NT2000 & XP clients will not logon to samba

NT2000 & XP clients will not logon to samba

Post by Rob MacGrego » Tue, 17 Jun 2003 05:28:03



[ Please, learn about cutting out irrelevant previous postings ]


> OK, can you stopped the massive nervous feeling I am getting....

> Can the one server box called dorisday have win9x and NT clients logging
> onto it?

Yes, that's exactly the setup I've got here at home.

Ok, your setup needs to look something like this (all whitespace and
comments removed):

[global]
    workgroup = THINGY
    security = user
    encrypt passwords = yes
    username map = /etc/samba/smbusers
    local master = yes
    os level = 64
    domain master = yes
    preferred master = yes
    domain logons = yes
    domain admin group = root
    logon path = \\%N\Profiles\%U
    logon drive = H:
    logon home = \\%N\%u
    logon script = logon.cmd
    wins support = yes
    wins proxy = yes
    dns proxy = no

Followed by all your shares.  The above is what I use for 98/ME/2K/XP.

--
   Rob MacGregor (MCSE)        Oh my God! They killed init! You bastards!
       The light at the end of the tunnel is an oncoming dragon.

        Real email address is at Hotmail.  Put _ between my names.

 
 
 

NT2000 & XP clients will not logon to samba

Post by Mark Worsdal » Fri, 27 Jun 2003 04:52:40




>[ Please, learn about cutting out irrelevant previous postings ]


>>  OK, can you stopped the massive nervous feeling I am getting....
>>  Can the one server box called dorisday have win9x and NT clients
>>logging  onto it?

>Yes, that's exactly the setup I've got here at home.

>Ok, your setup needs to look something like this (all whitespace and
>comments removed):

>[global]
>   workgroup = THINGY
>   security = user
>   encrypt passwords = yes
>   username map = /etc/samba/smbusers
>   local master = yes
>   os level = 64
>   domain master = yes
>   preferred master = yes
>   domain logons = yes
>   domain admin group = root
>   logon path = \\%N\Profiles\%U
>   logon drive = H:
>   logon home = \\%N\%u
>   logon script = logon.cmd
>   wins support = yes
>   wins proxy = yes
>   dns proxy = no

>Followed by all your shares.  The above is what I use for 98/ME/2K/XP.

After some major problems with network and server lib problems I am
finally back to this problem.

Good news is I am running samba 2.2.8a on FreeBSD 4.8 and all is well
and somewhat faster I might add.

Now I know b4 turning on encrypted passwords I need to get the passwords
thing sorted/converted etc. No problem here as well as put the win9x
clients registry setting back to encrypted.

My main question is:

Currently the win9x clients when starting up have the logon screen where
one types in username and password, the DOMAIN box has HINWICK in it as
that is set on the client win9x boxs under MS Networking section of
network setup.

If I change in the smb.conf file the folwoing line from:

   workgroup = HINWICK

to:

   workgroup = HINHALL

Will the win9x clients still connect to the current samba server or will
they state cannot find domain since they have domain set to be HINWICK?

HINHALL is to be the name of our domain and HINWICK is to be the name of
the workgroup.

So what I am saying is I cannot see where the domain name is set in the
smb.conf file.

Next worry is that can I tell the smb.conf file to have:

logon script = logon.bat rather than logon.cmd?

M.
--
Mark Worsdall
https://www.paypal.com/refer/pal=LS79YHQ9VUGLJ

 
 
 

NT2000 & XP clients will not logon to samba

Post by Rob MacGrego » Sat, 28 Jun 2003 02:37:03



> So what I am saying is I cannot see where the domain name is set in the
> smb.conf file.

If you've set SAMBA up to work with domains then the workgroup setting
sets the domain name.

--
   Rob MacGregor (BOFH)        Oh my God! They killed init! You bastards!
       The light at the end of the tunnel is an oncoming dragon.

 
 
 

NT2000 & XP clients will not logon to samba

Post by Mark Worsdal » Sat, 28 Jun 2003 03:13:07





>> So what I am saying is I cannot see where the domain name is set in the
>> smb.conf file.

>If you've set SAMBA up to work with domains then the workgroup setting
>sets the domain name.

This is just a nightmare.... and I have to do this on a live working box
where all the win9x clients are DOMAIN logging on fine at the moment.

I just have no idea really what to do all the explanations are just
getting more and more confusing... sorry Rob:-)

Look my win9x clients during boot up have 3 boxes to fill in:

Username
Password
Domain

Domain is already pre-filled in with the word HINWICK

But samba is not configured as a PDC yet, but they are logging on fine
because smb.conf:workgroup = HINWICK and smb.conf:security = user

If I change smb.conf:workgroup = HINWICK to smb.conf:workgroup = HINDOM
does that not mean the win9x clients will no longer logon because they
have HINWICK in the domain box?

Why could they just have had smb.conf:domain = HINDOM so workgroup
stayed the same setting?

Anyway back to trying to get this to all happen, assuming I have
machines accounts automatically being created and assuming smbpasswd
file is setup correctly I am still confused about the DOMAIN WORKGROUP
thing.

If you answer yes to this it will be ok: Did MS make a mistake by
putting the word DOMAIN on the logon screen for win9x clients, should it
have been WORKGROUP?

Also I have not the resource for another box to be setup just to test
this, it has to be done without the win9x clients needing reconfiguring
(apart from the encrypt password setting), there must be no disruption
to them logging on, I just need to get the other MS OS's to start
logging on.

Here is my current smb.conf, if someone can post back an alteration to
allow XP/w2k/NT machines to logon I would be grateful.

[global]
   netbios name = DORISDAY
   workgroup = HINWICK
   server string = Samba Server V%v ON %h

   hosts allow = 10. 127.
   socket options = TCP_NODELAY
   interfaces = 10.1.129.250/16
   bind interfaces only = yes

   load printers = yes
   printcap name = /etc/printcap
   printing = bsd

   log file = /usr/local/logs/samba/log.%m
   debug level = 0
   max log size = 500

   guest account = guest
   admin users = netman
   domain admin group = root

   security = user
   encrypt passwords = yes

   browse list = Yes
   domain master = Yes
   local master = Yes
   preferred master = Yes
   os level = 64

   logon script = scripts\%U.bat
   logon path = "\\%L\Profiles\%U"
   logon drive = U:
   logon home = "\\%L\Profiles\%U"

   wins support = Yes
   domain logons = Yes
   dns proxy = No

   username level = 5
   password level = 5

   preserve case = yes
   short preserve case = yes
   client code page=850
   oplocks = false

M.
--
Mark Worsdall

 
 
 

NT2000 & XP clients will not logon to samba

Post by Walter Mautne » Sun, 29 Jun 2003 05:07:42


.....

Quote:> This is just a nightmare.... and I have to do this on a live working box
> where all the win9x clients are DOMAIN logging on fine at the moment.

> I just have no idea really what to do all the explanations are just
> getting more and more confusing... sorry Rob:-)

> Look my win9x clients during boot up have 3 boxes to fill in:

> Username
> Password
> Domain

> Domain is already pre-filled in with the word HINWICK

> But samba is not configured as a PDC yet, but they are logging on fine
> because smb.conf:workgroup = HINWICK and smb.conf:security = user

> If I change smb.conf:workgroup = HINWICK to smb.conf:workgroup = HINDOM
> does that not mean the win9x clients will no longer logon because they
> have HINWICK in the domain box?

> Why could they just have had smb.conf:domain = HINDOM so workgroup
> stayed the same setting?

The workgroup and domain setup with win9x is really a nightmare. You have
(somewhere in control panel - network) the option to make your winbox a
member of a workgroup by typing its name in. Also, at another place I just
don't remember yet, there is an option to set network identification by ms
windows client. And, again somewhere else, after opening a tab, you can
click a checkbox for nt domain authentication and also enter a domain
name. And hell breaks loose if this name is different to the previously
entered workgroup ...

Quote:> Anyway back to trying to get this to all happen, assuming I have
> machines accounts automatically being created and assuming smbpasswd
> file is setup correctly I am still confused about the DOMAIN WORKGROUP
> thing.

Win9x doesn't benefit from machine accounts, because it can't really
authenticate (challenge/response) against a domain controller. However, it
can forward auth requests to the DC and you can fine-tune local network
shares with regard to domain user names (not yet groups, unfortunately).

--
WinXXP error#4711: NGSCB VIOLATION: Microsoft optical mouse detected penguin
patterns on mousepad. Background partition scan in progress to remove offending
incompatible products. Reactivate/recertify all MS products, 3 days grace.
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html