[Samba] W2K workstation not disconnecting without a reset

Freitas Freitas casfre at gmail.com
Thu Aug 24 22:26:45 GMT 2006


Hi,

    Trying to be simple and direct.
    My last email didn't get answers.
    Thank you and best regards.

Problem:
-----------

W2K workstations remains connected do samba server at port 139, even
after logoff, and this causes: false wtmp information and no
possibility do control (even no fail proof) simultaneous logins.

Workaround ( not acceptable )
--------------------------------------

Reset the workstations. A lot of them.

Environment:
-----------

Slackware 10.2 ( kernel 2.4.31 )
Samba 3.0.23b ( from www.samba.org )
OpenLdap 2.3.24
NFS server sharing /home in the same server.

Relevant tried and readings
-----------------------------------
(1)
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html

(2)
Mailing lists, with several search criteria.

(3)
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id2628488

(4)
Tips from Internet
------------------
[1] net use * /d /y, when executing logoff  ( W2K workstations )
[2] smb ports = 139 ( smb.conf )
[3] SaveConnections = no ( regedit, all keys changed from yes to no )
[4] Enabling and disabling utmp = yes ( smb.conf )
[5] Enabling and disabling deadtime = 0 ( smb.conf, tried 1, 2, 3 )
[6] Enabling and disabling keep alive = 300 ( smb.conf )
[7] No firewall/bridge filter blocking connections between W2K/Samba.

(5)
tcpdump shows stations remains connected to server port 139, after
logoff, even with SaveConnections = no and net use * /d /y.

(6)
lsof, confirms that connections to port 139

(7)
log level = 2

-Available a 451 lines ( one single logon/logoff logging time ), I am
not sure about sending to list, because there are no Errors I have
seen. Should I send it anyway?

(8)
smb.conf

########
[global]
workgroup = MYDOMAIN
server string = Samba Server %v
netbios name = sambaserver
netbios aliases = sambaserver
dos charset = CP850
display charset = ISO8859-1
unix charset = ISO8859-1
encrypt passwords = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
passwd chat debug = yes
unix password sync = yes
log file = /var/log/samba/samba.%m
max log size = 100
preserve case = yes
short preserve case = yes
default case = lower
time server = yes
max connections = 0
deadtime = 1
keepalive = 300
utmp = yes

smb ports = 139

log level = 2
security = user
hosts allow = 127.0.0.1 192.168.0 192.168.1
printcap name = /etc/printcap

browseable = no
pid directory = /var/run/

printing = lprng

max log size = 5000
passdb backend = ldapsam:ldaps://ldap.mydomain.com

ldap admin dn = cn=smbuseratldap,ou=DSA,dc=mydomain,dc=com
ldap suffix = dc=mydomain,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap delete dn = yes
ldap ssl = on

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0, lo
bind interfaces only = yes
local master = yes
os level = 20
domain master = yes
preferred master = yes
domain logons = yes
logon script = everybody.bat
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no

add machine script = /usr/local/sbin/smbldap-useradd -t8 -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

##########
[Profiles]

#
#  Disabled preexec exactly because the problem reported
#
# root preexec = /bin/fechar.sh %U %m
# root preexec close = yes
# root postexec = /bin/change_perms.sh %U
path = /profiles
read only = no
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
force user = %U
profile acls = yes

#######
[homes]

comment = Home dirs
browseable = no
writable = yes
public = no
follow symlinks = no
create mode = 0600
directory mode = 0700
invalid users = root bin daemon adm lp sync shutdown halt mail ftp rpc
sshd gdm pop nobody

##########
[netlogon]

comment = Network Logon Service
valid users = %U
path = /profiles/netlogon
guest ok = no
writable = no
share modes = no
force create mode = 0755
force directory mode = 0755
browseable = no

#####
[tmp]

comment = Temporary file
path = /tmp
read only = yes


More information about the samba mailing list