On Sat, 20 Dec 2003, Craig White wrote: > On Fri, 2003-12-19 at 11:30, John H Terpstra wrote: > > > c) turn off logon services (never done this on NT domain controller but > > > presume that it can be somewhat disabled) - has anyone done anything > > > down this path? > > > > That will work too. Just shut down the Netlogon service. > > > ---- > finally, will all the users gone, I was able to get onto the network and > test these things out. So I got over there this morning and: > - disabled Network Logon service on NT-SERVER > - changed smb.conf on Linux /security = user > /domain/local/preferred master = yes > /os level = 34 > - restarted smb service > > - user could log on - authenticated by samba/LDAP > - user couldn't access files/shares/printers on NT-SERVER if their > username/password didn't exist on NT-SERVER prior
That is expected because NT4 is a PDC and therefore believes it is authoritative for all authentication. It will not pass the authentication request through to Samba. > > - NT-SERVER 'Event Viewer' showed nothing of failed access >From it's perspective nothing has failed. > - NT-SERVER 'Server Manager' lists Samba as PDC and NT-SERVER as > workstation (not PDC or BDC) The vampire process registers the Samba server as a BDC. But you have to update it to PDC. The NT4 PDC still thinks your Samba server is a BDC and is looking for it to announce itself as such. Since it did not get the message that says, "Hi, I'm your friendly BDC" it should show a ghosted connection. ie: Grey icon that looks like any other domain member. The greyed out icon could show in color, but it will never show as more than a domain member machine. > - NT-SERVER User Manager for Domains shows all the accounts for the > domain, including the accounts that weren't on NT-SERVER domain prior to > net vampire (obviously talks to Samba server) - it does however > immediately open dialog - Tag is invalid and complains about that every > time I try to connect to DOMAIN Ok. I'd need to see the network traces to see what's going on. > > the only clue that I have on this is from /var/log/samba/log.ntserver > > [2003/12/20 11:16:20, 0] > passdb/pdb_ldap.c:ldapsam_search_one_group(1612) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: > (Insufficient access)smbldap_open: cannot access LDAP when not root.. > > smbpasswd on that machine can access LDAP but apparently, through > NT-SERVER, it can't - must be the Administrator<->root mapping yes/no? You need an Administrator account in LDAP and it must have UNIX uid=0. > > smbaccess -w has been run and up to this point, seemed happy. Look on the bright side: at least something is happy. > hints? Ok, above. > Painters came in to mess up my access today. I'm going to the bookstore > and see if the Samba 3 book and a suitable LDAP book is available. I'm > very interested in looking at various slapd.conf examples that might > give me good ideas before I am committed. I'd order the painters off site if I knew they would listen. How dare they get in the way of your enjoyment. :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
