SAMBA Problmes
Matt G. Ellis
mge@internetsyndicate.com
Tue, 6 Feb 2001 20:09:40 -0700
Hello All.
I'm having a problem setting SAMBA up to be used for domain logons within a
Windows 98 Network.
The NetBIOS name of the SAMBA server is SERVER, and the WORKGROUP is named
FOOTHILL. I have set SAMBA up to authenticate domain logons and have
confugured it as a WINS Server. All Clients are sending cleartext
passwords, and are set to use the SAMBA machine as a WINS server (the ip of
the SAMBA Machine is 10.1.1.1, the rest of the machines are 10.1.1.X,
netmask is configured as 255.255.255.0)
When the domain is specified as FOOTHILL on a Windows 98 Client, connections
work flawlessly, the user is authenticated, and loged on to the system.
Since I want to require this to happen, I have used the Windows 98 Policy
Editor to Require authorization from a Domain server, hitting cancel at the
logon box produces an error to the effect of: You must log on to the system.
However, users have found a way to bypass this requirment. If they change
the domain from FOOTHILL to anything else (for example: FAKE) and then
attempt a logon, the process takes considerbly longer (I *think* windows is
trying to map the name FAKE to an IP Address, and then fails) and then the
default Windows Logon Box comes up (just a username and password), from this
box a user can hit cancel and have access to the system.
What I'm trying to do is to require a user to be authenticaed by the Domain
Logon process, and have windows ERROR if a user changes the DOMAIN to a
non-existant one.
Below are my smb.conf, log.smb, log.nmb, and wins.dat files. To cut out the
clutter of the log.smb and log.nmb files I stoped samba, removed both log
files, the restarted samba. I then loged on once to the correct domain
(FOOTHILL), loged out, then tried to log on to a fake domain (FAKE), then
loged out, then back on to the real domain (FOOTHILL). The only thing I saw
that may be of some help is these lines in log.nmb:
[2001/02/06 14:30:02, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
process_logon_packet: Logon from 10.1.1.12: code = 0
[2001/02/06 14:30:09, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
process_logon_packet: Logon from 10.1.1.12: code = 7
[2001/02/06 14:33:12, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
process_logon_packet: Logon from 10.1.1.12: code = 0
It is my theory that whenever we generate a code 7, it is from a Domain that
doesn't exist, and code 0 is from one that does. I may be wrong.
Any help is appreciated.
Thanks All.
---log.smb---
[2001/02/06 14:27:24, 1] smbd/server.c:main(628)
smbd version 2.0.5a started.
Copyright Andrew Tridgell 1992-1998
[2001/02/06 14:27:24, 1] smbd/files.c:file_init(216)
file_init: Information only: requested 10000 open files, 1014 are
available.
---log.nmb---
[2001/02/06 14:27:25, 1] nmbd/nmbd.c:main(684)
Netbios nameserver version 2.0.5a started.
Copyright Andrew Tridgell 1994-1998
[2001/02/06 14:27:25, 0] nmbd/asyncdns.c:start_async_dns(150)
started asyncdns process 711
[2001/02/06 14:27:25, 0] nmbd/nmbd_logonnames.c:add_logon_names(159)
add_domain_logon_names:
Attempting to become logon server for workgroup FOOTHILL on subnet
10.1.1.1
[2001/02/06 14:27:25, 0] nmbd/nmbd_logonnames.c:add_logon_names(159)
add_domain_logon_names:
Attempting to become logon server for workgroup FOOTHILL on subnet
UNICAST_SUBNET
[2001/02/06 14:27:25, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(342)
become_domain_master_browser_wins:
Attempting to become domain master browser on workgroup FOOTHILL, subnet
UNICAST_SUBNET.
[2001/02/06 14:27:25, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(357)
become_domain_master_browser_wins: querying WINS server at IP 10.1.1.1 for
domain master browser name FOOTHILL<1b> on workgroup FOOTHILL
[2001/02/06 14:27:25, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(118)
become_logon_server_success: Samba is now a logon server for workgroup
FOOTHILL on subnet UNICAST_SUBNET
[2001/02/06 14:27:25, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118)
*****
Samba server SERVER is now a domain master browser for workgroup FOOTHILL
on subnet UNICAST_SUBNET
*****
[2001/02/06 14:27:25, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup FOOTHILL on subnet
10.1.1.1
[2001/02/06 14:27:25, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308)
become_domain_master_browser_bcast: querying subnet 10.1.1.1 for domain
master browser on workgroup FOOTHILL
[2001/02/06 14:27:29, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(118)
become_logon_server_success: Samba is now a logon server for workgroup
FOOTHILL on subnet 10.1.1.1
[2001/02/06 14:27:33, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118)
*****
Samba server SERVER is now a domain master browser for workgroup FOOTHILL
on subnet 10.1.1.1
*****
[2001/02/06 14:30:02, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
process_logon_packet: Logon from 10.1.1.12: code = 0
[2001/02/06 14:30:09, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
process_logon_packet: Logon from 10.1.1.12: code = 7
[2001/02/06 14:33:12, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
process_logon_packet: Logon from 10.1.1.12: code = 0
---smb.conf---
# Samba config file created using SWAT
# from 12.foothills.com (10.1.1.12)
# Date: 2001/02/06 14:27:11
# Global parameters
[global]
workgroup = FOOTHILL
netbios name = SERVER
server string = Samba Server
interfaces = 10.1.1.1/24
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins lmhosts host
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = logon.bat
domain logons = Yes
local master = No
domain master = Yes
dns proxy = No
wins support = Yes
remote announce = 10.1.1.255
remote browse sync = 10.1.1.255
[home]
comment = Home Directories
path = /home/%U
read only = No
[def]
comment = Default Share
path = /home/default
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
browseable = No
share modes = No
[printers]
comment = All Printers
path = /var/spool/samba
print ok = Yes
browseable = No
---wins.dat---
VERSION 1 180813
"12#00" 982013333 10.1.1.12 4R
"12#03" 982013331 10.1.1.12 4R
"ADMIN#03" 982013592 10.1.1.12 4R
"FOOTHILL#00" 982013333 255.255.255.255 c4R
"FOOTHILL#1b" 982013245 10.1.1.1 44R
"FOOTHILL#1c" 982013245 10.1.1.1 c4R
"FOOTHILL#1e" 982013245 255.255.255.255 c4R
"SERVER#00" 982013245 10.1.1.1 46R
"SERVER#03" 982013245 10.1.1.1 46R
"SERVER#20" 982013245 10.1.1.1 46R