[Samba] W2K Login Problem

Liam Marshall computers at stmaurice.mb.ca
Fri Jul 7 21:08:15 GMT 2006


I found out the problem, and am I ever pissed!

Let me explain.  My network has 42 staff users (teachers) and 600+ student
users belonging to various groups. (kindergarten, Grade10, etc)

There is no way that I am going to manually enter...

...useradd username
...passwd username
...smbpasswd -a username


Over 600 times

What I always did was use Webmin which has a batch user creation ability.  I
got the data from our school admin software and massaged it into a
importable csv file.

This allowed me to create hundreds of users at once.
Then I went into Webmin Servers and the Samba utility there and setup
automatic synchronization of users, run the utility and voila, all users
created in both Unix and Samba.

Problem is, anyone I created in unix, and synchronized via the samba util in
webmin, that was not a member of the group root could not log into samba's
PDC from a win2k machine.  When I changed users to be primary group root
they then could login.

So somehow, the Webmin Samba util is screwing up somehow.  When I blew away
the affected users, and recreated them manually in the terminal  like the 3
lines above, it worked first time everytime.

But that still leave me with the daunting task of manually adding 600+ unix
users, assign those users unix passwords, and add them to samba manually as
well

Somebody tell me there is a better way.  It is a solution, but a crappy one
for me workload wise

-----Original Message-----
From: samba-bounces+computers=stmaurice.mb.ca at lists.samba.org
[mailto:samba-bounces+computers=stmaurice.mb.ca at lists.samba.org] On Behalf
Of Liam Marshall
Sent: Friday, July 07, 2006 10:14 AM
To: samba at lists.samba.org
Subject: RE: [Samba] W2K Login Problem


That does not appear to be the issue.  I use webmin all the time.

The problem I am having is that:
I did create machine accounts
I can login to samba pdc from a win2k machine
	But only if the user I login as has their primary group set to root.
	It must be some kind of permission thing.

If I have a user with a primary group of "staff" and attempt to login from a
machine, I get the following:

"the system could not log you on due to the following error:
"a device attached to the system is not functioning "try again or contact
your system administrator

If I go to the samba machine, and change the primary group of that user from
"staff" to "root" restart samba then attempt the login again on the same
win2k machine it goes straight in no problem

But this is a big problem.  No way do I want to make every user a member of
root,  I'd rather shoot myself now.  

So what did I do wrong?

Something on the samba box must have permissions set to only allow root
users to execute the login, but where?

Haven't got a clue and totally lost

I really think my smb.conf is ok.  I even tried to manually create a test
user to see if the batch script that I used to add many users at one time
had somehow screwed up the users


Please please help.  I cannot continue setting up the school lab before
solving this issue

-----Original Message-----
From: samba-bounces+computers=stmaurice.mb.ca at lists.samba.org
[mailto:samba-bounces+computers=stmaurice.mb.ca at lists.samba.org] On Behalf
Of kentek
Sent: Thursday, July 06, 2006 4:09 PM
To: samba at lists.samba.org
Subject: Re: [Samba] W2K Login Problem


I too have many config problems with all *nix distros. I'm using Fedora5.
Pretty happy.
What has really help is that I found out about "Webmin".  
It allow one to configure everything from a web browser from anywhere.

Most of everything now works including Samba server.

That said, make sure that Samba passwords are encrypted as that is default
in win server.
And, here is an item i just found and implemented:
>From Win server go to Admin tools | Domain Controller Security Settings |
Local Policies | Security options
Scroll down to Microsoft network server: Digitally sign communications
(always) Set this to Disabled as it is Not implemented by default.
then do from dos window GPUpdate /force.
ciao.
-- 
View this message in context:
http://www.nabble.com/W2K-Login-Problem-tf1902892.html#a5207588
Sent from the Samba - General forum at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/2006
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/2006
 




More information about the samba mailing list