samba - Nov 2007 - Domain logon through VPN with WINS

Hi!
 
I'm experiencing some serious problems setting up Samba as PDC. File sharing
works fine and I can even add my computer to the domain, but when I reboot I
can't log in with my samba username and password. I've previously set up
similiar server, though it wasn't trough VPN. I'm running latest Debian
Etch with every package upgraded. I've also tried some older samba packages.
 
 
 
Here's my smb.conf:
 
 
 [global]

server string = Samba file sharing 

workgroup = KOTI
netbios name = MACHINAE


wins support = yes

name resolve order = lmhosts host wins bcast


dos charset = CP852
unix charset = ISO8859-1
display charset = LOCALE

dos filetime resolution=yes



#### Networking ####



interfaces = 10.10.0.1


bind interfaces only = true


socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

#hosts allow = 127.0.0.1 10.10.0.0/24 10.10.1.0/24
#hosts deny = 0.0.0.0/0


remote announce = 10.10.0.255/KOTI \
                  10.10.1.255/KOTI








#### Debugging/Accounting ####


log file = /var/log/samba/log.%m

max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d







####### Authentication #######



security = user

admin users = @ntadmins

force group = ntusers

passdb backend = smbpasswd

map to guest = Bad User

unix password sync = no 

encrypt passwords = true

passwd program = /usr/bin/passwd %u

passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:*
%n\n *password\supdated\ssuccessfully* .







########## Domains ###########


domain logons = yes

local master = yes

domain master = yes

preferred master = yes

os level = 64







########## Printing ##########

load printers = no







############ Misc ############



#======================= Share Definitions ======================
[IPC$] 
path = /tmp
read only = no
browseable = no
#hosts allow = 10.10.0.0/24 10.10.1.0/24 127.0.0.1
valid users = @ntusers @ntadmins

[ADMIN$] 
path = /tmp
read only = no
browseable = no
#hosts allow = 10.10.0.0/24 10.10.1.0/24 127.0.0.1
valid users = @ntusers @ntadmins


[netlogon] 
path = /var/lib/samba/netlogon 
read only = yes 
browseable = no
valid users = @ntusers @ntadmins


[profiles]
path = /var/lib/samba/profiles
read only = no
browseable = no
create mask = 0660
directory mask = 0770
valid users = @ntusers @ntadmins



[WWW]
comment = WWW-data
path = /var/www
read only = no
browseable = yes
share modes = yes
create mode = 0660
directory mode = 0770
guest ok = no
valid users = @ntusers @ntadmins


[Kotikansiot]
comment = K?ytt?jien kotikansiot
path = /var/lib/samba/kotikansiot
read only = no
browseable = yes
share modes = yes
create mode = 0660
directory mode = 0770
guest ok = no
valid users = @ntusers @ntadmins
 

 /etc/samba/smbpasswd (slightly modified) jukankone$:1007:X:[W         
]:LCT-472E1182:
jukka:1000:X:[U          ]:LCT-472E1087:
spider:1005:X:[U          ]:LCT-472E108D:
jukankone.vpn$:1008:X:[W          ]:LCT-472E1759:
root:0:X:[U          ]:LCT-472E1958:     /etc/passwd
jukka:x:1000:1001:Jukka:/home/jukka:/bin/bash   /etc/group
ntusers:x:1008:jukka,jari,pirita,sini,spider,jukankone$,jukankone.vpn$ntguests:x:1012:jukankone$,jukankone.vpn$ntmachines:x:1011:jukankone$,jukankone.vpn$
$ net groupmap list Domain Users (S-1-5-21-728289696-1735803817-2181290557-513)
-> ntusersDomain Computers (S-1-5-21-728289696-1735803817-2181290557-515)
-> ntmachinesDomain Admins (S-1-5-21-728289696-1735803817-2181290557-512)
-> ntadminsDomain Guests (S-1-5-21-728289696-1735803817-2181290557-514) ->
ntguests   When I try to log in to domain I get this error:
/var/log/samba/log.jukankone  [2007/11/04 21:27:40, 0]
smbd/service.c:make_connection_snum(782)  make_connection: connection to IPC$
denied due to security descriptor. This proves that my VPN connection is working
and WINS delivers correct address for my domain controller. I've also tried
with some simple config files, but either I can't even add my machine to the
domain or I get this annoying IPC$ error. [IPC$] and [ADMIN$] sections are just
for testing purproses in the config file. They had no effect whatsoever. Some
older Samba package made by default some group mappings, but this newest version
doesn't add anything. I've added those group mappings byhand, but they
didn't help.  I also tried to make another machine account with the complete
name of my machine (jukankone.vpn). That didn't help either.  Next step
obviously is to compile the latest Samba from sources, but if someone knows
anything about this phenomena please be nice and tell me.
_________________________________________________________________
Lataa 30 ILMAISTA hymi?t? Windows Live Messengeriisi!
http://www.livemessenger-emoticons.com/fi-fi/