[Samba] domain trust relationship with AD 2003 and user profile and
home directory problems
Lukasz Zalewski
lukas at dcs.qmul.ac.uk
Thu Jul 31 22:13:28 GMT 2008
Hi!
We have a PDC for EEKS domain, running samba 3.2.0 FC9 64 bit, with the
following trust relationships:
one way trust where EEKS trusts ITL domain which is running Samba 3.0.30
FC8 64 bit
two way trust between EEKS and ADEEKS domain which is running Windows
Server 2003.
Now for a given Windows XP SP2 workstation in EEEKS domain:
1. User logs onto ITL domain through the trust relationship and gets the
appropriate profile and home directory
2. User logs onto EEKS domain and also gets the appropriate profile and
home directory
3. User logs onto ADEEKS domain but does not get home directory nor a
profile.
I have been looking at the logs and found the following entries:
[2008/07/31 17:44:48, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
netr_LogonSamLogon: struct netr_LogonSamLogon
out: struct netr_LogonSamLogon
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : cb8ab18ac5739c1a
timestamp : Thu Jul 31 17:44:47
2008 BST
validation : *
validation : union netr_Validation(case 3)
sam3 : *
sam3: struct netr_SamInfo3
base: struct netr_SamBaseInfo
last_logon : NTTIME(0)
last_logoff : Thu Sep 14
03:48:05 30828 BST
acct_expiry : Thu Sep 14
03:48:05 30828 BST
last_password_change : Mon Jan 1
00:00:47 1601 LMT
allow_password_change : Mon Jan 1
00:00:47 1601 LMT
force_password_change : Thu Sep 14
03:48:05 30828 BST
account_name: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : 'goo'
full_name: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
logon_script: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
profile_path: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
home_directory: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
home_drive: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
logon_count : 0x0000 (0)
bad_password_count : 0x0000 (0)
rid : 0x00000456
which seems to suggest that the necessary information is equal to the
empty string (That information does exist in AD). Is this happening due
to the misconfiguration of samba, or AD? Can this be done at all? If so
what do i need to change? If this cannot be change can i override the
above settings through samba?
I have run out of ideas so any suggestions would be much appreciated
Regards
Lukasz
More information about the samba
mailing list