altogether. I would like a firewall of some 
sort on this server so disabling the firewall doesn't really make me feel 
all that comfortable but if it doesn't work right, it doesn't work. I have 
ports 137, 138, 139 and 445 open, according to YaST, but this still will not 
work. I (usually) can't even see the Domain Controller while the firewall is 
running. I say ususally because sometimes I do... and I hadn't changed a 
thing. It's there one minute and gone the next.

When you look at the log files you will notice that I attempted to log in 
with a user account of bagginsadmin which is a member of the adm group. The 
adm group is set in all of my Windows XP clients as a member of the 
Administrators group so that I can use this particular login to access any 
of my XP clients and make any necessary modifications.

When I attempted to login last night I got the following error:

"Windows did not load your roaming profile and is attempting to log you on 
with your local profile. Changes to the profile will not be copied to the 
server when you logoff. Windows did not load your profile because a server 
copy of the profile folder already exists that does not have the correct 
security. Either the current user or the Administrator's group must be the 
owner of the folder. Contact your network administrator."


I then attempted to login with my own account (also a member of the adm 
group) and got this error:


"Windows cannot log you in now because the domain BAGGINS is not available."


I then created a new user account in Linux and Samba and attempted to login. 
I get the same error.

When I login using the original administrative account above I get access to 
most of the shares that I have setup. My network logon script runs just 
fine. I do not, however, have Administrative priveleges on the XP client. 
When I attempt to modify the XP client Administrators group I get a list of 
numbers as the members instead of what I am used to seeing (i.e. 
BAGGINS\unix_group.XXXXXXX).

Now I am sure that the following line in my log.smbd explains what is going 
wrong but I'll be snookered if I knew what it meant:

[2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988)
 init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32-
544,
 which conflicts with the domain sid S-1-5-21-2763611909-969304523-
3334035465.
 Failing operation.


So, having said all of that, here are my configuration and log files.

As always, any help is greatly appreciated.


[global]
  workgroup = BAGGINS
  security = user
  encrypt passwords = yes
  passdb backend = smbpasswd
  server string = Domain Controller
  netbios name = BILBO
  add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -
s /bin/false %m$
  domain master = yes
  domain logons = yes
  logon script = logon.cmd
  local master = yes
  preferred master = yes
  os level = 65

[homes]
  comment = Home Directory for %u
  path = /home/%u
  read only = No
  browseable = No

[Projects]
  comment = Project Folders
  path = /data-1/projects
  admin users = @Design, adm, Manager
  read only = No
  create mask = 0775
  force create mode = 0775
  force security mode = 0775
  force directory mode = 0775
  force directory security mode = 0775

[Temp]
  comment = Temporary Space
  path = /data-1/temp
  admin users = @Design, adm, Manager
  read only = No
  create mask = 0777

[Archive]
  comment = Archived Projects
  path = /data-1/archive
  write list = @adm
  security mask = 0755
  directory security mask = 0755
  guest ok = Yes

[netlogon]
  comment = Network Logon Service
  path = /etc/samba/netlogon
  guest ok = Yes

[Profiles]
  path = /home/%u/profile
  browseable = No
  writeable = yes
  nt acl support = yes

My log.smbd

[2004/10/04 11:55:00, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:00, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 11:55:04, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:13, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 11:55:14, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:15, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service netlogon initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:56:50, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service netlogon
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service Archive initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service Projects initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service Temp initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988)
 init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32-
544,
 which conflicts with the domain sid S-1-5-21-2763611909-969304523-
3334035465.  Failing operation.
[2004/10/04 12:00:21, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 12:00:24, 1] smbd/service.c:make_connection_snum(619)
 baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 12:00:24, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service Archive
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service Projects
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
 baggins001 (192.168.1.6) closed connection to service Temp

My log.nmbd

 *****
[2004/10/04 08:34:07, 0] nmbd/nmbd.c:terminate(54)
 Got SIGTERM: going down...
[2004/10/04 09:59:49, 0] nmbd/nmbd.c:main(664)
 Netbios nameserver version 3.0.4-SUSE started.
 Copyright Andrew Tridgell and the Samba Team 1994-2004
[2004/10/04 09:59:49, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
 add_domain_logon_names:
 Attempting to become logon server for workgroup BAGGINS on subnet 
192.168.1.100
[2004/10/04 09:59:49, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
 become_domain_master_browser_bcast:
 Attempting to become domain master browser on workgroup BAGGINS on subnet 
192.168.1.100
[2004/10/04 09:59:49, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
 become_domain_master_browser_bcast: querying subnet 192.168.1.100 for 
domain master browser on workgroup BAGGINS
[2004/10/04 09:59:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success
(124)
 become_logon_server_success: Samba is now a logon server for workgroup 
BAGGINS on subnet 192.168.1.100
[2004/10/04 09:59:57, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2
(113)
 *****

 Samba server BILBO is now a domain master browser for workgroup BAGGINS on 
subnet 192.168.1.100

 *****
[2004/10/04 10:00:13, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2
(396)
 *****

 Samba name server BILBO is now a local master browser for workgroup 
BAGGINS on subnet 192.168.1.100

 *****





---------- Original Message -----------
From: rruegner <robert at ruegner.org>
To: Holger Krull <holger.krull at gmx.de>
Sent: Tue, 05 Oct 2004 14:50:14 +0200
Subject: Re: [Samba] SuSE 9.1 Pro

> Holger Krull schrieb:
> >> Hi, the simple answer is dont use suse firewall,( iptables scripts are 
> >> easy to google )
> >> and study more chapters from Samba Browsing
> > 
> > 
> > That's not very nice, the Suse 'firewall' is well written. And you can't 
> > expect everyone to learn that much about paket filtering just to run 
samba.
> > 
> > And it works with samba.
> > 
> Sorry Holger, but my opinion is different, suse firewall may be good 
> written, but learning about packet filtering and networking is 
> helpfull in any way. If you dont push the button block internal 
> internal interface in yast and you bind samba to your internal nic 
> suse firewall is not involded with you samba stuff. If you want use 
> samba trough nat or suse firewall, you should take your own iptables 
> script, cause you cant really adjust this in suse firewall. For more 
> help post more of your desired network layout and you samba conf Regards
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
------- End of Original Message -------


--
Chuck Chauvin
Network Administrator
clchauvin at edcaugusta.com

More information about the samba mailing list