samba - Jan 2005 - SAMBA 3 not working with W2K/XP in PDC mode.

Hi Everybody,

	I tried to use SAMBA 3.0.7 in Mandrake 10.1 / Kernel 2.6 but It? not
working. I did see muchs documents about this, and the first machine
make the registration in domain and make the first logon (runnig scripts
and saves profiles perfect). But when I try to put a second machine,
using the same version of Windows and the same configuration, the
machine make the registration in Domain but the Logon fail. The message
is : The Domain is not accessible or the machine count not exist or
password is wrong. After try with second machine, the first machine stop
works, and no more make logons, the same error happens !
	I did make the same with Windows 98, and this working fine, run scripts
and saves profiles, only W2k/XP not working.
	I saw the docs in SAMBA.ORG, and see the parameter like server
schannel, user schannel, but I changed all and nothing happens.
	In attachements is my smb.conf.

	PS - in smbpasswd the 12 first numbers about the password of the
account machine after first logon good is changed do "X", but the
orders
not change.
-------------- next part --------------

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings
====================================[global]
	log file = /var/log/samba/log.%m
	smb passwd file = /etc/samba/smbpasswd
	load printers = yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	username level = 8
	domain master = yes 
	map to guest = bad user
	encrypt passwords = yes
	logon home = \\NEO\netlogon
	wins support = yes
	name resolve order = bcast wins lmhosts hosts
	passwd program = /usr/bin/passwd %u
	printer admin = @adm
	password level = 8
	dns proxy = no 
	netbios name = NEO
	server string = Samba Server %v
	printing = cups
	logon script = %U.bat
	unix password sync = yes
	local master = yes
	logon path = \\NEO\Profiles\%U
	workgroup = LINUX
	os level = 99
	printcap name = cups
	security = user
	preferred master = yes
	max log size = 50
	domain logons = yes
	password chat debug = yes
	password chat = \
	    *password* %n\n \
	    *password* %n\n \
	    *successful*

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
# You can enable VFS recycle bin on a per share basis:
# Uncomment the next 2 lines (make sure you create a
# .recycle folder in the base of the share and ensure
# all users will have write access to it. See
# examples/VFS/recycle/REAME in samba-doc for details
;   vfs object = /usr/lib/samba/vfs/recycle.so

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = yes

#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
#location (the default of the ntlogon rpm available in contribs)
;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon
;root postexec = rm -f /var/lib/samba/netlogon/%U.bat

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
    create mode = 0600
    csc policy = disable
    directory moded = 0700
    path = /home/profile
    profile acls = yes
    read only = no

# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
;                then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi

# NOTE: If you have a CUPS print system there is no need to 
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients or upload the printer driver to the
# server from Windows (NT/2000/XP). On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you
have
# to use 'printcap name = cups' or swap the 'print command' line
below
# with the commented one. Note that print commands only work if not using 
# 'printing=cups'
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# to allow user 'guest account' to print.
   guest ok = yes
   writable = no
   printable = yes
   create mode = 0700
# ====================================# print command: see above for details.
# ====================================   print command = lpr-cups -P %p -o raw
%s -r   # using client side printer drivers.
;   print command = lpr-cups -P %p %s # using cups own drivers (use generic
PostScript on clients).

# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf 
#
# A special case is using the CUPS Windows Postscript driver, which allows
# all features available via CUPS on the client, by publishing the ppd file
# and the cups driver by using the 'cupsaddsmb' tool. This requires the
# installation of the CUPS driver (http://www.cups.org/windows.php) 
# on the server, but doesn't require you to use Windows at all :-).
[print$]
   path = /var/lib/samba/printers
   browseable = yes
   write list = @adm root
   guest ok = yes
   inherit permissions = yes
   # Settings suitable for Winbind:
   ; write list = @"Domain Admins" root
   ; force group = +@"Domain Admins"

# A useful application of samba is to make a PDF-generation service
# To streamline this, install windows postscript drivers (preferably colour)
# on the samba server, so that clients can automatically install them.
# Note that this only works if 'printing' is *not* set to 'cups'

[pdf-generator]
   path = /var/tmp
   guest ok = No
   printable = Yes
   comment = PDF Generator (only valid users)
   #print command = /usr/share/samba/scripts/print-pdf file path win_path
recipient IP &
   print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I
"%J" &

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba/public
;   public = yes
;   writable = no
;   write list = @staff
# Audited directory through experimental VFS audit.so module:
# Uncomment next line.
;   vfs object = /usr/lib/samba/vfs/audit.so

# Other examples. 
#
# A private printer, usable only by Fred. Spool data will be placed in
Fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by Fred. Note that Fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
[Public]
   path = /home/public
   public = yes
   guest ok = yes
   writable = yes
   printable = no
   browseable = yes

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
[RAIZ]
    path = /
    public = yes
    guest ok = yes
[USUARIOS]
    path = /home/usuarios
    
-------------- next part --------------
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/sh
daemon:x:2:2:daemon:/sbin:/bin/sh
adm:x:3:4:adm:/var/adm:/bin/sh
lp:x:4:7:lp:/var/spool/lpd:/bin/sh
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/sh
news:x:9:13:news:/var/spool/news:/bin/sh
uucp:x:10:14:uucp:/var/spool/uucp:/bin/sh
operator:x:11:0:operator:/var:/bin/sh
games:x:12:100:games:/usr/games:/bin/sh
nobody:x:65534:65534:Nobody:/:/bin/sh
rpm:x:13:101:system user for rpm:/var/lib/rpm:/bin/false
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:70:70:system user for portmap:/:/bin/false
xfs:x:71:71:system user for xorg-x11:/etc/X11/fs:/bin/false
messagebus:x:72:72:system user for dbus:/:/sbin/nologin
postfix:x:73:73:system user for postfix:/var/spool/postfix:/bin/false
rpcuser:x:74:74:system user for nfs-utils:/var/lib/nfs:/bin/false
sshd:x:75:75:system user for openssh:/var/empty:/bin/true
gdm:x:76:76:system user for gdm:/var/lib/gdm:/bin/false
named:x:77:77:system user for bind:/var/named:/bin/false
squid:x:78:78:system user for squid:/var/spool/squid:/bin/false
paulinha:x:500:100::/home/paulinha:/bin/bash
jean:x:501:100:Jean Carlos de Almeida:/home/jean:/bin/bash
morpheo$:x:1200:300:Workstation:/dev/null:/bin/false
teste:x:1201:100::/home/teste:/bin/bash
administrador:x:1202:100::/home/administrador:/bin/bash
atoledo:x:1203:100::/home/atoledo:/bin/bash
rzanatta$:x:1200:300:Workstation:/dev/null:/bin/false
tmelo$:x:1200:300:Workstation:/dev/null:/bin/false
avayalab4$:x:1200:300:Workstation:/dev/null:/bin/false
stec$:x:1200:300:Workstation:/dev/null:/bin/false
para$:x:1200:300:Workstation:/dev/null:/bin/false
maxpress$:x:1200:300:Workstation:/dev/null:/bin/false
-------------- next part --------------
root:$1$h4SE1Er1$7WE8rNc2d1JmsLVQ7n3320:12743:0:99999:7:::
bin:*:12728:0:99999:7:::
daemon:*:12728:0:99999:7:::
adm:*:12728:0:99999:7:::
lp:*:12728:0:99999:7:::
sync:*:12728:0:99999:7:::
shutdown:*:12728:0:99999:7:::
halt:*:12728:0:99999:7:::
mail:*:12728:0:99999:7:::
news:*:12728:0:99999:7:::
uucp:*:12728:0:99999:7:::
operator:*:12728:0:99999:7:::
games:*:12728:0:99999:7:::
nobody:*:12728:0:99999:7:::
rpm:!!:12728:0:99999:7:::
vcsa:!!:12728:0:99999:7:::
rpc:!!:12728:0:99999:7:::
xfs:!!:12728:0:99999:7:::
messagebus:!!:12728:0:99999:7:::
postfix:!!:12728:0:99999:7:::
rpcuser:!!:12728:0:99999:7:::
sshd:!!:12728:0:99999:7:::
gdm:!!:12728:0:99999:7:::
named:!!:12730:0:99999:7:::
squid:!!:12730:0:99999:7:::
paulinha:$1$6u.KBuSI$6Gg451RY1JcUkFa2GghMm1:12733::99999::::
jean:$1$GD7W58/H$nls.ngxhPL07Iou8mOaWQ.:12743::99999::::
morpheo$:*:9797:0:::::
teste:$1$vgWxbGWT$2l0oEIbFoq8hHzADByVE71:12735:0:99999:7:::
administrador:$1$xJBbnoTb$p5JQDeTDvlV7FKLccZLL7/:12737:0:99999:7:::
atoledo:$1$UcYdkWc3$a7sogzrK8fEZWTikAreUc.:12770:0:99999:7:::
tmelo$:*:9797:0:::::
rzanatta$:*:9797:0:::::
avayalab4$:*:9797:0:::::
stec$:*:9797:0:::::
para$:*:9797:0:::::
maxpress$:*:9797:0:::::
-------------- next part --------------
root:x:0:
bin:x:1:
daemon:x:2:messagebus
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:
news:x:13:
uucp:x:14:
man:x:15:
floppy:x:19:
games:x:20:
cdrom:x:22:
utmp:x:24:
usb:x:43:
cdwriter:x:80:
audio:x:81:
video:x:82:
users:x:100:paulinha
nogroup:x:65534:
rpm:x:101:
xgrp:x:102:xfs,gdm
ntools:x:103:
ctools:x:104:
vcsa:x:69:
rpc:x:70:
xfs:x:71:
messagebus:x:72:
postfix:x:73:
postdrop:x:105:postfix
rpcuser:x:74:
machines:x:421:
sshd:x:75:
slocate:x:422:
gdm:x:76:
named:x:77:
squid:x:78:
paulinha:x:500:
workstation::300:
teste:x:1201:
pppusers:x:230:
popusers:x:231:
slipusers:x:232: