Hi. I can't do cached logons in our new samba server.
I had a dead crashed W2k server quickly replaced by samba-3.
That meant create a new domain, restore backups and add all the
PCs to the domain. It was impossible to ressurrect the old MS server.
Anyway I'm facing a problem about cached logons. There is no way
to make it work. I've been reading all the entries in the mailing
list archives and MS information about it unsuccessfully.
First of all, some people said in the archives that samba can't
do cached logons, that's later refuted by people who log all
the summer in a networkless computer. So it looks it should work.
Is there something required in the samba server to make it work ?
We have no ldap. Remote profiles were allowed the first day
but now it is turned off.
I've checked the registry here. It was 10 now 50. Nothing changed.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
ValueName: CachedLogonsCount
Data Type: REG_SZ
Values: 0 - 50
The former windows admin said he changed nothing to make it work in
w2k. It just worked.
Clients are Windows XP.
Server is a debian etch, samba-3.0.24-6. An extract from smb.conf:
[global]
obey pam restrictions = Yes
passdb backend = tdbsam
logon script = \usuari\%U.bat
logon drive = Z:
logon home = \\%N\netlogon
domain logons = Yes
domain master = Yes
dns proxy = No
wins support = Yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
write list = @admin
guest ok = Yes
Any hint will be really appreciated.
On Wed, 2007-06-13 at 10:57 +0200, Francesc Guasch wrote:> Hi. I can't do cached logons in our new samba server. > > I had a dead crashed W2k server quickly replaced by samba-3. > That meant create a new domain, restore backups and add all the > PCs to the domain. It was impossible to ressurrect the old MS server. > > Anyway I'm facing a problem about cached logons. There is no way > to make it work. I've been reading all the entries in the mailing > list archives and MS information about it unsuccessfully. > > First of all, some people said in the archives that samba can't > do cached logons, that's later refuted by people who log all > the summer in a networkless computer. So it looks it should work. > > Is there something required in the samba server to make it work ? > We have no ldap. Remote profiles were allowed the first day > but now it is turned off.By remote profiles, you mean roaming? Did you change them to local on the client machines, or disable the profiles share (hint: you should change them to local on the clients). I have several sites with Samba PDCs that have laptop/ mobile users who use their cached credentials regularly to most of the time, and it simply works. I haven't had to change a thing on the samba side for it to work. They even use offline files and such with great regularity, and that works just fine as well. Is there anything in your Samba logs, or in the eventlog on the affected systems that is relevant? Regards, Rubin Rubin Bennett RB Technologies http://thatitguy.com rbennett@thatitguy.com (802)223-4448 "They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety" --Benjamin Franklin, Historical Review of Pennsylvania, 1759
Hello List
I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box.
I've succesfully joined a domain, and I've configured mail with auth on
W2k3
server thorugh PAM.
YET
If I issue
mail# /usr/local/www > net rpc testjoin
Unable to find a suitable server
Join to domain 'DMSWARE' is not valid
BUT
mail# /etc > net rpc testjoin -S orion
Join to 'DMSWARE' is OK
AND
mail# /usr/local/www > net ads testjoin
Join is OK
I know that RPC and ADS use two different methods to find the server... But
RPC shouldn't net rpc first try with files, then DNS, then broadcast ?
And giving "-S orion" is nothing more than what is already listed in
smb.conf
So Why RPC fails ?
Here are my conf files
**********************
mail# /etc > less nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
#hosts: files dns wins
hosts: files dns bcast
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
nsswitch.conf (END)
**********************
mail# /etc > less smb.conf
[global]
workgroup = DMSWARE
Wins support = yes
dns proxy = yes
name resolve order = host wins bcast
local master = yes
domain master = no
preferred master = auto
enhanced browsing = yes
#encrypt password = yes # YES = Default
realm = DMSWARE.it
server string = mail
security = ADS
password server = orion
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
client use spnego = yes
server signing = auto
client signing = auto
#passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
#passwd chat debug = yes
log file = /var/log/samba/log.%m
add user script = /usr/sbin/pw useradd %u
delete user script = /usr/sbin/pw userdel %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/pw groupdel %g
preferred master = No
template homedir = /home/%U
template shell = /bin/csh
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap domains = DMSWARE
idmap config DMSWARE:range = 10000-49999
idmap config DMSWARE:base_rid = 0
idmap config DMSWARE:backend = rid
**********************
mail# /etc > less hosts
127.0.0.1 localhost.DMSWARE.it localhost
192.168.1.38 MAIL.DMSWARE.it MAIL
192.168.1.38 MAIL.DMSWARE.it.
192.168.0.12 orion.dmsware.it
192.168.0.12 orion
hosts (END)
Thanks everybody for any help