The answer, to my biggest problem, was that the user needed the same
smbpasswd on both Samba servers. (d'oh!)
The PDC would handle the authentication, and then attempt to access
shares on the file server, but since the smbpasswd was different on the
file server, access would not be granted...
I still have strange behaviors to figure out (like why I'm not getting
consistent results from different machines), but the hurdle that took me
two weeks to figure out is conquered...
J wrote:
Incidentally, this is being written (at log level 2), when I attempt
to log bryan in:
[2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [bryan] -> [bryan] ->
[bryan] succeeded
If authentication is succeeding, why am I getting the message that the
user doesn't exist in Windows?
J wrote:
I am trying to test a Samba PDC on our network that currently shares
files as a workgroup (with a different name, of course). Microsoft
states that this can be done, with no issues (so long as the
workgroup and the domain have different names). The permanent home
for the shares is on //receptionist. ( The temporary home for the
Samba PDC is on //haze. ) Once the PDC has been set up successfully
and tested, //receptionist will be switched to work as the PDC, and
not a file share. The Windows client I'm testing on is a virtual
machine, "virtualx-ray", on the network.
Please, does anyone have any ideas??:
I have successfully joined the domain, and I can log into the domain
with the first user I set up on //haze. (jae) jae is able to log in,
successfully loads the custom profile (changing the network
neighborhood to use a customized list of network resources), but does
not currently update the profile. (one thing at a time) bryan, on
the other hand, gets the following messages (and does not log in):
Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the
profile will not be copied to the server when you logoff. Possible
causes of this error include network problems or insufficient
security rights. If this problem persists, contact your network
administrator.
DETAIL - Logon failure: unknown user name or bad password.
bryan is a valid user name (see the passwd file settings below) , and
I'm using the correct password. I have restarted both Samba servers
every time I made a change in the smb.conf files. There is nothing
in the logs (on //haze) that another user is trying to log on, other
than jae.
Windows cannot log you on because your profile cannot be loaded.
Check that you are connected to the network, or that your network is
functioning correctly. If this problem persists, contact your
network administrator.
DETAIL - The system cannot find the path specified.
bryan does NOT exist as a local account on the Windows client. "Jae"
did exist, at one time on the Windows client. ( The login name was
later changed to "jnorm". Logging in as "Jae" with the valid
password on the local client does not work, as it shouldn't. )
I have tinkered with the settings for weeks now, so they are more
"open" than they started out.
Here are the (appropriate) settings:
(//receptionist):
[receptionist 133] server.files > smbclient --version
Version 3.0.23c-2.el5.2.0.2
[ls -l]:
/home/win-profiles:
drwxr-xr-x 22 root root 4096 Dec 8 11:37 home
drwxrwxrwx 4 jae users 4096 Dec 17 13:18
win-profiles
/misc2/shares/netlogon:
drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares
dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon
[/etc/passwd]:
jae:x:500:500:J:/home/jae:/bin/bash
bryan:x:501:501::/home/bryan:/bin/bash
[/etc/group]:
users:x:100:bryan,jae
jae:x:500:
bryan:x:501:
ntadmins:x:550:
[/etc/samba/smb.conf]:
[global]
workgroup = platinum
server string = Receptionist
security = user
hosts allow = 192.168.1. 192.168.0. 127.
; load printers = yes
; printing = cups
cups options = raw
log level = 2
log file = /var/log/samba/%m.log
max log size = 50
interfaces = lo eth0
os level = 33
;preferred master = yes
wins support = yes
dns proxy = no
username map = /etc/samba/smbusers
veto files = /lost+found
encrypt passwords = yes
; guest ok = no
; guest account = nobody
[homes]
comment = Home Directories
browseable = no
writeable = yes
[netlogon]
comment = Network Logon Service
path = /misc2/shares/netlogon
guest ok = yes
browseable = No
[network-resources]
path = /misc2/shares/network-resources
guest ok = no
browseable = yes
writeable = yes
writelist = jae
[printers]
comment = All Printers
path = /usr/spool/samba
printable = yes
guest ok = yes
[win-profiles]
path = /home/win-profiles
browseable = yes
writeable = yes
# create mask = 0666
# directory mask = 0777
csc policy = disable
[SharePPSI]
path = /misc2/shares/share.ppsi
writeable = yes
force create mode = 0660
force directory mode = 2771
# More directory shares, omitted for sake of brevity;
# No shares directly off of /home, except for win-profiles.
(//haze):
[EMAIL PROTECTED] server.files]$ smbclient --version
Version 3.0.24-11.fc6
[ls -l]:
/home/shares/: ( This is an NFS to //receptionist )
dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon
drwxrws--- 3 jae ppsi-employees 4096 Dec 10 12:25 network-resources
[/etc/passwd]:
jae:x:500:500:J:/home/jae:/bin/bash
virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false
bryan:x:501:501:bryan:/home/bryan:/bin/bash
[/etc/group]:
users:x:100:jae,games,bryan
jae:x:500:
machines:x:526:
ntadmins:x:550:jae
bryan:x:501:
[/etc/samba/smb.conf]:
[global]
workgroup = ppsi-austin
netbios name = fdesk
server string = Front Desk
security = user
cups options = raw
; guest account = pcguest
log file = /var/log/samba/%m.log
max log size = 50
; password server = <NT-Server-Name>
; realm = MY_REALM
; passdb backend = tdbsam
; include = /usr/local/samba/lib/smb.conf.%m
; interfaces = lo eth0
local master = yes
os level = 99
domain master = yes
preferred master = yes
domain logons = yes
encrypt passwords = yes
; logon script = %m.bat
; logon script = %U.bat
logon path = //receptionist/win-profiles/%U
wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = no
username map = /etc/samba/smbusers
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine
-d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
[homes]
comment = Home Directories
browseable = no
writeable = yes
[netlogon]
; path = /usr/local/samba/lib/netlogon
path = /home/shares/netlogon
guest ok = yes
; writeable = no
share modes = no
csc policy = disabled
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
; guest ok = no
; writeable = no
printable = yes
[net groupmap list (SIDs blocked out) ]:
Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users
Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody
PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees
Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins
.. I can't think of anything else that could be involved. There is
no LDAP in place here. Let me know if any other settings /
information is needed.
Thanks!!
--J.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba