J
2007-Dec-20 20:37 UTC
[Samba] difficulty setting up Samba PDC.. please help... out of ideas
I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, "virtualx-ray", on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in):> Windows cannot locate the server copy of your roaming profile and is > attempting to log you on with your local profile. Changes to the > profile will not be copied to the server when you logoff. Possible > causes of this error include network problems or insufficient security > rights. If this problem persists, contact your network administrator. > > > DETAIL - Logon failure: unknown user name or bad password.bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae.> Windows cannot log you on because your profile cannot be loaded. Check > that you are connected to the network, or that your network is > functioning correctly. If this problem persists, contact your network > administrator. > > > DETAIL - The system cannot find the path specified.bryan does NOT exist as a local account on the Windows client. "Jae" did exist, at one time on the Windows client. ( The login name was later changed to "jnorm". Logging in as "Jae" with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more "open" than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files > smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jae users 4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ; load printers = yes ; printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ; guest ok = no ; guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes # create mask = 0666 # directory mask = 0777 csc policy = disable [SharePPSI] path = /misc2/shares/share.ppsi writeable = yes force create mode = 0660 force directory mode = 2771 # More directory shares, omitted for sake of brevity; # No shares directly off of /home, except for win-profiles. (//haze): [jae@haze server.files]$ smbclient --version Version 3.0.24-11.fc6 [ls -l]: /home/shares/: ( This is an NFS to //receptionist ) dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon drwxrws--- 3 jae ppsi-employees 4096 Dec 10 12:25 network-resources [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false bryan:x:501:501:bryan:/home/bryan:/bin/bash [/etc/group]: users:x:100:jae,games,bryan jae:x:500: machines:x:526: ntadmins:x:550:jae bryan:x:501: [/etc/samba/smb.conf]: [global] workgroup = ppsi-austin netbios name = fdesk server string = Front Desk security = user cups options = raw ; guest account = pcguest log file = /var/log/samba/%m.log max log size = 50 ; password server = <NT-Server-Name> ; realm = MY_REALM ; passdb backend = tdbsam ; include = /usr/local/samba/lib/smb.conf.%m ; interfaces = lo eth0 local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes encrypt passwords = yes ; logon script = %m.bat ; logon script = %U.bat logon path = //receptionist/win-profiles/%U wins support = yes ; wins server = w.x.y.z ; wins proxy = yes dns proxy = no username map = /etc/samba/smbusers add user script = /usr/sbin/useradd %u add group script = /usr/sbin/groupadd %g add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u ; delete user script = /usr/sbin/userdel %u ; delete user from group script = /usr/sbin/deluser %u %g ; delete group script = /usr/sbin/groupdel %g [homes] comment = Home Directories browseable = no writeable = yes [netlogon] ; path = /usr/local/samba/lib/netlogon path = /home/shares/netlogon guest ok = yes ; writeable = no share modes = no csc policy = disabled [printers] comment = All Printers path = /usr/spool/samba browseable = no ; guest ok = no ; writeable = no printable = yes [net groupmap list (SIDs blocked out) ]: Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins .. I can't think of anything else that could be involved. There is no LDAP in place here. Let me know if any other settings / information is needed. Thanks!! --J.
J
2007-Dec-20 21:59 UTC
[Samba] difficulty setting up Samba PDC.. please help... out of ideas
Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] -> [bryan] -> [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? J wrote:> I am trying to test a Samba PDC on our network that currently shares > files as a workgroup (with a different name, of course). Microsoft > states that this can be done, with no issues (so long as the workgroup > and the domain have different names). The permanent home for the > shares is on //receptionist. ( The temporary home for the Samba PDC > is on //haze. ) Once the PDC has been set up successfully and tested, > //receptionist will be switched to work as the PDC, and not a file > share. The Windows client I'm testing on is a virtual machine, > "virtualx-ray", on the network. > > Please, does anyone have any ideas??: > > I have successfully joined the domain, and I can log into the domain > with the first user I set up on //haze. (jae) jae is able to log in, > successfully loads the custom profile (changing the network > neighborhood to use a customized list of network resources), but does > not currently update the profile. (one thing at a time) bryan, on > the other hand, gets the following messages (and does not log in): > >> Windows cannot locate the server copy of your roaming profile and is >> attempting to log you on with your local profile. Changes to the >> profile will not be copied to the server when you logoff. Possible >> causes of this error include network problems or insufficient >> security rights. If this problem persists, contact your network >> administrator. >> >> DETAIL - Logon failure: unknown user name or bad password. > bryan is a valid user name (see the passwd file settings below) , and > I'm using the correct password. I have restarted both Samba servers > every time I made a change in the smb.conf files. There is nothing in > the logs (on //haze) that another user is trying to log on, other than > jae. >> Windows cannot log you on because your profile cannot be loaded. >> Check that you are connected to