Allan Jensen
1998-Mar-18 14:51 UTC
Weird problem with Windows NT 4 Workstation & Samba PDC
Hi there, First, forgive me for writing immediately after joining a list, but I've fought with Samba for 3 full days now, and people here have lost a bit of their patience with Samba as a PDC. The summary: Server : Samba 1.9.18p3, under Solaris 2.5.1 on a Sparcstation IPX, no patches, running NIS. Clients : Windows 95 / NT4-SP3 Workstation, logging on to a NT 3.51 PDC (for the time being) - accounts and passwords are manually synchronized by each user between the NIS and the NT domain. My problem is, that the PDC function doesn't seem to work. I (should) use encrypted passwords, but I've added the NT4 registry entry for being able to talk 'plain text' Samba<->NT4. The problem is this : I go to Start->Run on my NT4, type \\Sparc5 (the name of my server) - I instantly get an Access Denied. I can type \\Sparc5\tmp and it tells me that the network path doesn't exist. But if I do a smbstatus, I see this: Samba version 1.9.18p3 Service uid gid pid machine ---------------------------------------------- tmp alj users 10489 ntp3 (172.22.32.105) Wed Mar 18 14:25:12 1998 So I should be logged in, right? Even 'funnier' - I go to a command shell and type: net use p: \\sparc5\tmp And it maps the drive, regardless of that it just said that the network path didn't exist! I can do a 'dir \\sparc5\tmp' or 'dir p:\' without any problems. smbclient works without any problems at all. I can't join the domain from within NT4, nor can I use any of the NT4 tools to browse the domain. I can see it the domain in Network Neighbourhood, and I can also _see_ Sparc5 within the domain, but I can't open it. The only thing I can is to do a Properties on it - then it tells me it's a Windows NT 5.4 Primary Domain Controller. Can anyone tell me what is wrong here? I'm getting _real_ frustrated with this, because it doesn't really make any sense that it allows me access in one way, but not another! All files are located within /users/alj/samba and downwards (just during the testing phase - I'll recompile it later) Flags used when compiling: Using CFLAGS = -O -DNTDOMAIN -DSYSLOG -DSMBLOGFILE="/users/alj/samba/var/log.smb" -DNMBLOGFILE="/users/alj/samba/var/log.nmb" -DCONFIGFILE="/users/alj/samba/lib/smb.conf" -DLMHOSTSFILE="/users/alj/samba/lib/lmhosts" -DWEB_ROOT="/users/alj/samba" -DLOCKDIR="/users/alj/samba/var/locks" -DSMBRUN="/users/alj/samba/bin/smbrun" -DCODEPAGEDIR="/users/alj/samba/lib/codepages" -DWORKGROUP="WORKGROUP" -DGUEST_ACCOUNT="nobody" -DDRIVERFILE="/users/alj/samba/lib/printers.def" -DSUNOS5 -DSHADOW_PWD -DNETGROUP -DFAST_SHARE_MODES -DALLOW_CHANGE_PASSWORD -DSMBGETPASS -DSMB_PASSWD="/users/alj/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/users/alj/samba/private/smbpasswd" The smbpasswd file contains (amongst other things) this: alj:234:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:Allan Jensen:/users/alj:/bin/bash ntp3$:60001:NO PASSWORDXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:ntp3$:/: (my NT4 client is called ntp3, by the way) The output of testparm is: Load smb config files from /users/alj/samba/lib/smb.conf Processing section "[homes]" Processing section "[printers]" No path in service printers - using /tmp Processing section "[tmp]" Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters debuglevel = 2 syslog = 1 syslog only = No protocol = NT1 security = USER max disk size = 0 lpq cache time = 10 announce as = NT encrypt passwords = Yes getwd cache = Yes read prediction = No read bmpx = Yes read raw = Yes write raw = Yes use rhosts = No load printers = No null passwords = Yes strip dot = No interfaces = 172.22.4.5/255.255.0.0 bind interfaces only = Yes networkstation user login = Yes password server = socket options = netbios name = SPARC5 netbios aliases = smbrun = /users/alj/samba/bin/smbrun log file = /users/alj/samba/log/log.%m config file = smb passwd file = /users/alj/samba/private/smbpasswd hosts equiv = preload = server string = Samba Server printcap name = /etc/printcap lock dir = /users/alj/samba/var/%h/locks root directory = / default service = message command = dfree command = passwd program = /users/alj/samba/bin/smbpasswd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* valid chars = workgroup = SIMBADOM domain sid = S-1-5-21-666-666-666 domain other sids = domain groups = domain controller = Yes domain admin users = alj domain guest users = nobody domain hosts allow = domain hosts deny = username map = character set = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = announce version = 4.2 max log size = 50 mangled stack = 50 max mux = 50 max xmit = 65535 max packet = 65535 password level = 10 username level = 0 keepalive = 0 deadtime = 0 time offset = 0 read size = 16384 shared mem size = 102400 coding system = client code page = 850 os level = 66 max ttl = 14400 max wins ttl = 259200 min wins ttl = 21600 lm announce = Auto lm interval = 60 dns proxy = Yes wins support = Yes wins proxy = No wins server = preferred master = Yes local master = Yes domain master = Yes domain logons = Yes browse list = Yes unix realname = No NIS homedir = No time server = No printer driver file = /users/alj/samba/lib/printers.def # Default service parameters comment = copy = include = exec = postexec = root preexec = root postexec = alternate permissions = No revalidate = No default case = lower case sensitive = No preserve case = Yes short preserve case = No mangle case = No mangling char = ~ browseable = Yes available = Yes path = username = guest account = nobody invalid users = valid users = admin users = read list = write list = volume = force user = force group = read only = Yes max connections = 0 min print space = 0 create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 set directory = No status = Yes hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = guest only = No guest ok = No print ok = No postscript = No map system = No map hidden = No map archive = Yes locking = Yes strict locking = No share modes = Yes oplocks = Yes only user = No wide links = Yes follow symlinks = Yes sync always = No mangled names = Yes fake oplocks = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = printer = printer driver = NULL printer driver location = hosts allow = 172.22. hosts deny = dont descend = magic script = magic output = mangled map = delete readonly = No dos filetimes = No dos filetime resolution = No [homes] comment = Home Directories browseable = No read only = No create mask = 0775 [printers] comment = All Printers browseable = No path = /tmp create mask = 0700 print ok = Yes [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [IPC$] comment = IPC Service (Samba Server) path = /tmp status = No guest ok = Yes If you can figure out why this isn't working, I'll be _very_ happy indeed! Thanks in advance. Best regards, --------------------------------------------------- Allan Jensen Email: alj@terma.dk TERMA Elektronik AS Phone: +45 8622 2000 Hovmarken 4-6 Fax: +45 8622 2799 DK-8520 Lystrup, Denmark ---------------------------------------------------
On Thu, 19 Mar 1998 02:07:51 +1100, you wrote: [snip]>Server : Samba 1.9.18p3, under Solaris 2.5.1 on a Sparcstation IPX, no >patches, running NIS.[snip]>-DNTDOMAINAnd herein lies your fundamental mistake, the NT Domain code in the release versions of Samba doesn't work, and any Samba NT Domain system certainly won't coexist very well with an NT PDC (yet). You also did:> os level = 66This would mean that the Samba server beats your NT server (which has an OS level of 35 iirc) to Domain Controller which is not a good idea with the realease versions of Samba. For more information on getting a Samba Domain controller that works take a look at the email I just posted entitled "Re: Troubles with NT domain logons ?". Simon Hyde