Samba PDC: domain logons automatically log off

apocow
apocow used Ask the Experts™
on
Hello-

I am running a Samba 2.2.7a PDC on a RH9 server.  After much pain, I finally added two Windows 2000 clients to my domain ("MYDOMAIN"), and they can log on and access files from my Samba server.

So here's the problem: I have a 3rd Windows 2000 client that is able to join the domain using the same Samba/Windows config procedures, and I get the oh so gratifying  "Welcome to the MYDOMAIN domain" message.  After I reboot the computer, when I log on with an admin or any user account,  the authentication succeeds and I see the message in the small gray Windows frame, "loading your personal settings," followed by "applying your personal settings."   Sounds great, right?  But then these are immediately followed by the message, "saving your settings."   And then I am dumped back to the normal login screen.

So in short, I can log in and get authenticated by my Samba PDC, but then I am automatically logged off.  What's up with that?  I don't think that this is a problem with smb.conf file (see below), since the 2 other Win2k clients can log on fine.  Changing the roaming/local profile setttings and WINS settings on the clients didn't help, and neither did getting rid of the logon scripts.  The Samba logs cranked up to level 3 did not have any great insight.   Turning off iptables did not ease the problem either.

Please help if you can.  I feel like I'm so close to having a full Samba domain, but this one computer is driving me nuts.


******smb.conf file ******


[global]

   ;basic server settings
   workgroup = MYDOMAIN
   netbios name = MYSERVER
   server string = myserver
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192

   ;PDC and master browser settings
   os level = 99
   preferred master = yes
   local master = yes
   domain master = yes

   ;security and logging settings
   security = user
   encrypt passwords = yes
   log file = /var/log/samba/log.%m
   log level = 2
   max log size = 100
   hosts allow = 127.0.0.1 xxx.xxx.xxx.

   domain logons = yes

       name resolve order = wins bcast
       max wins ttl = 518400
       min wins ttl = 21600
       wins proxy = No
       wins support = Yes
       dns proxy = no

 ;user profiles and home directory
   logon home = \\%L\%U\
   logon drive = H:
   logon script = netlogon.bat

   kernel oplocks = no
   domain admin group = @admins

# ==== shares ====

[homes]
  comment = Home Directories
  browseable = no
  writeable = yes
  create mask = 0775
  directory mask = 0775

[netlogon]
  comment = Network Logon Service
  path = /home/netlogon
  read only = yes
  browseable = no
  write list =@admins

[home]
      path = /home
      valid users =
      write list =
      read only = No
      create mask = 0775
      directory mask = 0775

**** end smb.conf ****
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
try going into profile setting on the windows machine and set profiles to local

Author

Commented:
Actually, I figured out the problem myself.  The problem was that I was shifting a group of computers from an existing Windows NT domain to the Samba domain.

I don't know if this is true for all Windows NT domain computers, but for reason, the previous admins must have used their DOMAIN admin accounts (rather than the local admin account) to install programs, so the permmissions were set to allow access to users of the previous domain (which no longer existed). More specifically, both the C:\WINNT and C:\Program Files directories had their permissions that did not give read access the users of the local computer (puzzling, I know), but only for users of the previous domain (which now appeared as gibberish...S-133-23422).

So in the end, giving the local users the default "read and execute only" permissions on the Windows 2000 clients for the WINNT and Program Files directories solved my problems entirely.  This makes sense because if a client is a member of a domain, then domain users are supposed to be  have the priveleges of local users.

Anyway, I'm not sure if this is a peculiar situation that previous admins had created or if it is a common problem, but it took me a good 2 weeks to figure out. So I'm answering this question myself so for the benefit of anyone else out there who has this problem.

Commented:
Closed, 250 points refunded.
PashaMod
Community Support Moderator

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial