Freitas Freitas
2006-Aug-24 22:27 UTC
[Samba] W2K workstation not disconnecting without a reset
Hi,
Trying to be simple and direct.
My last email didn't get answers.
Thank you and best regards.
Problem:
-----------
W2K workstations remains connected do samba server at port 139, even
after logoff, and this causes: false wtmp information and no
possibility do control (even no fail proof) simultaneous logins.
Workaround ( not acceptable )
--------------------------------------
Reset the workstations. A lot of them.
Environment:
-----------
Slackware 10.2 ( kernel 2.4.31 )
Samba 3.0.23b ( from www.samba.org )
OpenLdap 2.3.24
NFS server sharing /home in the same server.
Relevant tried and readings
-----------------------------------
(1)
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
(2)
Mailing lists, with several search criteria.
(3)
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id2628488
(4)
Tips from Internet
------------------
[1] net use * /d /y, when executing logoff ( W2K workstations )
[2] smb ports = 139 ( smb.conf )
[3] SaveConnections = no ( regedit, all keys changed from yes to no )
[4] Enabling and disabling utmp = yes ( smb.conf )
[5] Enabling and disabling deadtime = 0 ( smb.conf, tried 1, 2, 3 )
[6] Enabling and disabling keep alive = 300 ( smb.conf )
[7] No firewall/bridge filter blocking connections between W2K/Samba.
(5)
tcpdump shows stations remains connected to server port 139, after
logoff, even with SaveConnections = no and net use * /d /y.
(6)
lsof, confirms that connections to port 139
(7)
log level = 2
-Available a 451 lines ( one single logon/logoff logging time ), I am
not sure about sending to list, because there are no Errors I have
seen. Should I send it anyway?
(8)
smb.conf
########
[global]
workgroup = MYDOMAIN
server string = Samba Server %v
netbios name = sambaserver
netbios aliases = sambaserver
dos charset = CP850
display charset = ISO8859-1
unix charset = ISO8859-1
encrypt passwords = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
passwd chat debug = yes
unix password sync = yes
log file = /var/log/samba/samba.%m
max log size = 100
preserve case = yes
short preserve case = yes
default case = lower
time server = yes
max connections = 0
deadtime = 1
keepalive = 300
utmp = yes
smb ports = 139
log level = 2
security = user
hosts allow = 127.0.0.1 192.168.0 192.168.1
printcap name = /etc/printcap
browseable = no
pid directory = /var/run/
printing = lprng
max log size = 5000
passdb backend = ldapsam:ldaps://ldap.mydomain.com
ldap admin dn = cn=smbuseratldap,ou=DSA,dc=mydomain,dc=com
ldap suffix = dc=mydomain,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap delete dn = yes
ldap ssl = on
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0, lo
bind interfaces only = yes
local master = yes
os level = 20
domain master = yes
preferred master = yes
domain logons = yes
logon script = everybody.bat
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
add machine script = /usr/local/sbin/smbldap-useradd -t8 -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
##########
[Profiles]
#
# Disabled preexec exactly because the problem reported
#
# root preexec = /bin/fechar.sh %U %m
# root preexec close = yes
# root postexec = /bin/change_perms.sh %U
path = /profiles
read only = no
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
force user = %U
profile acls = yes
#######
[homes]
comment = Home dirs
browseable = no
writable = yes
public = no
follow symlinks = no
create mode = 0600
directory mode = 0700
invalid users = root bin daemon adm lp sync shutdown halt mail ftp rpc
sshd gdm pop nobody
##########
[netlogon]
comment = Network Logon Service
valid users = %U
path = /profiles/netlogon
guest ok = no
writable = no
share modes = no
force create mode = 0755
force directory mode = 0755
browseable = no
#####
[tmp]
comment = Temporary file
path = /tmp
read only = yes
Freitas Freitas
2006-Aug-25 18:41 UTC
[Samba] Fwd: W2K workstation not disconnecting without a reset
Hi,
Trying again.
Thank you.
C?ssio
---------- Forwarded message ----------
From: Freitas Freitas <casfre@gmail.com>
Date: 24/08/2006 22:26
Subject: W2K workstation not disconnecting without a reset
To: samba@lists.samba.org
Hi,
Trying to be simple and direct.
My last email didn't get answers.
Thank you and best regards.
Problem:
-----------
W2K workstations remains connected do samba server at port 139, even
after logoff, and this causes: false wtmp information and no
possibility do control (even no fail proof) simultaneous logins.
Workaround ( not acceptable )
--------------------------------------
Reset the workstations. A lot of them.
Environment:
-----------
Slackware 10.2 ( kernel 2.4.31 )
Samba 3.0.23b ( from www.samba.org )
OpenLdap 2.3.24
NFS server sharing /home in the same server.
Relevant tried and readings
-----------------------------------
(1)
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
(2)
Mailing lists, with several search criteria.
(3)
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id2628488
(4)
Tips from Internet
------------------
[1] net use * /d /y, when executing logoff ( W2K workstations )
[2] smb ports = 139 ( smb.conf )
[3] SaveConnections = no ( regedit, all keys changed from yes to no )
[4] Enabling and disabling utmp = yes ( smb.conf )
[5] Enabling and disabling deadtime = 0 ( smb.conf, tried 1, 2, 3 )
[6] Enabling and disabling keep alive = 300 ( smb.conf )
[7] No firewall/bridge filter blocking connections between W2K/Samba.
(5)
tcpdump shows stations remains connected to server port 139, after
logoff, even with SaveConnections = no and net use * /d /y.
(6)
lsof, confirms that connections to port 139
(7)
log level = 2
-Available a 451 lines ( one single logon/logoff logging time ), I am
not sure about sending to list, because there are no Errors I have
seen. Should I send it anyway?
(8)
smb.conf
########
[global]
workgroup = MYDOMAIN
server string = Samba Server %v
netbios name = sambaserver
netbios aliases = sambaserver
dos charset = CP850
display charset = ISO8859-1
unix charset = ISO8859-1
encrypt passwords = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
passwd chat debug = yes
unix password sync = yes
log file = /var/log/samba/samba.%m
max log size = 100
preserve case = yes
short preserve case = yes
default case = lower
time server = yes
max connections = 0
deadtime = 1
keepalive = 300
utmp = yes
smb ports = 139
log level = 2
security = user
hosts allow = 127.0.0.1 192.168.0 192.168.1
printcap name = /etc/printcap
browseable = no
pid directory = /var/run/
printing = lprng
max log size = 5000
passdb backend = ldapsam:ldaps://ldap.mydomain.com
ldap admin dn = cn=smbuseratldap,ou=DSA,dc=mydomain,dc=com
ldap suffix = dc=mydomain,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap delete dn = yes
ldap ssl = on
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0, lo
bind interfaces only = yes
local master = yes
os level = 20
domain master = yes
preferred master = yes
domain logons = yes
logon script = everybody.bat
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
add machine script = /usr/local/sbin/smbldap-useradd -t8 -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
##########
[Profiles]
#
# Disabled preexec exactly because the problem reported
#
# root preexec = /bin/fechar.sh %U %m
# root preexec close = yes
# root postexec = /bin/change_perms.sh %U
path = /profiles
read only = no
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
force user = %U
profile acls = yes
#######
[homes]
comment = Home dirs
browseable = no
writable = yes
public = no
follow symlinks = no
create mode = 0600
directory mode = 0700
invalid users = root bin daemon adm lp sync shutdown halt mail ftp rpc
sshd gdm pop nobody
##########
[netlogon]
comment = Network Logon Service
valid users = %U
path = /profiles/netlogon
guest ok = no
writable = no
share modes = no
force create mode = 0755
force directory mode = 0755
browseable = no
#####
[tmp]
comment = Temporary file
path = /tmp
read only = yes
