The answer, to my biggest problem, was that the user needed the same smbpasswd on both Samba servers. (d'oh!) The PDC would handle the authentication, and then attempt to access shares on the file server, but since the smbpasswd was different on the file server, access would not be granted...

I still have strange behaviors to figure out (like why I'm not getting consistent results from different machines), but the hurdle that took me two weeks to figure out is conquered...


J wrote:
Incidentally, this is being written (at log level 2), when I attempt to log bryan in:

[2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [bryan] -> [bryan] -> [bryan] succeeded

If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows?


J wrote:
I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, "virtualx-ray", on the network.

Please, does anyone have any ideas??:

I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in):

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password.
bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae.
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - The system cannot find the path specified.
bryan does NOT exist as a local account on the Windows client. "Jae" did exist, at one time on the Windows client. ( The login name was later changed to "jnorm". Logging in as "Jae" with the valid password on the local client does not work, as it shouldn't. )


I have tinkered with the settings for weeks now, so they are more "open" than they started out.
Here are the (appropriate) settings:

(//receptionist):

[receptionist 133] server.files > smbclient --version
Version 3.0.23c-2.el5.2.0.2

[ls -l]:

/home/win-profiles:
drwxr-xr-x  22 root root  4096 Dec  8 11:37 home
drwxrwxrwx 4 jae users 4096 Dec 17 13:18 win-profiles

/misc2/shares/netlogon:
drwxr-sr-x  12 root  ppsi-employees  4096 Dec  8 07:31 shares
dr--r-xrwx  2 root   users          4096 Dec  7 17:12 netlogon

[/etc/passwd]:

jae:x:500:500:J:/home/jae:/bin/bash
bryan:x:501:501::/home/bryan:/bin/bash

[/etc/group]:

users:x:100:bryan,jae
jae:x:500:
bryan:x:501:
ntadmins:x:550:

[/etc/samba/smb.conf]:

[global]
   workgroup = platinum
   server string = Receptionist
   security = user
   hosts allow = 192.168.1. 192.168.0. 127.
;    load printers = yes
;    printing = cups
   cups options = raw
   log level = 2
   log file = /var/log/samba/%m.log
   max log size = 50
   interfaces = lo eth0
   os level = 33
;preferred master = yes
   wins support = yes
   dns proxy = no
   username map = /etc/samba/smbusers
   veto files = /lost+found
   encrypt passwords = yes
;    guest ok = no
;    guest account = nobody
[homes]
   comment = Home Directories
   browseable = no
   writeable = yes
[netlogon]
   comment = Network Logon Service
   path = /misc2/shares/netlogon
   guest ok = yes
   browseable = No
[network-resources]
   path = /misc2/shares/network-resources
   guest ok = no
   browseable = yes
   writeable = yes
   writelist = jae
[printers]
   comment = All Printers
   path = /usr/spool/samba
   printable = yes
   guest ok = yes
[win-profiles]
   path = /home/win-profiles
   browseable = yes
   writeable = yes
#    create mask = 0666
#    directory mask = 0777
   csc policy = disable
[SharePPSI]
   path = /misc2/shares/share.ppsi
   writeable = yes
   force create mode = 0660
   force directory mode = 2771

# More directory shares, omitted for sake of brevity;
# No shares directly off of /home, except for win-profiles.

(//haze):

[EMAIL PROTECTED] server.files]$ smbclient --version
Version 3.0.24-11.fc6

[ls -l]:

/home/shares/: ( This is an NFS to //receptionist )
dr--r-xrwx  2 root   users          4096 Dec  7 17:12 netlogon
drwxrws---  3 jae    ppsi-employees 4096 Dec 10 12:25 network-resources

[/etc/passwd]:

jae:x:500:500:J:/home/jae:/bin/bash
virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false
bryan:x:501:501:bryan:/home/bryan:/bin/bash

[/etc/group]:

users:x:100:jae,games,bryan
jae:x:500:
machines:x:526:
ntadmins:x:550:jae
bryan:x:501:

[/etc/samba/smb.conf]:

[global]
   workgroup = ppsi-austin
   netbios name = fdesk
   server string = Front Desk
   security = user
   cups options = raw
;  guest account = pcguest
   log file = /var/log/samba/%m.log
   max log size = 50
;   password server = <NT-Server-Name>
;   realm = MY_REALM
;   passdb backend = tdbsam
;   include = /usr/local/samba/lib/smb.conf.%m
;    interfaces = lo eth0
   local master = yes
   os level = 99
   domain master = yes
   preferred master = yes
   domain logons = yes
   encrypt passwords = yes
;   logon script = %m.bat
;   logon script = %U.bat
   logon path = //receptionist/win-profiles/%U
   wins support = yes
; wins server = w.x.y.z
;   wins proxy = yes
   dns proxy = no
   username map = /etc/samba/smbusers

   add user script = /usr/sbin/useradd %u
   add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


[homes]
   comment = Home Directories
   browseable = no
   writeable = yes

[netlogon]
;    path = /usr/local/samba/lib/netlogon
   path = /home/shares/netlogon
   guest ok = yes
;    writeable = no
   share modes = no
   csc policy = disabled

[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
;    guest ok = no
;    writeable = no
   printable = yes


[net groupmap list (SIDs blocked out) ]:
Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users
Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody
PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees
Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins


.. I can't think of anything else that could be involved. There is no LDAP in place here. Let me know if any other settings / information is needed.

Thanks!!

--J.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to