FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-20-2009, 10:13 PM
Tom H
 
Default Horrible problem with SAMBA -- Does Karmic work?

Pete Clapham wrote:

> I have done a clean install of Karmic on my file server and am tearing my
> hair out.* I'm almost ready to bolt for Red Hat!

> I have tried numerous times to set up SAMBA so that students can log into
> the system and access the files they need to access.* They can't.* The
> latest error is that the machine account isn't set up.* But I can't find
> where the machine account is.* When I upgraded from Jaunty (which worked
> fine), I got this error and was unable to delete the machine password from
> the /etc/samba/smbpasswd file to reload it.* Now there isn't an
> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
> Any ideas?* Students can log in directly to the server or via ssh.* The
> problem is samba, and it appears to be the machine accounts.

The default for both Jaunty and Karmic is for Samba's smbpasswd to use
/var/lib/samba/passdb.tdb and /var/lib/samba/secrets.tdb (I assume
that you upgraded "in place" to Jaunty if you were using
/etc/samba/smbpasswd on Jaunty).

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-21-2009, 03:42 PM
Pete Clapham
 
Default Horrible problem with SAMBA -- Does Karmic work?

Pete Clapham wrote:


Hi, all --



I have done a clean install of Karmic on my file server and am tearing
my hair out.* I'm almost ready to bolt for Red Hat!



I have tried numerous times to set up SAMBA so that students can log
into the system and access the files they need to access.* They can't.*
The latest error is that the machine account isn't set up.* But I can't
find where the machine account is.* When I upgraded from Jaunty (which
worked fine), I got this error and was unable to delete the machine
password from the /etc/samba/smbpasswd file to reload it.* Now there
isn't an /etc/samba/smbpasswd file at all, so the accounts must be
stored elsewhere.* Any ideas?* Students can log in directly to
the server or via ssh.* The problem is samba, and it appears to be the
machine accounts.




Thanks to the two who responded to this email.* However, this still
leaves the question open as to whether I need to establish accounts for
both users and workstations; I assume I do.* The TDBs seem to record
the users correctly, but they do not appear to record the
workstations.* The way I've been doing this is, first, "useradd -M -N
-s /bin/false <machinename$>", then "passwd -l
<machinename$>", then "smbpasswd -a -m <machinename>".* I
get the message that users are added with the final statement (or
deleted with smbpasswd -x -m <machinename>), but then I get the
message that the workstation accounts aren't established when I try to
log in on them.* I suspect that the smbpasswd program is trying to
write something to somewhere, but it's the tbd files that are actually
controlling things.* Do I use pdbedit for this, as I do with the users?



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-24-2009, 04:14 AM
Tom H
 
Default Horrible problem with SAMBA -- Does Karmic work?

>> I have done a clean install of Karmic on my file server and am tearing my
>> hair out. I'm almost ready to bolt for Red Hat!
>> I have tried numerous times to set up SAMBA so that students can log into
>> the system and access the files they need to access. They can't. The
>> latest error is that the machine account isn't set up. But I can't find
>> where the machine account is. When I upgraded from Jaunty (which worked
>> fine), I got this error and was unable to delete the machine password from
>> the /etc/samba/smbpasswd file to reload it. Now there isn't an
>> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
>> Any ideas? Students can log in directly to the server or via ssh. The
>> problem is samba, and it appears to be the machine accounts.

> Thanks to the two who responded to this email. However, this still leaves
> the question open as to whether I need to establish accounts for both users
> and workstations; I assume I do. The TDBs seem to record the users
> correctly, but they do not appear to record the workstations. The way I've
> been doing this is, first, "useradd -M -N -s /bin/false <machinename$>",
> then "passwd -l <machinename$>", then "smbpasswd -a -m <machinename>". I
> get the message that users are added with the final statement (or deleted
> with smbpasswd -x -m <machinename>), but then I get the message that the
> workstation accounts aren't established when I try to log in on them. I
> suspect that the smbpasswd program is trying to write something to
> somewhere, but it's the tbd files that are actually controlling things. Do
> I use pdbedit for this, as I do with the users?

I have only ever used pdbedit for listing users (with -Lw or -Lv) but
it can be used to create, modify, and delete users and groups just
like smbpasswd. It can also create and modifies account policies but I
have not used these functions or even looked into them.

