[Samba] difficulty setting up Samba PDC.. please help... out of ideas

J jae at platinumpsi.com
Thu Dec 20 21:58:55 GMT 2007 

Incidentally, this is being written (at log level 2), when I attempt to 
log bryan in:

[2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [bryan] -> [bryan] -> 
[bryan] succeeded

If authentication is succeeding, why am I getting the message that the 
user doesn't exist in Windows?


J wrote:
> I am trying to test a Samba PDC on our network that currently shares 
> files as a workgroup (with a different name, of course).  Microsoft 
> states that this can be done, with no issues (so long as the workgroup 
> and the domain have different names).  The permanent home for the 
> shares is on //receptionist.  ( The temporary home for the Samba PDC 
> is on //haze. )  Once the PDC has been set up successfully and tested, 
> //receptionist will be switched to work as the PDC, and not a file 
> share.  The Windows client I'm testing on is a virtual machine, 
> "virtualx-ray", on the network.
>
> Please, does anyone have any ideas??:
>
> I have successfully joined the domain, and I can log into the domain 
> with the first user I set up on //haze. (jae)  jae is able to log in, 
> successfully loads the custom profile (changing the network 
> neighborhood to use a customized list of network resources), but does 
> not currently update the profile.  (one thing at a time)  bryan, on 
> the other hand, gets the following messages (and does not log in):
>
>> Windows cannot locate the server copy of your roaming profile and is 
>> attempting to log you on with your local profile. Changes to the 
>> profile will not be copied to the server when you logoff. Possible 
>> causes of this error include network problems or insufficient 
>> security rights. If this problem persists, contact your network 
>> administrator.  
>>
>> DETAIL - Logon failure: unknown user name or bad password.
> bryan is a valid user name (see the passwd file settings below) , and 
> I'm using the correct password.  I have restarted both Samba servers 
> every time I made a change in the smb.conf files.  There is nothing in 
> the logs (on //haze) that another user is trying to log on, other than 
> jae.
>> Windows cannot log you on because your profile cannot be loaded. 
>> Check that you are connected to the network, or that your network is 
>> functioning correctly. If this problem persists, contact your network 
>> administrator.
>>
>>
>> DETAIL - The system cannot find the path specified.
> bryan does NOT exist as a local account on the Windows client.  "Jae" 
> did exist, at one time on the Windows client. ( The login name was 
> later changed  to "jnorm".  Logging in as "Jae" with the valid 
> password on the local client does not work, as it shouldn't. )
>
>
> I have tinkered with the settings for weeks now, so they are more 
> "open" than they started out.
> Here are the (appropriate) settings:
>
> (//receptionist):
>
> [receptionist 133] server.files > smbclient --version
> Version 3.0.23c-2.el5.2.0.2
>
> [ls -l]:
>
> /home/win-profiles:
> drwxr-xr-x  22 root root  4096 Dec  8 11:37 home
> drwxrwxrwx  4 jae        users                4096 Dec 17 13:18 
> win-profiles
>
> /misc2/shares/netlogon:
> drwxr-sr-x  12 root  ppsi-employees  4096 Dec  8 07:31 shares
> dr--r-xrwx  2 root   users          4096 Dec  7 17:12 netlogon
>
> [/etc/passwd]:
>
> jae:x:500:500:J:/home/jae:/bin/bash
> bryan:x:501:501::/home/bryan:/bin/bash
>
> [/etc/group]:
>
> users:x:100:bryan,jae
> jae:x:500:
> bryan:x:501:
> ntadmins:x:550:
>
> [/etc/samba/smb.conf]:
>
> [global]
>    workgroup = platinum
>    server string = Receptionist
>    security = user
>    hosts allow = 192.168.1. 192.168.0. 127.
> ;    load printers = yes
> ;    printing = cups
>    cups options = raw
>    log level = 2
>    log file = /var/log/samba/%m.log
