I've set up NT domains from scratch and things work. However, in this
case I vampired the old settings over to my new Samba PDC from a W2K
server which I then removed from the network. Everything almost works,
except ...
The main thing is that I can't seem to change the domain passwords from
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change
password, then fill in the blanks, hit enter and the password gets
changed. However, when I try, I get a long wait - about 5 minutes - then
"the system cannot change your password now because the domain
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).
This happens on whatever XP Pro workstation I try. I've even tried
removing a domain account and recreating it, but the same thing happens.
If I change the passwords through SWAT, XP sees the new passwords and
stops bugging me to change them.
I looked at the tdb entries using the pdbedit program and can't see
anything wrong. The home directories get mapped properly. However, only
my account, which is in the Domain Admins group, seems to be able to
write to the shares!
Another oddity is that I can't seem to copy a file larger than 2G to the
server.
Any ideas anyone?
BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS.
Here's a pdbedit -Lv of my account:
Unix username: garydale
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID: S-1-5-21-1715567821-789336058-854245398-3001
Full Name: Gary Dale
Home Directory: \\semper\garydale
HomeDir Drive: M:
Logon Script: scripts\logon.bat
Profile Path: \\semper\Profiles\garydale
Domain: RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Sun, 14 Aug 2005 22:44:09 GMT
Password can change: Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Here's my smb.conf:
Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51
# Global parameters
[global]
workgroup = RAHIM-DALE
server string = %h PDC (Samba %v)
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/useradd -g samba -c %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
invalid users = root
admin users = garydale, root
hosts allow = 192.168.2.
printing = cups
print command lpq command = %p
lprm command
[netlogon]
comment = Logon Server Share
path = /home/samba/netlogon
read only = No
[profiles]
path = /home/samba/profiles
read only = No
profile acls = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, garydale
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
printer admin = root, garydale
[archives]
path = /home/shares/archives
write list = +Users, +users
read only = No
create mask = 0770
directory mask = 0770
[communications]
path = /home/shares/communications
read only = No
create mask = 0770
directory mask = 0770
[dosstuff]
path = /home/shares/dosstuff
read only = No
create mask = 0770
directory mask = 0770
[games]
path = /home/shares/games
read only = No
create mask = 0770
directory mask = 0770
[graphics]
path = /home/shares/graphics
read only = No
create mask = 0770
directory mask = 0770
[hardware]
path = /home/shares/hardware
read only = No
create mask = 0770
directory mask = 0770
[install]
path = /home/shares/install
read only = No
create mask = 0770
directory mask = 0770
[office]
path = /home/shares/office
read only = No
create mask = 0770
directory mask = 0770
[tools]
path = /home/shares/tools
read only = No
create mask = 0770
directory mask = 0770
[utility]
path = /home/shares/utility
read only = No
create mask = 0770
directory mask = 0770
[media$]
path = /home/secure/media
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[webpages$]
path = /home/secure/webpages
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[ML-1210]
comment = Samsung ML-1210 laser printer
path = /tmp
printer admin = root, garydale
read only = No
create mask = 0600
guest ok = Yes
printable = Yes
printer name = ML-1210
oplocks = No
share modes = No
Further to my e-mail below:
I just tried to change some share permissions from an XP Pro workstation
by right-clicking on the share | properties | security. The security
window shows me the existing permissions which seem correct. Because it
takes a second to translate the SIDs into names, I can also see that the
SID is the same as reported below from pdbedit.
However, even though I have write access to the share (yes, I can write
to it), the permissions all show empty (unchecked). Nor can I change
them. I can change the boxes when I click "apply", they revert to the
old values.
I note that when I click on the Add button then the advanced button I
can get a full listing of the groups from Samba. Clearly my XP Pro
workstation is talking to Samba, but I can't get it to change my
password or recognize my "right" to change file permissions.
Surely someone must have a clue as to how I can track down the cause of
this problem?
------------------------------------------------------------------
I've set up NT domains from scratch and things work. However, in this
case I vampired the old settings over to my new Samba PDC from a W2K
server which I then removed from the network. Everything almost works,
except ...
The main thing is that I can't seem to change the domain passwords from
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change
password, then fill in the blanks, hit enter and the password gets
changed. However, when I try, I get a long wait - about 5 minutes - then
"the system cannot change your password now because the domain
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).
This happens on whatever XP Pro workstation I try. I've even tried
removing a domain account and recreating it, but the same thing happens.
If I change the passwords through SWAT, XP sees the new passwords and
stops bugging me to change them.
I looked at the tdb entries using the pdbedit program and can't see
anything wrong. The home directories get mapped properly. However, only
my account, which is in the Domain Admins group, seems to be able to
write to the shares!
Another oddity is that I can't seem to copy a file larger than 2G to the
server.
Any ideas anyone?
BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS.