Your useradd-passwd-smbpasswd sequence seems correct (I would have
added "-g <gid>" or "-g 65534" rather than "-N" to the passwd
invocation, out of habit rather than out of necessity AFAIK - and I
assume that the missing $ at the end of the smbpasswd invocation is an
email typo).

Run
pdbedit -Lv <hostname>$
to make sure that you have "W" on the account flags line
and
to make sure that you have your domain/workgroup on the domain line
(and not your server name)

Questions:

1. How do you know that it is the machine accounts that are failing
you? Please check your logs (or possibly increase the log level,
restart samba, try logging on, and check your logs).

2. How is your smb.conf set up? Which security setting have you
chosen? Do you have a netlogon section?

3. Do you really need to have a domain setup with machine accounts
(since you seem to have just one box)?

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-25-2009, 12:17 AM
Pete Clapham
 
Default Horrible problem with SAMBA -- Does Karmic work?

Tom H wrote:
>>> I have done a clean install of Karmic on my file server and am tearing my
>>> hair out. I'm almost ready to bolt for Red Hat!
>>> I have tried numerous times to set up SAMBA so that students can log into
>>> the system and access the files they need to access. They can't. The
>>> latest error is that the machine account isn't set up. But I can't find
>>> where the machine account is. When I upgraded from Jaunty (which worked
>>> fine), I got this error and was unable to delete the machine password from
>>> the /etc/samba/smbpasswd file to reload it. Now there isn't an
>>> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
>>> Any ideas? Students can log in directly to the server or via ssh. The
>>> problem is samba, and it appears to be the machine accounts.
>>>
>
>> Thanks to the two who responded to this email. However, this still leaves
>> the question open as to whether I need to establish accounts for both users
>> and workstations; I assume I do. The TDBs seem to record the users
>> correctly, but they do not appear to record the workstations. The way I've
>> been doing this is, first, "useradd -M -N -s /bin/false<machinename$>",
>> then "passwd -l<machinename$>", then "smbpasswd -a -m<machinename>". I
>> get the message that users are added with the final statement (or deleted
>> with smbpasswd -x -m<machinename>), but then I get the message that the
>> workstation accounts aren't established when I try to log in on them. I
>> suspect that the smbpasswd program is trying to write something to
>> somewhere, but it's the tbd files that are actually controlling things. Do
>> I use pdbedit for this, as I do with the users?
>>
> I have only ever used pdbedit for listing users (with -Lw or -Lv) but
> it can be used to create, modify, and delete users and groups just
> like smbpasswd. It can also create and modifies account policies but I
> have not used these functions or even looked into them.
>
> Your useradd-passwd-smbpasswd sequence seems correct (I would have
> added "-g<gid>" or "-g 65534" rather than "-N" to the passwd
> invocation, out of habit rather than out of necessity AFAIK - and I
> assume that the missing $ at the end of the smbpasswd invocation is an
> email typo).
>
> Run
> pdbedit -Lv<hostname>$
> to make sure that you have "W" on the account flags line
> and
> to make sure that you have your domain/workgroup on the domain line
> (and not your server name)
>
> Questions:
>
> 1. How do you know that it is the machine accounts that are failing
> you? Please check your logs (or possibly increase the log level,
> restart samba, try logging on, and check your logs).
>
> 2. How is your smb.conf set up? Which security setting have you
> chosen? Do you have a netlogon section?
>
> 3. Do you really need to have a domain setup with machine accounts
> (since you seem to have just one box)?
>
>
Thanks for your input. I've learned a lot more about the problem in the
last few days, and every time I think I understand what's going on I
find out I don't. Students can log into the server locally and via ssh,
and they can access network resources via "net use @:
servernameshare". However, they can't log on using samba -- UNLESS
they are working on a workstation on which they were working before I
upgraded the server, and it has their Windows profile. Then, they can
indeed log into the system under their own name, but the system gives
them the error message that it can't find their roming profile and it's
logging them on using their local profile. This is very strange
behavior; it doesn't fall into anything I've ever seen before.

