[Samba] difficulty setting up Samba PDC.. please help... out of
ideas
J
jae at platinumpsi.com
Thu Dec 20 20:31:03 GMT 2007
I am trying to test a Samba PDC on our network that currently shares
files as a workgroup (with a different name, of course). Microsoft
states that this can be done, with no issues (so long as the workgroup
and the domain have different names). The permanent home for the shares
is on //receptionist. ( The temporary home for the Samba PDC is on
//haze. ) Once the PDC has been set up successfully and tested,
//receptionist will be switched to work as the PDC, and not a file
share. The Windows client I'm testing on is a virtual machine,
"virtualx-ray", on the network.
Please, does anyone have any ideas??:
I have successfully joined the domain, and I can log into the domain
with the first user I set up on //haze. (jae) jae is able to log in,
successfully loads the custom profile (changing the network neighborhood
to use a customized list of network resources), but does not currently
update the profile. (one thing at a time) bryan, on the other hand,
gets the following messages (and does not log in):
> Windows cannot locate the server copy of your roaming profile and is
> attempting to log you on with your local profile. Changes to the
> profile will not be copied to the server when you logoff. Possible
> causes of this error include network problems or insufficient security
> rights. If this problem persists, contact your network administrator.
>
>
> DETAIL - Logon failure: unknown user name or bad password.
bryan is a valid user name (see the passwd file settings below) , and
I'm using the correct password. I have restarted both Samba servers
every time I made a change in the smb.conf files. There is nothing in
the logs (on //haze) that another user is trying to log on, other than jae.
> Windows cannot log you on because your profile cannot be loaded. Check
> that you are connected to the network, or that your network is
> functioning correctly. If this problem persists, contact your network
> administrator.
>
>
> DETAIL - The system cannot find the path specified.
bryan does NOT exist as a local account on the Windows client. "Jae"
did exist, at one time on the Windows client.
( The login name was later changed to "jnorm". Logging in as "Jae"
with the valid password on the local client does not work, as it
shouldn't. )
I have tinkered with the settings for weeks now, so they are more "open"
than they started out.
Here are the (appropriate) settings:
(//receptionist):
[receptionist 133] server.files > smbclient --version
Version 3.0.23c-2.el5.2.0.2
[ls -l]:
/home/win-profiles:
drwxr-xr-x 22 root root 4096 Dec 8 11:37 home
drwxrwxrwx 4 jae users 4096 Dec 17 13:18 win-profiles
/misc2/shares/netlogon:
drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares
dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon
[/etc/passwd]:
jae:x:500:500:J:/home/jae:/bin/bash
bryan:x:501:501::/home/bryan:/bin/bash
[/etc/group]:
users:x:100:bryan,jae
jae:x:500:
bryan:x:501:
ntadmins:x:550:
[/etc/samba/smb.conf]:
[global]
workgroup = platinum
server string = Receptionist
security = user
hosts allow = 192.168.1. 192.168.0. 127.
; load printers = yes
; printing = cups
cups options = raw
log level = 2
log file = /var/log/samba/%m.log
max log size = 50
interfaces = lo eth0
os level = 33
;preferred master = yes
wins support = yes
dns proxy = no
username map = /etc/samba/smbusers
veto files = /lost+found
encrypt passwords = yes
; guest ok = no
; guest account = nobody
[homes]
comment = Home Directories
browseable = no
writeable = yes
[netlogon]
comment = Network Logon Service
path = /misc2/shares/netlogon
guest ok = yes
browseable = No
[network-resources]
path = /misc2/shares/network-resources
guest ok = no
browseable = yes
writeable = yes
writelist = jae
[printers]
comment = All Printers
path = /usr/spool/samba
printable = yes
guest ok = yes
[win-profiles]
path = /home/win-profiles
browseable = yes
writeable = yes
# create mask = 0666
# directory mask = 0777
csc policy = disable
[SharePPSI]
path = /misc2/shares/share.ppsi
writeable = yes
force create mode = 0660
force directory mode = 2771
# More directory shares, omitted for sake of brevity;
# No shares directly off of /home, except for win-profiles.
(//haze):
[jae at haze server.files]$ smbclient --version
Version 3.0.24-11.fc6
[ls -l]:
/home/shares/: ( This is an NFS to //receptionist )
dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon
drwxrws--- 3 jae ppsi-employees 4096 Dec 10 12:25 network-resources
[/etc/passwd]:
jae:x:500:500:J:/home/jae:/bin/bash
virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false
bryan:x:501:501:bryan:/home/bryan:/bin/bash
[/etc/group]:
users:x:100:jae,games,bryan
jae:x:500:
machines:x:526:
ntadmins:x:550:jae
bryan:x:501:
[/etc/samba/smb.conf]:
[global]
workgroup = ppsi-austin
netbios name = fdesk
server string = Front Desk
security = user
cups options = raw
; guest account = pcguest
log file = /var/log/samba/%m.log
max log size = 50
; password server = <NT-Server-Name>
; realm = MY_REALM
; passdb backend = tdbsam
; include = /usr/local/samba/lib/smb.conf.%m
; interfaces = lo eth0
local master = yes
os level = 99
domain master = yes
preferred master = yes
domain logons = yes
encrypt passwords = yes
; logon script = %m.bat
; logon script = %U.bat
logon path = //receptionist/win-profiles/%U
wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = no
username map = /etc/samba/smbusers
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
[homes]
comment = Home Directories
browseable = no
writeable = yes
[netlogon]
; path = /usr/local/samba/lib/netlogon
path = /home/shares/netlogon
guest ok = yes
; writeable = no
share modes = no
csc policy = disabled
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
; guest ok = no
; writeable = no
printable = yes
[net groupmap list (SIDs blocked out) ]:
Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users
Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody
PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees
Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins
.. I can't think of anything else that could be involved. There is no
LDAP in place here. Let me know if any other settings / information is
needed.
Thanks!!
--J.
More information about the samba
mailing list