Bug 7539

Summary: NT ownership/perms problem using SMB server
Product: [Retired] Red Hat Linux Reporter: zbeckman
Component: sambaAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 6.1CC: abartlet, henris
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-05-07 19:11:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description zbeckman 1999-12-03 14:40:24 UTC 
We just installed RH 6.1 on our file server (from scratch, not na
upgrade). We configured it to continue providing domain controller
services (via SMB) to our network of '95 and 'NT machines. We were able to
preserve our existing smb.conf file, with only a couple of minor updates.

After the initial configuration problems (e.g. each 'NT machine "forgot"
that it was in the domain and had to be re-added), most services work
fine. We are able to share files, authenticate/login from the 'NT
machines, etc.

HOWEVER, there is one horrible problem that we have been unable to solve.
There seems to be a problem with user permissions or group membership;
it's not clear which. The symptom is that every time a user logs in, the
'NT machine creates a _new account_ for the user, as if they had never
logged in before. FURTHERMORE, once logged in, the user is unable to make
any changes to the local machine settings; it seems that any preference
changes result in an access denial of some kind. For instance, trying to
change desktop preferences doesn't work; trying to change system settings
(such as keyboard or date) results in an access denial message. This poses
a serious problem, since user's are unable to save any information about
themselves.

I have tried, as an experiment, download the head branch of SAMBA. This
never (alpha 2.1) version seems to behave much the same way, although
there are some additional services available (e.g. under 2.1 a user can
actually browse the group membership lists, etc.; while under the version
that comes with RH 6.1 such browsing is not supported). Both versions
demonstrate the "lack of access rights" problem described above.

I'm hoping this is a configuration error--perhaps some new settings that
we need to implement since the upgrade. If anyone can help, please do!
Otherwise, I hope it gets filed as a priority bug...

Sincerely,
Zacharias J. Beckman
zbeckman
Comment 1 Bill Nottingham 1999-12-06 17:18:59 UTC 
Are you using encrypted passwords?

------- Email Received From  "Zacharias J. Beckman" <zbeckman> 12/06/99 12:35 -------
Comment 2 Bill Nottingham 1999-12-08 23:21:59 UTC 
Hmm... while we're still looking at this, you may want
to try the samba-2.0.6 packages from Raw Hide. Looking
at the changelog, however, there doesn't seem to be anything
in particular that would relate to this.
Comment 3 Andrew Bartlett 2000-11-19 21:59:39 UTC 
A few comments on the original question:

The NT Machines only know they are a member of the domain by the servers
/etc/MACHINE.SID file, the upgrade probably changed this.

Regarding PDC support try Samba 2.0.7, and read the documents at
http://bioserve.biochem.latrobe.edu.au/samba/ or look at
http://www.samab-tng.org for Samba TNG, an attempt to get full PDC support for
samba.  Finally the original Samba team are attempting to get better PDC support
too, see http://www.samba.org for details.
Comment 4 Henri Schlereth 2001-01-21 13:49:10 UTC 
Does this problem still exist? Has any resolution been found?
Comment 5 Trond Eivind Glomsrxd 2001-06-18 15:42:11 UTC 
No feedback, so I assume it's fixed. Reopen with more information if it isn't.