Anyhow, here's the smb.conf file:

# Samba config file created using SWAT
# from UNKNOWN (127.0.0.)
# Date: 2009/11/21 17:16:53

[global]
workgroup = ERSL
server string = Environmental Remote Sensing Laboratory
netbios aliases = earth.sr-02-01.csuohio.edu
interfaces = eth1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
logon drive = X:
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home2/%D/%U
template shell = /bin/bash
admin users = clapham

[homes]
comment = Home Directories
valid users = %S
read only = No

#[netlogon]
#comment = Network Logon Service
#path = /home/samba/netlogon

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root, @ersladmin

[cdrom]
comment = Samba server's CD-ROM
path = /cdrom
guest ok = Yes
locking = No
preexec = /bin/mount /cdrom
postexec = /bin/umount /cdrom

[imaginex]
comment = ERDAS Imagine files
path = /applications/imaginex

[ghost]
comment = GHOST files
path = /applications/ghost
valid users = clapham

[images]
comment = Lewis Images Files
path = /applications/images

[testdata]
comment = Test Data Files
path = /applications/testdata

[testques]
comment = Test Question Files
path = /applications/testques
read only = No
browseable = No
browsable = No

[ESRIex]
comment = ESRI imagery files
path = /applications/ESRIex

[hcdn]
comment = HydroClimatic Data Network
path = /applications/courseware/hcdn

[hcdn92]
comment = HydroClimatic Data Network Files
path = /applications/courseware/hcdn92

[momnpop]
comment = Mom and Pop Model
path = /applications/courseware/momnpop

[gisrs]
comment = GIS and Remote Sensing Support Files
path = /applications/courseware/GIS-RS

[ETProject]
comment = Common project files for ET Project
path = /home1/ETProject
valid users = amundsen, clapham, wells
read only = No
[homes]
comment = Home Directories
valid users = %S
read only = No

Here's the pdbedit -Lv for one workstation. You will notice that there
is a W in the proper place, and the domain is correct

Unix username: columbia$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-1977151345-229110656-292509728-1066
Primary Group SID: S-1-5-21-1977151345-229110656-292509728-513
Full Name:
Home Directory: earthcolumbia_
HomeDir Drive: X:
Logon Script:
Profile Path: earthcolumbia_profile
Domain: ERSL
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Sun, 22 Nov 2009 10:35:41 EST
Password can change: Sun, 22 Nov 2009 10:35:41 EST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Any help you can provide would be very welcome. As for your questions,
I think the first two have been answered. As for the third, I am
actually running 5 servers and about 20 workstations. It really does
make sense, both for the size of the operation and the nature of what
we're doing, to have a PDC.

cheers,
pete

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-25-2009, 01:36 PM
Tom H
 
Default Horrible problem with SAMBA -- Does Karmic work?

>>>> I have done a clean install of Karmic on my file server and am tearing my
>>>> hair out. I'm almost ready to bolt for Red Hat!
>>>> I have tried numerous times to set up SAMBA so that students can log into
>>>> the system and access the files they need to access. They can't. The
>>>> latest error is that the machine account isn't set up. But I can't find
>>>> where the machine account is. When I upgraded from Jaunty (which worked
>>>> fine), I got this error and was unable to delete the machine password from
>>>> the /etc/samba/smbpasswd file to reload it. Now there isn't an
>>>> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
>>>> Any ideas? Students can log in directly to the server or via ssh. The
>>>> problem is samba, and it appears to be the machine accounts.

>>> Thanks to the two who responded to this email. However, this still leaves
>>> the question open as to whether I need to establish accounts for both users
>>> and workstations; I assume I do. The TDBs seem to record the users
>>> correctly, but they do not appear to record the workstations. The way I've
>>> been doing this is, first, "useradd -M -N -s /bin/false<machinename$>",
>>> then "passwd -l<machinename$>", then "smbpasswd -a -m<machinename>". I
>>> get the message that users are added with the final statement (or deleted
>>> with smbpasswd -x -m<machinename>), but then I get the message that the
>>> workstation accounts aren't established when I try to log in on them. I
>>> suspect that the smbpasswd program is trying to write something to
>>> somewhere, but it's the tbd files that are actually controlling things. Do
>>> I use pdbedit for this, as I do with the users?

>> I have only ever used pdbedit for listing users (with -Lw or -Lv) but
>> it can be used to create, modify, and delete users and groups just
>> like smbpasswd. It can also create and modifies account policies but I
>> have not used these functions or even looked into them.

>> Your useradd-passwd-smbpasswd sequence seems correct (I would have
>> added "-g<gid>" or "-g 65534" rather than "-N" to the passwd
>> invocation, out of habit rather than out of necessity AFAIK - and I
>> assume that the missing $ at the end of the smbpasswd invocation is an
>> email typo).

