Re: [Samba] samba 3.0.4 : cannot join domain with w2k clients.
Some Unix systems by default dont allow $ character as valid part of user name and these special cases must be typically handled by forcing via special switch in passwd program or somewhere in /etc/... configurations files. But this is system depended. TP - Original Message - From: HM [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 28, 2004 5:34 PM Subject: Re: [Samba] samba 3.0.4 : cannot join domain with w2k clients. I'm back ;-) Thanks a lot to all of you who take some time to help me. I finally solved the problem : the add machine script option in smb.conf seems to produce invalid machine accounts (?!). workaround : disable this option in the smb.conf file and manually create both system account AND smbpasswd entry. Hope this will help. HM a écrit : Hello all. I'm trying since a few jours to get my w2k clients join my domain, managed by my samba 3.0.4 PDC, without success. I can browse the server, share files with it with my station, but i can't join the domain. When i try to, i get the following message (sorry for the poor translation) : The following error occurred while trying to join domain 'SLS' : Failed to open a session : username unknown or invalid password. I the logs, i get the following : [2004/06/25 17:57:42, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/25 17:57:42, 3] smbd/oplock.c:init_oplocks(1226) open_oplock_ipc: opening loopback UDP socket. [2004/06/25 17:57:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2004/06/25 17:57:42, 3] smbd/oplock.c:init_oplocks(1257) open_oplock ipc: pid = 3791, global_oplock_port = 1065 [2004/06/25 17:57:42, 3] smbd/process.c:process_smb(890) Transaction 0 of length 72 [2004/06/25 17:57:42, 2] smbd/reply.c:reply_special(208) netbios connect: name1=SERVEUR name2=SLS-PHY-14 [2004/06/25 17:57:42, 2] smbd/reply.c:reply_special(215) netbios connect: local=serveur remote=sls-phy-14, name type = 0 [2004/06/25 17:57:42, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/25 17:57:42, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/06/25 17:57:42, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/06/25 17:57:42, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/25 17:57:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/06/25 17:57:42, 2] smbd/server.c:exit_server(568) Closing connections [2004/06/25 17:57:42, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2004/06/25 17:57:42, 3] smbd/server.c:exit_server(611) Server exit (process_smb: send_smb failed.) Of course, the user root is correctly mapped in the username map, and the password is correctly set. Any idea ? Thanks ! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.4 : impossible to log in the domain after a few minutes ????
Hello again, I am little bit confused with your situation. We are using Samba as PDC, but joining some W2K station to the domain implies for us creating appropriate user profile on station which is represented by domain\user string instead of before machinename\user string. This is new profile on the machine and need to be old user profile was copied into this new one to keep Desktop and Outlook Express emails and other things of user-specific settings available to user. I am confused because you wrotte, that you can login into domain from W2K client using any of the accounts on the server. For me this implies, that you have created domain profiles for each user on each machine. And I cannot imagine, that you have do that. For profiles on machine see This computer - Properties - User profiles. Also for us seems to be better to change default profile type from roaming to local to prevent profile copying between server and client. But our users have each its own station, so this is useful. Next make debug trace of one of stations and go to deep log level. You must discover in more detail, what is the real reason of logout from domain. Let me know about your current discoveries. TP - Original Message - From: HM [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 28, 2004 5:46 PM Subject: [Samba] samba 3.0.4 : impossible to log in the domain after a few minutes I'm back (twice ^^). After solving my problem about joining the domain, i now meet another strange (very strange !) issue : after joining the domain, my w2k client reboots, and i log in using any of the accounts on the server. But after 10/15 minutes, it refuses logins !! If i reboot the client, I can login successfully again for a few minutes... And so on... Strange, strange, strange... I manage nearly 50 clients with samba since 4 years, and never had such a strange issue. Any idea ? Thanks in advance ! Amiably Hubert -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Looping auth problem
Just points to think about: - do you are sure, that Samba win the fight to be a domain master browser? I am using OS level = 255 to be sure. You can take a look into /var/log/samba/log.nmbd to see the fight results. From your answer I assume, that you have more Samba servers in different roles on your network, so PDC must have highest OS level set from all to win. - you have commented out every passdb backed directives, this is confusing for me, but I am using smbpasswd, not LDAP as you. - I am using socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 - Do you are sure, that this is not LDAP-related problem? - If you know, which station if causing these repeating authorisations attempts, do you can set log level to max and make separate log files per station, to see exactly whats wrong for this one. Rest of your smb.conf seems same as my. TP -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.4 : cannot join domain with w2k clients.
Hi, I compared your smb.conf with mine. I am running Samba 3 PDC with W2K clients very well. My Samba version is 3.0.2a-1 (using Debian Sarge distribution) After try to join domain, are there created new user and/or machine accounts in /etc/smbpasswd? Do you already have appropriate user account in /etc/passwd ? When I am joining new computer to domain, I first creating user account on Linux on both /etc/passwd and /etc/samba/smbpasswd places (from console). Next log as Administrator to W2K and join domain with Samba root username and root's password from /etc/samba/passwd. This works well for me. From my remote view is seems, that you may try to add add machine script directive and check writability of your Samba system shares (netlogon, homes). I this will not be helpful, do not hesitate to contanct me to send you my whole /etc/smb.conf And I am using WINS servers in my local network, but PDC was working for me before I have them, so they are not mandatory. TP So there are differences (regadless of importancy): [global] panic action = /usr/share/samba/panic-action %d unix charset = iso8859-2 dos charset = CP852 netbios name = cartman passdb backend = smbpasswd guest not using logon script directive logon drive = J: (capital letter) time server = yes remote announce = wins2.jaga.sk remote browse sync = wins2.jaga.sk add user script = I am using -g 50 instead of group name add machine script = usr/sbin/useradd - /dev/null -s /bin/false %m\$ not using username map directive log file = /var/log/samba/log.%m syslog = 0 obey pam restrictions = yes printer admin = I have there comma separated list of priter admin users wins support = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *success* passwd chat debug = true min password lenght = 0 [netlogon] path=/usr/local/samba/netlogon writable = no share mnodes = no guest ok = yes [profiles] path=/home/samba-ntprof writable = yes create mask = 0700 directory mask = 0700 [homes] comment = Home Directories browseable = no writable = yes guest ok = no create mask = 0775 directory mask = 0775 force group = staff #this hide marks UNIX dot files with DOS hidden flag hide dot files = yes #this veto hiddes UNIX dot files, but leaves . as current directory veto files = /.?*/ map archive = no recycle:keeptree = true recycle:touch = true recycle:versions = true recycle:exclude = *.tmp *.temp *.ldb ~$* vfs object = recycle -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cupsaddsmb encounter with good info supplied (Plain text)
But when I issue the command cupsaddsmb -U root -v PDF-Creator I get a NT_STATUS_LOGON_FAILURE There can be a difference, what root password you are using. One root user with own password can exist in /etc/smbpasswd file and another in /etc/passwd as true UNIX root. Its a good security practice to keep those users have different passwords. For cupsaddsmb you must provide /etc/smbpasswd root password. TP -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cupsaddsmb encounter with good info supplied (Plain text)
But when I issue the command cupsaddsmb -U root -v PDF-Creator I No more experiences from my side helpfull for you. Maybe minus in PDF-Creator is parsed as additional flags for cupsaddsmb? What about PDF_Creator? TP -- Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba