From andoon at lisp.com.au Wed Sep 1 03:57:23 1999 From: andoon at lisp.com.au (Andrew Chung) Date: Tue Dec 2 02:27:01 2003 Subject: NT Server / Linux Message-ID: <3.0.6.32.19990901135723.007e4100@panda.intranet> Hi! I'm not sure if Samba can do what I need for password synchronisation, but I'll give it a go - could anybody please give me any ideas? I have an NT Server that has about 900 accounts and also a redhat linux server with 80 accounts. The linux server is the mail server and also proxy server with authentication. Is there any way we can use samba to get linux to verify the password from the NT server, ie make our linux server read passwords from a PDC Basically, the passwords should go into /etc/shadow, as qpopper uses it, and squid's authentication package reads off /etc/shadow in the format of username:password Regards Andrew Chung --- Andrew Chung andoon@lisp.com.au Phone: (0409) 485 687 SMS: +61409485687 Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 From lnb at cybertouch.org Wed Sep 1 04:06:28 1999 From: lnb at cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:27:01 2003 Subject: NT Server / Linux In-Reply-To: <3.0.6.32.19990901135723.007e4100@panda.intranet> Message-ID: Hi Andrew, I am not 100% certain of the answer but, if you are running 2.0.5a for example, did you look in (it's where I have it) /usr/local/samba-2.0.5a/docs/textdocs? You might want to look at some of the docs in there. Do you have swat up and running? I have got a lot of info which worked for my small Samba/NT/FreeBSD domain. Regards, Lanny On 01-Sep-99 Andrew Chung wrote: > Hi! > > I'm not sure if Samba can do what I need for password synchronisation, > but I'll give it a go - could anybody please give me any ideas? > > I have an NT Server that has about 900 accounts > and also a redhat linux server with 80 accounts. The linux server is > the mail server and also proxy server with authentication. > > Is there any way we can use samba to get linux to verify the password > from the NT server, ie make our linux server read passwords from > a PDC > > Basically, the passwords should go into /etc/shadow, as qpopper > uses it, and squid's authentication package reads off /etc/shadow > in the format of username:password > > Regards > Andrew Chung > > > --- > Andrew Chung andoon@lisp.com.au > Phone: (0409) 485 687 SMS: +61409485687 > Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 > Lanny Baron ---------------------------------- Lanny Baron 01-Sep-99, 00:06:28 Your true value depends entirely on what you are compared with. FreeBSD+Samba=A total solution for file servers and a ton more... Freedom Network Solutions http://freedomnetworks.com ---------------------------------- From D.Bannon at latrobe.edu.au Wed Sep 1 05:01:48 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:01 2003 Subject: NT Server / Linux In-Reply-To: <3.0.6.32.19990901135723.007e4100@panda.intranet> Message-ID: <3.0.6.32.19990901150148.00897c90@bioserve.latrobe.edu.au> At 01:58 PM 01/09/1999 +1000, Andrew Chung wrote: > >Is there any way we can use samba to get linux to verify the password >from the NT server, ie make our linux server read passwords from >a PDC > If you make the linux box part of the NT's domain, samba will refer its passwd queries to the NT. However if you want qpopper to get its passwd info from the NT its a different thing. But maybe easy ! (I say 'maybe' because it may not suit the rest of your system) 1. Instead of using qpopper run imapd on the linux box. (Thats easy, it supports pop as well.) 2. Add pam_smb to your linux authentication stack. (thats the touchy bit, depends on your linux system). 3. Get rid of all the passwds in /etc/passwd or /etc/shadow (except maybe your own !) and allow pam_smb to authenticate the pop users from the NT PDC. You will still need accounts on the linux box for mail users but all passwds are on the PDC. I have a system along those lines here and it works perfectly. Although I do only have 150 or so users doing it that way. Ask if you want more details. David >Basically, the passwords should go into /etc/shadow, as qpopper >uses it, and squid's authentication package reads off /etc/shadow >in the format of username:password > >Regards >Andrew Chung > > >--- >Andrew Chung andoon@lisp.com.au >Phone: (0409) 485 687 SMS: +61409485687 >Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From andoon at lisp.com.au Wed Sep 1 05:39:32 1999 From: andoon at lisp.com.au (Andrew Chung) Date: Tue Dec 2 02:27:01 2003 Subject: Two Passwords? Message-ID: <3.0.6.32.19990901153932.007d6b50@panda.intranet> Hi All! First of all, thank you to those who have given me suggestions regarding linux / nt password synchronisation I have another idea - if you can change your UNIX password through samba then the password can be changed via windows. When I change a password on a domain I log on to, is there a way to make it change the password on another domain (perhaps the linux box with samba) at the same time (changing two passwords at a time)? Hope so! Andrew --- Andrew Chung andoon@lisp.com.au Phone: (0409) 485 687 SMS: +61409485687 Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 From hartog at ihug.co.nz Wed Sep 1 05:27:21 1999 From: hartog at ihug.co.nz (hartog) Date: Tue Dec 2 02:27:01 2003 Subject: Cannot Allocate pty for password change: References: <19990831192201.C7D4C26E5B@i3.golden.dom> Message-ID: <002501bef43a$abb997a0$b77711ce@default> ---- Original Message ----- From: Giulio Orsero > 2.0.5a (compiled myself) on rh60. [SNIP] > I can change smbpasswd from Win9x if "unix password sync" is disabled. > If password sync is enabled it doesn't work; [SNIP] There is a known timing problem when using passwd sync on *some* REDHAT 'flavoured' Linux systems. There is a line you can add to smbpasswd.c to fix this before compiling [I'd add it here, but I'm not at work to check it, and at my age I don't trust my memory] else you check out an alternative utility to do the Password changing (again, my memory fails me, but check the archives). Cheers! Hendrik From Blaise.Lab at cpln.ch Wed Sep 1 05:58:00 1999 From: Blaise.Lab at cpln.ch (Lab Blaise) Date: Tue Dec 2 02:27:01 2003 Subject: No subject Message-ID: Is it possible to use nt-useraccount to connect on a linux-server (samba) ? Is it possible to give rights / permissions on samba-shares with an nt workstation to nt-users, and if it's possible, since which version of samba ? Thank you for your answers and advices.... Blaise Lab blaise.lab@cpln.ch From sam at campbellsci.co.uk Wed Sep 1 08:22:11 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:27:01 2003 Subject: Cannot Allocate pty for password change: In-Reply-To: <002501bef43a$abb997a0$b77711ce@default> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > hartog > Sent: Wednesday, September 01, 1999 06:46 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Cannot Allocate pty for password change: > > There is a known timing problem when using passwd sync on *some* REDHAT > 'flavoured' Linux systems. There is a line you can add to > smbpasswd.c to fix > this > before compiling [I'd add it here, but I'm not at work to check it, and at > my age I > don't trust my memory] PLEASE check this, and send me the code if you have it!! I need it for other purposes. > else you check out an alternative utility to do the > Password > changing (again, my memory fails me, but check the archives). Its chpasswd You can do: echo username:password | chpasswd for plaintext and: echo username:password | chpasswd -e if the password is already encrypted. But you have to be root (as you are for samba). I need the other code to allow pop3 users without samba access to change password, so PLEASE, hartog! Sam From giulioo at tiscalinet.it Wed Sep 1 09:14:24 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:01 2003 Subject: Cannot Allocate pty for password change: In-Reply-To: <002501bef43a$abb997a0$b77711ce@default> References: <19990831192201.C7D4C26E5B@i3.golden.dom> <002501bef43a$abb997a0$b77711ce@default> Message-ID: <19990901091519.A081626E5B@i3.golden.dom> On Wed, 1 Sep 1999 15:46:39 +1000, hai scritto: >There is a known timing problem when using passwd sync on *some* REDHAT >'flavoured' Linux systems. There is a line you can add to smbpasswd.c to fix >this >before compiling [I'd add it here, but I'm not at work to check it, and at Thanks for the response. I made some tests. The problem is not a timing issue. The problem is that I have UNIX pty compiled in the kernel, but disabled runtime. I compiled samba on such a system, and now samba wants me to enable pty (if I enable the pty's the password sync works as expected). I'll write to samba-bugs because I think samba should check runtime if pty are available or not. This is the mail to samba-bugs: ********** I have UNIX ptys compiled in the kernel; but I disabled them "runtime": commented out in fstab the pts filesystem and renamed /dev/ptmx to /dev/ptmx- I compiled samba my self on this system. UNIX PASSWORD SYNC works only if I re-enable the pty by uncommenting pts filesystem in fstab and moving back /dev/ptmx- to /dev/ptmx: === [1999/09/01 10:57:16, 3] smbd/chgpasswd.c:chgpasswd(394) Password change for user: go [1999/09/01 10:57:16, 3] smbd/chgpasswd.c:chat_with_program(369) Dochild for user go (uid=0,gid=0) [1999/09/01 10:57:18, 3] smbd/chgpasswd.c:chat_with_program(381) Password change successful for user go [1999/09/01 10:57:18, 3] smbd/process.c:timeout_processing(828) end of file from client === With pty disabled (but enabled in the kernel): === [1999/09/01 11:03:57, 3] smbd/chgpasswd.c:chgpasswd(394) Password change for user: go [1999/09/01 11:03:57, 3] smbd/chgpasswd.c:chat_with_program(295) Cannot Allocate pty for password change: go [1999/09/01 11:03:57, 3] smbd/process.c:timeout_processing(828) end of file from client === I think samba should check runtime if ptys are available or not. ********** -- giulioo@tiscalinet.it From khassan at aster.com.pk Wed Sep 1 09:46:13 1999 From: khassan at aster.com.pk (Khurram Farhan Hassan) Date: Tue Dec 2 02:27:01 2003 Subject: Can't access Samba network over ppp dialup Message-ID: <002301bef45e$d5230da0$6d0680cb@faisalkhurram> Hi, I have a Samba + NT network (consisting of NT & Linux servers and Win 95/98 clients) running in our main office with an NT PDC (and domain level security), and it works okay. Now I want to link up our branch office LAN to our main LAN thru dialup PPP links. The users on the branch office LAN are authenticated by a radius server (running on one of our Linux servers). This part is working okay also. The problem is that if none of our branch office workers (they use Win95/98) can see any of our NT/Samba servers when they dial into the main office LAN. They can use the proxy servers and web servers on the main office LAN without any problems, so there seems to be no problem with the basic connectivity. Please note that unlike the main office LAN, the branch office has no domain (it is a peer to peer network) and its workgroup name is different from that of the main office. Given this setup, how can my branch office users access the main office network samba shares? Whenever a user tries to connect to one of the Linux boxes, I get the following error in log.smb (debug level 2): [1999/09/01 13:21:52, 0] smbd/password.c:domain_client_validate(1369) domain_client_validate: unable to validate password for user xyz in domain BRANCH to Domain controller MAIN_PDC. Error was NT_STATUS_NO_SUCH_USER I have verified that the user xyz does exist in the domain and I can log in by this name. All help would be appreciated. Khurram, khassan@aster.com.pk From w.nintzel at berlin.de Wed Sep 1 15:15:57 1999 From: w.nintzel at berlin.de (Werner Nintzel) Date: Tue Dec 2 02:27:01 2003 Subject: NT ws looses privileges In-Reply-To: <37CC033C.2FA00730@cpeurope.com> Message-ID: <000001bef48c$e41b0f50$da0aa8c0@pc-rednt.rol-berlin.de> Hello Try the following: - add a new group to /etc/group e.g. ntadm and insert adminuser - add the parameter "domain admin group = @ntadm" to smb.conf - reconnect and voila cu werner Primus-Online Berlin-Brandenburg GmbH & Co. KG debis Haus am Potsdamer Platz 10875 Berlin email: w.nintzel@berlin.de > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Oscar Sanchez > Sent: Dienstag, 31. August 1999 19:31 > To: Multiple recipients of list SAMBA-NTDOM > Subject: NT ws looses privileges > > > Hi > I am sure the answer is documented, but I could get the solution trying > several "settings" and different > versions on samba. > > I have created a domain with samba 2.0.3-8 over Linux Redahat 6.0. > W95/98 and NT servers works fine, but a NT WS after joining the domain > has loose all the privileges from the local/domain users with admin > provileges. So no way to reach admin privileges in this local machine. > When I set up a administrator in the domain using > admin users = username in the smb.conf this username can modify > everything in the shares, but I can't reach admin privileges on the > local machines. > Any idea on how to setup a Domain Administrator so I can reach > provileges again? > > Any hint will be really welcome. > > Thanks for any help. > > > -- > Oscar Sanchez Hernan > > Computer People > Poudrieres 135 > CH - 2006 Neuchatel > Tel: +41 32 732 1000 > Fax: +41 32 731 4463 > > oscar.sanchez@cpeurope.com > www.cpeurope.com > > > From kellermg at potsdam.edu Wed Sep 1 15:47:43 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:01 2003 Subject: UID's too large?? Message-ID: <37CD4A9F.85AC2A54@potsdam.edu> I'm running RH Linux 6.0 and Samba 2.0.5a - My userids were pretty high (290000) and although Linux didn't mind, and Netatalk+asun didn't mind, samba refused connections saying: Couldn't set effective uid to 262969. Currently set to (real=0,eff=0). Error was Invalid argument. Followed by: Could be your OS doesn't like high uid values - try using a different account Followed by: Can't become connected user! The result on the users side (Win9x clients) was a dialog box asking for a password to the requested service. Any thoughts? I wrote a script to move around UID's on the fly when Samba users connect- It takes them an extra second initialy, but it works as a stop gap solution. Any ideas? -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From weejock at ferret.lmh.ox.ac.uk Wed Sep 1 15:55:23 1999 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:27:01 2003 Subject: UID's too large?? In-Reply-To: <37CD4A9F.85AC2A54@potsdam.edu> Message-ID: On Thu, 2 Sep 1999, Matthew Keller wrote: > I'm running RH Linux 6.0 and Samba 2.0.5a - My userids were pretty > high (290000) and although Linux didn't mind, and Netatalk+asun didn't > mind, samba refused connections saying: Well that's a bug then. While userspace uid_t in glibc is 32-bit (at least on Intel), the kernel only knows about 16-bit userids. That netatalk/&c don't complain is indication of them being buggy, and not checking return values. You'll probably find that they're running as root or as (uid % 65536), neither of which is exactly a good idea. Advice: fix your /etc/passwd file. There are 32-bit uid patches for the kernel and glibc, but I wouldn't advise using them is you can avoid it. Matthew. From Jerome.Lefeuvre at iu-vannes.fr Wed Sep 1 16:17:29 1999 From: Jerome.Lefeuvre at iu-vannes.fr (Lefeuvre =?iso-8859-1?Q?J=E9r=F4me?=) Date: Tue Dec 2 02:27:01 2003 Subject: share smbpasswd Message-ID: <37CD5199.BB7D1358@iu-vannes.fr> Greetings: I want to know if it is possible to share via NFS one samba password data base (smbpasswd) between two different domains, can anyone help me. -------------- next part -------------- A non-text attachment was scrubbed... Name: lefeuvre.vcf Type: text/x-vcard Size: 295 bytes Desc: Carte pour Lefeuvre Jérôme Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990901/1d04592a/lefeuvre.vcf From giulioo at tiscalinet.it Wed Sep 1 16:33:44 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:01 2003 Subject: Can't access Samba network over ppp dialup In-Reply-To: <002301bef45e$d5230da0$6d0680cb@faisalkhurram> References: <002301bef45e$d5230da0$6d0680cb@faisalkhurram> Message-ID: <19990901163440.E3A5D26E5B@i3.golden.dom> On Wed, 1 Sep 1999 19:48:32 +1000, hai scritto: >The problem is that if none of our branch office workers (they use Win95/98) >can see any of our NT/Samba servers when they dial into the main office LAN. >They can use the proxy servers and web servers on the main office LAN >without any problems, so there seems to be no problem with the basic >connectivity. Please note that unlike the main office LAN, the branch office >has no domain (it is a peer to peer network) and its workgroup name is >different from that of the main office. Given this setup, how can my branch >office users access the main office network samba shares? If the workgroups are different they will never see the main office pc's in network neighborhood. What they can do is to "find computer" and/or see the other pc's going in network neighborhood/"all the network" (translated form Italian) and see the other workgroup. You may need to set up a WINS server which will make a list of the pc's of the 2 workgroups, or set up an lmhosts file. >[1999/09/01 13:21:52, 0] smbd/password.c:domain_client_validate(1369) > domain_client_validate: unable to validate password for user xyz in domain >BRANCH to Domain controller MAIN_PDC. Error was NT_STATUS_NO_SUCH_USER > >I have verified that the user xyz does exist in the domain and I can log in >by this name. >All help would be appreciated. I think that when a user logins is name is in the form WORKGROUP\USERNAME so you test with <1stWORKGROUP>\USERNAME and it's ok, but they login with <2ndWORKGORUP>\USERNAME and fail. -- giulioo@tiscalinet.it From thomas.heiligenmann at t-online.de Wed Sep 1 16:41:33 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:01 2003 Subject: NT ws looses privileges References: <37CC033C.2FA00730@cpeurope.com> Message-ID: <37CD573D.3BF2F4@heiligenmann.de> AFAIK Domain Admins have no local admin privileges on a local NT wks by default. Login on your NT workstation as _local_ admin user and add the Domain Admins to the local Administrators group using the local User Manager. I think this should do the trick. Cheers, Thomas Oscar Sanchez wrote: > Hi > I am sure the answer is documented, but I could get the solution trying > several "settings" and different > versions on samba. > > I have created a domain with samba 2.0.3-8 over Linux Redahat 6.0. > W95/98 and NT servers works fine, but a NT WS after joining the domain > has loose all the privileges from the local/domain users with admin > provileges. So no way to reach admin privileges in this local machine. > When I set up a administrator in the domain using > admin users = username in the smb.conf this username can modify > everything in the shares, but I can't reach admin privileges on the > local machines. > Any idea on how to setup a Domain Administrator so I can reach > provileges again? > > Any hint will be really welcome. > > Thanks for any help. > > -- > Oscar Sanchez Hernan > > Computer People > Poudrieres 135 > CH - 2006 Neuchatel > Tel: +41 32 732 1000 > Fax: +41 32 731 4463 > > oscar.sanchez@cpeurope.com > www.cpeurope.com From oswell at xcert.com Wed Sep 1 17:55:54 1999 From: oswell at xcert.com (Mike Oswell) Date: Tue Dec 2 02:27:01 2003 Subject: NT Server / Linux In-Reply-To: <3.0.6.32.19990901135723.007e4100@panda.intranet> Message-ID: Do you want all services on the Linux box to authenticate against the PDC? If so, then I seem to remember seeing a PAM module on the samba ftp site a while back which allowed you to authenticate logons to a Linux box against your PDC. You may want to dig around for that, though I honestly don't remember what it was called anymore. ----- Michael Oswell Xcert International Inc. On Wed, 1 Sep 1999, Andrew Chung wrote: > Hi! > > I'm not sure if Samba can do what I need for password synchronisation, > but I'll give it a go - could anybody please give me any ideas? > > I have an NT Server that has about 900 accounts > and also a redhat linux server with 80 accounts. The linux server is > the mail server and also proxy server with authentication. > > Is there any way we can use samba to get linux to verify the password > from the NT server, ie make our linux server read passwords from > a PDC > > Basically, the passwords should go into /etc/shadow, as qpopper > uses it, and squid's authentication package reads off /etc/shadow > in the format of username:password > > Regards > Andrew Chung > > > --- > Andrew Chung andoon@lisp.com.au > Phone: (0409) 485 687 SMS: +61409485687 > Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 > From arthur.dent at gmx.de Wed Sep 1 18:22:41 1999 From: arthur.dent at gmx.de (Stefan Baumjohann) Date: Tue Dec 2 02:27:01 2003 Subject: (no subject) Message-ID: <37CD6EF1.1340C9B7@gmx.de> subscribe end -- Linux is like a wigwam: No Windows, no Gates, Apache inside... From oh at geology.ohio-state.edu Wed Sep 1 22:29:33 1999 From: oh at geology.ohio-state.edu (Frank Oh) Date: Tue Dec 2 02:27:01 2003 Subject: Netbios alias problem Message-ID: <19990901182959Z12863339-445+2630@samba.anu.edu.au> I'll trying to separate some group shares in two with netbios alias parameter. Currently main samba server (netbios name: kenshin) is running as PDC and there aren't any problem login from Win9x clients. I added the following lines to smb.conf: netbios aliases = pclab include = /usr/local/samba/lib/%L.conf and I created pclab.conf on /usr/local/samba/lib/ directory. pclab.conf simply looks like this: [labsoft] comment = PC Lab software (Labstaff only) path = /home/export/smb/labsoftware writeable = yes valid users = %S locking = yes create mode = 0770 directory mode = 0770 force group = labstaff Problem that i have is I cannot browse the pclab computer from Network Neighborhood. I don't have problem browsing the main samba server (kenshin). When I click pclab computer I get a dialog box ---------------------------------------------------------------------------- ------ |"Enter Network Password" | |You must supply a password to make this connection: | | | |Resource: \\PCLAB\IPC$ | |Password: | ---------------------------------------------------------------------------- ------ I am assuming that it doesn't send correct username or something. >From the server, I could login by running smbclient command: 'smbclient //pclab/labsoft -U oh Any idea? _______________________________________________________ / Frank Y. Oh (Lab Manager) oh@geology.ohio-state.edu \ \ ________ Geological Sciences -- The Ohio State University _____/ From cartegw at Eng.Auburn.EDU Wed Sep 1 18:46:48 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:01 2003 Subject: Netbios alias problem References: <19990901182959Z12863339-445+2630@samba.anu.edu.au> Message-ID: <37CD7498.136792D4@eng.auburn.edu> Frank Oh wrote: > > [labsoft] > comment = PC Lab software (Labstaff only) > path = /home/export/smb/labsoftware > writeable = yes > valid users = %S ^^^^^^^^^^^^^^^^ So the only user who is allowed to connect has the username of 'labsoft'. Is this what you intended? > locking = yes > create mode = 0770 > directory mode = 0770 > force group = labstaff > 'smbclient //pclab/labsoft -U oh Are you sure this worked? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From oh at geology.ohio-state.edu Wed Sep 1 23:38:49 1999 From: oh at geology.ohio-state.edu (Frank Oh) Date: Tue Dec 2 02:27:01 2003 Subject: Netbios alias problem In-Reply-To: <37CD7498.136792D4@eng.auburn.edu> References: <19990901182959Z12863339-445+2630@samba.anu.edu.au> Message-ID: <19990901193937Z12863970-447+2802@samba.anu.edu.au> At 01:46 PM 9/1/99 -0500, you wrote: >Frank Oh wrote: >> >> [labsoft] >> comment = PC Lab software (Labstaff only) >> path = /home/export/smb/labsoftware >> writeable = yes >> valid users = %S > ^^^^^^^^^^^^^^^^ > >So the only user who is allowed to connect has the >username of 'labsoft'. Is this what you intended? ONLY USER WHO IS ALLOWED TO CONNECT IS "OH" USER OR ANYONE WHO BELONGS TO LABSTAFF GROUP. > >> locking = yes >> create mode = 0770 >> directory mode = 0770 >> force group = labstaff > >> 'smbclient //pclab/labsoft -U oh > >Are you sure this worked? YES IT'S WORKED. > > >Cheers, >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From kellermg at potsdam.edu Wed Sep 1 20:11:13 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:01 2003 Subject: UID's too large?? References: Message-ID: <37CD8861.C1190709@potsdam.edu> Matthew Kirkwood wrote: > > On Thu, 2 Sep 1999, Matthew Keller wrote: > > > I'm running RH Linux 6.0 and Samba 2.0.5a - My userids were pretty > > high (290000) and although Linux didn't mind, and Netatalk+asun didn't > > mind, samba refused connections saying: > > Well that's a bug then. While userspace uid_t in glibc is 32-bit (at > least on Intel), the kernel only knows about 16-bit userids. > > That netatalk/&c don't complain is indication of them being buggy, and > not checking return values. You'll probably find that they're running > as root or as (uid % 65536), neither of which is exactly a good idea. > > Advice: fix your /etc/passwd file. There are 32-bit uid patches for the > kernel and glibc, but I wouldn't advise using them is you can avoid it. No, netatalk is correctly mapping the ID's, and so is FTP (the users don't have shell access, so I'm not sure about telnet). I haven't extensively exhausted this yet, as the system went online Monday, and my stop-gap method works. *shrug* I'll post additional findings here at a later date. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From weejock at ferret.lmh.ox.ac.uk Wed Sep 1 20:28:55 1999 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:27:01 2003 Subject: UID's too large?? In-Reply-To: <37CD8861.C1190709@potsdam.edu> Message-ID: On Wed, 1 Sep 1999, Matthew Keller wrote: > No, netatalk is correctly mapping the ID's, and so is FTP (the users > don't have shell access, so I'm not sure about telnet). I haven't > extensively exhausted this yet, as the system went online Monday, and my > stop-gap method works. *shrug* I'll post additional findings here at a > later date. On a pretty plain RH6 box (though I am running a 2.3 kernel): arse:x:120000:100:tmp:/:/bin/bash # su - arse su: cannot set user id: Invalid argument # touch arse # ls -ln arse -rw-r--r-- 1 0 0 0 Sep 1 21:25 arse # chown arse arse # ls -ln arse -rw-r--r-- 1 54464 0 0 Sep 1 21:25 arse It's possible that netatalk is managing to set the uids to some wrapped number, or just that it's ignoring the return value of the syscall. Either way, it's a bug, and one with potential security effects. Matthew. From hendrik at pasadena.school.nz Wed Sep 1 21:11:35 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:27:01 2003 Subject: Cannot Allocate pty for password change Message-ID: On Wed 01 Sep, Giulio Orsero wrote: > >There is a known timing problem when using passwd sync on *some* REDHAT > >'flavoured' Linux systems. There is a line you can add to smbpasswd.c to fix > >this >before compiling [I'd add it here, but I'm not at work to check it, and at > > Thanks for the response. > I made some tests. > The problem is not a timing issue. > The problem is ...[SNIP] OK, luckily I qualified my response by specifying 'some' RedHat 'systems':-) Actually, on reflection, your symptoms didn't quite point to the timing issue. Seeing ;Redhat' and 'PW Change prob' in the same sentence ..made me jump to that reply too quickly. Beats me as to why its only 'some'? For Samuel.. here are the details of the 'fix' that worked for us. Before compiling, make the following [tiny] adjustment to the 'smbpasswd.c' file in the 'source/smb/' directory. NOTE: The very small addition listed (courtesy of Doug Rintol) is for the 2.0.5a version - and may well differ for any other version. Edit the file smbd/chgpasswd.c and add the following statement at line 270: msleep(100); The code should then look as follows: if (!ok) { DEBUG(3,("response %d incorrect\n",count)); return(False); } msleep(100); if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break; pwd_sub(chatbuf); Cheers! Hendrik -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ hendrik@pasadena.school.nz <> http://www.pasadena.school.nz From oh at geology.ohio-state.edu Thu Sep 2 03:15:54 1999 From: oh at geology.ohio-state.edu (Frank Oh) Date: Tue Dec 2 02:27:01 2003 Subject: Netbios alias problem In-Reply-To: <37CD86D1.7605E995@eng.auburn.edu> References: <19990901182959Z12863339-445+2630@samba.anu.edu.au> <19990901193937Z12863970-447+2802@samba.anu.edu.au> Message-ID: <19990901231620Z12868655-449+3086@samba.anu.edu.au> At 03:04 PM 9/1/99 -0500, you wrote: >Frank Oh wrote: >> >> At 01:46 PM 9/1/99 -0500, you wrote: >> >Frank Oh wrote: >> >> >> >> [labsoft] >> >> comment = PC Lab software (Labstaff only) >> >> path = /home/export/smb/labsoftware >> >> writeable = yes >> >> valid users = %S >> > ^^^^^^^^^^^^^^^^ >> > >> >So the only user who is allowed to connect has the >> >username of 'labsoft'. Is this what you intended? >> >> ONLY USER WHO IS ALLOWED TO CONNECT IS "OH" USER OR >> ANYONE WHO BELONGS TO LABSTAFF GROUP. > >Frank, > >I'm gonning to give you the benefit of the doubt and >assume that you caps lock key was on. I would >appreciate you not typing in all caps. Sorry > >The %S macro expands to the name of the current service. >In this case, that is 'labsoft'. Could you explain why >'valid users = labsoft' allows only those users in the >@labstaff group to connect? Sorry if I'm being dense >here. It is a mistake. It should be "valid users = @labstaff" (I want only labstaff group could access pclab computer) Even I changed it, same problem. I can't access pclab. > >Also what do the debug logs, say around level 10, say >on a failed connection? > I couldn't find any about failed connection or any like that. Even I look at I don't quite understand it well. Would like to take look at it? > >> >> 'smbclient //pclab/labsoft -U oh >> > >> >Are you sure this worked? >> >> YES IT'S WORKED. > >I'll take your word on it. > >One thing I noticed after reading your original post wa > >> Currently main samba server (netbios name: kenshin) is >> running as PDC and there aren't any problem login from >> Win9x clients. I added the following >> lines to smb.conf: >> >> netbios aliases = pclab >> include = /usr/local/samba/lib/%L.conf >> >> and I created pclab.conf on /usr/local/samba/lib/ directory. >> >> pclab.conf simply looks like this: > >If you include the file in the [global] section, it may >cause some subtle errors as any parameters which follow >the included file eill be considered to be part of the >service just defined. smbd should log these errors >in the debug file, although I cannot verify this at >the moment. Yeah, when I run 'testparm': Load smb config files from /etc/smb.conf Can't find include file /usr/local/samba/lib/.conf Processing section "[ml356]" Processing section "[homes]" Processing section "[netlogon]" Processing section "[software]" Processing section "[staffgrp]" Processing section "[labgrp]" Loaded services file OK. Press enter to see a dump of your service definitions > > > > >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From aaron at compedge.co.nz Wed Sep 1 23:30:56 1999 From: aaron at compedge.co.nz (Aaron Knauf) Date: Tue Dec 2 02:27:02 2003 Subject: NT Server / Linux References: Message-ID: <37CDB730.ED740B2E@compedge.co.nz> Mike Oswell wrote: > Do you want all services on the Linux box to authenticate against the PDC? > > If so, then I seem to remember seeing a PAM module on the samba ftp site a > while back which allowed you to authenticate logons to a Linux box against > your PDC. You may want to dig around for that, though I honestly don't > remember what it was called anymore. > > ----- > Michael Oswell > Xcert International Inc. > > On Wed, 1 Sep 1999, Andrew Chung wrote: > > > Hi! > > > > I'm not sure if Samba can do what I need for password synchronisation, > > but I'll give it a go - could anybody please give me any ideas? > > > > I have an NT Server that has about 900 accounts > > and also a redhat linux server with 80 accounts. The linux server is > > the mail server and also proxy server with authentication. > > > > Is there any way we can use samba to get linux to verify the password > > from the NT server, ie make our linux server read passwords from > > a PDC > > > > Basically, the passwords should go into /etc/shadow, as qpopper > > uses it, and squid's authentication package reads off /etc/shadow > > in the format of username:password > > > > Regards > > Andrew Chung > > > > > > --- > > Andrew Chung andoon@lisp.com.au > > Phone: (0409) 485 687 SMS: +61409485687 > > Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 > > It's called pam_smb. It still requires that you create a linux user-account on the linux box. The passwords are checked with the PDC. ADK From oh at geology.ohio-state.edu Thu Sep 2 04:11:14 1999 From: oh at geology.ohio-state.edu (Frank Oh) Date: Tue Dec 2 02:27:02 2003 Subject: Netbios alias problem In-Reply-To: <37CDB771.F537DA64@eng.auburn.edu> References: <19990901182959Z12863339-445+2630@samba.anu.edu.au> <19990901193937Z12863970-447+2802@samba.anu.edu.au> <199909012316.SAA28859@Eng.Auburn.EDU> Message-ID: <19990902001144Z12863931-447+3033@samba.anu.edu.au> At 06:32 PM 9/1/99 -0500, you wrote: >Frank Oh wrote: >> >> Sorry > >No biggie. > >> It is a mistake. It should be "valid users = @labstaff" >> (I want only labstaff group could access pclab computer) >> Even I changed it, same problem. I can't access pclab. > >OK. Now we're making progress. > >> Would like to take look at it? > >Sure. gzip the logs before you send through. If you don't mind. I attached smbfile.tar.gz >> Yeah, when I run 'testparm': >> Load smb config files from /etc/smb.conf >> Can't find include file /usr/local/samba/lib/.conf > >This is because the %L variable doesn't have a value >at this point. Wopuld you mind sending you complete >smb.conf file and the included one? > > > > > > >Thanks, >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > -------------- next part -------------- A non-text attachment was scrubbed... Name: smbfile.tar.gz Type: application/octet-stream Size: 25558 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990902/2de5986d/smbfile.tar.obj From GLeblanc at cu-portland.edu Thu Sep 2 02:57:08 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:02 2003 Subject: NT Server / Linux Message-ID: Ugh, is there any way arround that? That would be REALLY ugly, even if we could script user creation. Thanks, Greg > -----Original Message----- > From: Aaron Knauf [mailto:aaron@compedge.co.nz] > Sent: Wednesday, September 01, 1999 4:33 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: NT Server / Linux > > [snip] > > It's called pam_smb. It still requires that you create a > linux user-account > on the linux box. The passwords are checked with the PDC. > > ADK > From D.Bannon at latrobe.edu.au Thu Sep 2 03:12:55 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:02 2003 Subject: NT Server / Linux In-Reply-To: Message-ID: <3.0.6.32.19990902131255.00896ae0@bioserve.latrobe.edu.au> At 12:59 PM 02/09/1999 +1000, Gregory Leblanc wrote: >Ugh, is there any way arround that? That would be REALLY ugly, even if we >could script user creation. Thanks, Around what ? If you mean having accounts on the machine for every user who will get his/her email from there, no, how can there be ? If I am following this thread it was about having email users authenticated from elsewhere. If the machine is to accept email for a user it has to believe that user exists on the machine. Its fairly neat really. I have a central machine that is the PDC, scripts run on that (under cron) that ensure that there are accounts with the same name on the other servers. Its quite secure because the 'other servers' don't need any password info. >> It's called pam_smb. It still requires that you create a >> linux user-account >> on the linux box. The passwords are checked with the PDC. >> >> ADK >> > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Zanett2D at wcc.govt.nz Thu Sep 2 05:06:29 1999 From: Zanett2D at wcc.govt.nz (David Zanetti) Date: Tue Dec 2 02:27:02 2003 Subject: security = server and valid users Message-ID: <6B451193F2DBD11182880000F8663101051E87D4@hadrianus.wcc.govt.nz> Quite possibly this is not quite the right samba list to ask this on, if so, please suggest the correct list. I ran into an issue (I dare not call it a bug!) when I was asked to set up some shares that had a specific valid user list. Although samba goes off and queries the password server, and even correctly authenticates the user, the user must still have a local unix account. That's fine, I can understand that. But part of the share included a force user = x, so that the local unix user account being used after authentication was a common user. My assumption (which is clearly wrong! :) ) would be that I could use force user = x to override the need for a local unix account - all the operations would be done by the forced user, and all the authentication is being done with the remote NT server. Does this make any sense? Is it supposed to _always_ require a local user even when being forced and no local authorisation is taking place? (This is all with Samba 2.0.4b, Solaris 2.5.1) Ex: security = server password server = mynt ... [myshare] ... valid users = user1, user2 force user = nobody -- David Zanetti, Unix System Administrator and Postmaster Wellington City Council, New Zealand. Phone +64-4-801-3354 From andoon at lisp.com.au Thu Sep 2 06:54:12 1999 From: andoon at lisp.com.au (Andrew Chung) Date: Tue Dec 2 02:27:02 2003 Subject: NT Server / Linux In-Reply-To: References: <3.0.6.32.19990901135723.007e4100@panda.intranet> Message-ID: <3.0.6.32.19990902165412.007d8900@panda.intranet> Hi Mike Thanks for your reply I am really looking for something that will give me the whole list, so I can have it in the username:passwd format for the /etc/shadow file Cheers Andrew At 10:55 1/09/99 -0700, Mike Oswell wrote: > >Do you want all services on the Linux box to authenticate against the PDC? > >If so, then I seem to remember seeing a PAM module on the samba ftp site a >while back which allowed you to authenticate logons to a Linux box against >your PDC. You may want to dig around for that, though I honestly don't >remember what it was called anymore. > >----- >Michael Oswell >Xcert International Inc. > >On Wed, 1 Sep 1999, Andrew Chung wrote: > >> Hi! >> >> I'm not sure if Samba can do what I need for password synchronisation, >> but I'll give it a go - could anybody please give me any ideas? >> >> I have an NT Server that has about 900 accounts >> and also a redhat linux server with 80 accounts. The linux server is >> the mail server and also proxy server with authentication. >> >> Is there any way we can use samba to get linux to verify the password >> from the NT server, ie make our linux server read passwords from >> a PDC >> >> Basically, the passwords should go into /etc/shadow, as qpopper >> uses it, and squid's authentication package reads off /etc/shadow >> in the format of username:password >> >> Regards >> Andrew Chung >> >> >> --- >> Andrew Chung andoon@lisp.com.au >> Phone: (0409) 485 687 SMS: +61409485687 >> Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 >> > > --- Andrew Chung andoon@lisp.com.au Phone: (0409) 485 687 SMS: +61409485687 Aus Fax: (02) 9657 2149 US Fax: 209-796-8390 From Gerard.Leymarie at sita.int Thu Sep 2 10:03:53 1999 From: Gerard.Leymarie at sita.int (=?iso-8859-1?Q? G=E9rard_Leymarie ?=) Date: Tue Dec 2 02:27:02 2003 Subject: security=domain Message-ID: <412567E0.00373969.00@paris3.par.sita.int> Hi Daniel, When you set this option, your samba server try to contact an NT server to validate user account Daniel Jung on 09/01/99 07:41:05 PM Please respond to Daniel.Jung@megabit.net To: Multiple recipients of list SAMBA-NTDOM Message-ID: Definitely not if you use: guest ok=yes force user=guest Greg On 02-Sep-99 David Zanetti wrote: > Quite possibly this is not quite the right samba list to ask this on, if > so, please suggest the correct list. > > I ran into an issue (I dare not call it a bug!) when I was asked to set > up some shares that had a specific valid user list. Although samba goes > off and queries the password server, and even correctly authenticates > the user, the user must still have a local unix account. That's fine, I > can understand that. But part of the share included a force user = x, so > that the local unix user account being used after authentication was a > common user. > > My assumption (which is clearly wrong! :) ) would be that I could use > force user = x to override the need for a local unix account - all the > operations would be done by the forced user, and all the authentication > is being done with the remote NT server. Does this make any sense? Is it > supposed to _always_ require a local user even when being forced and no > local authorisation is taking place? > > (This is all with Samba 2.0.4b, Solaris 2.5.1) > > Ex: > > security = server > password server = mynt > .. > [myshare] > ... > valid users = user1, user2 > force user = nobody > > -- > David Zanetti, Unix System Administrator and Postmaster > Wellington City Council, New Zealand. Phone +64-4-801-3354 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From maedde at maedde.de Thu Sep 2 10:54:15 1999 From: maedde at maedde.de (Matthias Keller) Date: Tue Dec 2 02:27:02 2003 Subject: user manager for domains, access permissions Message-ID: <37CE5757.57BBD797@maedde.de> hi, i run samba 2.0.4b as pdc on debian 2.1 and a win nt 4 ws. joining the domain ist no problem, but i'm not able to administer my domain with the user manager for domains from the samba website. i've a group of domain administrators, but no member of this group is able to use the program. my second problem is, that the access permissions for files are not set correctly. win nt writes [domainname]\unknown account instead of the [domainname]\username. also the domain administrator group which i've added to the local administrators is in the user manager shown as [domainname]\unknown account. thanks for the help matthias -- -------------------------------------------------------- Matthias Keller http://www.maedde.de/ From angus at gactr.uga.edu Thu Sep 2 14:33:09 1999 From: angus at gactr.uga.edu (Angus Robertson) Date: Tue Dec 2 02:27:02 2003 Subject: NT Server w/ Samba PDC in Domain Message-ID: <19990902103309.A12123@iguana.gactr.uga.edu> We're using the latest samba cvs w/ ldap and PDC support (OpenLDAP 1.2.6). >From an NT workstation I'm able to map a drive from an NT Server (the NT server authenticates against the samba/ldap PDC) using an ldap domain account; however, when I try to access the drive I get this message from an NT Server: --- Message from NTSERVER to NTWORKSTATION on 9/2/1999 10:23AM From: Server at \\NTSERVER To: NTWORKSTATION Subj: **USER NOTIFICATION** Date: 9/2/99 10:05AM Your logon time at DOMAIN has ended. --- Anyone know how to resolve this? Thanks. From lkcl at samba.org Thu Sep 2 15:48:54 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:02 2003 Subject: urgent: review of MSRPC \PIPE\samr service documentation needed Message-ID: i need some assistance urgently in a technical review of a 70 page document on the NT Domains \PIPE\samr services. i particularly need someone who is familiar with the NetUser*, NetGroup* and NetLocalGroup* MSDN API in Windows NT. if you are used to examining samba debug logs at level 100 then that is also useful. all and any input welcomed, please contact me directly as i am currently off all samba lists in order to complete this. thanks, luke (samba team). From thomas.heiligenmann at t-online.de Thu Sep 2 16:27:27 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:02 2003 Subject: security=domain References: <37CAC671.31A0638A@megabit.net> Message-ID: <37CEA56F.A6AF13A1@heiligenmann.de> Daniel Jung wrote: > Hi, > > I finally managed running Samba with an Windows NT-PDC in a single > domain. > But now I?ve got a problem: > Using "security=server" I can access the Samba-Server without any > problems. > But after setting "security=domain" I can?t access it any more. > > What may be the problem. > > Yours > Daniel Jung I had the same problem a few days ago ;-) Although the Samba-Server authenticates users against the PDC under "security=server" it still runs in "workstation mode" without being a member of the NT domain. "security=domain" requires the Samba-Server to join your NT domain first. Just follow the steps as described in ...your-samba-dir/docs/textdocs/DOMAIN_MEMBER.txt and anything will work as you expect. Cheers, Thomas From ba2k at virginia.edu Thu Sep 2 16:37:49 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:02 2003 Subject: UNIX File Ownership with Samba preexec Message-ID: <3.0.6.32.19990902123749.00927100@unix.mail.Virginia.edu> Hi: On our AIX 4.2.1 server we are running the two daemons that constitute Samba 2.0.5a, smbd and nmbd. As I understand the situation the smbd daemon is expected to run a UNIX script for the user when user makes an attachment to the Samba server, ie, establishes an SMB session with the Samba server from the user's Win 98 station and attempts to login to the domain. There is a statement in smb.conf such as: root preexec = /usr/local/samba/bin/buildprofiles %U %a Using this root preexec command, I attempt to build the necessary profile directories for the user in /lv6/users/samba_profiles//Win95, assign ownership to the user, and assign the dir and file permissions that will allow the user to store Win profiles and registry. The directories are built but they are owned by user nobody and group sys. In my humble experience using Digital UNIX i never encountered a username nobody. Does it have a special significance to the way AIX controls Samba? I guess my "root" question is: should the smbd daemon be running as root and should it be able to assign ownership of the directory /lv6/users/samba_profiles/ to ? Have I run afoul of NIS security in some fashion? Any help GREATLY appreciated, -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-9813 From cwiegand at startek.com Thu Sep 2 18:14:18 1999 From: cwiegand at startek.com (Chris Wiegand) Date: Tue Dec 2 02:27:02 2003 Subject: Current Status / Trust Relationships In-Reply-To: <37CE5757.57BBD797@maedde.de> Message-ID: <001b01bef56e$f9912800$93638acd@great.net> I'm interested in deploying my samba machine in a very NT-rich environment, and wanted to know what the current status of trust relationships is within Samba CVS and stable. Also, if I add this machine to an existing (or new NT-PDC-based) domain, and that domains has trust relationships with other domains, does that mean that my machine, when a user from a trusted domain access it, can auto-add that person? Chris Wiegand Intranet Admin / Programmer "...Define sqrt(x) as something really evil like (x / rand()), and bury it deep in a shared include somewhere. Watch your coworkers go insane." -Unknown From Zanett2D at wcc.govt.nz Thu Sep 2 21:59:11 1999 From: Zanett2D at wcc.govt.nz (David Zanetti) Date: Tue Dec 2 02:27:02 2003 Subject: security = server and valid users Message-ID: <6B451193F2DBD11182880000F8663101051E87D8@hadrianus.wcc.govt.nz> On Thursday, September 02, 1999 10:14 PM, Greg Dickie wrote: > On 02-Sep-99 David Zanetti wrote: > > My assumption (which is clearly wrong! :) ) would be that I could use > > force user = x to override the need for a local unix account - all the > > operations would be done by the forced user, and all the authentication > > is being done with the remote NT server. Does this make any sense? Is it > > supposed to _always_ require a local user even when being forced and no > > local authorisation is taking place? > > Definitely not if you use: > guest ok=yes > force user=guest Hmmm.. I tried it but it still required the authenticated user had a local account. Account can be null (can't login, broken password etc) but it had to be there. Any other ideas? :) -- David Zanetti, Unix System Administrator and Postmaster Project Manager, Internet Access Review Project Wellington City Council, New Zealand. Phone +64-4-801-3354 From ldx at ibm.net Thu Sep 2 23:03:00 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:27:02 2003 Subject: UNIX File Ownership with Samba preexec References: <3.0.6.32.19990902123749.00927100@unix.mail.Virginia.edu> Message-ID: <37CF0224.A67153F7@ibm.net> I have AIX 4.2.1 running samba 2.05a I added this line to profile share root preexec = echo \"%U %a\">/tmp/smb.root and got this when I connected -rw-rw-rw- 1 root system 3 Sep 02 15:18 smb.root contents: "doug WinNT" nobody is special user in AIX that has really no priviliges nobody:!:4294967294:4294967294::/: We don't serve 95 profiles on the AIX, but another network does. Linux 2.0.36, Redhat 5.2, samba 2.0.5a added to profile share root preexec = echo \"%U %a\">/tmp/smb.root got -rw-rw-rw- 1 root root 13 Sep 2 15:37 smb.root contents: "doug Win95" I'm sorry I can't be more help than to show non-NIS results. We don't use NIS. But if %U is being passed as nobody, then it probably is NIS at fault. Burt Avery wrote: > Hi: > > On our AIX 4.2.1 server we are running the two daemons that constitute > Samba 2.0.5a, smbd and nmbd. As I understand the situation the smbd daemon > is expected to run a UNIX script for the user when user makes an attachment > to the Samba server, ie, establishes an SMB session with the Samba server > from the user's Win 98 station and attempts to login to the domain. There > is a statement in smb.conf such as: > > root preexec = /usr/local/samba/bin/buildprofiles %U %a > > Using this root preexec command, I attempt to build the necessary profile > directories for the user in /lv6/users/samba_profiles//Win95, > assign ownership to the user, and assign the dir and file permissions that > will allow the user to store Win profiles and registry. The directories are > built but they are owned by user nobody and group sys. > > In my humble experience using Digital UNIX i never encountered a username > nobody. Does it have a special significance to the way AIX controls Samba? > > I guess my "root" question is: should the smbd daemon be running as root > and should it be able to assign ownership of the directory > /lv6/users/samba_profiles/ to ? > > Have I run afoul of NIS security in some fashion? > > Any help GREATLY appreciated, > -ba- > > Burt Avery > Computer Systems Engineer > LSP > Department of Biomedical Engineering > University of Virginia > Charlottesville, VA 22908 > 804-924-9813 -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From D.Bannon at latrobe.edu.au Thu Sep 2 23:11:51 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:02 2003 Subject: UNIX File Ownership with Samba preexec In-Reply-To: <3.0.6.32.19990902123749.00927100@unix.mail.Virginia.edu> Message-ID: <3.0.6.32.19990903091151.00898100@bioserve.latrobe.edu.au> At 02:37 AM 03/09/1999 +1000, Burt Avery wrote: >.... >Using this root preexec command...... The directories are >built but they are owned by user nobody and group sys. > >In my humble experience using Digital UNIX i never encountered a username >nobody. Does it have a special significance to the way AIX controls Samba? > My DEC Unix has a 'nobody' : > f nobody Login name: nobody In real life: anonymous NFS user Directory: / Never logged in. No Plan. I assign the guest account to 'nobody' in smb.conf : guest account = nobody Maybe that has something to do with your situation. Lots of systems other than NFS use 'nobody' when they need a user who has almost no general privileges. >I guess my "root" question is: should the smbd daemon be running as root... Certainly. It runs as root and then changes to appropriate user depending on what it is doing at the time. Maybe it drops back to 'nobody' when unsure of who it should be ? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From palminha at dem.ist.utl.pt Fri Sep 3 01:11:34 1999 From: palminha at dem.ist.utl.pt (Carlos Palminha) Date: Tue Dec 2 02:27:02 2003 Subject: NT Login to Samba PDC Message-ID: <37CF2045.C100301E@dem.ist.utl.pt> Hi,ppl!! I'm trying to login a NT Workstation 4.0 (SP3) to the Samba (2.0.5a) Controlled Domain using UNIX plain text passwords (non-encrypted). (Yes, i'ved added the key EnablePlainTextPassword to the NT register) The machine account is created ( xpto$:xxxxxx:xxx:xxx:... ) in /etc/passwd and my smb.conf is : # Global parameters [global] workgroup = MY_WORKGROUP netbios name = SAMBA os level = 66 domain logons = Yes encrypt passwords = No preferred master = Yes domain master = Yes guest account = samba [tmp] browseable = Yes path=/tmp comment = Temp dir The tmp share is there just to test the manually mount ( \\SAMBA\tmp ) and it works ( without loggin to the domain ... ) ... When i try to login the domain it just says : "Unable to connect to the domain controller for this domain. Have your administrator check your computer account on this domain" and in the smb.log apears something strange : ... [1999/09/03 02:04:01, 3] smbd/process.c:(448) switch message SMBsesssetupX (pid 10490) [1999/09/03 02:04:01, 3] smbd/reply.c:(720) Domain=[LTI-DEM] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/09/03 02:04:01, 3] smbd/reply.c:(725) sesssetupX:name=[XPTO$] [1999/09/03 02:04:01, 3] smbd/error.c:(133) error packet at line 840 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/09/03 02:04:01, 3] smbd/error.c:(143) error string = No such file or directory [1999/09/03 02:04:01, 3] smbd/process.c:(828) end of file from client [1999/09/03 02:04:01, 2] smbd/server.c:(406) Closing connections [1999/09/03 02:04:01, 3] smbd/server.c:(433) Server exit (normal exit) ... TIA, -- Carlos Frederico Rodrigues Palminha Instituto Superior Tecnico Dpt. Eng. Mecanica - Administracao de Sistemas Trab. Final Curso - Wireless ATM -------------- next part -------------- HTML attachment scrubbed and removed From priest at cr-centre.fr Fri Sep 3 07:39:18 1999 From: priest at cr-centre.fr (priest) Date: Tue Dec 2 02:27:02 2003 Subject: Problem to join my Nt domain Message-ID: <37CF7B26.6B24310@cr-centre.fr> > When i try the command : > > smbpawwd -j DOM -r PDC > > I get this message: > > cli_net_auth2: Error > NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setyp_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC > credentials to machine X. Error was: > NT_STATUS_NO_TRUST_SAM_ACCOUNT > 1999/09/03 08:57:18: > change_trust_account_password: Failed to cjange > password for domain Y > Unable to join domain Y > > I When i change the name of the PDC by it's IP address i > get: > > modify_trust_password: machine xx.xx.xx.xx > rejected the session setup. Error was: code 131 N > 1999/09/03 08:57:18: > change_trust_account_password: Failed to cjange > password for domain Y > Unable to join domain Y From matthias at waechter.wol.at Fri Sep 3 07:51:54 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:02 2003 Subject: NT Login to Samba PDC In-Reply-To: <37CF2045.C100301E@dem.ist.utl.pt> Message-ID: On Fri, 3 Sep 1999, Carlos Palminha wrote: > Hi,ppl!! > I'm trying to login a NT Workstation 4.0 (SP3) to the Samba (2.0.5a) > Controlled Domain using > UNIX plain text passwords (non-encrypted). (Yes, i'ved added the key > EnablePlainTextPassword to the NT register) > > The machine account is created ( xpto$:xxxxxx:xxx:xxx:... ) in > /etc/passwd and my smb.conf is : Look into the DOCs, it does not work. If you want to have a domain, forget that there is an option "encrypt passwords = No" and that there is something like a registry hack for NT to enable this on the client side, because the latter only affects client logons, not logon of the machine itself (which is necessary for the domain trusts), so the machine wants to encrypt its logon which fails on Samba's side. If you want to have a domain, you _do_ need the smbpasswd file (or LDAP) with encrypted passwords. No way 'round it. No, never. Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From priest at cr-centre.fr Fri Sep 3 09:28:17 1999 From: priest at cr-centre.fr (priest) Date: Tue Dec 2 02:27:02 2003 Subject: Problem Join Nt Domain Message-ID: <37CF94B0.6FAC8404@cr-centre.fr> Hello when I want to join my domain Y with the command: smbpasswd -j Y The error messages are: modify_trust_password: machine PDC rejected the session setup. Error was: code 131 change_trust_password: Failed to change password for domain Y unable to join domain Y. (My samba server netbois name was declare at the PDC by the Server Manager as an NT Secondary Server.) -------------- next part -------------- HTML attachment scrubbed and removed From maedde at maedde.de Fri Sep 3 10:48:17 1999 From: maedde at maedde.de (Matthias Keller) Date: Tue Dec 2 02:27:02 2003 Subject: problems with samba 2.1.0-prealpha Message-ID: <37CFA771.7537F6F9@maedde.de> hi, because my samba 2.0.4b wasn't able to act as pdc, i've downloaded the newest version of samba from the cvs tree. but now, i'm not able to use swat. when i try to log in as root with the correct smb-password, i get access denied. also i can't set "domain admin group" in the smb.conf-file, because it is an unknown variable for samba 2.1.0-prealpha. are these errors caused by a misconfiguarion or by the prealpha stadium of my samba version ? if it is caused by the version, where can i get the newest final cvs version of samba ? thanks for the help matthias -- -------------------------------------------------------- Matthias Keller http://www.maedde.de/ From matthias at waechter.wol.at Fri Sep 3 11:23:07 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:02 2003 Subject: problems with samba 2.1.0-prealpha In-Reply-To: <37CFA771.7537F6F9@maedde.de> Message-ID: On Fri, 3 Sep 1999, Matthias Keller wrote: > but now, i'm not able to use swat. when i try to log > in as root with the correct smb-password, i get > access denied. Swat can't authorize in 2.1 when SHADOW passwords are used. Problem is passdb/pass_check.c, pass_check() not supporting SHADOW passwords (kind of brain-dead...). That diff should fix it. It's from my July CVS download, but I tend to say the file didn't change very much. --- old/pass_check.c Sun Jun 13 06:14:23 1999 +++ pass_check.c Tue Jul 27 00:54:49 1999 @@ -785,9 +785,73 @@ return(False); } +#ifdef HAVE_GETSPNAM + { + struct spwd *spass; + + /* many shadow systems require you to be root to get + the password, in most cases this should already be + the case when this function is called, except + perhaps for IPC password changing requests */ + + spass = getspnam(pass->pw_name); + if (spass && spass->sp_pwdp) { + pass->pw_passwd = spass->sp_pwdp; + } + } +#elif defined(IA_UINFO) + { + /* Need to get password with SVR4.2's ia_ functions + instead of get{sp,pw}ent functions. Required by + UnixWare 2.x, tested on version + 2.1. (tangent@cyberport.com) */ + uinfo_t uinfo; + if (ia_openinfo(pass->pw_name, &uinfo) != -1) { + ia_get_logpwd(uinfo, &(pass->pw_passwd)); + } + } +#endif + +#ifdef HAVE_GETPRPWNAM + { + struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); + if (pr_pw && pr_pw->ufld.fd_encrypt) + pass->pw_passwd = pr_pw->ufld.fd_encrypt; + } +#endif + +#ifdef OSF1_ENH_SEC + { + struct pr_passwd *mypasswd; + DEBUG(5,("Checking password for user %s in OSF1_ENH_SEC\n", + user)); + mypasswd = getprpwnam (user); + if (mypasswd) { + fstrcpy(pass->pw_name,mypasswd->ufld.fd_name); + fstrcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt); + } else { + DEBUG(5,("OSF1_ENH_SEC: No entry for user %s in protected database !\n", + user)); + } + } +#endif + +#ifdef ULTRIX_AUTH + { + AUTHORIZATION *ap = getauthuid(pass->pw_uid); + if (ap) { + fstrcpy(pass->pw_passwd, ap->a_password); + endauthent(); + } + } +#endif + /* extract relevant info */ fstrcpy(this_user,pass->pw_name); fstrcpy(this_salt,pass->pw_passwd); Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From ba2k at virginia.edu Fri Sep 3 11:47:05 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:02 2003 Subject: UNIX File Ownership with Samba preexec In-Reply-To: <3.0.6.32.19990902123749.00927100@unix.mail.Virginia.edu> Message-ID: <3.0.6.32.19990903074705.00958160@unix.mail.Virginia.edu> The problem has been resolved ... user/admin error. Sorry about filling your mail boxes. -ba- At 02:37 AM 9/3/99 +1000, Burt Avery wrote: >Hi: > >On our AIX 4.2.1 server we are running the two daemons that constitute >Samba 2.0.5a, smbd and nmbd. As I understand the situation the smbd daemon >is expected to run a UNIX script for the user when user makes an attachment >to the Samba server, ie, establishes an SMB session with the Samba server Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-9813 From shonn at midrex.com Fri Sep 3 12:11:11 1999 From: shonn at midrex.com (Nixon, Shon) Date: Tue Dec 2 02:27:02 2003 Subject: Problem compiling SAMBA with ldap support Message-ID: <29D009A91BABD21189520060B057BB922481@comm.midrex.com> I have downloaded the latest samba code (2.1.X) and am trying to compile it with ldap support on a RH 5.2 Linux box. I have compiled and installed openldap 1.2.6 and have it running. I have followed Dr. Coupeau's latest FAQ (thanks very much for the time and effort sir) by moving the include and library files to /usr/include and /usr/lib and trying to compile with no luck. Then I tried inserting the LDAPFLAGS statement and editing the FLAGS1 string. I pointed it to the newly compiled /usr/src/ldap/include and libraries directories but that failed too. I know it is the --with-ldap switch because it compiles just fine without it. Could someone take a look at this and tell me what I am missing? Any and all help is greatly appreciated. The error I keep getting from config.log is: configure:8705: checking statvfs function (SVR4) configure:8718: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure:8712: sys/statvfs.h: No such file or directory configure: failed program was: #line 8710 "configure" #include "confdefs.h" #include #include int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } configure:8743: checking for 3-argument statfs function (DEC OSF/1) configure:8764: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8758: storage size of `fsd' isn't known configure:8760: sizeof applied to an incomplete type configure: failed program was: #line 8751 "configure" #include "confdefs.h" #include #include #include main () { struct statfs fsd; fsd.f_fsize = 0; exit (statfs (".", &fsd, sizeof (struct statfs))); } configure:8791: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD) configure:8818: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 /usr/lib/libldap.so: undefined reference to `res_search' /usr/lib/libldap.so: undefined reference to `dn_expand' /usr/lib/libldap.so: undefined reference to `_getshort' configure: failed program was: #line 8799 "configure" #include "confdefs.h" #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif #ifdef HAVE_SYS_VFS_H #include #endif main () { struct statfs fsd; fsd.f_bsize = 0; exit (statfs (".", &fsd)); } configure:8845: checking for four-argument statfs (AIX-3.2.5, SVR3) configure:8863: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8859: too many arguments to function `statfs' configure: failed program was: #line 8853 "configure" #include "confdefs.h" #include #include main () { struct statfs fsd; exit (statfs (".", &fsd, sizeof fsd, 0)); } configure:8890: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD) configure:8914: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8908: storage size of `fsd' isn't known configure: failed program was: #line 8898 "configure" #include "confdefs.h" #include #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif main () { struct statfs fsd; fsd.f_fsize = 0; exit (statfs (".", &fsd)); } configure:8941: checking for two-argument statfs with struct fs_data (Ultrix) configure:8969: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8962: storage size of `fsd' isn't known configure: failed program was: #line 8949 "configure" #include "confdefs.h" #include #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif #ifdef HAVE_SYS_FS_TYPES_H #include #endif main () { struct fs_data fsd; /* Ultrix's statfs returns 1 for success, 0 for not mounted, -1 for failure. */ exit (statfs (".", &fsd) != 1); } configure:9002: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 /usr/lib/libldap.so: undefined reference to `res_search' /usr/lib/libldap.so: undefined reference to `dn_expand' /usr/lib/libldap.so: undefined reference to `_getshort' configure: failed program was: #line 8998 "configure" #include "confdefs.h" #include "./tests/summary.c" Best Regards - Shon Nixon From JFBOUCHE at EURIWARE.FR Fri Sep 3 11:51:09 1999 From: JFBOUCHE at EURIWARE.FR (BOUCHET Jean-Francois) Date: Tue Dec 2 02:27:02 2003 Subject: problems with samba 2.1.0-prealpha Message-ID: <199909031218.OAA03298@mail.euriware.fr> Hi, Sorry if I'm wrong (and for my English) but : ---------- De: Matthias Keller[SMTP:maedde@maedde.de] Date d'envoi: vendredi 3 septembre 1999 12:56 A: Multiple recipients of list SAMBA-NTDOM Objet: problems with samba 2.1.0-prealpha hi, because my samba 2.0.4b wasn't able to act as pdc, i've downloaded the newest version of samba from the cvs tree. I have set up my Samba 2.0.5a as a PDC and it works. but now, i'm not able to use swat. when i try to log in as root with the correct smb-password, i get access denied. I have had the same problem after a re-install of Samba 2.0.5a and it was working before with the pre-alpha...I haven't the solution but I have set the option -a for swat in my inetd.conf. Everyone can access swat and it is in " demo mode " so I can't change the password (?!) but it works for the rest. also i can't set "domain admin group" in the smb.conf-file, because it is an unknown variable for samba 2.1.0-prealpha. There is no more domain admin group in the pre-alpha but you can perhaps make the same with the maps (domain users, domain group...) ? are these errors caused by a misconfiguarion or by the prealpha stadium of my samba version ? if it is caused by the version, where can i get the newest final cvs version of samba ? thanks for the help Hope this helps.... Jean-Fran?ois -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3131 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990903/1f0027e7/attachment.bin From xmj at cypress.com Fri Sep 3 12:24:37 1999 From: xmj at cypress.com (Matthew Jamison) Date: Tue Dec 2 02:27:02 2003 Subject: Samba and WinTS / WinDD Message-ID: <000a01bef607$49b427e0$453d54c0@melchizedek.Miss.Cypress.Com> I have noticed a small problem with WinTS/WinDD and samba. If for any reason the samba server goes down and then comes back up while some one is editing a MS document on one of these boxes the user is unable to save there work. I think this is strange since this does not seem to effect NT workstation and Win9x. Any thoughts? Matthew -------------------------------------------- Matthew Jamison xmj@cypress.com System Administrator Cypress Semiconductor 601-324-4609 (CSDC) -------------------------------------------- From john.rooke at lpsystems.com Fri Sep 3 11:57:43 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:02 2003 Subject: Problems with User Manager For Domains Message-ID: <37CFB7B7.E20F5D37@lpsystems.com> Hi, We have Samba 2.1.0-prealpha running on SuSE Linux 6.0 and are using this as a PDC for our Windows NT Workstation 4.0 network. All works OK except when I try to use User Manager Fopr Domains and alter a users settings I get a 'The remote procedure call failed.' error message. This also happens in Server Manager. Is this a bug or am I doing something wrong? My smb.conf is attached. -- John Rooke Director L&P Systems Limited john.rooke@lpsystems.com -------------- next part -------------- # Samba config file created using SWAT # from mars.lpsystems.com (10.1.1.8) # Date: 1999/09/01 17:41:23 # Global parameters [global] workgroup = LPSYSTEMS netbios name = SATURN server string = Linux PDC interfaces = 10.1.1.13/255.255.255.0 encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = New\spassword: %n\n Re-enter\snew\spassword: %n\n Password\schanged.\n passwd chat debug = Yes username map = /usr/local/samba/lib/username.map unix password sync = Yes announce version = 4.0 keepalive = 30 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 domain group map = /usr/local/samba/lib/domaingroup.map local group map = /usr/local/samba/lib/localgroup.map domain user map = /usr/local/samba/lib/domainuser.map logon script = systems.bat logon path = \\%L\profiles\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes remote announce = 10.1.1.255 admin users = root john neil hosts allow = 10.1.1. 127. hosts deny = ALL [netlogon] path = /home/netlogon locking = No share modes = No writeable = Yes [profiles] path = /home/profiles read only = No guest ok = Yes browseable = Yes [printers] comment = All Printers path = /tmp create mask = 0700 print ok = Yes browseable = No From shonn at midrex.com Fri Sep 3 13:40:58 1999 From: shonn at midrex.com (Nixon, Shon) Date: Tue Dec 2 02:27:02 2003 Subject: Problem compiling SAMBA with ldap support Message-ID: <29D009A91BABD21189520060B057BB922484@comm.midrex.com> Don't know if this will help, but this was from the actual compile on screen: I get the following errors: checking how to get filesystem space usage checking statvfs64 function (SVR4)... no checking statvfs function (SVR4)... no checking for 3-argument statfs function (DEC OSF/1)... no checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)... no checking for four-argument statfs (AIX-3.2.5, SVR3)... no checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)... no checking for two-argument statfs with struct fs_data (Ultrix)... no checking configure summarty configure: error: summary failure. Aborting config >From last message: I have downloaded the latest samba code (2.1.X) and am trying to compile it with ldap support on a RH 5.2 Linux box. I have compiled and installed openldap 1.2.6 and have it running. I have followed Dr. Coupeau's latest FAQ (thanks very much for the time and effort sir) by moving the include and library files to /usr/include and /usr/lib and trying to compile with no luck. Then I tried inserting the LDAPFLAGS statement and editing the FLAGS1 string. I pointed it to the newly compiled /usr/src/ldap/include and libraries directories but that failed too. I know it is the --with-ldap switch because it compiles just fine without it. Could someone take a look at this and tell me what I am missing? Any and all help is greatly appreciated. The error I keep getting from config.log is: configure:8705: checking statvfs function (SVR4) configure:8718: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure:8712: sys/statvfs.h: No such file or directory configure: failed program was: #line 8710 "configure" #include "confdefs.h" #include #include int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } configure:8743: checking for 3-argument statfs function (DEC OSF/1) configure:8764: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8758: storage size of `fsd' isn't known configure:8760: sizeof applied to an incomplete type configure: failed program was: #line 8751 "configure" #include "confdefs.h" #include #include #include main () { struct statfs fsd; fsd.f_fsize = 0; exit (statfs (".", &fsd, sizeof (struct statfs))); } configure:8791: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD) configure:8818: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 /usr/lib/libldap.so: undefined reference to `res_search' /usr/lib/libldap.so: undefined reference to `dn_expand' /usr/lib/libldap.so: undefined reference to `_getshort' configure: failed program was: #line 8799 "configure" #include "confdefs.h" #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif #ifdef HAVE_SYS_VFS_H #include #endif main () { struct statfs fsd; fsd.f_bsize = 0; exit (statfs (".", &fsd)); } configure:8845: checking for four-argument statfs (AIX-3.2.5, SVR3) configure:8863: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8859: too many arguments to function `statfs' configure: failed program was: #line 8853 "configure" #include "confdefs.h" #include #include main () { struct statfs fsd; exit (statfs (".", &fsd, sizeof fsd, 0)); } configure:8890: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD) configure:8914: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8908: storage size of `fsd' isn't known configure: failed program was: #line 8898 "configure" #include "confdefs.h" #include #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif main () { struct statfs fsd; fsd.f_fsize = 0; exit (statfs (".", &fsd)); } configure:8941: checking for two-argument statfs with struct fs_data (Ultrix) configure:8969: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 configure: In function `main': configure:8962: storage size of `fsd' isn't known configure: failed program was: #line 8949 "configure" #include "confdefs.h" #include #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif #ifdef HAVE_SYS_FS_TYPES_H #include #endif main () { struct fs_data fsd; /* Ultrix's statfs returns 1 for success, 0 for not mounted, -1 for failure. */ exit (statfs (".", &fsd) != 1); } configure:9002: gcc -o conftest -O conftest.c -ldl -lcrypt -lpam -lldap -llber 1>&5 /usr/lib/libldap.so: undefined reference to `res_search' /usr/lib/libldap.so: undefined reference to `dn_expand' /usr/lib/libldap.so: undefined reference to `_getshort' configure: failed program was: #line 8998 "configure" #include "confdefs.h" #include "./tests/summary.c" Best Regards - Shon Nixon From sigor at Port.Yuzhny.Odessa.UA Fri Sep 3 14:07:08 1999 From: sigor at Port.Yuzhny.Odessa.UA (SIgor) Date: Tue Dec 2 02:27:02 2003 Subject: User Lists in Win9x Message-ID: <006701bef615$9cf99120$16d1a8c0@int1.port.yuzhny.odessa.ua> Hi, I have Samba 2.1.0-prealpha running on Linux RedHat 5.2 and are using this as a PDC for our Windows 9x network. All works OK and I get User Lists in Win9x without *.map files in smb.conf. With *.map files I keep getting the message that it can't find them and to try again later. My config: Linux kernel 2.2.5-ac6 on P233 with 64M, samba cvs compile with keys: ./configure --prefix=/usr --libdir=/etc/samba --with-lockdir=/var/lock/samba --with-privatedir=/etc/private --with-swatdir=/usr/share/swat --with-automou nt --with-quotas --with-pam --with-smbmount smb.conf: . . . domain logons = yes local group map = /etc/samba/localgroup.map domain group map = /etc/samba/domaingroup.map domain user map = /etc/samba/domainuser.map . . . --------- domaingroup.map : adm="Domain Admins" users="Users" domainuser.map : root=Administrator sigor=Sigor guest=Guest localgroup.map : wheel=BUILTIN\Administrators root="Admin Users" sigor="Users" guest="Guest" log file : named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x1 on pipe "samr" (pnum 700e)1999/09/03 14:31:01 Setting pipe device state=100 on pipe (name=samr) [1999/09/03 14:31:01, 3] smbd/process.c:process_smb(569) Transaction 16 of length 152 [1999/09/03 14:31:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 30933) [1999/09/03 14:31:01, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=72 params=0 setup=2 [1999/09/03 14:31:01, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 700e)api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [1999/09/03 14:31:01, 3] smbd/process.c:process_smb(569) Transaction 17 of length 116 [1999/09/03 14:31:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 30933) [1999/09/03 14:31:01, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=36 params=0 setup=2 [1999/09/03 14:31:01, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 700e)Doing \PIPE\samr [1999/09/03 14:31:01, 3] rpc_server/srv_pipe.c:api_rpc_command(739) api_rpc_command: SAMR_CONNECT_ANON [1999/09/03 14:31:01, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_pol_status(195) Setting policy status=5c pnum=1 [1999/09/03 14:31:01, 3] smbd/process.c:process_smb(569) Transaction 18 of length 164 [1999/09/03 14:31:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 30933) [1999/09/03 14:31:01, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=84 params=0 setup=2 [1999/09/03 14:31:01, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 700e)Doing \PIPE\samr [1999/09/03 14:31:01, 3] rpc_server/srv_pipe.c:api_rpc_command(739) api_rpc_command: SAMR_LOOKUP_DOMAIN [1999/09/03 14:31:01, 3] smbd/process.c:process_smb(569) Transaction 19 of length 156 [1999/09/03 14:31:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 30933) [1999/09/03 14:31:01, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=76 params=0 setup=2 [1999/09/03 14:31:01, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 700e)Doing \PIPE\samr [1999/09/03 14:31:01, 3] rpc_server/srv_pipe.c:api_rpc_command(739) api_rpc_command: SAMR_OPEN_DOMAIN [1999/09/03 14:31:01, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) Setting policy sid=S-1-5-21-833516151-3237195935-3499124447 pnum=2 [1999/09/03 14:31:01, 3] smbd/process.c:process_smb(569) Transaction 20 of length 126 [1999/09/03 14:31:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 30933) [1999/09/03 14:31:01, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=46 params=0 setup=2 [1999/09/03 14:31:01, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 700e)Doing \PIPE\samr [1999/09/03 14:31:01, 3] rpc_server/srv_pipe.c:api_rpc_command(739) api_rpc_command: SAMR_QUERY_DOMAIN_INFO [1999/09/03 14:31:01, 3] smbd/process.c:process_smb(569) Transaction 21 of length 132 [1999/09/03 14:31:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 30933) [1999/09/03 14:31:01, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=52 params=0 setup=2 [1999/09/03 14:31:01, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/09/03 14:31:01, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 700e)Doing \PIPE\samr [1999/09/03 14:31:01, 3] rpc_server/srv_pipe.c:api_rpc_command(739) api_rpc_command: SAMR_ENUM_DOM_GROUPS [1999/09/03 14:31:01, 3] rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_sid(239) Getting policy sid=S-1-5-21-833516151-3237195935-3499124447 pnum=2 [1999/09/03 14:31:01, 0] lib/fault.c:fault_report(40) =============================================================== [1999/09/03 14:31:01, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 30933 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/09/03 14:31:01, 0] lib/fault.c:fault_report(43) =============================================================== [1999/09/03 14:31:01, 0] lib/util.c:smb_panic(2527) PANIC: internal error -------------------------------------------------- ================================== Regards. Sigor. From icoupeau at unav.es Fri Sep 3 14:54:06 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:27:02 2003 Subject: Problem compiling SAMBA with ldap support References: <29D009A91BABD21189520060B057BB922484@comm.midrex.com> Message-ID: <37CFE10E.FABCA518@unav.es> "Nixon, Shon" wrote: > > Don't know if this will help, but this was from the actual compile on > screen: > > I get the following errors: > > checking how to get filesystem space usage > checking statvfs64 function (SVR4)... no > checking statvfs function (SVR4)... no > checking for 3-argument statfs function (DEC OSF/1)... no > checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)... > no the only problem I remember was fixed compiling and installing the kernel 2.2.10. If the problem persists, try the source-HEAD-990707 via CVS. We compiled it fine linux 5.2 (intel). > > >From last message: > > I have downloaded the latest samba code (2.1.X) and am trying to compile it > with ldap support on a RH 5.2 Linux box. I have compiled and installed > openldap 1.2.6 and have it running. I have followed Dr. Coupeau's latest FAQ > (thanks very much for the time and effort sir) by moving the include and > library files to /usr/include and /usr/lib and trying to compile with no > luck. Then I tried inserting the LDAPFLAGS statement and editing the FLAGS1 If you copy the includes and the libs in the standard path (/usr/lib, /usr/include), you don't need modify the FLAGS... I modified this in the recent howto... Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From palminha at dem.ist.utl.pt Fri Sep 3 15:21:19 1999 From: palminha at dem.ist.utl.pt (Carlos Palminha) Date: Tue Dec 2 02:27:02 2003 Subject: NT Login to Samba PDC References: Message-ID: <37CFE76E.D920478C@dem.ist.utl.pt> Matthias W?chter wrote: > On Fri, 3 Sep 1999, Carlos Palminha wrote: > > > Hi,ppl!! > > I'm trying to login a NT Workstation 4.0 (SP3) to the Samba (2.0.5a) > > Controlled Domain using > > UNIX plain text passwords (non-encrypted). (Yes, i'ved added the key > > EnablePlainTextPassword to the NT register) > > > > The machine account is created ( xpto$:xxxxxx:xxx:xxx:... ) in > > /etc/passwd and my smb.conf is : > > Look into the DOCs, it does not work. If you want to have a domain, forget > that there is an option "encrypt passwords = No" and that there is > something like a registry hack for NT to enable this on the client side, > because the latter only affects client logons, not logon of the machine > itself (which is necessary for the domain trusts), so the machine wants > to encrypt its logon which fails on Samba's side. If you want to have a > domain, you _do_ need the smbpasswd file (or LDAP) with encrypted > passwords. No way 'round it. No, never. > Just an idea ... Is it possible to the samba server (using "encrypt passwords = No" ) to check the password ( encrypted ) in the smbpasswd file if he detects that is a net logon ??? ( because all net logon's come encrypted!!! ) -- Carlos Frederico Rodrigues Palminha Instituto Superior Tecnico Dpt. Eng. Mecanica - Administracao de Sistemas Trab. Final Curso - Wireless ATM -------------- next part -------------- HTML attachment scrubbed and removed From awilliam at whitemice.org Fri Sep 3 16:55:12 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:02 2003 Subject: Problem compiling SAMBA with ldap support In-Reply-To: "Nixon, Shon" "RE: Problem compiling SAMBA with ldap support" (Sep 3, 11:46pm) References: <29D009A91BABD21189520060B057BB922484@comm.midrex.com> Message-ID: <9909031655.ZM19232@estate1.whitemice.org> On Sep 3, 11:46pm, Nixon, Shon wrote: > Subject: RE: Problem compiling SAMBA with ldap support > Don't know if this will help, but this was from the actual compile on > screen: > > I get the following errors: > > checking how to get filesystem space usage > checking statvfs64 function (SVR4)... no > checking statvfs function (SVR4)... no > checking for 3-argument statfs function (DEC OSF/1)... no > checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)... > no > checking for four-argument statfs (AIX-3.2.5, SVR3)... no > checking for two-argument statfs with statfs.fsize member (4.4BSD and > NetBSD)... no > checking for two-argument statfs with struct fs_data (Ultrix)... no > checking configure summarty > configure: error: summary failure. Aborting config I have Openldap 1.2.3 and the Samba head code on a RH6.0 Linux box (2.2.12 kernel, and all the RH updates) and I get the exact same error. From wfool at ProgressLighting.com Fri Sep 3 17:41:13 1999 From: wfool at ProgressLighting.com (Wayne Fool) Date: Tue Dec 2 02:27:02 2003 Subject: win 95b, win 95, encrypted passwords Message-ID: <26CCA2B6F244D211869F00805F15E9C45545@SPA6000> I am confused about this password issue, I have samba 2.0.5a running on a 486/dx2/66 as a print server for 3 computers, one is a win 95b and the other is a win 95 (pre b), the other is a dos computer (but that is another story, I'll tackle that one later). My network administrator says I must use encrypted passwords so I have used them. The win 95 b computer works fine, but the win 95 (pre b) doesn't see the printserver. I can ping from the linux computer to the win95 (pre b) computer and vice versa, but in windows 95 it doesn't show up in network neighborhod and a find computer "PSERV" gets me a not found. All the computers are on the same domain, with the same IP and subnet. I am guessing that the win 95(pre b ) computer doesn't like encrypted passwords. Can I do anything about that? Thanks. BTW I hope this is the right list, but I didn't have another address. If not could you refer me to the right list. Thanks Best Regards, Wayne From sm at sys.uea.ac.uk Fri Sep 3 18:00:05 1999 From: sm at sys.uea.ac.uk (Shaun McCullagh) Date: Tue Dec 2 02:27:02 2003 Subject: Browsing Problems (Vanishing PCs & Workgroups from NetHood) References: <29D009A91BABD21189520060B057BB922484@comm.midrex.com> Message-ID: <37D00CA5.63C3B505@sys.uea.ac.uk> Hi, PCs keep disappearing from one of our workgroups (SYS-STAFF) and PCs in SYS-STAFF frequently cannot see other workgroups. PCs in other workgroups are frequently unable to browse SYS-STAFF, even though TCP/IP connectivity works fine all the time. I've got Samba 2.0.5a running under Solaris 2.7 which is configured to be browse master for SYS-STAFF. Samba is running on a very lightly loaded Sun Ultra 10. Excerpt from my smb.conf: os level = 65 domain master = no local master = yes preferred master = yes domain logons = no When nmbd is restarted it reports that it is the Master Browser for SYS-STAFF but then nmbd frequently reports it cannot contact browse master for SYS-STAFF a few hours later. Sometimes an entry like this occurs ( from a Linux box running Samba 2.0.3) >[1999/09/03 18:32:34, 1] nmbd/nmbd_incomingdgrams.c:process_reset_browser(710) > process_reset_browser: received diagnostic browser reset request from RWHLTPC<00> IP > >>139.222.4.103 state=0x2 I've stopped samba on this machine pro tem. Any ideas? I'm getting a bit desperate :( TIA Shaun Shaun McCullagh IT Support Officer Email: sm@sys.uea.ac.uk School of Information Systems., Tel +44 1603 592307 University of East Anglia, FAX +44 1603 507720 Norwich England NR4 7TJ All views expressed are my own. From timothy_d_cole at md.northgrum.com Fri Sep 3 19:14:49 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:02 2003 Subject: switching to security = domain Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563137@xcgmd008.md.essd.northgrum.com> I'm experimenting with switching our 2.0.5a installation to domain mode from server mode, and I'm wondering how the user (and I suppose group, for that matter) mapping is going to work. Things are somewhat complicated by the fact that most of the users are going to be coming from other domains, rather than from the one the Samba server will be joining (the latter does trust the former). Do I now switch from username map to domain user map? Do I need to specify all of the Unix users in the domain user map, qualified with their domain (since they will nearly all be coming from other domains)? What happens if I have a user from some other domain -- DOM2\fred, say -- that is not in the map, and he tries to connect? He doesn't get mapped to local user "fred" or something, I hope? As a matter of interest, is it possible to map users by SID, rather than by name? In a lot of ways being able to map directly between SIDs and uids/gids would be nice. From tssb at mail.ru Thu Sep 2 15:57:19 1999 From: tssb at mail.ru (Apeximov Dmitry) Date: Tue Dec 2 02:27:02 2003 Subject: failed session setup Message-ID: <000201bef62d$b07a0320$f502010a@computer> Dear Samba Developers, trying to setup connection with Samba 2.1-prealpha server with help smbclient from the same linux box, I've got message "Failed session setup" (twice at time). PC P100 with Linux RedHat 6.0 (kernel 2.2.5.). CVS is 09 Aug 1999. I have the simplest smb.conf to test just-compiled Samba. smb.conf ----------------------------- [global] workgroup = WRKGROUP [homes] guest ok = yes read only = no ------------------------------ I've done experiment with two smbclient utility: one from self-compiled Samba 2.1, another from Samba 2.0.3 RedHat 6.0 package. SMBD IS FROM 2.1 IN BOTH CASES. 1. From Samba 2.1 linux$:./smbclient //linux/adv -U adv -d 10 Added interface ip=192.1.1.21 bcast=192.1.1.255 nmask=255.255.255.0 Client started (version 2.1.0-prealpha). cli_establish_connection: LINUX<00> connecting to LINUX<20> (0.0.0.0) - adv [WRKGROUP] with NTLMv1 resolve_name: Attempting lmhosts lookup for name linux getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_name: Attempting host lookup for name linux Connecting to 192.1.1.21 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 0 size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=0 smb_pid=524 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=129 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [080] 00 . write_socket(4,168) write_socket(4,168) wrote 168 got smb length of 78 size=78 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=524 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12801 (0x3201) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=3328 (0xD00) smb_vwv[8]=2 (0x2) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=32099 (0x7D63) smb_vwv[13]=18152 (0x46E8) smb_vwv[14]=48885 (0xBEF5) smb_vwv[15]=4097 (0x1001) smb_vwv[16]=255 (0xFF) smb_bcc=9 [000] 57 52 4B 47 52 4F 55 50 00 WRKGROUP . cli_establish_connection: NTLMv1 size=134 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=0 smb_pid=524 smb_uid=0 smb_mid=1 smt_wct=13 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=17408 (0x4400) smb_vwv[3]=2 (0x2) smb_vwv[4]=524 (0x20C) smb_vwv[5]=525 (0x20D) smb_vwv[6]=0 (0x0) smb_vwv[7]=24 (0x18) smb_vwv[8]=24 (0x18) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_bcc=73 [000] 41 F3 9C 26 7C 69 B6 8C B1 2C 1F 1E 10 3C 92 7C A..&|i.. .,...<.| [010] F3 88 DC D7 9A 6C F3 AE CE 2C F9 7C 2A CF 28 15 .....l.. .,.|*.(. [020] E1 9D ED 89 91 C8 EF 69 10 CB 8B 74 9C FD 4A 37 .......i ...t..J7 [030] 41 44 56 00 57 52 4B 47 52 4F 55 50 00 55 6E 69 ADV.WRKG ROUP.Uni [040] 78 00 00 53 61 6D 62 61 00 x..Samba . write_socket(4,138) write_socket(4,138) wrote 138 got smb length of 35 size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=524 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 failed session setup Here is the part of the log.smb file ------------------------------ [1999/09/02 17:19:08, 3] smbd/negprot.c:reply_negprot(423) Selected protocol NT LANMAN 1.0 [1999/09/02 17:19:08, 3] smbd/process.c:process_smb(569) Transaction 2 of length 138 [1999/09/02 17:19:08, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 503) [1999/09/02 17:19:08, 3] smbd/reply.c:reply_sesssetup_and_X(655) Domain=[WRKGROUP] NativeOS=[Unix] NativeLanMan=[] [1999/09/02 17:19:08, 3] smbd/reply.c:reply_sesssetup_and_X(658) sesssetupX:name=[?,?|*?(???????i??t??J7ADV] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ what's matter? Why did I get that trash? [1999/09/02 17:19:08, 0] smbd/password.c:password_ok(561) Error: challenge not done for user=?,?|*?(???????i??t??j7adv [1999/09/02 17:19:08, 3] smbd/error.c:error_packet(138) error packet at line 748 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/09/02 17:19:08, 3] smbd/error.c:error_packet(143) error string = No such file or directory 2. From Samba 2.0.3 linux$: smbclient //linux/adv -U adv -d 10 pm_process() returned Yes Added interface ip=192.1.1.21 bcast=192.1.1.255 nmask=255.255.255.0 Client started (version 2.0.3). resolve_name: Attempting lmhosts lookup for name linux<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_name: Attempting host lookup for name linux<0x20> Connecting to 192.1.1.21 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 0 size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 session request ok from log.smb ------------------------------ [1999/09/02 17:16:42, 3] smbd/negprot.c:reply_negprot(423) Selected protocol NT LANMAN 1.0 [1999/09/02 17:16:45, 3] smbd/process.c:process_smb(569) Transaction 2 of length 95 [1999/09/02 17:16:45, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 498) [1999/09/02 17:16:45, 3] smbd/reply.c:reply_sesssetup_and_X(655) Domain=[WRKGROUP] NativeOS=[Unix] NativeLanMan=[Samba] [1999/09/02 17:16:45, 3] smbd/reply.c:reply_sesssetup_and_X(658) sesssetupX:name=[ADV] ^^^^^^ but here it's ok [1999/09/02 17:16:45, 3] param/loadparm.c:lp_add_home(1534) adding home directory adv at /home/adv What's matter? With best wishes, Dmitry From mg at plum.de Sat Sep 4 10:10:13 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:02 2003 Subject: Problems with User Manager For Domains References: <37CFB7B7.E20F5D37@lpsystems.com> Message-ID: <37D0F005.28D3CB9A@plum.de> John Rooke schrieb: > > We have Samba 2.1.0-prealpha running on SuSE Linux 6.0 and are using > this as a PDC for our Windows NT Workstation 4.0 network. > > All works OK except when I try to use User Manager Fopr Domains and > alter a users settings I get a 'The remote procedure call failed.' error > message. This also happens in Server Manager. > > Is this a bug or am I doing something wrong? No .. everything is fine :) It's only, that this functionaity is not in Samba (yet) ... regards, Michael From cartegw at Eng.Auburn.EDU Sat Sep 4 11:46:27 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:03 2003 Subject: (URGENT) Problems loggin in References: <00dd01bef242$f8fc4c00$4ba77018@cr951892a> Message-ID: <37D10693.3F41ACE2@eng.auburn.edu> > Jason Lam wrote: > > Restore the original domain SID > Remove the domain client from the domain and rejoin. > ----------------------------------------------------------------- > My first question is, how do I do the above? Please be as detailed as > possible, rebooting the wks doesn't seems to help. The domain SID on a Samba PDC is stored in the same directory as the smbpasswd file. The filename under 2.0.x is MACHINE.SID. You should replace or edit this with the original MACHINE.SID. You could possible get this value on one of the client NT Workstations by digging through the SAM. > Second problem is with the IP, since I changed the IP of the samba > server. It seems that there are problems with samba when the server IP > has changed. I did went into the /var/lock/samba and deleted EVERY > files in that directory. However, it still doesn't seems to help, when > I do "smbclient -L SERVER" it is still trying to get to the old ip > rather than the new ip and therefore no route to host. Anyone have a > solution to this? Are you using WINS servger? Did you clean this out as well? Cheers, jerry From Stanley.Skidmore at PSS.Boeing.com Sun Sep 5 06:44:44 1999 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:03 2003 Subject: NT Login to Samba PDC Message-ID: Hi all, I am a very beginning SAMBA user. I have read that SAMBA can be built to be able to handle shadow passwords with Linux 6.0 My question is where is that parameter set? Is it in the configure or make file? Any help would be greatly appreciated. regards Stan > ---------- > From rfs at aw.com.pl Sun Sep 5 12:13:33 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:03 2003 Subject: Security bug ??? Message-ID: <37D25E6D.6A9CB70F@aw.com.pl> Hello, everybody :) Recently, I setup Samba PDC (2.0.5a). Everything works fine (great software !), except one strange thing. No matter of file ownership I am able to delete it from ordinary user account logged on WinNT SP3 wks. Even if file's owner is root ! What did I wrong ? PS. What does it mean: [ 1] rpc_server/srv_util.c:make_dom_gids(141) make_dom_gids: unknown well-known alias RID arch/7 in log file. Thanks in advance Rafa? From cartegw at Eng.Auburn.EDU Sun Sep 5 12:49:46 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:03 2003 Subject: Security bug ??? References: <37D25E6D.6A9CB70F@aw.com.pl> Message-ID: <37D266EA.78D29C80@eng.auburn.edu> Rafa? Szcze?niak wrote: > > Hello, everybody :) > > Recently, I setup Samba PDC (2.0.5a). Everything works fine > (great software !), except one strange thing. > No matter of file ownership I am able to delete it > from ordinary user account logged on WinNT SP3 wks. > Even if file's owner is root ! What did I wrong ? Need more information like * the service definition from smb.conf * the UNIX permissions on the parent directory * any other specifics for your setup Cheers, jerry From angus at gactr.uga.edu Sun Sep 5 22:19:31 1999 From: angus at gactr.uga.edu (Angus Robertson) Date: Tue Dec 2 02:27:03 2003 Subject: NT Servers/Clients in SAMBA domain Message-ID: <19990905181931.A20664@iguana.gactr.uga.edu> We're using the latest samba cvs w/ ldap support compiled in. What, if anything, is necessary on the samba side to allow NT Servers/Clients in the Samba DOMAIN to see shares on other NT Servers/Clients in the Samba DOMAIN. Right now, when clicking on an NT Server/Client in the DOMAIN from the Network Neighborhood from an NT Client in the DOMAIN; we either get "Access is Denied" when logged on as users in the DOMAIN or "The Server Service is not Started" when logged on as administrator in the DOMAIN. Thanks! From khassan at aster.com.pk Mon Sep 6 06:27:08 1999 From: khassan at aster.com.pk (Khurram Farhan Hassan) Date: Tue Dec 2 02:27:03 2003 Subject: How to access Samba servers from another workgroup? Message-ID: <002101bef830$d92d5ce0$670680cb@faisalkhurram> Hi, I have set up Samba servers on our Linux machines and set them up for workgroup = wkgrp1. All our Win95/98 boxes in the same workgroup (wkgrp 1) can access these fine. However, we have three workgroups of Win95/98 boxes and I would like all these other workgroups (wkgrp2 and wkgrp3) to access the Samba servers. What would I have to do so that Win95/98 boxes from wkgrp2 and wkgrp3 workgroups can access the Samba servers also? I dont want to change the workgroups on the Win95/98 machines. One more thing. Some of our users call into this LAN from home on a PPP link. Is there any special configuration that needs to be done to handle this case? Thanks, Khurram, khassan@aster.com.pk From matthias at waechter.wol.at Mon Sep 6 08:08:53 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:03 2003 Subject: NT Login to Samba PDC In-Reply-To: Message-ID: On Sun, 5 Sep 1999, Skidmore, Stanley G wrote: > Hi all, > I am a very beginning SAMBA user. I have read that SAMBA can be built > to be able to handle shadow passwords with Linux 6.0 Samba needs _either_ "Encrypted Passwords = No" (say, transmission is unencrypted, storage on the server is in /etc/passwd or /etc/shadow or whatever, but PDC functionality is not available this way) or "Encrypted Passwords = Yes" (transmission is encrypted and some kind of secure, you use .../etc/smbpasswd to contain the Samba password hashes which are not compatible to those in /etc/shadow, but this way PDC is possible). In the distribution there are some .REG files you can change the behavior of your 95/98/NT computer with concerning the encryption of passwords. You have to apply these registry patches if you have * NT SP3 or above (or 95 SP1 or 98) _and_ * use "Encrypted Passwords = No" in your smb.conf. As noted above, you will then have _no_ password security on your network and have _NO_ PDC functionality (f.e. NT Workstations are members of the Domain, ...). > My question is where is that parameter set? Is it in the configure or > make file? So this question is answered above, use "Encrypted Passwords = No", but then no PDC. Since this note came on the NTDOM mailing list, I assume you do want PDC functionality, so forget about unencrypted password transmission and storage in /etc/shadow. If you refer to my last message containing a patch to enable SWAT use shadow passwords: This is only for SWAT, nothing else. Since swat runs on the Samba server itself, it doesn't have to use SMB to authenticate, instead authentication is done against the /etc/passwd database (and hopefully against the passwords stored in /etc/shadow which - in 2.1 - is only possible patching some files). Note anyway, that password transmission if using SWAT is unsecure even you say "Encrypted Passwords = Yes" in your smb.conf file, so SWAT should only be accessed from the server itself or that near. Especially the root password can be sniffed easily that way! Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From mg at plum.de Mon Sep 6 08:58:05 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:03 2003 Subject: NT BSOD with oplocks Message-ID: <37D3821D.55205285@plum.de> Hi, got a very strange problem with oplocks : When I enable oplocks on a samba 2.0.5a domain member, NT4WS SP5 clients get blue screens of death while writing to the samba server. Setting oplocks=no, and everyting works fine again. Are there some known issues with oplocks and NT4 SP5 ? Do I have to add some registry keys to NT ? TIA, Michael From pilsl at goldfisch.atat.at Mon Sep 6 09:20:15 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:03 2003 Subject: acls on win-side Message-ID: <19990906112015.A11429@goldfisch.atat.at> samba2.05a <-> nt4/sp5 to access nt-files from sambaside with smbclient/smbmount there are two possibilities 1) files has permissions granted to a local nt-user and samba logs on to NT using this local account 2) filea has permissions granted to a domain-user and samba logs on using this domain-account. I?ve problems to realize both options. I cant get smbclient/smbmount to use local (non-domain) accounts when accessing NT and I cant find a commandline-tool for NT that can handle domain-accounts: cacls (from NT) cant do it and igrant (form ntsec) should be able to do it, but I cant get it to work at all: igrant -f domain\user:r e:\test Granting permissions to: domain\user(user) E:\test (no change) 1 file/directory found, 0 errors. like the output tells no change was made. (the same when using local accounts, but then I really get OT here) any idea ? peter ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From matty at cifs.org Mon Sep 6 09:27:41 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:03 2003 Subject: acls on win-side In-Reply-To: <19990906112015.A11429@goldfisch.atat.at> References: <19990906112015.A11429@goldfisch.atat.at> Message-ID: <19990906192741.A4642@cifs.org> On Mon, Sep 06, 1999 at 07:23:15PM +1000, peter pilsl wrote: > > I cant get smbclient/smbmount to use local (non-domain) accounts when > accessing NT You must specify the local domain with the -W option, i.e. smbclient //SERVER/SHARE -U LocalUser -W SERVER > and I cant find a commandline-tool for NT that can > handle domain-accounts: cacls (from NT) cant do it and igrant (form ntsec) > should be able to do it, but I cant get it to work at all: Are you sure this is an NTFS filesystem you're trying to add ACL's to? cacls should work just fine. Read the documentation for that or igrant (which I'm not familiar with) carefully, I'm sure you're doing something wrong. - matty -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From alanh at pinacl.co.uk Mon Sep 6 10:00:23 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:03 2003 Subject: Force group ? Message-ID: <01BEF857.067F93E0.alanh@pinacl.co.uk> I have a number of users with home directories under /home/????. Their default group is users. I need to make some of these directories available for other users, so I've created a group that's actually the same as the users name of their home directory. For example, drwxrwx... georgef georgef ...... Then, I add a bunch of users into that group in /etc/group. georgef:500:x:georgef,paulw,ianp etc,etc. It works and people can get to his home directory, but.... When another user saves a file into georgef's directory it gets created with georgef's primary group which is 'users' and I don't want that. I've tried using force group = %u or %U in the samba config, but thinking again that won't work. Anyone any ideas ? Alan. From jens.skripczynski at igd.fhg.de Mon Sep 6 08:01:46 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:03 2003 Subject: compiling NIS with 2.1pre or 2.0.5a under RH 6.0 Message-ID: <19990906100146.A20639@pclinux.igd.fhg.de> Hi, I wanted to ask, if anyone has compiled 2.0.5a oder 2.1pre under Linux especially Redhat 6.0. When I try I get a lot of errors: --- ---- Linking bin/smbd passdb/nispass.o: In function `add_nisp21pwd_entry': passdb/nispass.o(.text+0x1cb): undefined reference to `nis_list' passdb/nispass.o(.text+0x222): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x27a): undefined reference to `nis_sperrno' passdb/nispass.o(.text+0x299): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x2a5): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x2fe): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x30a): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x31f): undefined reference to `nis_lookup' passdb/nispass.o(.text+0x339): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x345): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x351): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x38a): undefined reference to `nis_sperrno' passdb/nispass.o(.text+0xc09): undefined reference to `nis_add_entry' passdb/nispass.o(.text+0xc17): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0xc2f): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0xc65): undefined reference to `nis_sperrno' passdb/nispass.o(.text+0xc7e): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0xc8a): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0xc94): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0xca0): undefined reference to `nis_freeresult' passdb/nispass.o: In function `make_sam_from_nisp': passdb/nispass.o(.text+0xd1b): undefined reference to `nis_sperrno' passdb/nispass.o: In function `getnisp21pwnam': passdb/nispass.o(.text+0x1032): undefined reference to `nis_list' passdb/nispass.o(.text+0x1089): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x109f): undefined reference to `nis_freeresult' passdb/nispass.o: In function `getnisp21pwrid': passdb/nispass.o(.text+0x1264): undefined reference to `nis_list' passdb/nispass.o(.text+0x12be): undefined reference to `nis_freeresult' passdb/nispass.o(.text+0x12d3): undefined reference to `nis_freeresult' passdb/nispass.o: In function `startnisppwent': passdb/nispass.o(.text+0x1331): undefined reference to `nis_list' passdb/nispass.o(.text+0x1388): undefined reference to `nis_freeresult' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 --- ---- Is it possible that the NIS Support is just for implemented for SUN ? Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From jens.skripczynski at igd.fhg.de Mon Sep 6 08:42:54 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:03 2003 Subject: compiling NIS with 2.1pre or 2.0.5a under RH 6.0 In-Reply-To: <19990906100146.A20639@pclinux.igd.fhg.de>; from Jens Skripczynski on Mon, Sep 06, 1999 at 08:06:39PM +1000 References: <19990906100146.A20639@pclinux.igd.fhg.de> Message-ID: <19990906104254.A3603@pclinux.igd.fhg.de> Jens Skripczynski: > Hi, > > I wanted to ask, if anyone has compiled 2.0.5a oder 2.1pre under Linux > especially Redhat 6.0. ... Problem solved. I didn't know the difference between nis and nis-plus. Sorry for the traffic... Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From mmt4q at ee.virginia.edu Mon Sep 6 16:26:12 1999 From: mmt4q at ee.virginia.edu (mmt4q) Date: Tue Dec 2 02:27:03 2003 Subject: help with password syncing Message-ID: <37D3EB24.189CAD8C@ee.virginia.edu> Hi. I'm finally ready to try to setup password syncing between my Sun Solaris 2.6 NIS Master running Samba 2.0.2 (or I'm ready for upgrade to 2.0.5a) and my WinNT workstations. I wanted to double check with you some settings in my smb.conf: smb passwd file = /usr/local/samba-2.0.2/private/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *passw*d*d*on* passwd chat debug = No password level = 0 unix password sync = Yes password server = (Note: I got the password chat from the NTDOM mailing list where it worked for someone else on a Sun box) Currently I have to add folks to /etc/passwd in order for Samba to work. Once password syncing is working, I hope only to have to have an entry in /var/yp/passwd and /usr/local/samba/private/smbpasswd. If I originally created smbpasswd by using mksmbpasswd.sh from /etc/passwd do I need to recreate smbpasswd? or do I need to reconfigure Samba so that it looks at /var/yp/passwd instead of /etc/passwd? Thank you for your help and documentation, Melissa -- Melissa Thrush Dept. of Electrical Engineering Thornton Hall C213 University of Virginia Charlottesville, VA 22903 Phone: (804) 924-6072 Fax: (804) 924-8818 From nc-zobeljo at netcologne.de Mon Sep 6 06:30:16 1999 From: nc-zobeljo at netcologne.de (Joachim Zobel) Date: Tue Dec 2 02:27:03 2003 Subject: user manager for domains, access permissions In-Reply-To: <37CE5757.57BBD797@maedde.de> Message-ID: <3.0.3.32.19990906083016.00751b3c@pop3.netcologne.de> At 20:57 02.09.99 +1000, you wrote: >i run samba 2.0.4b as pdc on debian 2.1 and a win nt 4 ws. I'vegot the same problem with 2.0.5a on SuSE 6.1 with NTSP5. It showed up during migration to these three, before it worked. >joining the domain ist no problem, but i'm not able to >administer my domain with the user manager for domains >from the samba website. i've a group of domain administrators, >but no member of this group is able to use the program. This is normal. The functionality is not implemented. >my second problem is, that the access permissions for files >are not set correctly. win nt writes [domainname]\unknown account >instead of the [domainname]\username. also the domain administrator >group >which i've added to the local administrators is in the user manager >shown as [domainname]\unknown account. If i add a domain user to a local group, the box with the domain users knows the names. As soon as they are added, they are unknown. They are still different users and can logon, but it seems their names are locally unknown. The nasty thing is, that the unknown users don't have the full rights they should have. They are for example not able to change the Desktop background, although they can read and write files in their profiles directory. Whats happening here? Any hints? Joachim -- "... ein Geschlecht erfinderischer Zwerge, die fuer alles gemietet werden koennen." - Bertolt Brecht - Leben des Galilei From pilsl at goldfisch.atat.at Mon Sep 6 20:07:51 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:03 2003 Subject: acls on win-side In-Reply-To: <19990906192741.A4642@cifs.org>; from Matt Chapman on Mon, Sep 06, 1999 at 07:37:02PM +1000 References: <19990906112015.A11429@goldfisch.atat.at> <19990906192741.A4642@cifs.org> Message-ID: <19990906220751.C13763@goldfisch.atat.at> On Mon, Sep 06, 1999 at 07:37:02PM +1000, Matt Chapman wrote: > On Mon, Sep 06, 1999 at 07:23:15PM +1000, peter pilsl wrote: > > > > I cant get smbclient/smbmount to use local (non-domain) accounts when > > accessing NT > > You must specify the local domain with the -W option, i.e. > > smbclient //SERVER/SHARE -U LocalUser -W SERVER > oops. thanks. > > and I cant find a commandline-tool for NT that can > > handle domain-accounts: cacls (from NT) cant do it and igrant (form ntsec) > > should be able to do it, but I cant get it to work at all: > > Are you sure this is an NTFS filesystem you're trying to add ACL's to? > > cacls should work just fine. Read the documentation for that or igrant > (which I'm not familiar with) carefully, I'm sure you're doing something > wrong. > as far I know cacls does not support domain-user. maybe there is a different version of this prog in nt-workstation and nt-server. but my my german-workstation-cacls can show domain-user but not process any granting with it. gui-security-extension in explorer can do it, but I need something for scripts. peter ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From pherrari at tin.it Mon Sep 6 22:07:25 1999 From: pherrari at tin.it (Paolo Ferrari) Date: Tue Dec 2 02:27:03 2003 Subject: No subject Message-ID: <001401bef8b4$34ab0ee0$0a646464@pitnt> SET SAMBA-NTDOM ADDRESS 936308332 paolo@crosswinds.net -------------- next part -------------- HTML attachment scrubbed and removed From Alexandre.Lecuyer at iu-vannes.fr Tue Sep 7 07:25:07 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:27:03 2003 Subject: Update problems Message-ID: <37D4BDD3.57C2F446@iu-vannes.fr> Hi all, We've been using a cvs from mid-july until now without problems, except sometimes when saving word documents.. I have read in the list archive that a cvs update would help, but I didn't get it to work. (I have been off for holidays, probably missed a few things :) in "log.smb" I get: No DFS map, Samba is running in NON DFS mode Where can I find docs about that ? using "smbpasswd", I get: error connecting to :445 (Connection refused) Then I get the usual prompts, and the passwd is changed. I can connect to shares using "smbclient", but from an NT client it doesn't work. - The domain's joined succesfully - After a reboot login is denied: [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(655) Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] ^^^^^^^^^ [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(658) sesssetupX:name=[] ^^^^^^^ [1999/09/06 17:51:43, 3] lib/util.c:get_unixgroups(2379) nobody is in 1 groups: 99 ^^^^^^ If I revert to the old binaries everything works fine again.. so I guess I have missed some changes since july. Any pointer's welcome ! Thanx, -- Alexandre Lecuyer CCRI IUT-IUP de Vannes From alanh at pinacl.co.uk Tue Sep 7 10:00:42 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:03 2003 Subject: Force group ? Message-ID: <01BEF920.3B683F70.alanh@pinacl.co.uk> Following on from this - I can't get force group to work at all in 2.0.5a. It completely ignores the line. Any clues ? This is my share setup. By default users primary group is 'users'. [telco] path = /samba/telco force group = telco force create mode = 0770 force directory mode = 0770 create mask = 0770 valid users = root, @telco write list = root, @telco guest ok = no browseable = yes Alan. -----Original Message----- From: Alan Hourihane [SMTP:alanh@pinacl.co.uk] Sent: 06 September 1999 11:02 To: Multiple recipients of list SAMBA-NTDOM Subject: Force group ? I have a number of users with home directories under /home/????. Their default group is users. I need to make some of these directories available for other users, so I've created a group that's actually the same as the users name of their home directory. For example, drwxrwx... georgef georgef ...... Then, I add a bunch of users into that group in /etc/group. georgef:500:x:georgef,paulw,ianp etc,etc. It works and people can get to his home directory, but.... When another user saves a file into georgef's directory it gets created with georgef's primary group which is 'users' and I don't want that. I've tried using force group = %u or %U in the samba config, but thinking again that won't work. Anyone any ideas ? Alan. From rfs at aw.com.pl Tue Sep 7 10:58:21 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:03 2003 Subject: Force group ? References: <01BEF920.3B683F70.alanh@pinacl.co.uk> Message-ID: <37D4EFCD.EE968F03@aw.com.pl> Alan Hourihane wrote: > > Following on from this - I can't get force group to > work at all in 2.0.5a. It completely ignores the line. > > Any clues ? > > This is my share setup. > > By default users primary group is 'users'. > > [telco] > path = /samba/telco > force group = telco > force create mode = 0770 > force directory mode = 0770 > create mask = 0770 > valid users = root, @telco > write list = root, @telco > guest ok = no > browseable = yes > Try to use: force group = +telco This forces group 'telco' only when current user accessing this share is member of group 'telco'. Of course use also: valid users = root, @telco or: valid users = @telco (when root is simply added to @telco) This works for me (Samba PDC 2.0.5a) Greetings :-) Rafa? > Alan. > > -----Original Message----- > From: Alan Hourihane [SMTP:alanh@pinacl.co.uk] > Sent: 06 September 1999 11:02 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Force group ? > > I have a number of users with home directories > under /home/????. Their default group is users. > > I need to make some of these directories available > for other users, so I've created a group that's actually > the same as the users name of their home directory. > > For example, > > drwxrwx... georgef georgef ...... > > Then, I add a bunch of users into that group in /etc/group. > > georgef:500:x:georgef,paulw,ianp > > etc,etc. > > It works and people can get to his home directory, but.... > > When another user saves a file into georgef's directory > it gets created with georgef's primary group which is 'users' > and I don't want that. > > I've tried using > > force group = %u or %U > > in the samba config, but thinking again that won't work. > > Anyone any ideas ? > > Alan. From rfs at aw.com.pl Tue Sep 7 11:53:01 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:03 2003 Subject: Files Message-ID: <37D4FC9D.64D0A922@aw.com.pl> Can anybody send me 'cifs6.txt' and 'cifsrap2.txt' files ? I tried to get them from MS site, but some errors occured and I can't do it. Thanks in advance Rafa? From alanh at pinacl.co.uk Tue Sep 7 11:42:57 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:03 2003 Subject: Printing for NT Message-ID: <01BEF92E.838F21C0.alanh@pinacl.co.uk> I was wondering if anyone has started porting the printing \pipe\spoolss code from the prealpha-2.1 branch to 2.0 yet ? If not, I'm going to start. Anyone got any feedback they can give me ? Alan. From Dave.Stevenson at durham.ac.uk Tue Sep 7 13:29:13 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:03 2003 Subject: Printing for NT Message-ID: <3956.199909071329@gengis> Does the 2.1pre-alpha printing work OK for NT? - Having trawled the NTDOM archive and checked out all the docs I can find without success, I'm gleaning info from the source code about how to get this to work..with partial success. If you're porting it, presumably you have a pretty good notion of how samba needs to be configured to work. Is this documented anywhere? Willing to test printer stuff if it would help. Current samba systems system 1 - production -Running pre alpha 2.0 (aug 98) under Sol2.6 on Ultra10 with mix of DOS6.22(yes DOS)/Win3.11/Win95/NT4SP3 clients - Samba as PDC (approx 100 users) - v. stable system 2 - Running pre alpha 2.1 of 3-9-99 under Solaris2.6 on Sparc10 as a development system again Samba as PDC both compiled from source with gcc compiler 2.8.1 many printers, mainly postscript HP networked with JetAdmin From rfs at aw.com.pl Tue Sep 7 13:55:49 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:03 2003 Subject: Update problems References: <37D4BDD3.57C2F446@iu-vannes.fr> Message-ID: <37D51965.CA0D8BC3@aw.com.pl> Alexandre Lecuyer wrote: > > Hi all, > > We've been using a cvs from mid-july until now without > problems, except sometimes when saving word documents.. I > have read in the list archive that a cvs update would help, > but I didn't get it to work. > (I have been off for holidays, probably missed a few things :) > > in "log.smb" I get: > No DFS map, Samba is running in NON DFS mode > Where can I find docs about that ? > I got the same msg in log file when I'm running Samba 2.1-pre I don't understand what does it mean, too. > -- > Alexandre Lecuyer > CCRI IUT-IUP de Vannes From SAHLKE at HAUNI.KOERBER.DE Tue Sep 7 13:37:26 1999 From: SAHLKE at HAUNI.KOERBER.DE (Sahlke, Jan) Date: Tue Dec 2 02:27:03 2003 Subject: 2 samba daimon? Message-ID: <54CF1F45ED19D311B68E00805FFEA80E5F6826@kns033.hauni.koerber.de> Hello, I would need a solution for a high available cluster with two different samba daimons. Both daimons should run with one server system, but every daimon should have it's own config file. Is this possible? Best regard, Jan Sahlke From norman at lithe.uark.edu Tue Sep 7 15:45:42 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:03 2003 Subject: Publisher and Samba 2.0.5a Message-ID: <37D53326.EF5BBF87@lithe.uark.edu> Hello, everyone. Just have a question about Publisher 97 and samba version 2.0.5a. I have that version running on a RedHat 6 server, Gateway 2000 PII 266 with 64 M Ram. I have a public directory setup so that our office people can share some important files. In this directory, there is a series of Publisher 97 files. Now, here is the problem. Usually, an our Office worker account owns these files. Recently, one of my directors needed to edit one of the publisher files. The permissions on all of the files where 766, so everyone had read and write permissions. Then, all of the sudden, the file that he was working on wouldn't allow him to save the file back to the pub directory. First, it gave him a message about the disk being full (I checked, I have quota's enabled, and the Office worker account, which owns that file, had about 80 M of usable quota, and the disk itself has about 1.5 G free). Then, it said something about not being able to read the file (S:\UB Transcripts\XXXXXX.pub). Well, he closed down publisher, went back in, and it would allow him to open, edit, but once again, not save back to pub. Again, some problem about not being able to read the file. I have looked into his log, and it seems like maybe publisher is having some problems with temp files that it is trying to make. Not exactly for sure, but I have included the log as an attatchment (gziped). Is this a known problem with publisher, or have I done something stupid on the system administration end of things? Any helps, comments, suggestions, relaxing drink mixtures would be greatly appreciated at this time. Thanks in advance. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: log.godfather.gz Type: application/x-gzip Size: 2236 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990907/3c5eeb10/log.godfather.bin From svinto at ita.chalmers.se Tue Sep 7 15:54:38 1999 From: svinto at ita.chalmers.se (Svante =?iso-8859-1?Q?S=F6rmark?=) Date: Tue Dec 2 02:27:03 2003 Subject: samba + ldap = C00000BE Message-ID: <37D5353E.3E5050E8@ita.chalmers.se> hi all, i've just set up samba (from cvs) with ldap. everything works nicely, except changing the passwords from nt-clients; i get the C00000BE-error. i saw a discussion about this a while back. is there any fix for this? if not, could someone explain the problem a bit, so i can try to fix it myself? cheers/ -- --------------------------------------------------------------------------- Svante S?rmark | Chalmers University IT systems & services | +46-31-7728665 --------------------------------------------------------------------------- From valankar at cse.fau.edu Tue Sep 7 16:08:01 1999 From: valankar at cse.fau.edu (Viraj Alankar) Date: Tue Dec 2 02:27:03 2003 Subject: Force group ? In-Reply-To: <01BEF857.067F93E0.alanh@pinacl.co.uk> Message-ID: On Mon, 6 Sep 1999, Alan Hourihane wrote: > When another user saves a file into georgef's directory > it gets created with georgef's primary group which is 'users' > and I don't want that. Alan, Can you not use the g+s permission bit on the unix directory? This sounds like that you need, but forgive me if I'm missing something. Viraj. From avi at inf.unitn.it Tue Sep 7 16:12:44 1999 From: avi at inf.unitn.it (Andrea Avi) Date: Tue Dec 2 02:27:03 2003 Subject: user manager for domains, access permissions Message-ID: <37D5397C.EDC51966@inf.unitn.it> At 20:57 02.09.99 +1000, you wrote: >i run samba 2.0.4b as pdc on debian 2.1 and a win nt 4 ws. I'vegot the same problem with 2.0.5a on SuSE 6.1 with NTSP5. It showed up during migration to these three, before it worked. >joining the domain ist no problem, but i'm not able to >administer my domain with the user manager for domains >from the samba website. i've a group of domain administrators, >but no member of this group is able to use the program. This is normal. The functionality is not implemented. >my second problem is, that the access permissions for files >are not set correctly. win nt writes [domainname]\unknown account >instead of the [domainname]\username. also the domain administrator >group >which i've added to the local administrators is in the user manager >shown as [domainname]\unknown account. If i add a domain user to a local group, the box with the domain users knows the names. As soon as they are added, they are unknown. They are still different users and can logon, but it seems their names are locally unknown. The nasty thing is, that the unknown users don't have the full rights they should have. They are for example not able to change the Desktop background, although they can read and write files in their profiles directory. Whats happening here? Any hints? Joachim I have the same problem on the NTFS file system the ownership of the file is DOMAIN\Accont Unknown I need to know the ownership of the local (C: on NT wks) file... can anybody help me (us) ? ciao andrea From thomas.heiligenmann at t-online.de Tue Sep 7 17:12:30 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:03 2003 Subject: acls on win-side References: <19990906112015.A11429@goldfisch.atat.at> <19990906192741.A4642@cifs.org> <19990906220751.C13763@goldfisch.atat.at> Message-ID: <37D5477E.C54768F5@heiligenmann.de> > > as far I know cacls does not support domain-user. maybe there is a different version of this prog in nt-workstation and nt-server. but my > my german-workstation-cacls can show domain-user but not process any granting with it. gui-security-extension in explorer can do it, but > I need something for scripts. > Why granting permissions on local files directly to domain users (and admins) ? I think it's easier and keeps things clearer to add domain users/admins to local groups and then granting permissions to this groups, something like: net localgroup Users "your_domain\Domain Users" /add net localgroup Admins "your_domain\Domain Admins" /add ... echo j| CACLS c:\your_path /T /C /G Users:C Admins:F ... etc. whatever you like You can play with tools like igrant/revoke/grant on this groups too, eg. add the lines to a script which is invoked during automatic installation of your nt wkstn. You'll find more information at the MS website looking for "Unattended Setup" and "Zero Administration Kit" Regards, Thomas From jens.skripczynski at igd.fhg.de Tue Sep 7 12:08:23 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:03 2003 Subject: Printing for NT In-Reply-To: <01BEF92E.838F21C0.alanh@pinacl.co.uk>; from Alan Hourihane on Tue, Sep 07, 1999 at 09:47:52PM +1000 References: <01BEF92E.838F21C0.alanh@pinacl.co.uk> Message-ID: <19990907140823.A7095@pclinux.igd.fhg.de> Alan Hourihane: > I was wondering if anyone has started > porting the printing \pipe\spoolss code > from the prealpha-2.1 branch to 2.0 yet ? > > If not, I'm going to start. > > Anyone got any feedback they can give > me ? I can't give Feedback, but a short Mini How to, would be nice. Because i still have trouble using the Spool Code at home with my NT4... Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From rob.kane at eds.com Tue Sep 7 19:19:21 1999 From: rob.kane at eds.com (Robert Kane) Date: Tue Dec 2 02:27:03 2003 Subject: Publisher and Samba 2.0.5a In-Reply-To: <37D53326.EF5BBF87@lithe.uark.edu> Message-ID: <002101bef965$e3d9d6b0$6bb6a9cf@deltaflyer.ect.com> Is your client running anti-virus software. I have experienced problems with both McAfee and InocuLAN (Cheyenne Antivirus) clients with similar symptoms that you are experiencing. It takes a long time to scan the file and if it is large, will time out the network connection. I hope this helps. If this is the case there are several fixes available for the antivirus applications at the manufacturer's web page(s). Regards, Robert Kane rob.kane@eds.com -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Norman Weathers Sent: Tuesday, September 07, 1999 11:58 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Publisher and Samba 2.0.5a Hello, everyone. Just have a question about Publisher 97 and samba version 2.0.5a. I have that version running on a RedHat 6 server, Gateway 2000 PII 266 with 64 M Ram. I have a public directory setup so that our office people can share some important files. In this directory, there is a series of Publisher 97 files. Now, here is the problem. Usually, an our Office worker account owns these files. Recently, one of my directors needed to edit one of the publisher files. The permissions on all of the files where 766, so everyone had read and write permissions. Then, all of the sudden, the file that he was working on wouldn't allow him to save the file back to the pub directory. First, it gave him a message about the disk being full (I checked, I have quota's enabled, and the Office worker account, which owns that file, had about 80 M of usable quota, and the disk itself has about 1.5 G free). Then, it said something about not being able to read the file (S:\UB Transcripts\XXXXXX.pub). Well, he closed down publisher, went back in, and it would allow him to open, edit, but once again, not save back to pub. Again, some problem about not being able to read the file. I have looked into his log, and it seems like maybe publisher is having some problems with temp files that it is trying to make. Not exactly for sure, but I have included the log as an attatchment (gziped). Is this a known problem with publisher, or have I done something stupid on the system administration end of things? Any helps, comments, suggestions, relaxing drink mixtures would be greatly appreciated at this time. Thanks in advance. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From anthony at tmbtax.ru Tue Sep 7 19:35:19 1999 From: anthony at tmbtax.ru (=?koi8-r?Q?=E1=CE=D4=CF=CE=20=E1=CE=C1=D4=CF=CC=D8=C5=D7=C9=DE=20=E2=CF=D2=CF=C4=C9=CE?=) Date: Tue Dec 2 02:27:03 2003 Subject: acls on win-side References: <19990906112015.A11429@goldfisch.atat.at> <19990906192741.A4642@cifs.org> <19990906220751.C13763@goldfisch.atat.at> <37D5477E.C54768F5@heiligenmann.de> Message-ID: <37D568F7.EDBEE55E@tmbtax.ru> Does somebody can help me.........? I use FreeBSD as file+print+mail+news server in more than 50 LANs, which connected to uppest-level LAN via UUCP only. How can I redistrbute UIDs and permissions from any regional subdivision on to all corporate network? PS: If you'll answer about LDAP -- please answer more detailed, because I'm newbee in LDAP {:-)} From adam.w.cabler at lmco.com Tue Sep 7 20:21:50 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:27:03 2003 Subject: help with password syncing Message-ID: I am still having problems getting this to work, so if someone can help, I would appreciate it. I am running NIS+ on an SGI Origin 200 w/ IRIX 6.5.4. When I turn on password syncing, I get an error that "Unable to connect to 127.0.0.1, Bad Password, etc..." I have tried to turn on password chat debug on, but (and this is really weird) when I try to boost the log level of samba and restart through swat, netscape gives me an error, "No Data on Form" and won't refresh that screen until I lower the log level. I have never encountered this in the entire time that I have dealt with samba. If I try to do this manually, I get Internal Panic and samba won't restart until the log level is lowered. Thanks for your help, adam -----Original Message----- From: mmt4q [mailto:mmt4q@ee.virginia.edu] Sent: Monday, September 06, 1999 11:28 AM To: Multiple recipients of list SAMBA-NTDOM Subject: help with password syncing Hi. I'm finally ready to try to setup password syncing between my Sun Solaris 2.6 NIS Master running Samba 2.0.2 (or I'm ready for upgrade to 2.0.5a) and my WinNT workstations. I wanted to double check with you some settings in my smb.conf: smb passwd file = /usr/local/samba-2.0.2/private/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *passw*d*d*on* passwd chat debug = No password level = 0 unix password sync = Yes password server = (Note: I got the password chat from the NTDOM mailing list where it worked for someone else on a Sun box) Currently I have to add folks to /etc/passwd in order for Samba to work. Once password syncing is working, I hope only to have to have an entry in /var/yp/passwd and /usr/local/samba/private/smbpasswd. If I originally created smbpasswd by using mksmbpasswd.sh from /etc/passwd do I need to recreate smbpasswd? or do I need to reconfigure Samba so that it looks at /var/yp/passwd instead of /etc/passwd? Thank you for your help and documentation, Melissa -- Melissa Thrush Dept. of Electrical Engineering Thornton Hall C213 University of Virginia Charlottesville, VA 22903 Phone: (804) 924-6072 Fax: (804) 924-8818 From jeremy at xxedgexx.com Tue Sep 7 20:57:49 1999 From: jeremy at xxedgexx.com (jeremy@xxedgexx.com) Date: Tue Dec 2 02:27:03 2003 Subject: samba domain controller and nstalling exchange Message-ID: Has anyone got this going? I have it up to the point where it wants to modify the service user, then it dies saying the user does not exist and I see this error in my log: [1999/09/07 16:38:51, 0] smbd/nttrans.c:call_nt_transact_ioctl(2387) call_nt_transact_ioctl: Currently not implemented. so it looks like whatever NT Server wants top do, Samba doesn't know how, but is there any ways around this? -jeremy http://www.xxedgexx.com | jeremy@xxedgexx.com --------------------------------------------- Y2K. We're all gonna die. From aaron at compedge.co.nz Tue Sep 7 21:24:57 1999 From: aaron at compedge.co.nz (Aaron Knauf) Date: Tue Dec 2 02:27:03 2003 Subject: Security bug ??? References: <37D25E6D.6A9CB70F@aw.com.pl> <37D266EA.78D29C80@eng.auburn.edu> Message-ID: <37D582A9.DFCAF150@compedge.co.nz> samba-ntdom@samba.org wrote: > Rafa? Szcze?niak wrote: > > > > Hello, everybody :) > > > > Recently, I setup Samba PDC (2.0.5a). Everything works fine > > (great software !), except one strange thing. > > No matter of file ownership I am able to delete it > > from ordinary user account logged on WinNT SP3 wks. > > Even if file's owner is root ! What did I wrong ? > > Need more information like > > * the service definition from smb.conf > * the UNIX permissions on the parent directory > * any other specifics for your setup > > Cheers, > jerry I had one like this. From memory, it was something to do with the mapping of the world permissions bits. I ended up with everyone having take ownership under NT. There is a doco about it in the distribution doc directory. ADK From dhanson at seek.com Tue Sep 7 22:40:32 1999 From: dhanson at seek.com (Hanson, Don) Date: Tue Dec 2 02:27:03 2003 Subject: NT Workstation can't log into domain... Message-ID: Hello, I replaced my NT Server a while ago with RedHat Linux, now version 6. Samba (version shipped w/ RH6.0) is configured and IP-MASQ providing Internet access via DSL to a couple of Win9x boxes. For work purposes, I need to fire up NT Workstation 4.0 sp4 on one of the Win9x boxes, which was setup as dual boot long ago. My problem is that NT Workstation gives "Cannot find domain server..." when I try to change from a Workgroup to Domain Black-Box in Network properties. I've set this up before, but I must be missing something (hopefully obvious). I have the Registry setting EnablePlainTextPasswords set to 1. I'm using the same account name/password on Workstation as I do from 98. The machine has the same static IP 192.168.1.2, Gateway-DNS Server-Wins Server 192.168.1.1 under Workstation and 98. My friend is running almost exact same configuration, RH6.0 etc. and logs in just fine. Below is sections of my smb.conf file Thanks in advance, Don [global] workgroup = BLACK-BOX server string = Black-Box Samba Server hosts allow = 192.168.1.2 192.168.1.3 ; guest account = pcguest security = user ; encrypt passwords = yes ; smb passwd file = /etc/smbpasswd interfaces = 192.168.1.1/255.255.255.0 ; local master = no ; os level = 33 domain master = yes ; preferred master = yes domain logons = yes wins support = yes ; wins server = w.x.y.z wins proxy = yes dns proxy = yes From pilsl at goldfisch.atat.at Tue Sep 7 22:50:25 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:03 2003 Subject: acls on win-side In-Reply-To: <37D5477E.C54768F5@heiligenmann.de>; from Thomas Heiligenmann on Wed, Sep 08, 1999 at 03:15:07AM +1000 References: <19990906112015.A11429@goldfisch.atat.at> <19990906192741.A4642@cifs.org> <19990906220751.C13763@goldfisch.atat.at> <37D5477E.C54768F5@heiligenmann.de> Message-ID: <19990908005025.O15261@goldfisch.atat.at> On Wed, Sep 08, 1999 at 03:15:07AM +1000, Thomas Heiligenmann wrote: > > Why granting permissions on local files directly to domain users (and > admins) ? I think it's easier and keeps things clearer to add domain > users/admins to local groups and then granting permissions to this > groups, something like: > > net localgroup Users "your_domain\Domain Users" /add > net localgroup Admins "your_domain\Domain Admins" /add > .. > echo j| CACLS c:\your_path /T /C /G Users:C Admins:F > .. etc. whatever you like > thats an interesting idea, but leads me to another problem. I dont have any groups on domainside cause I dont know how to define it in smb.conf. the suggested domain group map,local group map,domain user map - parameters does not work any more in 2.05a. and there is no documentiation for the new announced domain admin users, domain groups .... for now net localgroup /domain just leads into an error-message. thanks, peter ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From simonmu at optimation.co.nz Wed Sep 8 00:19:25 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:03 2003 Subject: Publisher and Samba 2.0.5a In-Reply-To: <37D53326.EF5BBF87@lithe.uark.edu> Message-ID: On Wed, 8 Sep 1999, Norman Weathers wrote: Hello, everyone. Just have a question about Publisher 97 and samba version 2.0.5a. I have that version running on a RedHat 6 server, Gateway 2000 PII 266 with 64 M Ram. I have a public directory setup so that our office people can share some important files. In this directory, there is a series of Publisher 97 files. Now, here is the problem. Usually, an our Office worker account owns these files. Recently, one of my directors needed to edit one of the publisher files. The permissions on all of the files where 766, so everyone had read and write permissions. Then, all of the sudden, the file that he was working on wouldn't allow him to save the file back to the pub directory. First, it gave him a message about the disk being full (I checked, I have quota's enabled, and the Office worker What really sucks about publisher is that it is a big jumble of both win16 and win32 code. When you do not have name-mangling setup you can get all sorts of odd error messages. Try this in your smb.conf case sensitive = no default case = lower mangle case = no mangled names = yes preserve case = yes short preserve case = no Regards Simon Murcott -------------- next part -------------- A non-text attachment was scrubbed... Name: log.godfather.gz Type: application/x-gzip Size: 2236 bytes Desc: Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990908/1f79d700/log.godfather.bin From bernard.pradie at sncf.fr Wed Sep 8 06:31:01 1999 From: bernard.pradie at sncf.fr (Bernard PRADIE) Date: Tue Dec 2 02:27:03 2003 Subject: Update problems References: <37D4BDD3.57C2F446@iu-vannes.fr> Message-ID: <37D602A5.6D6468AE@dr.sncf.fr> I have the same problem with smbpasswd. 