[Samba] Domain logon through VPN with WINS

Sun, 04 Nov 2007 12:13:34 -0800 

Hi!
 
I'm experiencing some serious problems setting up Samba as PDC. File sharing 
works fine and I can even add my computer to the domain, but when I reboot I 
can't log in with my samba username and password. I've previously set up 
similiar server, though it wasn't trough VPN. I'm running latest Debian Etch 
with every package upgraded. I've also tried some older samba packages.
 
 
 
Here's my smb.conf:
 
 
 [global]

server string = Samba file sharing 

workgroup = KOTI
netbios name = MACHINAE


wins support = yes

name resolve order = lmhosts host wins bcast


dos charset = CP852
unix charset = ISO8859-1
display charset = LOCALE

dos filetime resolution=yes



#### Networking ####



interfaces = 10.10.0.1


bind interfaces only = true


socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

#hosts allow = 127.0.0.1 10.10.0.0/24 10.10.1.0/24
#hosts deny = 0.0.0.0/0


remote announce = 10.10.0.255/KOTI \
                  10.10.1.255/KOTI








#### Debugging/Accounting ####


log file = /var/log/samba/log.%m

max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d







####### Authentication #######



security = user

admin users = @ntadmins

force group = ntusers

passdb backend = smbpasswd

map to guest = Bad User

unix password sync = no 

encrypt passwords = true

passwd program = /usr/bin/passwd %u

passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* 
%n\n *password\supdated\ssuccessfully* .







########## Domains ###########


domain logons = yes

local master = yes

domain master = yes

preferred master = yes

os level = 64







########## Printing ##########

load printers = no







############ Misc ############



#======================= Share Definitions =======================

[IPC$] 
path = /tmp
read only = no
browseable = no
#hosts allow = 10.10.0.0/24 10.10.1.0/24 127.0.0.1
valid users = @ntusers @ntadmins

[ADMIN$] 
path = /tmp
read only = no
browseable = no
#hosts allow = 10.10.0.0/24 10.10.1.0/24 127.0.0.1
valid users = @ntusers @ntadmins


[netlogon] 
path = /var/lib/samba/netlogon 
read only = yes 
browseable = no
valid users = @ntusers @ntadmins


[profiles]
path = /var/lib/samba/profiles
read only = no
browseable = no
create mask = 0660
directory mask = 0770
valid users = @ntusers @ntadmins



[WWW]
comment = WWW-data
path = /var/www
read only = no
browseable = yes
share modes = yes
create mode = 0660
directory mode = 0770
guest ok = no
valid users = @ntusers @ntadmins


[Kotikansiot]
comment = Käyttäjien kotikansiot
path = /var/lib/samba/kotikansiot
read only = no
browseable = yes
share modes = yes
create mode = 0660
directory mode = 0770
guest ok = no
valid users = @ntusers @ntadmins
 

 /etc/samba/smbpasswd (slightly modified) jukankone$:1007:X:[W          
]:LCT-472E1182:
jukka:1000:X:[U          ]:LCT-472E1087:
spider:1005:X:[U          ]:LCT-472E108D:
jukankone.vpn$:1008:X:[W          ]:LCT-472E1759:
root:0:X:[U          ]:LCT-472E1958:     /etc/passwd 
jukka:x:1000:1001:Jukka:/home/jukka:/bin/bash   /etc/group
ntusers:x:1008:jukka,jari,pirita,sini,spider,jukankone$,jukankone.vpn$ntguests:x:1012:jukankone$,jukankone.vpn$ntmachines:x:1011:jukankone$,jukankone.vpn$
   $ net groupmap list Domain Users 
(S-1-5-21-728289696-1735803817-2181290557-513) -> ntusersDomain Computers 
(S-1-5-21-728289696-1735803817-2181290557-515) -> ntmachinesDomain Admins 
(S-1-5-21-728289696-1735803817-2181290557-512) -> ntadminsDomain Guests 
(S-1-5-21-728289696-1735803817-2181290557-514) -> ntguests   When I try to log 
in to domain I get this error: /var/log/samba/log.jukankone  [2007/11/04 
21:27:40, 0] smbd/service.c:make_connection_snum(782)  make_connection: 
connection to IPC$ denied due to security descriptor. This proves that my VPN 
connection is working and WINS delivers correct address for my domain 
controller. I've also tried with some simple config files, but either I can't 
even add my machine to the domain or I get this annoying IPC$ error. [IPC$] and 
[ADMIN$] sections are just for testing purproses in the config file. They had 
no effect whatsoever. Some older Samba package made by default some group 
mappings, but this newest version doesn't add anything. I've added those group 
mappings byhand, but they didn't help.  I also tried to make another machine 
account with the complete name of my machine (jukankone.vpn). That didn't help 
either.  Next step obviously is to compile the latest Samba from sources, but 
if someone knows anything about this phenomena please be nice and tell me.
_________________________________________________________________
Lataa 30 ILMAISTA hymiötä Windows Live Messengeriisi!
http://www.livemessenger-emoticons.com/fi-fi/--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to