Re: Horrible problem with SAMBA -- Does Karmic work?

I have done a clean install of Karmic on my file server and am tearing my
hair out. I'm almost ready to bolt for Red Hat!
I have tried numerous times to set up SAMBA so that students can log into
the system and access the files they need to access. They can't. The
latest error is that the machine account isn't set up. But I can't find
where the machine account is. When I upgraded from Jaunty (which worked
fine), I got this error and was unable to delete the machine password from
the /etc/samba/smbpasswd file to reload it. Now there isn't an
/etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
Any ideas? Students can log in directly to the server or via ssh. The
problem is samba, and it appears to be the machine accounts.

Thanks to the two who responded to this email. However, this still leaves
the question open as to whether I need to establish accounts for both users
and workstations; I assume I do. The TDBs seem to record the users
correctly, but they do not appear to record the workstations. The way I've
been doing this is, first, "useradd -M -N -s /bin/false<machinename$>",
then "passwd -l<machinename$>", then "smbpasswd -a -m<machinename>". I
get the message that users are added with the final statement (or deleted
with smbpasswd -x -m<machinename>), but then I get the message that the
workstation accounts aren't established when I try to log in on them. I
suspect that the smbpasswd program is trying to write something to
somewhere, but it's the tbd files that are actually controlling things. Do
I use pdbedit for this, as I do with the users?

I have only ever used pdbedit for listing users (with -Lw or -Lv) but
it can be used to create, modify, and delete users and groups just
like smbpasswd. It can also create and modifies account policies but I
have not used these functions or even looked into them.

Your useradd-passwd-smbpasswd sequence seems correct (I would have
added "-g<gid>" or "-g 65534" rather than "-N" to the passwd
invocation, out of habit rather than out of necessity AFAIK - and I
assume that the missing $ at the end of the smbpasswd invocation is an
email typo).

Run
pdbedit -Lv<hostname>$
to make sure that you have "W" on the account flags line
and
to make sure that you have your domain/workgroup on the domain line
(and not your server name)

Questions:

1. How do you know that it is the machine accounts that are failing
you? Please check your logs (or possibly increase the log level,
restart samba, try logging on, and check your logs).

2. How is your smb.conf set up? Which security setting have you
chosen? Do you have a netlogon section?

3. Do you really need to have a domain setup with machine accounts
(since you seem to have just one box)?

Thanks for your input. I've learned a lot more about the problem in the
last few days, and every time I think I understand what's going on I
find out I don't. Students can log into the server locally and via ssh,
and they can access network resources via "net use @:
\\servername\share". However, they can't log on using samba -- UNLESS
they are working on a workstation on which they were working before I
upgraded the server, and it has their Windows profile. Then, they can
indeed log into the system under their own name, but the system gives
them the error message that it can't find their roming profile and it's
logging them on using their local profile. This is very strange
behavior; it doesn't fall into anything I've ever seen before.

Anyhow, here's the smb.conf file:

[global]
workgroup = ERSL
server string = Environmental Remote Sensing Laboratory
netbios aliases = earth.sr-02-01.csuohio.edu
interfaces = eth1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
logon drive = X:
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home2/%D/%U
template shell = /bin/bash
admin users = clapham

#[netlogon]
#comment = Network Logon Service
#path = /home/samba/netlogon

Here's the pdbedit -Lv for one workstation.

Unix username: columbia$
Account Flags: [W ]
User SID: S-1-5-21-1977151345-229110656-292509728-1066
Primary Group SID: S-1-5-21-1977151345-229110656-292509728-513
Domain: ERSL

Any help you can provide would be very welcome. As for your questions,
I think the first two have been answered. As for the third, I am
actually running 5 servers and about 20 workstations. It really does
make sense, both for the size of the operation and the nature of what
we're doing, to have a PDC.

No probs. I was only questioning the use of a PDC because you seemed
to have just one server judging from your previous posts. My mistaken
assumption.

"net use @: \\servername\share" means that samba _shares_ are working
for "servername". So your Samba usernames are being authorised fro
servername...

Logging on to a local profile is standard behaviour for a Windows
workstation when it cannot find a DC. (FYI, in Win networks, there is
a time limit to being able to do so - I have forgotten whether it is a
set period - three weeks comes to mind - or a function of password
ageing.)

For a PDC smb.conf, you need your netlogon section to be uncommented
and with the correct path and "logon path" and "logon home" in the
global section.

Also, for a PDC, if you haven't done so, you need to add group maps of
the Domain Administrators and Domain Users Win groups to Linux groups.

Once you make those changes and restart Samba, create a test user, and
try to log on to the domain.

You might want to cross-post at
https://lists.samba.org/mailman/listinfo/samba

One more question: Did you re-create the user and machine accounts?

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: First Grade Basics Needed
    ... name should log me into my workstation account even if the server is down. ... I was planning on keeping the users's local accounts around for a while, ... workstations, push button on server, be sure light is blue, wait five ...
    (microsoft.public.windows.server.sbs)
  • Re: First Grade Basics Needed
    ... You took the server home, ... > http://servername/connectcomputer from all workstations. ... >> can read all the books I have. ... >> log in locally, but does not get me into my domain account, where all my ...
    (microsoft.public.windows.server.sbs)
  • Re: Im Stumped...
    ... I attempt to access the server via the UNC path. ... On 6 workstations I had no problems but 2 of ... involved plus I didnt feel the problem was the account I was using since ... I tried renaming on of the computers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Im Stumped...
    ... I attempt to access the server via the UNC path. ... On 6 workstations I had no problems but 2 of ... involved plus I didnt feel the problem was the account I was using since ... I tried renaming on of the computers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Horrible problem with SAMBA -- Does Karmic work?
    ... I have tried numerous times to set up SAMBA so that students can log into ... so the accounts must be stored elsewhere. ... Students can log in directly to the server or via ssh. ... but they do not appear to record the workstations. ...
    (Ubuntu)