445 seems to be a port. what service ? #grep 445 source/* #rgrep 445 docs no result ! I use ./configure --with-syslog --with-quota May I miss a doc ? does I forget --with-profile ? (I use [Profile] in my smb.conf) Alexandre Lecuyer wrote (a ?crit) : > > Hi all, > > We've been using a cvs from mid-july until now without > problems, except sometimes when saving word documents.. I > have read in the list archive that a cvs update would help, > but I didn't get it to work. > (I have been off for holidays, probably missed a few things :) > > in "log.smb" I get: > No DFS map, Samba is running in NON DFS mode > Where can I find docs about that ? > > using "smbpasswd", I get: > error connecting to :445 (Connection refused) > Then I get the usual prompts, and the passwd is changed. > > I can connect to shares using "smbclient", but from an NT client > it doesn't work. > - The domain's joined succesfully > - After a reboot login is denied: > [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(655) > Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] > ^^^^^^^^^ > [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(658) > sesssetupX:name=[] > ^^^^^^^ > [1999/09/06 17:51:43, 3] lib/util.c:get_unixgroups(2379) > nobody is in 1 groups: 99 > ^^^^^^ > > If I revert to the old binaries everything works fine again.. so > I guess I have missed some changes since july. > Any pointer's welcome ! > Thanx, > > -- > Alexandre Lecuyer > CCRI IUT-IUP de Vannes -- __________________________________________________________________________ Bernard PRADIE S.N.C.F. Tel. 01.53.42.92.84 Direction de la Recherche FAX. 01.53.42.92.17 45, rue de Londres e-mail bernard.pradie@sncf.fr 75379 PARIS Cedex 08 __________________________________________________________________________ From alanh at pinacl.co.uk Wed Sep 8 08:22:22 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:03 2003 Subject: Update problems Message-ID: <01BEF9DB.A8203670.alanh@pinacl.co.uk> I get the same too. [1999/09/08 09:19:04, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/09/08 09:19:04, 1] lib/util_sock.c:open_socket_out(746) error connecting to 193.32.209.22:445 (Connection refused) [1999/09/08 09:19:05, 0] rpc_client/cli_lsarpc.c:lsa_close(627) LSA_CLOSE: NT code 0f0e0d0c [1999/09/08 09:19:05, 1] lib/sids.c:get_domain_sids(266) lsa query info failed [1999/09/08 09:19:05, 0] smbd/server.c:main(687) ERROR: Samba cannot obtain PDC SID from PDC(s) WALES. But I have three 2.0.5a servers talking to my PDC (WALES) with no problems. I used the smbpasswd from 2.0.5a to join the domain after suffering with smbpasswd. Alan. -----Original Message----- From: Bernard PRADIE [SMTP:bernard.pradie@sncf.fr] Sent: 08 September 1999 08:09 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Update problems I have the same problem with smbpasswd. 445 seems to be a port. what service ? #grep 445 source/* #rgrep 445 docs no result ! I use ./configure --with-syslog --with-quota May I miss a doc ? does I forget --with-profile ? (I use [Profile] in my smb.conf) Alexandre Lecuyer wrote (a ecrit) : > > Hi all, > > We've been using a cvs from mid-july until now without > problems, except sometimes when saving word documents.. I > have read in the list archive that a cvs update would help, > but I didn't get it to work. > (I have been off for holidays, probably missed a few things :) > > in "log.smb" I get: > No DFS map, Samba is running in NON DFS mode > Where can I find docs about that ? > > using "smbpasswd", I get: > error connecting to :445 (Connection refused) > Then I get the usual prompts, and the passwd is changed. > > I can connect to shares using "smbclient", but from an NT client > it doesn't work. > - The domain's joined succesfully > - After a reboot login is denied: > [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(655) > Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] > ^^^^^^^^^ > [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(658) > sesssetupX:name=[] > ^^^^^^^ > [1999/09/06 17:51:43, 3] lib/util.c:get_unixgroups(2379) > nobody is in 1 groups: 99 > ^^^^^^ > > If I revert to the old binaries everything works fine again.. so > I guess I have missed some changes since july. > Any pointer's welcome ! > Thanx, > > -- > Alexandre Lecuyer > CCRI IUT-IUP de Vannes -- __________________________________________________________________________ Bernard PRADIE S.N.C.F. Tel. 01.53.42.92.84 Direction de la Recherche FAX. 01.53.42.92.17 45, rue de Londres e-mail bernard.pradie@sncf.fr 75379 PARIS Cedex 08 __________________________________________________________________________ From rfs at aw.com.pl Wed Sep 8 09:06:32 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:03 2003 Subject: NT Workstation can't log into domain... References: Message-ID: <37D62718.5DCC77D0@aw.com.pl> "Hanson, Don" wrote: > > Hello, > > I replaced my NT Server a while ago with RedHat Linux, now version 6. Samba > (version shipped w/ RH6.0) is configured and IP-MASQ providing Internet > access via DSL to a couple of Win9x boxes. For work purposes, I need to > fire up NT Workstation 4.0 sp4 on one of the Win9x boxes, which was setup as > dual boot long ago. > My problem is that NT Workstation gives "Cannot find domain server..." > when I try to change from a Workgroup to Domain Black-Box in Network > properties. > > I've set this up before, but I must be missing something (hopefully > obvious). I have the Registry setting EnablePlainTextPasswords set to 1. You cannot use Samba-PDC functionality with plain text password. If you set 'domain logons = yes' then you've got to have also 'encrypt passwords = yes'. > I'm using the same account name/password on Workstation as I do from 98. > The machine has the same static IP 192.168.1.2, Gateway-DNS Server-Wins > Server 192.168.1.1 under Workstation and 98. > > My friend is running almost exact same configuration, RH6.0 etc. and logs in > just fine. Below is sections of my smb.conf file > > Thanks in advance, > Don > Greetings :-) Rafa? > [global] > workgroup = BLACK-BOX > server string = Black-Box Samba Server > hosts allow = 192.168.1.2 192.168.1.3 > ; guest account = pcguest > security = user > ; encrypt passwords = yes > ; smb passwd file = /etc/smbpasswd > interfaces = 192.168.1.1/255.255.255.0 > ; local master = no > ; os level = 33 > domain master = yes > ; preferred master = yes > domain logons = yes > wins support = yes > ; wins server = w.x.y.z > wins proxy = yes > dns proxy = yes From pilsl at goldfisch.atat.at Wed Sep 8 11:52:03 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:03 2003 Subject: logonscript for machines ? Message-ID: <19990908135203.B24385@goldfisch.atat.at> its easy to implement logon-scripts for user login on the domain. is it possible to do that for machines loging into the domain in a similar way: to run a script in systemaccount when the machines connects to the domain after booting. (without changing anything on the clientmachines itself) ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From lkcl at samba.org Wed Sep 8 14:52:06 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:03 2003 Subject: LsaAp* API has been published! Message-ID: this is fantastic news, i just did a search on microsoft's web site for LsaApInitializePackage and it came up with references to some docs created in May 99. this means that a NISLSA can be built to replace the hack NISGINA, for example, and the people who ported PAMs to NT can do a proper job, too. it means that potentially a SAMBALSA could be written, too. love it. luke From bs at niggard.org Wed Sep 8 16:29:00 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:04 2003 Subject: 445? In-Reply-To: Message-ID: On Sat, 28 Aug 1999, Luke Kenneth Casson Leighton wrote: > i've done client-side (clientgen.c) in cvs main, it was incredibly simple: > > if (port != 445) > { > cli_session_request(...) > } > > server-side i haven't done, i don't know enough about sockets: you need to > listen on both 445 and 139. if 445, then skip the session request and > fake up the netbios names (called / calling) from reverse dns lookups > (gethostbyaddr()). I've written a little patch to smbd. Now you can use 'smbpasswd' over port 445. Everything else is probably broken, so handle with care ;) cu, bertl. -------------- next part -------------- diff -urN samba/source/lib/util_sock.c samba-patch/source/lib/util_sock.c --- samba/source/lib/util_sock.c Wed Sep 8 16:59:53 1999 +++ samba-patch/source/lib/util_sock.c Wed Sep 8 14:58:32 1999 @@ -35,6 +35,9 @@ /* the client file descriptor */ int Client = -1; +/* the port, where client connected */ +int ClientPort = 0; + /* the last IP received from */ struct in_addr lastip; diff -urN samba/source/smbd/process.c samba-patch/source/smbd/process.c --- samba/source/smbd/process.c Wed Sep 8 16:58:26 1999 +++ samba-patch/source/smbd/process.c Wed Sep 8 17:11:19 1999 @@ -746,6 +746,7 @@ void smbd_process(void) { extern int Client; + extern int ClientPort; InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); @@ -771,6 +772,33 @@ /* re-initialise the timezone */ TimeInit(); + + /* if connection on port 445, fake session setup... */ + if(ClientPort == 445) + { + extern fstring remote_machine; + extern fstring local_machine; + char *s; + + fstrcpy(remote_machine, dns_to_netbios_name(client_name(Client))); + fstrcpy(local_machine, global_myname); + remote_machine[15] = 0; + local_machine[15] = 0; + strlower(remote_machine); + strlower(local_machine); + + DEBUG(2, ("smbd_process(): faking session setup\n" + "client_name: %s my_name: %s\n", remote_machine, local_machine)); + + add_session_user(remote_machine); + + reload_services(True); + reopen_logs(); + + if(lp_status(-1)) { + claim_connection(NULL,"STATUS.",MAXSTATUS,True); + } + } while (True) { diff -urN samba/source/smbd/server.c samba-patch/source/smbd/server.c --- samba/source/smbd/server.c Wed Sep 8 16:58:33 1999 +++ samba-patch/source/smbd/server.c Wed Sep 8 17:33:18 1999 @@ -76,11 +76,13 @@ static BOOL open_sockets_inetd(void) { extern int Client; + extern int ClientPort; /* Started from inetd. fd 0 is the socket. */ /* We will abort gracefully when the client or remote system goes away */ Client = dup(0); + ClientPort = 138; /* close our standard file descriptors */ close_low_fds(); @@ -91,13 +93,32 @@ return True; } +/**************************************************************************** + open and listen to a socket +****************************************************************************/ +static int open_server_socket(int port, ulong ipaddr) +{ + int s; + + s = open_socket_in(SOCK_STREAM, port, 0, ipaddr); + if(s == -1) + return -1; + /* ready to listen */ + if (listen(s, 5) == -1) { + DEBUG(0,("listen: %s\n", strerror(errno))); + close(s); + return -1; + } + return s; +} /**************************************************************************** open the socket communication ****************************************************************************/ -static BOOL open_sockets(BOOL is_daemon,int port) +static BOOL open_sockets(BOOL is_daemon,int port,int port445) { extern int Client; + extern int ClientPort; int num_interfaces = iface_count(); int fd_listenset[FD_SETSIZE]; fd_set listen_set; @@ -131,7 +152,7 @@ socket per interface and bind to only these. */ - if(num_interfaces > FD_SETSIZE) { + if(num_interfaces * 2 > FD_SETSIZE) { DEBUG(0,("open_sockets: Too many interfaces specified to bind to. Number was %d \ max can be %d\n", num_interfaces, FD_SETSIZE)); @@ -147,15 +168,11 @@ DEBUG(0,("open_sockets: interface %d has NULL IP address !\n", i)); continue; } - s = fd_listenset[i] = open_socket_in(SOCK_STREAM, port, 0, ifip->s_addr); - if(s == -1) - return False; - /* ready to listen */ - if (listen(s, 5) == -1) { - DEBUG(0,("listen: %s\n",strerror(errno))); - close(s); - return False; - } + s = fd_listenset[i * 2] = open_server_socket(port, ifip->s_addr); + if(s == -1) return False; + FD_SET(s,&listen_set); + s = fd_listenset[i * 2 + 1] = open_server_socket(port445, ifip->s_addr); + if(s == -1) return False; FD_SET(s,&listen_set); } } else { @@ -164,21 +181,16 @@ num_interfaces = 1; /* open an incoming socket */ - s = open_socket_in(SOCK_STREAM, port, 0, - interpret_addr(lp_socket_address())); + s = open_server_socket(port, interpret_addr(lp_socket_address())); if (s == -1) return(False); - - /* ready to listen */ - if (listen(s, 5) == -1) { - DEBUG(0,("open_sockets: listen: %s\n", - strerror(errno))); - close(s); - return False; - } - fd_listenset[0] = s; FD_SET(s,&listen_set); + s = open_server_socket(port445, interpret_addr(lp_socket_address())); + if (s == -1) + return(False); + fd_listenset[1] = s; + FD_SET(s,&listen_set); } /* now accept incoming connections - forking a new process @@ -204,15 +216,22 @@ s = -1; for(i = 0; i < num_interfaces; i++) { - if(FD_ISSET(fd_listenset[i],&lfds)) { - s = fd_listenset[i]; - /* Clear this so we don't look - at it again. */ - FD_CLR(fd_listenset[i],&lfds); + if(FD_ISSET(fd_listenset[i * 2],&lfds)) { + s = fd_listenset[i * 2]; + ClientPort = 138; + break; + } + if(FD_ISSET(fd_listenset[i * 2 + 1],&lfds)) { + s = fd_listenset[i * 2 + 1]; + ClientPort = 445; break; } } + /* Clear this so we don't look + at it again. */ + FD_CLR(s,&lfds); + Client = accept(s,&addr,&in_addrlen); if (Client == -1 && errno == EINTR) @@ -489,6 +508,7 @@ /* shall I run as a daemon */ BOOL is_daemon = False; int port = SMB_PORT; + int port445 = 455; int opt; extern char *optarg; @@ -728,7 +748,7 @@ pidfile_create("smbd"); } - if (!open_sockets(is_daemon,port)) + if (!open_sockets(is_daemon,port,port445)) exit(1); if (!locking_init(0)) From kevin_myer at elanco.k12.pa.us Wed Sep 8 18:33:30 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:27:04 2003 Subject: Weird Samba PDC action (and disappearing LDAP database) Message-ID: Hello, I would like to see if anyone else has had similar experiences with Samba and LDAP and perhaps have someone offer a better explanation for a problem I had this morning. Running Samba (HEAD CVS version) on a dual Pentium II 300Mhz, 512Mb RAM, Red Hat Linux 5.2, kernel 2.2.10, software raid5 (not for boot disk though). Has worked like a champ for some light use over the summer. I encountered a few problems when school started but nothing major until this morning. We are predominately Macintosh but have about 65 PC's running Windows NT 4.0 with Service Pack 5. 50 of these are business education machines which normally stay on all the time. 9 of these are library media center machines which are normally turned off at the end of the day. Everything was working this morning until the first machine in the library was turned on and someone attempted to login (6:53am). Shortly thereafter, one of the Business Ed machines ended up winnning a master browser election (6:56am). At 6:59am, the Samba server regained control of the domain and at 7:06, syslog stopped logging. Also, at 7:06am, the last modification was made to my LDAP database file. Of about eight files, 6 had totally disappeared this morning when I got to work, one had a modification time stamp of 7:06am and the other was an empty file. I have heard problems of file corruption with 2.2.X kernels - maybe thats what I'm seeing. I find it very coincidental that strange stuff happened with Samba (at least strange to me, like having the workstation win the master browser election) and then after that, everything stopped working. I've included what logs I have from Samba below from the time frame I described above. Perhaps someone can conjecture as to what happened. I don't think it was a hack, although it always could be. There's no evidence of that in anything I've looked at. But it seems something nasty happened in a ten minute time frame and I don't know whether to blame Samba, OpenLDAP or the kernel itself. I did have a recent backup of the ldif file used for the LDAP databases so it wasn't too hard to recreate but I've got to get to the bottom of this if I can. Thanks. Sep 8 06:53:38 gneiss smbd[30804]: [1999/09/08 06:53:38, 0] smbd/uid.c:become_root(370) Sep 8 06:53:38 gneiss smbd[30804]: ERROR: become root depth is non zero Sep 8 06:53:38 gneiss smbd[30804]: [1999/09/08 06:53:38, 0] smbd/uid.c:unbecome_root(391) Sep 8 06:53:38 gneiss smbd[30804]: ERROR: unbecome root depth is 0 Sep 8 06:53:47 gneiss smbd[30804]: [1999/09/08 06:53:47, 0] smbd/nttrans.c:call_nt_transact_ioctl(1504) Sep 8 06:53:47 gneiss smbd[30804]: call_nt_transact_ioctl: Currently not implemented. Sep 8 06:53:53 gneiss smbd[30804]: [1999/09/08 06:53:53, 0] smbd/service.c:make_connection(215) Sep 8 06:53:53 gneiss smbd[30804]: lmc02 (172.20.2.52) couldn't find service lmc Sep 8 06:56:23 gneiss nmbd[21635]: [1999/09/08 06:56:23, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309) Sep 8 06:56:23 gneiss nmbd[21635]: process_local_master_announce: Server BE017 at IP 172.20.3.229 is announcing itself as a local master for workgroup ELANCO and we think we are master. Forcing election. Sep 8 06:56:23 gneiss nmbd[21635]: [1999/09/08 06:56:23, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(156) Sep 8 06:56:23 gneiss nmbd[21635]: ***** Sep 8 06:56:23 gneiss nmbd[21635]: Sep 8 06:56:23 gneiss nmbd[21635]: Samba name server GNEISS has stopped being a local master browser for workgroup ELANCO on subnet 172.20.0.99 Sep 8 06:56:23 gneiss nmbd[21635]: Sep 8 06:56:23 gneiss nmbd[21635]: ***** Sep 8 06:59:24 gneiss nmbd[21635]: [1999/09/08 06:59:24, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) Sep 8 06:59:24 gneiss nmbd[21635]: ***** Sep 8 06:59:24 gneiss nmbd[21635]: Sep 8 06:59:24 gneiss nmbd[21635]: Samba name server GNEISS is now a local master browser for workgroup ELANCO on subnet 172.20.0.99 Sep 8 06:59:24 gneiss nmbd[21635]: Sep 8 06:59:24 gneiss nmbd[21635]: ***** -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From Ron.E.Sinsley at mail.sprint.com Wed Sep 8 18:39:10 1999 From: Ron.E.Sinsley at mail.sprint.com (Ron E Sinsley) Date: Tue Dec 2 02:27:04 2003 Subject: Browsing a Samba server on NT Message-ID: Has anyone else had issues trying to browse their Samba server's NT domain (Samba as a Domain controller) with a WinNT 4.0 workstation? We can not even use the net use command on those machines that can not browse; the usual error we receive is "System error 53 has occurred." Some NT machines can see the domain fine and connect to the server but others can't. Some one had suggested adding machine names to the password file, but I don't understand why some machines would connect and others don't. We have the encrypted password option set to YES in the smb.conf. We also have added the users name and password, which matches their domain account password, to the smbpasswd file. Any educated guesses or experience with this issue? Ron Sinsley Sprint NPAP Systems Analyst I (913) 323-4779 From dchamizo at qualcomm.com Wed Sep 8 19:27:41 1999 From: dchamizo at qualcomm.com (David Chamizo) Date: Tue Dec 2 02:27:04 2003 Subject: Browsing a Samba server on NT In-Reply-To: Message-ID: <4.2.0.58.19990908122202.00ae3380@pan.qualcomm.com> Ron- If you cannot browse or 'net use', it must be related to a WINS issue. If you are running Samba as a domain controller, set 'domain master=yes' (make sure this is the only station maintaining a browse list!). Also, under the WINS section, add the IP address of your Samba DC (wins server = xxx.xxx.xxx.xxx). Hope this helps, - dave At 04:44 AM 9/9/99 +1000, Ron E Sinsley wrote: >Has anyone else had issues trying to browse their Samba server's NT >domain (Samba as a Domain controller) with a WinNT 4.0 workstation? We >can not even use the net use command on those machines that can not >browse; the usual error we receive is "System error 53 has occurred." >Some NT machines can see the domain fine and connect to the server but >others can't. Some one had suggested adding machine names to the >password file, but I don't understand why some machines would connect >and others don't. We have the encrypted password option set to YES in >the smb.conf. We also have added the users name and password, which >matches their domain account password, to the smbpasswd file. Any >educated guesses or experience with this issue? > >Ron Sinsley >Sprint >NPAP >Systems Analyst I >(913) 323-4779 From lkcl at samba.org Wed Sep 8 19:33:23 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:04 2003 Subject: 445? In-Reply-To: Message-ID: > > i've done client-side (clientgen.c) in cvs main, it was incredibly simple: > > > > if (port != 445) > > { > > cli_session_request(...) > > } > I've written a little patch to smbd. Now you can use 'smbpasswd' over port > 445. Everything else is probably broken, so handle with care ;) excellent, love it, i will apply it straight away. if there are any problems please report them direct, i am not on any of the samba mailing lists. From rfs at aw.com.pl Wed Sep 8 19:50:54 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:04 2003 Subject: Browsing a Samba server on NT References: <4.2.0.58.19990908122202.00ae3380@pan.qualcomm.com> Message-ID: <37D6BE1E.C05A9E14@aw.com.pl> David Chamizo wrote: > > Ron- > If you cannot browse or 'net use', it must be related to a WINS issue. If > you are running Samba as a domain controller, set 'domain master=yes' (make > sure this is the only station maintaining a browse list!). Also, under the > WINS section, add the IP address of your Samba DC (wins server = > xxx.xxx.xxx.xxx). > > Hope this helps, > - dave and also check if you got enough 'os level' because it "helps" to win every (or most of) election in your network. greetings :-) Rafa? > > At 04:44 AM 9/9/99 +1000, Ron E Sinsley wrote: > >Has anyone else had issues trying to browse their Samba server's NT > >domain (Samba as a Domain controller) with a WinNT 4.0 workstation? We > >can not even use the net use command on those machines that can not > >browse; the usual error we receive is "System error 53 has occurred." > >Some NT machines can see the domain fine and connect to the server but > >others can't. Some one had suggested adding machine names to the > >password file, but I don't understand why some machines would connect > >and others don't. We have the encrypted password option set to YES in > >the smb.conf. We also have added the users name and password, which > >matches their domain account password, to the smbpasswd file. Any > >educated guesses or experience with this issue? > > > >Ron Sinsley > >Sprint > >NPAP > >Systems Analyst I > >(913) 323-4779 From bs at niggard.org Thu Sep 9 10:16:30 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:04 2003 Subject: failed session setup In-Reply-To: <000201bef62d$b07a0320$f502010a@computer> Message-ID: On Sat, 4 Sep 1999, Apeximov Dmitry wrote: > [1999/09/02 17:19:08, 3] smbd/reply.c:reply_sesssetup_and_X(658) > sesssetupX:name=[?,?|*?(???‰‘??i?‹t??J7ADV] > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > what's matter? Why did I get that trash? > This looks like an incompatibility between smbclient and smbd when used with non-encrypted passwords. I think the code responsible for this is in smbd/reply.c: if(!doencrypt) { ... if (passlen1 > 0 && passlen2 > 0 && passlen2 != 1) passlen2 = 0; } As you can see, passlen2 is set to 0 and never reset to something usefull. And a bit later: p += passlen1 + passlen2; ... fstrcpy(user,p); smbd does not jump over the 2nd password. (it is well possible that smbclient is wrong in providing a 2nd pwd, i have no windows machine and cannot test the "correct" behavior...) hope this helps... cu, bertl. From lobo at geolog.geol.agh.edu.pl Thu Sep 9 11:06:22 1999 From: lobo at geolog.geol.agh.edu.pl (Lukasz Sznajder) Date: Tue Dec 2 02:27:04 2003 Subject: Multi Login Into Domain In-Reply-To: Message-ID: Hello, i'm using samba-pdc-alpha and have a lot of problems with multilogin into the domain. Is it possible to make it impossible? ?ukasz Sznajder GGio? AGH Krak?w From ba2k at virginia.edu Thu Sep 9 12:07:53 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:04 2003 Subject: Saving Profiles Message-ID: <3.0.6.32.19990909080753.0092f5c0@unix.mail.Virginia.edu> This mailing may be off the topic to some degree since I am fairly certain it is a Microsoft problem, not a Samba issue. We are running 2.0.5a on an AIX 4.2.1 OS; experiencing failure of profiles to be saved into the designated directory from 95 OSR2 systems. The user registry file USER.DAT is saved but the profile files are not. WIN 98 has no problem saving profiles. User profiles are enabled on the client side, domain logon is required, user level security is in effect, using MS networking client. Microsoft has an article Q198035 where they admit that the problem is caused by mprserv.dll, which, if you follow the reports on mprserv.dll, has a very checkered past ... fix upon fix upon fix. Unfortunately, Q198035 does not provide a way of getting the working version, mprserv.dll, v 4.00.961. An earlier version 4.00.955, which is part of secupd2.exe, has been applied but it has the same problem. Can anyone point me to a place where I can find a v 4.00.961. I have looked for three days with no luck. Philosophically, paying Microsoft for a tech support call to resolve their problem is not in the realm of consideration. Thanks, -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-9813 From lobo at geolog.geol.agh.edu.pl Thu Sep 9 12:41:53 1999 From: lobo at geolog.geol.agh.edu.pl (Lukasz Sznajder) Date: Tue Dec 2 02:27:04 2003 Subject: Multi Login Into Domain In-Reply-To: <37D7A6D9.168D6FBD@aw.com.pl> Message-ID: > > Hello, > > > > i'm using samba-pdc-alpha and have a lot of problems with > > multilogin into the domain. Is it possible to make it impossible? > > > > ?ukasz Sznajder > > GGio? AGH Krak?w > > What exactly does you mean by term: multilogin. > Is it one user logged into more than one wks ? My fault. I want to avoid situations one user is logged in two workstations in the same time. Is possible to do it with samba-prealpha? ?ukasz Sznajder GGiO? AGH Krak?w From fricke at Team.OWL-Online.DE Thu Sep 9 12:47:19 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:04 2003 Subject: Multi Login Into Domain References: Message-ID: <37D7AC57.B95BE949@team.owl-online.de> Yo there, I have Linux Debian 2.2.10 and Samba 2.04b and it works great with "multilogon". I can access all machines same time with my Serversaved-profile Cheers Lukasz Sznajder schrieb: > > > Hello, > > > > > > i'm using samba-pdc-alpha and have a lot of problems with > > > multilogin into the domain. Is it possible to make it impossible? > > > > > > ?ukasz Sznajder > > > GGio? AGH Krak?w > > > > What exactly does you mean by term: multilogin. > > Is it one user logged into more than one wks ? > > My fault. I want to avoid situations one user is logged in two > workstations in the same time. Is possible to do it with samba-prealpha? > > ?ukasz Sznajder > GGiO? AGH Krak?w -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God it?s Friday... From norman at lithe.uark.edu Thu Sep 9 14:52:44 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:04 2003 Subject: Antwort References: <433D6EF1279@immnfa.imm-mainz.de> Message-ID: <37D7C9BC.13E52CD4@lithe.uark.edu> "Westermann, Torsten; (839); IUK" wrote: > > Hello Norman! > > I m so sorry for my delay in replying to your mail. > > Please make these changes in your smb.conf > and please after you have made these changes > send me your log.nmb and log.smb: > > add in the global section: > keepalive = 15 > deadtime = 5 > > change the following parameter: > log level = 1 (or later 2) > os level = 65 > level2 oplocks = no (no is default) > > Best Regards > > Torsten Westermann > > E-Mail.: westermann@imm-mainz.de > WWW: http://www.imm-mainz.de > > Tel.: 06131/990-153 > Fax.: 06131/990-201 > > Institute of Microtechnology Mainz > 55129 Mainz > Germany > > Oh my god, my english....... :-) > > P.S. Antwort == Answer I have made those changes, and I think that one of my workstations may be a real pain in the backside. For some strange reason, it is making many connections back to the server during dead times (they were most notable at night time, when no one was here working). I hve made a level 3 log with it and with another workstation that does not suffer from this problem, and I have included them, along with a log.smb and and log.nmb (all of these logs were taken in about a 10 minute time span, if I remember correctly). I have noticed that in the nmb log that for some reason, this one machine is constantly trying to make itself a local master (why, I have no idea). It is on a different subnet (55 vs my 57), but I have it pointing to this server as the WINS server. Also, in the log.angel (that is the pain machine), file, there seems to be instances where it will completely disconnect from the IPC$ services, then go through some wierd re-initialization periods, while the other machine (log.godfather), calmly yields the services and connections that are idle (like netlogon and profile). Most of the systems do the nicer, except this angel machine. Now, this is completely interesting, when I do an smbclient to angel, I get nothing back. No shares, no services, no domain, nothing. It gives back all nulls. Now, when I check another machine on that subnet (it is on a 55 subnet, I am on a 57), I get back all the information about that machine and shares, and it is very responsive, while the angel machine hangs for periods of time (about 20 - 30 seconds). It even hung trying to locate the machine for about 15 seconds. When I checked workstation NSXTACY on the 55 network, I found that it was found quickly, but responded a little bit slowly, and it returned that the master of the domain that it was part of was ANGEL, not the server LITHE, as it should have been. Is this some problem with the fact that these systems are across subnets? The other wierd thing that I see from time to time across the subnets is that when my partner is logged into NSXTACY, it will all of the sudden, after some period of time, start making connections to LITHE (server) and all of the sudden, any drive letter that is not being used is being attatched to the [pub] services and also to my home directory. He has full control of my files all of the sudden. And he has a persistent connection from ANGEL. This is all very strange. Something that I have not worked with is the remote announce settings, is there something in here that I should change? Sorry for the length of this message, but as you can see, these problems are very much troubling. It causes the logs to start to overfill from the connections and causes the network to start to slow down, not to mention the possible security risks involved... Any help would be greatly appreciated. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: SAMBA_LOGS_LEVEL3.tgz Type: application/octet-stream Size: 21530 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990909/3590b607/SAMBA_LOGS_LEVEL3.obj From GLeblanc at cu-portland.edu Thu Sep 9 15:01:28 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:04 2003 Subject: Multi Login Into Domain Message-ID: I think that's exactly what he wants to avoid. He wants to make it impossible for a user to log in on two different machines. Greg > -----Original Message----- > From: Cord-H. Fricke [mailto:fricke@Team.OWL-Online.DE] > Sent: Thursday, September 09, 1999 5:50 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Multi Login Into Domain > > > Yo there, > > I have Linux Debian 2.2.10 and Samba 2.04b and it works great with > "multilogon". > I can access all machines same time with my Serversaved-profile > > Cheers > > Lukasz Sznajder schrieb: > > > > > Hello, > > > > > > > > i'm using samba-pdc-alpha and have a lot of > problems with > > > > multilogin into the domain. Is it possible to make it > impossible? > > > > > > > > ?ukasz Sznajder > > > > GGio? AGH Krak?w > > > > > > What exactly does you mean by term: multilogin. > > > Is it one user logged into more than one wks ? > > > > My fault. I want to avoid situations one user is > logged in two > > workstations in the same time. Is possible to do it with > samba-prealpha? > > > > ?ukasz Sznajder > > GGiO? AGH Krak?w > > -- > -------------------------------------------------------------- > ------------ > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > fricke@team.owl-online.de > http://www.owl-online.de/ > > Thanx God it?s Friday... > > From fricke at Team.OWL-Online.DE Thu Sep 9 15:09:51 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:04 2003 Subject: Multi logon Message-ID: <37D7CDBF.2D8302E7@team.owl-online.de> Sorry, you?re right. That?s what he wan?t to avoid.Sure Next time better reading ;-) -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God, it?s Friday... From tavis at mahler.econ.columbia.edu Thu Sep 9 17:14:53 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:04 2003 Subject: Password syncing Message-ID: I have a couple of questions about password syncing: (1) The smb.conf man pages say that if unix password sync is set to True, then smbpasswd should fail to change the SMB password if it fails to change the Unix password. Yet I can set "passwd program" to "/usr/bin/arbitrary", keep the same "passwd chat", and it still plows right along and changes the SMB password without touching the Unix password. Does anyone know if this is normal? (2) When I run smbpasswd, I get a message that says there is an attempted connection on port 445 that is refused. Is it smbd that is refusing it, or should I check the restrictions on my ports? Does it matter? (3) Does anyone have a working password chat script for DEC Unix 4.0B? I am using the 2.10 prealpha from the Head branch as of yesterday, running on DEC Unix 4.0B. Below is the relevant part of my smb.conf file. Thanks for any help, Tavis [global] workgroup=ISETR server string=Server for ISETR ; LOGONS guest account = nobody domain logons = yes security = user encrypt passwords = yes unix password sync = True passwd program = /usr/bin/arbitrary %u passwd chat = *password: %n\n *password: %n\n *updated* . passwd chat debug = yes null passwords = true logon script = %U.bat logon drive = l: ; BROWSING domain master = yes os level = 100 wins support = yes wins proxy = yes preferred master = yes local master = yes ; PRINTING printing = bsd printcap name = /etc/printcap load printers = yes ; LOGS log file = /usr/local/samba/log.%m debug level = 3 ; OTHER SETTINGS lock directory = /usr/local/samba/var/locks share modes = yes case sensitive = no preserve case = yes short preserve case = yes socket options = TCP_NODELAY From hulet at ittc.ukans.edu Thu Sep 9 18:21:46 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:27:04 2003 Subject: Password syncing In-Reply-To: Message-ID: I spent several hours at log level 100 to get this to work. Digital Unix 4.0D unix password sync = yes passwd program = /usr/local/bin/passwd %u passwd chat debug = true passwd chat = Changing\spassword\sfor\s%u.\nNew\spassword:\s %n\n *(Checking *for*lousy*passwords...)*\n %n\n *Retype*new*passwd:*\n Look at your chat when you try to change unix password and see if it resembles my chat sequence. If not, modify it to match yours. Michael Hulet Network System Administrator ITTC, University of Kansas On Fri, 10 Sep 1999, Tavis Barr wrote: > > I have a couple of questions about password syncing: > > (1) The smb.conf man pages say that if unix password sync is set to True, > then smbpasswd should fail to change the SMB password if it fails to > change the Unix password. Yet I can set "passwd program" to > "/usr/bin/arbitrary", keep the same "passwd chat", and it still plows > right along and changes the SMB password without touching the Unix > password. Does anyone know if this is normal? > > (2) When I run smbpasswd, I get a message that says there is an attempted > connection on port 445 that is refused. Is it smbd that is refusing it, > or should I check the restrictions on my ports? Does it matter? > > (3) Does anyone have a working password chat script for DEC Unix 4.0B? > > I am using the 2.10 prealpha from the Head branch as of yesterday, > running on DEC Unix 4.0B. Below is the relevant part of my smb.conf file. > > > Thanks for any help, > Tavis > > > [global] > workgroup=ISETR > server string=Server for ISETR > > ; LOGONS > > guest account = nobody > domain logons = yes > security = user > encrypt passwords = yes > unix password sync = True > passwd program = /usr/bin/arbitrary %u > passwd chat = *password: %n\n *password: %n\n *updated* . > passwd chat debug = yes > null passwords = true > logon script = %U.bat > logon drive = l: > > ; BROWSING > > domain master = yes > os level = 100 > wins support = yes > wins proxy = yes > preferred master = yes > local master = yes > > ; PRINTING > > printing = bsd > printcap name = /etc/printcap > load printers = yes > > ; LOGS > > log file = /usr/local/samba/log.%m > debug level = 3 > > ; OTHER SETTINGS > > lock directory = /usr/local/samba/var/locks > share modes = yes > case sensitive = no > preserve case = yes > short preserve case = yes > socket options = TCP_NODELAY > > From lkcl at samba.org Thu Sep 9 18:44:52 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:04 2003 Subject: WinNT and auto-reconnect In-Reply-To: <37CAF5AD.E38EF2CA@compedge.co.nz> Message-ID: this is due to a bug in windows nt clients. microsoft is aware of the problem, they had a developer looking into it the last time it was reported (six months ago on ntbugtraq), related to the WNetWkstaUserEnum function. no further information or response has been reported that i am aware of. luke On Tue, 31 Aug 1999, Aaron Knauf wrote: > Hi all, > > I have another weird one here. > > When using a WinNT server, you can reboot the server while (win/NT) > clients are connected and the clients will automatically re-establish > their connections when the server comes back up. > > With Samba you can do the same. > > Here's the catch. If you restart samba, then logout your client > *without accessing any of the previously opened shares* then the profile > is written back to the home directory and that share is left open on the > server (shown by smbstatus). From this point on, no-one can log in to > the server (at least, not from the same workstation - I haven't tried it > with more than one). Another samba restart is required to get people > logging in again. > > TIA > > ADK > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Thu Sep 9 19:12:08 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:04 2003 Subject: 2.1 vs. 2.0.x - features missing In-Reply-To: Message-ID: development trees branched ten months ago the have not been merged since. On Tue, 27 Jul 1999, [iso-8859-1] Matthias Wächter wrote: > Hi! > > Sorry for asking this question, but: Why is a lot of code already in 2.0.x > not in the 2.1.0-prealpha branch? > > The Filename handling (Umlauts etc.) does not work, some files are from > Nov 98 whereby the same files in 2.0.3 are from Jan or Feb 99. > > Also, swat is broken when using shadow passwords... why are the changes > made to 2.0.x not updated into the head branch? What's the time these > changes will be commited? Don't you think they will make more trouble > applied in the future than applied today? yes. i know. it's pissing me off. i don't want to talk about it. > Actually, I wanted to implement Umlauts in Usernames, Servernames, > Sharenames, Comments a.s.o and thought, it would be best to do it with > 2.1, but this version lacks a lot of changes done since Sep 98 (f.e. > smbd/blocking.c is from Sep 98 in 2.1 but from Jan 99 in 2.0.3...) > > I know, version control is not an easy issue, but I think the bugs already > found should be removed also from the head branch asap. > > Sehr Wus, > - Matthias > > -- > Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! > aus: "Bill und Teds verrückte Reise durch die Zeit" > ----------------------------------------------------------------------------- > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From kellermg at potsdam.edu Thu Sep 9 20:42:41 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:04 2003 Subject: [OFF TOPIC]: Adding groups to groups? Message-ID: <37D81BC1.12D68718@potsdam.edu> Sorry for the off-topicness, but I need a solution, asap. It would seem logical to me (and I swear I used to do this on SunOS, back in a day), that you can add groups to groups, like so: admins::199: faculty::84:@admins students::84:@admins This is to allow the admins to be in the faculty and students groups as well. I'm running RH6. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From adam.w.cabler at lmco.com Thu Sep 9 20:45:02 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:27:04 2003 Subject: Gui tools and Log Level Message-ID: Could someone please post some information on using the gui user tools such as the user manager and policy editor? I can't get these to work on my samba server running IRIX 6.3 and I haven't seen any clear ideas in the passt logs. Also - I am still having the problem with SWAT and smb when the log level is set >2. When I go to the status page and try to restart smb after increasing the log level, netscape comes back with ERROR:NO DATA ON PAGE. If I try to restart manually, I get an internal panic in the logs and smb seems to operate oddly, if at all. thanks, Adam Cabler Computer Support Lockheed Martin Missiles and Space From rfs at aw.com.pl Fri Sep 10 07:18:55 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:04 2003 Subject: Repeated errors (in log files) Message-ID: <37D8B0DF.CD5BAA59@aw.com.pl> Had somebody experienced this kind of problem ? I got Samba-PDC (2.0.5a) on Linux Debian 2.1 (kernel 2.2.3). Everything's OK, users can log into domain and access shares. However, if you look at the log file, it appears that user tries to login about 2-3 times: Sometimes it looks like this: > [1999/09/09 12:02:49, 2] lib/access.c:check_access(258) > Allowed connection from olo (192.168.1.4) > [1999/09/09 12:02:49, 1] smbd/password.c:pass_check_smb(532) > smb_password_check failed. Invalid password given for user 'user' > [1999/09/09 12:02:49, 1] smbd/password.c:pass_check_smb(532) > smb_password_check failed. Invalid password given for user 'arek' > [1999/09/09 12:02:49, 3] smbd/password.c:authorise_login(741) > ACCEPTED: validated uid ok as non-guest Sometimes, like this: > [1999/09/09 12:02:59, 2] lib/access.c:check_access(258) > Allowed connection from phobos (192.168.1.3) > [1999/09/09 12:02:59, 1] smbd/password.c:pass_check_smb(532) > smb_password_check failed. Invalid password given for user 'user' > [1999/09/09 12:02:59, 1] smbd/password.c:pass_check_smb(532) > smb_password_check failed. Invalid password given for user 'user' > [1999/09/09 12:02:59, 1] smbd/password.c:pass_check_smb(532) > smb_password_check failed. Invalid password given for user 'aw' > [1999/09/09 12:02:59, 3] smbd/password.c:authorise_login(798) > ACCEPTED: guest account and guest ok In last case, interesting is, the 'aw' user is not guest. He has normal account ! All above is in log files. From user's point of view, there is no problem with login. User just types his username, password and that's it. Any ideas ? greetings :-) Rafa? From Alexandre.Lecuyer at iu-vannes.fr Fri Sep 10 08:52:45 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:27:04 2003 Subject: group file - policies Message-ID: <37D8C6DD.6C3ACC07@iu-vannes.fr> Hello all, In order to get the policies to work, the users have to be listed in the group file, after the group corresponding to their GID. This has been working fine for awhile, but now we have groups of 100 ppl and more. I had to recompile the ypserv package on the linux NIS server to allow longer lines in the maps. This is fine for all linux machines (samba is running on a RH 6.0), but it breaks old SunOS and AIX ypclients. Is this still required in the latest CVS or is there a way to get samba to get the primary group from passwd ? Thanks, -- Alexandre Lecuyer CCRI IUT-IUP de Vannes From pmal at space.gr Fri Sep 10 11:11:57 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:27:04 2003 Subject: Printer Room Share References: Message-ID: <00db01befb7d$5831e020$0502000a@space.gr> I'm seting up a printer room and I'm trying to configure a share that anyone will have access. Inside the share I want to maintain a list o the printers available. So far I have managed to setup printers and have their driver files in the samba server so that the users won't need to search for the windows cd-rom. This is basically what I'm trying to do. File Server shared directories [Ftp-Site] [Common Files] [User Space] [Group Space] [Printer Room] and inside the Printer room share all the printers. Any idea who to do that 'cause I read teh smb.conf many time as well as the samba archives but came up with nothing. Anything I did resulted in having all the printers appear in the first window of the server. If this is a little bit of topic my apologies. ~~~~~~~~~~~~~~~~ Malakoudis Panagiotis System Administrator Space Hellas S.A. Telephone:6547400 ~~~~~~~~~~~~~~~~ From Rene.Baerecke at bos-systemhaus.de Fri Sep 10 11:41:57 1999 From: Rene.Baerecke at bos-systemhaus.de (Rene Baerecke) Date: Tue Dec 2 02:27:04 2003 Subject: Problem compiling SAMBA with ldap support Message-ID: <37D8EE85.BD5DD97@BOS-Systemhaus.DE> > I get the following errors: > > checking how to get filesystem space usage > checking statvfs64 function (SVR4)... no > checking statvfs function (SVR4)... no > checking for 3-argument statfs function (DEC OSF/1)... no > checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)... > no > checking for four-argument statfs (AIX-3.2.5, SVR3)... no > checking for two-argument statfs with statfs.fsize member (4.4BSD and > NetBSD)... no > checking for two-argument statfs with struct fs_data (Ultrix)... no > checking configure summarty > configure: error: summary failure. Aborting config Looks strange and I had it too. Leave ldap out and this works. Installing bind-devel solved this for me. Ren? From dominik-fritz at gmx.de Fri Sep 10 12:56:28 1999 From: dominik-fritz at gmx.de (Dominik Fritz) Date: Tue Dec 2 02:27:04 2003 Subject: How can I delete an entry in the nmbd database Message-ID: <37D8FFFC.ACA5A405@gmx.de> Hi Does anyone know how I can delete an entry in the nmbd databse. I use samba 2.04b Thanks Dominik From ferney at ucfma.univ-bpclermont.fr Fri Sep 10 13:57:36 1999 From: ferney at ucfma.univ-bpclermont.fr (FERNEY Damien) Date: Tue Dec 2 02:27:04 2003 Subject: subscribe Message-ID: <37D90E50.28D219AA@ucfma.univ-bpclermont.fr> -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Damien FERNEY Tel: 04.73.40.70.68 + + Laboratoire de Mathematiques Appliquees Fax: 04.73.40.70.64 + + Universite Blaise Pascal (Clermont Ferrand 2) + + 24 av. des landais 63177 AUBIERE Cedex + +----------------------------------------------------------------------------+ + Damien.Ferney@univ-bpclermont.fr + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From iainr at civ.hw.ac.uk Fri Sep 10 15:20:42 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:04 2003 Subject: [OFF TOPIC]: Adding groups to groups? In-Reply-To: <37D81BC1.12D68718@potsdam.edu> Message-ID: On Fri, 10 Sep 1999, Matthew Keller wrote: > > Sorry for the off-topicness, but I need a solution, asap. > > It would seem logical to me (and I swear I used to do this on SunOS, > back in a day), that you can add groups to groups, like so: > > admins::199: > faculty::84:@admins > students::84:@admins > > This is to allow the admins to be in the faculty and students groups as > well. I'm running RH6. I think you're thinking of netgroups (that's what the syntax looks like to me anyway ) check man netgroup and see if it looks like what you want don't know if what you're trying would be supported unde Linux though > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From thomas.heiligenmann at t-online.de Fri Sep 10 18:01:27 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:04 2003 Subject: acls on win-side References: <19990906112015.A11429@goldfisch.atat.at> <19990906192741.A4642@cifs.org> <19990906220751.C13763@goldfisch.atat.at> <37D5477E.C54768F5@heiligenmann.de> <19990908005025.O15261@goldfisch.atat.at> Message-ID: <37D94777.60EC4A5@heiligenmann.de> peter pilsl wrote: > > > thats an interesting idea, but leads me to another problem. I dont have any groups on > domainside cause I dont know how to define it in > smb.conf. the suggested > domain group map,local group map,domain user map - parameters does not work any more in > 2.05a. and there is no > documentiation for the new announced domain admin users, domain groups .... > > for now > net localgroup /domain > just leads into an error-message. > Oops, something wrong with your permissions ie. no admin rights for your domain account on the nt wkstn or vice versa or both ??? It works for me, however I've added my samba_domain\joeuser to the local Admins group on the nt wkstn ! net localgroup /domain then shows up the "local groups on the PDC": *Account Operators *Administrators *Backup Operators *Guests *Power Users *Print Operators *Replicator *System Operators *Users Like with a "real" MS NT server these groups IMHO make no sense for domain administration, I think in 2.0.5a they are just show up for the sake of some compatibility issues... The "global groups" in the domain are more interesting, net group /domain should return *Domain Admins on a 2.0.5a PDC As I understood from the docs that's the only domain group available in Samba 2.0.xx and _all_ users belong to it by default (tell me if I'm wrong), so better don't try to add this group to your local admins. I haven't checked the domain group support in 2.1.xx yet, maybe there's exectly what we need :-) However, with 2.0.5a you can add single Samba domain members to local groups on the nt wkstn using the local user manager (it didn't work with net localgroup on my site), but that's certainly no solution for a great amount of domain user accounts... Cheers, Thomas From kmitchell at rexnet.net Fri Sep 10 20:52:05 1999 From: kmitchell at rexnet.net (Kenneth Mitchell) Date: Tue Dec 2 02:27:04 2003 Subject: [OFF TOPIC] Client and Application setup and installation... Message-ID: <001501befbce$581a35a0$0100007f@localhost.wccs.k12.in.us> I'm interested in client and application setup issues with Samba file servers. Please email me with any comments, suggestions, or ideas you may have. I currently have extensive experience with Novell Application Launcher, but have not been able to find a comparable product that will work well for Samba. Many thanx to the Samba team for their hard work, it's appreciated. I can't wait till all the RPC stuff is implemented. -------------- next part -------------- HTML attachment scrubbed and removed From perrier at onera.fr Fri Sep 10 17:29:46 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:27:04 2003 Subject: (forw) Member of two domains? Message-ID: <19990910192945.A4444@mykerinos> This one did not get a lot of answers in the samba list, so I send it also here, though it is not directly related to Domain Controller code... ----- Forwarded message from Christian Perrier ----- Reply-To: perrier@onera.fr From: Christian Perrier To: Multiple recipients of list SAMBA Subject: Member of two domains? X-Mailer: Mutt 1.0pre2i Date: Fri, 10 Sep 1999 04:43:50 +1000 Using netbios aliases and includes, is it possible to set up a samba server to be member of two NT domains (not controller, just member). I already have a multiple "personality" server, with one netbios alias being in domain mode with a NT password server and another being in user mode. I'm currently thinking about setting up another netbios alias and make it member of another NT domaine with different password servers (the controllers of this second domain). Did some of you already succeed in doing this? ----- End forwarded message ----- -- From sam at campbellsci.co.uk Mon Sep 13 11:12:51 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:27:04 2003 Subject: group file - policies In-Reply-To: <37D8C6DD.6C3ACC07@iu-vannes.fr> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Alexandre Lecuyer > Sent: Friday, September 10, 1999 09:51 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: group file - policies > > > Hello all, > > In order to get the policies to work, the users > have to be listed in the group file, after the group > corresponding to their GID. Could you give explicit examples of this please, including extracts from named files? Please! Thanks Sam From Alexandre.Lecuyer at iu-vannes.fr Mon Sep 13 14:45:06 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:27:04 2003 Subject: group file - policies Message-ID: <37DD0DF2.D4822954@iu-vannes.fr> > > In order to get the policies to work, the users > > have to be listed in the group file, after the group > > corresponding to their GID. > > Could you give explicit examples of this please, including extracts from > named files? > Please! Sure, an example with the "info1" group (GID: 10000), 121 members passwd: [..] quere:DM/xFa67a8EAE:10001:10000: Gilles.Quere + etud.info.a1.a.1 :/home/etud/info1/quere:/usr/bin/tcsh cattiaux:L.zvewX45Y/qE:10002:10000: Rudy.Cattiaux + etud.info.a1.a.1 :/home/etud/info1/cattiaux:/usr/bin/tcsh [..] group: [..] info1:etud.info.a1 + mailens + /home/etud/%group%/%user%:10000:quere,cattiaux,(121 users) [..] this is what i meant by "adding the user in the group file" (which normally isn't needed since "info1" is their primary group) so you get: ~ 33 > id quere uid=10001(quere) gid=10000(info1) groups=10000(info1) This works until that particular line of the group file grows too much, and overflows the AIX and SunOS clients... What I will try is to split the users in different groups, but with the same GID, and I will duplicate the policies. that way the lines won't be too long, and they will still be able to write in their forums directories. If anyone has a better idea please let know. I hope it is clearer this time.. let me know if I failed :) -- Alexandre Lecuyer CCRI IUT-IUP de Vannes From sam at campbellsci.co.uk Mon Sep 13 15:31:18 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:27:04 2003 Subject: group file - policies In-Reply-To: <37DD0DF2.D4822954@iu-vannes.fr> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Alexandre Lecuyer > Sent: Monday, September 13, 1999 03:45 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: group file - policies > > Sure, > an example with the "info1" group (GID: 10000), 121 members > > passwd: > [..] > quere:DM/xFa67a8EAE:10001:10000: Gilles.Quere + etud.info.a1.a.1 > :/home/etud/info1/quere:/usr/bin/tcsh > cattiaux:L.zvewX45Y/qE:10002:10000: Rudy.Cattiaux + etud.info.a1.a.1 > :/home/etud/info1/cattiaux:/usr/bin/tcsh > [..] > > group: > [..] > info1:etud.info.a1 + mailens + > /home/etud/%group%/%user%:10000:quere,cattiaux,(121 users) > [..] So this is the regular /etc/passwd and /etc/group. not smbpasswd or smbgroup Sam From roamdad at ibm.net Mon Sep 13 16:48:56 1999 From: roamdad at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:27:04 2003 Subject: group file - policies References: <37D8C6DD.6C3ACC07@iu-vannes.fr> Message-ID: <37DD2AF8.E27C6406@ibm.net> This is from the AIX tech lib: wwqa item: RTA000070639 How many groups can a user belong to ? There is how ever a limitation on the '/etc/group' file such that each line can not be more than 1024 bytes in length. This limit can be subverted by simply placing the group on the following line and continuing the user list. Alexandre Lecuyer wrote: > Hello all, > > In order to get the policies to work, the users > have to be listed in the group file, after the group > corresponding to their GID. This has been working > fine for awhile, but now we have groups of 100 ppl > and more. I had to recompile the ypserv package > on the linux NIS server to allow longer lines in > the maps. This is fine for all linux machines > (samba is running on a RH 6.0), but it breaks > old SunOS and AIX ypclients. > > Is this still required in the latest CVS or is there > a way to get samba to get the primary group from passwd ? > > Thanks, > > -- > Alexandre Lecuyer > CCRI IUT-IUP de Vannes -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From jzlin at pcocd2.intel.com Mon Sep 13 17:51:43 1999 From: jzlin at pcocd2.intel.com (Joe Lin - FES ~) Date: Tue Dec 2 02:27:04 2003 Subject: Same Samba server to multiple domains In-Reply-To: <19990911182331Z12862696-23442+3436@samba.anu.edu.au> Message-ID: You can do something like this in the smb.conf netbios name = sambasrv netbios aliases = sambasrv1 sambasrv2 sambasrv3 include = /opt/samba/lib/smb.conf.%L Then you have one smb.conf.sambasrv## for each alias. When a user connects to sambasrv3 , Samba uses the password server lines from smb.conf.sambasrv3 to verify the users account and password with. I've only try this with security = server . With security = domain, since samba 2.x allows trusted domains, there's no need to join multiple domains From Dave.Stevenson at durham.ac.uk Tue Sep 14 09:51:04 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:04 2003 Subject: Printing from for NT Samba 2.1 prealpha Message-ID: <13384.199909140951@gengis> Is there any way to force the printer handling under 2.1prealpha to behave as per 2.0 Samba? ie fall back to LANMAN ports for printing. (I am using the PDC bits of 2.1 for logins, profiles , groups etc.) The NT printer handling , while promising, causes me spooler crashes on NT4 Workstation when I try to install printers that involves driver downloads and doesn't refresh the print queue display except when a job is submitted so it would be useful to be able to force a working print system while tinkering with the new bits. Also, was attempting to use smbclient to access default shares on NT4 workstation so I could "pre load" some drivers as a workaround and found that the only way I could access the shares was by making DOMAIN_NAME/Administrator a member of the Administrators local group on the wrkstation. Is this really required? Since I was using the Samba server as the authenticator, domain controller etc. I naively thought that the workstation would have some implied trust of the server or am I , as I suspect , missing something. (groups etc setup as per NTDOM FAQ 4.3.1) Thanks From dietmar.goldbeck at acm.org Tue Sep 14 10:24:06 1999 From: dietmar.goldbeck at acm.org (Dietmar Goldbeck) Date: Tue Dec 2 02:27:04 2003 Subject: Samba as PDC, NT as BDC? Message-ID: <19990914122406.A19933@tin-lizzy.e-trend.de> Hello everybody we have an Samba 2.0.5a Server working as PDC. I need to add an NT Server with M$ SQL Server. How can i configure Samba and the NT Server so that the NT Server authorizes against the Samba PDC? Would running samba 2.1 (cvs branch) help? Thanks for help Dietmar -- Alles Gute / best wishes Dietmar Goldbeck E-Mail: dietmar.goldbeck@acm.org Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western Civilization? Gandhi: I think it would be a good idea. From marcin.klimowski at solidex.com.pl Tue Sep 14 10:36:18 1999 From: marcin.klimowski at solidex.com.pl (Marcin Klimowski) Date: Tue Dec 2 02:27:04 2003 Subject: Multi Login Into Domain References: <37D7AC57.B95BE949@team.owl-online.de> Message-ID: <37DE2522.CE34AA17@solidex.com.pl> "Cord-H. Fricke" wrote: > > Yo there, > > I have Linux Debian 2.2.10 and Samba 2.04b and it works great with > "multilogon". > I can access all machines same time with my Serversaved-profile Hello :) It seems that You misunderstood the question - he wants to _disable_ such possibility. -- ________ Marcin Klimowski /_____/_/ ul. J. Lea 124 _\___\__/ 30-133 Krakow, Poland Dzial Serwisu Technicznego /_____/_/ Tel: +48 (12) 6380480 http://www.solidex.com.pl/ SOLIDEX SA Fax: +48 (12) 6360470 From federico at lpc.ufrj.br Tue Sep 14 11:11:16 1999 From: federico at lpc.ufrj.br (Federico Galvez-Durand) Date: Tue Dec 2 02:27:04 2003 Subject: Security bug ??? In-Reply-To: <37D582A9.DFCAF150@compedge.co.nz> from "Aaron Knauf" at Sep 8, 99 07:22:12 am Message-ID: <199909141111.IAA06194@lpc.ufrj.br> > > samba-ntdom@samba.org wrote: > > > Rafa? Szcze?niak wrote: > > > > > > Hello, everybody :) > > > > > > Recently, I setup Samba PDC (2.0.5a). Everything works fine > > > (great software !), except one strange thing. > > > No matter of file ownership I am able to delete it > > > from ordinary user account logged on WinNT SP3 wks. > > > Even if file's owner is root ! What did I wrong ? > > > > Need more information like > > > > * the service definition from smb.conf > > * the UNIX permissions on the parent directory > > * any other specifics for your setup > > > > Cheers, > > jerry > > I had one like this. From memory, it was something to do with the > mapping of the world permissions bits. I ended up with everyone having > take ownership under NT. There is a doco about it in the distribution > doc directory. > > ADK > > It happens when you put your logon name in the administrators list. Is it your case ? -- Federico Galvez-Durand http://www.lpc.ufrj.br/~fico LPC-DEL/EE/UFRJ-Brazil Phone/Fax:+55-21-2605010/5900788 From fricke at Team.OWL-Online.DE Tue Sep 14 14:02:21 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:04 2003 Subject: User rights for MS-Project Message-ID: <37DE556D.29D11DF9@team.owl-online.de> Hi there, i got a problem with MS-Project. The file is saved with owner = xyz and group=users. But when another owner want?s to open the file (is in group users) MS-Project says: You?re not owner. I think windows have no chance to see unix-permissions. Am I wrong??? Are there any help outside? -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God, it?s Friday... From sam at campbellsci.co.uk Tue Sep 14 15:29:05 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:27:04 2003 Subject: Security bug ??? In-Reply-To: <199909141111.IAA06194@lpc.ufrj.br> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Federico Galvez-Durand > Sent: Tuesday, September 14, 1999 01:10 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Security bug ??? > > It happens when you put your logon name in the > administrators list. Is it your case ? How can you put your login name in the administrators list? Sam From lkcl at samba.org Tue Sep 14 16:42:45 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:04 2003 Subject: lsa query failing (fwd) Message-ID: Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. ---------- Forwarded message ---------- Date: Tue, 14 Sep 1999 09:14:17 +0100 From: Alan Hourihane To: 'Luke Kenneth Casson Leighton' Subject: RE: lsa query failing Thanks Luke, Does this look correct ? *** srv_lsa.c.old Tue Sep 14 09:09:12 1999 --- srv_lsa.c Tue Sep 14 09:12:19 1999 *************** *** 586,603 **** static BOOL api_lsa_close( uint16 vuid, prs_struct *data, prs_struct *rdata) { ! /* XXXX this is NOT good */ ! size_t i; ! uint32 dummy = 0; ! ! for(i =0; i < 5; i++) { ! if(!prs_uint32("api_lsa_close", rdata, 1, &dummy)) { ! DEBUG(0,("api_lsa_close: prs_uint32 %d failed.\n", ! (int)i )); ! return False; ! } } ! return True; } --- 586,601 ---- static BOOL api_lsa_close( uint16 vuid, prs_struct *data, prs_struct *rdata) { ! LSA_R_CLOSE r_c; ! ! ZERO_STRUCT(r_c); ! ! /* store the response in the SMB stream */ ! if (!lsa_io_r_close("", &r_c, rdata, 0)) { ! DEBUG(0,("api_lsa_close: lsa_io_r_close failed.\n")); ! return False; } ! return True; } Alan. -----Original Message----- From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] Sent: 13 September 1999 21:47 To: Alan Hourihane Subject: RE: lsa query failing samba 2.0.5a. ah. i did the commit to cvs main repository, not 2.0.5a. i don't work on 2.0.X, only on cvs main. oops. ok, can you check out the main cvs source code and fix it cut/paste style? see http://samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_lsa.c, obtain a diff and patch it to 2.0.5a. On Mon, 13 Sep 1999, Alan Hourihane wrote: > Same problem luke. here's this log though. > > Alan. > > > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: 09 September 1999 19:17 > To: alanh@pinacl.co.uk > Cc: Multiple recipients of list > Subject: lsa query failing > > ok fixed. do a cvs update on rpc_server/srv_lsa.c, please let me know if > it works. reply direct: i am not on any public samba lists. > > > Subject: RE: FW: Update problems > > > > Luke, > > > > Thanks for taking a look. > > > > Here's the debug log at 100. > > > > Alan. > > > > > > -----Original Message----- > > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > > Sent: 09 September 1999 17:38 > > To: Alan Hourihane > > Subject: Re: FW: Update problems > > > > connection refused on 445 is irrelevant. smbpasswd trys on port 139, > > which succeeds. > > > > your report contains insufficient info, please send debug log level 100. > > > > On Thu, 9 Sep 1999, Alan Hourihane wrote: > > > > > I get the same too. > > > > > > [1999/09/08 09:19:04, 0] smbd/dfs.c:init_dfs_table(128) > > > No DFS map, Samba is running in NON DFS mode > > > [1999/09/08 09:19:04, 1] lib/util_sock.c:open_socket_out(746) > > > error connecting to 193.32.209.22:445 (Connection refused) > > > [1999/09/08 09:19:05, 0] rpc_client/cli_lsarpc.c:lsa_close(627) > > > LSA_CLOSE: NT code 0f0e0d0c > > > [1999/09/08 09:19:05, 1] lib/sids.c:get_domain_sids(266) > > > lsa query info failed > > > [1999/09/08 09:19:05, 0] smbd/server.c:main(687) > > > ERROR: Samba cannot obtain PDC SID from PDC(s) WALES. > > > > > > But I have three 2.0.5a servers talking to my PDC (WALES) > > > with no problems. > > > > > > I used the smbpasswd from 2.0.5a to join the domain after > > > suffering with smbpasswd. > > > > > > Alan. > > > > > > -----Original Message----- > > > From: Bernard PRADIE [SMTP:bernard.pradie@sncf.fr] > > > Sent: 08 September 1999 08:09 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Re: Update problems > > > > > > I have the same problem with smbpasswd. > > > 445 seems to be a port. what service ? > > > #grep 445 source/* > > > #rgrep 445 docs > > > no result ! > > > > > > I use ./configure --with-syslog --with-quota > > > > > > May I miss a doc ? > > > does I forget --with-profile ? (I use [Profile] in my smb.conf) > > > > > > Alexandre Lecuyer wrote (a ecrit) : > > > > > > > > Hi all, > > > > > > > > We've been using a cvs from mid-july until now without > > > > problems, except sometimes when saving word documents.. I > > > > have read in the list archive that a cvs update would help, > > > > but I didn't get it to work. > > > > (I have been off for holidays, probably missed a few things :) > > > > > > > > in "log.smb" I get: > > > > No DFS map, Samba is running in NON DFS mode > > > > Where can I find docs about that ? > > > > > > > > using "smbpasswd", I get: > > > > error connecting to :445 (Connection refused) > > > > Then I get the usual prompts, and the passwd is changed. > > > > > > > > I can connect to shares using "smbclient", but from an NT client > > > > it doesn't work. > > > > - The domain's joined succesfully > > > > - After a reboot login is denied: > > > > [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(655) > > > > Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] > > > > ^^^^^^^^^ > > > > [1999/09/06 17:51:43, 3] smbd/reply.c:reply_sesssetup_and_X(658) > > > > sesssetupX:name=[] > > > > ^^^^^^^ > > > > [1999/09/06 17:51:43, 3] lib/util.c:get_unixgroups(2379) > > > > nobody is in 1 groups: 99 > > > > ^^^^^^ > > > > > > > > If I revert to the old binaries everything works fine again.. so > > > > I guess I have missed some changes since july. > > > > Any pointer's welcome ! > > > > Thanx, > > > > > > > > -- > > > > Alexandre Lecuyer > > > > CCRI IUT-IUP de Vannes > > > > > > -- > > > __________________________________________________________________________ > > > Bernard PRADIE > > > S.N.C.F. Tel. 01.53.42.92.84 > > > Direction de la Recherche FAX. 01.53.42.92.17 > > > 45, rue de Londres e-mail bernard.pradie@sncf.fr > > > 75379 PARIS Cedex 08 > > > __________________________________________________________________________ > > > > > > > From perrier at onera.fr Tue Sep 14 16:32:22 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:27:05 2003 Subject: (forw) Member of two domains? In-Reply-To: <19990910192945.A4444@mykerinos> References: <19990910192945.A4444@mykerinos> Message-ID: <19990914183221.C24068@mykerinos> Answering myself, as I found an incomplete solution which may help others Quoting Christian Perrier (perrier@onera.fr): > I'm currently thinking about setting up another netbios alias and > make it member of another NT domaine with different password servers > (the controllers of this second domain). If the second "personality" is in server mode, this will work (the first being in "domain" mode). I did not succeed in having both personalities in domain mode. The problem is : it is impossible to join the second domain with "smbpasswd -j" -- From perrier at onera.fr Tue Sep 14 16:34:29 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:27:05 2003 Subject: Same Samba server to multiple domains In-Reply-To: References: <19990911182331Z12862696-23442+3436@samba.anu.edu.au> Message-ID: <19990914183428.D24068@mykerinos> Quoting Joe Lin - FES ~ (jzlin@pcocd2.intel.com): > > You can do something like this in the smb.conf This is was was implied by me talking about "personalities". > I've only try this with security = server . Yes. This works with the server mode. > > With security = domain, since samba 2.x allows trusted domains, there's > no need to join multiple domains The two domains do not have trust relationships and it is not planned to do so, unfortunately. -- From aaron at compedge.co.nz Tue Sep 14 21:13:45 1999 From: aaron at compedge.co.nz (Aaron Knauf) Date: Tue Dec 2 02:27:05 2003 Subject: [Fwd: WinNT and auto-reconnect] Message-ID: <37DEBA89.290E914F@compedge.co.nz> Thanks, Luke - I am now working around this issue by using security = user. ADK Luke Kenneth Casson Leighton wrote: > this is due to a bug in windows nt clients. microsoft is aware of the > problem, they had a developer looking into it the last time it was > reported (six months ago on ntbugtraq), related to the WNetWkstaUserEnum > function. no further information or response has been reported that i am > aware of. > > luke > > On Tue, 31 Aug 1999, Aaron Knauf wrote: > > > Hi all, > > > > I have another weird one here. > > > > When using a WinNT server, you can reboot the server while (win/NT) > > clients are connected and the clients will automatically re-establish > > their connections when the server comes back up. > > > > With Samba you can do the same. > > > > Here's the catch. If you restart samba, then logout your client > > *without accessing any of the previously opened shares* then the profile > > is written back to the home directory and that share is left open on the > > server (shown by smbstatus). From this point on, no-one can log in to > > the server (at least, not from the same workstation - I haven't tried it > > with more than one). Another samba restart is required to get people > > logging in again. > > > > TIA > > > > ADK > > > > > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. From short at ucw.cz Wed Sep 15 03:22:51 1999 From: short at ucw.cz (Jan Kratochvil) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: <199909141552.LAA24104@coda.docd-east>; from Paul L. Lussier on Wed, Sep 15, 1999 at 01:56:06AM +1000 References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> Message-ID: <19990915052251.26196@atrey.karlin.mff.cuni.cz> > In a message dated: Tue, 14 Sep 1999 23:25:42 +1000 > Francesc Guasch said: > > >> The 2 have nothing to do with each other. Exchange is e-mail,Samba is > >> Print/File server that can also act as a PDC. > > > >Yes, but when users read mail from the server need to validate > >their account. The MS Exchange Admin told me the > >users validate in a NT domain. As samba can act as NT domain > >I wonder if that could work. > > They have to validate against a PDC when they log in. If Exchange requires > authentication beyond login *and* it does that authentication against a PDC, I > don't see any reason why it wouldn't work. We've tried this and FAILED. I can't say that we've already tried all the possibilites but although all the network was integrated seamlessly we just can't use it yet due to not to be able to shift Exchange from NT-driven domain to Samba-driven domain (with about 14 days old CVS od HEAD). Exchange simply doesn't start - it originally used some account ("Logon as" of the service parameters) from the NT domain but it is not able to use such account from Samba domain. I don't know whether it would help to reinstall it from scratch but simple move from NT to Samba domain just isn't as simple as it looks. And yes, we've played with various group names, even patching Samba for new group SIDs, adding Samba users (and "Everybody") to various administrative rights in Exchange setup etc. And always it fails to start properly. Although several services of it will start, the "Information storage manager" just can't cope with it. It maybe has to do something with existing file ownership assigned to users of the old NT-driven domain. Would it be possible to Samba act as NT server by using the same user SIDs that no client would notice the change? I have found that simply naming the domain by the same name isn't sufficient, probably SID of the domain takes into the play. Please can someone who successfuly joined Exchange server to Samba domain send me a mail? I promise that I'll post the summary - just trying to prevent a mass of e-mails in 'me too' style - either positive or negative. > -- > Seeya, > Paul Bye, Lace PS: Sorry for crosspost but the discussion was being held on samba@samba.org and I really think that it in fact belongs to samba-ntdom@samba.org. From rfs at aw.com.pl Wed Sep 15 07:43:22 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:05 2003 Subject: User rights for MS-Project References: <37DE556D.29D11DF9@team.owl-online.de> <37DEAD8F.DD2CB273@aw.com.pl> <37DF4742.A548CF05@team.owl-online.de> Message-ID: <37DF4E1A.9BBDA431@aw.com.pl> "Cord-H. Fricke" wrote: > > yes i have Samba as PDC with roaming profiles > > Rafa? Szcze?niak schrieb: > > > "Cord-H. Fricke" wrote: > > > > > > Hi there, > > > > > > i got a problem with MS-Project. > > > The file is saved with owner = xyz and group=users. But when another > > > owner want?s to open the file (is in group users) MS-Project says: > > > You?re not owner. I think windows have no chance to see > > > unix-permissions. Am I wrong??? > > > Are there any help outside? > > > > Do you use Samba as PDC with roaming profiles ? > > I'm asking because I got similiar message from ArchiCAD. > > It seems, he stores user name which, as last, was working > > on file. And after all, windows can see and change unix permissions on Samba share. > > > > > > > > -- > > > -------------------------------------------------------------------------- > > > > > > Cord-H. Fricke > > > Technik/Systemadministration > > > Fon: 0 52 1 / 52 51-133 > > > fricke@team.owl-online.de > > > http://www.owl-online.de/ > > > > > > Thanx God, it?s Friday... > > -- > -------------------------------------------------------------------------- > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > fricke@team.owl-online.de > http://www.owl-online.de/ > > Thanx God, it?s Friday... From christian at aec.at Wed Sep 15 08:20:01 1999 From: christian at aec.at (Christian Kneissl) Date: Tue Dec 2 02:27:05 2003 Subject: Compilation errors Message-ID: Hello ! I am very new to linux, so my problem could not be a real great problem for you, but I dont know how to go further. When I try to compile Samba with make (after configure) I get the following: Using LIBS = -lreadline -ldl -lcrypt Compiling smbd/server.c In file included from /usr/include/signal.h:294, from include/includes.h:161, from smbd/server.c:22: /usr/include/bits/sigcontext.h:28: asm/sigcontext.h: No such file or directory In file included from /usr/include/bits/errno.h:25, from /usr/include/errno.h:36, from include/includes.h:181, from smbd/server.c:22: /usr/include/linux/errno.h:4: asm/errno.h: No such file or directory In file included from /usr/include/netinet/in.h:26, from include/includes.h:211, from smbd/server.c:22: /usr/include/bits/socket.h:252: asm/socket.h: No such file or directory make: *** [smbd/server.o] Error 1 ------------------------------------------- Also the same, when I tried to compile Glib-1.2.4: gcc -DHAVE_CONFIG_H -I. -I. -I. -DG_LOG_DOMAIN=g_log_domain_glib -g -O2 -Wall -D_REENTRANT -c -fPIC -DPIC giounix.c -o .libs/giounix.lo In file included from /usr/include/bits/errno.h:25, from /usr/include/errno.h:36, from giounix.c:37: /usr/include/linux/errno.h:4: asm/errno.h: No such file or directory make[2]: *** [giounix.lo] Error 1 make[2]: Leaving directory /home/chris/glib-1.2.4' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory /home/chris/glib-1.2.4' make: *** [all-recursive-am] Error 2 ------------------------------------------- Would be great, If you have a solution for me. Christian Kneissl From rfs at aw.com.pl Wed Sep 15 09:05:30 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:05 2003 Subject: Compilation errors References: Message-ID: <37DF615A.123004AC@aw.com.pl> Christian Kneissl wrote: > > Hello ! > > I am very new to linux, so my problem could not be a real great problem for > you, but I > dont know how to go further. > > When I try to compile Samba with make (after configure) I get the following: > > Using LIBS = -lreadline -ldl -lcrypt > Compiling smbd/server.c > In file included from /usr/include/signal.h:294, > from include/includes.h:161, > from smbd/server.c:22: > /usr/include/bits/sigcontext.h:28: asm/sigcontext.h: No such file or > directory > In file included from /usr/include/bits/errno.h:25, > from /usr/include/errno.h:36, > from include/includes.h:181, > from smbd/server.c:22: > /usr/include/linux/errno.h:4: asm/errno.h: No such file or directory > In file included from /usr/include/netinet/in.h:26, > from include/includes.h:211, > from smbd/server.c:22: > /usr/include/bits/socket.h:252: asm/socket.h: No such file or directory > make: *** [smbd/server.o] Error 1 > > ------------------------------------------- > > Also the same, when I tried to compile Glib-1.2.4: > > gcc -DHAVE_CONFIG_H -I. -I. -I. -DG_LOG_DOMAIN=g_log_domain_glib -g -O2 > -Wall -D_REENTRANT -c -fPIC -DPIC giounix.c -o .libs/giounix.lo > In file included from /usr/include/bits/errno.h:25, > from /usr/include/errno.h:36, > from giounix.c:37: > /usr/include/linux/errno.h:4: asm/errno.h: No such file or directory > make[2]: *** [giounix.lo] Error 1 > make[2]: Leaving directory /home/chris/glib-1.2.4' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory /home/chris/glib-1.2.4' > make: *** [all-recursive-am] Error 2 > > ------------------------------------------- > > Would be great, If you have a solution for me. > > Christian Kneissl It seems you don't have whole /usr/include/asm subtree. Check whether it exists. It should be a soft link to your current kernel source subtree ./include/asm. If your kernel is in /usr/src/linux (quite typical configuration, but sometimes depended on linux distribution), you can create it by typing: ln -s /usr/src/linux/include/asm /usr/include/asm After all, this looks like linux problem, not samba. There are many better places to asking this kind of question. greetings :) Rafa? From newman at engebras.com Wed Sep 15 11:59:47 1999 From: newman at engebras.com (Newman) Date: Tue Dec 2 02:27:05 2003 Subject: File is in use (NTx95)samba cvs Message-ID: Dear Friends: I have a strange problem here with samba last cvs. I am using samba in very hard prodution and it is amazing! I have a system running simultaneous with 5 or more people sharing many files(DBF), everything woks ok when the clients are win95 or win 98, but when the client is NT, the application tells that file is in use, and give me a error. It was not happening in older versions of samba. It seems that nt open the files on exclusive mode. Can someone help me? Tks, From pmarc at id3semiconductors.com Wed Sep 15 12:06:22 1999 From: pmarc at id3semiconductors.com (Pierre MARC) Date: Tue Dec 2 02:27:05 2003 Subject: subscribe Message-ID: <37DF8BBE.C149A433@id3semiconductors.com> -- Pierre MARC mailto:pmarc@id3semiconductors.com From plussier at baynetworks.com Wed Sep 15 13:34:48 1999 From: plussier at baynetworks.com (Paul L. Lussier) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: Your message of "Wed, 15 Sep 1999 05:22:51 +0200." <19990915052251.26196@atrey.karlin.mff.cuni.cz> References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> Message-ID: <199909151334.JAA24256@coda.docd-east> In a message dated: Wed, 15 Sep 1999 05:22:51 +0200 Jan Kratochvil said: >Exchange simply doesn't start - it originally used some account ("Logon as" of >the service parameters) from the NT domain but it is not able to use such >account from Samba domain. I don't know whether it would help to reinstall it >from scratch but simple move from NT to Samba domain just isn't as simple as >it looks. And yes, we've played with various group names, even patching Samba >for new group SIDs, adding Samba users (and "Everybody") to various >administrative rights in Exchange setup etc. And always it fails to start >properly. > >Although several services of it will start, the "Information storage manager" >just can't cope with it. It maybe has to do something with existing file >ownership assigned to users of the old NT-driven domain. Would it be possible >to Samba act as NT server by using the same user SIDs that no client would >notice the change? I have found that simply naming the domain by the same >name isn't sufficient, probably SID of the domain takes into the play. Here are some questions I have. I think you might be onto something with the SID idea. Are you able to have normal users log in to the Samba PDC controlled domain without dealing with Exchange? If not, then get this working before dealing with Excahange (I assume though, that this is not your problem, but it never hurts to ask the obvious :) Was the Exchange server set up prior to of after migration to the Samba PDC domain? If prior to, then the SID thing could be your problem, and I'd try re-installing the Exchange server, or, better yet, setting up a new one for testing purposes that only knows about the Samba PDC. If after, then did you make sure that it only knows about the Samba PDC and not the old domain controller? Have you put a packet sniffer on the wire to see what packets are going across and maybe find out why it's not authenticating properly? Have you turned on and checked all possible logging of the exchange server and the Samba server. Granted, the MS logging capability is pretty lame, but the Samba server should at least tell you if it's seeing the requests. I hope this helps somewhat, at least in giving you some ideas. I'm interested in the solution of this dilemma if you ever find one. Good luck! -- Seeya, Paul ---- Depression is merely anger without enthusiasm. There cannot be a crisis today; my schedule is already full. A conclusion is simply the place where you got tired of thinking. If you're not having fun, you're not doing it right! From short at ucw.cz Wed Sep 15 14:13:25 1999 From: short at ucw.cz (Jan Kratochvil) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: <199909151334.JAA24256@coda.docd-east>; from Paul L. Lussier on Wed, Sep 15, 1999 at 09:34:48AM -0400 References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> Message-ID: <19990915161325.39191@atrey.karlin.mff.cuni.cz> > In a message dated: Wed, 15 Sep 1999 05:22:51 +0200 > Jan Kratochvil said: > > >Exchange simply doesn't start - it originally used some account ("Logon as" of > >the service parameters) from the NT domain but it is not able to use such > >account from Samba domain. I don't know whether it would help to reinstall it > >from scratch but simple move from NT to Samba domain just isn't as simple as > >it looks. And yes, we've played with various group names, even patching Samba > >for new group SIDs, adding Samba users (and "Everybody") to various > >administrative rights in Exchange setup etc. And always it fails to start > >properly. > > > >Although several services of it will start, the "Information storage manager" > >just can't cope with it. It maybe has to do something with existing file > >ownership assigned to users of the old NT-driven domain. Would it be possible > >to Samba act as NT server by using the same user SIDs that no client would > >notice the change? I have found that simply naming the domain by the same > >name isn't sufficient, probably SID of the domain takes into the play. > > Here are some questions I have. I think you might be onto something with the > SID idea. > > Are you able to have normal users log in to the Samba PDC controlled domain > without dealing with Exchange? If not, then get this working before dealing Yes, perfectly, integration with NIS+, password syncing, roaming profiles, just wonderfully working for NT, 9x, , except .. ehm .. that Exchange. > with Excahange (I assume though, that this is not your problem, but it never > hurts to ask the obvious :) OK, I agree, sorry to not to point this out obviously. > Was the Exchange server set up prior to of after migration to the Samba PDC > domain? Prior. I'll note one mail I got about it: ------------------------------------------------------------------------------------ From: Aaron Knauf Organization: Computing Edge Limited X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.12 i686) I've not done the samba thing with exchange before, but I have moved exchange from one domain to another - and it is definitely a re-installation job. The domain SID is the culprit. I know of no way to fix this with out a re-install. ADK ------------------------------------------------------------------------------------ > If prior to, then the SID thing could be your problem, and I'd try > re-installing the Exchange server, or, better yet, setting up a new > one for testing purposes that only knows about the Samba PDC. Yes, it will be probably the only possible solution as I see. I just have some fear with complete settings and data transfer to be done then from 'old' to 'new' server. > If after, then did you make sure that it only knows about the Samba > PDC and not the old domain controller? The old domain controller was, of course, shut down during the testing (in night hours, some backups failed but who cares about them :-) ). > Have you put a packet sniffer on the wire to see what packets are going across > and maybe find out why it's not authenticating properly? I was thinking about it but I have been reading precisely (a lot of time) debug logs at level 100, there was no problem from Samba, it authenticated OK but obviously some internal thing Exchange occured then resulting from the returned data from the server. > Have you turned on and checked all possible logging of the exchange server and > the Samba server. Granted, the MS logging capability is pretty lame, but the > Samba server should at least tell you if it's seeing the requests. Logging on Samba server tried (above), logging on Exchange was not yet tried, there were no time remaining so we had to switch over the network to NT PDC. I've said that not all the possibilities were investigated, I just wanted to hear whether at least one person out there done it successfuly to not to bother with impossible task. BTW I just got the one response from Aaron Knauf noted above so I still thinks that it probably requires reinstallation and settings/data migration. Personally I think that the problem is that some vital files of Exchange are owned by the original NT user Exchange account and by logging Exchange as someone else it no longer has the needed permission for its local files. But I don't know how to solve it, I'm not much NT-experienced. Although it is not the exact error code we got (I don't have the access now to it), on: http://support.microsoft.com/support/kb/articles/Q184/2/05.ASP is written: 4. Go to User Manager for Domains. 5. Click on Policies from the title bar menu, and select User Rights. 6. Select the option for Advanced User Rights. 7. In the drop-down list, verify that the following rights have been granted to the service account: Act as part of the operating system Back up files and directories Log on as a service Restore files and directories But when User manager functionality is not yet implemented in Samba, is there any possibility to set it in Samba server itself (even in its sources if it is just tweaking some Samba tables). > I hope this helps somewhat, at least in giving you some ideas. I'm interested > in the solution of this dilemma if you ever find one. Thanks for help, without getting Exchange it is not really possible to switch to Samba PDC and NIS/NT synchronization still continues as a nightmare. > Seeya, > Paul Regards, Jan Kratochvil From thomas.springer at rz.tu-ilmenau.de Wed Sep 15 16:18:45 1999 From: thomas.springer at rz.tu-ilmenau.de (thomas springer) Date: Tue Dec 2 02:27:05 2003 Subject: synchronize passwd in LDAP ?! Message-ID: <37DFC6E5.3CC43ECC@rz.tu-ilmenau.de> Hi, I'm testing the LDAP functions of samba. I get the samba PDC to work and the user information is stored in LDAP. My users can login from an NT-WS and are able to change their passwords. In the doco there is a link to RFC2307, which I use for authenticting my linux users. (some of them are not local they are only in LDAP) This works fine. Now I want that samba synchronize the passwords for UNIX (saved in a posixAccount entry in LDAP) and samba. When adding a user via smbpasswd -x -a user1 only the samba attributes are created in ldap, however the attributes like userpassword, homedirectory, loginshell are not migrated neither from /etc/passwd nor the ldap entries of the unix users. If the user entry already exists in LDAP then adding the user with smbpasswd is not possible. So the merging doesn't work automaticaly. I tried this by hand, but there are still no synchronized passwords. When I run smbpasswd as a user then it tells me: Failed to open LDAP passwd file What does that mean ? My ldap users can login in linux via pam. It would be great, if someone give me a hint how to synchronize passwords for NT and Unix with ldap and samba. Thanks in advance Thomas From short at ucw.cz Wed Sep 15 14:25:14 1999 From: short at ucw.cz (Jan Kratochvil) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: <19990915161325.39191@atrey.karlin.mff.cuni.cz>; from Jan Kratochvil on Thu, Sep 16, 1999 at 12:17:39AM +1000 References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> Message-ID: <19990915162514.24013@atrey.karlin.mff.cuni.cz> > Although it is not the exact error code we got (I don't have the access now > to it), on: > > http://support.microsoft.com/support/kb/articles/Q184/2/05.ASP > > is written: > > 4. Go to User Manager for Domains. > 5. Click on Policies from the title bar menu, and select User Rights. > 6. Select the option for Advanced User Rights. > 7. In the drop-down list, verify that the following rights have been granted to the service account: > Act as part of the operating system > Back up files and directories > Log on as a service > Restore files and directories > > > But when User manager functionality is not yet implemented in Samba, is there > any possibility to set it in Samba server itself (even in its sources if it > is just tweaking some Samba tables). Sorry, please discard this section, it is not dependent on Samba and can be done even with Samba as PDC as I remember now. I'm not NT-experienced, I've said it once before. :-( And for example even this wasn't tried during the (two) test sessions but I'm now rather sceptic to what can help, probably the best solution is really Exchange reinstall. Jan Kratochvil From plussier at baynetworks.com Wed Sep 15 15:15:25 1999 From: plussier at baynetworks.com (Paul L. Lussier) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: Your message of "Wed, 15 Sep 1999 16:13:25 +0200." <19990915161325.39191@atrey.karlin.mff.cuni.cz> References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> Message-ID: <199909151515.LAA04360@coda.docd-east> In a message dated: Wed, 15 Sep 1999 16:13:25 +0200 Jan Kratochvil said: >> Was the Exchange server set up prior to of after migration to the Samba PDC >> domain? > > Prior. I'll note one mail I got about it: [...mail snipped...] Well, I'd say that pretty much spells it out :) Try setting up a test network with the Samba PDC, then install a new Exchange server which only knows about this PDC. If you set the test network up you can probably do this with 3 systems and a 4-port hub; Samba, Exchange, 9x/NT client for testing. >> If prior to, then the SID thing could be your problem, and I'd try >> re-installing the Exchange server, or, better yet, setting up a new >> one for testing purposes that only knows about the Samba PDC. > > Yes, it will be probably the only possible solution as I see. I just have >some fear with complete settings and data transfer to be done then from 'old' >to 'new' server. Personally I don't blame you at all. I'd do several things: 1. Backup the exchange server to a new tape 2. Tell users to copy their mail boxes to their local systems as a precaution 3. Build a completely new Exchange server on new hardware and after you get it working properly with the Samba PDC try and import the data from the old Exchange server. If this fails, you have the backup tape, if that fails, the users have their local copy. >> If after, then did you make sure that it only knows about the Samba >> PDC and not the old domain controller? > > The old domain controller was, of course, shut down during the testing (in >night hours, some backups failed but who cares about them :-) ). Right, but the Exchange server wasn't, which means it's trying to authenticate against the old PDC, which has a different SID than the Samba one. > Personally I think that the problem is that some vital files of Exchange >are owned by the original NT user Exchange account and by logging Exchange >as someone else it no longer has the needed permission for its local files. >But I don't know how to solve it, I'm not much NT-experienced. Well, I don't so much think that it's a vital file, rather a registry entry for Exchange that keeps track of the SID of the PDC. > 4. Go to User Manager for Domains. > 5. Click on Policies from the title bar menu, and select User Rights. > 6. Select the option for Advanced User Rights. > 7. In the drop-down list, verify that the following rights have been grant >ed to the service account: > Act as part of the operating system > Back up files and directories > Log on as a service > Restore files and directories > > > But when User manager functionality is not yet implemented in Samba, is > there any possibility to set it in Samba server itself (even in its sources > if it is just tweaking some Samba tables). I don't know the answer to this. You'll have to check the Samba DOCS. I recommend getting Gerry Carter's "TYS Samba in 24 Hours" or the new O'Reilly book on Samba. In addition, look in the docs/ directory and read through all that stuff. I seem to remember something mentioning SIDs in there. John Blair's book, though written for pre 2.x Samba, has a very good explanation of SIDs as well if I recall correctly. >Thanks for help, without getting Exchange it is not really possible to switch >to Samba PDC and NIS/NT synchronization still continues as a nightmare. Well, you could switch to sendmail and POP3/IMAP clients, then Exchange is no longer a problem :) -- Seeya, Paul ---- Depression is merely anger without enthusiasm. There cannot be a crisis today; my schedule is already full. A conclusion is simply the place where you got tired of thinking. If you're not having fun, you're not doing it right! From iainr at civ.hw.ac.uk Wed Sep 15 15:38:06 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:05 2003 Subject: Samba PDC and Samba BDC? In-Reply-To: <19990915161325.39191@atrey.karlin.mff.cuni.cz> Message-ID: Apologies if you've already seen something like this but I've not got my usual TO: copy and it doesn't appear on the archive. We have a lab (40 PC's) happily running samba as a PDC, I'm in the process of tagging on another lab (15 PC's) on a seperate subnet, using wins I have no problems getting the second labs PC's to register etc. However I'd like to add in some redundancy and have a BDC on the second subnet which would handle domain logins. Is the samba domain controller stuff far enough on that I can do this? ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From jzlin at pcocd2.intel.com Wed Sep 15 15:58:19 1999 From: jzlin at pcocd2.intel.com (Joe Lin - FES ~) Date: Tue Dec 2 02:27:05 2003 Subject: Same Samba server to multiple domains In-Reply-To: <19990915111819Z12863921-23442+4211@samba.anu.edu.au> Message-ID: Christian, since you can't provide trusted domains, I dont see how you can join multiple domains. Maybe you can run multiple instances of smbd and nmbd of the same physical server? ie.. /usr/sambaA and /usr/sambaB and run the binaries from both places? From cwiegand at startek.com Wed Sep 15 16:36:07 1999 From: cwiegand at startek.com (Chris Wiegand) Date: Tue Dec 2 02:27:05 2003 Subject: Same Samba server to multiple domains Message-ID: <01BEFF66.1EC84120.cwiegand@startek.com> Is this a real possibility? I would think that only the first one that starts would get the port bound. Or perhaps change samba so that instead of only authenticating against the first server that responds in password server = ??? it tries all of them. Then you could list the PDCs/BDCs of all of your domains, and it would fail only if ALL of them failed.... just a though for those of us who can't use beta code in a prod. environment. -----Original Message----- From: Joe Lin - FES ~ [SMTP:jzlin@pcocd2.intel.com] Sent: Wednesday, September 15, 1999 10:00 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Same Samba server to multiple domains Christian, since you can't provide trusted domains, I dont see how you can join multiple domains. Maybe you can run multiple instances of smbd and nmbd of the same physical server? ie.. /usr/sambaA and /usr/sambaB and run the binaries from both places? From cartegw at Eng.Auburn.EDU Wed Sep 15 16:52:23 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:05 2003 Subject: Same Samba server to multiple domains References: <01BEFF66.1EC84120.cwiegand@startek.com> Message-ID: <37DFCEC6.2402D503@eng.auburn.edu> Chris Wiegand wrote: > > Is this a real possibility? I would think that only > the first one that starts would get the port > bound. Or perhaps change samba so that instead of > only authenticating against the first server that > responds in password server = ??? it tries all of > them. Then you could list the PDCs/BDCs of all > of your domains, and it would fail only if ALL > of them failed.... > just a though for those of us who can't use beta > code in a prod. environment. See the 'interfaces' and the 'socket address' parameters. I used to do this off of a real and virtual interface under Solaris 2.5.1 Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mmiller at cgrg.ohio-state.edu Wed Sep 15 17:04:21 1999 From: mmiller at cgrg.ohio-state.edu (Michael Miller) Date: Tue Dec 2 02:27:05 2003 Subject: Samba PDC and UNIX Password sync Message-ID: <37DFD195.F5FBFC00@cgrg.ohio-state.edu> Hello, I am trying to setup a Samba PDC using Samba 2.1.0, a Sun Enterprise 250 with Solaris 2.6 and all the required patches applied. I would like to use the same accounts that exist in our UNIX environment on the Samba PDC. I have used mksmbpasswd.sh to export the accounts to the necessary smbpasswd file. I have then appended the machine accounts gathered earlier to the smbpasswd file. So am left with the need to populate the password fields in the smbpasswd file. Having the users do so individually would be fine except we run into a problem of synchronization. Since NT allows for lousy passwords (i.e. dog), I cannot allow users to rely on NT to change their passwords. Since the smbpasswd program also allows for lousy passwords, I can't use that either. Has anyone used npasswd in their password chat setup? How can I get npasswd to communicate to an NT user to let them know their password is lousy. I will try to set this up soon but it's not a complete solution. Has anyone setup a Samba PDC with a system for changing passwords on either UNIX or NT, which allows both sides to be updated when changing a password on either UNIX or NT? Thanx, Michael Miller System Specialist Emerging Technologies Studio Advanced Computing Center for the Arts and Design The Ohio State University "'Gonna taste the wine cause it's right there in front of me..." From short at ucw.cz Wed Sep 15 17:38:26 1999 From: short at ucw.cz (Jan Kratochvil) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: <199909151515.LAA04360@coda.docd-east>; from Paul L. Lussier on Wed, Sep 15, 1999 at 11:15:25AM -0400 References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> <199909151515.LAA04360@coda.docd-east> Message-ID: <19990915193826.01714@atrey.karlin.mff.cuni.cz> > >> If prior to, then the SID thing could be your problem, and I'd try > >> re-installing the Exchange server, or, better yet, setting up a new > >> one for testing purposes that only knows about the Samba PDC. > > > > Yes, it will be probably the only possible solution as I see. I just have > >some fear with complete settings and data transfer to be done then from 'old' > >to 'new' server. > > Personally I don't blame you at all. I'd do several things: > > 1. Backup the exchange server to a new tape > 2. Tell users to copy their mail boxes to their local systems as > a precaution > 3. Build a completely new Exchange server on new hardware and after you > get it working properly with the Samba PDC try and import the data > from the old Exchange server. If this fails, you have the backup > tape, if that fails, the users have their local copy. We've even done physical copy (device byte-by-byte) to be sure. Only domain rejoin has to be done then due to changed machine trust account but I think that otherwise it is safe. You just have to be careful about x86 4GB file limitation (and use another device to store it instead). > > The old domain controller was, of course, shut down during the testing (in > >night hours, some backups failed but who cares about them :-) ). > > Right, but the Exchange server wasn't, which means it's trying to authenticate > against the old PDC, which has a different SID than the Samba one. The machine itself was rejoined to new domain. But I can't be sure about Exchange server software itself, I agree. > > Personally I think that the problem is that some vital files of Exchange > >are owned by the original NT user Exchange account and by logging Exchange > >as someone else it no longer has the needed permission for its local files. > >But I don't know how to solve it, I'm not much NT-experienced. > > Well, I don't so much think that it's a vital file, rather a registry entry > for Exchange that keeps track of the SID of the PDC. Well, I'll provide here some part of the mail from Al Margolis who has been very helpful: ----------------------------------------------------------------------------- I have a feeling that Exchange is dependant on the RPC code that is not yet implemented in SAMBA CVS. There are a number of places where it enumerates users. It is also tightly integrated with User Admin for Domains so I could image that Microsoft "forgot" to document some service calls. My particular problem was an exchange server whose "MS Exchange Directory Service" would not restart after a hard crash (blown power supply, therefore no shutdown). The solution was (1) reset privileges on al msexchg directories to full control for Administrators, System and Everyone and (2) resetting the admin password in Settings/Control Panel/Services (select failed service, click STARTUP button). We didn't test between steps one and two, but my guess is that the password was the culprit. I don't like that "Everyone", but Microsoft assured me that it was necessary and safe. ----------------------------------------------------------------------------- Also Al Margolis pointed out that there is very good source of information in Knowledge Base, although it is scattered all over the place and hard to find. > > 4. Go to User Manager for Domains. > > 5. Click on Policies from the title bar menu, and select User Rights. > > 6. Select the option for Advanced User Rights. > > 7. In the drop-down list, verify that the following rights have been grant > >ed to the service account: > > Act as part of the operating system > > Back up files and directories > > Log on as a service > > Restore files and directories > > > > > > But when User manager functionality is not yet implemented in Samba, is > > there any possibility to set it in Samba server itself (even in its sources > > if it is just tweaking some Samba tables). > > I don't know the answer to this. You'll have to check the Samba DOCS. I > recommend getting Gerry Carter's "TYS Samba in 24 Hours" or the new O'Reilly > book on Samba. In addition, look in the docs/ directory and read through all > that stuff. I seem to remember something mentioning SIDs in there. John I've read docs/ several times already. Even all the slides at www.samba.org, BTW I suggest reading those slides to everyone, it cleared out a lot of things to me and the text I found very good written and entertaining. > Blair's book, though written for pre 2.x Samba, has a very good explanation of > SIDs as well if I recall correctly. I should get it, I haven't yet read any paper-written text on Samba. > Well, you could switch to sendmail and POP3/IMAP clients, then Exchange is > no longer a problem :) Tech support would welcome it but people are using the time manager, work lists etc., I'm not forced to use it myself but simply due to all these features the remove of Exchange is unfortunately not a solution now. > Seeya, > Paul I'm currently not in a situation when I can try to move the whole network under Samba PDC but I'll try it during next several (3-4) weeks, I hope. Anyway I know that I'll have to do fresh install of Exchange at the start next time. Jan Kratochvil From abakun at reac.com Wed Sep 15 19:22:23 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:27:05 2003 Subject: Samba compatible time-management software (was: Re: MS Exchange) References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> <199909151515.LAA04360@coda.docd-east> <19990915193826.01714@atrey.karlin.mff.cuni.cz> Message-ID: <37DFF1EF.DE47EA7B@reac.com> Just thought I'd take a moment to tell people about my experience with OnTime, a time-management package from OpenText. Before I assumed control, my company's network was NT based with Exchange (on a demo lincense which was about to expire) for email and scheduling. I setup an SMTP and POP server, and we acquired OnTime from Opentext (http://www.opentext.com/ontime/) to handle scheduling. I was concerned that OnTime was not going to integrate well into our new Samba network, and that users would have to remember YAP (yet another password), but you can configure it to obtain a list of usernames and do authication via a PDC. That was a year ago. Unfortunately, they didn't have a Linux version when I ordered (Linux? What's that?), so I've needed to dedicate an NT machine to it. It doesn't seem to do anything fancy with hidden API calls, and it's worked with all the Samb 2.0.x versions (including the later alphas). I'm using it right now with a Samba PDC running 2.0.4b. It also has support for email notification of scheduling changes via SMTP. OnTime is one of the few software software packages that my users have actually taken it upon themselves to learn how to use, and the ones who used Exchange heavily for scheduling like it better. It's also easy to admin (I just add and remove users from it). It does have per user licensing, though, and it's not exactly cheap (compared to getting Exchange in a BackOffice bundle, I guess), but I was more concerned about interoperability. I'm not sure how scalable it is, my network only has 30 users on it. It might not be worth it to try and setup a new scheduling system to replace what you already have, but if you are going to deploy a new one, definately take a look at OnTime. Jan Kratochvil wrote: > > Well, you could switch to sendmail and POP3/IMAP clients, then Exchange is > > no longer a problem :) > > Tech support would welcome it but people are using the time manager, work > lists etc., I'm not forced to use it myself but simply due to all these > features the remove of Exchange is unfortunately not a solution now. From rfs at aw.com.pl Wed Sep 15 20:40:50 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:05 2003 Subject: synchronize passwd in LDAP ?! References: <37DFC6E5.3CC43ECC@rz.tu-ilmenau.de> Message-ID: <37E00452.633B8C2@aw.com.pl> thomas springer wrote: > > Hi, > > I'm testing the LDAP functions of samba. I get the samba PDC to work and > the user information is stored in LDAP. My users can login from an NT-WS > and are able to change their passwords. > In the doco there is a link to RFC2307, which I use for authenticting my > linux users. (some of them are not local they are only in LDAP) This > works fine. > Now I want that samba synchronize the passwords for UNIX (saved in a > posixAccount entry in LDAP) and samba. > When adding a user via smbpasswd -x -a user1 > only the samba attributes are created in ldap, however the attributes > like userpassword, homedirectory, loginshell are not migrated neither > from /etc/passwd nor the ldap entries of the unix users. > If the user entry already exists in LDAP then adding the user with > smbpasswd is not possible. So the merging doesn't work automaticaly. I > tried this by hand, but there are still no synchronized passwords. > > When I run smbpasswd as a user then it tells me: > Failed to open LDAP passwd file > > What does that mean ? How did you try "by hand" ? And which program gives you this error msg ? > > My ldap users can login in linux via pam. > > It would be great, if someone give me a hint how to synchronize > passwords for NT and Unix with ldap and samba. > > Thanks in advance > > Thomas greetings :) Rafa? From oswell at xcert.com Wed Sep 15 20:28:12 1999 From: oswell at xcert.com (Mike Oswell) Date: Tue Dec 2 02:27:05 2003 Subject: Security=Server vs Security=Domain Message-ID: I am running samba v2.0.5a in a mostly Windows NT environment. All of the windows NT machines are part of a domain, but every now and again we need to be able to access shares with a non-domain NT machine. The problem is that when I try to connect to a share from a machine that is not a member of the domain, I get the following error (after typing in a valid username and password) domain_client_validate: unable to validate password for user oswell in domain SOLAR to Domain controller PDC-VAN. Error was NT_STATUS_NO_SUCH_USER. SOLAR is actually the name of the machine that I am connecting from, not the actual domain name. If I switch security to be server, it works fine and I am allowed to connect to that share. Any idea what is missing here? Should I not be able to connect to shares with security=domain from a machine that is not in the domain, so long as I enter a valid username/password? Thanks. ----- Michael Oswell Xcert International Inc. From plussier at baynetworks.com Wed Sep 15 20:46:23 1999 From: plussier at baynetworks.com (Paul L. Lussier) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: Your message of "Wed, 15 Sep 1999 19:38:26 +0200." <19990915193826.01714@atrey.karlin.mff.cuni.cz> References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> <199909151515.LAA04360@coda.docd-east> <19990915193826.01714@atrey.karlin.mff.cuni.cz> Message-ID: <199909152046.QAA06265@coda.docd-east> In a message dated: Wed, 15 Sep 1999 19:38:26 +0200 Jan Kratochvil said: > Well, I'll provide here some part of the mail from Al Margolis >who has been very helpful: > >----------------------------------------------------------------------------- >I have a feeling that Exchange is dependant on the RPC code that is not yet >implemented in SAMBA CVS. There are a number of places where it enumerates >users. It is also tightly integrated with User Admin for Domains so I >could image that Microsoft "forgot" to document some service calls. > >My particular problem was an exchange server whose "MS Exchange Directory >Service" would not restart after a hard crash (blown power supply, >therefore no shutdown). The solution was (1) reset privileges on al >msexchg directories to full control for Administrators, System and Everyone >and (2) resetting the admin password in Settings/Control Panel/Services >(select failed service, click STARTUP button). We didn't test between >steps one and two, but my guess is that the password was the culprit. I >don't like that "Everyone", but Microsoft assured me that it was necessary >and safe. >----------------------------------------------------------------------------- Well, this explains a tremendous amount :) > Also Al Margolis pointed out that there is very good source of information >in Knowledge Base, although it is scattered all over the place and hard to >find. Like all "knowledge" bases, it's in there, the trick is finding it. Often times I've found that the question you have isn't asked/filed the same way in the knowledge base, which therefore makes it tough to find the answer. > I should get it, I haven't yet read any paper-written text on Samba. John's book was excellent in explaining the brain-dead manner in which MS networking works (or rather, doesn't:). Other than that though, it was much more of "man pages with commentary". If you print out all the Samba man pages, then you have the majority of John's book. Gerry's book was more of a "real life practicum in Samba" where he provided different scenarios, idea, and implementations as well as HOWTOs, etc. The 2 books are a very complimentary. I didn't feel that Gerry's book explained the MS networking as completely as John's, but it was more up to date and contained more examples. So, IMO, you can't go wrong with reading both. > Tech support would welcome it but people are using the time manager, work >lists etc., I'm not forced to use it myself but simply due to all these >features the remove of Exchange is unfortunately not a solution now. I'm in a similar situation where people are using Outlook for time managment. Fortunately, though, everyone is using Eurdora or Netscape and POP3 for e-mail, or they use native Unix mail :) > I'm currently not in a situation when I can try to move the whole network >under Samba PDC but I'll try it during next several (3-4) weeks, I hope. >Anyway I know that I'll have to do fresh install of Exchange at the start >next time. Please keep me updated, I'm quite interested in how this goes for you, and what sort of problems/solutions you find. -- Seeya, Paul ---- Depression is merely anger without enthusiasm. There cannot be a crisis today; my schedule is already full. A conclusion is simply the place where you got tired of thinking. If you're not having fun, you're not doing it right! From grg at mail.bahana.co.id Thu Sep 16 04:45:32 1999 From: grg at mail.bahana.co.id (Sang Jagoan) Date: Tue Dec 2 02:27:05 2003 Subject: subscribe Message-ID: <37E075EC.2AFA@mail.bahana.co.id> subscribe From pmal at space.gr Thu Sep 16 05:32:13 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:27:05 2003 Subject: No subject References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> <199909151515.LAA04360@coda.docd-east> <19990915193826.01714@atrey.karlin.mff.cuni.cz> <37DFF1EF.DE47EA7B@reac.com> Message-ID: <000b01bf0004$d4e96d00$0502000a@space.gr> Does anyone know how to emulate the Printers Folder of windows using Samba? Is it even possible? ~~~~~~~~~~~~~~~~ Malakoudis Panagiotis System Administrator Space Hellas S.A. Telephone:6547400 ~~~~~~~~~~~~~~~~ From svinto at ita.chalmers.se Thu Sep 16 07:43:07 1999 From: svinto at ita.chalmers.se (svinto@ita.chalmers.se) Date: Tue Dec 2 02:27:05 2003 Subject: synchronize passwd in LDAP ?! References: <37DFC6E5.3CC43ECC@rz.tu-ilmenau.de> Message-ID: <37E09F8B.B7692C9F@ita.chalmers.se> > Now I want that samba synchronize the passwords for UNIX (saved in a > posixAccount entry in LDAP) and samba. the openldap-package has a program called "ldappasswd" that i use for this. in my smb.conf: unix password sync = Yes passwd program = /usr/bin/ldappasswd -v -D cn=root,dc=blabla -w secret -t uid=%u,ou=People,dc=blabla passwd chat = *New*password* %n\n *new*password* %n\n -- --------------------------------------------------------------------------- Svante S?rmark | Chalmers University IT systems & services |+46-31-7728665 --------------------------------------------------------------------------- From rwald at wst.edvz.sbg.ac.at Thu Sep 16 11:31:15 1999 From: rwald at wst.edvz.sbg.ac.at (Ralf Waldhofer) Date: Tue Dec 2 02:27:05 2003 Subject: username mapping Message-ID: Hi, i have a NT-server as PDC (i am using Samba 2.0.5a) and want to map all users in the NT-Domain to one specified unix-user. i have created a file user.map which contains "www=*" (the user www is also in the passwd file). my smb.conf file: [global] workgroup = MYWORKGROUP security = SERVER encrypt passwords = Yes password server = some.server.in.my.domain username map = /usr/samba/lib/users.map load printers = No [gera] path = /home/gera valid users = webmaster if i want to mount the share gera it seems that samba replaces the username webmaster with the user www & passes it then with the password to the PDC. in the logfile: ..... Mapped user webmaster to www ..... Clearing default real name ..... Invalid username/password for gera error packet at line 163 cmd=117 (SMBtconX) eclass=2 ecode=2 error string = No such file or directory if i add the user webmaster in the passwd-file with no passwd, everything goes ok. any help is apriciated. thanks in advance, R. Waldhofer From johanh at fusion.kth.se Thu Sep 16 12:32:47 1999 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:27:05 2003 Subject: AFS with Samba PDC Message-ID: We resently upgraded from NFS to AFS at our site. We have used Kerberos 4 (KTH-KRB) for a while now. For the Win95 clients, it's not a problem. Its relatively easy to patch the clear text password Kerberos 4 support in Samba to include AFS support as well. If no one done this, I will try to get time to test and submit a patch doing this. However, to make the Samba PDC AFS aware it's much more tricky. Has anyone done this? If not I have two suggestion 1. Store the users Kerberos passwords as srvtabs on the local disk of the Samba PDC, and then obtain a ticket after the NT password validation is done. 2. Run the Samba PDC with an common AFS ticket on the local Samba machine, turn off wide links and tell the intereseted users to set the ACL such that Samba can read and write on their directories. In this scheme users must be prevented from mounting each other's volumes in their homes. Comments? The second issue is with the ticket lifetime. After the ticket has expired, Samba should die forcing the NT machine to open a new connection with a new ticket. This is not a problem for NT choosing the first scheme above, but will be for the clear text password version. Comments? Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From iainr at civ.hw.ac.uk Thu Sep 16 12:49:28 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:05 2003 Subject: MS Exchange In-Reply-To: <199909152046.QAA06265@coda.docd-east> Message-ID: On Thu, 16 Sep 1999, Paul L. Lussier wrote: > > In a message dated: Wed, 15 Sep 1999 19:38:26 +0200 > Jan Kratochvil said: > > > I should get it, I haven't yet read any paper-written text on Samba. > > John's book was excellent in explaining the brain-dead manner in which MS > networking works (or rather, doesn't:). Other than that though, it was much > more of "man pages with commentary". If you print out all the Samba man > pages, then you have the majority of John's book. Gerry's book was more of a > "real life practicum in Samba" where he provided different scenarios, idea, > and implementations as well as HOWTOs, etc. The 2 books are a very > complimentary. I didn't feel that Gerry's book explained the MS networking as > completely as John's, but it was more up to date and contained more examples. > So, IMO, you can't go wrong with reading both. I'd recommend Gerry's book to anyone thinking about using samba, it saved me a lot of time and effort, I've not got my hands on any of the others yet. > > > Tech support would welcome it but people are using the time manager, work > >lists etc., I'm not forced to use it myself but simply due to all these > >features the remove of Exchange is unfortunately not a solution now. > > I'm in a similar situation where people are using Outlook for time managment. > Fortunately, though, everyone is using Eurdora or Netscape and POP3 for > e-mail, or they use native Unix mail :) > Are they actually using the "arrange meetings" part of outlook or just the PIM/tasklist stuff as I think the netscape calendar has those (not sure about the licensing though) Outlook seems to becoming the time management client of choice round here and I' really rather it didn't. I really wish someone would produce a free (or even reasonably cheap) calendar server which supported ical. Sorry this is getting off-topic, I'll shut up :) ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From deo31cmi at ac-toulouse.fr Thu Sep 16 12:46:31 1999 From: deo31cmi at ac-toulouse.fr (cmi deodat) Date: Tue Dec 2 02:27:05 2003 Subject: low connection References: <37D25E6D.6A9CB70F@aw.com.pl> <37D266EA.78D29C80@eng.auburn.edu> <37D582A9.DFCAF150@compedge.co.nz> Message-ID: <000701bf0041$80e18200$091ffec2@actoulouse> I use samba now for more than one year and it's great. However, there is a very long time at logon between the hitting of the enter key and the effective connection (more or less 10 s) - nothing like this on the real NT server. Seems like if samba was waiting for somthing to happen. Do you know what? security = users - same problem on stand alone net (with no other NT server). Win 95/98 clients, plain text password. given this, all goes right. thanks From nord at cdt.luth.se Thu Sep 16 13:37:34 1999 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:27:05 2003 Subject: Win 2000 in domain. Message-ID: <37E0F29E.51E0914A@cdt.luth.se> Hi, I know at present Windows 2000 is not supported by samba in a domain. However I would like to evaluate Samba as a PDC for Win2k clients so when Win2k is released we can setup a domain. So, what I would like to know is, does anybody know roughly when we may see Win2k domain compatibility starting to apear in the head code? Thanks, /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From owensc at enc.edu Thu Sep 16 14:18:30 1999 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:27:05 2003 Subject: Can Samba scale with NT_Terminal_Server? (was: Samba and WinTS / WinDD) Message-ID: <37E0FC36.3739D8F2@enc.edu> I'm wondering if the unique (?) way NT Terminal Server (NT_TS) connects to Samba is a problem. Samba seems to spawn a separate process per connecting client. With "normal" single-user stations (Win3.x, Win9x, WinNT), this results in a process per user. But with NT_TS (and other related Citrix derivatives) we have many users coming from a single client machine, all of which get handled by a _single_ Samba process (one per NT_TS server box). It is not unreasonable to expect that there may then be 50 to 150 users being handled by a single Samba process (depending on the horsepower of the NT_TS server). This difference (many users per Samba process vs. one) seems like it could be a big deal to me. Is Samba known to be able to properly handle the many-user case with as many users as I describe above? Was it at least _designed_ to be able to do so? A separate question is whether or not NT_TS talks to a PDC any differently than with plain NT. Something is making our NT_TS boxes unstable (beyond what's expected given their pedigree ;-). It seems to be related to their being involved with a Samba PDC or with their trying to relatively heavy file sharing via Samba (or possibly both). I'd be most appreciative if anyone had any experiences to share to suggest the best way to proceed. What's the best way to trouble-shoot this? We've been running multiple pilot installations of NT_TS + Citrix Metaframe [v1.8] with varying results. Here's what we have: [In all cases user apps are Netscape 4.61, Office 97, Eudora 4.x, installed on local NT_TS drives. All servers have Service Pack 4 plus a number of fixes we've squeezed out of Microsoft and Citrix.] A: NT_TS + Metaframe server in workgroup mode. File, WINS service: Samba 1.9.18(?) box. Load: primary computing environment for about 6 users Result: Rather stable. Will eventually blue-screen if up for more than a week or three. B: NT_TS + Metaframe in Samba PDC domain PDC, WINS, File+Print: Samba -HEAD branch, circa mid-July Load: 30 users (using "Windows Terminals" [Neoware]) Result: Unstable. Tends to blue-screen on average every 1.5 days. Rebooting every morning seems to keep things livable. C: NT_TS + Metaframe in Samba PDC domain (not the same as B) PDC, WINS: Samba -HEAD branch from August 11th File/Print: Samba 2.0.5a Load: 10 users. Five are using lousy 16-bit app that uses SMB-file share (samba) as shared-access database. Result: Unstable. Similar to B. With B & C I've seen funky file behavior. Things work fine most of the time, but after a day or two of uptime NT_TS may start acting sluggish (screen freezes here and there, sessions dropping)... folks may not be able to save their work (as seen by Matt J. in his message), often being told that the disk is full. At some point the system will usually blue-screen... it comes down hard... it isn't able to save a crash dump or auto-reboot as we've told it (despite our extensive coaxing efforts). The event log will generally have a number of these message right before the time of the crash: The redirector received an SMB that was too short. It may also contain one or more of these: The redirector has timed out a request to PDC-ENC-DS. [Samba PDC for example C] The redirector has timed out a request to smb1. [Samba File/print box for example C] The redirector received an incorrectly formatted response from smb1. I'd hoped that some of my trouble with example B was due to trying to do my file/print serving from Samba-HEAD. Thus the switch to 2.0.5a for these services in example C. Doesn't seem to have helped much, making me wonder if the major trouble is lies with some PDC interaction. [ perhaps it's time to upgrade my -HEAD branch PDC code? ] It would be best, I'm sure if I did an implementation of this with a true NT PDC and Samba for just file/print. Then I could focus just on file issues. Or visa versa so I could focus on Samba PDC issues. I've definitely muddied the waters with my current approach. (sigh) So... any other NT_TS users doing the Samba thing with better luck than I? And, of course, I feel duty-bound to point out that were NT_TS and Metaframe correctly, or at least more robustly implemented, they'd be able to with-stand non-ideal behavior from Samba (assuming this is occurring) without going belly-up. Said another way, it's not Samba's fault that there are some fundamental flaws in NT_TS that cause it to crash when tickled. Samba is only responsible for the tickling. [ The same argument applies to behavior I've seen with the ICA client software when accessing ICA-mapped local drives. If you bang hard enough, you'll crash the server (though a Citrix hotfix mostly cleaned this up... now it just kills your session ;-) ] But I digress... Thanks, Charles O. Matthew Jamison said: > I have noticed a small problem with WinTS/WinDD and samba. If for any > reason the samba server goes down and then comes back up while some one is > editing a MS document on one of these boxes the user is unable to save there > work. I think this is strange since this does not seem to effect NT > workstation and Win9x. -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From allan at umich.edu Thu Sep 16 15:00:19 1999 From: allan at umich.edu (Allan Bjorklund) Date: Tue Dec 2 02:27:05 2003 Subject: AFS with Samba PDC In-Reply-To: Message-ID: <1176749025.937479619@bobroberts.rs.itd.umich.edu> --On Thursday, September 16, 1999, 10:35 PM +1000 Johan Hedin wrote: > We resently upgraded from NFS to AFS at our site. We have used Kerberos 4 > (KTH-KRB) for a while now. For the Win95 clients, it's not a problem. Its > relatively easy to patch the clear text password Kerberos 4 support in > Samba to include AFS support as well. If no one done this, I will try to > get time to test and submit a patch doing this. However, to make the Samba > PDC AFS aware it's much more tricky. Has anyone done this? Yes, but what we've done is a bit ugly and we are looking for a better way. We've written wrappers for the MS networking DLLs, so that when a user attempts to contact a networked share, it first tries to contact a daemon on the machine to pass AFS tokens (encrypted of course) to the server, and for the server to pass the client a string to use as a password (also encrypted). This password is then passed to the real MS networking DLL to use as the password (the remote daemon has already inserted it into the SMB password file). After authentication, a snippet of code added to SAMBA loads the passed up AFS token from a file maintained by the daemon. If the initial connection can not be made to the daemon, the wrapper DLL falls through and normal MS authentication occurs. The drawbacks are, that everytime MS "tweaks" the networking DLLs, we need to recode our wrappers. Also, we are making a change to SAMBA that is dependant on an outside daemon. We have a few new ideas that are being investigated right now, that if they work, would eliminate our need for the network wrappers and making code changes to SAMBA. > If not I have > two suggestion > > 1. Store the users Kerberos passwords as srvtabs on the local disk of the > Samba PDC, and then obtain a ticket after the NT password validation is > done. The potential security breakdown here scares me. Do you really want to place the srvtabs for all your users on a machine where the users will have the ability to manipulate files? Who knows what clever little tricks the less honest may discover. > > 2. Run the Samba PDC with an common AFS ticket on the local Samba machine, > turn off wide links and tell the intereseted users to set the ACL such > that Samba can read and write on their directories. In this scheme > users must be prevented from mounting each other's volumes in their > homes. Which prevents collaboration between people. The ability to share data files with others is a feature users demand to have. That is too big of a lose. Also if that one global account is compromised you really lose. > > Comments? > > > The second issue is with the ticket lifetime. After the ticket has > expired, Samba should die forcing the NT machine to open a new connection > with a new ticket. This is not a problem for NT choosing the first scheme > above, but will be for the clear text password version. What if you also share local UNIX files? Cut them off also? One of the design goals for the new authentication methods we're working on, is to have a method of prompting the user to refresh their expired tokens. --Allan =================================================================== Allan Bjorklund | allan@umich.edu Systems Research Programmer | University of Michigan Research Systems UNIX Group | 535 W. William St. Information Technology Division | Ann Arbor, MI 48103 1-(734)-763-9391 | U.S.A. =================================================================== From mmiller at vermeermfg.com Thu Sep 16 14:59:57 1999 From: mmiller at vermeermfg.com (Matthew Miller) Date: Tue Dec 2 02:27:05 2003 Subject: Support of domain groups Message-ID: <37E105ED.EC8EBBEE@vermeermfg.com> We are running Solaris 7 with Samba 2.05a on the server side. The clients are running a mix of Win 9x and Windows NT 4.0 Workstation. We are adding a document management tool on a NT 4.0 Server sp5 (stand-alone) box. All these boxes are in the same domain. We want only "special" NT workstation users to access this app. In order for this application to run, the application's directory has been shared out. We've done this successfully and are able to create our network map from the client. But, we need to restrict access to a certain group (mapping works when "EVERYONE" has sharing permissions). Since we don't have an NT domain controller (our app server is a stand-alone), we are having problems with mapping unix groups over to NT. We don't want to create duplicate local accounts on the NT Server due to the increased administration headaches. We attempted to configure the "map group" variable in the admin. page, in accordance with the man pages and Gerald Carter's book. It didn't work; the group is not seen by the NT Server when setting the share permissions. Is this support available in the latest and greatest (2.05a)? Will it be available soon? Is there a work around? Any help will be greatly appreciated. Matt Miller Systems Administrator mmiller@vermeermfg.com From johanh at fusion.kth.se Thu Sep 16 15:25:08 1999 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:27:05 2003 Subject: AFS with Samba PDC In-Reply-To: <1176749025.937479619@bobroberts.rs.itd.umich.edu> Message-ID: On Fri, 17 Sep 1999, Allan Bjorklund wrote: > > > --On Thursday, September 16, 1999, 10:35 PM +1000 Johan Hedin > wrote: > > Yes, but what we've done is a bit ugly and we are looking for a better > way. Still looks a lot better than what I was planning to do. Are you planning on giving this away? I will propably do the clear text password patch anyway, we will propably use it for some Win95 boxes. > > 1. Store the users Kerberos passwords as srvtabs on the local disk of the > > Samba PDC, and then obtain a ticket after the NT password validation is > > done. > > The potential security breakdown here scares me. Do you really want > to place the srvtabs for all your users on a machine where the users will > have the ability to manipulate files? Who knows what clever little tricks > the less honest may discover. Yes I know this is not the best of all solutions. Since we have mostly Sun users here and a few NT machines, it will be only the srvtabs of those, but still, I agree, it's not satisfactory. Your way sound a lot better. > > 2. Run the Samba PDC with an common AFS ticket on the local Samba machine, > > turn off wide links and tell the intereseted users to set the ACL such > > that Samba can read and write on their directories. In this scheme > > users must be prevented from mounting each other's volumes in their > > homes. > > Which prevents collaboration between people. The ability to share > data files with others is a feature users demand to have. That is too big > of a lose. Also if that one global account is compromised you really > lose. Ok. This does not look like the way to do it. > > The second issue is with the ticket lifetime. After the ticket has > > expired, Samba should die forcing the NT machine to open a new connection > > with a new ticket. This is not a problem for NT choosing the first scheme > > above, but will be for the clear text password version. > > What if you also share local UNIX files? Cut them off also? We are planning a pure AFS user space here, but yes, there should maybe be an option in smb.conf controling on which share to do this. > One of the design goals for the new authentication methods we're > working on, is to have a method of prompting the user to refresh their > expired tokens. Sounds like the way to do it. There should be a public interest in this (unless people just buy Transarc NT-client). Since I have no knowledge in NT programming, I'll propably stick to the dirty and somewhat unsecure (but not worse than our previous NFS solution) srvtab solution, but I would love to test your software if you release it. What about preformance? Would Transarc NT-client and Samba for printing be a lot faster, than Samba for both files and printing? /Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From Dave.Stevenson at durham.ac.uk Thu Sep 16 15:53:32 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:05 2003 Subject: NT printing code - spoolss? Message-ID: <18084.199909161553@gengis> CVS 2.1.xprealpha Having fun at the bleeding edge but... has anyone managed to make the printer queue display "refresh" other than by hitting the refresh button? I can print, refresh manually etc etc OK but doesn't seem to update itself. printers connected via a local port with \\server\printer_name seem to work fine and periodically refresh. Guess one is locally managed and monitored but the other is done by samba. Is there queue monitoring stuff in place in the NT/spoolss code yet? If so can someone point me to it, and to the LANMAN equivalent I'd be interested. UNIX printers are remote ... if that may be a factor? ie jobs disappear very quickly so queues are nearly always empty - lpq cache time is 10 secs NT4 SP3 though SP5 Solaris 2.6 Samba CVS HEAD as of Mon 12th Sep From Jean-Francois.Micouleau at dalalu.fr Thu Sep 16 16:09:00 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:05 2003 Subject: NT printing code - spoolss? In-Reply-To: <18084.199909161553@gengis> Message-ID: On Fri, 17 Sep 1999 Dave.Stevenson@durham.ac.uk wrote: > CVS 2.1.xprealpha > > Having fun at the bleeding edge but... > > has anyone managed to make the printer queue display "refresh" other > than by hitting the refresh button? I can print, refresh manually etc > etc OK but doesn't seem to update itself. I haven't still written the code. Warning: It's more complex than what you think. > printers connected via a local port with \\server\printer_name seem to > work fine and periodically refresh. > > Guess one is locally managed and monitored but the other is done by samba. yep the spooling is done by the NT workstation > Is there queue monitoring stuff in place in the NT/spoolss code yet? > If so can someone point me to it, and to the LANMAN equivalent I'd > be interested. Not done, but I have the ideas and some draft code. > UNIX printers are remote ... if that may be a factor? ie jobs disappear > very quickly so queues are nearly always empty - lpq cache time is 10 > secs Not a factor. It'll work fine with LRPng. It would be a big hack to make it run with BSD or SysV printing system. And any sane person use LPRng already :-))) No ???? > NT4 SP3 though SP5 There is a known bug (at least by me) with SP5. Jean Francois From Dave.Stevenson at durham.ac.uk Thu Sep 16 16:32:01 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:05 2003 Subject: NT printing code - spoolss? Message-ID: <18184.199909161632@gengis> Jean Francois Micouleau Wrote: snip On Fri, 17 Sep 1999 Dave.Stevenson@durham.ac.uk wrote: snip > > has anyone managed to make the printer queue display "refresh" other > than by hitting the refresh button? I can print, refresh manually etc > etc OK but doesn't seem to update itself. I haven't still written the code. Warning: It's more complex than what you think. snip It's ALWAYS more complex than I think... Guess I'll continue to dupe the printers as Local for now but set up a test domain to play around and try to learn a bit more. Can you reveal your "known" SP5 bug?? - I'm currently contemplating SP5-ing around 50+ NT4 workstations that are currently printing via Samba 2.1 - we like to live on or overlooking the edge ;-) From Jean-Francois.Micouleau at dalalu.fr Thu Sep 16 16:54:21 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:05 2003 Subject: NT printing code - spoolss? In-Reply-To: <18184.199909161632@gengis> Message-ID: On Fri, 17 Sep 1999 Dave.Stevenson@durham.ac.uk wrote: > Can you reveal your "known" SP5 bug?? - I'm currently contemplating > SP5-ing around 50+ NT4 workstations that are currently printing via > Samba 2.1 - we like to live on or overlooking the edge ;-) Ms changed the FindFirstPrinterChangeNotification between SP4 and SP5. I discovered it recently (thanks Luke) and Samba doesn't handle it properly. J.F. From pilsl at goldfisch.atat.at Wed Sep 15 21:48:44 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:05 2003 Subject: machine passwd Message-ID: <19990915234844.C20863@goldfisch.atat.at> in my nt-syslog I found the following entry: changing password for computeraccount $HOST failed. so it seems NT wanted to change its machinepassword on serverside automatically .. is this normal ? and is it normal that this fails ? using samba2.05a thanks, peter ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From florian at void.s.bawue.de Thu Sep 16 20:33:38 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:27:06 2003 Subject: MS Exchange In-Reply-To: <199909151515.LAA04360@coda.docd-east>; from Paul L. Lussier on Thu, Sep 16, 1999 at 01:22:27AM +1000 References: <37DE454F.3357EB16@etsetb.upc.es> <199909141307.JAA16480@coda.docd-east> <37DE4B49.AEE90E92@etsetb.upc.es> <199909141552.LAA24104@coda.docd-east> <19990915052251.26196@atrey.karlin.mff.cuni.cz> <199909151334.JAA24256@coda.docd-east> <19990915161325.39191@atrey.karlin.mff.cuni.cz> <199909151515.LAA04360@coda.docd-east> Message-ID: <19990916223338.B1068@void.s.bawue.de> On Thu, Sep 16, 1999 at 01:22:27AM +1000, Paul L. Lussier wrote: > > >> If after, then did you make sure that it only knows about the Samba > >> PDC and not the old domain controller? > > > > The old domain controller was, of course, shut down during the testing (in > >night hours, some backups failed but who cares about them :-) ). > > Right, but the Exchange server wasn't, which means it's trying to authenticate > against the old PDC, which has a different SID than the Samba one. If Exchange was keeping track of the PDC's SID, that would mean that you can't even switch from one NT PDC to another. I can't really believe that. (But then again, it is Microsoft... Has anybody got a few spare NT Servers to test? :-) Cheers, Florian From simonmu at optimation.co.nz Thu Sep 16 20:34:36 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd In-Reply-To: <19990915234844.C20863@goldfisch.atat.at> Message-ID: On Fri, 17 Sep 1999, peter pilsl wrote: in my nt-syslog I found the following entry: changing password for computeraccount $HOST failed. so it seems NT wanted to change its machinepassword on serverside automatically .. is this normal ? and is it normal that this fails ? Yes this is completely normal. It does it roughly once every week I believe. Regards Simon Murcott From GLeblanc at cu-portland.edu Thu Sep 16 20:41:05 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:06 2003 Subject: MS Exchange Message-ID: I changed PDC on our network just a few weeks ago, and we didn't have any trouble with our exchange server (except that the administration is a bitch). Actually both of our exchanges servers are happy and healthy after changing from a HP pavilion PDC to a Compaq ProLiant 2500. (Talk about a BIG upgrade) I can't imagine that it's storing the sid of the PDC, but there IS a domain SID last I checked. I'd guess that that could be the SID that's screwing up. When I've "ghosted" machines, I have to remove them from the domain, then add them after I've ghosted, and none of the services that I have logging in as domain users work, I have to go re-enter the passwords. Greg Involuntary NT Administrator :) > -----Original Message----- > From: Florian Laws [mailto:florian@void.s.bawue.de] > Sent: Thursday, September 16, 1999 1:32 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: MS Exchange > > > On Thu, Sep 16, 1999 at 01:22:27AM +1000, Paul L. Lussier wrote: > > > > >> If after, then did you make sure that it only knows > about the Samba > > >> PDC and not the old domain controller? > > > > > > The old domain controller was, of course, shut down > during the testing (in > > >night hours, some backups failed but who cares about them :-) ). > > > > Right, but the Exchange server wasn't, which means it's > trying to authenticate > > against the old PDC, which has a different SID than the Samba one. > > If Exchange was keeping track of the PDC's SID, that would mean that > you can't even switch from one NT PDC to another. > I can't really believe that. > (But then again, it is Microsoft... > Has anybody got a few spare NT Servers to test? :-) > > Cheers, > > Florian > From james at whispering.org Thu Sep 16 20:40:44 1999 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:06 2003 Subject: MS Exchange In-Reply-To: <19990916223338.B1068@void.s.bawue.de> from "Florian Laws" at Sep 17, 99 06:30:34 am Message-ID: <199909162040.QAA15174@whispering.org> We have a large network of NT servers, Exchange servers, and a few Samba boxes. Occasionally for various reasons, we will promote a BDC to a PDC role, thus making the PDC step down as a BDC. Exchange does not have a problem with this. Now, if you're simply creating another domain, naming it the same thing, and bringing up Samba, that's obviouisly where your problems lie. Unfortunately, Samba can't be a BDC where you can then promote it, and remove the NT box that used to be the PDC. That would be the way to do it, since there is a lot of security information and SIDs that aren't recreated when you create a new domain. James Willard, CCNA james@whispering.org > > On Thu, Sep 16, 1999 at 01:22:27AM +1000, Paul L. Lussier wrote: > > > > >> If after, then did you make sure that it only knows about the Samba > > >> PDC and not the old domain controller? > > > > > > The old domain controller was, of course, shut down during the testing (in > > >night hours, some backups failed but who cares about them :-) ). > > > > Right, but the Exchange server wasn't, which means it's trying to authenticate > > against the old PDC, which has a different SID than the Samba one. > > If Exchange was keeping track of the PDC's SID, that would mean that > you can't even switch from one NT PDC to another. > I can't really believe that. > (But then again, it is Microsoft... > Has anybody got a few spare NT Servers to test? :-) > > Cheers, > > Florian > -- James D. Willard, CCNA | Linux/FreeBSD/OpenBSD/Novell/Win/DOS/Minix User james@whispering.org | finger james@whispering.org for PGP Public Key #!