Hi. I can't do cached logons in our new samba server. I had a dead crashed W2k server quickly replaced by samba-3. That meant create a new domain, restore backups and add all the PCs to the domain. It was impossible to ressurrect the old MS server. Anyway I'm facing a problem about cached logons. There is no way to make it work. I've been reading all the entries in the mailing list archives and MS information about it unsuccessfully. First of all, some people said in the archives that samba can't do cached logons, that's later refuted by people who log all the summer in a networkless computer. So it looks it should work. Is there something required in the samba server to make it work ? We have no ldap. Remote profiles were allowed the first day but now it is turned off. I've checked the registry here. It was 10 now 50. Nothing changed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\ ValueName: CachedLogonsCount Data Type: REG_SZ Values: 0 - 50 The former windows admin said he changed nothing to make it work in w2k. It just worked. Clients are Windows XP. Server is a debian etch, samba-3.0.24-6. An extract from smb.conf: [global] obey pam restrictions = Yes passdb backend = tdbsam logon script = \usuari\%U.bat logon drive = Z: logon home = \\%N\netlogon domain logons = Yes domain master = Yes dns proxy = No wins support = Yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon write list = @admin guest ok = Yes Any hint will be really appreciated.
On Wed, 2007-06-13 at 10:57 +0200, Francesc Guasch wrote:> Hi. I can't do cached logons in our new samba server. > > I had a dead crashed W2k server quickly replaced by samba-3. > That meant create a new domain, restore backups and add all the > PCs to the domain. It was impossible to ressurrect the old MS server. > > Anyway I'm facing a problem about cached logons. There is no way > to make it work. I've been reading all the entries in the mailing > list archives and MS information about it unsuccessfully. > > First of all, some people said in the archives that samba can't > do cached logons, that's later refuted by people who log all > the summer in a networkless computer. So it looks it should work. > > Is there something required in the samba server to make it work ? > We have no ldap. Remote profiles were allowed the first day > but now it is turned off.By remote profiles, you mean roaming? Did you change them to local on the client machines, or disable the profiles share (hint: you should change them to local on the clients). I have several sites with Samba PDCs that have laptop/ mobile users who use their cached credentials regularly to most of the time, and it simply works. I haven't had to change a thing on the samba side for it to work. They even use offline files and such with great regularity, and that works just fine as well. Is there anything in your Samba logs, or in the eventlog on the affected systems that is relevant? Regards, Rubin Rubin Bennett RB Technologies http://thatitguy.com rbennett@thatitguy.com (802)223-4448 "They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety" --Benjamin Franklin, Historical Review of Pennsylvania, 1759
Hello List I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box. I've succesfully joined a domain, and I've configured mail with auth on W2k3 server thorugh PAM. YET If I issue mail# /usr/local/www > net rpc testjoin Unable to find a suitable server Join to domain 'DMSWARE' is not valid BUT mail# /etc > net rpc testjoin -S orion Join to 'DMSWARE' is OK AND mail# /usr/local/www > net ads testjoin Join is OK I know that RPC and ADS use two different methods to find the server... But RPC shouldn't net rpc first try with files, then DNS, then broadcast ? And giving "-S orion" is nothing more than what is already listed in smb.conf So Why RPC fails ? Here are my conf files ********************** mail# /etc > less nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns #hosts: files dns wins hosts: files dns bcast # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: db files netmasks: files networks: files dns protocols: db files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus nsswitch.conf (END) ********************** mail# /etc > less smb.conf [global] workgroup = DMSWARE Wins support = yes dns proxy = yes name resolve order = host wins bcast local master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default realm = DMSWARE.it server string = mail security = ADS password server = orion passdb backend = tdbsam passwd program = /usr/bin/passwd %u client use spnego = yes server signing = auto client signing = auto #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . #passwd chat debug = yes log file = /var/log/samba/log.%m add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g preferred master = No template homedir = /home/%U template shell = /bin/csh winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap domains = DMSWARE idmap config DMSWARE:range = 10000-49999 idmap config DMSWARE:base_rid = 0 idmap config DMSWARE:backend = rid ********************** mail# /etc > less hosts 127.0.0.1 localhost.DMSWARE.it localhost 192.168.1.38 MAIL.DMSWARE.it MAIL 192.168.1.38 MAIL.DMSWARE.it. 192.168.0.12 orion.dmsware.it 192.168.0.12 orion hosts (END) Thanks everybody for any help