Hi once again
Now I have almost everything working, that is, Samba 3.0.2 with Ldap database (messages ok when reading), and I want it to be a PDC, everything seems to work fine when registering machines or users, but when logging, I mean, entering W2k-Sp4, my computers (two of them) reset themselves: they begin to load the user defined stuff and then when one expects the the navigator bar to appear, comes the reset.
When I try to add a user to the domain from a computer, also seems to work well but with level-3 debugging appears the 'SAMR_Q_SET_USERINFO' sentence. (username: rasuser, machine fmdv-4tpb8aqct4$, domain fmdv, machine pdc: linuxtest, mcasas is another user messing around ?)
-------------------------
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=FMDV))]
smbldap_open_connection: connection opened
netbios connect: name1=LINUXTEST name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: root
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
Returning domain sid for domain FMDV -> S-1-5-21-78767638-71612024-1917398797
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
samr_io_userinfo_ctr: unknown switch level 0x1a
api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_ldap_from_sam: Setting entry for user: fmdv-4tpb8aqct4$
ldapsam_update_sam_account: successfully modified uid = fmdv-4tpb8aqct4$ in the LDAP database
init_sam_from_ldap: Entry found for user: rasuser
-------------------------
that seems to say it's impossible to write the profile... but the user is ok.
So far I have searched in google, sambalists, and the same 'SAMR_Q_SET_USERINFO' problem was reported for WXP-Sp1, (you can see the reported problems of W2k-Sp4 in http://www.w2knews.com/anecdotes.htm , anecdote 11). The more or less accepted solution is to include in smb.conf "profiles acls=yes" and/or "nt acl support = yes". Even more, one machine has W2k-Sp2 so it shouldn't affect it but it does.
So in my case the two modifiers didn't work at all, so I wonder if it has sth to do with the profiles or the netlogon, that is, it is supposed to exist a file ntconfig.pol in \\server\netlogon, with a default user and a default computer defined in it, the way winnt.adm describes, am I wrong? and this must be put there by hand, or samba should do it automatic? can samba run without it?
Beside, when registering a new user, from any machine, then windows should copy a profile in \\server\profiles\%u, with an important file ntuser.dat, ok? well my system doesn't, has anybody experienced sth so tricky? Or do I have to copy manually the profiles from Win? Anyway I had copied it but doesn't work.
Here is the typical level-2 log of a connection attempt (fmdv-domain, linuxtest- samba pdc name, mcasas -usrname, FMDV-xxx machine name)
-----------------
netbios connect: name1=LINUXTEST name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: mcasas
netsec_decode: FAILED: packet sequence number:
[000] 49 94 01 FB 41 EE 52 8A I...A.R.
should be:
[000] 00 00 00 00 80 00 00 00 ........
failed to decode PDU
process_request_pdu: failed to do schannel processing.
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: mcasas
check_ntlm_password: authentication for user [mcasas] -> [mcasas] -> [mcasas] succeeded
init_sam_from_ldap: Entry found for user: mcasas
check_ntlm_password: authentication for user [mcasas] -> [mcasas] -> [mcasas] succeeded
fmdv-4tpb8aqct4 (192.168.1.3) connect to service netlogon initially as user mcasas (uid=1000, gid=100) (pid 8323)
<---- here comes the reset --->
netbios connect: name1=LINUXTEST name2=FMDV-4TPB8AQCT4
netbios connect: local=linuxtest remote=fmdv-4tpb8aqct4, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
init_sam_from_ldap: Entry found for user: mcasas
init_group_from_ldap: Entry found for group: 100
init_sam_from_ldap: Entry found for user: fmdv-4tpb8aqct4$
init_sam_from_ldap: Entry found for user: mcasas
-----------------
Of course testparm functions without complaining, and I have brought together under 'users' in ldap database, the registered users and the computers. A copy of my smb.conf is after the signature
Somebody can help me? I have almost no ideas, so thanks in advance.
------------------------------ Miguel Casas-S�nchez FDMV L�beck m.casas_at_falk-meddv.de ------------------------------
# Samba config file created by mcasas # from 127.0.0.1 (127.0.0.1) # Date: 2004/05/13 16:04:41
# Global parameters
[global]
workgroup = FMDV
server string = Linuxtest server : SAMBA %v - LDAP
interfaces = 192.168.1.70
map to guest = Bad User
passdb backend = ldapsam
passwd program = /usr/local/sbin/smbldap-passwd -o %u
passwd chat = *New*passwd* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*
username map = /etc/samba/user.map
unix password sync = Yes
#
log level =2
syslog = 0
log file = /var/log/samba.log
# max log size = 50
timestamp logs= no
#
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
add user script = /usr/local/sbin/smbldap-useradd -m %U
add machine script = /usr/local/sbin/smbldap-useradd -w %m$
#
#
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = yes
security=user
#
ldap ssl = no
ldap suffix = "dc=local,dc=falk-meddv"
ldap admin dn= "cn=Manager,dc=local,dc=falk-meddv"
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
#
logon path=\\%L\profiles\%U
profiles acls=yes
nt acl support=yes
#
[hmcasas]
comment = Home Directory of MCasas
path = /home/mcasas
valid users = mcasas
read only = No
create mask = 0640
directory mask = 0750
[hhartmut]
comment = Home Directory of Hartmut
path = /home/hartmut
valid users = hartmut
read only = No
create mask = 0640
directory mask = 0750
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
browseable=no
[linduns]
comment = /tmp de Linux
path = /tmp/
valid users = root
directory mask = 0750
[netlogon]
path = /home/netlogon
read only = yes
[profiles]
path = /home/profiles/%U
read only = No
create mask = 0600
directory mask = 0700
browseable=no-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