/bin/perl -sp0777i Message-ID: <37E15AC9.34DDBAA6@courrier.usherb.ca> peter pilsl wrote: > > in my nt-syslog I found the following entry: > changing password for computeraccount $HOST failed. > > so it seems NT wanted to change its machinepassword on serverside automatically .. > is this normal ? and is it normal that this fails ? Yep, this is normal but it can be deactivated by some settings in the registry. But I don't remember where :-( (I think I've seen it at www.jsiinc.com ) Sebas. ____________________________________________________________________________ Sebastien Corriveau Tel: (819)820-6855 Responsable de l'informatique Fax: (819)820-6841 From SWingate at NEUUS.JNJ.com Thu Sep 16 21:49:28 1999 From: SWingate at NEUUS.JNJ.com (Wingate, Steve [IBM NON J&J]) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd Message-ID: <4327A1883D21D311AC9400508B0A1B9E7F4212@NTGUSLAEXS1> I read an article in a recent Windows NT magazine stating that computers change their own domain computeraccount password every 7 days. Disconnecting a machine (laptop user for example) from the domain for longer than this period can cause login errors. I can't recall the exact error but something along the lines of 'computer trust account being broken or no longer established'. Steve Wingate, MCSE IBM Global Services (310)337-6830 swingate@neuus.jnj.com Work like you don't need the money. Dance like nobody's watching. Love like you've never been hurt. > -----Original Message----- > From: Sebastien Corriveau [SMTP:sebastien.corriveau@courrier.usherb.ca] > Sent: Thursday, September 16, 1999 2:06 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: machine passwd > > peter pilsl wrote: > > > > in my nt-syslog I found the following entry: > > changing password for computeraccount $HOST failed. > > > > so it seems NT wanted to change its machinepassword on serverside > automatically .. > > is this normal ? and is it normal that this fails ? > > Yep, this is normal but it can be deactivated by some settings in the > registry. > > But I don't remember where :-( (I think I've seen it at www.jsiinc.com ) > > Sebas. > __________________________________________________________________________ > __ > Sebastien Corriveau Tel: > (819)820-6855 > Responsable de l'informatique Fax: > (819)820-6841 From dominik-fritz at gmx.de Fri Sep 17 07:26:18 1999 From: dominik-fritz at gmx.de (Dominik Fritz) Date: Tue Dec 2 02:27:06 2003 Subject: Whow can I delete an entry in the nmbd database Message-ID: <37E1ED1A.B4C500E1@gmx.de> Hi Does anyone know how to delete an entry from the nmbd database, when nmbd is acting as a WINS server? I read in the documentation, that the database can be inconsitent when nmbd is shut down with th SIGKILL signal. After a crash of my server nnmbd resolves to one host name a wrong IP adress? Thanks Dominik From awilliam at whitemice.org Fri Sep 17 10:24:59 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:06 2003 Subject: Problem compiling SAMBA with ldap support In-Reply-To: Rene Baerecke "Re: Problem compiling SAMBA with ldap support" (Sep 10, 9:38pm) References: <37D8EE85.BD5DD97@BOS-Systemhaus.DE> Message-ID: <9909171024.ZM19996@estate1.whitemice.org> > > checking for four-argument statfs (AIX-3.2.5, SVR3)... no > > checking for two-argument statfs with statfs.fsize member (4.4BSD and > > NetBSD)... no > > checking for two-argument statfs with struct fs_data (Ultrix)... no > > checking configure summarty > > configure: error: summary failure. Aborting config > > Looks strange and I had it too. Leave ldap out and this works. > > Installing bind-devel solved this for me. I have now tried in on three diffrent RH6.0 and a RH5.0 box and it will configure on none of them. It dies with the same error message every time. I have checked that I have bind-devel installed on all machines. At first I though out of the blue it might be that the first machine uses nss_ldap so I tried one with only an /etc/passwd file and one that uses NIS, and it breaks on them all (course I don't know why I thought that might be a problem). All three machines compile other applications, including ones that use LDAP, without complaint. LDAP is OpenLDAP 1.2.3 and OpenLDAP 1.2.6, from the RPM's. From svinto at ita.chalmers.se Fri Sep 17 11:34:33 1999 From: svinto at ita.chalmers.se (Svante =?iso-8859-1?Q?S=F6rmark?=) Date: Tue Dec 2 02:27:06 2003 Subject: Problem compiling SAMBA with ldap support References: <37D8EE85.BD5DD97@BOS-Systemhaus.DE> <9909171024.ZM19996@estate1.whitemice.org> Message-ID: <37E22749.286B9799@ita.chalmers.se> > > > checking configure summarty > > > configure: error: summary failure. Aborting config what do the last few lines of config.log say? -- --------------------------------------------------------------------------- Svante S?rmark | Chalmers University IT systems & services | +46-31-7728665 --------------------------------------------------------------------------- From sebastien.corriveau at courrier.usherb.ca Fri Sep 17 12:14:15 1999 From: sebastien.corriveau at courrier.usherb.ca (Sebastien Corriveau) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd References: <4327A1883D21D311AC9400508B0A1B9E7F4212@NTGUSLAEXS1> Message-ID: <37E23097.3D5102E0@courrier.usherb.ca> "Wingate, Steve [IBM NON J&J]" wrote: > > I read an article in a recent Windows NT magazine stating that computers > change their own domain computeraccount password every 7 days. Disconnecting > a machine (laptop user for example) from the domain for longer than this > period can cause login errors. I can't recall the exact error but something > along the lines of 'computer trust account being broken or no longer > established'. Yes and no. NT PDC negociate a new computeraccount password every 7 days with all NT domain members. However, if the workstation is not accessible the password will not be changed and the laptop (in your exemple) will still be able to connect with the PDC the next time. Suppose your your company closes for 2 weeks during summer. You don't want to re-establish every trust relationship between the PDC and it's members. > Steve Wingate, MCSE I'm not a MCSE but I think I'm right on that. Please tell me if I'm not. Sebas. __________________________________________________________________________ Sebastien Corriveau Tel: (819)820-6855 Responsable de l'informatique Fax: (819)820-6841 From tschweikle at FIDUCIA.de Fri Sep 17 13:22:56 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd Message-ID: <0057540001681289000002L492*@MHS> Sebastien Corriveau wrote: > "Wingate, Steve [IBM NON J&J]" wrote: >> >> I read an article in a recent Windows NT magazine stating that computers >> change their own domain computeraccount password every 7 days. Disconnecting >> a machine (laptop user for example) from the domain for longer than this >> period can cause login errors. I can't recall the exact error but something >> along the lines of 'computer trust account being broken or no longer >> established'. > > Yes and no. NT PDC negotiate a new computeraccount password every 7 days > with all NT domain members. However, if the workstation is not accessible > the password will not be changed and the laptop (in your example) will still > be able to connect with the PDC the next time. This is the way NT does it. If password negotiation fails it will be done next time you connect to the lan. But there was an error in one of M$ hotfixes causing the PDC to change the password nevertheless. Rendering it impossible to logon, until an admin put your box back into the domain. This shouldn't be seen anymore since SP #3 as far as i know. > Suppose your your company closes for 2 weeks during summer. You don't want > to re-establish every trust relationship between the PDC and it's members. > >> Steve Wingate, MCSE > > I'm not a MCSE but I think I'm right on that. Please tell me if I'm not. -- ThomasFrom tschweikle@FIDUCIA.de Fri Sep 17 13:23:40 1999 Received: from snoopy.nic.fiducia.de ([195.200.32.17]:1819 "EHLO convert rfc822-to-8bito snoopy.nic.fiducia.de") by samba.anu.edu.au with ESMTP id ; Fri, 17 Sep 1999 23:23:31 +1000 Received: from FIDUCIA.DE ([10.253.218.1]) by snoopy.nic.fiducia.de (Netscape Messaging Server 3.5) with SMTP id 310 for ; Fri, 17 Sep 1999 15:22:41 +0200 Received: by FIDUCIA.DE (Soft-Switch LMS 3.2) with snapi via NOTES id 0057540001681288; Fri, 17 Sep 1999 15:22:54 +0200 From: tschweikle@FIDUCIA.de To: " - *Samba-Ntdom@Samba.Org" Subject: Re: machine passwd Message-ID: <0057540001681288000002L482*@MHS> Date: Fri, 17 Sep 1999 15:22:54 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Content-Disposition: inline Return-Path: X-Orcpt: rfc822;Samba-Ntdom@Samba.Org Sebastien Corriveau wrote: > "Wingate, Steve [IBM NON J&J]" wrote: >> >> I read an article in a recent Windows NT magazine stating that computers >> change their own domain computeraccount password every 7 days. Disconnecting >> a machine (laptop user for example) from the domain for longer than this >> period can cause login errors. I can't recall the exact error but something >> along the lines of 'computer trust account being broken or no longer >> established'. > > Yes and no. NT PDC negotiate a new computeraccount password every 7 days > with all NT domain members. However, if the workstation is not accessible > the password will not be changed and the laptop (in your example) will still > be able to connect with the PDC the next time. This is the way NT does it. If password negotiation fails it will be done next time you connect to the lan. But there was an error in one of M$ hotfixes causing the PDC to change the password nevertheless. Rendering it impossible to logon, until an admin put your box back into the domain. This shouldn't be seen anymore since SP #3 as far as i know. > Suppose your your company closes for 2 weeks during summer. You don't want > to re-establish every trust relationship between the PDC and it's members. > >> Steve Wingate, MCSE > > I'm not a MCSE but I think I'm right on that. Please tell me if I'm not. -- From dreyol at ais.alagri.com Fri Sep 17 13:55:57 1999 From: dreyol at ais.alagri.com (Olaf Dreyer) Date: Tue Dec 2 02:27:06 2003 Subject: Can Samba scale with NT_Terminal_Server? (was: Samba and WinTS / WinDD) In-Reply-To: <37E0FC36.3739D8F2@enc.edu> Message-ID: Hi, On Fri, 17 Sep 1999, Charles N. Owens wrote: > I'm wondering if the unique (?) way NT Terminal Server (NT_TS) connects > to Samba is a problem. Samba seems to spawn a separate process per > connecting client. With "normal" single-user stations (Win3.x, Win9x, > WinNT), this results in a process per user. But with NT_TS (and other > related Citrix derivatives) we have many users coming from a single > client machine, all of which get handled by a _single_ Samba process > (one per NT_TS server box). It is not unreasonable to expect that there > may then be 50 to 150 users being handled by a single Samba process > (depending on the horsepower of the NT_TS server). You can set "nt smb support = no", but this will brake win 98 clients, or you can change one entry in WinTS-Registry after installing Service-Pack 4 for WinTS. This is probably the better way, because Microsoft recommends setting this parameter for various problems (look at the knowledge base). HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\ MultipleUsersOnConnection=0x000000 > So... any other NT_TS users doing the Samba thing with better luck than > I? We have a WinTS/metaframe system running here. We use a Samba 2.0.5a Fileserver and a NT PDC. We also have a lot of WinCenter Servers using NIS to authenticate their users against Linux-Servers running Samba and NIS, we don't have the NIS-thing for WinTS/Metaframe :( . But we will use Samba as PDC as soon as possible. We have 40 to 60 users and the system is running stable. We had a lot of problems with "oplock breaks", but since we reorganized some part of the network they are gone. > And, of course, I feel duty-bound to point out that were NT_TS and > Metaframe correctly, or at least more robustly implemented, they'd be > able to with-stand non-ideal behavior from Samba (assuming this is > occurring) without going belly-up. Said another way, it's not Samba's > fault that there are some fundamental flaws in NT_TS that cause it to > crash when tickled. Samba is only responsible for the tickling. WinCenter ( NT 3.51 ) was more stable. We are missing the NIS-Thing, and the NCD Wincenter for WinTS/Metaframe ( its a Citrix product ) is known to be buggy. :( One Point which always make problems are the clients. On the Metaframe Server there will be created a temp-directory for each connection. If this connections disconnects abnormal, eg the user get a blue screen on his workstation, this directory stays there. It won't be deleted even after a reboot of the WinTS. If someone later gets the same connection ID he will get this temporary directory assigned, the files probably owned by someone else... Best Regards Olaf Dreyer From SWingate at NEUUS.JNJ.com Fri Sep 17 15:19:49 1999 From: SWingate at NEUUS.JNJ.com (Wingate, Steve [IBM NON J&J]) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd Message-ID: <4327A1883D21D311AC9400508B0A1B9E7F4213@NTGUSLAEXS1> Well in this article the writer was saying just the opposite. He wrote that while the computer is disconnected from the domain, the current password 'expires' after 7 days. When the computer is reconnected it can't authenticate because it doesn't know the new password and can't negotiate a new one. I've never seen the issue myself so I don't have any real comment either way. > -----Original Message----- > From: Sebastien Corriveau [SMTP:sebastien.corriveau@courrier.usherb.ca] > Sent: Friday, September 17, 1999 5:17 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: machine passwd > > "Wingate, Steve [IBM NON J&J]" wrote: > > > > I read an article in a recent Windows NT magazine stating that computers > > change their own domain computeraccount password every 7 days. > Disconnecting > > a machine (laptop user for example) from the domain for longer than this > > period can cause login errors. I can't recall the exact error but > something > > along the lines of 'computer trust account being broken or no longer > > established'. > > Yes and no. NT PDC negociate a new computeraccount password every 7 days > with all NT domain members. However, if the workstation is not accessible > the password will not be changed and the laptop (in your exemple) will > still > be able to connect with the PDC the next time. > > Suppose your your company closes for 2 weeks during summer. You don't want > to re-establish every trust relationship between the PDC and it's members. > > > Steve Wingate, MCSE > > I'm not a MCSE but I think I'm right on that. Please tell me if I'm not. > > Sebas. > __________________________________________________________________________ > Sebastien Corriveau Tel: (819)820-6855 > Responsable de l'informatique Fax: (819)820-6841 From sebastien.corriveau at courrier.usherb.ca Fri Sep 17 15:47:10 1999 From: sebastien.corriveau at courrier.usherb.ca (Sebastien Corriveau) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd References: <4327A1883D21D311AC9400508B0A1B9E7F4213@NTGUSLAEXS1> Message-ID: <37E2627E.EF5E4E6A@courrier.usherb.ca> "Wingate, Steve [IBM NON J&J]" wrote: > > Well in this article the writer was saying just the opposite. He wrote that > while the computer is disconnected from the domain, the current password > 'expires' after 7 days. When the computer is reconnected it can't > authenticate because it doesn't know the new password and can't negotiate a > new one. I've never seen the issue myself so I don't have any real comment > either way. Well, he was wrong except (as pointed out by Thomas(?) at tschweikle@FIDUCIA.de) for one old buggy M$ hotfix that produced that behaviour. Sebas. ____________________________________________________________________________ Sebastien Corriveau Tel: (819)820-6855 Responsable de l'informatique Fax: (819)820-6841 From jurijs at aizkraukles.com Fri Sep 17 15:57:20 1999 From: jurijs at aizkraukles.com (Jurijs Dorofejevs) Date: Tue Dec 2 02:27:06 2003 Subject: Samba and PPP In-Reply-To: <37E2627E.EF5E4E6A@courrier.usherb.ca> References: <37E2627E.EF5E4E6A@courrier.usherb.ca> Message-ID: <2789.990917@aizkraukles.com> Hello! I have server running on linux. Samba is used to serve as WINS server for WIN_XX client in my network. eth0 is for network 195.216.182.96/255.255.255.224 eth1 is for network 195.216.182.88/255.255.255.248 everything is fine and all client from 2 segments can see each other in Network Neighborhood. But few days ago I add PPP connection to this host. I used network 195.216.182.68/255.255.255.252 for this purpose. (PPP server has 195.216.182.69 address, PPP-client is 195.216.182.70) /etc/ppp/options has following line: ms-wins 195.216.182.97 (it address of this server) But PPP-client doesn't appear in Network Neighborhood, though it can be reached usin Find Computer from other clients. I tried to add the line in /etc/smb.conf interfaces = 195.216.182.97/255.255.255.224 195.216.182.90/255.255.255.248 195.216.182.69/255.255.255.252 But this didn't help Anyone can help me? ----------===================---------- Jurijs Dorofejevs "Aizkraukles Banka Ltd." Information Technologies Department e-mail: jurijs@aizkraukles.com ----------===================---------- Jurijs Dorofejevs "Aizkraukles Banka Ltd." Information Technologies Department e-mail: jurijs@aizkraukles.com From pilsl at goldfisch.atat.at Fri Sep 17 19:16:43 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd In-Reply-To: <37E23097.3D5102E0@courrier.usherb.ca> References: <4327A1883D21D311AC9400508B0A1B9E7F4212@NTGUSLAEXS1> <37E23097.3D5102E0@courrier.usherb.ca> Message-ID: <19990917211643.C28162@goldfisch.atat.at> On Fri, Sep 17, 1999 at 10:17:51PM +1000, Sebastien Corriveau wrote: > "Wingate, Steve [IBM NON J&J]" wrote: > > > > I read an article in a recent Windows NT magazine stating that computers > > change their own domain computeraccount password every 7 days. Disconnecting > > a machine (laptop user for example) from the domain for longer than this > > period can cause login errors. I can't recall the exact error but something > > along the lines of 'computer trust account being broken or no longer > > established'. > > Yes and no. NT PDC negociate a new computeraccount password every 7 days > with all NT domain members. However, if the workstation is not accessible > the password will not be changed and the laptop (in your exemple) will still > be able to connect with the PDC the next time. > hmm, I dont understand this at all. my origin question was about a error in the clients eventlog. so it seems that nt-client tried to change its machinepasswd on serverside and samba-PDC rejected it. but you are writing about a NT-PDC that initiates a passwd change with its client. thats the opposite way. peter ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From sebastien.corriveau at courrier.usherb.ca Fri Sep 17 20:17:23 1999 From: sebastien.corriveau at courrier.usherb.ca (Sebastien Corriveau) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd References: <4327A1883D21D311AC9400508B0A1B9E7F4212@NTGUSLAEXS1> <37E23097.3D5102E0@courrier.usherb.ca> <19990917211643.C28162@goldfisch.atat.at> Message-ID: <37E2A1D3.32B4BA2A@courrier.usherb.ca> peter pilsl wrote: > > On Fri, Sep 17, 1999 at 10:17:51PM +1000, Sebastien Corriveau wrote: > > "Wingate, Steve [IBM NON J&J]" wrote: > > > > > > I read an article in a recent Windows NT magazine stating that computers > > > change their own domain computeraccount password every 7 days. Disconnecting > > > a machine (laptop user for example) from the domain for longer than this > > > period can cause login errors. I can't recall the exact error but something > > > along the lines of 'computer trust account being broken or no longer > > > established'. > > > > Yes and no. NT PDC negociate a new computeraccount password every 7 days > > with all NT domain members. However, if the workstation is not accessible > > the password will not be changed and the laptop (in your exemple) will still > > be able to connect with the PDC the next time. > > > > hmm, I dont understand this at all. my origin question was about a error in the clients eventlog. so it seems that nt-client tried to > change its machinepasswd on serverside and samba-PDC rejected it. > but you are writing about a NT-PDC that initiates a passwd change with its client. thats the opposite way. > > peter I really think this process is initiated by the PDC (your Samba-PDC) but that's not important here (you just want it to work as supposed). First of all, samba 2.0.5a support the "machine account password updates" so it should work. see: http://ca.samba.org/samba/docs/ntdom_faq/page1.html Now, it would be great if you could just give me more info (is it a new setup; do you have the same on all client, how often you get this message, etc). I'm sure you've already looked at it but just in case here's the FAQ for Samba NT Domain PDC support: http://ca.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html Sebas. __________________________________________________________________________ Sebastien Corriveau Tel: (819)820-6855 Responsable de l'informatique Fax: (819)820-6841 From pilsl at goldfisch.atat.at Fri Sep 17 21:13:33 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd In-Reply-To: <37E2A1D3.32B4BA2A@courrier.usherb.ca> References: <4327A1883D21D311AC9400508B0A1B9E7F4212@NTGUSLAEXS1> <37E23097.3D5102E0@courrier.usherb.ca> <19990917211643.C28162@goldfisch.atat.at> <37E2A1D3.32B4BA2A@courrier.usherb.ca> Message-ID: <19990917231333.D28162@goldfisch.atat.at> On Fri, Sep 17, 1999 at 04:17:23PM -0400, Sebastien Corriveau wrote: > peter pilsl wrote: > > > > On Fri, Sep 17, 1999 at 10:17:51PM +1000, Sebastien Corriveau wrote: > > > "Wingate, Steve [IBM NON J&J]" wrote: > > > > > > > > I read an article in a recent Windows NT magazine stating that computers > > > > change their own domain computeraccount password every 7 days. Disconnecting > > > > a machine (laptop user for example) from the domain for longer than this > > > > period can cause login errors. I can't recall the exact error but something > > > > along the lines of 'computer trust account being broken or no longer > > > > established'. > > > > > > Yes and no. NT PDC negociate a new computeraccount password every 7 days > > > with all NT domain members. However, if the workstation is not accessible > > > the password will not be changed and the laptop (in your exemple) will still > > > be able to connect with the PDC the next time. > > > > > > > hmm, I dont understand this at all. my origin question was about a error in the clients eventlog. so it seems that nt-client tried to > > change its machinepasswd on serverside and samba-PDC rejected it. > > but you are writing about a NT-PDC that initiates a passwd change with its client. thats the opposite way. > > > > peter > > I really think this process is initiated by the PDC (your Samba-PDC) but > that's not important here (you just want it to work as supposed). > > First of all, samba 2.0.5a support the "machine account password updates" so > it should work. > > see: http://ca.samba.org/samba/docs/ntdom_faq/page1.html > > Now, it would be great if you could just give me more info (is it a new > setup; do you have the same on all client, how often you get this message, > etc). > I maintain two samba-domain-server. one is a new setup (two month) and one is a older setup (one year). These two setups are very similar but are not connected in any way. And on both machines this error occures very occasionally on all clients. I dont care much about that error at all. the servers work and so I dont have any problems. I just dont get into my mind why the error is in the clients-log when the server is initiating the process and fails. peter ------------------------------------------- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available ------------------------------------------- From thomas.heiligenmann at t-online.de Sat Sep 18 17:43:16 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:06 2003 Subject: acls on win-side References: <19990906112015.A11429@goldfisch.atat.at> <19990906192741.A4642@cifs.org> <19990906220751.C13763@goldfisch.atat.at> <37D5477E.C54768F5@heiligenmann.de> <19990908005025.O15261@goldfisch.atat.at> <37D94777.60EC4A5@heiligenmann.de> <37E24807.B41F986A@gmx.net> Message-ID: <37E3CF34.13C90C16@heiligenmann.de> Henning Rohde wrote: > > Hi everybody, > > sorry for entering discussion with a new point, > but in my case Thomas' solution doesn't work: > > if i try add the user 'root' of my Linux-box (SuSE 6.1, Kernel > 2.2.12, Samba 2.0.5a, PDC) being local Admin of my NT-box > (NT4; SP3; german Ed.), it lets me see 'root' being member of > 'Domain Admins' and include 'root' into 'Administrators', > but when i accept these setting it returns "unknown account" > in the properties of 'local Admins', so nothing works. > > Where could my mistake be? > > Thank in advance, > > Henning Rohde > > PS: Please ignore misprints, i had to translate. > As I understood the domain code in 2.0.5a is still incomplete what obviously affects the RPC interface for enumarating users from the PDC too. My site is almost similar to Henning's (SuSE 5.2/2.0.33/Samba 2.0.5a vs. NT4/SP3/German) - well almost - but I think he differences may be lying in our smb.conf or local privileges on the NT client. When logged in with local admin privileges and adding users from the Linux box to the local Admins group the dialog shows Domain Admins plus all the users defined in smbpasswd. I can add them to the list and accept the setting without problems and hence they can work with local admin privileges as expected... However if I later browse the local Admins group the members selected from the domain just show up as unknown accounts but in daily use anything works fine. Don't ask me whether that's just a cosmetic issue or can cause real harm (it didn't yet). I attached an excerpt from my smb.conf file. Maybe it can help. Cheers, Thomas [global] workgroup = MY_DOMAIN server string = "File and Print Server" guest account = nobody log file = /var/samba/log.%m max log size = 50 security = user encrypt passwords = yes socket options = TCP_NODELAY domain logons = yes logon script = user\%U.bat logon path = \\%L\profiles\%U logon home = \\%L\netlogon logon drive = z: local master = yes os level = 33 domain master = yes preferred master = yes wins support = yes dns proxy = no [profiles] comment = NT Profil path = /home/profiles writable = yes create mode = 0600 directory mode = 0700 [netlogon] comment = Network Logon Service path = /home/netlogon writable = yes guest ok = yes From awilliam at whitemice.org Sat Sep 18 19:48:22 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:06 2003 Subject: Problem compiling SAMBA with ldap support In-Reply-To: =?iso-8859-1?Q?Svante_S=F6rmark_=3Csvinto=40ita=2Echalmers=2E?= =?iso-8859-1?Q?se=3E?= =?iso-8859-1?Q?________=22Re=3A_Problem_compiling_SAMBA_with_ldap_support?= =?iso-8859-1?Q?=22_=28Sep_17=2C__9=3A36pm=29?= References: <37D8EE85.BD5DD97@BOS-Systemhaus.DE> <9909171024.ZM19996@estate1.whitemice.org> <37E22749.286B9799@ita.chalmers.se> Message-ID: <9909181948.ZM15528@estate1.whitemice.org> On Sep 17, 9:36pm, Svante S?rmark wrote: > Subject: Re: Problem compiling SAMBA with ldap support > > > > checking configure summarty > > > > configure: error: summary failure. Aborting config > > what do the last few lines of config.log say? { struct fs_data fsd; /* Ultrix's statfs returns 1 for success, 0 for not mounted, -1 for failure. */ exit (statfs (".", &fsd) != 1); } configure:9002: gcc -o conftest -O conftest.c -lreadline -ldl -lcrypt -lpam -lcurses -lldap -llber 1>&5 /usr/lib/libldap.so: undefined reference to `res_search' /usr/lib/libldap.so: undefined reference to `dn_expand' /usr/lib/libldap.so: undefined reference to `_getshort' collect2: ld returned 1 exit status configure: failed program was: #line 8998 "configure" #include "confdefs.h" #include "./tests/summary.c" From Paul at cliffhanger.com Sat Sep 18 20:10:33 1999 From: Paul at cliffhanger.com (Paul Mckenna) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: <9909181948.ZM15528@estate1.whitemice.org> Message-ID: Howdy People.. I'm new to this list , i just have a few questions. (These may sound silly but..) Does Samba work running as a PDC because i tried it and my windows 2000 machine was unable to log into it as a domain controller but i was able to access the shares on the samba server. The version i have of samba is the one which comes with Redhat 6.0, Should i upgrade? and also how do i know what version of Samba i am currently running? Thanks in advance to everyone.. Paul Mckenna From awilliam at whitemice.org Sat Sep 18 20:19:12 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: "Paul Mckenna" "Samba as a PDC" (Sep 19, 6:09am) References: Message-ID: <9909182019.ZM15974@estate1.whitemice.org> On Sep 19, 6:09am, Paul Mckenna wrote: > Subject: Samba as a PDC > Howdy People.. > > I'm new to this list , i just have a few questions. (These may sound silly > but..) Then go the web site and read the documentation. > Does Samba work running as a PDC because i tried it and my windows 2000 > machine was unable to log into it as a domain controller but i was able to There has been some discussion of W2K, go the the web site and search the mail archives for this list to get up to speed. > access the shares on the samba server. The version i have of samba is the > one which comes with Redhat 6.0, Should i upgrade? and also how do i know > what version of Samba i am currently running? Samba 2.0 will does not fully implement PDC functionality, this is clearly stated on the web site. From Paul at cliffhanger.com Sat Sep 18 20:37:07 1999 From: Paul at cliffhanger.com (Paul Mckenna) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: <9909182019.ZM15974@estate1.whitemice.org> Message-ID: Hmm well.. You seem a little pissed off.. I would appriciate people who answered with OUT the stuck up "YOU SHOULD OF READ THIS" crap.. cause lets be honest the simple fact is that if people read EVERYTHING we wouldn't have any questions on this thing or atleast if there were questions, No one would be able to answer them. So i suggest you chill... take delight in the fact that you answered a question... and hope that someone still decides to answer your previous question without saying stuff like "if you read website you wouldn't of asked such a stupid question" Regards Paul! P.S. what does "Samba 2.0 will does not fully implement PDC functionality, this is clearly stated on the web site." ?? you say it will and then you say it won't? -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Adam Williams Sent: Saturday, September 18, 1999 09:22 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Samba as a PDC On Sep 19, 6:09am, Paul Mckenna wrote: > Subject: Samba as a PDC > Howdy People.. > > I'm new to this list , i just have a few questions. (These may sound silly > but..) Then go the web site and read the documentation. > Does Samba work running as a PDC because i tried it and my windows 2000 > machine was unable to log into it as a domain controller but i was able to There has been some discussion of W2K, go the the web site and search the mail archives for this list to get up to speed. > access the shares on the samba server. The version i have of samba is the > one which comes with Redhat 6.0, Should i upgrade? and also how do i know > what version of Samba i am currently running? Samba 2.0 will does not fully implement PDC functionality, this is clearly stated on the web site. From alicia at usf.edu Sat Sep 18 21:23:15 1999 From: alicia at usf.edu (Alicia F. Balsera) Date: Tue Dec 2 02:27:06 2003 Subject: (no subject) References: Message-ID: <37E402C3.89CAC9F2@usf.edu> unsubscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: alicia.vcf Type: text/x-vcard Size: 415 bytes Desc: Card for Alicia F. Balsera Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990918/4dd7737f/alicia.vcf From matthias at waechter.wol.at Sun Sep 19 00:43:52 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: Message-ID: On Sun, 19 Sep 1999, Paul Mckenna wrote: > You seem a little pissed off.. I would appriciate people who answered with > OUT the stuck up "YOU SHOULD OF READ THIS" crap.. Come one! Read his mail. He says that each of your questions is answered on the appropriate web site, and that's true. And he wants to point you to the right place for your next 5 questions concerning PDC features. "Help yourself" is not that bad kind of advice, I think, if someone tells you how. Think of that: It was _YOUR_ first question, but others are members on the list for a longer period of time and receive such mails more frequently than you write them. And you're not the first one not knowing that PDC features in Samba 2.0 are (a) not officially supported and (b) not by this mailinglist. OK, to answer your questions in more detail: 1. Win2K is not supported by Samba 2. Win2K has a totally new concept of network browsing, so don't expect it to be supported soon. 2. No, you don't have any benefit for Win2K if you upgrade. See 1. 3. Version of Samba: Just try "smbclient", it should show the version number before the help text. Of course, you could also try "rpm -q samba" to see the version number of Samba installed by Redhat's installation proc. > cause lets be honest the simple fact is that if people read EVERYTHING we > wouldn't have any questions on this thing or atleast if there were > questions, No one would be able to answer them. So i suggest you chill... > take delight in the fact that you answered a question... and hope that > someone still decides to answer your previous question without saying stuff > like "if you read website you wouldn't of asked such a stupid question" He said, if you (do) read website you get the answers. That's a difference IMHO. Again, even if you decide not to read the the Samba NT-DOM FAQ, you should at least read your personal mail carefully, especially when you start flaming, especially when doing it publicly, especially if it's done in a mailinglist you are new to. Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From matty at cifs.org Sun Sep 19 02:57:47 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: References: Message-ID: <19990919125747.C3102@cifs.org> On Sun, Sep 19, 1999 at 10:48:23AM +1000, Matthias W?chter wrote: > > 1. Win2K is not supported by Samba 2. Win2K has a totally new concept of > network browsing, so don't expect it to be supported soon. Native Win2K functionality, yes, isn't being actively worked on. However file sharing compatibility is already present, and PDC compatibility will be incorporated into the HEAD branch soon (obviously with Samba functioning as a "downlevel", NT4-style, domain controller, rather than as an Active Directory server). Cheers, Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From lajbi at lajli.gau.hu Sun Sep 19 09:32:51 1999 From: lajbi at lajli.gau.hu (Lajber Zoltan) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: <19990919125747.C3102@cifs.org> Message-ID: Hi, I'm using Samba 2.1.0-prealpha on Debian/Linux (slink) as domain conrtoller for NT4s. Now I found an old machien with wfwg311, and it has problems. This machine worked fine a year or two ago, and now, when I switched back to samba-1.9.17p2, it works just fine. I remember some "problem with older client" subject, but could't find it on the archive. Would you so kind somebody to help me? Bye, -=Lajbi=-------------------------------------------------------------------- LAJBER Zoltan lajbi@jht.gau.hu http://jht.gau.hu/~lajbi GATE Jarmu- es Hotechnika Tanszek http://jht.gau.hu A member of HuLUG http://mlf.linux.rulez.org/mlf From rfs at aw.com.pl Mon Sep 20 10:13:21 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:06 2003 Subject: Whow can I delete an entry in the nmbd database References: <37E1ED1A.B4C500E1@gmx.de> Message-ID: <37E608C1.C6A009C8@aw.com.pl> Dominik Fritz wrote: > > Hi > > Does anyone know how to delete an entry from the nmbd database, when > nmbd is acting as a WINS server? I read in the documentation, that the > database can be inconsitent when nmbd is shut down with th SIGKILL > signal. After a crash of my server nnmbd resolves to one host name a > wrong IP adress? > > Thanks > > Dominik Did you try to modify wins.dat file ? greetings :) Rafa? From jan.van.rensburg at epiuse.com Mon Sep 20 10:56:57 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:27:06 2003 Subject: Whow can I delete an entry in the nmbd database References: <37E1ED1A.B4C500E1@gmx.de> <37E608C1.C6A009C8@aw.com.pl> Message-ID: <37E612F9.7B3C70FA@epiuse.com> > Did you try to modify wins.dat file ? is it possible to add static wins entries here? at the moment i just give machines a dns entry and set dns proxy = yes in smb.conf -- ciao, --jan van rensburg Oh what a tangled web we weave when we could've used perl but we used C. From Sivert.Carlsson at smi.mas.lu.se Mon Sep 20 12:23:15 1999 From: Sivert.Carlsson at smi.mas.lu.se (Sivert Carlsson) Date: Tue Dec 2 02:27:06 2003 Subject: Changing to encrypted password Message-ID: <4.1.19990920140831.00a74db0@gustaf.smi.mas.lu.se> Hallo! I have been running samba under Solaris 2.x for same years now with plain text password authorization. I would like to change this to encrypted password. How is the easiest way of doing it with the system running so it wont disturb my users (100)? Sivert ======================================================= Samh?llsmedicinska institutionen/Department of Community Medicine Sivert Carlsson Malm? University Hospital S-205 02 MALMO, Sweden PHONE: +46 40 332677 FAX: +46 40 336215 e-mail: Sivert.Carlsson@smi.mas.lu.se http://www.smi.mas.lu.se/sivert.html http://www.smi.mas.lu.se ======================================================== -------------- next part -------------- HTML attachment scrubbed and removed From lk at netuse.de Mon Sep 20 12:40:11 1999 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:06 2003 Subject: Changing to encrypted password References: <4.1.19990920140831.00a74db0@gustaf.smi.mas.lu.se> Message-ID: <37E62B2B.5A520B19@netuse.de> Sivert Carlsson wrote: > > Hallo! > > I have been running samba under Solaris 2.x for same years now with > plain text password authorization. I would like to change this to > encrypted password. How is the easiest way of doing it with the system > running so it wont disturb my users (100)? > > Sivert In the current Samba-Versions is a parameter update encrypted. Set this parameter to yes. If then a user authenticates with plain password, samba will write also the encrypted password in the encrypted password file. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From rfs at aw.com.pl Mon Sep 20 13:50:05 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:06 2003 Subject: Samba and PPP References: <37E2627E.EF5E4E6A@courrier.usherb.ca> <2789.990917@aizkraukles.com> Message-ID: <37E63B8D.5303BD59@aw.com.pl> Jurijs Dorofejevs wrote: > > Hello! > > I have server running on linux. > Samba is used to serve as WINS server for WIN_XX client in my > network. > eth0 is for network 195.216.182.96/255.255.255.224 > eth1 is for network 195.216.182.88/255.255.255.248 > everything is fine and all client from 2 segments can see each other > in Network Neighborhood. > > But few days ago I add PPP connection to this host. > I used network 195.216.182.68/255.255.255.252 for this purpose. > (PPP server has 195.216.182.69 address, PPP-client is > 195.216.182.70) > > /etc/ppp/options has following line: > ms-wins 195.216.182.97 (it address of this server) > > But PPP-client doesn't appear in Network Neighborhood, though it can > be reached usin Find Computer from other clients. > > I tried to add the line in /etc/smb.conf > interfaces = 195.216.182.97/255.255.255.224 195.216.182.90/255.255.255.248 > 195.216.182.69/255.255.255.252 > > But this didn't help > Anyone can help me? > > > ----------===================---------- > Jurijs Dorofejevs > "Aizkraukles Banka Ltd." > Information Technologies Department > e-mail: jurijs@aizkraukles.com > > ----------===================---------- > Jurijs Dorofejevs > "Aizkraukles Banka Ltd." > Information Technologies Department > e-mail: jurijs@aizkraukles.com Check, wheter your ppp-client is present in wins.dat and browse.dat of WINS server. His IP should be there in order to appear in Network Neighborhood. greetings :) Rafa? From sebastien.corriveau at courrier.usherb.ca Mon Sep 20 13:50:03 1999 From: sebastien.corriveau at courrier.usherb.ca (Sebastien Corriveau) Date: Tue Dec 2 02:27:06 2003 Subject: machine passwd References: <4327A1883D21D311AC9400508B0A1B9E7F4212@NTGUSLAEXS1> <37E23097.3D5102E0@courrier.usherb.ca> <19990917211643.C28162@goldfisch.atat.at> <37E2A1D3.32B4BA2A@courrier.usherb.ca> <19990917231333.D28162@goldfisch.atat.at> Message-ID: <37E63B8B.D6281A8A@courrier.usherb.ca> peter pilsl wrote: > > I maintain two samba-domain-server. one is a new setup (two month) and one is a older setup (one year). > These two setups are very similar but are not connected in any way. And on both machines this error occures very occasionally on all > clients. > I dont care much about that error at all. the servers work and so I dont have any problems. > I just dont get into my mind why the error is in the clients-log when the server is initiating the process and fails. I don't know what the source of the problem is. It could be a bug in samba or some settings you've made (or didn't made) in either samba-PDC or NT-clients. But if the process failed AFTER the connection between the PDC and the client is made, then both sides (PDC and client) should report the problem in there events log. That's why you get this error on your clients. Now, if you can find a way to stop your samba-PDC from initiating the whole process, you'll stop receiving this error. If you don't care about the error getting into the events log of all clients, then you can leave it as is. BTW, I don't have a samba-PDC installed (yet!) so I can't go deep into details about samba. I can just gives you tips or information based on my NT experiences. Sebas. ____________________________________________________________________________ Sebastien Corriveau Tel: (819)820-6855 Responsable de l'informatique Fax: (819)820-6841 From rfs at aw.com.pl Mon Sep 20 14:16:08 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC References: Message-ID: <37E641A8.D9BCA8EF@aw.com.pl> Lajber Zoltan wrote: > > Hi, > > I'm using Samba 2.1.0-prealpha on Debian/Linux (slink) as domain > conrtoller for NT4s. Now I found an old machien with wfwg311, and it has > problems. > > This machine worked fine a year or two ago, and now, when I switched back > to samba-1.9.17p2, it works just fine. > > I remember some "problem with older client" subject, but could't find it > on the archive. > > Would you so kind somebody to help me? Possible problems: - samba 2.1.0-prealpha and samba-2.0.5a (latest stable when I'm writing it) works default in security user mode. Previous (1.9.x) sambas used security = share (also default). That's becouse of wfwg311. - prealpha uses encrypted password - wfwg311 no (as I remember :) - cosmetic problem is using 8.3 file name notation in wfwg311 greetings :) Rafa? > > Bye, > -=Lajbi=-------------------------------------------------------------------- > LAJBER Zoltan lajbi@jht.gau.hu http://jht.gau.hu/~lajbi > GATE Jarmu- es Hotechnika Tanszek http://jht.gau.hu > A member of HuLUG http://mlf.linux.rulez.org/mlf From clavigne at auburn-hills.org Mon Sep 20 13:57:10 1999 From: clavigne at auburn-hills.org (Cynthia La Vigne) Date: Tue Dec 2 02:27:06 2003 Subject: Roaming Profiles Message-ID: <37E63D36.3C5114B9@auburn-hills.org> Can someone please direct me to the site which will tell me how to set up roaming profiles using samba. I have read numerous discussions regarding problems that users are having but haven't found anything on how to set it up from the start. Does my samba server have to be my PDC or is it possible for my PDC to be an NT machine and just have the username.dat files reside on my samba server? Any help would be greatly appreciated. Cynthia La Vigne clavigne@auburn-hills.org From dab at ecs.soton.ac.uk Mon Sep 20 14:06:53 1999 From: dab at ecs.soton.ac.uk (Dave Batt) Date: Tue Dec 2 02:27:06 2003 Subject: account unknown - question 4.2.1 Message-ID: <3.0.5.32.19990920150653.0099b800@pop.ecs.soton.ac.uk> http://us1.samba.org/samba/docs/ntdom_faq/page4.html - question 4.2.1. I've got a PC running NT4 SP5 with roaming profile, using a Unix server acting as the PDC running solaris 2.6 and samba 2.05a with encripted passwords. When I log in as user ECSUG/void95 I get my profile from the PDC, but when I look in controlpanel\system\userprofile I can see "name=account unknown, type=roaming" for void95's profile. I know everything works if I use a NT server as the PDC. I need to be able to resolve the account so that the fingerd service in Exceed 6.1 will recognise a logged in user. Is this a fault detailed in question 4.2.1? Is this another fault or am I doing something else wrong ? Dave From jurijs at aizkraukles.com Mon Sep 20 14:12:41 1999 From: jurijs at aizkraukles.com (Jurijs Dorofejevs) Date: Tue Dec 2 02:27:06 2003 Subject: Samba and PPP In-Reply-To: <37E63B8D.5303BD59@aw.com.pl> References: <37E63B8D.5303BD59@aw.com.pl> Message-ID: <8717.990920@aizkraukles.com> RS> Check, wheter your ppp-client is present in wins.dat and browse.dat RS> of WINS server. RS> His IP should be there in order to appear in Network Neighborhood. His IP presents only in wins.dat What can I do to place it in browse.dat? From samba at druid.beeline.msk.ru Mon Sep 20 14:14:17 1999 From: samba at druid.beeline.msk.ru (samba) Date: Tue Dec 2 02:27:06 2003 Subject: Password change from Win95 clients Message-ID: Hello! I'm using samba-2.0.5a on RedHat-6.0 in school network. There are so many curious kids :) The network is dedicated for teachers only but for security reasons they'd like to change their passwords time to time. But all of them didn't ever seen other OS than Win95 :(( So my question Is it possible to change Samba password from Win95(Win98) client? Thenk you! Best regards, Konstantin Klubnichkin From lajbi at lajli.gau.hu Mon Sep 20 14:13:56 1999 From: lajbi at lajli.gau.hu (Lajber Zoltan) Date: Tue Dec 2 02:27:06 2003 Subject: Samba as a PDC In-Reply-To: <37E641A8.D9BCA8EF@aw.com.pl> Message-ID: Hi, On Mon, 20 Sep 1999, Rafa? Szcze?niak wrote: > Possible problems: > - samba 2.1.0-prealpha and samba-2.0.5a (latest stable when I'm writing it) > works default in security user mode. Previous (1.9.x) sambas used The old samba worked as PDC for a bunch of wfwg when this machine was used. So, this maxhine does domain logon. > - prealpha uses encrypted password - wfwg311 no (as I remember :) But the passwd get validated sometimes, and the wfwg died to dos prompt... > - cosmetic problem is using 8.3 file name notation in wfwg311 No problem for me before the upgrade. The office 4.2 installed in "8.3" way, and this machine tye to use that, not office97 of course. Bye, -=Lajbi=-------------------------------------------------------------------- LAJBER Zoltan lajbi@jht.gau.hu http://jht.gau.hu/~lajbi GATE Jarmu- es Hotechnika Tanszek http://jht.gau.hu A member of HuLUG http://mlf.linux.rulez.org/mlf From rfs at aw.com.pl Mon Sep 20 14:47:37 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:06 2003 Subject: Roaming Profiles References: <37E63D36.3C5114B9@auburn-hills.org> Message-ID: <37E64909.3CD9DF99@aw.com.pl> Cynthia La Vigne wrote: > > Can someone please direct me to the site which will tell me how to set > up roaming profiles using samba. I have read numerous discussions > regarding problems that users are having but haven't found anything on > how to set it up from the start. > > Does my samba server have to be my PDC or is it possible for my PDC to > be an NT machine and just have the username.dat files reside on my samba > server? > > Any help would be greatly appreciated. > > Cynthia La Vigne > clavigne@auburn-hills.org Q1. Instructions "step by step" you'll find in your samba source subtree ./doc/textdocs/DOMAIN.txt and ./doc/textdocs/DOMAIN_CONTROL.txt Q2. Your samba box can be PDC and domain member. Basic information about this topic are in ./doc/textdocs/DOMAIN_MEMBER.txt Additional information are available at NT-DOMAIN FAQ: http://pl.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html (choose your closest mirror :)) greetings :) Rafa? From fricke at Team.OWL-Online.DE Mon Sep 20 14:47:24 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:06 2003 Subject: Problems with writing to domain Message-ID: <37E648FC.D62F679A@team.owl-online.de> hi there, suddenly I can?t write PC?s (NT4.0 SP5) to the domain. It works everyday with no problems. but today the Doze says: No account on the server .Ask the admin .. I?m the admin. And it works normally. Is there a limit to add WS to the domain?? What?s wrong? -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God, it?s Friday... From P.O-Brien at sussex.ac.uk Mon Sep 20 14:48:29 1999 From: P.O-Brien at sussex.ac.uk (Patricia O'Brien) Date: Tue Dec 2 02:27:06 2003 Subject: I am away Message-ID: I am away from Thursday 16th September until Thursday 23rd September. Your mail regarding "" will be read when I return. From rfs at aw.com.pl Mon Sep 20 15:22:50 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:06 2003 Subject: Problems with writing to domain References: <37E648FC.D62F679A@team.owl-online.de> Message-ID: <37E6514A.3CEA3F85@aw.com.pl> "Cord-H. Fricke" wrote: > > hi there, > > suddenly I can?t write PC?s (NT4.0 SP5) to the domain. > It works everyday with no problems. but today the Doze says: No account > on the server .Ask the admin .. It looks like you (in some strange way) lost wks account in smbpasswd (if you use smbpasswd). Check, if there is something wrong. > I?m the admin. And it works normally. Is there a limit to add WS to the > domain?? > What?s wrong? > > -- > -------------------------------------------------------------------------- > > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > fricke@team.owl-online.de > http://www.owl-online.de/ > > Thanx God, it?s Friday... From owensc at enc.edu Mon Sep 20 15:18:26 1999 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:27:07 2003 Subject: Can Samba scale with NT_Terminal_Server? (was: Samba and WinTS/ WinDD) References: Message-ID: <37E65042.ECBF1392@enc.edu> Thanks, Olaf, for your reply. I'm giving this registry tweak a try. >From my read of the related Knowledge Bank articles, it seems _very_ applicable to our situation with some of the symptoms we've seen. I've got a suggestion for your lingering temp files problem. See below. Thanks, Charles Olaf Dreyer wrote: > > Hi, > > On Fri, 17 Sep 1999, Charles N. Owens wrote: > > > I'm wondering if the unique (?) way NT Terminal Server (NT_TS) connects > > to Samba is a problem. Samba seems to spawn a separate process per > > connecting client. With "normal" single-user stations (Win3.x, Win9x, > > WinNT), this results in a process per user. But with NT_TS (and other > > related Citrix derivatives) we have many users coming from a single > > client machine, all of which get handled by a _single_ Samba process > > (one per NT_TS server box). It is not unreasonable to expect that there > > may then be 50 to 150 users being handled by a single Samba process > > (depending on the horsepower of the NT_TS server). > > You can set "nt smb support = no", but this will brake win 98 clients, or > you can change one entry in WinTS-Registry after installing Service-Pack 4 > for WinTS. This is probably the better way, because Microsoft recommends > setting this parameter for various problems (look at the knowledge base). > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\ > MultipleUsersOnConnection=0x000000 > > > So... any other NT_TS users doing the Samba thing with better luck than > > I? > > We have a WinTS/metaframe system running here. We use a Samba 2.0.5a > Fileserver and a NT PDC. > We also have a lot of WinCenter Servers using NIS to authenticate their > users against Linux-Servers running Samba and NIS, we don't have the > NIS-thing for WinTS/Metaframe :( . But we will use Samba as PDC as soon as > possible. We have 40 to 60 users and the system is running stable. We had > a lot of problems with "oplock breaks", but since we reorganized some part > of the network they are gone. > > > And, of course, I feel duty-bound to point out that were NT_TS and > > Metaframe correctly, or at least more robustly implemented, they'd be > > able to with-stand non-ideal behavior from Samba (assuming this is > > occurring) without going belly-up. Said another way, it's not Samba's > > fault that there are some fundamental flaws in NT_TS that cause it to > > crash when tickled. Samba is only responsible for the tickling. > > WinCenter ( NT 3.51 ) was more stable. We are missing the NIS-Thing, and > the NCD Wincenter for WinTS/Metaframe ( its a Citrix product ) is known to > be buggy. :( > > One Point which always make problems are the clients. On the Metaframe > Server there will be created a temp-directory for each connection. If this > connections disconnects abnormal, eg the user get a blue screen on his > workstation, this directory stays there. It won't be deleted even after a > reboot of the WinTS. If someone later gets the same connection ID he will > get this temporary directory assigned, the files probably owned by someone > else... We've fought with this. The obvious solution was to have a script run at boot time that simply deleted all subdirectories of %TEMP%. This let to my horrific discovery that, as far as I can tell, NT (or at least WinTS) does not execute _any_ startup batch file when booting. (What was wrong with AUTOEXEC.BAT?) Very bizarre. Anyhow... our solution is to use the AutoExNT service (from the Resource Kit) to do this. It runs at boot time the script %WINDIR%\SYSTEM32\autoexnt.bat . Our script is simply: @echo . System Startup @echo . @echo . Now removing and recreating \TEMP rmdir /s /q C:\TEMP mkdir C:\TEMP What I haven't yet determined is whether or not connection IDs ever get reused during a given uptime of a system. Do you know? From what we've seen, they start at zero and then increment until the next reboot.... but there _does_ have to be some roll-over value. (We've never had enough stability to have our systems up long enough to see it though. ;-) If the maximum ID value is high enough, then between periodic reboots (or crashes) and this startup script we should have the problem licked. A more thorough solution would be a regularly run Perl script that parses the output of "query users" and then removes the any temp directory that isn't associated with an existing session. If we lick our stability problems I'll probably write such a script at some point... > > Best Regards > Olaf Dreyer -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From fricke at Team.OWL-Online.DE Mon Sep 20 15:30:50 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:07 2003 Subject: Limit? Message-ID: <37E6532A.150E4841@team.owl-online.de> Hi there, is there a limit to add Dozies to domain??? -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God, it?s Friday... From rfs at aw.com.pl Mon Sep 20 15:58:24 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:07 2003 Subject: Limit? References: <37E6532A.150E4841@team.owl-online.de> Message-ID: <37E659A0.64CCCD1@aw.com.pl> "Cord-H. Fricke" wrote: > > Hi there, > > is there a limit to add Dozies to domain??? How many these dozies ? > > -- > -------------------------------------------------------------------------- > > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > fricke@team.owl-online.de > http://www.owl-online.de/ > > Thanx God, it?s Friday... From fricke at Team.OWL-Online.DE Mon Sep 20 15:56:55 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:07 2003 Subject: Login Message-ID: <37E65947.96399611@team.owl-online.de> After setting security = user the adding ofb the dozie works. When Security = domain the adding is not allowed. Is that ok? -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God, it?s Friday... From swaters at amicus.com Mon Sep 20 17:41:53 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues References: Message-ID: <37E671E1.15D414D2@amicus.com> here's the scoop: samba 2.0.5a on linux 2.2.12+raidpatch. everything seems to work great except that 16-bit setup.exe files have trouble finding requisite .dlls in the current working directory if there are any non-8.3-compliant directories in the path. e.g., 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ if execute setup.exe it will give an error saying that it cannot find setup.dll; however, if i move \\server\public\long_dir_name\temp\ to \\server\public\temp\ setup.exe finds setup.dll just fine. our Windows NT 4.0 server did not have any problems with this setup so i thought either 1) there is a bug in samba or 2) the client is stupid and NT has a workaround. i vote for [2], but i'd really like to see a workaround. i changed default case to upper when trying to figure out what was wrong. -stephen waters internal sysadmin amicus, inc. From allen at driversoft.com Mon Sep 20 18:05:40 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues In-Reply-To: <37E671E1.15D414D2@amicus.com> Message-ID: Some versions of InstallShield, 5 IIRC, have problems launching setup off of a UNC path. I was writing InstallShield installers for a while and ran into a bug where some 16bit setup would fail off any UNC path because the installshield code tries to get the drive letter of the UNC path and fails. I never had 8.3 related problems, but I ran into a lot of problems if the drive I was trying to run the installers from was not mapped. And this was only with 16bit compatible installers. If I did a 32bit only installer, then it would install just fine via a UNC path, say \\server\share\setup.exe whereas, if I built the same installer but with 16bit setuport, it wouldn't install from the UNC path under 95 unless I mapped the drive. ;) Check if the installer is an InstallShield installer, and if so that may be part of the problem. If you look in their KB any 16bit IS5 installers have lots of UNC problems. ;) But then all of this was 1-2 years ago. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Tue, 21 Sep 1999, Stephen Waters wrote: > here's the scoop: > > samba 2.0.5a on linux 2.2.12+raidpatch. > > everything seems to work great except that 16-bit setup.exe files have > trouble finding requisite .dlls in the current working directory if > there are any non-8.3-compliant directories in the path. > > e.g., > > 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ > if execute setup.exe it will give an error saying that it cannot find > setup.dll; however, if i move \\server\public\long_dir_name\temp\ to > \\server\public\temp\ setup.exe finds setup.dll just fine. > > our Windows NT 4.0 server did not have any problems with this setup so i > thought either 1) there is a bug in samba or 2) the client is stupid and > NT has a workaround. i vote for [2], but i'd really like to see a > workaround. > > i changed default case to upper when trying to figure out what was > wrong. > > > -stephen waters > internal sysadmin > amicus, inc. > From swaters at amicus.com Mon Sep 20 18:19:51 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues References: Message-ID: <37E67AC7.6C8C30AA@amicus.com> yes, that would have been my first thought except that it worked fine off of a WinNT 4.0 server whereas it did not work on samba in the exact same directory structure. on the samba box there is an error that says: "Cannot find file \\server\public\\temp\setup.dll. check to ensure the path and filename are correct and all libraries are available." notice the second set of \\ ? that's where long_dir_name should have been. if i simply move the temp dir up one level to \\server\public\temp then it works b/c there are no longer any long dir names in the UNC path. i also notice that there's an error in the logfile, perhaps unrelated: [1999/09/20 12:47:32, 1] smbd/nttrans.c:call_nt_transact_ioctl(2387) call_nt_transact_ioctl: currently not implemented -stephen Allen Reese wrote: > > Some versions of InstallShield, 5 IIRC, have problems launching setup off > of a UNC path. > > I was writing InstallShield installers for a while and ran into a bug > where some 16bit setup would fail off any UNC path because the > installshield code tries to get the drive letter of the UNC path and > fails. I never had 8.3 related problems, but I ran into a lot of problems > if the drive I was trying to run the installers from was not mapped. And > this was only with 16bit compatible installers. If I did a 32bit only > installer, then it would install just fine via a UNC path, say > \\server\share\setup.exe whereas, if I built the same installer but with > 16bit setuport, it wouldn't install from the UNC path under 95 unless I > mapped the drive. ;) > > Check if the installer is an InstallShield installer, and if so that may > be part of the problem. If you look in their KB any 16bit IS5 installers > have lots of UNC problems. ;) > > But then all of this was 1-2 years ago. > > Allen Reese > Senior Software Engineer > Driversoft, Inc. > allen@driversoft.com > > On Tue, 21 Sep 1999, Stephen Waters wrote: > > > here's the scoop: > > > > samba 2.0.5a on linux 2.2.12+raidpatch. > > > > everything seems to work great except that 16-bit setup.exe files have > > trouble finding requisite .dlls in the current working directory if > > there are any non-8.3-compliant directories in the path. > > > > e.g., > > > > 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ > > if execute setup.exe it will give an error saying that it cannot find > > setup.dll; however, if i move \\server\public\long_dir_name\temp\ to > > \\server\public\temp\ setup.exe finds setup.dll just fine. > > > > our Windows NT 4.0 server did not have any problems with this setup so i > > thought either 1) there is a bug in samba or 2) the client is stupid and > > NT has a workaround. i vote for [2], but i'd really like to see a > > workaround. > > > > i changed default case to upper when trying to figure out what was > > wrong. > > > > > > -stephen waters > > internal sysadmin > > amicus, inc. > > From allen at driversoft.com Mon Sep 20 18:31:26 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues In-Reply-To: <37E67AC7.6C8C30AA@amicus.com> Message-ID: In that case it probably is samba. I was just mentioning other installshield issues I have seen with any smb server. ;) Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Mon, 20 Sep 1999, Stephen Waters wrote: > yes, that would have been my first thought except that it worked fine > off of a WinNT 4.0 server whereas it did not work on samba in the exact > same directory structure. on the samba box there is an error that says: > > "Cannot find file \\server\public\\temp\setup.dll. check to ensure the > path and filename are correct and all libraries are available." > > notice the second set of \\ ? that's where long_dir_name should have > been. if i simply move the temp dir up one level to \\server\public\temp > then it works b/c there are no longer any long dir names in the UNC > path. > > i also notice that there's an error in the logfile, perhaps unrelated: > [1999/09/20 12:47:32, 1] smbd/nttrans.c:call_nt_transact_ioctl(2387) > call_nt_transact_ioctl: currently not implemented > > > -stephen > > Allen Reese wrote: > > > > Some versions of InstallShield, 5 IIRC, have problems launching setup off > > of a UNC path. > > > > I was writing InstallShield installers for a while and ran into a bug > > where some 16bit setup would fail off any UNC path because the > > installshield code tries to get the drive letter of the UNC path and > > fails. I never had 8.3 related problems, but I ran into a lot of problems > > if the drive I was trying to run the installers from was not mapped. And > > this was only with 16bit compatible installers. If I did a 32bit only > > installer, then it would install just fine via a UNC path, say > > \\server\share\setup.exe whereas, if I built the same installer but with > > 16bit setuport, it wouldn't install from the UNC path under 95 unless I > > mapped the drive. ;) > > > > Check if the installer is an InstallShield installer, and if so that may > > be part of the problem. If you look in their KB any 16bit IS5 installers > > have lots of UNC problems. ;) > > > > But then all of this was 1-2 years ago. > > > > Allen Reese > > Senior Software Engineer > > Driversoft, Inc. > > allen@driversoft.com > > > > On Tue, 21 Sep 1999, Stephen Waters wrote: > > > > > here's the scoop: > > > > > > samba 2.0.5a on linux 2.2.12+raidpatch. > > > > > > everything seems to work great except that 16-bit setup.exe files have > > > trouble finding requisite .dlls in the current working directory if > > > there are any non-8.3-compliant directories in the path. > > > > > > e.g., > > > > > > 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ > > > if execute setup.exe it will give an error saying that it cannot find > > > setup.dll; however, if i move \\server\public\long_dir_name\temp\ to > > > \\server\public\temp\ setup.exe finds setup.dll just fine. > > > > > > our Windows NT 4.0 server did not have any problems with this setup so i > > > thought either 1) there is a bug in samba or 2) the client is stupid and > > > NT has a workaround. i vote for [2], but i'd really like to see a > > > workaround. > > > > > > i changed default case to upper when trying to figure out what was > > > wrong. > > > > > > > > > -stephen waters > > > internal sysadmin > > > amicus, inc. > > > > From tschweikle at FIDUCIA.de Mon Sep 20 19:05:06 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues Message-ID: <0057540001697811000002L412*@MHS> stephen waters wrote: > yes, that would have been my first thought except that it worked fine > off of a WinNT 4.0 server whereas it did not work on samba in the exact > same directory structure. on the samba box there is an error that says: > > "Cannot find file \\server\public\\temp\setup.dll. check to ensure the > path and filename are correct and all libraries are available." > > notice the second set of \\ ? that's where long_dir_name should have > been. if i simply move the temp dir up one level to \\server\public\temp > then it works b/c there are no longer any long dir names in the UNC > path. > > i also notice that there's an error in the logfile, perhaps unrelated: > [1999/09/20 12:47:32, 1] smbd/nttrans.c:call_nt_transact_ioctl(2387) > call_nt_transact_ioctl: currently not implemented > > > -stephen > > Allen Reese wrote: >> >> Some versions of InstallShield, 5 IIRC, have problems launching setup off >> of a UNC path. >> >> I was writing InstallShield installers for a while and ran into a bug >> where some 16bit setup would fail off any UNC path because the >> installshield code tries to get the drive letter of the UNC path and >> fails. I never had 8.3 related problems, but I ran into a lot of problems >> if the drive I was trying to run the installers from was not mapped. And >> this was only with 16bit compatible installers. If I did a 32bit only >> installer, then it would install just fine via a UNC path, say >> \\server\share\setup.exe whereas, if I built the same installer but with >> 16bit setuport, it wouldn't install from the UNC path under 95 unless I >> mapped the drive. ;) >> >> Check if the installer is an InstallShield installer, and if so that may >> be part of the problem. If you look in their KB any 16bit IS5 installers >> have lots of UNC problems. ;) >> >> But then all of this was 1-2 years ago. >> >> Allen Reese >> Senior Software Engineer >> Driversoft, Inc. >> allen@driversoft.com >> >> On Tue, 21 Sep 1999, Stephen Waters wrote: >> >> > here's the scoop: >> > >> > samba 2.0.5a on linux 2.2.12+raidpatch. >> > >> > everything seems to work great except that 16-bit setup.exe files have >> > trouble finding requisite .dlls in the current working directory if >> > there are any non-8.3-compliant directories in the path. >> > >> > e.g., >> > >> > 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ >> > if execute setup.exe it will give an error saying that it cannot find >> > setup.dll; however, if i move \\server\public\long_dir_name\temp\ to >> > \\server\public\temp\ setup.exe finds setup.dll just fine. >> > >> > our Windows NT 4.0 server did not have any problems with this setup so i >> > thought either 1) there is a bug in samba or 2) the client is stupid and >> > NT has a workaround. i vote for [2], but i'd really like to see a >> > workaround. >> > >> > i changed default case to upper when trying to figure out what was >> > wrong. >> > >> > >> > -stephen waters >> > internal sysadmin >> > amicus, inc. >> > There is a workaround for this sort of problem: make dafault case lower/upper an set samba to ignore case (don't preserve case on the server): preserve case = No short preserve case = No mangled names = No The third option is a bit dangerous. But there are 16-bit programs arround checking file names for 'illegal characters' thinking they would save users time this way, not thinking about changes in future file systems allowing these... It should help. BTW.: IBM-LAN-Server has the same problem. But there is no Workaround known. -- From swaters at amicus.com Mon Sep 20 19:22:37 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues References: <0057540001697811000002L412*@MHS> Message-ID: <37E6897D.83A8A4CD@amicus.com> tschweikle@FIDUCIA.de wrote: > > stephen waters wrote: > > > yes, that would have been my first thought except that it worked fine > > off of a WinNT 4.0 server whereas it did not work on samba in the exact > > same directory structure. on the samba box there is an error that says: > > > > "Cannot find file \\server\public\\temp\setup.dll. check to ensure the > > path and filename are correct and all libraries are available." > > > > notice the second set of \\ ? that's where long_dir_name should have > > been. if i simply move the temp dir up one level to \\server\public\temp > > then it works b/c there are no longer any long dir names in the UNC > > path. > > > > i also notice that there's an error in the logfile, perhaps unrelated: > > [1999/09/20 12:47:32, 1] smbd/nttrans.c:call_nt_transact_ioctl(2387) > > call_nt_transact_ioctl: currently not implemented > > > > > > -stephen > > > > Allen Reese wrote: > >> > >> Some versions of InstallShield, 5 IIRC, have problems launching setup off > >> of a UNC path. > >> > >> I was writing InstallShield installers for a while and ran into a bug > >> where some 16bit setup would fail off any UNC path because the > >> installshield code tries to get the drive letter of the UNC path and > >> fails. I never had 8.3 related problems, but I ran into a lot of problems > >> if the drive I was trying to run the installers from was not mapped. And > >> this was only with 16bit compatible installers. If I did a 32bit only > >> installer, then it would install just fine via a UNC path, say > >> \\server\share\setup.exe whereas, if I built the same installer but with > >> 16bit setuport, it wouldn't install from the UNC path under 95 unless I > >> mapped the drive. ;) > >> > >> Check if the installer is an InstallShield installer, and if so that may > >> be part of the problem. If you look in their KB any 16bit IS5 installers > >> have lots of UNC problems. ;) > >> > >> But then all of this was 1-2 years ago. > >> > >> Allen Reese > >> Senior Software Engineer > >> Driversoft, Inc. > >> allen@driversoft.com > >> > >> On Tue, 21 Sep 1999, Stephen Waters wrote: > >> > >> > here's the scoop: > >> > > >> > samba 2.0.5a on linux 2.2.12+raidpatch. > >> > > >> > everything seems to work great except that 16-bit setup.exe files have > >> > trouble finding requisite .dlls in the current working directory if > >> > there are any non-8.3-compliant directories in the path. > >> > > >> > e.g., > >> > > >> > 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ > >> > if execute setup.exe it will give an error saying that it cannot find > >> > setup.dll; however, if i move \\server\public\long_dir_name\temp\ to > >> > \\server\public\temp\ setup.exe finds setup.dll just fine. > >> > > >> > our Windows NT 4.0 server did not have any problems with this setup so i > >> > thought either 1) there is a bug in samba or 2) the client is stupid and > >> > NT has a workaround. i vote for [2], but i'd really like to see a > >> > workaround. > >> > > >> > i changed default case to upper when trying to figure out what was > >> > wrong. > >> > > >> > > >> > -stephen waters > >> > internal sysadmin > >> > amicus, inc. > >> > > > There is a workaround for this sort of problem: > > make dafault case lower/upper an set samba to ignore case (don't preserve > case on the server): > > preserve case = No > short preserve case = No > mangled names = No > out of curiousity, is this how NT handles this sort of thing? -stephen From tschweikle at FIDUCIA.de Mon Sep 20 19:43:50 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues Message-ID: <0057540001698288000002L482*@MHS> >tschweikle@FIDUCIA.de wrote: >> >> stephen waters wrote: >> >> > yes, that would have been my first thought except that it worked fine >> > off of a WinNT 4.0 server whereas it did not work on samba in the exact >> > same directory structure. on the samba box there is an error that says: >> > >> > "Cannot find file \\server\public\\temp\setup.dll. check to ensure the >> > path and filename are correct and all libraries are available." >> > >> > notice the second set of \\ ? that's where long_dir_name should have >> > been. if i simply move the temp dir up one level to \\server\public\temp >> > then it works b/c there are no longer any long dir names in the UNC >> > path. >> > >> > i also notice that there's an error in the logfile, perhaps unrelated: >> > [1999/09/20 12:47:32, 1] smbd/nttrans.c:call_nt_transact_ioctl(2387) >> > call_nt_transact_ioctl: currently not implemented >> > >> > >> > -stephen >> > >> > Allen Reese wrote: >> >> >> >> Some versions of InstallShield, 5 IIRC, have problems launching setup off >> >> of a UNC path. >> >> >> >> I was writing InstallShield installers for a while and ran into a bug >> >> where some 16bit setup would fail off any UNC path because the >> >> installshield code tries to get the drive letter of the UNC path and >> >> fails. I never had 8.3 related problems, but I ran into a lot of problems >> >> if the drive I was trying to run the installers from was not mapped. And >> >> this was only with 16bit compatible installers. If I did a 32bit only >> >> installer, then it would install just fine via a UNC path, say >> >> \\server\share\setup.exe whereas, if I built the same installer but with >> >> 16bit setuport, it wouldn't install from the UNC path under 95 unless I >> >> mapped the drive. ;) >> >> >> >> Check if the installer is an InstallShield installer, and if so that may >> >> be part of the problem. If you look in their KB any 16bit IS5 installers >> >> have lots of UNC problems. ;) >> >> >> >> But then all of this was 1-2 years ago. >> >> >> >> Allen Reese >> >> Senior Software Engineer >> >> Driversoft, Inc. >> >> allen@driversoft.com >> >> >> >> On Tue, 21 Sep 1999, Stephen Waters wrote: >> >> >> >> > here's the scoop: >> >> > >> >> > samba 2.0.5a on linux 2.2.12+raidpatch. >> >> > >> >> > everything seems to work great except that 16-bit setup.exe files have >> >> > trouble finding requisite .dlls in the current working directory if >> >> > there are any non-8.3-compliant directories in the path. >> >> > >> >> > e.g., >> >> > >> >> > 2 files, setup.exe setup.dll, in \\server\public\long_dir_name\temp\ >> >> > if execute setup.exe it will give an error saying that it cannot find >> >> > setup.dll; however, if i move \\server\public\long_dir_name\temp\ to >> >> > \\server\public\temp\ setup.exe finds setup.dll just fine. >> >> > >> >> > our Windows NT 4.0 server did not have any problems with this setup so i >> >> > thought either 1) there is a bug in samba or 2) the client is stupid and >> >> > NT has a workaround. i vote for [2], but i'd really like to see a >> >> > workaround. >> >> > >> >> > i changed default case to upper when trying to figure out what was >> >> > wrong. >> >> > >> >> > >> >> > -stephen waters >> >> > internal sysadmin >> >> > amicus, inc. >> >> > >> >> There is a workaround for this sort of problem: >> >> make dafault case lower/upper an set samba to ignore case (don't preserve >> case on the server): >> >> preserve case = No >> short preserve case = No >> mangled names = No >> > > out of curiousity, is this how NT handles this sort of thing? Had this problem with IBM-LAN-Server. Traced the network messages. Yes! NT handles it this way. But only for DOS and WfW clients. Others (OS/2, WinNT, smbclient) get the long names --- making it clear why only old 16-bit applications have problems with new evironments like Win9x/NT. OS/2 is a bit more difficult, because it hides all this from 16-bit applications. They will only see short names, built the way given by the workaround. But this is local to every 16-bit application with OS/2. Why Win9x/NT didn't implement it this way I do not know - think they didn't like the additional overhead/work that had to be done... -- From tschweikle at FIDUCIA.de Mon Sep 20 20:07:16 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues [Virus checked by FIDUCIA] Message-ID: <0057540001698526000002L462*@MHS> Greg >> -----Original Message----- >> From: tschweikle@FIDUCIA.de [mailto:tschweikle@FIDUCIA.de] >> Sent: Monday, September 20, 1999 12:10 PM >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: BUG: 16-bit setup.exe issues >> >> >[snip] >> There is a workaround for this sort of problem: >> >> make dafault case lower/upper an set samba to ignore case >> (don't preserve >> case on the server): >> >> preserve case = No >> short preserve case = No >> mangled names = No > > What about the > mangle case > parameter? I'm just curious if this will fix my Office2K problem. > > Greg try "dir" on a samba share holding long names. You'll get something like: licenses 12.07.99 18:31 licenses LINUX~K! 07.06.99 14:07 LinuxInst venus 06.07.99 17:28 venus winxx 16.09.99 19:06 winxx 33l3939 txt 27.538 30.08.99 20:43 33l3939.txt BONES~LE Z 622.499 08.07.99 23:55 bones_tar.Z IDE_D~EQ IMG 1.474.560 17.09.99 10:46 IDE_DISK1.IMG INSTA~%_ HTM 120.220 03.09.99 15:38 INSTALL.html LC252~GL ZIP 1.051.998 06.07.99 10:58 lc252install.zip NT4PR~O0 EXE 173.280 05.08.99 12:40 nt4prep_deu.exe READM~6P EXP 791 03.09.99 22:51 README.export WIN98~1S TGZ 25.514.291 04.08.99 14:31 win98-buch.tgz BONES~LE.Z or LINUX~K! are mangled names. Both containing at least one illegal character seen from DOS 5.xx: '~'. It was possible to include these in a filename (unsing turbo-pascal for example) but not with 'cmd.com'. switching mangled names off gives a more straightforward behavior: 'LinuxInst' will become 'LINUXINS.T' for dos (no dot). 'bones_tar.Z' will become 'BONES_TA.Z' ('bones_tar.Z' has a dot). >> The third option is a bit dangerous. If I would have two files named 'bones_tar.Z' and 'bones_tar_123_4_5.Z' they would give the same 'BONES_TA.Z' with this scheme. Making only one out of two files accessible without additional tools. >> But there are 16-bit >> programs arround >> checking file names for 'illegal characters' thinking they would save >> users time this way, not thinking about changes in future file systems >> allowing these... >> >> It should help. >> BTW.: IBM-LAN-Server has the same problem. But there is no >> Workaround known. -- From hartog at ihug.co.nz Tue Sep 21 15:05:45 1999 From: hartog at ihug.co.nz (Hendrik den Hartog) Date: Tue Dec 2 02:27:07 2003 Subject: Roaming Profiles In-Reply-To: <37E64909.3CD9DF99@aw.com.pl> Message-ID: On Mon 20 Sep, Rafa? Szcze?niak wrote: > Cynthia La Vigne wrote: > > [SNIP - as the snipped bits have been answered] > > Does my samba server have to be my PDC or is it possible for my PDC to > > be an NT machine and just have the username.dat files reside on my samba > > server? NT PDC and Profiles (i.e. user.dat and 'the rest') on a SAMBA machine is possible. I presume?? you mean for Windows 9X machines, as for NT workstations, doing this is intuitive. [For Windows 9X machines] Whatever path you use for the Users Directory in the User Manager on the PDC will be used for Profiles. We have a NT PDC, with user Directories and Profiles on a SAMBA Server. We keep these seperate by exporting the 'homes' share under a different share name, then use a Logon script to map that share to a drive on the client machines. IMO the way Networked Profiles are handled by Win9X machines is messy. Controlling them is even messier. Cheers! -- Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ From carlos at cps.softex.br Tue Sep 21 03:58:33 1999 From: carlos at cps.softex.br (Carlos Eduardo P. Guidugli) Date: Tue Dec 2 02:27:07 2003 Subject: Strange Roaming profile problem Message-ID: Hello all, I have a strange problem. I have a pdc running Windows NT 4.0 + SP5 + IE5, a fileserver running Debian 2.1 + Samba 2.0.5a and clients running Win NT4.0 + SP5 + IE5. Samba acts like a server into the nt domain (security = domain). I have a dir named Profiles with root as owner and users as group and permissions 0770 Using the User Manager for Domains at the PDC I set the profile path as \\samba\profiles\%USERNAME% Now the problem: if the profile exist at samba but do not exist at the workstation, when the user log on appear this message: "The operating system was unable to load the locally stored profile. A new profile will be created (1017)" Using net helpmsg I found that error 1017 mean: "The system has attempted to load or restore a file into the registry, but the file is not in a registry format" The test I did: 1) clear the user`s profile at samba fileserver 2) clear all locally stored profiles at the workstation 3) log on as user john 4) Log off No messages were launched when performing these first 4 steps. If I logon again using the same account, I get no errors. 5) log on as local admin and removed all local profiles 6) log on again as user john and the error msg appear at logon Solution: delete the roaming user`s profile After this test I added the registry value "DeleteRoamingCache" and it did not work. Another test was: I created a share at an NT 4 server and changed the profile path to this new share and did the same steps above and I`ve got no errors. So, as a last test, I copied john`s profile to the samba server and changed John's profile path to the profile share at samba. I repeated the steps above and the error msg appeared again. Conclusion: it's not the workstation, it's samba (misconfigured ou a bug) I have this configuration at smb.conf [Profiles] browseable = yes create mask = 0700 directory mask = 0700 public = no writeable = yes valid users = @group1,@group2,@group3 write list = @group1,@group2,@group3 The output from log.smb is attached. Can someone help me? TIA, Carlos -------------- next part -------------- [1999/09/21 01:56:12, 1] smbd/server.c:main(628) smbd version 2.0.5a started. Copyright Andrew Tridgell 1992-1998 [1999/09/21 01:56:12, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [1999/09/21 01:56:13, 1] smbd/service.c:make_connection(521) gian (200.136.161.105) connect to service Profiles as user carlos (uid=1005, gid=103) (pid 331) [1999/09/21 01:56:15, 1] smbd/service.c:make_connection(521) gian (200.136.161.105) connect to service Profiles as user carlos (uid=1005, gid=103) (pid 331) [1999/09/21 01:56:15, 1] smbd/service.c:make_connection(521) gian (200.136.161.105) connect to service Profiles as user carlos (uid=1005, gid=103) (pid 331) [1999/09/21 01:56:15, 1] smbd/service.c:make_connection(521) gian (200.136.161.105) connect to service Profiles as user carlos (uid=1005, gid=103) (pid 331) [1999/09/21 01:56:24, 1] smbd/service.c:make_connection(521) gian (200.136.161.105) connect to service carlos as user carlos (uid=1005, gid=103) (pid 331) [1999/09/21 01:56:24, 0] smbd/open.c:open_directory(1195) open_directory: unable to stat name = ??/C:/WINNT/system32. Error was No such file or directory [1999/09/21 01:56:24, 0] smbd/nttrans.c:call_nt_transact_ioctl(2387) call_nt_transact_ioctl: Currently not implemented. [1999/09/21 01:56:24, 0] smbd/open.c:open_directory(1195) open_directory: unable to stat name = ??/C:/WINNT/system32. Error was No such file or directory [1999/09/21 01:56:32, 1] smbd/service.c:make_connection(521) gian (200.136.161.105) connect to service its as user carlos (uid=1005, gid=103) (pid 331) From TGasper at highlandil.com Tue Sep 21 05:39:09 1999 From: TGasper at highlandil.com (Tomas Gasper) Date: Tue Dec 2 02:27:07 2003 Subject: Samba as PDC w/ Exchange Message-ID: Hello, I am trying to run Samba 2.0 on Linux kernel 2.0.36 as a PDC with Microsoft Exchange running on a Windoze NT server in the domain. All is well with respect to the machine being in the domain and logging in as a domain user. The problem I have is that whenever I try to map a "Primary Windows NT" account to an Exchange mailbox, the Exchange Admin program GPFs in a bad way immediately after the "Add user" window pops up and before any domain users are shown in the window. (I can, however, see domain users in NT's User Admin for Domains without problem) In some other utilities that use the seemingly general purpose "Add user or group" window, there are always "predefined" users that NT seems to expect to find in the domain, but can't such as "The Operating System", "The Owner of the file", etc-These users are shown as "Account Unknown" with a hex number shown such as "0000002", "0000004", etc. along with the description of the non-existent user. Basically, what I'm wondering is whether I should, somehow, have predefined users in my domain (perhaps through /etc/smbpasswd) that NT is expecting - my guess is that Exchange can't gracefully handle the absence of some of these assumed accounts so it GPFs. Any ideas? Is anyone successfully running Samba as a PDC with Exchange? Thanks! Tomas Gasper tgasper@highlandil.com From sam at campbellsci.co.uk Tue Sep 21 07:49:05 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:27:07 2003 Subject: BUG: 16-bit setup.exe issues [Virus checked by FIDUCIA] In-Reply-To: <0057540001698526000002L462*@MHS> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > tschweikle@FIDUCIA.de > Sent: Monday, September 20, 1999 09:10 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: BUG: 16-bit setup.exe issues [Virus checked by FIDUCIA] > > switching mangled names off gives a more straightforward behavior: > 'LinuxInst' will become 'LINUXINS.T' for dos (no dot). 'bones_tar.Z' > will become 'BONES_TA.Z' ('bones_tar.Z' has a dot). Can't the mangled character be changed to one historically more acceptable for cases like this? Given that ~ has to cope for when ~ is actually part of the filename, surely then perhaps _ would be a good legal replacement? Sam From doko at cs.tu-berlin.de Tue Sep 21 10:22:48 1999 From: doko at cs.tu-berlin.de (Matthias Klose) Date: Tue Dec 2 02:27:07 2003 Subject: Samba-PDC and Samba-2.0 setup on the same machine. Message-ID: <14311.22711.847540.99345@bolero> I tried to summarize this setup in a FAQ entry [attached]; suggestions for improvements and clarifications are welcome. However I do have some questions with this setup: - The machine has a second network card. How do I get the samba-pdc server listen on the second physical interface. When adding the interface to the interfaces parameter, then the samba-pdc listens on all interfaces and I see the browse list of the samba-pdc on the interface, where the samba-20 should listen only. Do I have to setup a third server or can one of the servers listen on exactly two socket addresses? - The samba-pdc (Linux, UTC) acts as a time server; although I set the time offset to 60, the NT clients (net time \\samba-pdc) show the UTC time. - On the clients I can view the file permissions for the share exported by the samba-20 server. I am allowed to change permissions, but they don't change on the server. Do I miss something? - Which of the shares exported by the samba-pdc now can I move to the samba-20 server? (homes, netlogon, profiles ?) Thanks for your help. Matthias Howto setup a Samba PDC and a Samba 2.0 server on the same machine ------------------------------------------------------------------ This setup describes an setup of a Samba-2.0 and a Samba-2.1prealpha server both running on the same machine; it works for me on a Debian GNU/Linux machine. I got input from Gerald Carter, some things still are not clear for me and I would like to incorporate your input into this HOWTO. Installing samba and samba-pdc ------------------------------ First samba-20 (2.0.x) and samba-pdc (2.1prealpha) must be configured and setup, such that the installation does not overlap. You must have separate files for: smbd nmbd smbpasswd (not sure) smb.conf smbpasswd (I symlinked it) /var/samba directory If you are using a Debian GNU/Linux system, you can fetch the samba-pdc and samba-pdc-common packages from http://master.debian.org/~doko for this setup. Network setup ------------- Each server has to listen on it's own network interface. One of the addresses can be a virtual interface address. For the following descriptions I assume that the samba-pdc listens on the primary network interface 192.168.10.1; the samba-20 listens on the network interface 192.168.11.1, which is created (on Linux) with: ifconfig eth0:0 192.168.11.1 netmask 255.255.255.0 broadcast 192.168.11.255 route add -net 192.168.11.0 Samba configuration files ------------------------- The two configuration files must have separate netbios names, lock directories and log files. They can share the same passwd file and the same domain. For further information how to add the samba-20 machine to the domain, please see the NT domain FAQ. Configuration of samba-pdc: [global] workgroup = DOMAIN socket address = 192.168.10.1 server string = Samba %v netbios name = foo-pdc hosts allow = 192.168.10. 192.168.11. 127. security = user encrypt passwords = yes interfaces = 192.168.10.1/24 #192.168.1.10/24 local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes wins support = yes time offset = 60 time server = true [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon guest ok = no writable = no share modes = no # see http://de.samba.org/samba/docs/ntdom_faq/page4.html#4-4-1 locking = no public = no browseable = yes [profiles] path = /var/local/samba/profiles browseable = no writable = yes guest ok = yes Configuration of samba-20: [global] workgroup = DOMAIN socket address = 192.168.11.1 server string = Samba %v on %h netbios name = foo-20 hosts allow = 192.168.10. 192.168.11. 127. security = domain encrypt passwords = yes interfaces = 192.168.11.1/24 local master = no os level = 64 wins server = 192.168.10.1 [test] comment = Test Share (exported by samba-20) path = /home/tst public = no writable = yes printable = no nt acl support = yes From fricke at Team.OWL-Online.DE Tue Sep 21 11:17:50 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:07 2003 Subject: batch before logout Message-ID: <37E7695E.8EE72986@team.owl-online.de> Hi there, is there a possibility to run a batch file before logging off an NT - WS? I mean, i have to clear the temp-file before logging off and samba must help me in that case. Help outside? -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Thanx God, it?s Friday... From samba at druid.beeline.msk.ru Tue Sep 21 11:46:00 1999 From: samba at druid.beeline.msk.ru (samba) Date: Tue Dec 2 02:27:07 2003 Subject: prealpha Message-ID: Hi there! First thanx everybody for comments to my problem w/ password changing. Now I have another question. Time to time I see the mentions of "2.1prealpha". So where can I read about it and where can I download it to try? Thank you! Best regards, Konstantin Klubnichkin From norman at lithe.uark.edu Tue Sep 21 14:43:29 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:07 2003 Subject: Strange Roaming profile problem References: Message-ID: <37E79991.37A81EC8@lithe.uark.edu> "Carlos Eduardo P. Guidugli" wrote: > > Hello all, > > I have a strange problem. I have a pdc running Windows NT 4.0 + SP5 + IE5, > a fileserver running Debian 2.1 + Samba 2.0.5a and clients running Win > NT4.0 + SP5 + IE5. > > Samba acts like a server into the nt domain (security = domain). I have a > dir named Profiles with root as owner and users as group and permissions > 0770 we have a similar problem on our system. We have a RedHat 6.0 server, kernel 2.2.10 and samba 2.0.5a. We have a few NT4.0 SP5 machines with IE5 laying around. We had been logging into the profiles directory in a "not to nice" way (we didn't have the profiles separated out from the home directory). We moved the profiles directories to their own shares, and now all of the sudden, we find out the these updated systems don't use the roaming profiles correctly. When I have people at their "own" system, everything works, but when they move to another system, nothing gets pulled in right into the new system. The backgrounds are all wrong and the links are all bad. When we checked the profiles directory, we noticed that they weren't being updated, even though by watching smbclient, we can see where the user's profile directory is being attatched. I am beginning to wonder if there is something that Microsoft has done to the SP5 release (as usual) or with IE5 even that has caused some problems. Anyone else tackled something like this? -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From james at whispering.org Tue Sep 21 16:21:17 1999 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:07 2003 Subject: Samba as PDC w/ Exchange References: Message-ID: <01b901bf044d$57538ef0$120ca8c0@regencyrealty.com> Tomas, Exchange Administrator gives you the option to either select an existing account to give the mailbox permissions to or create a new one. If I'm understanding you correctly, you're having problems when you are trying to choose to create an account. This is most likely because Exchange uses strange calls to add users. You should probably create users on the machine acting as PDC then select them through Exchange Administrator. As a side note, you might also want to use Samba 2.1-prealpha if you're using the PDC functionality. You'll have fewer problems, since NT Domain code really isn't supported in 2.0. James Willard, CCNA james@whispering.org ----- Original Message ----- From: Tomas Gasper To: Multiple recipients of list SAMBA-NTDOM Sent: Tuesday, September 21, 1999 2:46 AM Subject: Samba as PDC w/ Exchange > Hello, > > I am trying to run Samba 2.0 on Linux kernel 2.0.36 as a PDC with Microsoft > Exchange running on a Windoze NT server in the domain. All is well with > respect to the machine being in the domain and logging in as a domain user. > The problem I have is that whenever I try to map a "Primary Windows NT" > account to an Exchange mailbox, the Exchange Admin program GPFs in a bad way > immediately after the "Add user" window pops up and before any domain users > are shown in the window. (I can, however, see domain users in NT's User > Admin for Domains without problem) > > In some other utilities that use the seemingly general purpose "Add user or > group" window, there are always "predefined" users that NT seems to expect > to find in the domain, but can't such as "The Operating System", "The Owner > of the file", etc-These users are shown as "Account Unknown" with a hex > number shown such as "0000002", "0000004", etc. along with the description > of the non-existent user. > > Basically, what I'm wondering is whether I should, somehow, have predefined > users in my domain (perhaps through /etc/smbpasswd) that NT is expecting - > my guess is that Exchange can't gracefully handle the absence of some of > these assumed accounts so it GPFs. > > Any ideas? > > Is anyone successfully running Samba as a PDC with Exchange? > > > > Thanks! > > > Tomas Gasper > tgasper@highlandil.com > > > From jasonlam at softhome.net Tue Sep 21 17:06:00 1999 From: jasonlam at softhome.net (Jason Lam) Date: Tue Dec 2 02:27:07 2003 Subject: Problem with policies (multi logon) Message-ID: <005f01bf0453$95209380$4ba77018@cr951892a> I am setting up a NT WS + samba network. Everything was smooth, I manage to put ntconfig.POL in the netlogon directory and this will make the policies in that ntconfig.POL file to be enforced on every WS. However, this setting easily break down in some condition. The default computer settings are fine anytime, but not the default user setting. I did setup the default user to some new settings, it seems to be working if the user logon only once, but not when the user logon again (multi logon) The first time the user logon, the default user policies will be enforced but when the user logon (multi) the second time, the policy for default user are not enforced. In my network, I need some users to be able to multi logon. Can anyone suggest a solution for problem? Jason Lam -------------- next part -------------- HTML attachment scrubbed and removed From awilliam at whitemice.org Tue Sep 21 17:14:47 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:07 2003 Subject: batch before logout In-Reply-To: "Cord-H. Fricke" "batch before logout" (Sep 21, 9:20pm) References: <37E7695E.8EE72986@team.owl-online.de> Message-ID: <9909211714.ZM4058@estate1.whitemice.org> On Sep 21, 9:20pm, Cord-H. Fricke wrote: > Subject: batch before logout > Hi there, > > is there a possibility to run a batch file before logging off an NT - > WS? > I mean, i have to clear the temp-file before logging off and samba must > help me in that case. > Help outside? I think there is a pre-exec and post-exec feature in samba. Search the smb.conf man age for "exec". From tschweikle at FIDUCIA.de Tue Sep 21 17:19:57 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:07 2003 Subject: Strange Roaming profile problem Message-ID: <0057540001715444000002L442*@MHS> Norman Weathers wrote: >"Carlos Eduardo P. Guidugli" wrote: >> >> Hello all, >> >> I have a strange problem. I have a pdc running Windows NT 4.0 + SP5 + IE5, >> a fileserver running Debian 2.1 + Samba 2.0.5a and clients running Win >> NT4.0 + SP5 + IE5. >> >> Samba acts like a server into the nt domain (security = domain). I have a >> dir named Profiles with root as owner and users as group and permissions >> 0770 > > we have a similar problem on our system. We have a RedHat 6.0 server, > kernel 2.2.10 and samba 2.0.5a. We have a few NT4.0 SP5 machines with > IE5 laying around. We had been logging into the profiles directory > in a "not to nice" way (we didn't have the profiles separated out from > the home directory). We moved the profiles directories to their own > shares, and now all of the sudden, we find out the these updated systems > don't use the roaming profiles correctly. When I have people at their > "own" system, everything works, but when they move to another system, > nothing gets pulled in right into the new system. The backgrounds are > all wrong and the links are all bad. When we checked the profiles > directory, we noticed that they weren't being updated, even though > by watching smbclient, we can see where the user's profile directory > is being attatched. I am beginning to wonder if there is something > that Microsoft has done to the SP5 release (as usual) or with IE5 > even that has caused some problems. Anyone else tackled something > like this? Having similar Problems. Some of them user related. If logging into an other WinNT workstation NT may "detects a slow link" then asking if it should download the profile or use the local one. Using the local one is default. Thus if the user hits return he gets, if never logged on to this workstation, the workstation default profile! I am searching for registry entries making NT load the profile from the server regardless of link speed without displaying this dialog at all or making the "remote" button the default (but would prefer not having that dialog at all - not granting user access if no profile available). This problem isn't related to Samba nor NT-Server. Some of my users have profiles on Samba some on a NT-Server. It is only related to the fact that the logon server isn't automatically the profile server. If it is, all is well, if not messy things happen. With Win9x the same problems arose. In addition that sometimes Win9x doesn't recognize the end of the logon-script. You have to cancel script execution. While I didn't had the time to track the problem further, I think it's on the client side. -- ThomasFrom nunes@mozart.ulbra.tche.br Tue Sep 21 17:22:17 1999 Received: from [200.18.75.37] ([200.18.75.37]:4384 "EHLO mozart.ulbra.tche.br") by samba.anu.edu.au with ESMTP id ; Wed, 22 Sep 1999 03:22:07 +1000 Received: from mozart (nunes@localhost [127.0.0.1]) by mozart.ulbra.tche.br (8.9.3/8.8.5) with SMTP id OAA21966 for ; Tue, 21 Sep 1999 14:25:19 -0300 From: Cristina Moreira Nunes Reply-To: nunes@mozart.ulbra.tche.br To: samba-ntdom@samba.org Subject: Domain Logon using samba Date: Tue, 21 Sep 1999 14:20:22 -0300 X-Mailer: KMail [version 1.0.17] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <99092114251901.21292@mozart> Content-Transfer-Encoding: 8bit X-KMail-Mark: Return-Path: X-Orcpt: rfc822;samba-ntdom@samba.org Hello, I have installed samba in a machine with Linux (Suse 6.1), and I configured it to be a domain master. Then I change the domain of Windows 98 to the same of samba. I created a count to this machine in /etc/passwd and I used smbpasswd to put a password. My username is in /etc/smbpasswd too. When I go logon at Windows, I receive this message: "Invalid Parameter" Could you help me? Thanks in advance, Cristina Nunes nunes@mozart.ulbra.tche.br ---------------------------------------- The /var/log/samba-log.nmb is: [1999/09/16 11:20:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 200.19.140.190: code = 0 [1999/09/16 11:22:30, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 200.19.140.190: code = 0 [1999/09/16 11:36:46, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 200.19.140.190: code = 0 The smb.conf: [global] workgroup = MOZART server string = mozart guest account = nobody os level = 65 security = user preferred master = yes debug level = 20 encrypt passwords = yes printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m max log size = 50 dns proxy = No hosts allow = 200.19.140.0/255.255.255.0, localhost, 200.18.75.0/255.255.255.0 local master = yes interfaces = 200.18.75.37/255.255.255.0 wins support = yes logon script = %U.bat domain logons = yes domain master = yes logon path = \\mozart\netlogon\%U logon home = "\\mozart\%U" [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon\%U guest ok = yes writable = no share modes = no From Diplom94 at etc.tu-ilmenau.de Tue Sep 21 18:38:19 1999 From: Diplom94 at etc.tu-ilmenau.de (Diplomandenkomitee M94) Date: Tue Dec 2 02:27:07 2003 Subject: synchronize samba(ldap)/unix Message-ID: <37E7D09B.1AD426FF@etc.tu-ilmenau.de> Hi Svante, thanks for the instant help about the synch of ldap and samba. I tried your hints, but didn't succeed :( When I turn the unix password synch on the users can't change their passwords (neither with smbpasswd nor via Win-NT). I looked in the logs and found the following error: [1999/09/21 20:13:04, 3] smbd/chgpasswd.c:chgpasswd(383) Password change for user: spring [1999/09/21 20:13:04, 3] smbd/chgpasswd.c:chat_with_program(310) Cannot Allocate pty for password change: spring the smbpasswd program stops with the error: machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. Failed to change password for spring I have looked in the logs of my ldap server and found out that there was no trial to change the passwd on the server. Do you have any idea what the problem could be ? It would be great if you could give me a hint. Thanks in advance! thomas smb.conf: [global] ldap suffix = "ou=samba,dc=prakinf,dc=tu-ilmenau,dc=de" ldap bind as = "cn=Directory Manager" ldap passwd file = /usr/local/etc/samba/ldappasswd ldap server = hera.prakinf.tu-ilmenau.de ldap port = 389 log file = /usr/local/samba/var/log.%U workgroup = LDAPSMB netbios name = alfred comment = Linux RedHat Samba Server security = user encrypt passwords = yes unix password sync = True passwd program = /usr/local/bin/ldappasswd -v -h hera.prakinf.tu-ilmenau.de \ -D cn="Directory Manager" -w kassandra \ -t "uid=%u,ou=people,dc=prakinf,dc=tu-ilmenau,dc=de" passwd chat = *New password* %n\n *Re-enter*new password* %n\n *dc=de passwd chat debug = true hosts allow = localhost,141.24.32. domain master = yes domain logons = yes os level = 33 ...  From swaters at amicus.com Tue Sep 21 20:13:50 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:07 2003 Subject: synchronize samba(ldap)/unix References: <37E7D09B.1AD426FF@etc.tu-ilmenau.de> Message-ID: <37E7E6FE.88F6CD42@amicus.com> i haven't been following this thread, but here's a braindead question: have you recompiled the kernel for PTY support? how much load is on this machine, is there any way that you could have actually run out of PTYs (isn't the default number something like 255???)? hope this helps, if you've already looked into these things, just ignore me. -stephen Diplomandenkomitee M94 wrote: > > Hi Svante, > > thanks for the instant help about the synch of ldap and samba. > I tried your hints, but didn't succeed :( > When I turn the unix password synch on the users can't change their > passwords (neither with smbpasswd nor via Win-NT). > I looked in the logs and found the following error: > > [1999/09/21 20:13:04, 3] smbd/chgpasswd.c:chgpasswd(383) > Password change for user: spring > [1999/09/21 20:13:04, 3] smbd/chgpasswd.c:chat_with_program(310) > Cannot Allocate pty for password change: spring > > the smbpasswd program stops with the error: > > machine 127.0.0.1 rejected the password change: Error was : The > specified password is invalid. > Failed to change password for spring > > I have looked in the logs of my ldap server and found out that there was > no trial to change the passwd on the server. > > Do you have any idea what the problem could be ? > It would be great if you could give me a hint. > > Thanks in advance! > > thomas > > smb.conf: > > [global] > ldap suffix = "ou=samba,dc=prakinf,dc=tu-ilmenau,dc=de" > ldap bind as = "cn=Directory Manager" > ldap passwd file = /usr/local/etc/samba/ldappasswd > ldap server = hera.prakinf.tu-ilmenau.de > ldap port = 389 > > log file = /usr/local/samba/var/log.%U > > workgroup = LDAPSMB > netbios name = alfred > comment = Linux RedHat Samba Server > security = user > > encrypt passwords = yes > unix password sync = True > passwd program = /usr/local/bin/ldappasswd -v -h > hera.prakinf.tu-ilmenau.de \ > -D cn="Directory Manager" -w kassandra \ > -t "uid=%u,ou=people,dc=prakinf,dc=tu-ilmenau,dc=de" > passwd chat = *New password* %n\n *Re-enter*new password* %n\n *dc=de > passwd chat debug = true > > hosts allow = localhost,141.24.32. > > domain master = yes > domain logons = yes > os level = 33 > > .. > >  From giulioo at tiscalinet.it Tue Sep 21 19:07:09 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:07 2003 Subject: synchronize samba(ldap)/unix In-Reply-To: <37E7D09B.1AD426FF@etc.tu-ilmenau.de> References: <37E7D09B.1AD426FF@etc.tu-ilmenau.de> Message-ID: <19990921190735.4286626E39@i3.golden.dom> On Wed, 22 Sep 1999 04:43:23 +1000, hai scritto: >[1999/09/21 20:13:04, 3] smbd/chgpasswd.c:chgpasswd(383) > Password change for user: spring >[1999/09/21 20:13:04, 3] smbd/chgpasswd.c:chat_with_program(310) > Cannot Allocate pty for password change: spring I used samba2.0.x on: A caldera1.3 kernel 2.0.33 libc5 B rh60, 2.2.x, glibc21 On A all works ok. On B I get the very same error (Cannot Allocate pty) if I disable UNIX PTY and work with "old" tty. With pty enabled the error goes away and password-sync works as expected. Already posted about this to samba-bugs. If you _do_ use pty and get the error, then there must be something else going on :-) -- giulioo@tiscalinet.it From steve56 at home.com Tue Sep 21 23:17:26 1999 From: steve56 at home.com (Steve Shoecraft) Date: Tue Dec 2 02:27:07 2003 Subject: Domain logins via PPP? Message-ID: <000501bf0487$783ca680$0a45a8c0@max.u2k.org> Has anyone been able to do domain logins via a PPP link? If so, how? I am running FreeBSD 3.2. I have 2 network interface cards on the machine, one to the internet, one to my local network. I am running ipfw (firewall support), as well as nat (network address translation). I have a ppp link which I am able to connect to. Once connected via ppp, I can ping/ftp/telnet to any machine on my internal network as well as the internet, so it looks like I have the network component setup correctly. Here's the info: x.x.x.x:255.255.255.0 - internet interface 192.168.69.1:255.255.255.0 - internal interface 192.168.69.80 -> 192.168.69.81 - ppp interface When I establish a ppp login, the ppp server adds a proxy arp entry. When I do an arp 192.168.69.81, it reports: ppp1.. (192.168.69.81) at 0:40:5:a3:4d:f permanent published (proxy only) When I do a netstat, I see the entry for the interface: Destination Gateway Flags ... ... 192.168.69.81 192.168.69.80 UH 192.168.69.81 0:40:5:a3:4d:f UHLS2 ... When I do a ifconfig, I see this: ... tun0: flags=8051 mtu 1500 inet 192.168.69.80 --> 192.168.69.81 netmask 0xffffff00 ... I have a samba server on 192.168.69.2. The samba server has only 1 network interface. The internal machines do domain logins (successfully) to the samba server, and the browse list is working fine. When I establish the ppp connection (the client is a Win98 box), however, I do NOT get a domain login. Also, the ppp client is able to see the internal machines in it's network neighborhood, but the internal machines are NOT able to see the ppp client. The client is setup like this: Dialup Networking->(connection name)->Properties->Server types shows that the the logon to network box is checked. For the protocols, only TCP/IP is checked. The TCP/IP settings are to get the IP address and name server addresses from the server. A look at ipconfig/All or winipcfg reports that the IP address is 192.168.69.81, netmask is 255.255.255.0, DNS server is 192.168.69.1 (which is correct -- DNS server is on my firewall), and the WINS server is 192.168.69.2. I have tcpdumped the ppp interface on the server. I see that when the client connects, the 1st thing it does it spit out 3 back-to-back multicast packets with a destination of 224.0.0.2 (router solicitation). It then registers with the WINS server, and that's it. No domain login. Here's what a tcpdump output of the router solicitation messages looks like (it is never responded to): (ts) 192.168.69.83 > 224.0.0.2: icmp: router solicitation Should this be responded to? If so, how so? Also, how do I get the ppp client to appear on the internal machines' network neighborhood? ANY help on this would be GREATLY appreciated! - Steve P.S. Here's the [global] section of my smb.conf: [global] workgroup = HOME netbios name = THOR server string = SCO UnixWare 7.1 interfaces = 192.168.69.2/24 security = DOMAIN encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = New\spassword: %n\n \nRe-enter\snew\spassword: %n\n unix password sync = Yes log level = 1 time server = Yes logon script = syslogon.bat logon drive = H: domain logons = Yes os level = 65 lm announce = True preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes From D.Bannon at latrobe.edu.au Tue Sep 21 23:29:59 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:07 2003 Subject: batch before logout In-Reply-To: <37E7695E.8EE72986@team.owl-online.de> Message-ID: <3.0.6.32.19990922092959.00898440@bioserve.latrobe.edu.au> At 09:21 PM 21/09/1999 +1000, Cord-H. Fricke wrote: >Hi there, > >is there a possibility to run a batch file before logging off an NT - >WS? Do you mean a batch file on the NT or a script file in the unix server ? If the latter, its easy : [homes] guest ok = no .... root postexec = /usr/local/sbin/setprofile %u -K In my case, the binary, "setprofile" deletes to user's profile after they log off. To run an NT (ie dos) batch file looks a bit harder, after logoff the machine is 'sort of' not running, just waiting for another logon. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From assar at sics.se Wed Sep 22 03:02:34 1999 From: assar at sics.se (Assar Westerlund) Date: Tue Dec 2 02:27:07 2003 Subject: format of authorization data in a win2k ticket Message-ID: <5l1zbrfy2d.fsf@assaris.sics.se> [ note mailing lists in headers, feel free to trim list in any replies ] I did some testing with Heimdal against a Windows 2000 rc1 KDC and after having managed to a client on the w2k-box to authenticate to my server I got ahold of an encrypted ticket with the extra authorization data in it. The entire contents of the authorization data that I got is available at . Decoding it, you get a AuthorizationData with tag AD-IF-RELEVANT and then in the data portion of that: UNIV CONS Sequence = { UNIV CONS Sequence = { CONTEXT CONS tag 0 = [0] UNIV PRIM Integer = integer 128 CONTEXT CONS tag 1 = [1] UNIV PRIM OctetString = length = 776, 04000000000000000100000068020000 <...> } } And the octet string contains lots of uninterpretable data (too me) but includes the client name (Administrator), the host name (TERMIT), and the first component of the domain name (FOO), and you can also find four SIDs in there but I haven't been able to figure out what these SIDs belong to. It's unclear how you would get out the SIDs of particular users from the database but it's clear that the SIDs belong to this domain since the prefix of them are the same as the SIDs that can be found in the registry. If anyone can bring some more clarity on the data in the octet string, that would be very nice. The programs that I used for extracting these are available. Just tell me if you're interested. /assar From kitchingc at mail.techplus.com Wed Sep 22 04:40:44 1999 From: kitchingc at mail.techplus.com (Chad Kitching) Date: Tue Dec 2 02:27:07 2003 Subject: Samba as PDC w/ Exchange References: Message-ID: <015001bf04b4$a24e7b60$0300a8c0@wpnk1.mb.wave.home.com> First thing, make sure you have an Administrator user, and Administrators and BUILTIN\Administrators group defined for Samba, because Exchange doens't much like it if there isn't. To create mailboxes, it's usually easiest to create a mailbox without a user assigned to it, export the directory, edit the CSV file it creates, and then inport the directory. The user name is the 7th argument in the exported file. Simply use the format DOMAIN\USER, and it should work. These are the user maps I use that seem to work: -- localgroup.map wheel=BUILTIN\Administrators -- domaingroup.map adm="Domain Admins" root="Administrators" users="Authenticated Users" mail="Mail Users" -- domainuser.map root=Administrator It seems that since the Exchange administrator tool expects to see a NT server admining the domain, and doesn't take any procautions against anything other than valid data being returned. ----- Original Message ----- From: Tomas Gasper To: Multiple recipients of list SAMBA-NTDOM Sent: Tuesday, September 21, 1999 1:47 AM Subject: Samba as PDC w/ Exchange > Hello, > > I am trying to run Samba 2.0 on Linux kernel 2.0.36 as a PDC with Microsoft > Exchange running on a Windoze NT server in the domain. All is well with > respect to the machine being in the domain and logging in as a domain user. > The problem I have is that whenever I try to map a "Primary Windows NT" > account to an Exchange mailbox, the Exchange Admin program GPFs in a bad way > immediately after the "Add user" window pops up and before any domain users > are shown in the window. (I can, however, see domain users in NT's User > Admin for Domains without problem) > > In some other utilities that use the seemingly general purpose "Add user or > group" window, there are always "predefined" users that NT seems to expect > to find in the domain, but can't such as "The Operating System", "The Owner > of the file", etc-These users are shown as "Account Unknown" with a hex > number shown such as "0000002", "0000004", etc. along with the description > of the non-existent user. > > Basically, what I'm wondering is whether I should, somehow, have predefined > users in my domain (perhaps through /etc/smbpasswd) that NT is expecting - > my guess is that Exchange can't gracefully handle the absence of some of > these assumed accounts so it GPFs. > > Any ideas? > > Is anyone successfully running Samba as a PDC with Exchange? > > > > Thanks! > > > Tomas Gasper > tgasper@highlandil.com > > > > From matty at cifs.org Wed Sep 22 04:25:53 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:07 2003 Subject: Samba PDC with LDAP support problem In-Reply-To: <37E6679F.A54BFE74@gactr.uga.edu> References: <37E6679F.A54BFE74@gactr.uga.edu> Message-ID: <19990922142553.E24977@cifs.org> Hi, Sorry I didn't see your message the first time around; it was in between three other messages with approximately the same subject! I've just fixed this problem (specifically - "Access Denied" when accessing an NT share in a Samba PDC controlled domain). Please CVS update and let me know how it goes. SAMBA-NTDOM people using LDAP support: this hopefully also fixes some other problems including phantom password expiries. (Manually setting pwdMustChangeTime is no longer required.) Cheers, Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From alanh at pinacl.co.uk Wed Sep 22 09:45:16 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing Message-ID: <01BF04E7.90049880.alanh@pinacl.co.uk> How do you create the NTprinter_??? and NTdriver_??? files with the correct entries for Samba 2.1prealpha ? I can see things like starttime printername servername etc, but how do I create them ? Thanks. Alan. From Dave.Stevenson at durham.ac.uk Wed Sep 22 10:14:30 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing Message-ID: <24838.199909221014@gengis> I'm not authoritative on this but have played a little.. I browsed the server, opened the printers folder and used "Add Printer" then when prompted "Have disk" and loaded the drivers from the CD on my workstation (NT4/SP5). (Make a print$ share to hold the drivers) The files were created by samba. Can make changes to forms etc. from workstation. (Get multiple entries for forms in the ntforms.def file but a simple sort -u removes the duplicates. I can then mount printers and print....but 1/ Spoolss on thee workstation crashes out when you add printer. ( But seems to get to the end of add printer process OK. restarting spoolss works and printer is seen. 2/ the print queue display code is not there yet apparently so the queue display does not refresh. 3/ Found the NT printing unworkable at the moment but interesting :) It is experimental code after all and a priviledge to play with it. The 2.0.5 mainline code I found works well with printers as LANMAN connections and by creating a print$ share I can download drivers from the server (though not automatically...anyone done this?) > > How do you create the NTprinter_??? and NTdriver_??? > files with the correct entries for Samba 2.1prealpha ? > > I can see things like > > starttime > printername > servername > > etc, but how do I create them ? > > Thanks. > > Alan. > From awilliam at whitemice.org Wed Sep 22 10:26:19 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:07 2003 Subject: Problem compiling SAMBA with ldap support In-Reply-To: "Adam Williams" "Re: Problem compiling SAMBA with ldap support" (Sep 18, 7:48pm) References: <37D8EE85.BD5DD97@BOS-Systemhaus.DE> <9909171024.ZM19996@estate1.whitemice.org> <37E22749.286B9799@ita.chalmers.se> <9909181948.ZM15528@estate1.whitemice.org> Message-ID: <9909221026.ZM21965@estate1.whitemice.org> On Sep 18, 7:48pm, Adam Williams wrote: > Subject: Re: Problem compiling SAMBA with ldap support > > [ Text > Encoded with "quoted-printable" ] : > > On Sep 17, 9:36pm, Svante S?rmark wrote: > > Subject: Re: Problem compiling SAMBA with ldap support > > > > > checking configure summarty > > > > > configure: error: summary failure. Aborting config > > > > what do the last few lines of config.log say? > > > { > struct fs_data fsd; > /* Ultrix's statfs returns 1 for success, > 0 for not mounted, -1 for failure. */ > exit (statfs (".", &fsd) != 1); > } > configure:9002: gcc -o conftest -O conftest.c -lreadline -ldl -lcrypt -lpam > -lcurses -lldap -llber 1>&5 > /usr/lib/libldap.so: undefined reference to `res_search' > /usr/lib/libldap.so: undefined reference to `dn_expand' > /usr/lib/libldap.so: undefined reference to `_getshort' > collect2: ld returned 1 exit status > configure: failed program was: > #line 8998 "configure" > #include "confdefs.h" > #include "./tests/summary.c" The configure file contains the line: LIBS="$LIBS -lldap -llber" The res_search function is found in /usr/include/resolv.h (grep is wonderful), so I changed the line to read: LIBS="$LIBS -lresolv -llber -lldap" And now configure completed successfully. From Jean-Francois.Micouleau at dalalu.fr Wed Sep 22 10:26:33 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing In-Reply-To: <24838.199909221014@gengis> Message-ID: On Wed, 22 Sep 1999 Dave.Stevenson@durham.ac.uk wrote: > I browsed the server, opened the printers folder and used "Add Printer" > then when prompted "Have disk" and loaded the drivers from the CD on > my workstation (NT4/SP5). (Make a print$ share to hold the drivers) > The files were created by samba. Can make > changes to forms etc. from workstation. > > (Get multiple entries for forms in the ntforms.def file but a simple > sort -u removes the duplicates. this a bug ^H^H^Hfeature of NT. I'll make a workaround on samba. > 1/ Spoolss on thee workstation crashes out when you add printer. ( But > seems to get to the end of add printer process OK. restarting spoolss > works and printer is seen. yes. I know how to fix it, just need to do it. > 2/ the print queue display code is not there yet apparently so the queue > display does not refresh. true. but you can force refresh in the view menu. > 3/ Found the NT printing unworkable at the moment but interesting :) > It is experimental code after all and a priviledge to play with it. it works with some printers. As soon as 1/ is fixed it'll work better. there are some others bugs. I know how to fix them, I just need some free time to fix them. > The 2.0.5 mainline code I found works well with printers as LANMAN connections and > by creating a print$ share I can download drivers from the server (though > not automatically...anyone done this?) you can't. Using LANMAN connections is like using WIN95/98 as a print server. Jean Francois From alanh at pinacl.co.uk Wed Sep 22 10:50:03 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing Message-ID: <01BF04F0.9C523A80.alanh@pinacl.co.uk> I can add the printer to print$ and it copies some files, but it still doesn't create and config files for samba to be able to read. For example. I've added a HP LaserJet 4 to print$ and it's copied the 4 files HP4PLUS6.PPD PSCRIPT.DLL PSCRIPT.HLP PSCRPTUI.DLL to the print$ share. But I know Samba 2.1 looks for files called NTprinter_ and NTdriver_ but I don't know how to create these properly so that Samba knows what to dish back to the client. If you check the nt_printing.c file there are comments about these files too. If I then try to add that printer to the workstation I get an 'unknown error' occurred when double clicking the printer's sharename in the add printer box. I've narrowed the problem down to these NTprinter/NTdriver files that need to be created to work properly. Alan. -----Original Message----- From: Dave.Stevenson@durham.ac.uk [SMTP:Dave.Stevenson@durham.ac.uk] Sent: 22 September 1999 11:13 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: NT printing I'm not authoritative on this but have played a little.. I browsed the server, opened the printers folder and used "Add Printer" then when prompted "Have disk" and loaded the drivers from the CD on my workstation (NT4/SP5). (Make a print$ share to hold the drivers) The files were created by samba. Can make changes to forms etc. from workstation. (Get multiple entries for forms in the ntforms.def file but a simple sort -u removes the duplicates. I can then mount printers and print....but 1/ Spoolss on thee workstation crashes out when you add printer. ( But seems to get to the end of add printer process OK. restarting spoolss works and printer is seen. 2/ the print queue display code is not there yet apparently so the queue display does not refresh. 3/ Found the NT printing unworkable at the moment but interesting :) It is experimental code after all and a priviledge to play with it. The 2.0.5 mainline code I found works well with printers as LANMAN connections and by creating a print$ share I can download drivers from the server (though not automatically...anyone done this?) > > How do you create the NTprinter_??? and NTdriver_??? > files with the correct entries for Samba 2.1prealpha ? > > I can see things like > > starttime > printername > servername > > etc, but how do I create them ? > > Thanks. > > Alan. > From alanh at pinacl.co.uk Wed Sep 22 10:53:49 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing Message-ID: <01BF04F1.3B5F6440.alanh@pinacl.co.uk> Found the error. I'm getting.. [1999/09/22 11:34:52, 1] printing/nt_printing.c:add_a_printer_2(592) cannot create printer file [/usr/local/samba/lib/NTprinter_Services] [1999/09/22 11:39:49, 1] rpc_parse/parse_spoolss.c:spool_io_printer_driver_info_ level_3(2863) lecture: memoire ok [1999/09/22 11:39:49, 1] printing/nt_printing.c:add_a_printer_driver_3(297) cannot create driver file [/usr/local/samba/lib/NTdriver_W32X86_HP LaserJet 4# 4M Plus PS 600] [1999/09/22 11:39:49, 1] printing/nt_printing.c:add_a_printer_2(592) cannot create printer file [/usr/local/samba/lib/NTprinter_Services] But I don't know why yet. Alan. -----Original Message----- From: Dave.Stevenson@durham.ac.uk [SMTP:Dave.Stevenson@durham.ac.uk] Sent: 22 September 1999 11:13 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: NT printing I'm not authoritative on this but have played a little.. I browsed the server, opened the printers folder and used "Add Printer" then when prompted "Have disk" and loaded the drivers from the CD on my workstation (NT4/SP5). (Make a print$ share to hold the drivers) The files were created by samba. Can make changes to forms etc. from workstation. (Get multiple entries for forms in the ntforms.def file but a simple sort -u removes the duplicates. I can then mount printers and print....but 1/ Spoolss on thee workstation crashes out when you add printer. ( But seems to get to the end of add printer process OK. restarting spoolss works and printer is seen. 2/ the print queue display code is not there yet apparently so the queue display does not refresh. 