Here's a pdbedit -Lv of my account:
Unix username: garydale
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID: S-1-5-21-1715567821-789336058-854245398-3001
Full Name: Gary Dale
Home Directory: \\semper\garydale
HomeDir Drive: M:
Logon Script: scripts\logon.bat
Profile Path: \\semper\Profiles\garydale
Domain: RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Sun, 14 Aug 2005 22:44:09 GMT
Password can change: Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Here's my smb.conf:
Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51
# Global parameters
[global]
workgroup = RAHIM-DALE
server string = %h PDC (Samba %v)
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/useradd -g samba -c %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
invalid users = root
admin users = garydale, root
hosts allow = 192.168.2.
printing = cups
print command lpq command = %p
lprm command
[netlogon]
comment = Logon Server Share
path = /home/samba/netlogon
read only = No
[profiles]
path = /home/samba/profiles
read only = No
profile acls = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, garydale
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
printer admin = root, garydale
[archives]
path = /home/shares/archives
write list = +Users, +users
read only = No
create mask = 0770
directory mask = 0770
[communications]
path = /home/shares/communications
read only = No
create mask = 0770
directory mask = 0770
[dosstuff]
path = /home/shares/dosstuff
read only = No
create mask = 0770
directory mask = 0770
[games]
path = /home/shares/games
read only = No
create mask = 0770
directory mask = 0770
[graphics]
path = /home/shares/graphics
read only = No
create mask = 0770
directory mask = 0770
[hardware]
path = /home/shares/hardware
read only = No
create mask = 0770
directory mask = 0770
[install]
path = /home/shares/install
read only = No
create mask = 0770
directory mask = 0770
[office]
path = /home/shares/office
read only = No
create mask = 0770
directory mask = 0770
[tools]
path = /home/shares/tools
read only = No
create mask = 0770
directory mask = 0770
[utility]
path = /home/shares/utility
read only = No
create mask = 0770
directory mask = 0770
[media$]
path = /home/secure/media
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[webpages$]
path = /home/secure/webpages
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[ML-1210]
comment = Samsung ML-1210 laser printer
path = /tmp
printer admin = root, garydale
read only = No
create mask = 0600
guest ok = Yes
printable = Yes
printer name = ML-1210
oplocks = No
share modes = No
Further to my e-mails below:
I am running Samba 3.0.14a-Debian.
My garydale account owns all the directories I am sharing. The group is
set to "users" for all of them also. All of the user's linux
accounts
are members of the Linux "users" group.
However, I suspect the root of the problem is to be found in my
inability to change passwords through XP Pro.
Further to my e-mail below:
I just tried to change some share permissions from an XP Pro workstation
by right-clicking on the share | properties | security. The security
window shows me the existing permissions which seem correct. Because it
takes a second to translate the SIDs into names, I can also see that the
SID is the same as reported below from pdbedit.
However, even though I have write access to the share (yes, I can write
to it), the permissions all show empty (unchecked). Nor can I change
them. I can change the boxes when I click "apply", they revert to the
old values.
I note that when I click on the Add button then the advanced button I
can get a full listing of the groups from Samba. Clearly my XP Pro
workstation is talking to Samba, but I can't get it to change my
password or recognize my "right" to change file permissions.
Surely someone must have a clue as to how I can track down the cause of
this problem?
------------------------------------------------------------------
I've set up NT domains from scratch and things work. However, in this
case I vampired the old settings over to my new Samba PDC from a W2K
server which I then removed from the network. Everything almost works,
except ...
The main thing is that I can't seem to change the domain passwords from
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change
password, then fill in the blanks, hit enter and the password gets
changed. However, when I try, I get a long wait - about 5 minutes - then
"the system cannot change your password now because the domain
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).
This happens on whatever XP Pro workstation I try. I've even tried
removing a domain account and recreating it, but the same thing happens.
If I change the passwords through SWAT, XP sees the new passwords and
stops bugging me to change them.
I looked at the tdb entries using the pdbedit program and can't see
anything wrong. The home directories get mapped properly. However, only
my account, which is in the Domain Admins group, seems to be able to
write to the shares!
Another oddity is that I can't seem to copy a file larger than 2G to the
server.
Any ideas anyone?
BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS.
