[Samba] session setup failed: NT_STATUS_LOGON_FAILURE

Roger Wu wu1004 at gmail.com
Thu Nov 5 03:38:31 UTC 2015


2015-11-05 0:16 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 04/11/15 15:38, Roger Wu wrote:
>
>>
>>
>> 2015-11-04 22:55 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com
>> <mailto:rowlandpenny241155 at gmail.com>>:
>>
>>
>>     On 04/11/15 14:34, Roger Wu wrote:
>>
>>
>>
>>
>>
>>             Doh! now you have raised more questions :-D
>>
>>             First, the more users that you have, the harder it gets to
>>             maintain them in a workgroup, about 8 users is the maximum
>>         from my
>>             experience. Some of them will never use more than one
>>         machine, but
>>             most will move from one machine to another and so they
>>         will have
>>             to have login details on *all* machines they will log
>>         into. This
>>             is where a domain comes in, you create the user in one
>>         place and
>>             the user can then login everywhere.
>>
>>
>>         I don't really get it. Maybe I misinterpret what you said.
>>         If our samba server works, users only want to access samba
>>         service using their own PC,
>>         that's what they need, they are not allowed to use others' PCs
>>         but their own.
>>
>>         And yes, users can move from one machine to another, that's
>>         how a domain works,
>>         but we don't need to provide samba service between Workstation,
>>         only one way access from PCs to Workstations is needed for users.
>>
>>         I am not worried about users limitation, it's just as I said
>>         that not so many users need this service.
>>         If so, I'll figure it out.
>>
>>
>>             Now we come to the new questions, will the Unix machines
>>         need to
>>             be part of the domain ?
>>
>>
>>         What do you mean "to be part of the domain"?
>>         We have unix/linux machines in each NIS domain, they are a
>>         part of their domain.
>>         Could you define your question more precisely?
>>
>>             You mention that they are in different domains, do you mean
>>             domains or do you mean workgroups?
>>
>>         What I mean is NIS domain. We have three different domains, so
>>         I plan to start up one samba server for each domain separately
>>         As for workgroup, we only have one workgroup for windows, so
>>         it won't be an issue.
>>
>>             Are any machines in a windows domain already?
>>
>>         No.
>>
>>             Finally, if you cannot set up a new domain, do your users
>>         need to
>>             own files on your samba server or do they just need to read &
>>             store files on the samba server.
>>
>>             Rowland
>>
>>         They just need to read & store files on the samba server.
>>
>>         Regards,
>>         Roger
>>
>>
>>     OK, from what you have posted, you have Unix & windows
>>     workstations and they are in groups. You will probably be better
>>     of creating a new AD domain with a number of sites, you can use
>>     the DCs to authenticate all the users & groups and if push comes
>>     to shove, use the DCs as fileservers. Your users would log into
>>     their workstation (either windows or Unix) and have all their data
>>     to hand, the windows users would use the standard AD capabilities
>>     and the Unix users would use the RFC2307 attributes that are built
>>     into a Samba AD as standard.
>>
>>     This will give you is centralisation of user & group maintenance,
>>     your users info will exist in just one place, you only need to add
>>     a user once, you can do it without leaving your chair, unlike a
>>     WORKGROUP, where you will have to visit *every* workstation or
>>     server that a user will connect to. I have been there, done that
>>     and my workgroup was scattered over three counties! It isn't easy.
>>
>>     Rowland
>>
>> I am still confused why can't I use NIS as centralization of user
authentication?
I can do it at samba3x, or samba4x do it in a total different way?

>
>> Geez! It's too deep for me to understand.
>> I did achieve what I want with old samba version only doing some simple
>> settings,
>> I tried to reduplicate the result using new samba version but it failed.
>> I didn't expect it comes to this way you mentioned, it seems more
>> complicated.
>>
>
> No, I doubt if you will be unable to understand it, you just haven't had
> any experience yet.
>
>
>> We do have an AD for PC windows workgroup. Why should I need to create a
>> new AD?
>>
>
> No, again I doubt you are using an AD for a workgroup, domain yes,
> workgroup no

 It's my misunderstanding. you're right we are using an AD for windows
domain.
Even so, I still need to create another new AD for what ?

> .
>
> Would you please give me an example or show me how to setup samba as you
>> said?
>>
>>
> OK, start here:
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>
> I'm try to study the above link you suggest, but I can't find samba-tool
for my installed packages
Where can I find samba-tool?
[root at testcad16 ~]# rpm -qa | grep samba
sernet-samba-4.2.5-19.el6.x86_64
sernet-samba-libs-4.2.5-19.el6.x86_64
sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64
sernet-samba-client-4.2.5-19.el6.x86_64
sernet-samba-common-4.2.5-19.el6.x86_64



> I have no experience creating a AD domain and DCs.
>>
>
> Everybody has to start somewhere.
>
>
> OK, if you do not want to go down this path, then try this smb.conf
>
> [global]
>     workgroup = WORKGROUP
>     server string = ****
>     netbios name = *****
>     printcap name = /dev/null
>     load printers = no
>     disable spoolss = yes
>     printing = bsd
>     dns proxy = no
>     map to guest = Bad User
>     guest ok = yes
>
> This should work without adding any users to the server, anybody that
> connects gets mapped to the guest user, but this does mean that your users
> cannot own anything on the server and anybody will be able to read or
> delete anything!!!
>
> I've tried the above smb.conf, and ya, it worked, but it's definitely not
what I want.
I'll jump to the other option you suggested, but it will takes me time to
learn it.

Roger


> You just need to add whatever shares you require (and alter it to suit
> your workgroup etc).
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list