[Samba] NT4-Style Auth & Roaming Profiles Only?

Jim Seymour jseymour at LinxNet.com
Wed Jul 27 16:18:14 UTC 2016 

On Tue, 26 Jul 2016 13:40:59 -0500
Dale Schroeder <dale at BriannasSaladDressing.com> wrote:

[snip]
> 
> Sorry Rowland, but the break happened before the badlock patches when 
> Debian jumped from 4.1.x to 4.3.x, skipping 4.2.x altogether.
[snip]
> 
> Jim, currently at Debian 4.4.5.  If you search this list, you will
> find others who have had the same thing happen.  To my knowledge,
> none have come back to say that their NT4 domain is working again
> post-4.2.x.
[snip]

What was the nature/symtoms of the failure(s), Dale?

What I'm seeing is that network authentication works, but login takes
an inordinate amount of time: About 40 seconds until I see "Preparing
your desktop" and another 20 seconds until "You have been logged on
with a temporary profile."

It doesn't appear to be a network auth problem.  If I put in an invalid
username or password, I get "The user name or password is incorrect"
*instantly*.

It's not permissions. Once logged-in, I can access the Profiles share,
the user's network home directory, and anything else to which the user
should have access.  And I can write to those places to which I should
be able.

At least I don't *think* it's permissions.  In perusing the logs, with
debug turned up, I see things like

    smbd_check_access_rights: file username.V2 requesting 0x20080
      returning 0x20000 (NT_STATUS_OK)
    smbd_check_access_rights: file username3.V2 requesting 0x80
      returning 0x0 (NT_STATUS_OK)

which makes me wonder if the code's not broken.  (The thing's lying.
The user's id is "Domain User", the directory is group "Domain User"
and the permissions were "rwxrwxrwt".)

I find more than a little disquieting is that nobody seems able to
actually *troubleshoot* issues like this. Somebody ought to be able to
look at logfiles and say "Oh, well, *this* is what's you're doing
wrong" or "Ah! The code's broken because of <this>", or whatever.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list