Hi, I have some strange problems with 3.0a21 PDC (samba and nss use both ldap) and I can't find any good help with google...
One strange thing is that logon script does'nt work anymore, it worked at one point and now doesnt (I quite play around here and I dont know in which point of changing smb.conf it stopped to work). [netlogon] share is like that: [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = no writable = no browseable = yes public = yes and some lines from [global]: local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes logon drive = U: logon path = \\server\%U\profiles logon home = \\server\%U\ logon script = START.BAT /home/samba/netlogn/START.BAT exists, line breaks are in dos -style ... if I log into NT4 on 2K ws, then i can mount \\pdc1\netlogon share and run START.BAT there.. So what the heck can it be? Another thing was that smbgroupedit -v showd several Domain Admins and Domain Users group (with different SIDs).. So i took experimental step and deleted some of them, leaving exactly one of every group.. Can this be somehow connected to 1st problem? Also samba complained that: get_domain_user_groups: primary gid of user [john] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that so a added john's primary group to Domain Users ans Users group (but seems to change nothing): [EMAIL PROTECTED]:/var/log/samba# smbgroupedit -v NT group (SID) -> Unix group System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Admins (S-1-5-21-2072525299-305900136-1143589454-512) -> domadm Domain Guests (S-1-5-21-2072525299-305900136-1143589454-514) -> -1 Domain Users (S-1-5-21-2072525299-305900136-1143589454-513) -> users Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> users [EMAIL PROTECTED]:/var/log/samba# Third problem is locally stored profiles. How I could make such set up that when user logs out from WS , then WS would copy changed profile back to server and delete it from WS ? It's question of security and hard disk space.. 4) How could i set up client name resolution so that X client canot announce itself as DC/browse master etc? I every client resolves names via boadcast then when my DC goes down and someone brings up his nt/samba server he could do lotof damaga - collect people passwords etc... now if I had every WS configured to resolve names via WINS and wins configured with static netbios/ip resolve table, then I wouldn have to worry about this? But as I understand only way wins server works is like it adds routing support to broadcast resove mechanism... Thanks goes to everyone bothering to enlighten me..