[wplug] w2k samba clients
Bill Moran
wmoran at potentialtech.com
Sat Aug 7 23:39:46 EDT 2004
Shawn Henderson <shawn at techcoms.net> wrote:
> I have a samba 3 domain with 5 xp cients. Unfortuantley I have to add 2
> w2k clients. I am doing the same thing to add them as I did with the xp
> clients but I am constantly getting rejected. Sometimes it says Domain
> can not be found and other times it says it doesnt like the password. I
> looked in the logs and only find this
>
> [2004/08/06 17:13:19, 1] smbd/service.c:make_connection(785)
> make_connection: refusing to connect with no session setup
>
> After googleing it I saw something about acl support for w2k sp2 and to
> put the folling line in the smb.conf under the profile share
>
> nt acl support = no
>
> I still cannot connect any help would be appreciated. below is the config.
I've seen some weird things go on with Samba & W2K ... I seem to remember if
you have 2 users with the same UID (which is the default on FreeBSD) it will
fail to auth.
If you look at the code that generates this error, it appears as if Samba
is unable to find a valid user for the login attempt:
http://samba.org/doxygen/appliance-head/service_8c.html#a16
Is there something in the user mapping, or otherwise from the W2K machines
that would cause them to be using a different username than you would
expect? Are you sure the username you're tyring to use to log in is
valid? Have you added W2K machine accounts in Samba? I seem to remember
this being related to machine accounts not existing in Samba, or being
created incorrectly. Note, that from the code, Samba hasn't even looked
at the password yet, it's simply determined that it doesn't have a valid
user name.
I'm going out on a limb a bit, but I have one more suggestion below.
HTH.
> [global]
> workgroup = ALIQUIPPA
> domain logons = yes
> logon path = \\%L\profiles\%U .pds
> logon home = \\%L\%U
> logon drive = m:
> printcap name = /etc/printcap
> load printers = yes
> log file = /var/log/samba/%m.log
> max log size = 50
> security = user
> password server = *
^^^^^^^^^^^^^^^^^^^ This doesn't look right ... you've got your
system set up to auth off of the local passwd/smbpasswd file, but here
you're telling it to look for a domain controller to auth from.
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
> %n\n *passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba/smbusers
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = eth1 tun0
> remote announce = 192.168.2.255 192.168.1.255
> os level = 100
> domain master = yes
> preferred master = yes
> name resolve order = wins lmhosts bcast
> wins support = no
> wins server = 192.168.1.1
> dns proxy = no
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> [public]
> comment = Public Directory
> path = /export/public
> create mode = 0777
> directory mode = 0777
> public = yes
> readonly = no
> writable = yes
> printable = no
>
> [Domain Admins]
> valid users = root,wsl,administrator,dbologna
> path = /export/admins
>
> [profiles]
> comment = User Profiles
> path = /export/profiles
> create mode = 0600
> directory mode = 0700
> nt acl support = no
> writeable = yes
> browseable = yes
> force user = %U
> valid users = %U
>
> [netlogon]
> comment = The domain logon service
> path = /export/netlogon
> writeable = no
> locking = no
>
> [claims]
> comment = Methadone Claims files
> path = /export/claims
> valid users =
> root,wsl,administrator,sshelkons,dbologna,mmclaughlin,towersys
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list