>> Run
>> pdbedit -Lv<hostname>$
>> to make sure that you have "W" on the account flags line
>> and
>> to make sure that you have your domain/workgroup on the domain line
>> (and not your server name)

>> Questions:

>> 1. How do you know that it is the machine accounts that are failing
>> you? Please check your logs (or possibly increase the log level,
>> restart samba, try logging on, and check your logs).

>> 2. How is your smb.conf set up? Which security setting have you
>> chosen? Do you have a netlogon section?

>> 3. Do you really need to have a domain setup with machine accounts
>> (since you seem to have just one box)?

> Thanks for your input. I've learned a lot more about the problem in the
> last few days, and every time I think I understand what's going on I
> find out I don't. Students can log into the server locally and via ssh,
> and they can access network resources via "net use @:
> servernameshare". However, they can't log on using samba -- UNLESS
> they are working on a workstation on which they were working before I
> upgraded the server, and it has their Windows profile. Then, they can
> indeed log into the system under their own name, but the system gives
> them the error message that it can't find their roming profile and it's
> logging them on using their local profile. This is very strange
> behavior; it doesn't fall into anything I've ever seen before.

> Anyhow, here's the smb.conf file:

> [global]
> workgroup = ERSL
> server string = Environmental Remote Sensing Laboratory
> netbios aliases = earth.sr-02-01.csuohio.edu
> interfaces = eth1
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> logon drive = X:
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template homedir = /home2/%D/%U
> template shell = /bin/bash
> admin users = clapham

> #[netlogon]
> #comment = Network Logon Service
> #path = /home/samba/netlogon

> Here's the pdbedit -Lv for one workstation.

> Unix username: columbia$
> Account Flags: [W ]
> User SID: S-1-5-21-1977151345-229110656-292509728-1066
> Primary Group SID: S-1-5-21-1977151345-229110656-292509728-513
> Domain: ERSL

> Any help you can provide would be very welcome. As for your questions,
> I think the first two have been answered. As for the third, I am
> actually running 5 servers and about 20 workstations. It really does
> make sense, both for the size of the operation and the nature of what
> we're doing, to have a PDC.

No probs. I was only questioning the use of a PDC because you seemed
to have just one server judging from your previous posts. My mistaken
assumption.

"net use @: servernameshare" means that samba _shares_ are working
for "servername". So your Samba usernames are being authorised fro
servername...

Logging on to a local profile is standard behaviour for a Windows
workstation when it cannot find a DC. (FYI, in Win networks, there is
a time limit to being able to do so - I have forgotten whether it is a
set period - three weeks comes to mind - or a function of password
ageing.)

For a PDC smb.conf, you need your netlogon section to be uncommented
and with the correct path and "logon path" and "logon home" in the
global section.

Also, for a PDC, if you haven't done so, you need to add group maps of
the Domain Administrators and Domain Users Win groups to Linux groups.

Once you make those changes and restart Samba, create a test user, and
try to log on to the domain.

You might want to cross-post at
https://lists.samba.org/mailman/listinfo/samba

One more question: Did you re-create the user and machine accounts?

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-29-2009, 03:43 PM
Pete Clapham
 
Default Horrible problem with SAMBA -- Does Karmic work?