>    max log size = 50
>    interfaces = lo eth0
>    os level = 33
> ;preferred master = yes
>    wins support = yes
>    dns proxy = no
>    username map = /etc/samba/smbusers
>    veto files = /lost+found
>    encrypt passwords = yes
> ;    guest ok = no
> ;    guest account = nobody
> [homes]
>    comment = Home Directories
>    browseable = no
>    writeable = yes
> [netlogon]
>    comment = Network Logon Service
>    path = /misc2/shares/netlogon
>    guest ok = yes
>    browseable = No
> [network-resources]
>    path = /misc2/shares/network-resources
>    guest ok = no
>    browseable = yes
>    writeable = yes
>    writelist = jae
> [printers]
>    comment = All Printers
>    path = /usr/spool/samba
>    printable = yes
>    guest ok = yes
> [win-profiles]
>    path = /home/win-profiles
>    browseable = yes
>    writeable = yes
> #    create mask = 0666
> #    directory mask = 0777
>    csc policy = disable
> [SharePPSI]
>    path = /misc2/shares/share.ppsi
>    writeable = yes
>    force create mode = 0660
>    force directory mode = 2771
>
> # More directory shares, omitted for sake of brevity;
> # No shares directly off of /home, except for win-profiles.
>
> (//haze):
>
> [jae at haze server.files]$ smbclient --version
> Version 3.0.24-11.fc6
>
> [ls -l]:
>
> /home/shares/: ( This is an NFS to //receptionist )
> dr--r-xrwx  2 root   users          4096 Dec  7 17:12 netlogon
> drwxrws---  3 jae    ppsi-employees 4096 Dec 10 12:25 network-resources
>
> [/etc/passwd]:
>
> jae:x:500:500:J:/home/jae:/bin/bash
> virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false
> bryan:x:501:501:bryan:/home/bryan:/bin/bash
>
> [/etc/group]:
>
> users:x:100:jae,games,bryan
> jae:x:500:
> machines:x:526:
> ntadmins:x:550:jae
> bryan:x:501:
>
> [/etc/samba/smb.conf]:
>
> [global]
>    workgroup = ppsi-austin
>    netbios name = fdesk
>    server string = Front Desk
>    security = user
>    cups options = raw
> ;  guest account = pcguest
>    log file = /var/log/samba/%m.log
>    max log size = 50
> ;   password server = <NT-Server-Name>
> ;   realm = MY_REALM
> ;   passdb backend = tdbsam
> ;   include = /usr/local/samba/lib/smb.conf.%m
> ;    interfaces = lo eth0
>    local master = yes
>    os level = 99
>    domain master = yes
>    preferred master = yes
>    domain logons = yes
>    encrypt passwords = yes
> ;   logon script = %m.bat
> ;   logon script = %U.bat
>    logon path = //receptionist/win-profiles/%U
>    wins support = yes
> ; wins server = w.x.y.z
> ;   wins proxy = yes
>    dns proxy = no
>    username map = /etc/samba/smbusers
>
>    add user script = /usr/sbin/useradd %u
>    add group script = /usr/sbin/groupadd %g
>    add machine script = /usr/sbin/adduser -n -g machines -c Machine -d 
> /dev/null -s /bin/false %u
> ;  delete user script = /usr/sbin/userdel %u
> ;  delete user from group script = /usr/sbin/deluser %u %g
> ;  delete group script = /usr/sbin/groupdel %g
>
>
> [homes]
>    comment = Home Directories
>    browseable = no
>    writeable = yes
>
> [netlogon]
> ;    path = /usr/local/samba/lib/netlogon
>    path = /home/shares/netlogon
>    guest ok = yes
> ;    writeable = no
>    share modes = no
>    csc policy = disabled
>
> [printers]
>    comment = All Printers
>    path = /usr/spool/samba
>    browseable = no
> ;    guest ok = no
> ;    writeable = no
>    printable = yes
>
>
> [net groupmap list (SIDs blocked out) ]:
> Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users
> Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody
> PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees
> Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins
>
>
> .. I can't think of anything else that could be involved.  There is no 
> LDAP in place here.  Let me know if any other settings / information 
> is needed.
>
> Thanks!!
>
> --J.

More information about the samba mailing list