-caretaker-
02.12.01, 19:46
Hi Ihr,
nach ner kleinen Linuxpause (2 Wochen) hab ich mich wieder ans bekannte PDC-Problem geschmissen. Ein wenig weitergekommen bin ich ja auch.
Ich werde in die Domäne zumindest scheinbar aufgenommen.
------------
suse 7.3
samba 2.2.2
------------
Mein Problem ist folgendes:
Wenn ich mich bei Win2000 nach einem Neustart bei der Domäne (hier STOLLIS) anmelden will erscheint folgende Meldung ziemlich sofort:
* Das System kann Sie nicht bei dieser Domäne anmelden, da das Computerkonto des Systems in seiner primären Domäne fehlt, oder das Kennwort für dieses Computerkonto falsch ist *
hmm.... in /etc/passwd ist dieser Win2000-Rechner (nachfolgend "athlon900" genannt) als maschinenkonto drin.
auch samba kennt athlon900 als maschinenkonto: smbpasswd -a -m -n athlon900.
kein kennwort natürlich.
Danach noch aktiviert: smbpasswd -e -m athlon900
-------
Ferner existieren folgende Verzeichnisse:
/home/profiles/athlon900/dennis
die owner=root, group=users
chmod 774 um sicher zu gehen - recursiv ab /home/profiles
Wenn ich jetzt bei W2k zu Benutzerprofile (re. Maustaste auf Arbeitsplatz \ Eigenschaften \ Benutzerprofile)
auf mein profil (dennis) gehe, kann ich das Profil --kopieren nach--
ich geb als Ziel \\server-1\profile ein....
Er machts! Das komplette Profil ist dann da drin.....
Aber dummerweise beim W2k-Login bei Domäne STOLLIS kommt oben erwähnte Fehlermeldung.... warum??
---------------------
Hier die wichtigsten Auszüge aus der smb.conf... (viel spass)
************************************************** ***
# Samba config file created using SWAT
# from athlon900.stollis.de (172.22.0.20)
# Date: 2001/12/02 20:40:44
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/local/samba/lib/codepages
workgroup = STOLLIS
netbios name = SERVER-1
netbios aliases =
netbios scope =
server string = Samba-Server %R - %m, %U
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 4
map to guest = Never
null passwords = Yes
obey pam restrictions = No
password server =
smb passwd file = /usr/local/samba/private/smbpasswd
root directory =
pam password change = Yes
passwd program = /bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = Yes
username map =
password level = 8
username level = 8
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
log level = 5
syslog = 1
syslog only = No
log file = //var/log/sambalog.%m,(%I),%U
max log size = 1000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = Yes
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = Yes
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 1000000
max open files = 10000
read size = 16384
socket options = TCP_NODELAY
stat cache size = 50
use mmap = Yes
strip dot = No
character set =
mangled stack = 100
stat cache = Yes
domain admin group = root,@root,@admin
domain guest group =
machine password timeout = 604800
add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$
delete user script =
logon script = /home/profiles/scripts/%u.cmd
logon path = \\%L\profiles\
logon drive = Y:
logon home = %H
domain logons = Yes
os level = 100
lm announce = True
lm interval = 60
preferred master = True
local master = Yes
domain master = True
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = Yes
wins server =
wins support = Yes
wins hook =
kernel oplocks = Yes
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /usr/local/samba/var/locks
default service = public
message command = csh -c 'xedit %s;rm %s' &
dfree command = df -h
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = Yes
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
comment =
path =
alternate permissions = Yes
username = root,dennis,miriam,eric
guest account = nobody
invalid users = nobody,guest,gast,anonymous
valid users = @users,@ftpvalid,@root,@machines
admin users = dennis,administrator,root
read list = @users,@ftpvalid,@root,@machines
write list = @users,@ftpvalid,@root,@machines
printer admin =
force user =
force group =
read only = Yes
create mask = 0774
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0775
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = Yes
only user = No
hosts allow =
hosts deny = 192.168.1.
status = Yes
nt acl support = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = Yes
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = Yes
map hidden = Yes
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = No
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No
[homes]
comment = Heimatverzeichnis
path = /home/%u
valid users = @users,@ftpvalid,@admin
admin users = dennis,administrator,root
write list = @users,@ftpvalid
read only = No
directory mask = 0750
max connections = 10
browseable = No
[public]
comment = Public %R - %m (%I), %U
path = /hdb1-dtla/public
admin users = dennis,nb3400,administrator
read only = No
directory mask = 0750
max connections = 10
[netlogon]
comment = Netlogon
path = /home/profiles/%m/%u
guest account =
invalid users =
valid users = @machines,@users,@ftpvalid
admin users = dennis,root,administrator
read list = @machines,@users,@ftpvalid
write list = @root,@admin
create mask = 0760
security mask = 0740
directory mask = 0760
guest ok = No
max connections = 4
[profiles]
comment = profiles
path = /home/profiles/%m/%u
username = root,dennis,miriam,eric,administrator
invalid users = nobody,guest,gast,anonymous,@nogroup
valid users = @users,@ftpvalid,@root,@machines
read list = @users,@ftpvalid,@root,@machines
write list = @users,@ftpvalid,@root,@machines
read only = No
create mask = 0744
guest ok = No
nt acl support = No
max connections = 5
browseable = No
**********************************
Es hat nicht zufällig jemand einen Geistesblitz? Du Leander?
Irgendjemand?
Ich dreh mich scheinbar im Kreis hier.....
Danke für Hilfe.
nach ner kleinen Linuxpause (2 Wochen) hab ich mich wieder ans bekannte PDC-Problem geschmissen. Ein wenig weitergekommen bin ich ja auch.
Ich werde in die Domäne zumindest scheinbar aufgenommen.
------------
suse 7.3
samba 2.2.2
------------
Mein Problem ist folgendes:
Wenn ich mich bei Win2000 nach einem Neustart bei der Domäne (hier STOLLIS) anmelden will erscheint folgende Meldung ziemlich sofort:
* Das System kann Sie nicht bei dieser Domäne anmelden, da das Computerkonto des Systems in seiner primären Domäne fehlt, oder das Kennwort für dieses Computerkonto falsch ist *
hmm.... in /etc/passwd ist dieser Win2000-Rechner (nachfolgend "athlon900" genannt) als maschinenkonto drin.
auch samba kennt athlon900 als maschinenkonto: smbpasswd -a -m -n athlon900.
kein kennwort natürlich.
Danach noch aktiviert: smbpasswd -e -m athlon900
-------
Ferner existieren folgende Verzeichnisse:
/home/profiles/athlon900/dennis
die owner=root, group=users
chmod 774 um sicher zu gehen - recursiv ab /home/profiles
Wenn ich jetzt bei W2k zu Benutzerprofile (re. Maustaste auf Arbeitsplatz \ Eigenschaften \ Benutzerprofile)
auf mein profil (dennis) gehe, kann ich das Profil --kopieren nach--
ich geb als Ziel \\server-1\profile ein....
Er machts! Das komplette Profil ist dann da drin.....
Aber dummerweise beim W2k-Login bei Domäne STOLLIS kommt oben erwähnte Fehlermeldung.... warum??
---------------------
Hier die wichtigsten Auszüge aus der smb.conf... (viel spass)
************************************************** ***
# Samba config file created using SWAT
# from athlon900.stollis.de (172.22.0.20)
# Date: 2001/12/02 20:40:44
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/local/samba/lib/codepages
workgroup = STOLLIS
netbios name = SERVER-1
netbios aliases =
netbios scope =
server string = Samba-Server %R - %m, %U
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 4
map to guest = Never
null passwords = Yes
obey pam restrictions = No
password server =
smb passwd file = /usr/local/samba/private/smbpasswd
root directory =
pam password change = Yes
passwd program = /bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = Yes
username map =
password level = 8
username level = 8
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
log level = 5
syslog = 1
syslog only = No
log file = //var/log/sambalog.%m,(%I),%U
max log size = 1000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = Yes
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = Yes
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 1000000
max open files = 10000
read size = 16384
socket options = TCP_NODELAY
stat cache size = 50
use mmap = Yes
strip dot = No
character set =
mangled stack = 100
stat cache = Yes
domain admin group = root,@root,@admin
domain guest group =
machine password timeout = 604800
add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$
delete user script =
logon script = /home/profiles/scripts/%u.cmd
logon path = \\%L\profiles\
logon drive = Y:
logon home = %H
domain logons = Yes
os level = 100
lm announce = True
lm interval = 60
preferred master = True
local master = Yes
domain master = True
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = Yes
wins server =
wins support = Yes
wins hook =
kernel oplocks = Yes
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /usr/local/samba/var/locks
default service = public
message command = csh -c 'xedit %s;rm %s' &
dfree command = df -h
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = Yes
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
comment =
path =
alternate permissions = Yes
username = root,dennis,miriam,eric
guest account = nobody
invalid users = nobody,guest,gast,anonymous
valid users = @users,@ftpvalid,@root,@machines
admin users = dennis,administrator,root
read list = @users,@ftpvalid,@root,@machines
write list = @users,@ftpvalid,@root,@machines
printer admin =
force user =
force group =
read only = Yes
create mask = 0774
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0775
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = Yes
only user = No
hosts allow =
hosts deny = 192.168.1.
status = Yes
nt acl support = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = Yes
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = Yes
map hidden = Yes
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = No
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No
[homes]
comment = Heimatverzeichnis
path = /home/%u
valid users = @users,@ftpvalid,@admin
admin users = dennis,administrator,root
write list = @users,@ftpvalid
read only = No
directory mask = 0750
max connections = 10
browseable = No
[public]
comment = Public %R - %m (%I), %U
path = /hdb1-dtla/public
admin users = dennis,nb3400,administrator
read only = No
directory mask = 0750
max connections = 10
[netlogon]
comment = Netlogon
path = /home/profiles/%m/%u
guest account =
invalid users =
valid users = @machines,@users,@ftpvalid
admin users = dennis,root,administrator
read list = @machines,@users,@ftpvalid
write list = @root,@admin
create mask = 0760
security mask = 0740
directory mask = 0760
guest ok = No
max connections = 4
[profiles]
comment = profiles
path = /home/profiles/%m/%u
username = root,dennis,miriam,eric,administrator
invalid users = nobody,guest,gast,anonymous,@nogroup
valid users = @users,@ftpvalid,@root,@machines
read list = @users,@ftpvalid,@root,@machines
write list = @users,@ftpvalid,@root,@machines
read only = No
create mask = 0744
guest ok = No
nt acl support = No
max connections = 5
browseable = No
**********************************
Es hat nicht zufällig jemand einen Geistesblitz? Du Leander?
Irgendjemand?
Ich dreh mich scheinbar im Kreis hier.....
Danke für Hilfe.