Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
samba pdc - about to throw it out the window!!!!!!
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
FizzyWidget
Veteran
Veteran


Joined: 21 Nov 2008
Posts: 1133
Location: 127.0.0.1

PostPosted: Mon Oct 10, 2011 6:16 pm    Post subject: samba pdc - about to throw it out the window!!!!!! Reply with quote

I have the PDC set up, as Windows 7 is now saying its part of a domain, but for the life of me i cannot get it to make the profiles, on the Windows 7 machine it shows it as using a local profile, the roaming option is greyed out.

/etc/samba/smb.conf

Code:
[global]
netbios name  = Aramaki
workgroup     = PSS9
server string = PDC [on Gentoo :: Samba server %v]
printcap name = cups
printing = cups
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.1.0/24
hosts deny = 0.0.0.0/0
security = user       <-------- also tried it as domain
guest ok = no
invalid users = bin deamon sys man postfix mail ftp
encrypt passwords = yes
local master     = yes
os level         = 65
domain master    = yes
preferred master = yes
null passwords  = no
hide unreadable = yes
hide dot files  = yes
client ntlmv2 auth = yes
wins support = yes
wins proxy = no
lanman auth = yes
ntlm auth = yes
domain logons = yes
logon script  = logon.bat
logon path    = \\%L\profiles\%U\%a
logon drive   = H:
logon home    = \\%L\&U\.9xprofile
wins support       = yes
name resolve order = wins lmhosts host bcast
dns proxy          = no
passdb backend = tdbsam
add user script          = /usr/sbin/useradd -m %u
delete user script       = /usr/sbin/userdel -r %u
add group script         = /usr/sbin/groupadd %g
delete group script      = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script      = /usr/sbin/useradd -d /dev/null -g 'machines' -c 'Machine Account' -s /bin/false '%u'
passwd program           = /usr/bin/passwd %u
passwd chat              = "*New password:*" %n\r "*New password (again):*" %n\r "*Password changed*"

[netlogon]
  path       = /var/lib/samba/netlogon
  guest ok   = no
  read only  = yes
  browseable = no

[profiles]
  path = /var/lib/samba/profiles
  browseable = no
  profile acls = yes
  writeable = yes
  default case = lower
  preserve case = no
  short preserve case = no
  case sensitive = no
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/
  write list = @users @ntadmins
  valid users = "@Domain Admins" "@Domain Users" "@Domain Guests" "@smbusers"
  create mask = 0600
  directory mask = 0700
  csc policy = disable
  nt acl support = yes
  profile acls = yes

[homes]
  path                = /home/%U
  browseable          = no
  valid users         = %S
  read only           = no
  guest ok            = no
  inherit permissions = yes



/var/lib/samba/netlogon/logon.bat

Code:
echo Setting Current Time...
net time \\Aramaki /set /yes

echo Mapping Network Drives to Domain network server...
net use H: /HOME
net use X: \\Aramaki\public
net use Y: \\Aramaki\audio
net use Z: \\Aramaki\video



Only error i can see is in log.major

Code:
[2011/10/10 19:53:41.645547,  0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MAJOR machine account MAJOR$


I have added a user account and machine account with trust to samba and added a machines group, and yet still the /var/lib/samba/profiles directory is empty, i even made a folder with my name in there and chown'd it to dfoo.users - still empty, even Windows 7 is saying it is using a local profile and not a roaming one.

Is there something I have missed? I know Samba cant do active directory till at least v4, but from all I have been reading it should be able to do profiles.

So close to throwing the whole box out the Window
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.
Back to top
View user's profile Send private message
FizzyWidget
Veteran
Veteran


Joined: 21 Nov 2008
Posts: 1133
Location: 127.0.0.1

PostPosted: Tue Oct 11, 2011 7:05 am    Post subject: Reply with quote

come on....someone most know......its either getting this to work or using Windows, which i dont want to do, but if i have too
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.
Back to top
View user's profile Send private message
baaann
Guru
Guru


Joined: 23 Jan 2006
Posts: 552
Location: uk

PostPosted: Tue Oct 11, 2011 9:28 am    Post subject: Reply with quote

I really have no idea, but the following taken from the elog may be relevant?

Quote:
An EXPERIMENTAL implementation of the SMB2 protocol has been added.
SMB2 can be enabled by setting 'max protocol = smb2'. SMB2 is a new
implementation of the SMB protocol used by Windows Vista and higher
Back to top
View user's profile Send private message
FizzyWidget
Veteran
Veteran


Joined: 21 Nov 2008
Posts: 1133
Location: 127.0.0.1

PostPosted: Tue Oct 11, 2011 9:31 am    Post subject: Reply with quote

tried that, after restarting samba I can't connect to the Linux box, says network path not found

edit: after dropping in Samba 3.6.0 - smb2 option is working ok
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.
Back to top
View user's profile Send private message
Jarli
n00b
n00b


Joined: 22 Mar 2012
Posts: 8

PostPosted: Fri Mar 23, 2012 12:32 pm    Post subject: Reply with quote

I know the topic is old, but if it helps.

This is what I have to do for windows 2000, and Windows 7 computers.

***For Windows 2000, and 7 I have to first create the account in pdpldapadmin, with it's computer name and IP, and then delete the record, then I can get the computer to join. Small but a bit irritating.***


Then I have to apply these following registry keys, regardless of the OS, 2000, XP, and 7.

[HKLM\System\CCS\Services\Netlogon\Parameters]
Set “RequireSignOrSeal” to 0
Set “RequireStrongKey” to 1

[HKLM\System\CCS\Services\LanManWorkstation\Parameters]
DNSNameResolutionRequired »=dword:00000000
DomainCompatibilityMode »=dword:00000001

[HKLM\Software\Policies\Microsoft\Windows\System]
SlowLinkDetectEnabled »=dword:00000000
DeleteRoamingCache »=dword:00000001
WaitForNetwork »=dword:00000000
CompatibleRUPSecurity »=dword:00000001

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
EnableLUA »=dword:00000000
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum