samba - Feb 2002 - Samba domain users VS "rogue" NT servers.

Hi All,

We're having some problems using Samba and supposedly "standalone"
rogue NT servers on one of our network domains.

When an authenticated samba-served NT domain user on a client machine 
tries to access a share on a non BDC/PDC NT server that it part of 
the same samba domain, the standalone NT server sends it a message 
saying "Your logon time at NTDOMAIN has ended" and refuses to play 
nice.

client machines happily let the users logon, and they are able access 
resources shared out with samba.

Client machines are running NT4.0 SP6A,
NT Servers are running NT Server 4.0 with SP6A
Samba 2.2.3a using LDAP on a Sun E220R running solaris 8 as samba 
domain master.

The following lines, among others, are present in our smb.conf file:

---
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
---

Is anyone successfully running an NT server as a member of a 
Samba-served NT domain and having users able to use shares off this 
server?

Due to the start of our university year next week, this is something 
of some importance right now and any pointers would be much 
appreciated. Yes we've left it a bit late, but we didn't have any 
problems with the NT client machines, and assumed the NT servers 
would be ok too.. :)

Thanks.
-- 
Alex Dawson                                    CSU - Systems Administrator
     +-------------------+------------------------------------------------+
    /Tel: (08) 9380 1587/           Electrical and Electronic Engineering/
   /Fax: (08) 9380 1065/                 University of Western Australia/
  /alex@ee.uwa.edu.au /                  http://www.ee.uwa.edu.au/~alex/
+-------------------+------------------------------------------------+

The following line brought to you by the ESOS Act 2000, section 107:
"CRICOS Provider Code: 00126G"

I found someone with similar problems in a similar situation, on the 
old ntdom mailing list from 1999, but am unable to find any 
resolutions and his email address no longer works:
>We're using the latest samba cvs w/ ldap and PDC support (OpenLDAP
1.2.6).
>From an NT workstation I'm able to map a drive from an NT Server (the NT
>server authenticates against the samba/ldap PDC) using an ldap domain
account;
>however, when I try to access the drive I get this message from an NT
Server:
>
>---
>Message from NTSERVER to NTWORKSTATION on 9/2/1999 10:23AM
>
>From:  Server at \\NTSERVER
>To:   NTWORKSTATION
>Subj: **USER NOTIFICATION**
>Date: 9/2/99 10:05AM
>
>Your logon time at DOMAIN has ended.
>---
>Anyone know how to resolve this?
>
>Thanks.
>

At 11:42 AM +0800 27/2/02, Alex Dawson wrote:
>Hi All,
>
>We're having some problems using Samba and supposedly
"standalone"
>rogue NT servers on one of our network domains.
>
>When an authenticated samba-served NT domain user on a client 
>machine tries to access a share on a non BDC/PDC NT server that it 
>part of the same samba domain, the standalone NT server sends it a 
>message saying "Your logon time at NTDOMAIN has ended" and refuses
>to play nice.
>
>client machines happily let the users logon, and they are able 
>access resources shared out with samba.
>
>Client machines are running NT4.0 SP6A,
>NT Servers are running NT Server 4.0 with SP6A
>Samba 2.2.3a using LDAP on a Sun E220R running solaris 8 as samba 
>domain master.
>
>The following lines, among others, are present in our smb.conf file:
>
>---
>local master = yes
>os level = 64
>domain master = yes
>preferred master = yes
>domain logons = yes
>---
>
>Is anyone successfully running an NT server as a member of a 
>Samba-served NT domain and having users able to use shares off this 
>server?
>
>Due to the start of our university year next week, this is something 
>of some importance right now and any pointers would be much 
>appreciated. Yes we've left it a bit late, but we didn't have any 
>problems with the NT client machines, and assumed the NT servers 
>would be ok too.. :)
>
>Thanks.
>--
>Alex Dawson                                    CSU - Systems Administrator
>     +-------------------+------------------------------------------------+
>    /Tel: (08) 9380 1587/           Electrical and Electronic Engineering/
>   /Fax: (08) 9380 1065/                 University of Western Australia/
>  /alex@ee.uwa.edu.au /                  http://www.ee.uwa.edu.au/~alex/
>+-------------------+------------------------------------------------+
>
>The following line brought to you by the ESOS Act 2000, section 107:
>"CRICOS Provider Code: 00126G"
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Alex Dawson                                    CSU - Systems Administrator
     +-------------------+------------------------------------------------+
    /Tel: (08) 9380 1587/           Electrical and Electronic Engineering/
   /Fax: (08) 9380 1065/                 University of Western Australia/
  /alex@ee.uwa.edu.au /                  http://www.ee.uwa.edu.au/~alex/
+-------------------+------------------------------------------------+

The following line brought to you by the ESOS Act 2000, section 107:
"CRICOS Provider Code: 00126G"