Horrible problem with SAMBA -- Does Karmic work?
Pete Clapham
pclapham at windstream.net
Wed Nov 25 01:17:15 UTC 2009
Tom H wrote:
>>> I have done a clean install of Karmic on my file server and am tearing my
>>> hair out. I'm almost ready to bolt for Red Hat!
>>> I have tried numerous times to set up SAMBA so that students can log into
>>> the system and access the files they need to access. They can't. The
>>> latest error is that the machine account isn't set up. But I can't find
>>> where the machine account is. When I upgraded from Jaunty (which worked
>>> fine), I got this error and was unable to delete the machine password from
>>> the /etc/samba/smbpasswd file to reload it. Now there isn't an
>>> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
>>> Any ideas? Students can log in directly to the server or via ssh. The
>>> problem is samba, and it appears to be the machine accounts.
>>>
>
>> Thanks to the two who responded to this email. However, this still leaves
>> the question open as to whether I need to establish accounts for both users
>> and workstations; I assume I do. The TDBs seem to record the users
>> correctly, but they do not appear to record the workstations. The way I've
>> been doing this is, first, "useradd -M -N -s /bin/false<machinename$>",
>> then "passwd -l<machinename$>", then "smbpasswd -a -m<machinename>". I
>> get the message that users are added with the final statement (or deleted
>> with smbpasswd -x -m<machinename>), but then I get the message that the
>> workstation accounts aren't established when I try to log in on them. I
>> suspect that the smbpasswd program is trying to write something to
>> somewhere, but it's the tbd files that are actually controlling things. Do
>> I use pdbedit for this, as I do with the users?
>>
> I have only ever used pdbedit for listing users (with -Lw or -Lv) but
> it can be used to create, modify, and delete users and groups just
> like smbpasswd. It can also create and modifies account policies but I
> have not used these functions or even looked into them.
>
> Your useradd-passwd-smbpasswd sequence seems correct (I would have
> added "-g<gid>" or "-g 65534" rather than "-N" to the passwd
> invocation, out of habit rather than out of necessity AFAIK - and I
> assume that the missing $ at the end of the smbpasswd invocation is an
> email typo).
>
> Run
> pdbedit -Lv<hostname>$
> to make sure that you have "W" on the account flags line
> and
> to make sure that you have your domain/workgroup on the domain line
> (and not your server name)
>
> Questions:
>
> 1. How do you know that it is the machine accounts that are failing
> you? Please check your logs (or possibly increase the log level,
> restart samba, try logging on, and check your logs).
>
> 2. How is your smb.conf set up? Which security setting have you
> chosen? Do you have a netlogon section?
>
> 3. Do you really need to have a domain setup with machine accounts
> (since you seem to have just one box)?
>
>
Thanks for your input. I've learned a lot more about the problem in the
last few days, and every time I think I understand what's going on I
find out I don't. Students can log into the server locally and via ssh,
and they can access network resources via "net use @:
\\servername\share". However, they can't log on using samba -- UNLESS
they are working on a workstation on which they were working before I
upgraded the server, and it has their Windows profile. Then, they can
indeed log into the system under their own name, but the system gives
them the error message that it can't find their roming profile and it's
logging them on using their local profile. This is very strange
behavior; it doesn't fall into anything I've ever seen before.
Anyhow, here's the smb.conf file:
# Samba config file created using SWAT
# from UNKNOWN (127.0.0.)
# Date: 2009/11/21 17:16:53
[global]
workgroup = ERSL
server string = Environmental Remote Sensing Laboratory
netbios aliases = earth.sr-02-01.csuohio.edu
interfaces = eth1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
logon drive = X:
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home2/%D/%U
template shell = /bin/bash
admin users = clapham
[homes]
comment = Home Directories
valid users = %S
read only = No
#[netlogon]
#comment = Network Logon Service
#path = /home/samba/netlogon
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root, @ersladmin
[cdrom]
comment = Samba server's CD-ROM
path = /cdrom
guest ok = Yes
locking = No
preexec = /bin/mount /cdrom
postexec = /bin/umount /cdrom
[imaginex]
comment = ERDAS Imagine files
path = /applications/imaginex
[ghost]
comment = GHOST files
path = /applications/ghost
valid users = clapham
[images]
comment = Lewis Images Files
path = /applications/images
[testdata]
comment = Test Data Files
path = /applications/testdata
[testques]
comment = Test Question Files
path = /applications/testques
read only = No
browseable = No
browsable = No
[ESRIex]
comment = ESRI imagery files
path = /applications/ESRIex
[hcdn]
comment = HydroClimatic Data Network
path = /applications/courseware/hcdn
[hcdn92]
comment = HydroClimatic Data Network Files
path = /applications/courseware/hcdn92
[momnpop]
comment = Mom and Pop Model
path = /applications/courseware/momnpop
[gisrs]
comment = GIS and Remote Sensing Support Files
path = /applications/courseware/GIS-RS
[ETProject]
comment = Common project files for ET Project
path = /home1/ETProject
valid users = amundsen, clapham, wells
read only = No
[homes]
comment = Home Directories
valid users = %S
read only = No
Here's the pdbedit -Lv for one workstation. You will notice that there
is a W in the proper place, and the domain is correct
Unix username: columbia$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-1977151345-229110656-292509728-1066
Primary Group SID: S-1-5-21-1977151345-229110656-292509728-513
Full Name:
Home Directory: \\earth\columbia_
HomeDir Drive: X:
Logon Script:
Profile Path: \\earth\columbia_\profile
Domain: ERSL
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Sun, 22 Nov 2009 10:35:41 EST
Password can change: Sun, 22 Nov 2009 10:35:41 EST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Any help you can provide would be very welcome. As for your questions,
I think the first two have been answered. As for the third, I am
actually running 5 servers and about 20 workstations. It really does
make sense, both for the size of the operation and the nature of what
we're doing, to have a PDC.
cheers,
pete
More information about the ubuntu-users
mailing list