samba & domenove prihlasovani

David Sauer davids na jelly.cz
Čtvrtek Červen 21 09:21:34 CEST 2001 

Zdravim konferenci,

  mam nasledujici situaci v siti:

sit 192.168.0/24
nekolik klientu win95, nekolik win98 a 2x NT server a 1 suse linux 7.1.
2 domeny: DOMENA a DOMENA2
(DOMENA2 jsem zalozil po dobu testovani, nez linux prevezme domenu
DOMENA)

soucasny stav: klienti se prihlasuji do domeny DOMENA pres NT server.
nicmene pocet uzivatelu roste a dosahne 50 - 100 a licecni politika MS
nepreje tomuto rustu.
Master pro DOMENA je jeden z tech NT serveru.
Master pro DOMENA2 je ten linux.

plan: umoznit logovani do DOMENA2 (ale domena muze byt ve vysledku
klidne i jen jedna)
 na ten linux, tak aby ty NT servery
nebylo treba rozsirovat, nicmene tam zustanou (ale uz nebudou slouzit
pro login do domeny)

Problem:
Samba 2.2.0 umoznujici spolupraci s NT ma zatim nejake problemy se
zamykanim souboru a to tak velke, ze ji nelze pouzit, nicmene logovani
do domeny DOMENA2 bezi (uzivatele vyplni jmeno, heslo a DOMENA2 a
zaloguje se).

Proto jsem downgradoval na sambu 2.0.9, ktera zamyka svele, ale zase
neumozni zalogovani do domeny DOMENA2 (jako by vubec nedostala pozadavek
od klienta). Klient vyhodi po nejake minute nasledujici chybu:

"Zadane heslo pro domenu neni spravne, nebo je pristup k prihlasovacimu
serveru zakazany."

konfigurace: (tahle je pro 2.0.9, ale pro 2.2.0 je stejna)

# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2001/06/20 15:07:38

# Global parameters
[global]
	coding system = iso8859-2
	client code page = 852
	workgroup = DOMENA2
	netbios name = LINUX
	interfaces = lo eth0 127.0.0.1 192.168.0.100
	encrypt passwords = Yes
	update encrypted = Yes
	map to guest = Bad User
	passwd program = /usr/bin/passwd
	unix password sync = Yes
	debug level = 0
	syslog = 0
	log file = /var/log/smb/smb.log
	name resolve order = lmhosts wins bcast
	deadtime = 10
	keepalive = 180
	logon script = login.bat
	logon path = 
	logon home = 
	domain logons = Yes
	os level = 39
	lm announce = True
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	lock directory = /var/samba/locks/
	create mask = 0664
	force create mode = 0664
	directory mask = 0775
	force directory mode = 0775
	hosts allow = 192.168. 127.

[homes]
	comment = Home Directories
	writeable = Yes
	create mask = 0750
	browseable = No

[netlogon]
	path = /var/samba/shares/netlogon/

[hplj1200]
	comment = printer
	path = /var/samba/printers/printer/
	writeable = Yes
	create mask = 0700
	printable = Yes
	printer = printer

[Abra1]
	path = /var/samba/shares/abra1/
	writeable = Yes

[cdrom]
	path = /cdrom
	root preexec = /bin/mount /cdrom
	root postexec = /bin/umount /cdrom
	volume = CDROM


pokud nekoho neco napada ....

-- 
* David Sauer, linux programmer and system administrator.

Další informace o konferenci Linux