[Samba] NT4-Style Auth & Roaming Profiles Only?
Jim Seymour
jseymour at LinxNet.com
Wed Jul 27 16:18:14 UTC 2016
On Tue, 26 Jul 2016 13:40:59 -0500
Dale Schroeder <dale at BriannasSaladDressing.com> wrote:
[snip]
>
> Sorry Rowland, but the break happened before the badlock patches when
> Debian jumped from 4.1.x to 4.3.x, skipping 4.2.x altogether.
[snip]
>
> Jim, currently at Debian 4.4.5. If you search this list, you will
> find others who have had the same thing happen. To my knowledge,
> none have come back to say that their NT4 domain is working again
> post-4.2.x.
[snip]
What was the nature/symtoms of the failure(s), Dale?
What I'm seeing is that network authentication works, but login takes
an inordinate amount of time: About 40 seconds until I see "Preparing
your desktop" and another 20 seconds until "You have been logged on
with a temporary profile."
It doesn't appear to be a network auth problem. If I put in an invalid
username or password, I get "The user name or password is incorrect"
*instantly*.
It's not permissions. Once logged-in, I can access the Profiles share,
the user's network home directory, and anything else to which the user
should have access. And I can write to those places to which I should
be able.
At least I don't *think* it's permissions. In perusing the logs, with
debug turned up, I see things like
smbd_check_access_rights: file username.V2 requesting 0x20080
returning 0x20000 (NT_STATUS_OK)
smbd_check_access_rights: file username3.V2 requesting 0x80
returning 0x0 (NT_STATUS_OK)
which makes me wonder if the code's not broken. (The thing's lying.
The user's id is "Domain User", the directory is group "Domain User"
and the permissions were "rwxrwxrwt".)
I find more than a little disquieting is that nobody seems able to
actually *troubleshoot* issues like this. Somebody ought to be able to
look at logfiles and say "Oh, well, *this* is what's you're doing
wrong" or "Ah! The code's broken because of <this>", or whatever.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the samba
mailing list