Tom H wrote:
>>>>> I have done a clean install of Karmic on my file server and am tearing my
>>>>> hair out. I'm almost ready to bolt for Red Hat!
>>>>> I have tried numerous times to set up SAMBA so that students can log into
>>>>> the system and access the files they need to access. They can't. The
>>>>> latest error is that the machine account isn't set up. But I can't find
>>>>> where the machine account is. When I upgraded from Jaunty (which worked
>>>>> fine), I got this error and was unable to delete the machine password from
>>>>> the /etc/samba/smbpasswd file to reload it. Now there isn't an
>>>>> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
>>>>> Any ideas? Students can log in directly to the server or via ssh. The
>>>>> problem is samba, and it appears to be the machine accounts.
>>>>>
>
>>>> Thanks to the two who responded to this email. However, this still leaves
>>>> the question open as to whether I need to establish accounts for both users
>>>> and workstations; I assume I do. The TDBs seem to record the users
>>>> correctly, but they do not appear to record the workstations. The way I've
>>>> been doing this is, first, "useradd -M -N -s /bin/false<machinename$>",
>>>> then "passwd -l<machinename$>", then "smbpasswd -a -m<machinename>". I
>>>> get the message that users are added with the final statement (or deleted
>>>> with smbpasswd -x -m<machinename>), but then I get the message that the
>>>> workstation accounts aren't established when I try to log in on them. I
>>>> suspect that the smbpasswd program is trying to write something to
>>>> somewhere, but it's the tbd files that are actually controlling things. Do
>>>> I use pdbedit for this, as I do with the users?
>>>>
>
>>> I have only ever used pdbedit for listing users (with -Lw or -Lv) but
>>> it can be used to create, modify, and delete users and groups just
>>> like smbpasswd. It can also create and modifies account policies but I
>>> have not used these functions or even looked into them.
>>>
>
>>> Your useradd-passwd-smbpasswd sequence seems correct (I would have
>>> added "-g<gid>" or "-g 65534" rather than "-N" to the passwd
>>> invocation, out of habit rather than out of necessity AFAIK - and I
>>> assume that the missing $ at the end of the smbpasswd invocation is an
>>> email typo).
>>>
>
>>> Run
>>> pdbedit -Lv<hostname>$
>>> to make sure that you have "W" on the account flags line
>>> and
>>> to make sure that you have your domain/workgroup on the domain line
>>> (and not your server name)
>>>
>
>>> Questions:
>>>
>
>>> 1. How do you know that it is the machine accounts that are failing
>>> you? Please check your logs (or possibly increase the log level,
>>> restart samba, try logging on, and check your logs).
>>>
>
>>> 2. How is your smb.conf set up? Which security setting have you
>>> chosen? Do you have a netlogon section?
>>>
>
>>> 3. Do you really need to have a domain setup with machine accounts
>>> (since you seem to have just one box)?
>>>
>
>> Thanks for your input. I've learned a lot more about the problem in the
>> last few days, and every time I think I understand what's going on I
>> find out I don't. Students can log into the server locally and via ssh,
>> and they can access network resources via "net use @:
>> servernameshare". However, they can't log on using samba -- UNLESS
>> they are working on a workstation on which they were working before I
>> upgraded the server, and it has their Windows profile. Then, they can
>> indeed log into the system under their own name, but the system gives
>> them the error message that it can't find their roming profile and it's
>> logging them on using their local profile. This is very strange
>> behavior; it doesn't fall into anything I've ever seen before.
>>
>
>> Anyhow, here's the smb.conf file:
>>
>
>> [global]
>> workgroup = ERSL
>> server string = Environmental Remote Sensing Laboratory
>> netbios aliases = earth.sr-02-01.csuohio.edu
>> interfaces = eth1
>> syslog = 0
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> logon drive = X:
>> domain logons = Yes
>> preferred master = Yes
>> domain master = Yes
>> wins support = Yes
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> template homedir = /home2/%D/%U
>> template shell = /bin/bash
>> admin users = clapham
>>
>
>> #[netlogon]
>> #comment = Network Logon Service
>> #path = /home/samba/netlogon
>>
>
>> Here's the pdbedit -Lv for one workstation.
>>
>
>> Unix username: columbia$
>> Account Flags: [W ]
>> User SID: S-1-5-21-1977151345-229110656-292509728-1066
>> Primary Group SID: S-1-5-21-1977151345-229110656-292509728-513
>> Domain: ERSL
>>
>
>> Any help you can provide would be very welcome. As for your questions,
>> I think the first two have been answered. As for the third, I am
>> actually running 5 servers and about 20 workstations. It really does
>> make sense, both for the size of the operation and the nature of what
>> we're doing, to have a PDC.
>>
> No probs. I was only questioning the use of a PDC because you seemed
> to have just one server judging from your previous posts. My mistaken
> assumption.
>
> "net use @: servernameshare" means that samba _shares_ are working
> for "servername". So your Samba usernames are being authorised fro
> servername...
>
> Logging on to a local profile is standard behaviour for a Windows
> workstation when it cannot find a DC. (FYI, in Win networks, there is
> a time limit to being able to do so - I have forgotten whether it is a
> set period - three weeks comes to mind - or a function of password
> ageing.)
>
> For a PDC smb.conf, you need your netlogon section to be uncommented
> and with the correct path and "logon path" and "logon home" in the
> global section.
>
> Also, for a PDC, if you haven't done so, you need to add group maps of
> the Domain Administrators and Domain Users Win groups to Linux groups.
>
> Once you make those changes and restart Samba, create a test user, and
> try to log on to the domain.
>
> You might want to cross-post at
> https://lists.samba.org/mailman/listinfo/samba
>
> One more question: Did you re-create the user and machine accounts?
>
>
Tom --