the network, or that your network is >> functioning correctly. If this problem persists, contact your network >> administrator. >> >> >> DETAIL - The system cannot find the path specified. > bryan does NOT exist as a local account on the Windows client. "Jae" > did exist, at one time on the Windows client. ( The login name was > later changed to "jnorm". Logging in as "Jae" with the valid > password on the local client does not work, as it shouldn't. ) > > > I have tinkered with the settings for weeks now, so they are more > "open" than they started out. > Here are the (appropriate) settings: > > (//receptionist): > > [receptionist 133] server.files > smbclient --version > Version 3.0.23c-2.el5.2.0.2 > > [ls -l]: > > /home/win-profiles: > drwxr-xr-x 22 root root 4096 Dec 8 11:37 home > drwxrwxrwx 4 jae users 4096 Dec 17 13:18 > win-profiles > > /misc2/shares/netlogon: > drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares > dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon > > [/etc/passwd]: > > jae:x:500:500:J:/home/jae:/bin/bash > bryan:x:501:501::/home/bryan:/bin/bash > > [/etc/group]: > > users:x:100:bryan,jae > jae:x:500: > bryan:x:501: > ntadmins:x:550: > > [/etc/samba/smb.conf]: > > [global] > workgroup = platinum > server string = Receptionist > security = user > hosts allow = 192.168.1. 192.168.0. 127. > ; load printers = yes > ; printing = cups > cups options = raw > log level = 2 > log file = /var/log/samba/%m.log > max log size = 50 > interfaces = lo eth0 > os level = 33 > ;preferred master = yes > wins support = yes > dns proxy = no > username map = /etc/samba/smbusers > veto files = /lost+found > encrypt passwords = yes > ; guest ok = no > ; guest account = nobody > [homes] > comment = Home Directories > browseable = no > writeable = yes > [netlogon] > comment = Network Logon Service > path = /misc2/shares/netlogon > guest ok = yes > browseable = No > [network-resources] > path = /misc2/shares/network-resources > guest ok = no > browseable = yes > writeable = yes > writelist = jae > [printers] > comment = All Printers > path = /usr/spool/samba > printable = yes > guest ok = yes > [win-profiles] > path = /home/win-profiles > browseable = yes > writeable = yes > # create mask = 0666 > # directory mask = 0777 > csc policy = disable > [SharePPSI] > path = /misc2/shares/share.ppsi > writeable = yes > force create mode = 0660 > force directory mode = 2771 > > # More directory shares, omitted for sake of brevity; > # No shares directly off of /home, except for win-profiles. > > (//haze): > > [jae@haze server.files]$ smbclient --version > Version 3.0.24-11.fc6 > > [ls -l]: > > /home/shares/: ( This is an NFS to //receptionist ) > dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon > drwxrws--- 3 jae ppsi-employees 4096 Dec 10 12:25 network-resources > > [/etc/passwd]: > > jae:x:500:500:J:/home/jae:/bin/bash > virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false > bryan:x:501:501:bryan:/home/bryan:/bin/bash > > [/etc/group]: > > users:x:100:jae,games,bryan > jae:x:500: > machines:x:526: > ntadmins:x:550:jae > bryan:x:501: > > [/etc/samba/smb.conf]: > > [global] > workgroup = ppsi-austin > netbios name = fdesk > server string = Front Desk > security = user > cups options = raw > ; guest account = pcguest > log file = /var/log/samba/%m.log > max log size = 50 > ; password server = <NT-Server-Name> > ; realm = MY_REALM > ; passdb backend = tdbsam > ; include = /usr/local/samba/lib/smb.conf.%m > ; interfaces = lo eth0 > local master = yes > os level = 99 > domain master = yes > preferred master = yes > domain logons = yes > encrypt passwords = yes > ; logon script = %m.bat > ; logon script = %U.bat > logon path = //receptionist/win-profiles/%U > wins support = yes > ; wins server = w.x.y.z > ; wins proxy = yes > dns proxy = no > username map = /etc/samba/smbusers > > add user script = /usr/sbin/useradd %u > add group script = /usr/sbin/groupadd %g > add machine script = /usr/sbin/adduser -n -g machines -c Machine -d > /dev/null -s /bin/false %u > ; delete user script = /usr/sbin/userdel %u > ; delete user from group script = /usr/sbin/deluser %u %g > ; delete group script = /usr/sbin/groupdel %g > > > [homes] > comment = Home Directories > browseable = no > writeable = yes > > [netlogon] > ; path = /usr/local/samba/lib/netlogon > path = /home/shares/netlogon > guest ok = yes > ; writeable = no > share modes = no > csc policy = disabled > > [printers] > comment = All Printers > path = /usr/spool/samba > browseable = no > ; guest ok = no > ; writeable = no > printable = yes > > > [net groupmap list (SIDs blocked out) ]: > Domain Users (S-1-5-21-xxx-xxx-xxx-1201) -> users > Domain Guests (S-1-5-21-xxx-xxx-xxx-1199) -> nobody > PPSI Employees (S-1-5-21-xxx-xxx-xxx-2013) -> ppsi-employees > Domain Admins (S-1-5-21-xxx-xxx-xxx-2101) -> ntadmins > > > .. I can't think of anything else that could be involved. There is no > LDAP in place here. Let me know if any other settings / information > is needed. > > Thanks!! > > --J.
John Drescher
2007-Dec-20 22:18 UTC
Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 4:58 PM, J <jae@platinumpsi.com> wrote:> Incidentally, this is being written (at log level 2), when I attempt to > log bryan in: > > [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [bryan] -> [bryan] -> > [bryan] succeeded > > If authentication is succeeding, why am I getting the message that the > user doesn't exist in Windows? >Try adding profile acls = yes to your smb.conf John
John Drescher
2007-Dec-21 03:33 UTC
[Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 10:32 PM, John Drescher <drescherjm@gmail.com> wrote:> On Dec 20, 2007 7:56 PM, J <jae@platinumpsi.com> wrote: > > The answer, to my biggest problem, was that the user needed the same > > smbpasswd on both Samba servers. (d'oh!) > > Take a look at using ldap. That way you can have a central password > server and not have that problem. > > John >-- John M. Drescher