[Samba] session setup failed: NT_STATUS_LOGON_FAILURE
Roger Wu
wu1004 at gmail.com
Thu Nov 5 03:38:31 UTC 2015
2015-11-05 0:16 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 04/11/15 15:38, Roger Wu wrote:
>
>>
>>
>> 2015-11-04 22:55 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com
>> <mailto:rowlandpenny241155 at gmail.com>>:
>>
>>
>> On 04/11/15 14:34, Roger Wu wrote:
>>
>>
>>
>>
>>
>> Doh! now you have raised more questions :-D
>>
>> First, the more users that you have, the harder it gets to
>> maintain them in a workgroup, about 8 users is the maximum
>> from my
>> experience. Some of them will never use more than one
>> machine, but
>> most will move from one machine to another and so they
>> will have
>> to have login details on *all* machines they will log
>> into. This
>> is where a domain comes in, you create the user in one
>> place and
>> the user can then login everywhere.
>>
>>
>> I don't really get it. Maybe I misinterpret what you said.
>> If our samba server works, users only want to access samba
>> service using their own PC,
>> that's what they need, they are not allowed to use others' PCs
>> but their own.
>>
>> And yes, users can move from one machine to another, that's
>> how a domain works,
>> but we don't need to provide samba service between Workstation,
>> only one way access from PCs to Workstations is needed for users.
>>
>> I am not worried about users limitation, it's just as I said
>> that not so many users need this service.
>> If so, I'll figure it out.
>>
>>
>> Now we come to the new questions, will the Unix machines
>> need to
>> be part of the domain ?
>>
>>
>> What do you mean "to be part of the domain"?
>> We have unix/linux machines in each NIS domain, they are a
>> part of their domain.
>> Could you define your question more precisely?
>>
>> You mention that they are in different domains, do you mean
>> domains or do you mean workgroups?
>>
>> What I mean is NIS domain. We have three different domains, so
>> I plan to start up one samba server for each domain separately
>> As for workgroup, we only have one workgroup for windows, so
>> it won't be an issue.
>>
>> Are any machines in a windows domain already?
>>
>> No.
>>
>> Finally, if you cannot set up a new domain, do your users
>> need to
>> own files on your samba server or do they just need to read &
>> store files on the samba server.
>>
>> Rowland
>>
>> They just need to read & store files on the samba server.
>>
>> Regards,
>> Roger
>>
>>
>> OK, from what you have posted, you have Unix & windows
>> workstations and they are in groups. You will probably be better
>> of creating a new AD domain with a number of sites, you can use
>> the DCs to authenticate all the users & groups and if push comes
>> to shove, use the DCs as fileservers. Your users would log into
>> their workstation (either windows or Unix) and have all their data
>> to hand, the windows users would use the standard AD capabilities
>> and the Unix users would use the RFC2307 attributes that are built
>> into a Samba AD as standard.
>>
>> This will give you is centralisation of user & group maintenance,
>> your users info will exist in just one place, you only need to add
>> a user once, you can do it without leaving your chair, unlike a
>> WORKGROUP, where you will have to visit *every* workstation or
>> server that a user will connect to. I have been there, done that
>> and my workgroup was scattered over three counties! It isn't easy.
>>
>> Rowland
>>
>> I am still confused why can't I use NIS as centralization of user
authentication?
I can do it at samba3x, or samba4x do it in a total different way?
>
>> Geez! It's too deep for me to understand.
>> I did achieve what I want with old samba version only doing some simple
>> settings,
>> I tried to reduplicate the result using new samba version but it failed.
>> I didn't expect it comes to this way you mentioned, it seems more
>> complicated.
>>
>
> No, I doubt if you will be unable to understand it, you just haven't had
> any experience yet.
>
>
>> We do have an AD for PC windows workgroup. Why should I need to create a
>> new AD?
>>
>
> No, again I doubt you are using an AD for a workgroup, domain yes,
> workgroup no
It's my misunderstanding. you're right we are using an AD for windows
domain.
Even so, I still need to create another new AD for what ?
> .
>
> Would you please give me an example or show me how to setup samba as you
>> said?
>>
>>
> OK, start here:
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>
> I'm try to study the above link you suggest, but I can't find samba-tool
for my installed packages
Where can I find samba-tool?
[root at testcad16 ~]# rpm -qa | grep samba
sernet-samba-4.2.5-19.el6.x86_64
sernet-samba-libs-4.2.5-19.el6.x86_64
sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64
sernet-samba-client-4.2.5-19.el6.x86_64
sernet-samba-common-4.2.5-19.el6.x86_64
> I have no experience creating a AD domain and DCs.
>>
>
> Everybody has to start somewhere.
>
>
> OK, if you do not want to go down this path, then try this smb.conf
>
> [global]
> workgroup = WORKGROUP
> server string = ****
> netbios name = *****
> printcap name = /dev/null
> load printers = no
> disable spoolss = yes
> printing = bsd
> dns proxy = no
> map to guest = Bad User
> guest ok = yes
>
> This should work without adding any users to the server, anybody that
> connects gets mapped to the guest user, but this does mean that your users
> cannot own anything on the server and anybody will be able to read or
> delete anything!!!
>
> I've tried the above smb.conf, and ya, it worked, but it's definitely not
what I want.
I'll jump to the other option you suggested, but it will takes me time to
learn it.
Roger
> You just need to add whatever shares you require (and alter it to suit
> your workgroup etc).
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list