[Samba] cached logons - Samba

This is a discussion on [Samba] cached logons - Samba ; Hi. I can't do cached logons in our new samba server. I had a dead crashed W2k server quickly replaced by samba-3. That meant create a new domain, restore backups and add all the PCs to the domain. It was ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [Samba] cached logons

  1. [Samba] cached logons

    Hi. I can't do cached logons in our new samba server.

    I had a dead crashed W2k server quickly replaced by samba-3.
    That meant create a new domain, restore backups and add all the
    PCs to the domain. It was impossible to ressurrect the old MS server.

    Anyway I'm facing a problem about cached logons. There is no way
    to make it work. I've been reading all the entries in the mailing
    list archives and MS information about it unsuccessfully.

    First of all, some people said in the archives that samba can't
    do cached logons, that's later refuted by people who log all
    the summer in a networkless computer. So it looks it should work.

    Is there something required in the samba server to make it work ?
    We have no ldap. Remote profiles were allowed the first day
    but now it is turned off.

    I've checked the registry here. It was 10 now 50. Nothing changed.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

    ValueName: CachedLogonsCount
    Data Type: REG_SZ
    Values: 0 - 50

    The former windows admin said he changed nothing to make it work in
    w2k. It just worked.

    Clients are Windows XP.
    Server is a debian etch, samba-3.0.24-6. An extract from smb.conf:

    [global]
    obey pam restrictions = Yes
    passdb backend = tdbsam
    logon script = \usuari\%U.bat
    logon drive = Z:
    logon home = \\%N\netlogon
    domain logons = Yes
    domain master = Yes
    dns proxy = No
    wins support = Yes

    [netlogon]
    comment = Network Logon Service
    path = /home/samba/netlogon
    write list = @admin
    guest ok = Yes


    Any hint will be really appreciated.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. [Samba] Unable to find a suitable server

    Hello List

    I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box.

    I've succesfully joined a domain, and I've configured mail with auth on W2k3
    server thorugh PAM.
    YET

    If I issue
    mail# /usr/local/www > net rpc testjoin
    Unable to find a suitable server
    Join to domain 'DMSWARE' is not valid

    BUT
    mail# /etc > net rpc testjoin -S orion
    Join to 'DMSWARE' is OK

    AND
    mail# /usr/local/www > net ads testjoin
    Join is OK

    I know that RPC and ADS use two different methods to find the server... But

    RPC shouldn't net rpc first try with files, then DNS, then broadcast ?
    And giving "-S orion" is nothing more than what is already listed in
    smb.conf

    So Why RPC fails ?

    Here are my conf files

    **********************
    mail# /etc > less nsswitch.conf
    passwd: files winbind
    shadow: files winbind
    group: files winbind

    #hosts: db files nisplus nis dns
    #hosts: files dns wins
    hosts: files dns bcast

    # Example - obey only what nisplus tells us...
    #services: nisplus [NOTFOUND=return] files
    #networks: nisplus [NOTFOUND=return] files
    #protocols: nisplus [NOTFOUND=return] files
    #rpc: nisplus [NOTFOUND=return] files
    #ethers: nisplus [NOTFOUND=return] files
    #netmasks: nisplus [NOTFOUND=return] files

    bootparams: nisplus [NOTFOUND=return] files

    ethers: db files
    netmasks: files
    networks: files dns
    protocols: db files
    rpc: files
    services: files

    netgroup: files

    publickey: nisplus

    automount: files
    aliases: files nisplus

    nsswitch.conf (END)

    **********************
    mail# /etc > less smb.conf
    [global]
    workgroup = DMSWARE
    Wins support = yes
    dns proxy = yes
    name resolve order = host wins bcast
    local master = yes
    domain master = no
    preferred master = auto
    enhanced browsing = yes
    #encrypt password = yes # YES = Default
    realm = DMSWARE.it
    server string = mail
    security = ADS
    password server = orion
    passdb backend = tdbsam
    passwd program = /usr/bin/passwd %u
    client use spnego = yes
    server signing = auto
    client signing = auto
    #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
    *Retype\snew\sUNIX\spassword:* %n\n .
    #passwd chat debug = yes
    log file = /var/log/samba/log.%m
    add user script = /usr/sbin/pw useradd %u
    delete user script = /usr/sbin/pw userdel %u
    add group script = /usr/sbin/groupadd %g
    delete group script = /usr/sbin/pw groupdel %g
    preferred master = No
    template homedir = /home/%U
    template shell = /bin/csh
    winbind cache time = 3600
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind nss info = rfc2307

    idmap domains = DMSWARE
    idmap config DMSWARE:range = 10000-49999
    idmap config DMSWARE:base_rid = 0
    idmap config DMSWARE:backend = rid

    **********************
    mail# /etc > less hosts
    127.0.0.1 localhost.DMSWARE.it localhost
    192.168.1.38 MAIL.DMSWARE.it MAIL
    192.168.1.38 MAIL.DMSWARE.it.
    192.168.0.12 orion.dmsware.it
    192.168.0.12 orion
    hosts (END)


    Thanks everybody for any help


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] cached logons

    On Wed, 2007-06-13 at 10:57 +0200, Francesc Guasch wrote:

    > Hi. I can't do cached logons in our new samba server.
    >
    > I had a dead crashed W2k server quickly replaced by samba-3.
    > That meant create a new domain, restore backups and add all the
    > PCs to the domain. It was impossible to ressurrect the old MS server.
    >
    > Anyway I'm facing a problem about cached logons. There is no way
    > to make it work. I've been reading all the entries in the mailing
    > list archives and MS information about it unsuccessfully.
    >
    > First of all, some people said in the archives that samba can't
    > do cached logons, that's later refuted by people who log all
    > the summer in a networkless computer. So it looks it should work.
    >
    > Is there something required in the samba server to make it work ?
    > We have no ldap. Remote profiles were allowed the first day
    > but now it is turned off.


    By remote profiles, you mean roaming? Did you change them to local on
    the client machines, or disable the profiles share (hint: you should
    change them to local on the clients).

    I have several sites with Samba PDCs that have laptop/ mobile users who
    use their cached credentials regularly to most of the time, and it
    simply works. I haven't had to change a thing on the samba side for it
    to work. They even use offline files and such with great regularity,
    and that works just fine as well.

    Is there anything in your Samba logs, or in the eventlog on the affected
    systems that is relevant?
    Regards,

    Rubin


    Rubin Bennett
    RB Technologies
    http://thatitguy.com
    rbennett@thatitguy.com
    (802)223-4448
    "They that can give up essential liberty to obtain a little temporary
    security deserve neither liberty nor safety" --Benjamin Franklin,
    Historical Review of Pennsylvania, 1759
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] cached logons

    En/na Rubin Bennett ha escrit:

    Hi Rubin, thank you for your answer.

    > On Wed, 2007-06-13 at 10:57 +0200, Francesc Guasch wrote:
    >> Hi. I can't do cached logons in our new samba server.

    >
    > I have several sites with Samba PDCs that have laptop/ mobile users who
    > use their cached credentials regularly to most of the time, and it
    > simply works. I haven't had to change a thing on the samba side for it


    That's what puzzled me. Finally I found this :

    >http://www.nabble.com/Offline-logon-...-t3696504.html


    Typing pdbedit -LV username I see the Domain is not the current
    domain but the hostname. That only happens to some of the users.
    I don't know why.

    I changed it so domain is the real domain name and it works.

    pdbedit --domain=newdomainnamehere username

    eureka !
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread