Horrible problem with SAMBA -- Does Karmic work?

[Tom H]

> Thank you for your comments. I assumed that the netlogon had something
> to do with the problem. The form in which it was in the smb.conf file
> was what's worked find for the last 3 years in Samba and which stopped
> working when I upgraded to Karmic (hence the post on ubuntu-users). Did
> Karmic change the default logon path and/or logon home? (I'm not really
> sure what these are anyhow), Also I'm not sure what group maps are.
> Can you advise?
> BTW, I did recreate the user and machine accounts when I reloaded Karmic.

You're welcome.

1) Netlogon share

I was amazed to read that you have had a PDC without a netlogon share
for three years so I checked the samba.org documentation.

***quote***
A domain controller is an SMB/CIFS server that:

* Registers and advertises itself as a domain controller (through
NetBIOS broadcasts as well as by way of name registrations either by
Mailslot Broadcasts over UDP broadcast, to a WINS server over UDP
unicast, or via DNS and Active Directory).

* Provides the NETLOGON service. (This is actually a collection of
services that runs over multiple protocols. These include the LanMan
logon service, the Netlogon service, the Local Security Account
service, and variations of them.)

* Provides a share called NETLOGON."
***endquote***

from
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

and

***quote***
# The netlogon share is required for
# functioning as the primary domain controller.
# Make sure the directory used for the path exists.

[netlogon]
    path = /usr/local/samba/lib/netlogon
    writable = no
    browsable = no
***endquote***
from
http://www.samba.org/samba/docs/using_samba/appa.html

***quote***
NETLOGON Share

The NETLOGON share plays a central role in domain logon and domain
membership support. This share is provided on all Microsoft domain
controllers. It is used to provide logon scripts, to store group
policy files (NTConfig.POL), as well as to locate other common tools
that may be needed for logon processing. This is an essential share on
a domain controller.
***endquote***
from
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

So, if it worked, it worked, but the documentation is clear that the
netlogon share is required unless it is out of date or it is
incomplete/inaccurate and the share is unnecessary if you do not use
logon scripts.


2) Groups maps

***quote***
Samba 3.0.x series releases before 3.0.23 automatically created group
mappings for the essential Windows domain groups Domain Admins, Domain
Users, Domain Guests. Commencing with Samba 3.0.23 these mappings need
to be created by the Samba administrator. Failure to do this may
result in a failure to correctly authenticate and recoognize valid
domain users. When this happens users will not be able to log onto the
Windows client.
Note

Group mappings are essential only if the Samba servers is running as a
PDC/BDC. Stand-alone servers do not require these group mappings.

The following mappings are required:

Domain Group	RID	Example UNIX Group
Domain Admins	512	root
Domain Users	513	users
Domain Guests	514	nobody
***endquote***
from
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html


3) logon path and/or logon home

"logon path" is where your users' roaming profiles are/will be stored.
According to its man pages, Karmic uses the defaults set by the Samba
team.


4) Recreation of accounts

I had hoped to look it up since I last replied to you but I have not
had the time. I think that the SIDs of your boxes will have the
previous domain's SID and you may have to take them out of the domain
and add them back in for them to have the correct SID (another option
is to get the previous domain SID and change the new one to the old
one). The mention f adding of boxes to the domain also reminds me that
you need to add root to samba with a RID of 500.