thr3ads.net - samba - [Samba] domain trust relationship with AD 2003 and user profile and home directory problems [Jul 2008]

If this information is useful, please help other people find it:
Share via:

Lukasz Zalewski

2008-Jul-31 22:34 UTC

[Samba] domain trust relationship with AD 2003 and user profile and home directory problems

Hi!
We have a PDC for EEKS domain, running samba 3.2.0 FC9 64 bit, with the 
following trust relationships:
one way trust where EEKS trusts ITL domain which is running Samba 3.0.30 
FC8 64 bit
two way trust between EEKS and ADEEKS domain which is running Windows 
Server 2003.
Now for a given Windows XP SP2 workstation in EEEKS domain:
1. User logs onto ITL domain through the trust relationship and gets the 
appropriate profile and home directory
2. User logs onto EEKS domain and also gets the appropriate profile and 
home directory
3. User logs onto ADEEKS domain but does not get home directory nor a 
profile.
I have been looking at the logs and found the following entries:
[2008/07/31 17:44:48,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
   pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
       netr_LogonSamLogon: struct netr_LogonSamLogon
           out: struct netr_LogonSamLogon
               return_authenticator     : *
                   return_authenticator: struct netr_Authenticator
                       cred: struct netr_Credential
                           data                     : cb8ab18ac5739c1a
                       timestamp                : Thu Jul 31 17:44:47 
2008 BST
               validation               : *
                   validation               : union netr_Validation(case 3)
                   sam3                     : *
                       sam3: struct netr_SamInfo3
                           base: struct netr_SamBaseInfo
                               last_logon               : NTTIME(0)
                               last_logoff              : Thu Sep 14 
03:48:05 30828 BST
                               acct_expiry              : Thu Sep 14 
03:48:05 30828 BST
                               last_password_change     : Mon Jan  1 
00:00:47 1601 LMT
                               allow_password_change    : Mon Jan  1 
00:00:47 1601 LMT
                               force_password_change    : Thu Sep 14 
03:48:05 30828 BST
                               account_name: struct lsa_String
                                   length                   : 0x0000 (0)
                                   size                     : 0x0000 (0)
                                   string                   : *
                                       string                   : 'goo'
                               full_name: struct lsa_String
                                   length                   : 0x0000 (0)
                                   size                     : 0x0000 (0)
                                   string                   : *
                                       string                   : ''
                               logon_script: struct lsa_String
                                   length                   : 0x0000 (0)
                                   size                     : 0x0000 (0)
                                   string                   : *
                                       string                   : ''
                               profile_path: struct lsa_String
                                   length                   : 0x0000 (0)
                                   size                     : 0x0000 (0)
                                   string                   : *
                                       string                   : ''
                               home_directory: struct lsa_String
                                   length                   : 0x0000 (0)
                                   size                     : 0x0000 (0)
                                   string                   : *
                                       string                   : ''
                               home_drive: struct lsa_String
                                   length                   : 0x0000 (0)
                                   size                     : 0x0000 (0)
                                   string                   : *
                                       string                   : ''
                               logon_count              : 0x0000 (0)
                               bad_password_count       : 0x0000 (0)
                               rid                      : 0x00000456

which seems to suggest that the necessary information is equal to the 
empty string (That information does exist in AD). Is this happening due 
to the misconfiguration of samba, or AD? Can this be done at all? If so 
what do i need to change? If this cannot be change can i override the 
above settings through samba?
I have run out of ideas so any suggestions would be much appreciated

Regards

Lukasz

Possibly Parallel Threads

Search for more maybe matching threads

samba - Jul 2008 - domain trust relationship with AD 2003 and user profile and home directory problems

[Samba] domain trust relationship with AD 2003 and user profile and home directory problems

Possibly Parallel Threads

Wisdom of the Ancients