Thank you for your comments. I assumed that the netlogon had something
to do with the problem. The form in which it was in the smb.conf file
was what's worked find for the last 3 years in Samba and which stopped
working when I upgraded to Karmic (hence the post on ubuntu-users). Did
Karmic change the default logon path and/or logon home? (I'm not really
sure what these are anyhow), Also I'm not sure what group maps are.
Can you advise?

Thanks.

BTW, I did recreate the user and machine accounts when I reloaded Karmic.

cheers,
pete

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-02-2009, 09:24 PM
Tom H
 
Default Horrible problem with SAMBA -- Does Karmic work?

> Thank you for your comments. I assumed that the netlogon had something
> to do with the problem. The form in which it was in the smb.conf file
> was what's worked find for the last 3 years in Samba and which stopped
> working when I upgraded to Karmic (hence the post on ubuntu-users). Did
> Karmic change the default logon path and/or logon home? (I'm not really
> sure what these are anyhow), Also I'm not sure what group maps are.
> Can you advise?
> BTW, I did recreate the user and machine accounts when I reloaded Karmic.

You're welcome.

1) Netlogon share

I was amazed to read that you have had a PDC without a netlogon share
for three years so I checked the samba.org documentation.

***quote***
A domain controller is an SMB/CIFS server that:

* Registers and advertises itself as a domain controller (through
NetBIOS broadcasts as well as by way of name registrations either by
Mailslot Broadcasts over UDP broadcast, to a WINS server over UDP
unicast, or via DNS and Active Directory).

* Provides the NETLOGON service. (This is actually a collection of
services that runs over multiple protocols. These include the LanMan
logon service, the Netlogon service, the Local Security Account
service, and variations of them.)

* Provides a share called NETLOGON."
***endquote***

from
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

and

***quote***
# The netlogon share is required for
# functioning as the primary domain controller.
# Make sure the directory used for the path exists.

[netlogon]
path = /usr/local/samba/lib/netlogon
writable = no
browsable = no
***endquote***
from
http://www.samba.org/samba/docs/using_samba/appa.html

***quote***
NETLOGON Share

The NETLOGON share plays a central role in domain logon and domain
membership support. This share is provided on all Microsoft domain
controllers. It is used to provide logon scripts, to store group
policy files (NTConfig.POL), as well as to locate other common tools
that may be needed for logon processing. This is an essential share on
a domain controller.
***endquote***
from
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

So, if it worked, it worked, but the documentation is clear that the
netlogon share is required unless it is out of date or it is
incomplete/inaccurate and the share is unnecessary if you do not use
logon scripts.


2) Groups maps

***quote***
Samba 3.0.x series releases before 3.0.23 automatically created group
mappings for the essential Windows domain groups Domain Admins, Domain
Users, Domain Guests. Commencing with Samba 3.0.23 these mappings need
to be created by the Samba administrator. Failure to do this may
result in a failure to correctly authenticate and recoognize valid
domain users. When this happens users will not be able to log onto the
Windows client.
Note

Group mappings are essential only if the Samba servers is running as a
PDC/BDC. Stand-alone servers do not require these group mappings.

The following mappings are required:

Domain Group RID Example UNIX Group
Domain Admins 512 root
Domain Users 513 users
Domain Guests 514 nobody
***endquote***
from
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html


3) logon path and/or logon home

"logon path" is where your users' roaming profiles are/will be stored.
According to its man pages, Karmic uses the defaults set by the Samba
team.


4) Recreation of accounts

I had hoped to look it up since I last replied to you but I have not
had the time. I think that the SIDs of your boxes will have the
previous domain's SID and you may have to take them out of the domain
and add them back in for them to have the correct SID (another option
is to get the previous domain SID and change the new one to the old
one). The mention f adding of boxes to the domain also reminds me that
you need to add root to samba with a RID of 500.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 03:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org