Hi everyone, I rely on about 8 NetBIOS aliases on my samba filer. I have been using security = server, but I have been running to some strange issues where if a user just logs off and then back on, they are denied access to shares. If they reboot, they can then get back in ok. I've set debugging up, and it appears that samba does not recognize the user after a logoff/logon, and uses nobody as the user. It has been suggested using security = domain to resolve this issue. I had tried this (oh, back about 2 years ago), and I could not get it to work. I searched the web recently, and found another user with this problem, and his resolution was to include in his alias include file(s) a [global] section with: security = domain password server = xxx.xxx.xxx.xxx encrypt passwords = yes. Now to my question: Do I need to add each NetBIOS alias to the domain in Win2K? AND, maybe more importantly, do I do a smbpasswd -j DOMAIN -r PDC for each as well? This is a live production system, so I just want to have my ducks in a row before attempting this. Thanks, -- Christopher Barry Manager of Information Systems InfiniCon Systems http://www.infiniconsys.com
On Mon, 7 Apr 2003, Barry, Christopher wrote:> Hi everyone, > I rely on about 8 NetBIOS aliases on my samba filer. I have been using security = server, but I have been running to some strange issues where if a user just logs off and then back on, they are denied access to shares. If they reboot, they can then get back in ok. I've set debugging up, and it appears that samba does not recognize the user after a logoff/logon, and uses nobody as the user. > It has been suggested using security = domain to resolve this issue. I had tried this (oh, back about 2 years ago), and I could not get it to work. I searched the web recently, and found another user with this problem, and his resolution was to include in his alias include file(s) a [global] section with: > > security = domain > password server = xxx.xxx.xxx.xxxIn "security = domain" you want the default "password server = *"> encrypt passwords = yes. > > Now to my question: > Do I need to add each NetBIOS alias to the domain in Win2K?No.> AND, maybe more importantly, do I do a smbpasswd -j DOMAIN -r PDC for each as well?That is how you join the domain. You may need to do: smbpasswd -j DOMAIN -r PDC -Uadministrator - John T.> > This is a live production system, so I just want to have my ducks in a row before attempting this. > > > Thanks, > > -- > Christopher Barry > Manager of Information Systems > InfiniCon Systems > http://www.infiniconsys.com > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- John H Terpstra Email: jht@samba.org
Will the "*" do some type of broadcast each time it looks for a dc? Or does this occur once and is cached? I have setup a test machine and it does security = domain, and I set the password server as below: password server = 192.168.0.20 192.168.0.25 each ip is for a dc, and this seems to work fine. Is the advantage of "*" that it will auto-detect additional dcs if/as they come on-line? Regards, -- Christopher Barry Manager of Information Systems InfiniCon Systems http://www.infiniconsys.com -----Original Message----- From: John H Terpstra [mailto:jht@samba.org] Sent: Monday, April 07, 2003 1:41 PM To: Barry, Christopher Cc: Samba (E-mail) Subject: Re: [Samba] security = domain and NetBIOS aliases On Mon, 7 Apr 2003, Barry, Christopher wrote:> Hi everyone, > I rely on about 8 NetBIOS aliases on my samba filer. I have been using security = server, but I have been running to some strange issues where if a user just logs off and then back on, they are denied access to shares. If they reboot, they can then get back in ok. I've set debugging up, and it appears that samba does not recognize the user after a logoff/logon, and uses nobody as the user. > It has been suggested using security = domain to resolve this issue. I had tried this (oh, back about 2 years ago), and I could not get it to work. I searched the web recently, and found another user with this problem, and his resolution was to include in his alias include file(s) a [global] section with: > > security = domain > password server = xxx.xxx.xxx.xxxIn "security = domain" you want the default "password server = *"> encrypt passwords = yes. > > Now to my question: > Do I need to add each NetBIOS alias to the domain in Win2K?No.> AND, maybe more importantly, do I do a smbpasswd -j DOMAIN -r PDC for each as well?That is how you join the domain. You may need to do: smbpasswd -j DOMAIN -r PDC -Uadministrator - John T.> > This is a live production system, so I just want to have my ducks in a row before attempting this. > > > Thanks, > > -- > Christopher Barry > Manager of Information Systems > InfiniCon Systems > http://www.infiniconsys.com > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- John H Terpstra Email: jht@samba.org
Barry, Christopher
2003-Apr-07 19:28 UTC
[Samba] RE: security = domain and NetBIOS aliases
Thanks -- Christopher Barry Manager of Information Systems InfiniCon Systems http://www.infiniconsys.com -----Original Message----- From: Tom Schaefer [mailto:tom@umsl.edu] Sent: Monday, April 07, 2003 3:23 PM To: Barry, Christopher Cc: lists@samba.org Subject: Re: security = domain and NetBIOS aliases On Mon, 7 Apr 2003 14:03:00 -0400 "Barry, Christopher" <cbarry@infiniconsys.com> wrote:> Will the "*" do some type of broadcast each time it looks for a dc? Or does this occur once and is cached?Unless its changed in recent versions of samba, yes, every single time.> I have setup a test machine and it does security = domain, and I set the password server as below: > > password server = 192.168.0.20 192.168.0.25 > > each ip is for a dc, and this seems to work fine. Is the advantage of "*" that it will auto-detect additional dcs if/as they come on-line?Yes. If I where you I wouldn't change a thing. Tom Schaefer UNIX Admin. / University of Missouri St. Louis