My entire smb.conf file is listed in the thread "[Samba] Samba 3.0.4 Profile Permissions".
I'll post it here as well.
My layout is fairly simple. I have one machine in my network running Linux and Samba that acts as a Primary Domain Controller. It resides at IP addres 192.168.1.100 while all of the other machines on my network (all Windows XP clients) have an IP address of 192.168.1.xxx
I currently have this setup running in Mandrake (from about 2 years ago) and everything works as it should regarding Samba (version 2.2.4 btw).
All of my clients login to the server using an account and password that exists on the Linux machine.
Following this message is my smb.conf and my log files from last night. This was with the firewall disabled altogether. I would like a firewall of some sort on this server so disabling the firewall doesn't really make me feel all that comfortable but if it doesn't work right, it doesn't work. I have ports 137, 138, 139 and 445 open, according to YaST, but this still will not work. I (usually) can't even see the Domain Controller while the firewall is running. I say ususally because sometimes I do... and I hadn't changed a thing. It's there one minute and gone the next.
When you look at the log files you will notice that I attempted to log in with a user account of bagginsadmin which is a member of the adm group. The adm group is set in all of my Windows XP clients as a member of the Administrators group so that I can use this particular login to access any of my XP clients and make any necessary modifications.
When I attempted to login last night I got the following error:
"Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator."
I then attempted to login with my own account (also a member of the adm group) and got this error:
"Windows cannot log you in now because the domain BAGGINS is not available."
I then created a new user account in Linux and Samba and attempted to login. I get the same error.
When I login using the original administrative account above I get access to most of the shares that I have setup. My network logon script runs just fine. I do not, however, have Administrative priveleges on the XP client. When I attempt to modify the XP client Administrators group I get a list of numbers as the members instead of what I am used to seeing (i.e. BAGGINS\unix_group.XXXXXXX).
Now I am sure that the following line in my log.smbd explains what is going wrong but I'll be snookered if I knew what it meant:
[2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988) init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32- 544, which conflicts with the domain sid S-1-5-21-2763611909-969304523- 3334035465. Failing operation.
So, having said all of that, here are my configuration and log files.
As always, any help is greatly appreciated.
[global] workgroup = BAGGINS security = user encrypt passwords = yes passdb backend = smbpasswd server string = Domain Controller netbios name = BILBO add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody - s /bin/false %m$ domain master = yes domain logons = yes logon script = logon.cmd local master = yes preferred master = yes os level = 65
[homes] comment = Home Directory for %u path = /home/%u read only = No browseable = No
[Projects] comment = Project Folders path = /data-1/projects admin users = @Design, adm, Manager read only = No create mask = 0775 force create mode = 0775 force security mode = 0775 force directory mode = 0775 force directory security mode = 0775
[Temp] comment = Temporary Space path = /data-1/temp admin users = @Design, adm, Manager read only = No create mask = 0777
[Archive] comment = Archived Projects path = /data-1/archive write list = @adm security mask = 0755 directory security mask = 0755 guest ok = Yes
[netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = Yes
[Profiles] path = /home/%u/profile browseable = No writeable = yes nt acl support = yes
My log.smbd
[2004/10/04 11:55:00, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:00, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 11:55:04, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:13, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 11:55:14, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:15, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service netlogon initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:56:50, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service netlogon
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service Archive initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service Projects initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service Temp initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988)
init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32-
544,
which conflicts with the domain sid S-1-5-21-2763611909-969304523-
3334035465. Failing operation.
[2004/10/04 12:00:21, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 12:00:24, 1] smbd/service.c:make_connection_snum(619)
baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 12:00:24, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service Archive
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service Projects
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
baggins001 (192.168.1.6) closed connection to service Temp
My log.nmbd
*****
[2004/10/04 08:34:07, 0] nmbd/nmbd.c:terminate(54)
Got SIGTERM: going down...
[2004/10/04 09:59:49, 0] nmbd/nmbd.c:main(664)
Netbios nameserver version 3.0.4-SUSE started.
Copyright Andrew Tridgell and the Samba Team 1994-2004
[2004/10/04 09:59:49, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
add_domain_logon_names:
Attempting to become logon server for workgroup BAGGINS on subnet 192.168.1.100
[2004/10/04 09:59:49, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup BAGGINS on subnet 192.168.1.100
[2004/10/04 09:59:49, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
become_domain_master_browser_bcast: querying subnet 192.168.1.100 for domain master browser on workgroup BAGGINS
[2004/10/04 09:59:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success
(124)
become_logon_server_success: Samba is now a logon server for workgroup BAGGINS on subnet 192.168.1.100
[2004/10/04 09:59:57, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2
(113)
*****
Samba server BILBO is now a domain master browser for workgroup BAGGINS on subnet 192.168.1.100
***** [2004/10/04 10:00:13, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2 (396) *****
Samba name server BILBO is now a local master browser for workgroup BAGGINS on subnet 192.168.1.100
*****
---------- Original Message ----------- From: rruegner <[EMAIL PROTECTED]> To: Holger Krull <[EMAIL PROTECTED]> Sent: Tue, 05 Oct 2004 14:50:14 +0200 Subject: Re: [Samba] SuSE 9.1 Pro
Holger Krull schrieb:
Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google )
and study more chapters from Samba Browsing
That's not very nice, the Suse 'firewall' is well written. And you can't expect everyone to learn that much about paket filtering just to run
samba.
And it works with samba.
Sorry Holger, but my opinion is different, suse firewall may be good written, but learning about packet filtering and networking is helpfull in any way. If you dont push the button block internal internal interface in yast and you bind samba to your internal nic suse firewall is not involded with you samba stuff. If you want use samba trough nat or suse firewall, you should take your own iptables script, cause you cant really adjust this in suse firewall. For more help post more of your desired network layout and you samba conf Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
------- End of Original Message -------
-- Chuck Chauvin Network Administrator [EMAIL PROTECTED]
Hi Chuck now i think it is clear that your firewall is not envolved anyway disable it until you fetch the bug. at a short look User bagginsadmin has Primary Group SID S-1-5-32- > 544, > which conflicts with the domain sid S-1-5-21-2763611909-969304523- > 3334035465. > Failing operation. your user is not a domain user, your smb.conf is very small for a pdc but should be enough, as your samba does logs no blocking by a firewall is done in my suse setup i have passdb backend = smbpasswd:/etc/samba/smbpasswd
check if the user is exist /etc/passwd
and create him with smbpasswd -a user
This should help you out , but i recommend to read more on samba faq and suse example conf as well, cause your missing very usefull parameters in your conf
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