Here's a pdbedit -Lv of my account:
Unix username: garydale
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID: S-1-5-21-1715567821-789336058-854245398-3001
Full Name: Gary Dale
Home Directory: \\semper\garydale
HomeDir Drive: M:
Logon Script: scripts\logon.bat
Profile Path: \\semper\Profiles\garydale
Domain: RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Sun, 14 Aug 2005 22:44:09 GMT
Password can change: Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Here's my smb.conf:
Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51
# Global parameters
[global]
workgroup = RAHIM-DALE
server string = %h PDC (Samba %v)
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/useradd -g samba -c %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
invalid users = root
admin users = garydale, root
hosts allow = 192.168.2.
printing = cups
print command lpq command = %p
lprm command
[netlogon]
comment = Logon Server Share
path = /home/samba/netlogon
read only = No
[profiles]
path = /home/samba/profiles
read only = No
profile acls = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, garydale
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
printer admin = root, garydale
[archives]
path = /home/shares/archives
write list = +Users, +users
read only = No
create mask = 0770
directory mask = 0770
[communications]
path = /home/shares/communications
read only = No
create mask = 0770
directory mask = 0770
[dosstuff]
path = /home/shares/dosstuff
read only = No
create mask = 0770
directory mask = 0770
[games]
path = /home/shares/games
read only = No
create mask = 0770
directory mask = 0770
[graphics]
path = /home/shares/graphics
read only = No
create mask = 0770
directory mask = 0770
[hardware]
path = /home/shares/hardware
read only = No
create mask = 0770
directory mask = 0770
[install]
path = /home/shares/install
read only = No
create mask = 0770
directory mask = 0770
[office]
path = /home/shares/office
read only = No
create mask = 0770
directory mask = 0770
[tools]
path = /home/shares/tools
read only = No
create mask = 0770
directory mask = 0770
[utility]
path = /home/shares/utility
read only = No
create mask = 0770
directory mask = 0770
[media$]
path = /home/secure/media
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[webpages$]
path = /home/secure/webpages
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[ML-1210]
comment = Samsung ML-1210 laser printer
path = /tmp
printer admin = root, garydale
read only = No
create mask = 0600
guest ok = Yes
printable = Yes
printer name = ML-1210
oplocks = No
share modes = No
I've set up NT domains from scratch and things work. However, in this
case I vampired the old settings over to my new Samba PDC from a W2K
server which I then removed from the network. Everything almost works,
except ...
The main thing is that I can't seem to change the domain passwords from
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change
password, then fill in the blanks, hit enter and the password gets
changed. However, when I try, I get a long wait - about 5 minutes - then
"the system cannot change your password now because the domain
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).
This happens on whatever XP Pro workstation I try. I've even tried
removing a domain account and recreating it, but the same thing happens.
If I change the passwords through SWAT, XP sees the new passwords and
stops bugging me to change them.
I looked at the tdb entries using the pdbedit program and can't see
anything wrong. The home directories get mapped properly. However, only
my account, which is in the Domain Admins group, seems to be able to
write to the shares!
Another oddity is that I can't seem to copy a file larger than 2G to the
server.
Any ideas anyone?
BTW: the server is running plain vanilla Debian 3.1 (Sarge) with
ReiserFS. Samba is v3.0.14a-Debian.
Here's a pdbedit -Lv of my account:
Unix username: garydale
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID: S-1-5-21-1715567821-789336058-854245398-3001
Full Name: Gary Dale
Home Directory: \\semper\garydale
HomeDir Drive: M:
Logon Script: scripts\logon.bat
Profile Path: \\semper\Profiles\garydale
Domain: RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Sun, 14 Aug 2005 22:44:09 GMT
Password can change: Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Here's my smb.conf:
Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51
# Global parameters
[global]
workgroup = RAHIM-DALE
server string = %h PDC (Samba %v)
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/useradd -g samba -c %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
invalid users = root
admin users = garydale, root
hosts allow = 192.168.2.
printing = cups
print command lpq command = %p
lprm command
[netlogon]
comment = Logon Server Share
path = /home/samba/netlogon
read only = No
[profiles]
path = /home/samba/profiles
read only = No
profile acls = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, garydale
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
printer admin = root, garydale
[archives]
path = /home/shares/archives
write list = +Users, +users
read only = No
create mask = 0770
directory mask = 0770
[communications]
path = /home/shares/communications
read only = No
create mask = 0770
directory mask = 0770
[dosstuff]
path = /home/shares/dosstuff
read only = No
create mask = 0770
directory mask = 0770
[games]
path = /home/shares/games
read only = No
create mask = 0770
directory mask = 0770
[graphics]
path = /home/shares/graphics
read only = No
create mask = 0770
directory mask = 0770
[hardware]
path = /home/shares/hardware
read only = No
create mask = 0770
directory mask = 0770
[install]
path = /home/shares/install
read only = No
create mask = 0770
directory mask = 0770
[office]
path = /home/shares/office
read only = No
create mask = 0770
directory mask = 0770
[tools]
path = /home/shares/tools
read only = No
create mask = 0770
directory mask = 0770
[utility]
path = /home/shares/utility
read only = No
create mask = 0770
directory mask = 0770
[media$]
path = /home/secure/media
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[webpages$]
path = /home/secure/webpages
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770
[ML-1210]
comment = Samsung ML-1210 laser printer
path = /tmp
printer admin = root, garydale
read only = No
create mask = 0600
guest ok = Yes
printable = Yes
printer name = ML-1210
oplocks = No
share modes = No