Horrible problem with SAMBA -- continued

Thu Dec 10 23:15:59 UTC 2009

> Thanks for your help. I've been reading up on the references you provided
> and have made some major changes. BTW, as for the Netlogon share, obviously
> I did have a netlogon share when the system worked; I commented it out to
> see if it would work (it didn't), but I thought that was where the problem
> might be.

> [global]
> workgroup = ERSL
> netbios aliases = earth.sr-02-01.csuohio.edu
> server string = Environmental Remote Sensing Laboratory
> interfaces = eth1
> passdb backend = tdbsam
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/groupmod -A %u %g
> delete user from group script = /usr/sbin/groupmod -R %u %g
> add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
> /bin/false -M %u
> logon drive = X:
> logon path = \\%L\profiles\%u\%m
> time server = Yes
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> local master = Yes
> wins support = Yes
> os level = 255
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template homedir = /home2/%D/%U
> template shell = /bin/bash
> #domain admin group = root clapham
> security = user
> encrypt passwords = Yes
> host msdfs = Yes
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browsable = No
> map archive = Yes
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> browseable = No
> writable = No
> [profiles]
> comment = place to store Windows roaming profiles
> path = /var/lib/samba/profiles
> writable = Yes
> create mask = 0600
> directory mask = 0700
> profile acls = Yes
> browsable = No

> There are two problems:

> 1. When I do certain commands, (e.g. net rpc group members . . .) I get the
> message, " WARNING: no network interfaces found
> WARNING: no network interfaces found" This may mean that I don't have a
> "bind interfaces only" command in the smb.conf, but I can interact with the
> server for share purposes using samba, and I can easily get out from the
> server to other places, so it would seem that the interfaces are correctly
> described by eth1, and it works.

> 2. Probably more important, I don't think that the machines are setting up
> the trust relationships correctly. I actually tried to use some command
> (don't remember which) from which I was told explicitly that the trust
> relationship has been broken. I've tried to do it manually in the past, but
> the "on the fly" approach would appear to be preferable. The documentation
> in the "HowTo-Collection" is rather vague on how to do this. I've added an
> add-machine script to the smb.conf. However, I'm not sure how to request
> that the system access it. Should this be a "net use . . ." from the
> windows workstation? An attempt to log onto the domain? It's not at all
> clear what this actually means!

You're welcome. I am glad that you had a netlogon section; as I said
in my last email, I was surprised.

1.a I have not come across this error and I just googled it without
getting anything useful in the first page... :(

1.b "bind interfaces only = no" is the default so you need "bind
interfaces only = yes" for "interfaces=" to work.

1.c I have forgotten why I do it, but I always add "127.0.0.1" to the
"interfaces=" stanza. Since you theoretically have "bind interfaces
only = no" by default, this should not be the cause of your problem
but...

2.a "net rpc..." is a Linux command so you cannot run its declinations
on a Windows box. If you want to add a machine account through your
smb.conf scripts, you have to run "net rpc join -I smbserveripaddress
-U root%rootpassword".

2.b On a Linux box, you can test with "net rpc testjoin" whether it
has a machine account in your domain.

2.c "net use..." is a Windows command to map an smb share. I don't
think that you can add a computer with "net" on a Windows box, unless
you are doing so on a PDC ("net computer...") .