Hi, Trying to be simple and direct. My last email didn't get answers. Thank you and best regards. Problem: ----------- W2K workstations remains connected do samba server at port 139, even after logoff, and this causes: false wtmp information and no possibility do control (even no fail proof) simultaneous logins. Workaround ( not acceptable ) -------------------------------------- Reset the workstations. A lot of them. Environment: ----------- Slackware 10.2 ( kernel 2.4.31 ) Samba 3.0.23b ( from www.samba.org ) OpenLdap 2.3.24 NFS server sharing /home in the same server. Relevant tried and readings ----------------------------------- (1) http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html (2) Mailing lists, with several search criteria. (3) http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id2628488 (4) Tips from Internet ------------------ [1] net use * /d /y, when executing logoff ( W2K workstations ) [2] smb ports = 139 ( smb.conf ) [3] SaveConnections = no ( regedit, all keys changed from yes to no ) [4] Enabling and disabling utmp = yes ( smb.conf ) [5] Enabling and disabling deadtime = 0 ( smb.conf, tried 1, 2, 3 ) [6] Enabling and disabling keep alive = 300 ( smb.conf ) [7] No firewall/bridge filter blocking connections between W2K/Samba. (5) tcpdump shows stations remains connected to server port 139, after logoff, even with SaveConnections = no and net use * /d /y. (6) lsof, confirms that connections to port 139 (7) log level = 2 -Available a 451 lines ( one single logon/logoff logging time ), I am not sure about sending to list, because there are no Errors I have seen. Should I send it anyway? (8) smb.conf ######## [global] workgroup = MYDOMAIN server string = Samba Server %v netbios name = sambaserver netbios aliases = sambaserver dos charset = CP850 display charset = ISO8859-1 unix charset = ISO8859-1 encrypt passwords = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n passwd chat debug = yes unix password sync = yes log file = /var/log/samba/samba.%m max log size = 100 preserve case = yes short preserve case = yes default case = lower time server = yes max connections = 0 deadtime = 1 keepalive = 300 utmp = yes smb ports = 139 log level = 2 security = user hosts allow = 127.0.0.1 192.168.0 192.168.1 printcap name = /etc/printcap browseable = no pid directory = /var/run/ printing = lprng max log size = 5000 passdb backend = ldapsam:ldaps://ldap.mydomain.com ldap admin dn = cn=smbuseratldap,ou=DSA,dc=mydomain,dc=com ldap suffix = dc=mydomain,dc=com ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines ldap idmap suffix = ou=Idmap ldap passwd sync = yes idmap uid = 10000-20000 idmap gid = 10000-20000 ldap delete dn = yes ldap ssl = on socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0, lo bind interfaces only = yes local master = yes os level = 20 domain master = yes preferred master = yes domain logons = yes logon script = everybody.bat logon path = \\%L\Profiles\%U wins support = yes dns proxy = no add machine script = /usr/local/sbin/smbldap-useradd -t8 -w "%u" add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "% g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" ########## [Profiles] # # Disabled preexec exactly because the problem reported # # root preexec = /bin/fechar.sh %U %m # root preexec close = yes # root postexec = /bin/change_perms.sh %U path = /profiles read only = no browseable = no create mask = 0600 directory mask = 0700 csc policy = disable force user = %U profile acls = yes ####### [homes] comment = Home dirs browseable = no writable = yes public = no follow symlinks = no create mode = 0600 directory mode = 0700 invalid users = root bin daemon adm lp sync shutdown halt mail ftp rpc sshd gdm pop nobody ########## [netlogon] comment = Network Logon Service valid users = %U path = /profiles/netlogon guest ok = no writable = no share modes = no force create mode = 0755 force directory mode = 0755 browseable = no ##### [tmp] comment = Temporary file path = /tmp read only = yes