3/ Found the NT printing unworkable at the moment but interesting :) It is experimental code after all and a priviledge to play with it. The 2.0.5 mainline code I found works well with printers as LANMAN connections and by creating a print$ share I can download drivers from the server (though not automatically...anyone done this?) > > How do you create the NTprinter_??? and NTdriver_??? > files with the correct entries for Samba 2.1prealpha ? > > I can see things like > > starttime > printername > servername > > etc, but how do I create them ? > > Thanks. > > Alan. > From Dave.Stevenson at durham.ac.uk Wed Sep 22 11:08:06 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing Message-ID: <24962.199909221108@gengis> I know it may be a bit obvious but have you checked permissions on your /usr/local/samba/lib directory and make sure that they are writable by the unix user that you are mapping "administrator" to? (Either with domainuser.map or users.map) I remember having to fiddle with directory permissions in this area to get it to work. > > I can add the printer to print$ and it copies some files, but it > still doesn't create and config files for samba to be able > to read. > > For example. > > I've added a HP LaserJet 4 to print$ and it's copied the 4 files > HP4PLUS6.PPD PSCRIPT.DLL PSCRIPT.HLP PSCRPTUI.DLL > to the print$ share. > > But I know Samba 2.1 looks for files called NTprinter_ > and NTdriver_ but I don't know how to create these > properly so that Samba knows what to dish back to the client. > > If you check the nt_printing.c file there are comments about these > files too. > > If I then try to add that printer to the workstation I get an 'unknown > error' occurred when double clicking the printer's sharename in > the add printer box. > > I've narrowed the problem down to these NTprinter/NTdriver files that > need to be created to work properly. > > Alan. From greg at discreet.com Wed Sep 22 11:32:39 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:07 2003 Subject: NT printing In-Reply-To: <01BF04F1.3B5F6440.alanh@pinacl.co.uk> Message-ID: permissions? That's what got me stuck the first time around. Greg On 22-Sep-99 Alan Hourihane wrote: > Found the error. > > I'm getting.. > > [1999/09/22 11:34:52, 1] printing/nt_printing.c:add_a_printer_2(592) > cannot create printer file [/usr/local/samba/lib/NTprinter_Services] > [1999/09/22 11:39:49, 1] > rpc_parse/parse_spoolss.c:spool_io_printer_driver_info_ > level_3(2863) > lecture: memoire ok > [1999/09/22 11:39:49, 1] printing/nt_printing.c:add_a_printer_driver_3(297) > cannot create driver file [/usr/local/samba/lib/NTdriver_W32X86_HP LaserJet > 4# > 4M Plus PS 600] > [1999/09/22 11:39:49, 1] printing/nt_printing.c:add_a_printer_2(592) > cannot create printer file [/usr/local/samba/lib/NTprinter_Services] > > But I don't know why yet. > > Alan. > -----Original Message----- > From: Dave.Stevenson@durham.ac.uk [SMTP:Dave.Stevenson@durham.ac.uk] > Sent: 22 September 1999 11:13 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: NT printing > > I'm not authoritative on this but have played a little.. > > I browsed the server, opened the printers folder and used "Add Printer" > then when prompted "Have disk" and loaded the drivers from the CD on > my workstation (NT4/SP5). (Make a print$ share to hold the drivers) > The files were created by samba. Can make > changes to forms etc. from workstation. > > (Get multiple entries for forms in the ntforms.def file but a simple > sort -u removes the duplicates. > > I can then mount printers and print....but > > 1/ Spoolss on thee workstation crashes out when you add printer. ( But > seems to get to the end of add printer process OK. restarting spoolss > works and printer is seen. > > 2/ the print queue display code is not there yet apparently so the queue > display > does not refresh. > > 3/ Found the NT printing unworkable at the moment but interesting :) > It is experimental code after all and a priviledge to play with it. > > The 2.0.5 mainline code I found works well with printers as LANMAN > connections and > by creating a print$ share I can download drivers from the server (though > not automatically...anyone done this?) > >> >> How do you create the NTprinter_??? and NTdriver_??? >> files with the correct entries for Samba 2.1prealpha ? >> >> I can see things like >> >> starttime >> printername >> servername >> >> etc, but how do I create them ? >> >> Thanks. >> >> Alan. >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From alanh at pinacl.co.uk Wed Sep 22 11:39:51 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:08 2003 Subject: NT printing Message-ID: <01BF04F7.91E461C0.alanh@pinacl.co.uk> That was it - Grumble.... -----Original Message----- From: Greg Dickie [SMTP:greg@discreet.com] Sent: 22 September 1999 12:33 To: Alan Hourihane Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: NT printing permissions? That's what got me stuck the first time around. Greg On 22-Sep-99 Alan Hourihane wrote: > Found the error. > > I'm getting.. > > [1999/09/22 11:34:52, 1] printing/nt_printing.c:add_a_printer_2(592) > cannot create printer file [/usr/local/samba/lib/NTprinter_Services] > [1999/09/22 11:39:49, 1] > rpc_parse/parse_spoolss.c:spool_io_printer_driver_info_ > level_3(2863) > lecture: memoire ok > [1999/09/22 11:39:49, 1] printing/nt_printing.c:add_a_printer_driver_3(297) > cannot create driver file [/usr/local/samba/lib/NTdriver_W32X86_HP LaserJet > 4# > 4M Plus PS 600] > [1999/09/22 11:39:49, 1] printing/nt_printing.c:add_a_printer_2(592) > cannot create printer file [/usr/local/samba/lib/NTprinter_Services] > > But I don't know why yet. > > Alan. > -----Original Message----- > From: Dave.Stevenson@durham.ac.uk [SMTP:Dave.Stevenson@durham.ac.uk] > Sent: 22 September 1999 11:13 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: NT printing > > I'm not authoritative on this but have played a little.. > > I browsed the server, opened the printers folder and used "Add Printer" > then when prompted "Have disk" and loaded the drivers from the CD on > my workstation (NT4/SP5). (Make a print$ share to hold the drivers) > The files were created by samba. Can make > changes to forms etc. from workstation. > > (Get multiple entries for forms in the ntforms.def file but a simple > sort -u removes the duplicates. > > I can then mount printers and print....but > > 1/ Spoolss on thee workstation crashes out when you add printer. ( But > seems to get to the end of add printer process OK. restarting spoolss > works and printer is seen. > > 2/ the print queue display code is not there yet apparently so the queue > display > does not refresh. > > 3/ Found the NT printing unworkable at the moment but interesting :) > It is experimental code after all and a priviledge to play with it. > > The 2.0.5 mainline code I found works well with printers as LANMAN > connections and > by creating a print$ share I can download drivers from the server (though > not automatically...anyone done this?) > >> >> How do you create the NTprinter_??? and NTdriver_??? >> files with the correct entries for Samba 2.1prealpha ? >> >> I can see things like >> >> starttime >> printername >> servername >> >> etc, but how do I create them ? >> >> Thanks. >> >> Alan. >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From john.rooke at lpsystems.com Wed Sep 22 11:20:45 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:08 2003 Subject: Errors in log.smb Message-ID: <37E8BB8D.4F4DDE6@lpsystems.com> Hi, I am running Samba 2.1.0-prealpha on SuSE Linux 6.0 as a PDC for out NT Workstation 4.0 network and am getting the following in log.smb. Anyone got any ideas what is wrong? [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account john$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account bernard$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account rachael$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account carl$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account neil$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account janet$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account fender$ should be in DOMAIN_GROUP_RID_USERS [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) trust account neilp$ should be in DOMAIN_GROUP_RID_USERS Thanks, John. From mmiller at vermeermfg.com Wed Sep 22 12:22:52 1999 From: mmiller at vermeermfg.com (Matthew Miller) Date: Tue Dec 2 02:27:08 2003 Subject: batch before logout References: <3.0.6.32.19990922092959.00898440@bioserve.latrobe.edu.au> Message-ID: <37E8CA1C.939EE0D0@vermeermfg.com> For Windows there is a shareware solution. Courtesy of Lockergnome, take a look at LastChance: Product Info: http://www.fileware.com/products.htm Download http://209.95.106.186/public/lchance.exe Freeware isn't always what it's cracked up to be, but you might want to give it a try... Matt Miller David Bannon wrote: > At 09:21 PM 21/09/1999 +1000, Cord-H. Fricke wrote: > >Hi there, > > > >is there a possibility to run a batch file before logging off an NT - > >WS? > > Do you mean a batch file on the NT or a script file in the unix server ? > > If the latter, its easy : > [homes] > guest ok = no > .... > root postexec = /usr/local/sbin/setprofile %u -K > > In my case, the binary, "setprofile" deletes to user's profile after they > log off. > > To run an NT (ie dos) batch file looks a bit harder, after logoff the > machine is 'sort of' not running, just waiting for another logon. > > David > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! From cartegw at Eng.Auburn.EDU Wed Sep 22 12:42:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:08 2003 Subject: Errors in log.smb References: <37E8BB8D.4F4DDE6@lpsystems.com> Message-ID: <37E8CEAD.40B19113@eng.auburn.edu> John Rooke wrote: > > Hi, > > I am running Samba 2.1.0-prealpha on SuSE Linux 6.0 as a > PDC for out NT Workstation 4.0 network and am getting the > following in log.smb. Anyone got any ideas what is wrong? > > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account john$ should be in DOMAIN_GROUP_RID_USERS from the Samba NT Domain FAQ... 2.6. I keep getting the message "trust account xxx should be in DOMAIN_GROUP_RID_USERS." What do I need to do? Nothing. This is a note that one of the developers put in to remind him of a issue that is yet to be resolved. It is harmless and should be ignored. If you find it filling up your debug logs, you can set it to be logged at a higher level. Edit passdb/sampass.c and locate the string. Then change the debug level from 0 to 3 or higher. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ctooley at joslyn.org Wed Sep 22 12:35:11 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? Message-ID: <01BF04CD.01764C40.ctooley@joslyn.org> The only thing I can think of, which means nothing because I'm certainly not great at this stuff, is; do you have ip forwarding set up? You may not need it with ipfw and nat under FreeBSD 3.2, I don't know for sure. chris Tooley -----Original Message----- From: Steve Shoecraft [SMTP:steve56@home.com] Sent: Tuesday, September 21, 1999 6:19 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Domain logins via PPP? Has anyone been able to do domain logins via a PPP link? If so, how? I am running FreeBSD 3.2. I have 2 network interface cards on the machine, one to the internet, one to my local network. I am running ipfw (firewall support), as well as nat (network address translation). I have a ppp link which I am able to connect to. Once connected via ppp, I can ping/ftp/telnet to any machine on my internal network as well as the internet, so it looks like I have the network component setup correctly. Here's the info: x.x.x.x:255.255.255.0 - internet interface 192.168.69.1:255.255.255.0 - internal interface 192.168.69.80 -> 192.168.69.81 - ppp interface When I establish a ppp login, the ppp server adds a proxy arp entry. When I do an arp 192.168.69.81, it reports: ppp1.. (192.168.69.81) at 0:40:5:a3:4d:f permanent published (proxy only) When I do a netstat, I see the entry for the interface: Destination Gateway Flags ... ... 192.168.69.81 192.168.69.80 UH 192.168.69.81 0:40:5:a3:4d:f UHLS2 ... When I do a ifconfig, I see this: ... tun0: flags=8051 mtu 1500 inet 192.168.69.80 --> 192.168.69.81 netmask 0xffffff00 ... I have a samba server on 192.168.69.2. The samba server has only 1 network interface. The internal machines do domain logins (successfully) to the samba server, and the browse list is working fine. When I establish the ppp connection (the client is a Win98 box), however, I do NOT get a domain login. Also, the ppp client is able to see the internal machines in it's network neighborhood, but the internal machines are NOT able to see the ppp client. The client is setup like this: Dialup Networking->(connection name)->Properties->Server types shows that the the logon to network box is checked. For the protocols, only TCP/IP is checked. The TCP/IP settings are to get the IP address and name server addresses from the server. A look at ipconfig/All or winipcfg reports that the IP address is 192.168.69.81, netmask is 255.255.255.0, DNS server is 192.168.69.1 (which is correct -- DNS server is on my firewall), and the WINS server is 192.168.69.2. I have tcpdumped the ppp interface on the server. I see that when the client connects, the 1st thing it does it spit out 3 back-to-back multicast packets with a destination of 224.0.0.2 (router solicitation). It then registers with the WINS server, and that's it. No domain login. Here's what a tcpdump output of the router solicitation messages looks like (it is never responded to): (ts) 192.168.69.83 > 224.0.0.2: icmp: router solicitation Should this be responded to? If so, how so? Also, how do I get the ppp client to appear on the internal machines' network neighborhood? ANY help on this would be GREATLY appreciated! - Steve P.S. Here's the [global] section of my smb.conf: [global] workgroup = HOME netbios name = THOR server string = SCO UnixWare 7.1 interfaces = 192.168.69.2/24 security = DOMAIN encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = New\spassword: %n\n \nRe-enter\snew\spassword: %n\n unix password sync = Yes log level = 1 time server = Yes logon script = syslogon.bat logon drive = H: domain logons = Yes os level = 65 lm announce = True preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes From greg at discreet.com Wed Sep 22 13:02:15 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:08 2003 Subject: Errors in log.smb In-Reply-To: <37E8BB8D.4F4DDE6@lpsystems.com> Message-ID: Just warnings, no problem. Greg On 22-Sep-99 John Rooke wrote: > Hi, > > I am running Samba 2.1.0-prealpha on SuSE Linux 6.0 as a PDC for out NT > Workstation 4.0 network and am getting the following in log.smb. Anyone > got any ideas what is wrong? > > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account john$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account bernard$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account rachael$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account carl$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account neil$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account janet$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account fender$ should be in DOMAIN_GROUP_RID_USERS > [1999/09/22 12:05:05, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account neilp$ should be in DOMAIN_GROUP_RID_USERS > > Thanks, > > John. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From tschweikle at FIDUCIA.de Wed Sep 22 14:09:29 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:08 2003 Subject: pam_smb_auth.so Message-ID: <0057540001743259000002L492*@MHS> Hi! following the instructions given with pam_smb_auth.so I get: sshd[2158]: pam_smb: Local UNIX username/password check incorrect. sshd[2158]: pam_smb: Configuration Data, Primary XCNLM00S, Backup XCNLM00S, Domain NLM2. sshd[2158]: pam_smb: Correct NT username/password pair sshd[2158]: fatal: Connection closed by remote host. The host is listed as beeing part of the NT domain. pam_smb.conf holds the domain and the PDC (no BDC used PDC again instead). Any clues? -- From mbreuer at siac.com Wed Sep 22 14:43:03 1999 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? References: <000501bf0487$783ca680$0a45a8c0@max.u2k.org> Message-ID: <37E8EAF7.314DDD7A@siac.com> I do this regularly. In my case, my Samba server is my primary WINS server. The WINS server in the dial-up networking settings is set to the IP address of my Samba server. I notice that in your case you have both WINS support and WINS proxy set. I believe that you need to turn off WINS proxy. Good luck. -- Michael Breuer mbreuer@siac.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2028 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990922/e406c428/smime.bin From alanh at pinacl.co.uk Wed Sep 22 14:59:40 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:08 2003 Subject: NT printing Message-ID: <01BF0513.7C5E1000.alanh@pinacl.co.uk> >> 1/ Spoolss on thee workstation crashes out when you add printer. ( But >> seems to get to the end of add printer process OK. restarting spoolss >> works and printer is seen. > >yes. I know how to fix it, just need to do it. > This is a strange one. I've compiled 2.1 on a libc5 system and this works, but on libc6 it crashes like you say. MMmmm. I'll investigate. Alan. From S.Ahmet at KIMC.de Wed Sep 22 16:04:03 1999 From: S.Ahmet at KIMC.de (Sahin Ahmet) Date: Tue Dec 2 02:27:08 2003 Subject: No subject Message-ID: <002b01bf0514$17970040$0fc8c8be@ws_3.kimc.de> HELP -------------- next part -------------- HTML attachment scrubbed and removed From steve56 at home.com Wed Sep 22 15:41:08 1999 From: steve56 at home.com (Steve Shoecraft) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? In-Reply-To: <37E8EAF7.314DDD7A@siac.com> Message-ID: <000801bf0510$e452a3e0$0a45a8c0@max.u2k.org> I have tried it with both WINS proxy on and WINS proxy off. I still can't get it to work. Can you send me your info? i.e., client configuration, PPP setup info, a sample of your smb.conf? Also, does your system accept and handle the multicast packets that are sent out by the client when it 1st connects? They are addressed to 224.0.0.2 (multicast router solicitation). I have tried EVERYTHING I can think of. Please help. - Steve > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Michael Breuer > Sent: Wednesday, September 22, 1999 7:51 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Domain logins via PPP? > > > I do this regularly. In my case, my Samba server is my > primary WINS server. The WINS server in the dial-up > networking settings is > set to the IP address of my Samba server. I notice that in > your case you have both WINS support and WINS proxy set. I > believe that > you need to turn off WINS proxy. Good luck. > > -- > Michael Breuer > mbreuer@siac.com > > From steve56 at home.com Wed Sep 22 15:55:32 1999 From: steve56 at home.com (Steve Shoecraft) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? In-Reply-To: <37E8EAF7.314DDD7A@siac.com> Message-ID: <000901bf0512$e6ce6760$0a45a8c0@max.u2k.org> Also, when I log in via PPP, the client (a Win98 laptop), can see all of the systems in the network neighborhood, but, the other systems cannot see the laptop. Do you see this as well? - Steve > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Michael Breuer > Sent: Wednesday, September 22, 1999 7:51 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Domain logins via PPP? > > > I do this regularly. In my case, my Samba server is my > primary WINS server. The WINS server in the dial-up > networking settings is > set to the IP address of my Samba server. I notice that in > your case you have both WINS support and WINS proxy set. I > believe that > you need to turn off WINS proxy. Good luck. > > -- > Michael Breuer > mbreuer@siac.com > > From mbreuer at siac.com Wed Sep 22 16:01:51 1999 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? References: <000801bf0510$e452a3e0$0a45a8c0@max.u2k.org> Message-ID: <37E8FD6E.CD73B327@siac.com> Steve, The KEY to this is that the client must know how to find its domain controller on a different subnet. There are three ways (to the best of my knowledge) to do this. 1) Use the "remote annouce" feature of SAMBA to broadcast to the PPP subnet. Note that this has not worked well for me as occasionally my login attempt precedes the first broadcast attempt after the connection is made. This is really better for hard-wired workstations. 2) Use WINS to locate the domain controller. This is what I currently do. The smb.conf man pages explain fairly well how to setup Samba as a WINS server. My guess in your case is that you haven't properly configured the dial-up networking settings to use WINS. To configure this right-click on your dial-up connection icon and select "properties." From the Properties dialog, select the "server types" tab and then "TCP/IP Settings." Make sure that you have your WINS server IP address properly set. Also, on the "server types" tab, make sure you enable "log on to network" and NetBEUI. As far as your SAMBA WINS settings... I only have "wins support=yes" set. When you also set the wins proxy support, you should see an error in your log files. Steve Shoecraft wrote: > I have tried it with both WINS proxy on and WINS proxy off. I still can't > get it to work. Can you send me your info? i.e., client configuration, PPP > setup info, a sample of your smb.conf? > > Also, does your system accept and handle the multicast packets that are > sent out by the client when it 1st connects? They are addressed to > 224.0.0.2 (multicast router solicitation). > > I have tried EVERYTHING I can think of. Please help. > > - Steve > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Michael Breuer > > Sent: Wednesday, September 22, 1999 7:51 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: Domain logins via PPP? > > > > > > I do this regularly. In my case, my Samba server is my > > primary WINS server. The WINS server in the dial-up > > networking settings is > > set to the IP address of my Samba server. I notice that in > > your case you have both WINS support and WINS proxy set. I > > believe that > > you need to turn off WINS proxy. Good luck. > > > > -- > > Michael Breuer > > mbreuer@siac.com > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2028 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990922/066d4233/smime.bin From mbreuer at siac.com Wed Sep 22 16:04:34 1999 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? References: <000901bf0512$e6ce6760$0a45a8c0@max.u2k.org> Message-ID: <37E8FE11.C2639A81@siac.com> I never looked for the laptop. However... if WINS is working properly then you should see the laptop. Steve Shoecraft wrote: > Also, when I log in via PPP, the client (a Win98 laptop), can see all of > the systems in the network neighborhood, but, the other systems cannot see > the laptop. Do you see this as well? > > - Steve > [snip] From becker at spellbound.de Wed Sep 22 16:04:16 1999 From: becker at spellbound.de (BECKER =?iso-8859-1?Q?St=E9phane?=) Date: Tue Dec 2 02:27:08 2003 Subject: Problem inside a NT Domain. Message-ID: <4.1.19990922174949.00b08660@192.0.3.10> Hi, I am a bit new to this mailling, at least this is my first post here. I tried to find information in the documentation of Samba without any success. But here is the description of the whole thing : Here in my company I've set up a network consisting of around twelve computer running 95/98/NT4/NT2000 we have a main server running NT4 server. This server is th e PDC of the domain. This configuration was running nicely until now but recently we had a linux server running samba to add some security to the whole thing. In fact the only purpose of the linux server is to serve as a file server. So I set up samba on the linux box and then everything was running, people connecting to the file server seamlessly and so on... by the way everybody in the company has at least two network drive mapped to the linux server. There is nothing special on this network, no bridge no router only one network. But there is still two problem I can't seems to solve : - I've got a performance issue on every computer. Sometimes the computer freeze for 5 or 10 seconds this was not happening before the connection of the linux server. My guess is that every x minutes the connexion is resetted and then the linux server must reidentificate the client by sending his password to the NT server. This is quite disapointing, users throwing rocks at me. - I've got one Windows NT 2000 beta 3 box and It seems that I can't make it join the domain, but at least this one seems to be a pure NT problem, perhaps another change in the password scheme ? Yeah the new NT wizards are really nice... always a nice box telling you that you can't do that. So If somebody has got an answer ... BECKER St?phane ???`????,??,????`????,??,????`????,??,????`???????`????,??,????`????,??,? BECKER St?phane, becker@spellbound.de Spellbound Software * West Str. 15 * 77694 Kehl * Germany Ph +49 7851 9916-71 * Fax -61 * From lindauer at merkur.net Wed Sep 22 16:44:08 1999 From: lindauer at merkur.net (Manuel Lindauer) Date: Tue Dec 2 02:27:08 2003 Subject: Samba 2.1 prealpha Message-ID: <002b01bf0519$b1763aa0$0a00a8c0@Lindauer.net> Where can I download Samba 2.1.0 prealpha ??????????? Manuel Lindauer From coklh at kci.wayne.edu Wed Sep 22 16:59:03 1999 From: coklh at kci.wayne.edu (Howard Cokl) Date: Tue Dec 2 02:27:08 2003 Subject: Subscribe Message-ID: <37E90AD7.8C65795D@kci.wayne.edu> Subscribe -- Howard Cokl Information Systems Barbara Ann Karmanos Cancer Institute 100 East Warren Ave. Detroit, MI 48201 (313) 833-0715 ext 2422 From p.mayers at ic.ac.uk Wed Sep 22 16:53:26 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:08 2003 Subject: CVS fix? (was RE: Problem compiling SAMBA with ldap support) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF96E@icex1.cc.ic.ac.uk> Sir, you are a stud... Confirmed. This is the fix needed to compile with LDAP on last nights CVS with LDAP support (Redhat 6.0, Openldap 1.2.6) Could someone with CVS access please commit this? Cheers, Phil -----Original Message----- From: Adam Williams To: Multiple recipients of list SAMBA-NTDOM Sent: 22/09/99 11:28 Subject: Re: Problem compiling SAMBA with ldap support On Sep 18, 7:48pm, Adam Williams wrote: > Subject: Re: Problem compiling SAMBA with ldap support > > [ Text > Encoded with "quoted-printable" ] : > > On Sep 17, 9:36pm, Svante S?rmark wrote: > > Subject: Re: Problem compiling SAMBA with ldap support > > > > > checking configure summarty > > > > > configure: error: summary failure. Aborting config > > > > what do the last few lines of config.log say? > > > { > struct fs_data fsd; > /* Ultrix's statfs returns 1 for success, > 0 for not mounted, -1 for failure. */ > exit (statfs (".", &fsd) != 1); > } > configure:9002: gcc -o conftest -O conftest.c -lreadline -ldl -lcrypt -lpam > -lcurses -lldap -llber 1>&5 > /usr/lib/libldap.so: undefined reference to `res_search' > /usr/lib/libldap.so: undefined reference to `dn_expand' > /usr/lib/libldap.so: undefined reference to `_getshort' > collect2: ld returned 1 exit status > configure: failed program was: > #line 8998 "configure" > #include "confdefs.h" > #include "./tests/summary.c" The configure file contains the line: LIBS="$LIBS -lldap -llber" The res_search function is found in /usr/include/resolv.h (grep is wonderful), so I changed the line to read: LIBS="$LIBS -lresolv -llber -lldap" And now configure completed successfully. From william at hae.com Wed Sep 22 16:56:11 1999 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:27:08 2003 Subject: Samba 2.1 prealpha References: <002b01bf0519$b1763aa0$0a00a8c0@Lindauer.net> Message-ID: <37E90A2B.9A9C7E4E@hae.com> Manuel Lindauer wrote: > > Where can I download Samba 2.1.0 prealpha ??????????? > Manuel Lindauer CVS is the only way to get 2.1.0prealpha... http://samba.org/cvs.html -- William Stuart (william@hae.com) "Don't rush me sonny, you rush a Miracle Man you get rotten miracles" From skvidal at phy.duke.edu Wed Sep 22 17:07:15 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:08 2003 Subject: SAMBA pdc and ldap Message-ID: I've read the smb-ldap howto that I was pointed at. I have a few questions regarding system integration with the unix side Is there any good way to keep my samba smbpasswd synced in the LDAP database synced with the unix user ldap entry? I'm attempting to make the LDAP database my one-time pass for all users and I'm trying to figure that part out. when I attempt to ./configure --with-ldap on my system I get a configure summary failure. I got my sources from CVS yesterday. are there any known "better" revision dates in the CVS system? I've consulted the mailing list archive on this and haven't found anything that had an answer. jerry carter has been immensely helpful in the PDC configuration but I am now wondering about the LDAP integration. thanks -sv From skvidal at phy.duke.edu Wed Sep 22 17:14:33 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:08 2003 Subject: samba ldap support Message-ID: ok I just got the message with the ldap ./configure fix however I'm receiving an error now in config.log about not being able to -lber what is -lber is it an ldap library that I have not yet compiled. I'm not familiar with this name. -sv From matty at cifs.org Wed Sep 22 17:14:57 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:08 2003 Subject: samba ldap support In-Reply-To: References: Message-ID: <19990923031457.C30506@cifs.org> On Thu, Sep 23, 1999 at 03:16:41AM +1000, Seth Vidal wrote: > ok I just got the message with the ldap ./configure fix > however I'm receiving an error now in config.log about not being able to > -lber Most LDAP servers (UMich, OpenLDAP, etc) require -llber as well as -lldap. If yours doesn't I'm afraid you'll have to take that out manually for now. One of these days I'll have to write a proper configure test to check what combination of -lldap, -llber and -lresolv we need... Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From steve56 at home.com Wed Sep 22 17:06:34 1999 From: steve56 at home.com (Steve Shoecraft) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? In-Reply-To: <37E8FD6E.CD73B327@siac.com> Message-ID: <000e01bf051c$d372c300$0a45a8c0@max.u2k.org> NetBEUI? I disabled it. I tried enabling it, and it doesn't make a bit of difference. I've turned debugging and log level up to 100 and am sorting through the logs right now. Also, the FIRST thing the client does is register with the WINS server. I check the lock dir for wins.dat, and lo and behold the client shows up there. Also, a quick perusal through the logs shows some activity from the client there. I'll check more into it. I've been doing a bit of reading, and I THINK the client is looking for a WINS record of <1b>, which IS in my WINS database (registered by the domain logon server). *SIGH* - Steve > -----Original Message----- > From: Michael Breuer [mailto:mbreuer@siac.com] > Sent: Wednesday, September 22, 1999 9:02 AM > To: steve56@home.com > Cc: 'Multiple recipients of list SAMBA-NTDOM' > Subject: Re: Domain logins via PPP? > > > Steve, > The KEY to this is that the client must know how to find its > domain controller on a different subnet. There are three ways (to the > best of my knowledge) to do this. > > 1) Use the "remote annouce" feature of SAMBA to broadcast to > the PPP subnet. Note that this has not worked well for me as > occasionally my login attempt precedes the first broadcast > attempt after the connection is made. This is really better for > hard-wired workstations. > 2) Use WINS to locate the domain controller. This is what I > currently do. The smb.conf man pages explain fairly well how to setup > Samba as a WINS server. My guess in your case is that you > haven't properly configured the dial-up networking settings > to use WINS. > To configure this right-click on your dial-up connection icon > and select "properties." From the Properties dialog, select the > "server types" tab and then "TCP/IP Settings." Make sure > that you have your WINS server IP address properly set. Also, on the > "server types" tab, make sure you enable "log on to network" > and NetBEUI. > > As far as your SAMBA WINS settings... > > I only have "wins support=yes" set. When you also set the > wins proxy support, you should see an error in your log files. > > Steve Shoecraft wrote: > > > I have tried it with both WINS proxy on and WINS > proxy off. I still can't > > get it to work. Can you send me your info? i.e., client > configuration, PPP > > setup info, a sample of your smb.conf? > > > > Also, does your system accept and handle the > multicast packets that are > > sent out by the client when it 1st connects? They are addressed to > > 224.0.0.2 (multicast router solicitation). > > > > I have tried EVERYTHING I can think of. Please help. > > > > - Steve > > > > > -----Original Message----- > > > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > > > Michael Breuer > > > > Sent: Wednesday, September 22, 1999 7:51 AM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Re: Domain logins via PPP? > > > > > > > > > I do this regularly. In my case, my Samba server is my > > > primary WINS server. The WINS server in the dial-up > > > networking settings is > > > set to the IP address of my Samba server. I notice that in > > > your case you have both WINS support and WINS proxy set. I > > > believe that > > > you need to turn off WINS proxy. Good luck. > > > > > > -- > > > Michael Breuer > > > mbreuer@siac.com > > > > > > > From jonas at coyote.org Wed Sep 22 17:43:42 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:08 2003 Subject: NIS maps and logon path. Message-ID: <87vh92265t.fsf@poledra.coyote.org> hi, I've been tinkering some with the latest Samba from the CVS archive and making it run as an NT domain server. I should say that it worked much better than I had anticipated. That is; until I ran into problems with the logon path. What I'd like to do is to have all profiles on the same server as Samba, but have the Windows NT 4.0 clients mount H: from other machines, let's call them HSERVER1 and HSERVER2. In order to do this, I installed /etc/auto.home with the following contents; user1 HSERVER1:/foo user2 HSERVER2:/foo I exported it with NIS and I can do this, which makes me assume that all is well; $ ypcat auto.home HSERVER1:/foo HSERVER2:/foo Then I put this down in smb.conf; domain logons = yes logon path = \\%L\Profiles\%U nis homedir = yes homedir map = auto.home logon drive = H: logon home = \\%N\%U This, unfortunately, does not work (profiles work just fine, but H: never gets mounted). The error I've caught in log.client is; [1999/09/22 18:28:15, 3] smbd/service.c:find_service(108) checking for home directory gave (NULL) As per other recommendations on this list and others, I've made sure that my Samba daemons are compiled with libnsl and the options required (which wasn't autodetected on a Debian unstable system). Any ideas as to what is wrong with this setup? Jonas From p.mayers at ic.ac.uk Wed Sep 22 18:33:48 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:08 2003 Subject: SAMBA pdc and ldap Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF971@icex1.cc.ic.ac.uk> I'm doing the same thing here (one time password DB in LDAP) The main problem I've found so far is that if the user already exists: dn: uid=login, ou=DS, o=Org, c=UK objectclass: posixAccount uid: login (...etc) "smbpasswd -a" will fail because the entry already exists. Ideally I'd like it to simply extend the existing entry (objectclass and so forth). I don't want to have to replicate large portion of the ldap PWDB functionality from the samba code. I can't call "smbpasswd -a" first and then add the "objectclass: posixAccount" because I'm using NSS/PAM_LDAP, and if the posixAccount entry doesn't exist, the user effectively doesn't exist on the system... Any ideas? Alternatively how do I go about getting a CVS account };o) Cheers, Phil -----Original Message----- From: Seth Vidal To: Multiple recipients of list SAMBA-NTDOM Sent: 22/09/99 18:09 Subject: SAMBA pdc and ldap I've read the smb-ldap howto that I was pointed at. I have a few questions regarding system integration with the unix side Is there any good way to keep my samba smbpasswd synced in the LDAP database synced with the unix user ldap entry? I'm attempting to make the LDAP database my one-time pass for all users and I'm trying to figure that part out. when I attempt to ./configure --with-ldap on my system I get a configure summary failure. I got my sources from CVS yesterday. are there any known "better" revision dates in the CVS system? I've consulted the mailing list archive on this and haven't found anything that had an answer. jerry carter has been immensely helpful in the PDC configuration but I am now wondering about the LDAP integration. thanks -sv From awilliam at whitemice.org Wed Sep 22 23:06:24 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:08 2003 Subject: SAMBA pdc and ldap In-Reply-To: Seth Vidal "SAMBA pdc and ldap" (Sep 23, 3:09am) References: Message-ID: <9909222306.ZM24795@estate1.whitemice.org> On Sep 23, 3:09am, Seth Vidal wrote: > Subject: SAMBA pdc and ldap > I've read the smb-ldap howto that I was pointed at. > > I have a few questions regarding system integration with the unix side > > Is there any good way to keep my samba smbpasswd synced in the LDAP > database synced with the unix user ldap entry? > > I'm attempting to make the LDAP database my one-time pass for all users > and I'm trying to figure that part out. I'm working on that right now too. > > when I attempt to ./configure --with-ldap on my system I get a > configure summary failure. > Your using a glibc system and openldap? Go into configure and change the "$LIBS -lldap -llber" to "$LIBS -lresolv -llber -lldap", it is the only line that refers to "lber" so it is easy to find. Then it compiles and runs without any complaints. > I got my sources from CVS yesterday. > are there any known "better" revision dates in the CVS system? > I think they checked some ldap stuff in last night, so I'd get a copy from today. > I've consulted the mailing list archive on this and haven't found anything > that had an answer. jerry carter has been immensely helpful in the PDC > configuration but I am now wondering about the LDAP integration. There is a smb-ldap howto, wyou should be able to find the URL by digging around in the archives. From assar at sics.se Thu Sep 23 01:45:48 1999 From: assar at sics.se (Assar Westerlund) Date: Tue Dec 2 02:27:08 2003 Subject: format of authorization data in a win2k ticket In-Reply-To: Matt Chapman's message of "Thu, 23 Sep 1999 10:38:08 +1000" References: <5l1zbrfy2d.fsf@assaris.sics.se> <19990923103808.H29726@cifs.org> Message-ID: <5lg106xuwj.fsf@assaris.sics.se> Matt Chapman writes: Hi Matt. > Very nice... here's my preliminary decode of this. The body is a > USER_INFO_3 structure (or similar); there are some undecoded bytes > before it and what seems to be a Kerberos implementation related structure > after it. Great. > 00002ea: 0000 0000 76ff ffff // unknown > 00002f2: 3c7f f138 ae11 cdb0 // uint8 crypt1[16]; // ?? > 00002fa: 9153 4b17 da8a 5593 > 0000302: 0000 0000 76ff ffff // unknown > 000030a: a886 4dbc daf8 15fe // uint8 crypt2[16]; // ?? > 0000312: 8250 9229 6a09 e654 > 000031a: 0000 0000 // unknown I would guess that the crypt1 and crypt2 are some kind of signatures here? According to what I read from the documentation, the contents is supposed to be signed. Once we can figure out the signing algorithm for this (which might be hard), we can add code to start generating this extra data and see how the clients react to it. /assar From jonalee at kalsoft.online.sh.cn Thu Sep 23 03:32:54 1999 From: jonalee at kalsoft.online.sh.cn (Jonathan Lee) Date: Tue Dec 2 02:27:08 2003 Subject: Error Message: tree connect failed Message-ID: <002c01bf0574$5379a710$46fe005a@remote.edu> I set my Samba Server 2.0.5a as Domain Server,and named it as BEEP (I'm using Redhat 6.0) My Samba Server is named as FileServer1. The following the my smb.conf: [global] workgroup = BEEP security = yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins host lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = yes os level = 65 preferred master = yes domain master = yes dns proxy = no wins server = 90.0.254.2 [netlogon] path=/home/netlogon writeable=no guest ok = no [homes] read only = no browseable = no When I try the following command "smbclient -L FileServer1 -U root -W BEEP", it ask me for the password, I give the correct password, it runs OK. But when I change a user (which is an account on Linux box), I get the following message: "tree connect failed: ERRSRV -ERRinventname (Invalid network name in tree connect.)" I do not think it's due to bad password, since when I type wrong password, the message told me the password is wrong. So, I think the Samba Server already think that user is a valid user. Also, the following test passed OK. I use that account named as "jonathan", and run the following command: $smbclient "\\\\FileServer1\\jonathan" -U jonathan -W BEEP When I give the correct password, it runs OK. So, please tell me why I'm failed and get the error message of "tree connect failed" From roamdad at ibm.net Thu Sep 23 04:40:01 1999 From: roamdad at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? References: <000501bf0487$783ca680$0a45a8c0@max.u2k.org> Message-ID: <37E9AF21.B9DED112@ibm.net> Steve Shoecraft wrote: > (stuff deleted) > internet, so it looks like I have the network component setup correctly. > Here's the info: > > x.x.x.x:255.255.255.0 - internet interface > 192.168.69.1:255.255.255.0 - internal interface > 192.168.69.80 -> 192.168.69.81 - ppp interface > (stuff deleted) > The client is setup like this: Dialup Networking->(connection > name)->Properties->Server types shows that the the logon to network box is > checked. For the protocols, only TCP/IP is checked. The TCP/IP settings > are to get the IP address and name server addresses from the server. A look > at ipconfig/All or winipcfg reports that the IP address is 192.168.69.81, > netmask is 255.255.255.0, DNS server is 192.168.69.1 (which is correct -- > DNS server is on my firewall), and the WINS server is 192.168.69.2. I think you are dialing into your firewall. Check the deny counts with ipfwadm -Ile & -Ole and see if you're denying packets that aren't accounted for. I've used ipfwadm on dial-in & dial-out machines and had to have a seperate set of rules for each ip connection. It got so complicated, I set up a directory in /var/run to add/delete the rules as seperate files as the connections are made/dropped and execute them in order out of ip-up & ip-down (Linux). It got tricky. Also, as far as I know, only NT allows roaming profile login over dial-up (there's a check box on the login display). I could be wrong. 95 & 98 you've already logged in when you dial the remote network. We always keep the notebooks in a workgroup that's the same name as the domain, rather than try & have the notebook in the domain. That has always worked to update browse lists (eventually). -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From jonalee at kalsoft.online.sh.cn Thu Sep 23 04:46:14 1999 From: jonalee at kalsoft.online.sh.cn (Jonathan Lee) Date: Tue Dec 2 02:27:08 2003 Subject: NT machine account Message-ID: <000701bf057e$91d29b20$46fe005a@remote.edu> Hi, I want to set my Samba server as Domain PDC. I follow the following step to add my machine account to smbpasswd 1. Create an account called EE1$ (passwd is ee1) 2. use smbpasswd -a -m EE1 When I want to change my domain to that Samber's domain, the error message popup on Windows NT WorkStation is "The machine account for this computer either does not exist or is inaccessiable" BTW: I can access the share from that Samba server, including the netlogon From roamdad at ibm.net Thu Sep 23 05:12:39 1999 From: roamdad at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:27:08 2003 Subject: NIS maps and logon path. References: <87vh92265t.fsf@poledra.coyote.org> Message-ID: <37E9B6C7.19B1AD21@ibm.net> I did this using the CVS HEAD branch, but don't have access to my conf's & maps today. Can you up the log level so we find out what home directory syntax yeilded null? Jonas Oberg wrote: > hi, > > I've been tinkering some with the latest Samba from the CVS archive > and making it run as an NT domain server. I should say that it worked > much better than I had anticipated. That is; until I ran into problems > with the logon path. > > What I'd like to do is to have all profiles on the same server as Samba, > but have the Windows NT 4.0 clients mount H: from other machines, let's > call them HSERVER1 and HSERVER2. In order to do this, I installed > /etc/auto.home with the following contents; > > user1 HSERVER1:/foo > user2 HSERVER2:/foo > > I exported it with NIS and I can do this, which makes me assume that > all is well; > > $ ypcat auto.home > HSERVER1:/foo > HSERVER2:/foo > > Then I put this down in smb.conf; > > domain logons = yes > logon path = \\%L\Profiles\%U > nis homedir = yes > homedir map = auto.home > logon drive = H: > logon home = \\%N\%U > > This, unfortunately, does not work (profiles work just fine, but H: > never gets mounted). The error I've caught in log.client is; > > [1999/09/22 18:28:15, 3] smbd/service.c:find_service(108) > checking for home directory gave (NULL) > > As per other recommendations on this list and others, I've made sure > that my Samba daemons are compiled with libnsl and the options required > (which wasn't autodetected on a Debian unstable system). > > Any ideas as to what is wrong with this setup? > > Jonas -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From Michael.Keightley at quadstone.com Thu Sep 23 09:08:10 1999 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:27:08 2003 Subject: how do I become a domain administrator Message-ID: <199909230908.KAA02675@gromit.quadstone.co.uk> I want to setup a domain administrator in Samba 2.1prealpha. I setup the files below, but when I login I'm not an administrator. What am I doing wrong? /etc/group ---------- pcadm::5000:mk smb.conf -------- domain user map = /home/samba_wallace/lib/domainuser.map domain group map = /home/samba_wallace/lib/domaingroup.map local group map = /home/samba_wallace/lib/localgroup.map domainuser.map -------------- mk=administrator domaingroup.map --------------- pcadm="Domain Admins" localgroup.map -------------- pcadm=BUILTIN\Administrators -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From steve56 at home.com Thu Sep 23 10:56:05 1999 From: steve56 at home.com (Steve Shoecraft) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? (SOLVED) Message-ID: <000001bf05b2$3cd569c0$0a45a8c0@max.u2k.org> Well, it turned out that it had nothing to do with networking. I checked the Microsoft knowledge base articles, and found one that solved the problem (article Q229158). I ALSO have a network card in the client PC (the laptop). The client is configured so that when I plug the laptop into my network and reboot, it will log into my domain (using DHCP, etc.). That means when I reboot, and I'm not connected to a network, I get the message "Unable to authenticate with a domain server", and I click OK. WELL, it turns out that's a bad thing. When I tried to log into using VPN, the client THOUGHT it was already logged into a domain (but not authenticated), so it didn't try to log in again :-( ARGH! The knowledge base article suggests you remove microsoft networking and file and printer sharing (anything that uses networking) from the bindings of the TCP/IP protocol for your ethernet card. What a pain in the butt that would be to disable and re-enable them every time you wanted to switch from a dialup to a LAN connection (typical microsoft response). My answer: pop out the ethernet card and reboot the laptop. After I did that, I established a PPP connection to my ISP, and logged in using my VPN connection -- the domain login screen and came up, validated me with my samba server, and everything was fine :-) - Steve P.S. Please note that I created a 'standard' VPN connection and THAT worked fine too -- I just went into dialup networking, clicked make new connection, selected the VPN adapter, typed in the IP address of my server, and that's it -- no special options in TCP/IP settings, etc... > -----Original Message----- > From: Steve Shoecraft [mailto:steve56@home.com] > Sent: Tuesday, September 21, 1999 4:17 PM > To: 'Multiple recipients of list SAMBA-NTDOM' > Subject: Domain logins via PPP? > > > Has anyone been able to do domain logins via a PPP link? > > If so, how? > > I am running FreeBSD 3.2. I have 2 network interface > cards on the machine, one to the internet, one to my local > network. I am running ipfw (firewall support), as well as > nat (network address translation). I have a ppp link which I > am able to connect to. Once connected via ppp, I can > ping/ftp/telnet to any machine on my internal network as well > as the internet, so it looks like I have the network > component setup correctly. Here's the info: > > x.x.x.x:255.255.255.0 - internet interface > 192.168.69.1:255.255.255.0 - internal interface > 192.168.69.80 -> 192.168.69.81 - ppp interface > > When I establish a ppp login, the ppp server adds a > proxy arp entry. When I do an arp 192.168.69.81, it reports: > > ppp1.. (192.168.69.81) at > 0:40:5:a3:4d:f permanent published (proxy only) > > When I do a netstat, I see the entry for the interface: > > Destination Gateway Flags ... > ... > 192.168.69.81 192.168.69.80 UH > 192.168.69.81 0:40:5:a3:4d:f UHLS2 > ... > > When I do a ifconfig, I see this: > ... > tun0: flags=8051 mtu 1500 > inet 192.168.69.80 --> 192.168.69.81 netmask 0xffffff00 > ... > > I have a samba server on 192.168.69.2. The samba > server has only 1 network interface. The internal machines > do domain logins (successfully) to the samba server, and the > browse list is working fine. > > When I establish the ppp connection (the client is a > Win98 box), however, I do NOT get a domain login. Also, the > ppp client is able to see the internal machines in it's > network neighborhood, but the internal machines are NOT able > to see the ppp client. > > The client is setup like this: Dialup > Networking->(connection name)->Properties->Server types shows > that the the logon to network box is checked. For the > protocols, only TCP/IP is checked. The TCP/IP settings are > to get the IP address and name server addresses from the > server. A look at ipconfig/All or winipcfg reports that the > IP address is 192.168.69.81, netmask is 255.255.255.0, DNS > server is 192.168.69.1 (which is correct -- DNS server is on > my firewall), and the WINS server is 192.168.69.2. > > I have tcpdumped the ppp interface on the server. I > see that when the client connects, the 1st thing it does it > spit out 3 back-to-back multicast packets with a destination > of 224.0.0.2 (router solicitation). It then registers with > the WINS server, and that's it. No domain login. > > Here's what a tcpdump output of the router solicitation > messages looks like (it is never responded to): > > (ts) 192.168.69.83 > 224.0.0.2: icmp: router > solicitation > > Should this be responded to? If so, how so? > > Also, how do I get the ppp client to appear on the > internal machines' network neighborhood? > > ANY help on this would be GREATLY appreciated! > > - Steve > P.S. Here's the [global] section of my smb.conf: > [global] > workgroup = HOME > netbios name = THOR > server string = SCO UnixWare 7.1 > interfaces = 192.168.69.2/24 > security = DOMAIN > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = New\spassword: %n\n > \nRe-enter\snew\spassword: %n\n > unix password sync = Yes > log level = 1 > time server = Yes > logon script = syslogon.bat > logon drive = H: > domain logons = Yes > os level = 65 > lm announce = True > preferred master = Yes > domain master = Yes > wins proxy = Yes > wins support = Yes > From mmiller at vermeermfg.com Thu Sep 23 12:31:18 1999 From: mmiller at vermeermfg.com (Matthew Miller) Date: Tue Dec 2 02:27:08 2003 Subject: Old question about NT weekly password changes Message-ID: <37EA1D96.F941D4A9@vermeermfg.com> Not sure if the person who had the problem ever resolved it. I was looking on TechNet for some other information when I stumbled across this: Article ID: Q154501 "How to Disable Automatic Machine Account Password Changes" http://support.microsoft.com/support/kb/articles/Q154/5/01.ASP Hope this helps someone, or at least you find it interesting. Matt Miller From nunes at mozart.ulbra.tche.br Thu Sep 23 12:40:10 1999 From: nunes at mozart.ulbra.tche.br (Cristina Moreira Nunes) Date: Tue Dec 2 02:27:08 2003 Subject: Domain Logon using samba Message-ID: <99092309414802.03936@mozart> Hello, I have installed samba in a machine with Linux (Suse 6.1), and I configured it to be a domain master. Then I change the domain of Windows 98 to the same of samba. I created a count to this machine in /etc/passwd and I used smbpasswd to put a password. My username is in /etc/smbpasswd too. When I go logon at Windows, I receive this message: "Invalid Parameter" Could you help me? Thanks in advance, Cristina Nunes nunes@mozart.ulbra.tche.br ---------------------------------------- The /var/log/samba-log.nmb is: [1999/09/16 11:20:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 200.19.140.190: code = 0 [1999/09/16 11:22:30, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 200.19.140.190: code = 0 [1999/09/16 11:36:46, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 200.19.140.190: code = 0 The smb.conf: [global] workgroup = MOZART server string = mozart guest account = nobody os level = 65 security = user preferred master = yes debug level = 20 encrypt passwords = yes printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m max log size = 50 dns proxy = No hosts allow = 200.19.140.0/255.255.255.0, localhost, 200.18.75.0/255.255.255.0 local master = yes interfaces = 200.18.75.37/255.255.255.0 wins support = yes logon script = %U.bat domain logons = yes domain master = yes logon path = \\mozart\netlogon\%U logon home = "\\mozart\%U" [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon\%U guest ok = yes writable = no share modes = no From jonas at coyote.org Thu Sep 23 12:41:54 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:08 2003 Subject: LDAP and Samba (was NIS maps and logon path.) In-Reply-To: Doug VanLeuven's message of "Wed, 22 Sep 1999 22:12:39 -0700" References: <87vh92265t.fsf@poledra.coyote.org> <37E9B6C7.19B1AD21@ibm.net> Message-ID: <87wvthajfx.fsf_-_@poledra.coyote.org> Doug VanLeuven writes: > I did this using the CVS HEAD branch, but don't have access > to my conf's & maps today. Can you up the log level so we find out > what home directory syntax yeilded null? I have both debug level and log level at 65535, then I tried with 20/10 too because I think those were the maximum values. I can't get it to output any more valuable information. However; I'm beginning to think that getting all information from an LDAP server is the Right Thing to do, but that too gives some slight problems. I installed OpenLDAP and then compiled Samba using --with-ldap. I then put these entries in smb.conf; > ldap suffix = "o=FOO, c=SE" > ldap server = localhost > ldap bind as = "cn=Manager, o=FOO, c=SE" > ldap passwd file = /usr/local/samba/private/ldappasswd Then I added a smbpasswd for myself and the NT workstation which worked just fine. My LDAP entry looks like this; > uid=jor, o=FOO, c=SE > objectclass=sambaAccount > uid=jor > uidnumber=1000 > ntuid=jor > rid=3e9 > lmpassword=76645E5DE00BB63B1D71060D896B7A46 > ntpassword=FA59EB35F0AA6A87556D6E67393809BD > pwdlastset=37EA031D > acctflags=[U ] > homedrive=H > smbhome=\\jor\jor > profile=\\jor\Profiles\jor I can see in the log.computer log that it does in fact read the homeDrive, smbHome and Profile settings from LDAP, but for some reason, nothing is mounted on the NT workstation. Not even the profile directory. If I add logon drive = H: in smb.conf, then it mounts my homedirectory on the Samba server (jor) perfectly fine, but I would much like to have it mount directories from another server, not necessarily jor. I've verified by changing the password in the LDAP database that it does in fact read my password settings, user ID and all other parameters from the LDAP database. But somewhy it ignores homeDrive, smbHome and Profile. (Or rather.. the NT workstation does say that the profile that's used is the Profile from the server (and not a local one), but normally I can see the Profile directory mounted as E: or whatever, but I don't do that). Jonas From cartegw at Eng.Auburn.EDU Thu Sep 23 12:56:30 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:08 2003 Subject: Domain Logon using samba References: <99092309414802.03936@mozart> Message-ID: <37EA237E.7D4B8535@eng.auburn.edu> Cristina Moreira Nunes wrote: > > Then I change the domain of Windows 98 to the same > of samba. I created a count to this machine in /etc/passwd > and I used smbpasswd to put a password. My username > is in /etc/smbpasswd too. > > When I go logon at Windows, I receive this message: > "Invalid Parameter" You cannot use the same name for both workgroup and netbios name on the sambe server. > [global] > workgroup = MOZART > logon path = \\mozart\netlogon\%U > logon home = "\\mozart\%U" BTW...You do not need to create machine accounts for Windows 9x clients. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mbreuer at siac.com Thu Sep 23 13:15:49 1999 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? References: <000501bf0487$783ca680$0a45a8c0@max.u2k.org> <37E9AF21.B9DED112@ibm.net> Message-ID: <37EA2805.963ACA15@siac.com> Doug VanLeuven wrote: > Steve Shoecraft wrote: [snip] > Also, as far as I know, only NT allows roaming profile login over > dial-up (there's a check box on the login display). I could be wrong. > 95 & 98 you've already logged in when you dial the remote network. > We always keep the notebooks in a workgroup that's the same name > as the domain, rather than try & have the notebook in the domain. > That has always worked to update browse lists (eventually). When you dial up, a network log-in appears even if the '98 machine is already locally logged-in. This occurs when you initiate any network connection including inserting a PCMCIA network card. > > > -- > Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) > Programmer/Analyst, SCWA : doug@scwa.ca.gov > Chief Engineer, USMM : roamdad@ibm.net From mbreuer at siac.com Thu Sep 23 13:24:52 1999 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:27:08 2003 Subject: Domain logins via PPP? (SOLVED) References: <000001bf05b2$3cd569c0$0a45a8c0@max.u2k.org> Message-ID: <37EA2A24.817AD72C@siac.com> Steve, Two final suggestions... 1) Create an alternate hardware profile used when you're away from your network (I have a "battery" setting). Disable your network card in this setting (you can also disable quite a bit more and save power as well). 2) Create an alternate network profile and bindings for your PCMCIA card in the OTHER slot. You can move the card to the other PCMCIA slot (assuming space is available) and use a completely different network identity & bindings. From Jean-Francois.Micouleau at dalalu.fr Thu Sep 23 14:49:32 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:08 2003 Subject: LDAP and Samba (was NIS maps and logon path.) In-Reply-To: <87wvthajfx.fsf_-_@poledra.coyote.org> Message-ID: On Thu, 23 Sep 1999, Jonas Oberg wrote: > I've verified by changing the password in the LDAP database that it does > in fact read my password settings, user ID and all other parameters from > the LDAP database. But somewhy it ignores homeDrive, smbHome and Profile. > (Or rather.. the NT workstation does say that the profile that's used is > the Profile from the server (and not a local one), but normally I can see > the Profile directory mounted as E: or whatever, but I don't do that). yes, the smb.conf default parameters are overwriting the specific ldap parameters. I've fixed it for others reasons. Commit should follow later today. Jean Francois From Jim_F._Goeke at dadebehring.com Thu Sep 23 14:40:13 1999 From: Jim_F._Goeke at dadebehring.com (Jim_F._Goeke@dadebehring.com) Date: Tue Dec 2 02:27:08 2003 Subject: questions Message-ID: <862567F5.005150C3.00@dfwlcs01.dfna.corp.dom> ok. im new at this so bear with me. I have a redhat 6.0 running the 7/21 release of samba 2.0.5. what i want to be able to do with this is this. I need to be able to run the samba as a NT PDC. I need the samba server to be able to start and maintain trust relationships with other NT domains. The other problem im having is with security. is there a way to get it to listen to the PDC of the domain its in with out having to add each and every user into the samba box? Please help Jim Goeke From ba2k at virginia.edu Thu Sep 23 15:06:51 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:08 2003 Subject: SMBPASSWD Message-ID: <3.0.6.32.19990923110651.00967880@127.0.0.1> Probably a trivial question with an easy answer but here it is. Using prealpha2.0.1, downloaded 9/21, built on AIX 4.2, with AIX C 3.01. netbiosname = bmesambatest, workgroup = COMPLABTEST. Host ibm-12 is at IP address 192.168.4.42, mask 255.255.255.0. The smbpasswd file was copied from a running Samba server version 2.05a, a mistake if the password file formats are different. I am unable to add accounts for users or NT machines. These messages are produced when running smbpasswd: Added interface ip = 192.168.4.42 bcast=192.168.4.255 nmask=255.255.255.0 Got a positive response name query for 192.168.4.42 (192.168.4.42) cli-nt-session-open: rpc bind failed Error was RAP code 0 lsa query info failed Can't setup password database. The smb.conf file was borrowed from the production 2.0.5a server with changes for host ip, netbiosname, workgroup etc. There are no problems using this smb.conf file on 2.0.5.a. What have I done wrong? Are there any tests that would show me the error of my ways? Any suggestions appreciated! -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-9813 From thomas.springer at rz.tu-ilmenau.de Thu Sep 23 16:00:38 1999 From: thomas.springer at rz.tu-ilmenau.de (thomas springer) Date: Tue Dec 2 02:27:09 2003 Subject: error in chgpasswd.c Message-ID: <37EA4EA6.BC3B55E3@rz.tu-ilmenau.de> Hi, I use the cvs-version 2.1.0 pre alpha of samba. I tried the unix passwd synch feature, but I haven't got it to work. I compiled samba on solaris 2.7. The passwd chat works, however samba gives an error when the passwd program stoped. The sys_waitpid function returns a value of -1 and an the error: No child processes this is the log of smb: Invoking '/opt/springer/testsamba' as password change program. [1999/09/23 17:49:38, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*New*password:*] responsebuf=[New password: ] [1999/09/23 17:49:38, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[12345678 ] [1999/09/23 17:49:38, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*Re-enter*new*password:*] responsebuf=[Re-enter new password: ] [1999/09/23 17:49:38, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[12345678 ] [1999/09/23 17:49:38, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*dc=de*] responsebuf=[dc=de ] [1999/09/23 17:49:38, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[.] [1999/09/23 17:49:38, 3] smbd/chgpasswd.c:chat_with_program(339) The process is no longer waiting! the code of chgpasswd.c has changed since 2.0.5 could this be the problem ? If anyone has an idea what the problem is, please let me know . Thanks Thomas. ============================================================= Thomas Springer Technical University Ilmenau E-Mail: thomas.springer@rz.tu-ilmenau.de ============================================================= From p.mayers at ic.ac.uk Thu Sep 23 16:17:30 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:09 2003 Subject: questions Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF977@icex1.cc.ic.ac.uk> 1) I don't think Samba can maintain trust relationships with NT domains (yet). 2) No - you can use PAM_NTDOM (or is it called PAM_SMB these days) to *authenticate* users from an NT domain, but you'd need the equivalent of NSS_NTDOM to be able to have the users appear "local". Luke Leighton mentioned something about nss_ntdom a while back - anyone have any ideas? That said, the nss interface is really easy, it shouldn't be too hard to implement (and would be a *massive* improvement over "add user script" - ugh) Cheers, Phil -----Original Message----- From: Jim_F._Goeke@dadebehring.com To: Multiple recipients of list SAMBA-NTDOM Sent: 9/23/99 3:56 PM Subject: questions ok. im new at this so bear with me. I have a redhat 6.0 running the 7/21 release of samba 2.0.5. what i want to be able to do with this is this. I need to be able to run the samba as a NT PDC. I need the samba server to be able to start and maintain trust relationships with other NT domains. The other problem im having is with security. is there a way to get it to listen to the PDC of the domain its in with out having to add each and every user into the samba box? Please help Jim Goeke From p.mayers at ic.ac.uk Thu Sep 23 16:20:03 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:09 2003 Subject: how do I become a domain administrator Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF978@icex1.cc.ic.ac.uk> The Domain Admins group must be a member of the local administrators group. Also, I'm not sure: localgroup.map -------------- pcadm=BUILTIN\Administrators ...is correct. You might want: wheel=BUILTIN\Administrators Cheers, Phil -----Original Message----- From: Michael.Keightley@quadstone.com To: Multiple recipients of list SAMBA-NTDOM Sent: 9/23/99 10:09 AM Subject: how do I become a domain administrator I want to setup a domain administrator in Samba 2.1prealpha. I setup the files below, but when I login I'm not an administrator. What am I doing wrong? /etc/group ---------- pcadm::5000:mk smb.conf -------- domain user map = /home/samba_wallace/lib/domainuser.map domain group map = /home/samba_wallace/lib/domaingroup.map local group map = /home/samba_wallace/lib/localgroup.map domainuser.map -------------- mk=administrator domaingroup.map --------------- pcadm="Domain Admins" localgroup.map -------------- pcadm=BUILTIN\Administrators -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From Jean-Francois.Micouleau at dalalu.fr Thu Sep 23 16:26:00 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:09 2003 Subject: questions In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE016CF977@icex1.cc.ic.ac.uk> Message-ID: On Fri, 24 Sep 1999, Mayers, P J wrote: > Luke Leighton mentioned something about nss_ntdom a while back - anyone have > any ideas? I'm working on it. > That said, the nss interface is really easy, it shouldn't be too hard to > implement (and would be a *massive* improvement over "add user script" - > ugh) yep. Jean Francois From tschweikle at FIDUCIA.de Thu Sep 23 16:42:51 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:09 2003 Subject: NT machine account Message-ID: <0057540001785492000002L422*@MHS> jonalee wrote: > I want to set my Samba server as Domain PDC. > I follow the following step to add my machine account to smbpasswd > 1. Create an account called EE1$ (passwd is ee1) > 2. use smbpasswd -a -m EE1 > > When I want to change my domain to that Samber's domain, the error message > popup on Windows NT WorkStation is "The machine account for this computer > either does not exist or is inaccessiable" Did you set "password server = domctrl" in your smb.conf? Had the same error. Had a typo here. Got nearly crazy befor finding it... You have to use NetBIOS names here. Not DNS or IP-Addresses! -- From Abach at LKT.Uni-Erlangen.de Thu Sep 23 17:16:12 1999 From: Abach at LKT.Uni-Erlangen.de (Andreas Abach) Date: Tue Dec 2 02:27:09 2003 Subject: Quota - Is there a way to use them? (Urgent) Message-ID: <199909231819.UAA12908@www.lkt.uni-erlangen.de> Hi, I set up a samba client with the actual 2.05a. I'm using the Debian-source and I compiled it with the -with-quotas option. I set up quotas an the Linux Box (Debian potato) and it is working fine when I use it direct on the shell. When I connect to the system from NT 4.0 SP5 with samba the size of the share is shown correctly (x MB of Y MB free). When I try to copy (with the Windows Explorer) more files than allowed to the samba server I get an error on NT. When I do it with the "Windows Commander" I can copy as many files to the share as I want. I get an error but the file is created. So I don't know if I did a wrong setup or if the samba-quota code isn't ready for use. I really need this feature. There are no buildin quotas in NT and I have got no time to wait until W2K is ready for use. I Hope there is a way to fix the problem and someone can tell me how it will work. Andreas System: Linux 2.2.10 Samba 2.05a Distribution: Debian Potato -- Dipl.-Ing. Andreas Abach *KT Lehrstuhl fuer Kunststofftechnik Uni Erlangen Tel. +49-9131-85-297-06 * Fax.: -09 * email: Abach@LKT.Uni-Erlangen.de Am Weiselgarten 9 * D-91058 Erlangen * url: http://www.lkt.uni-erlangen.de PGPID 0x5672B1F8 F-Print FD50 85C0 7580 5467 65E7 3BE8 58BC 65F4 5672 B1F8 From Michael.Keightley at quadstone.com Thu Sep 23 17:24:15 1999 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:27:09 2003 Subject: error "The TAG is invalid" Message-ID: <199909231724.SAA03317@gromit.quadstone.co.uk> In Win NT exporer, if I highlight a directory and go to properties, select "Sharing", select "Permissions", select "Add", then select "Show Users" it shows the domain users but pops up the error "The TAG is invalid". This is with samba-2.0.5a. Should I worry about this? Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From tschweikle at FIDUCIA.de Thu Sep 23 17:40:22 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:09 2003 Subject: Domain Logon using samba Message-ID: <0057540001786882000002L422*@MHS> Cristina Nunes wrote: > I have installed samba in a machine with Linux (Suse 6.1), and I configured it > to be a domain master. > > Then I change the domain of Windows 98 to the same of samba. > I created a count to this machine in /etc/passwd and I used smbpasswd to put a > password. My username is in /etc/smbpasswd too. > > When I go logon at Windows, I receive this message: > "Invalid Parameter" > > Could you help me? [snip] > The smb.conf: > [global] > workgroup = MOZART > server string = mozart > guest account = nobody [snip] You can' have the same name for your domain and the server. They must be different. -- From jallison at cthulhu.engr.sgi.com Thu Sep 23 17:49:23 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:27:09 2003 Subject: questions References: Message-ID: <37EA6823.418C6064@engr.sgi.com> Jean Francois Micouleau wrote: > > On Fri, 24 Sep 1999, Mayers, P J wrote: > > > Luke Leighton mentioned something about nss_ntdom a while back - anyone have > > any ideas? > > I'm working on it. So are Andrew & I. We have a design (winbind daemon) and Andrew has some preliminary code. We should co-ordinate on this. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From nunes at mozart.ulbra.tche.br Thu Sep 23 18:17:39 1999 From: nunes at mozart.ulbra.tche.br (Cristina Moreira Nunes) Date: Tue Dec 2 02:27:09 2003 Subject: Domain Logon using samba Message-ID: <99092315213406.03936@mozart> I changed the "workgroup" and the problem was resolved. Thank you very much for replies. Cristina ---------- Forwarded Message ---------- Subject: Re: Domain Logon using samba Date: Thu, 23 Sep 1999 23:05:46 +1000 From: Gerald Carter Cristina Moreira Nunes wrote: > > Then I change the domain of Windows 98 to the same > of samba. I created a count to this machine in /etc/passwd > and I used smbpasswd to put a password. My username > is in /etc/smbpasswd too. > > When I go logon at Windows, I receive this message: > "Invalid Parameter" You cannot use the same name for both workgroup and netbios name on the sambe server. > [global] > workgroup = MOZART > logon path = \\mozart\netlogon\%U > logon home = "\\mozart\%U" BTW...You do not need to create machine accounts for Windows 9x clients. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From daryl.williams at sharewave.com Thu Sep 23 18:53:31 1999 From: daryl.williams at sharewave.com (Daryl Williams) Date: Tue Dec 2 02:27:09 2003 Subject: strange samba problem Message-ID: <37EA772B.EDA31EB6@sharewave.com> folks, we experienced a very strange problem with samba that we were only able to resolve by downgrading to version 1.9.18p8. while this appears to have solved my immediate problem, i thought i should inform the developers of this problem and find out if it is a known problem. i have been running samba for about 2 years on my current employer's network on a sun utlra sparc1+ running sunos 5.5.1. several months ago i added 2 dell poweredge servers to the network running redhat . all 3 machines where running samba-2.0.4b without any real problems. then out of nowhere (no changes had been made to either the samba configuration, the workstation, or the rest of the network, to the best of my knowledge) people started complaining about access to the samba server running on the sun. trying to open the samba server from the network neighborhood would result in an error, actually several different error messages at different times, which makes it harder to diagnose. the first try would usually result in an network error "1208", which i guess means "an extended error has occurred" and a subsequent error was "3221225477" which apparently is not even a valid ms error message number. further tries to open the samba server icon would usually result in the client system appearing to hang. bringing up the task manager and killing the process trying to talk to the samba server would not always work. sometimes you could get out of the hang by logging out and logging in again, and sometimes a reboot would be required. what makes this so strange however is that systems that already had a share from the samba server mapped to a drive, could still access the share though the mapping, but trying to open the icon in the network neighborhood would cause the system to hang. now as i mentioned, we have solved the problem by backstepping to version samba-1.9.18p8. i first tried upgrading to version 2.0.5.a but the problem still persisted. if anyone is interested in trying to figure this out, i would be glad to help. just let me know what i can do. thanks, //daryl -- Daryl Williams Network Administrator mailto:daryl@sharewave.com ShareWave, Inc. Phone: 916-939-9400 x3212 5175 Hillsdale Circle Fax: 916-939-9434 El Dorado Hills, CA. 95762Web: http://www.sharewave.com -- The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world... From christoph at christ.wol.at Thu Sep 23 18:47:21 1999 From: christoph at christ.wol.at (Christoph Christ) Date: Tue Dec 2 02:27:09 2003 Subject: connecting several sambaserver in different subnets Message-ID: Hi! I got a little problem here. I want to get all samba servers on our private network to be reachable, but from my win98 workstations I'm not able to connect to machines outside of ma local domain. It is possible from my rooter/server via smbclient but not from our other workstations. Whats wrong? mfg. Christoph Christ mailto:christoph@christ.wol.at From jhr at comp.uark.edu Thu Sep 23 19:17:40 1999 From: jhr at comp.uark.edu (Jason H. Reeves) Date: Tue Dec 2 02:27:09 2003 Subject: connecting several sambaserver in different subnets In-Reply-To: Message-ID: |~~>I got a little problem here. I want to get all samba servers on our |~~>private network to be reachable, but from my win98 workstations I'm not |~~>able to connect to machines outside of ma local domain. |~~>It is possible from my rooter/server via smbclient but not from our other |~~>workstations. Whats wrong? Try setting one of the machines up as a WINS server for the domain, and pointing the other machines to it as their WINS server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jason H. Reeves - betaGeek@CAST - - KC5TTQ - 575.6159 ------------------------------------------------------------------------- "If someone had told me I would be Pope one day, I would have studied harder." - Pope John Paul I ------------------------------------------------------------------------- Center for Advanced Spatial Technologies - University of Arkansas ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From florian at void.s.bawue.de Thu Sep 23 18:09:16 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:27:09 2003 Subject: how do I become a domain administrator In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE016CF978@icex1.cc.ic.ac.uk>; from Mayers, P J on Fri, Sep 24, 1999 at 02:26:27AM +1000 References: <0846B011B9A4D111A1EE006097DA4FCE016CF978@icex1.cc.ic.ac.uk> Message-ID: <19990923200916.B629@void.s.bawue.de> On Fri, Sep 24, 1999 at 02:26:27AM +1000, Mayers, P J wrote: > The Domain Admins group must be a member of the local administrators group. > > Also, I'm not sure: > > localgroup.map > -------------- > pcadm=BUILTIN\Administrators > > > ..is correct. You might want: > > wheel=BUILTIN\Administrators I noticed this on my version of 2.1prealpha from half a year ago, too. Isn't it a bit strange that Samba depends on the mapping being to the group wheel for it working? Florian From matthias at waechter.wol.at Thu Sep 23 19:38:05 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:09 2003 Subject: connecting several sambaserver in different subnets In-Reply-To: Message-ID: On Fri, 24 Sep 1999, Jason H. Reeves wrote: > Try setting one of the machines up as a WINS server for the > domain, and pointing the other machines to it as their WINS server. OK, let me precise our (Christoph's and mine) problem. One LAN: 192.168.1.x, WINS server 192.168.1.1, multiple Win- and Linux clients. WINS server is PDC for "WAECHTRANET" domain, works perfectly. 2nd LAN: 192.168.10.x, WINS server 192.168.10.1, multiple Win- and Linux clients. WINS server is PDC for "CHRIST" domain, works perfectly. 192.168.1.1 is AKA a (one) official IP address (permanent internet connection), 192.168.10.1 is AKA a (one) official IP address (permanent internet connection). Connected via ISDN-speeded cable modems. Now we set up a VPN (with CIPE), so the two nets can TCP/IP each other. Wow, works perfectly. DNS is set up to have "waechter.lan" and "christ.lan", reverse lookup etc. works. MY question now is: How does one connect these two WINS servers to show each other's domain for the subnet on the other end? Setting up only ONE WINS server (on either side for both nets) is not acceptable - too much internet traffic for local-workgroup operations, and if this one server fails, noone can browse even his own subnet. We already tried lmhosts entries (on the WINS servers) for the other domain, but they seem to have no effect at all... I would have expected that there is a way to say "192.168.1.1 is Domain Browser for WAECHTRANET, 192.168.10.1 is Domain Browser for CHRIST" on both ends (WINS servers) to route appropriate requests to the other WINS server. Thank you, Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From skvidal at phy.duke.edu Thu Sep 23 21:18:26 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:09 2003 Subject: multiple samba servers on a system Message-ID: I've been warned by gerald carter not to use the head branch as a primary file server. What I would like to know (if I'm short machine right now) is can I do the following put 2 nics in a machine compile samba off of the cvs tree (prealpha) for pdc support compile samba2.0.5a and run them in separate trees (I know this would suck but..) use the bind interface only directive and I should (in theory) be able to run the PDC and the file server off of the same machine. does this make sense? is it possible? -sv From matthias at waechter.wol.at Thu Sep 23 21:38:59 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:09 2003 Subject: multiple samba servers on a system In-Reply-To: Message-ID: On Fri, 24 Sep 1999, Seth Vidal wrote: > does this make sense? > is it possible? Yes. You don't need 2 NICs, just use eth0 and eth0:0 as the two interfaces (of course, you have to setup eth0:0 first...) Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From jonalee at kalsoft.online.sh.cn Fri Sep 24 01:37:22 1999 From: jonalee at kalsoft.online.sh.cn (jonalee@kalsoft.online.sh.cn) Date: Tue Dec 2 02:27:09 2003 Subject: Login from NTWorkstation 4 Message-ID: <001a01bf062d$59478ea0$46fe005a@remote.edu> Hi: I'm using Samba 2.0.5a (On Redhat 6). I set this linux box as Domain PDC. I successfully add my NT Workstation into that domain (NT Workstation 4 with SP4 and IE5 installed) The question is that do I have to add my login name into smbpasswd file then I can login? Another question is that when I use the following command: #smbpasswd -a myname It prompt for password. I follow the document type ENTER. But the smbpasswd think it's null password. Then I can login without pasword, (When I type the password, it tell me it's wrong). From D.Bannon at latrobe.edu.au Fri Sep 24 01:53:42 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:09 2003 Subject: Login from NTWorkstation 4 In-Reply-To: <001a01bf062d$59478ea0$46fe005a@remote.edu> Message-ID: <3.0.6.32.19990924115342.008d9590@bioserve.latrobe.edu.au> At 11:44 AM 24/09/1999 +1000, jonalee@kalsoft.online.sh.cn wrote: >I successfully add my NT Workstation into that domain (NT Workstation 4 with >SP4 and IE5 installed) >The question is that do I have to add my login name into smbpasswd file then >I can login? Yes, the workstation being allowed tp join is a totally different thing to authenticating whoever is using the workstation. > >Another question is that when I use the following command: >#smbpasswd -a myname >It prompt for password. I follow the document type ENTER. But the smbpasswd >think it's null password. You should type your password when prompted for your passwd. Where do the docs suggest you should put in a NULL password ? >(When I type the password, it tell me it's wrong). I should hope so ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jonalee at kalsoft.online.sh.cn Fri Sep 24 02:41:14 1999 From: jonalee at kalsoft.online.sh.cn (jonalee@kalsoft.online.sh.cn) Date: Tue Dec 2 02:27:09 2003 Subject: Login from NTWorkstation 4 References: <3.0.6.32.19990924115342.008d9590@bioserve.latrobe.edu.au> Message-ID: <003901bf0636$4a228480$46fe005a@remote.edu> Add user account into smbpasswd to type password? But how does a admin know everyone's password? ----- Original Message ----- From: David Bannon To: ; Multiple recipients of list SAMBA-NTDOM Sent: Friday, September 24, 1999 9:53 AM Subject: Re: Login from NTWorkstation 4 > At 11:44 AM 24/09/1999 +1000, jonalee@kalsoft.online.sh.cn wrote: > > >I successfully add my NT Workstation into that domain (NT Workstation 4 with > >SP4 and IE5 installed) > >The question is that do I have to add my login name into smbpasswd file then > >I can login? > > Yes, the workstation being allowed tp join is a totally different thing to > authenticating whoever is using the workstation. > > > > > >Another question is that when I use the following command: > >#smbpasswd -a myname > >It prompt for password. I follow the document type ENTER. But the smbpasswd > >think it's null password. > > You should type your password when prompted for your passwd. Where do the > docs suggest you should put in a NULL password ? > > > >(When I type the password, it tell me it's wrong). > > I should hope so ! > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From kitchingc at mail.techplus.com Fri Sep 24 03:46:51 1999 From: kitchingc at mail.techplus.com (Chad Kitching) Date: Tue Dec 2 02:27:09 2003 Subject: Login from NTWorkstation 4 References: <001a01bf062d$59478ea0$46fe005a@remote.edu> Message-ID: <00b001bf063f$708a95a0$0300a8c0@wpnk1.mb.wave.home.com> >From what I understand, only the 2.1.0 pre-alpha versions of Samba will allow NT workstations to join a Samba created domain (the 2.0.x code only works for Win9x clients connecting to the domain). And in the case of NT, you have to create both a machine accounts, and a user account. (And you've got to give the Samba team credit for being ambitious -- just look at the new options for smbpasswd, even if not all of them work yet) smbpasswd [options] [username] [password] options: -s use stdin for password prompt -D LEVEL debug level -U USER remote username -r MACHINE remote machine -R ORDER name resolve order -j DOMAIN join domain name -S synchronise with PDC (if we are BDC) -a add user -d disable user -e enable user -n set no password -m workstation trust account -b backup domain controller account -i inter-domain trust account -p user cannot change password -x user can change password Even if not all of them get implemented, it's still fairly impressive. Especially given the fact that documentation on NT domains for SMB is pretty slim. ----- Original Message ----- From: To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, September 23, 1999 8:43 PM Subject: Login from NTWorkstation 4 > Hi: > I'm using Samba 2.0.5a (On Redhat 6). I set this linux box as Domain PDC. > > I successfully add my NT Workstation into that domain (NT Workstation 4 with > SP4 and IE5 installed) > The question is that do I have to add my login name into smbpasswd file then > I can login? > > Another question is that when I use the following command: > #smbpasswd -a myname > It prompt for password. I follow the document type ENTER. But the smbpasswd > think it's null password. > Then I can login without pasword, (When I type the password, it tell me it's > wrong). From D.Bannon at latrobe.edu.au Fri Sep 24 04:34:06 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:09 2003 Subject: Login from NTWorkstation 4 In-Reply-To: <003901bf0636$4a228480$46fe005a@remote.edu> References: <3.0.6.32.19990924115342.008d9590@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.19990924143406.008d3d30@bioserve.latrobe.edu.au> At 01:03 PM 24/09/1999 +1000, jonalee@kalsoft.online.sh.cn wrote: >Add user account into smbpasswd to type password? >But how does a admin know everyone's password? > > Do you mean so the admin can type them in ? Thats not normally the way it is done. In my case I get new users to type a passwd on my terminal, one by one. OK if people are going on to the system sporadicly. In a class situation I get a list of (~300) students, I use a script to add them all using a random password and then print out sheets with that passwd on it for each student. They can then change their passwd to something more memorable. There are a number of other stratagies, have a look in the archives for ideas. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From riani at pclitbang03.inti.co.id Thu Sep 23 01:07:42 1999 From: riani at pclitbang03.inti.co.id (riani) Date: Tue Dec 2 02:27:09 2003 Subject: Subnet & Directory for group Message-ID: <37E97D5D.EDFC8EA5@pclitbang03.inti.co.id> Hai I have problem for client using subnet c class (192.168.70.x). I did set samba with domain logon. But client who using subnet cannot login. my smb.conf like : hosts allow = 192.168.70. , 202.159.x.x encryp password = yes security = user domain logon = yes local master =yes os level = 65 win server = 202.159.x.x win proxy = yes I have set client use WINS but fail login.... How to grup on unix write/modify direktory. I did set smb.conf, but user abu, riani, group staff cannot modify or write file. Why... [doc] path = /home/public public = yes write list = abu, riani , @staff guest ok = yes writable = yes printable = no Thank's for your help From S.Ahmet at KIMC.de Fri Sep 24 07:33:48 1999 From: S.Ahmet at KIMC.de (Sahin Ahmet) Date: Tue Dec 2 02:27:09 2003 Subject: No subject Message-ID: <000d01bf065f$299df220$0fc8c8be@ws_3.kimc.de> SET SAMBA-NTDOM ADDRESS 938012226 SahinAhmet@gmx.net -------------- next part -------------- HTML attachment scrubbed and removed From Ralph.Schleifer at eedn.ericsson.se Fri Sep 24 07:12:48 1999 From: Ralph.Schleifer at eedn.ericsson.se (Ralph Schleifer) Date: Tue Dec 2 02:27:09 2003 Subject: pam_smb error Message-ID: <37EB2470.26CB1C71@eedn.ericsson.se> Hello all, trying to use pam_smb to authenticate against a WinNT Server fails with the message PAM unable to resolve symbol: pam_sm_acct_mgmt I'm using SuSE 6.2, Samba 2.0.5a, pam_smb 1.1.5. I did compile samba with "--with_pam" Am I missing a library? Cherrs! /Ralph From matthias at waechter.wol.at Fri Sep 24 07:20:59 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:09 2003 Subject: Subnet & Directory for group In-Reply-To: <37E97D5D.EDFC8EA5@pclitbang03.inti.co.id> Message-ID: On Fri, 24 Sep 1999, riani wrote: > Hai > I have problem for client using subnet c class (192.168.70.x). I did set > samba with domain logon. But client who using subnet cannot login. my > smb.conf like : > hosts allow = 192.168.70. , 202.159.x.x > encryp password = yes > security = user > domain logon = yes > local master =yes > os level = 65 > win server = 202.159.x.x > win proxy = yes > I have set client use WINS but fail login.... try "testparm" and watch the output... the parameters are called "wins server", "wins proxy" and "encrypt passwords". If you are not familiar with the terms, try swat and look at the help. Additionally, maybe the "bind interfaces only" and "interfaces" options are good for your purpose, too. Look at the archive to see what problems can arise from them if not used properly. Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From mator at linux.sstu.runnet.ru Fri Sep 24 07:35:47 1999 From: mator at linux.sstu.runnet.ru (Anatoly Pugachev) Date: Tue Dec 2 02:27:09 2003 Subject: suggestion of temple smb.conf for diff configurations Message-ID: <19990924113547.A13024@linux.sstu.runnet.ru> Hello! I would like to suggest if there in the samba distribution to have templates of different samba comfiguration, example: smb.conf for standalone server, smb.conf for samba acting as PDC, smb.conf for samba with LDAP integration , smb.conf for samba in the domain, etc... regards -- Anatoly Pugachev, system administrator mator@p2.sstu.runnet.ru tel: (7 845-2) 52-60-58 Russia, Saratov State Technical University From christoph at christ.wol.at Fri Sep 24 07:41:14 1999 From: christoph at christ.wol.at (Christoph Christ) Date: Tue Dec 2 02:27:09 2003 Subject: suggestion of temple smb.conf for diff configurations In-Reply-To: <19990924113547.A13024@linux.sstu.runnet.ru> Message-ID: On Fri, 24 Sep 1999, Anatoly Pugachev wrote: > Hello! > I would like to suggest if there in the samba distribution to have templates > of different samba comfiguration, example: smb.conf for standalone server, > smb.conf for samba acting as PDC, smb.conf for samba with LDAP integration > , smb.conf for samba in the domain, etc... > regards > -- > Anatoly Pugachev, system administrator > mator@p2.sstu.runnet.ru > tel: (7 845-2) 52-60-58 > Russia, Saratov State Technical University > That would be a great Idea. I could send in a working sample config for a Samba-PDC on a local network. mfg. Christoph Christ Siebensterngasse 1/6, A-1070 Wien email: christoph@christ.wol.at Tel Privat: +43-699-1026 8053 Tel Firma: +43-1-74045/4336 Fax: +43-1-74045/68 4336 From Michael.Keightley at quadstone.com Fri Sep 24 08:09:21 1999 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:27:09 2003 Subject: [Florian Laws: Re: how do I become a domain administrator] Message-ID: <199909240809.JAA03818@gromit.quadstone.co.uk> > > On Fri, Sep 24, 1999 at 02:26:27AM +1000, Mayers, P J wrote: > > The Domain Admins group must be a member of the local administrators group. > > > > Also, I'm not sure: > > > > localgroup.map > > -------------- > > pcadm=BUILTIN\Administrators > > > > > > ..is correct. You might want: > > > > wheel=BUILTIN\Administrators > > I noticed this on my version of 2.1prealpha from half a year ago, too. > Isn't it a bit strange that Samba depends on the mapping being to the > group wheel for it working? > > Florian > ---- End of forwarded text ---- Group wheel is BSD speak, there is no group wheel in Solaris or HP-UX, DG-UX, NCR Unix etc... Does this mean group root (GID=0)? Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From spd at gtc1.cps.unizar.es Fri Sep 24 08:35:39 1999 From: spd at gtc1.cps.unizar.es (J.A. Gutierrez) Date: Tue Dec 2 02:27:09 2003 Subject: Quota - Is there a way to use them? (Urgent) In-Reply-To: <199909231819.UAA12908@www.lkt.uni-erlangen.de> from "Andreas Abach" at Sep 24, 99 03:28:21 am Message-ID: <199909240835.KAA01986@gtc1.cps.unizar.es> > (with the Windows Explorer) more files than allowed to the samba > server I get an error on NT. When I do it with the "Windows Commander" > I can copy as many files to the share as I want. I get an error but > the file is created. seems like a bug in WC to me. With unix quotas, all you need to create an empty file is the space it takes as directory entry (a few bytes), so, unless the quota us fully exhausted, you can create it. Probably WC should notice it can finish the copy and remove the empty file... > > I Hope there is a way to fix the problem and someone can tell me how > it will work. > in fact, quota support on samba only is used (AFAIK) to inform the user (client) about the amount of space he can use; but the limit is performed by regular unix quota system. (so, you could compile samba w/o quota support and still users would be limited by quotas) -- finger spd@gtc1.cps.unizar.es for PGP / So be easy and free .mailcap tip of the day: / when you're drinking with me application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day text/x-vcard; cat '%s' > /dev/null / (the pogues) From alanh at pinacl.co.uk Fri Sep 24 09:51:45 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:09 2003 Subject: NT printing Message-ID: <01BF067A.CD2A6E30.alanh@pinacl.co.uk> I've been tracking down bug no.1 on your list and found that the following typo fixes it. Notice the [2] should be [i]. Jean - That private bug fix I sent didn't really do anything. *** parse_spoolss.c.old Fri Sep 24 10:47:11 1999 --- parse_spoolss.c Fri Sep 24 10:47:21 1999 *************** *** 2313,2319 **** for (i=0; inumofdrivers; i++) { ! bufsize_required += spoolss_size_printer_driver_info_2(&(driver_info_2[2])); } break; } --- 2313,2319 ---- for (i=0; inumofdrivers; i++) { ! bufsize_required += spoolss_size_printer_driver_info_2(&(driver_info_2[i])); } break; } Alan -----Original Message----- From: Dave.Stevenson@durham.ac.uk [SMTP:Dave.Stevenson@durham.ac.uk] Sent: 22 September 1999 11:13 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: NT printing I'm not authoritative on this but have played a little.. I browsed the server, opened the printers folder and used "Add Printer" then when prompted "Have disk" and loaded the drivers from the CD on my workstation (NT4/SP5). (Make a print$ share to hold the drivers) The files were created by samba. Can make changes to forms etc. from workstation. (Get multiple entries for forms in the ntforms.def file but a simple sort -u removes the duplicates. I can then mount printers and print....but 1/ Spoolss on thee workstation crashes out when you add printer. ( But seems to get to the end of add printer process OK. restarting spoolss works and printer is seen. 2/ the print queue display code is not there yet apparently so the queue display does not refresh. 3/ Found the NT printing unworkable at the moment but interesting :) It is experimental code after all and a priviledge to play with it. The 2.0.5 mainline code I found works well with printers as LANMAN connections and by creating a print$ share I can download drivers from the server (though not automatically...anyone done this?) > > How do you create the NTprinter_??? and NTdriver_??? > files with the correct entries for Samba 2.1prealpha ? > > I can see things like > > starttime > printername > servername > > etc, but how do I create them ? > > Thanks. > > Alan. > From awilliam at whitemice.org Fri Sep 24 10:11:30 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:27:09 2003 Subject: Login from NTWorkstation 4 In-Reply-To: "Re: Login from NTWorkstation 4" (Sep 24, 1:02pm) References: <3.0.6.32.19990924115342.008d9590@bioserve.latrobe.edu.au> <003901bf0636$4a228480$46fe005a@remote.edu> Message-ID: <9909241011.ZM29214@estate1.whitemice.org> On Sep 24, 1:02pm, wrote: > Subject: Re: Login from NTWorkstation 4 > Add user account into smbpasswd to type password? > But how does a admin know everyone's password? > He doesn't (hopefully). You have to device some "migration" scheme to get smbpasswd updated. I added all the users to smbpasswd with null passowrds, expired everyones UNIX password, and hot wired NIS to update SMB as well. Within a few days almost all the Samba passwords were set, then I switched on encrypted passwords. There is no automatic way to move the passwords from UNIX to SMB, as all the hashes are ONE WAY. From karl at rince.net Fri Sep 24 10:36:55 1999 From: karl at rince.net (Karl Dane) Date: Tue Dec 2 02:27:09 2003 Subject: Account Attributes Message-ID: <37EB5447.EB7FA461@rince.net> Hello people, I'm running Samba as a PDC and everything works fine. However, I don't know how to set various account attributes. For example, on NT in the User Manager For Domains, you have the ability to set "User must change password at next logon", or "Password never expires" etc. How and where do I set this account attributes when using Samba as the PDC? Thanks. -- Karl Dane Systems Administrator, BiblioTech From jonas at coyote.org Fri Sep 24 11:07:50 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:09 2003 Subject: LDAP and Samba (was NIS maps and logon path.) In-Reply-To: Jean Francois Micouleau's message of "Thu, 23 Sep 1999 16:49:32 +0200 (CEST)" References: Message-ID: <87u2okd0u1.fsf@poledra.coyote.org> Jean Francois Micouleau writes: > yes, the smb.conf default parameters are overwriting the specific ldap > parameters. > > I've fixed it for others reasons. Commit should follow later today. Thanks. This works well now. I think that LDAP.txt ought to mention though that > homeDrive=Z is not a valid syntax. It seems that you have to suffix it with `:' for Windows to be happy. I'm looking at getting policies to work now because it seems to not work. The NTDOM FAQ mentions that "case preserve = yes" is a good idea, but I assume that one means "preserve case" here. While looking at the logs with the debug levels uped I can't see it ever trying to open ntconfig.pol; although it does do some requests for the pipe \NETLOGON. On another note though I was happy to see that password changing worked perfectly. Good work! Jonas From nescau at akira.ucpel.tche.br Fri Sep 24 12:44:00 1999 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:27:09 2003 Subject: Quota - Is there a way to use them? (Urgent) In-Reply-To: <199909231819.UAA12908@www.lkt.uni-erlangen.de> Message-ID: Hello! > When I connect to the system from NT 4.0 SP5 with samba the size of > the share is shown correctly (x MB of Y MB free). When I try to copy > (with the Windows Explorer) more files than allowed to the samba > server I get an error on NT. When I do it with the "Windows Commander" > I can copy as many files to the share as I want. I get an error but > the file is created. When you reach the quota roof, the system stops writing (and shows the error message you see). Your linux system fills the remaining file space eith ZEROS, using a feature called "hole file system" (correct me if I'm wrong...). If you compare the original file with the new one, you'll see they aren't the same. I released a lill' patch, some time ago, that truncates the file size when you reach the quota limit. If you can't find it in the SAMBA archive, I'd be glad on sending it to you. Hope this helps, Luis [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- MSc coming soon -- Gospel User ] [ Fault Tolerance - Linux - Real Time - Distributed Systems - C - IECLB ] [ LateNite Programmer -- http://atlas.ucpel.tche.br/~nescau -- IS 40:31 ] [ -- Jesus Is The Solid Rock On Which I Stand -- ] From ba2k at virginia.edu Fri Sep 24 12:02:00 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:09 2003 Subject: Samba prealpha on AIX Message-ID: <3.0.6.32.19990924080200.0091dbc0@127.0.0.1> Greetings: On this list I see many reports of success for people running Samba prealpha on many flavors of UNIX with the exception of AIX. If anyone is using prealpha on AIX successfully to authenticate NT machines and client users, I would be interested in exchanging experiences: your experience hopefully good, mine less than favorable, particularly concerning account authentication. Speaking strictly as a departmental systems administrator who does not have the time the developers dedicate to delving into the code, I suspect authentication is busted on AIX. Any confirming or contradictory experiences? Please don't tell me to get Samba off AIX. It's not an option. -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-9813 From swaters at amicus.com Fri Sep 24 13:24:02 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:09 2003 Subject: [Florian Laws: Re: how do I become a domain administrator] References: <199909240809.JAA03818@gromit.quadstone.co.uk> Message-ID: <37EB7B72.76AE7B95@amicus.com> Michael.Keightley@quadstone.com wrote: > > > > > On Fri, Sep 24, 1999 at 02:26:27AM +1000, Mayers, P J wrote: > > > The Domain Admins group must be a member of the local administrators group. > > > > > > Also, I'm not sure: > > > > > > localgroup.map > > > -------------- > > > pcadm=BUILTIN\Administrators > > > > > > > > > ..is correct. You might want: > > > > > > wheel=BUILTIN\Administrators > > > > I noticed this on my version of 2.1prealpha from half a year ago, too. > > Isn't it a bit strange that Samba depends on the mapping being to the > > group wheel for it working? > > > > Florian > > > ---- End of forwarded text ---- > Group wheel is BSD speak, there is no group wheel in Solaris or HP-UX, DG-UX, > NCR Unix etc... Does this mean group root (GID=0)? debian 2.1 doesn't have a wheel group by default either... -stephen From swaters at amicus.com Fri Sep 24 13:32:03 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:09 2003 Subject: suggestion of temple smb.conf for diff configurations References: Message-ID: <37EB7D53.1B12694F@amicus.com> Christoph Christ wrote: > > On Fri, 24 Sep 1999, Anatoly Pugachev wrote: > > > Hello! > > I would like to suggest if there in the samba distribution to have templates > > of different samba comfiguration, example: smb.conf for standalone server, > > smb.conf for samba acting as PDC, smb.conf for samba with LDAP integration > > , smb.conf for samba in the domain, etc... > > regards > > -- > > Anatoly Pugachev, system administrator > > mator@p2.sstu.runnet.ru > > tel: (7 845-2) 52-60-58 > > Russia, Saratov State Technical University > > > > That would be a great Idea. I could send in a working sample config for a > Samba-PDC on a local network. excellent. please do so. just remember to note whether it is for 2.1prealpha or 2.0.x. -stephen From ssparish at pittstate.edu Fri Sep 24 15:27:07 1999 From: ssparish at pittstate.edu (Scott Parish) Date: Tue Dec 2 02:27:09 2003 Subject: Samba prealpha on AIX References: <3.0.6.32.19990924080200.0091dbc0@127.0.0.1> Message-ID: <37EB984B.C4B79FFB@pittstate.edu> Burt Avery wrote: > > Greetings: > > On this list I see many reports of success for people running Samba > prealpha on many flavors of UNIX with the exception of AIX. If anyone is > using prealpha on AIX successfully to authenticate NT machines and client > users, I would be interested in exchanging experiences: your experience > hopefully good, mine less than favorable, particularly concerning account > authentication. > > Speaking strictly as a departmental systems administrator who does not have > the time the developers dedicate to delving into the code, I suspect > authentication is busted on AIX. Any confirming or contradictory experiences? > > Please don't tell me to get Samba off AIX. It's not an option. Short answer: In my experience Samba requires some work to get going under AIX. Longer answer: We are running AIX at our university and I have explored the feasability of running samba to authenticate our users. Getting Samba running under AIX required a bit of work. About a day, maybe two, poking through the code. I have successfully compiled, with some code tweeks, installed, configured and run Samba under AIX 4.2. I have been able to successfully authenticate to the Samba domain on the AIX machine and mounted my home directory. This is as far as my experiment went. One NTWS, one domain, one user--but it works. Don't know about profiles (it complains after logging in about not being able to create a profile.pds directory, and after I manually create it it tells me the roaming profile is not found, but doesn't create one), NT security policies, password changes or syncing--I haven't tried working with any of these. There were several problems that I experienced. First the HEAD branch smbpasswd, often times (maybe just when I grab it), seems to be broken which makes adding machines to the password file a pain. This is merely a minor inconvenience though; just grab any working smbpasswd (from 2.0.5a) and you're in business. Second thing I encountered, which was a show stopper for a while and not directly related to the Samba code, was figuring out how our WINs was setup and making sure machines could see each other. We are using real NT servers for WINS. The test workstation and the server were on different subnets, and the WINS servers were not replicating entries. So the server could see the client, but the client couldn't see the server. That was a pain and basically the symptom was that the client could not find a domain controller for the domain when a login was attempted. This probably could be aleviated if we just let Samba be the WINS server. Third issue that has been temporarily patched in my code deals with the number of available files and some offset (the mind is foggy here). There was a brief discussion of this a while back on this list. Anyway, AIX reports it has some enormous number of available files...let me do some poking to refresh my memory... Appears to be a problem with the pipe_handle_offset in rpc_server/srv_pipe_hnd.c and smbd/files.c or some such. Forgive me, it has been since the middle of August since I messed with this. I believe this manifested itself as a client side message in the event log that redirector received an SMB that was too short. The solution, for me I think, was to hard code an offset because the one samba was determining was not working. There should be enough information in the archives to get you started looking should this be the problem you are encountering. There was an (long?) int vs. UINT problem that should be gone from the HEAD branch now as well. I forget what the symptoms of that were, but it should be fixed. The other issues with AIX and probably some other OS's are 8 byte limitation on userids. This is a real kicker for us, because most of our hostnames are longer than 8 bytes, thus making a unix userid for NT machines rather problematic, at least in our case. Please feel free to contact me. I don't know how much help I'll be, but I could be of some assistance. I would also like to hear of other's experiences with AIX. -- Scott Parish | "I really can't live without Christ. It's like ssparish@pittstate.edu | impossible to really have a true life without Him." | -- Cassie Bernall, martyr at Columbine High School. From flaws at nadia.s.bawue.de Fri Sep 24 16:13:52 1999 From: flaws at nadia.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:27:09 2003 Subject: [Florian Laws: Re: how do I become a domain administrator] In-Reply-To: <37EB7B72.76AE7B95@amicus.com> Message-ID: > > > > > > > > ..is correct. You might want: > > > > > > > > wheel=BUILTIN\Administrators > > > > > > I noticed this on my version of 2.1prealpha from half a year ago, too. > > > Isn't it a bit strange that Samba depends on the mapping being to the > > > group wheel for it working? > > > > > > Florian > > > > > ---- End of forwarded text ---- > > Group wheel is BSD speak, there is no group wheel in Solaris or HP-UX, DG-UX, > > NCR Unix etc... Does this mean group root (GID=0)? > > debian 2.1 doesn't have a wheel group by default either... Yes. I had to create one on the Debian 2.0 where I installed Samba. Strangely I didn't get it working with an other group name at that time. Did I do something wrong, or has it to be the wheel group? Florian From p.mayers at ic.ac.uk Fri Sep 24 16:15:15 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:09 2003 Subject: Samba with LDAP + domains Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF986@icex1.cc.ic.ac.uk> I'm using an LDAP server to back my domain, and I'm getting failed SID to name mappings (using CACLS and Explorer's security box) The question is: Should I add the entries (CREATOR OWNER and so on) into the LDAP directory, or would it be more suitable to submit a diff for lib/sids.c (which I think is the right answer), which has a very short and incomplete list of predefined SIDs. If anyone cares, the latest SIDs are in the winnt.h header file of the latest version of the Platform SDK. Cheers, Phil From p.mayers at ic.ac.uk Fri Sep 24 16:18:15 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:09 2003 Subject: [Florian Laws: Re: how do I become a domain administrator] Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF987@icex1.cc.ic.ac.uk> wheel is typically the group of people that are allowed to use SU, which roughly corresponds to the "administrators" of a unix box. Cheers, Phil -----Original Message----- From: Stephen Waters To: Multiple recipients of list SAMBA-NTDOM Sent: 24/09/99 14:28 Subject: Re: [Florian Laws: Re: how do I become a domain administrator] > > Isn't it a bit strange that Samba depends on the mapping being to > > the group wheel for it working? > > > > Florian > > > ---- End of forwarded text ---- > Group wheel is BSD speak, there is no group wheel in Solaris or > HP-UX, DG-UX, NCR Unix etc... Does this mean group root (GID=0)? debian 2.1 doesn't have a wheel group by default either... -stephen From p.mayers at ic.ac.uk Fri Sep 24 16:21:18 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:09 2003 Subject: Account Attributes Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF988@icex1.cc.ic.ac.uk> What password backend are you using? In an LDAP backend you use pwdCanChange and pwdMustChange which are (8 char hex strings e.g. 0xFFFFFFFF) which are unix times (32bits, seconds from 1970) that the user can change password (set to FFFFFFFF to disable, 00000000 to enable) and must change password (set to 00000000 to force changing at next logon, FFFFFFFF to disable forcing) I don't think the file backend (/etc/smbpasswd) has the capability to store these yet. Try looking in the source code passdb/smbpass*.c files, and see where it fills the relevant fields from. Cheers, Phil -----Original Message----- From: Karl Dane To: Multiple recipients of list SAMBA-NTDOM Sent: 24/09/99 11:34 Subject: Account Attributes Hello people, I'm running Samba as a PDC and everything works fine. However, I don't know how to set various account attributes. For example, on NT in the User Manager For Domains, you have the ability to set "User must change password at next logon", or "Password never expires" etc. How and where do I set this account attributes when using Samba as the PDC? Thanks. -- Karl Dane Systems Administrator, BiblioTech From christoph at christ.wol.at Fri Sep 24 17:34:27 1999 From: christoph at christ.wol.at (Christoph Christ) Date: Tue Dec 2 02:27:09 2003 Subject: PDC-Controller Config for samba 2.0.5a Message-ID: <002701bf06b3$0d1d4d40$070aa8c0@christ.lan> -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 2672 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990924/9d84e758/smb.obj From mmt4q at ee.virginia.edu Fri Sep 24 20:21:46 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:09 2003 Subject: need help with roaming profiles and password change References: <002701bf06b3$0d1d4d40$070aa8c0@christ.lan> Message-ID: <37EBDD5A.37DF3A7@ee.virginia.edu> Hi. I'm running Samba 2.0.2 setup as a PDC on a Solaris 2.6 NIS machine. I am able to successfully login to the PDC from my WinNTSP3 client. First I was assigned the "Default User" profile I had put in the "netlogon" share and then it correctly created my user profile in \\N\profiles\U However, when I login to the PDC from the same WinNTSP3 client as a different new user, I get the first users' profile instead of the "Default User" profile. Any ideas? Secondly, whether I have "password sync" on or off in smb.conf I can not change my password from the WinNTSP3 client. I get the following error message: Username or old password is incorrect. Letters in passwords must be typed using the correct case. Make sure that capslock is not accidently on. Any ideas? Here's the pertinent parts of my smb.conf: [global] debug level = 0 printing = bsd printcap name = /etc/printers.conf load printers = yes guest account = pcprint username map = /usr/local/samba/lib/users.map wins support=yes ; these commands are needed to print and remove print jobs print command = /usr/ucb/lpr -r -P%p %s lpq command = /usr/ucb/lpq -P%p lprm command = /usr/ucb/lprm -P%p %j ; these commands enable cross-subnet browsing domain master = yes local master = yes preferred master = yes os level = 65 ; these commands are for domain logins and profiles domain logons = yes security = user encrypt passwords = yes logon drive = N: logon home = \\%N\%U logon path = \\%N\profiles\%U logon script = scripts\STARTUP.BAT time server = Yes netbios name = eeultra ; needed for "staff" group members to have administrator priv. on pcs. domain admin group = @staff ; needed for unix password syncing ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*password* %n\n *new*password* %n\n *passw*d*d*on* ; unix password sync = yes ; passwd chat debug = true ; ; INTERFACE ; interfaces = 128.143.10.69/255.255.0.0 ; ; NAME MANGLING ; case sensitive = no preserve case = yes ;mangle case = yes ;default case = lower short preserve case = yes ; ; HOSTS ALLOW/DENY ; Can specify by host name of IP address ; ex: hosts allow = 128.143.10./255.255.255.0, 128.143.11./255.255.255.0, 128.143.137./255.255.255.0, 128.143.190./255.255.255.0, 128.172.167.21, 128.143.219./255.255.255.0, 128.143.38.168, 127.0.0.1, 205.216.211.26 ; ; ;WORKGROUP ; What NetBIOS workgroup is this server a member of ; workgroup = EEGROUP remote announce = 128.143.11.255/EEGROUP [homes] comment = Home Directories browseable = no read only = no create mode = 0755 guest ok = no [profiles] comment = contains users' profiles path = /dsk1.0/shares/profiles guest ok = yes available = yes browseable = yes writeable = yes [netlogon] comment = contains network logon scripts path = /dsk1.0/shares/netlogon writeable = yes guest ok = no Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From Sascha.Luetzel at tu-clausthal.de Sat Sep 25 08:16:53 1999 From: Sascha.Luetzel at tu-clausthal.de (Sascha =?ISO-8859-1?Q?L=FCtzel?=) Date: Tue Dec 2 02:27:09 2003 Subject: Printig with Samba Prealph 2.1 an NT Message-ID: <19990925.8165398@oelfuss.hercynia.verb.tu-clausthal.de> Having sucsessfully install Samba as Primary Domian controller, but have prblem with printing. The printer appears on nethood but Samba say ?Printer is offline? at smb.conf there is the section [printer] wich should browse all available printers and let print to them. Does anyone has an idea. Sascha L?tzel Never change a running System ecxept for very good sex. From christoph at christ.wol.at Sat Sep 25 08:14:48 1999 From: christoph at christ.wol.at (Christoph Christ) Date: Tue Dec 2 02:27:09 2003 Subject: need help with roaming profiles and password change In-Reply-To: <37EBDD5A.37DF3A7@ee.virginia.edu> Message-ID: On Sat, 25 Sep 1999, Melissa Thrush wrote: > Hi. > > I'm running Samba 2.0.2 setup as a PDC on a Solaris 2.6 NIS machine. > I am able to successfully login to the PDC from my WinNTSP3 client. > First I was assigned the "Default User" profile I had put in the "netlogon" > share and then it correctly created my user profile in \\N\profiles\U > However, when I login to the PDC from the same WinNTSP3 client > as a different new user, I get the first users' profile instead of the > "Default User" profile. > > Any ideas? Hmmm. Take a look at the machines account and figure out, which profile is in there. It might be the first users profile. When the logon procedure is as I think, NT first creates a default config for its machine on your server and then presents this default to all new users from its own machine account on your server. Check this out and try to overload the profile on the machine's account > ; passwd chat = *New*password* %n\n *new*password* %n\n *passw*d*d*on* Did you check, whether you are using the right passwd chat? This should be exactly as the in/output of your passwd program - will be spawned by smbpasswd. mfg. Christoph Christ Siebensterngasse 1/6, A-1070 Wien email: christoph@christ.wol.at Tel Privat: +43-699-1026 8053 Tel Firma: +43-1-74045/4336 Fax: +43-1-74045/68 4336 From ppz at mail.com Sat Sep 25 12:17:38 1999 From: ppz at mail.com (Piet) Date: Tue Dec 2 02:27:09 2003 Subject: Problem inside a NT Domain. Message-ID: <386125236.938261858039.JavaMail.root@web02.pub01> BECKER Stéphane wrote: > > Hi, > But there is still two problem I can't seems to solve : > > - I've got a performance issue on every computer. Sometimes the computer > freeze for 5 or 10 seconds this was not happening before the connection of > the linux server. My guess is that every x minutes the connexion is > resetted and then the linux server must reidentificate the client by > sending his password to the NT server. This is quite disapointing, users > throwing rocks at me. > So If somebody has got an answer ... Hmmm, you give very little information on the linux box you're running, but let me guess.... Since you're from Germany I believe you're running SuSE, maybe 6.2? And you're having a 100m ethernet card, maybe Intel etherpro 100? Well then it may be the buggy driver that comes with SuSE which disconnects the linux box periodically from the net while on load. Get yourself the driver from /drivers/net/yourdriver.c (or so) from the official kernel (e.g. from kernel.org), in case of the intel card having revision 1.06, compile it give it to the system and you should have solved the issue..... Other than that, I can't guess ................... __________________________________________________ FREE Email for ALL! Sign up at http://www.mail.com From peterb at granada-learning.com Sat Sep 25 12:37:30 1999 From: peterb at granada-learning.com (Pete Birkinshaw) Date: Tue Dec 2 02:27:10 2003 Subject: Problems moving PDC from 2.04 to 2.1alpha References: Message-ID: <37ECC20A.D23FF80F@granada-learning.com> Hi, I'm trying to migrate the network PDC duties from a file server running Samba 2.04 to another PC running Samba 2.1 alpha. The original server will continue to share the netlogon and profile directories. I moved smbpasswd and SID files from the old server to the new one. Users can login, and Desktop, Favourites and other folders in the profile directory are read OK. However, there are some serious problems: - All registry type configuration settings are gone. Users desktop patters, IE & Outlook configs etc seem to have vanished, although all files including NTUSER.DAT are still present. - Local group membership no longer works: users that should be local administrators can't even share folders. - Group mapping doesn't seem to work. I can see the mapped groups in the User Manager for Domains, but they are empty. It /looks/ as if each user has the correct password and name, and so can log in to the profile, but gets the wrong (different) ID, so NTUSER.DAT is unuseable. The new server uses NIS to get user names from the original server. Is it this, or the way I copied over the smbpasswd and .SID files to the new server? Any help would be greatly appreciated. Thanks, Pete Birkinshaw From Dave.Stevenson at durham.ac.uk Sat Sep 25 13:23:21 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:10 2003 Subject: Printig with Samba Prealph 2.1 an NT Message-ID: <28865.199909251323@gengis> NT Printig is not fully functional in 2.1alpha but I have heard the sounds of people working on it. Works up to a point - adding printers and printing seems OK. Have you used the "Add Printer" function in the Printers folder on the Samba 2.1 server from your workstation to add the printer definition files to Samba? Works better via LANMAN connections at the mo in my opinion, but establishing them is tricky..If they are already established with 2.0 on a workstation they continue to work but I couldn't find a way to make 2.1a "thunk back down" to LANMAN like 2.0 does. I decided to keep printers on a separate server running 2.0...but things are changing all the time :-) From becker at spellbound.de Sun Sep 26 15:58:16 1999 From: becker at spellbound.de (BECKER =?iso-8859-1?Q?St=E9phane?=) Date: Tue Dec 2 02:27:10 2003 Subject: Problem inside a NT Domain. In-Reply-To: <386125236.938261858039.JavaMail.root@web02.pub01> Message-ID: <4.1.19990926175422.00b3c8c0@192.0.3.10> At 08:17 25/09/99 -0400, you wrote: >BECKER St?phane wrote: >> >> Hi, > > > > >> But there is still two problem I can't seems to solve : >> >> - I've got a performance issue on every computer. Sometimes the computer >> freeze for 5 or 10 seconds this was not happening before the connection of >> the linux server. My guess is that every x minutes the connexion is >> resetted and then the linux server must reidentificate the client by >> sending his password to the NT server. This is quite disapointing, users >> throwing rocks at me. > > >> So If somebody has got an answer ... > >Hmmm, > >you give very little information on the linux box you're running, but let me >guess.... > >Since you're from Germany I believe you're running SuSE, maybe 6.2? > Err no I am running a red hat v6.0, but your initial hypothesis is not totally wrong since I am not german, I am only working in germany :) >And you're having a 100m ethernet card, maybe Intel etherpro 100? > The computer configuration is Pentium 133 64 Meg of ram 20gb IDE Hard Disk 3COM Fast Etherlink XL quite low level but there is not so much activity on this computer. In fact I partially solved the problem by changing on one computer experiencing the problem the controll access from user-level to ressource. >Well then it may be the buggy driver that comes with SuSE which disconnects >the linux box periodically from the net while on load. Get yourself the >driver from /drivers/net/yourdriver.c (or so) from the official kernel (e.g. >from kernel.org), in case of the intel card having revision 1.06, compile it >give it to the system and you should have solved the issue..... > >Other than that, I can't guess ................... > > ???`????,??,????`????,??,????`????,??,????`???????`????,??,????`????,??,? BECKER St?phane, becker@spellbound.de Spellbound Software * West Str. 15 * 77694 Kehl * Germany Ph +49 7851 9916-71 * Fax -61 * From jonas at coyote.org Mon Sep 27 07:09:48 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:10 2003 Subject: Trust Message-ID: <871zbkg79f.fsf@poledra.coyote.org> Is it possible to setup trusts between a domain running Samba and one running NT Server? What I'd like to do is make it possible for users sitting at computers in the domain FOO to logon to the domain BAR. Jonas From karl at rince.net Mon Sep 27 12:29:25 1999 From: karl at rince.net (Karl Dane) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords Message-ID: <37EF6324.CDABF71E@rince.net> Hi guys, I get the following error when I run testparm against my smb.conf file: "ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*] expects to use the old plaintext password via the %o substitution. With encrypted passwords this is not possible." I assume that this will cause problems when it comes to NT4w users trying to change their passwords. How do I resolve this? Am I forced to use plaintext passwords when syncing passwords with unix accounts? Or is the whole issue moot if I were to use an LDAP backend? Any help is much appreciated. Thanks, -- Karl Dane Systems Administrator, Bibliotech Steinbach's Guideline for Systems Programming: Never test for an error condition you don't know how to handle. p.s. I attach my smb.conf for the sake of clarity. # Global parameters workgroup = netbios name = server string = interfaces = encrypt passwords = Yes log level = 1 log file = /var/log/samba/log.%m max log size = 200 time server = Yes socket options = TCP_NODELAY printcap name = /etc/printcap domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j passwd program = /usr/bin/passwd unix password sync = True domain admin users = rince gwen atomix terence olly domain admin group = rince gwen atomix terence olly [netlogon] locking = no public = no browseable = yes -------------- next part -------------- HTML attachment scrubbed and removed From giulioo at tiscalinet.it Mon Sep 27 12:42:55 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: <37EF6324.CDABF71E@rince.net> References: <37EF6324.CDABF71E@rince.net> Message-ID: <19990927124337.D819726E39@i3.golden.dom> On Mon, 27 Sep 1999 22:32:15 +1000, hai scritto: >"ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* >%n\n *new*password* %n\n *changed*] expects to use the old plaintext >password via the %o substitution. With encrypted passwords this is not >possible." >How do I resolve this? Am I forced to use plaintext passwords when Samba will call (considering a normal unix passwd account), the passwd binary as root; so it won't be asked for the old password. It will be 1) new unix password retype... and not 2) type old passwd new unis passwd retype so change password chat according to case 1. Samba+sync+encrypted is ok. -- giulioo@tiscalinet.it From Joel.Bressman at wpafb.af.mil Mon Sep 27 12:58:03 1999 From: Joel.Bressman at wpafb.af.mil (Bressman Joel M Contr MSG/SWS) Date: Tue Dec 2 02:27:10 2003 Subject: subscribe Message-ID: <8BD9E8426CD5D211B8A80004AC252D800C6534@FSZHTV92> subscribe Joel M. Bressman MSG Webmaster * Office: (937) 257-5757 * E-Mail: From Dave.Stevenson at durham.ac.uk Mon Sep 27 13:14:31 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords Message-ID: <471.199909271314@gengis> I recall a brief discussion of this in the NTDOM archive ...somwhere in time To change the password without the old password didn't the samba server need to be on the NIS domain controller? or a hacked version of passwd was necessary to avoid asking for the old password under UNIX? In either case I still don't see how samba calls passwd with the plain text password when encrypted passwords are used unless it unhashes it.... or sets the hash as the password :-o Can someone enlighten me or point me to the thread? a search on "passwd chat encrypt" didn't find it. > On Mon, 27 Sep 1999 22:32:15 +1000, hai scritto: > > >"ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* > >%n\n *new*password* %n\n *changed*] expects to use the old plaintext > >password via the %o substitution. With encrypted passwords this is not > >possible." > > >How do I resolve this? Am I forced to use plaintext passwords when > > Samba will call (considering a normal unix passwd account), the passwd > binary as root; so it won't be asked for the old password. > > It will be > 1) > new unix password > retype... > > and not > 2) > type old passwd > new unis passwd > retype > > so change password chat according to case 1. > Samba+sync+encrypted is ok. > > -- > giulioo@tiscalinet.it From a.schaefer at uwt.mb.uni-siegen.de Mon Sep 27 13:13:02 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:27:10 2003 Subject: Problem inside a NT Domain. Message-ID: <511FDFACA857D211A0E10060084D481205CB1E@intranet> Hi, > But there is still two problem I can't seems to solve : > > - I've got a performance issue on every computer. Sometimes > the computer > freeze for 5 or 10 seconds this was not happening before the > connection of > the linux server. My guess is that every x minutes the connexion is > resetted and then the linux server must reidentificate the client by > sending his password to the NT server. This is quite > disapointing, users > throwing rocks at me. Had a similar problem here. When login on on a NT workstation, the bloody thing was frozen for several seconds. In that case it was just like you guessed: The NT explorer tried to open the connection to the Samba-share. This took some time, because the system had to authenticate (via NT PDC). As far as I know, NT explorer checks the connected drives every xxx seconds. The strange ting is, that - as far as I know - the connection is not broken and you don't have to reconnect. But this behavior is defined in Nt registry. So, I guess you have a problem with one of both sides dropping connection after a certain amount of time. Unfortunately I can't remember, which Key in the Registry on NT was responsabile for this. Sorry. Axel From abbas at cns.uni.edu Mon Sep 27 14:38:24 1999 From: abbas at cns.uni.edu (Melanie Abbas (CNS staff)) Date: Tue Dec 2 02:27:10 2003 Subject: Credetials Error on Logon Message-ID: We are running Samba 2.0.5a on a Solaris 7 server. During logon, the computers in the computer lab run a logon script that maps 2 drive letters (o: and p:) from a Win NT server. The logon script passes the username and password in plaintext in the script. So, the line looks like: net use o: \\servername\opt password /user:username /persistent:no with a similar looking line for p: We have been using this logon script for 18 months without problem, until we upgraded from Samba 1.19.8p3 to 2.0.5 last August. Since we upgraded, about 50% of the time, the user will see System Error 1219 has occurred. The credentials supplied conflict with an existing set of credentials. Now, I understand this error means that it still thinks another username/password is using something from the server so it cannot allow access to that server from the username/password sent in the logon script. However, the server in question is ONLY EVER used from these lab systems with the same username/password that we send in the logon script. We are able to get the drive letters to map manually after the logon script is finished by right clicking on My Computer and doing a map network drive passing the username/password that is in the logon script. Sometimes, even that method takes a few minutes before it will work, coming back with an NT error about conflicting credentials. Does anybody know why this is occuring? The NT boxes have SP3 and SP4 on them so it is unrelated to the SP number. The users do have roaming profiles setup. If you would like any more info, please let me know! I'd really like to get this resolved since students in Intro Computing classes don't know what is going on all the time :) Melanie Abbas CNS Systems Administrator @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Be content with such things as you have. For God himself has said, I shall never leave you nor forsake you. -Hebrews 13:5 Office: WRT 337 Regular hours: 8:00-5:00 Phone: 273-7029 Fax: 273-7123 Beeper: 235-4135 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ From Dave.Stevenson at durham.ac.uk Mon Sep 27 18:17:56 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:10 2003 Subject: Problems moving PDC from 2.04 to 2.1alpha Message-ID: <1175.199909271817@gengis> > > Hi, > > I'm trying to migrate the network PDC duties from a file server running > Samba 2.04 to another PC running Samba 2.1 alpha. The original server > will continue to share the netlogon and profile directories. I'm seeing similar problems having migrated a 2.0.0alpha Samba PDC 20/9/98 -> 2.1 10/9/99 I use NIS in the same way but don't think its that. The mapped groups being empty is in the NT dom archive (July I think) but basically you have to put the unix user id's in the group file like:- mygroup::123:userid1,userid2,userid3 etc etc. then they show up in the user manager (assuming you have set up groups similar to the NTDOM FAQ suggestion ) domaingroup.map then has to have an entry like mygroup="Domain Users" so that the Local Group "Users" on the workstations picks up user ids as valid users ( Users local group contains the Domain Users global group by default) That populates your group and solves the roaming profiles being downloaded and being owned by an "Unknown Account" that denies permission to the intended owner...... Think that will help with your situation too. BUT I still get messages from my logon.bat file saying Error 3678 An error occurred while saving your profile. The state of your remembered connections has not changed. ( when trying NET USE .... commands) Other commands NET TIME etc are fine. This suggests that I still have a permissions problem somewhere. If I delete the profile and allow the system to build a new one everything works fine but of course all the users settings are lost. Thinking out load here but... Only my NTConfig.POL and the server software has changed, and SID's for the domain controller and the smbpasswd file were carefully frozen and transferred. So I have to conclude that something in NTUSER.DAT is to blame or maybe the user is now identified slightly differently since they have a group membership now. Was the "group" membership kludged in some way in the past...or is it way more complex than this? Short of combing through NTUSER.DAT looking for needles, or resetting ALL user profiles I'm not sure how to solve it. Anyone any ideas, know of tools to compare NTUSER.DAT files in a meaningful way? > > I moved smbpasswd and SID files from the old server to the new one. > > Users can login, and Desktop, Favourites and other folders in the > profile directory are read OK. However, there are some serious problems: > > - All registry type configuration settings are gone. Users desktop > patters, IE & Outlook configs etc seem to have vanished, although all > files including NTUSER.DAT are still present. > > - Local group membership no longer works: users that should be local > administrators can't even share folders. > > - Group mapping doesn't seem to work. I can see the mapped groups in the > User Manager for Domains, but they are empty. > > It /looks/ as if each user has the correct password and name, and so can > log in to the profile, but gets the wrong (different) ID, so NTUSER.DAT > is unuseable. > > The new server uses NIS to get user names from the original server. Is > it this, or the way I copied over the smbpasswd and .SID files to the > new server? > > Any help would be greatly appreciated. > > Thanks, > > Pete Birkinshaw From cartegw at Eng.Auburn.EDU Mon Sep 27 19:10:46 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:10 2003 Subject: Problems moving PDC from 2.04 to 2.1alpha References: <1175.199909271817@gengis> Message-ID: <37EFC136.555211BA@eng.auburn.edu> Dave (and others), Most likely the problem is caused by a domain SID change. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From inge at cc.uit.no Mon Sep 27 19:24:07 1999 From: inge at cc.uit.no (=?iso-8859-1?Q?Inge=2DH=E5vard?= Hunstad) Date: Tue Dec 2 02:27:10 2003 Subject: Ldap and rids Message-ID: <37EFC457.94C0C562@cc.uit.no> Hi I have a question about converting a smbpasswd file containing 900 users to LDAPs ldif format. The problem is that there is no rid in the smbpasswd file. So my question is how do I genererate a rid for each user? I have tried rpcclient it only returns the machine accounts and only a few of the users. My PDC is running cvs ver dated 12.05.1999 and readhat ver 6.0 with kernel 2.2.12 but samba is compiled on a machine running Redhat 5.2. I saw there where some troubles with Redhats group handling and I suspects that this is what's causing me troubles when I try to enumerate the users on the PDC. Why don't users with a the grouprid set in ldap show up in their primary group in UserManager for Domains? Do I have to add every user to their primary group too. It seems like a litte bit overkill to have the group of a user set many places. Please correct me if I'm wrong. I have to warn you I have no experiece with NT server so I can't tell how it looks there. I hope you understand my questions. Thanks in advance for all your help. Inge-H?vard Hunstad PS. Thanks for all the the help I've got when setting up the Samba server. From hazel at onebox.com Tue Sep 28 00:04:35 1999 From: hazel at onebox.com (Hazel ) Date: Tue Dec 2 02:27:10 2003 Subject: Mondo strange problem: linux firewall, NT PDC Message-ID: <19990928000501.YKKF29939.mta02@onebox.com> Hello, Thanks for all the interesting posts I have read on this list already. Here is what is going on: Win95 or Win98 client calls ISP, establishes connection. Then, launches a PPTP connection to the Linux box acting as firewall. The NT PDC authenticates logon. (If type wrong password, it will deny it.) The connection shows up looking good under RAS-->Active Users and Event Viewer. But -- and this is a big but -- the client cannot ping the RAS server! And the RAS server can't ping client!! Client can't ping anybody on local network. (Needless to say, Network Neighborhood is totally deserted.) It's like the client gets authenticated into the domain, but ends up in its own separate domain. Any ideas at all much appreciated. Thanks in advance! -- Hazel hazel@onebox.com - email (415) 430-2193 x1071 - voicemail/fax __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com From GLeblanc at cu-portland.edu Tue Sep 28 00:13:35 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:10 2003 Subject: Mondo strange problem: linux firewall, NT PDC Message-ID: Is this a problem that showed up because you changed something, or a problem that you're having getting something to work? Greg > -----Original Message----- > From: Hazel [mailto:hazel@onebox.com] > Sent: Monday, September 27, 1999 5:08 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Mondo strange problem: linux firewall, NT PDC > > > Hello, > > Thanks for all the interesting posts I have read on this list already. > > Here is what is going on: > > Win95 or Win98 client calls ISP, establishes connection. > > Then, launches a PPTP connection to the Linux box acting as firewall. > > The NT PDC authenticates logon. (If type wrong password, it > will deny it.) > > The connection shows up looking good under RAS-->Active Users > and Event Viewer. > > But -- and this is a big but -- the client cannot ping the > RAS server! And the RAS server can't ping client!! Client > can't ping anybody on local network. (Needless to say, > Network Neighborhood is totally deserted.) It's like the > client gets authenticated into the domain, but ends up in its > own separate domain. > > Any ideas at all much appreciated. Thanks in advance! > > -- > Hazel > hazel@onebox.com - email > (415) 430-2193 x1071 - voicemail/fax > > > > __________________________________________________ > FREE voicemail, email, and fax...all in one place. > Sign Up Now! http://www.onebox.com > From lnb at freedom.cybertouch.org Tue Sep 28 00:24:05 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:27:10 2003 Subject: very wierd browsing problem with NT only.. Message-ID: Hello Fellow Samba users, I have the strangest problem. With a win98 box I can click on one of my Samba servers in Network Neighborhood and view and use the available shares. From any of my FreeBSD boxes I can use smbclient to access the shares on this one box which NT cannot. On the NT box, I can see the computer but cannot browse it (clicking on it causes NT to report "Satan is unavailable, an RPC error has occurred"). Would anyone have any insight as to what might be causing this? If anyone uses power point and cannot understand me well, I can send you exactly what I am experiencing. Thank you in advance for the help, Lanny Baron From b.franco at areacom.it Tue Sep 28 04:59:10 1999 From: b.franco at areacom.it (Baky) Date: Tue Dec 2 02:27:10 2003 Subject: WINS - DNS - SCO Message-ID: <001301bf096e$34fb4c00$41540497@pc> I have WINNT 4.0 PDC (TCP-IP address 192.168.1.10 ) and i use DHCP, WINS and DNS on it. on my network there are one PC with SCO (Version 5.05) when i ping to client from SCO the answer is correct. I installed SAMBA on SCO but it didn't work .... (Network busy message appear on client) Why? can u help me? thank u Baky b.franco@areacom.it baky@aecsistemi.it From richard.derks at itplus.nl Tue Sep 28 05:50:18 1999 From: richard.derks at itplus.nl (Derks, Richard) Date: Tue Dec 2 02:27:10 2003 Subject: subscribe Message-ID: <9112F4142CCDD111BA9C00062905319A48DEC3@hkv-svr-exch-01.itplus.nl> I like to subdcribe to this mailling list, but i dont know how.. From icoupeau at unav.es Tue Sep 28 08:20:53 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:27:10 2003 Subject: Ldap and rids References: <37EFC457.94C0C562@cc.uit.no> Message-ID: <37F07A65.75E481B9@unav.es> Inge-H?vard Hunstad wrote: > > Hi > > I have a question about converting a smbpasswd file containing 900 users > to LDAPs ldif format. The problem is that there is no rid in the > smbpasswd file. So my question is how do I genererate a rid for each > user? We are using a perl script to translate the users from smbpasswd to ldap. The bin/smbpaswd compiled with ldap, take care about rids (look at the nextrid attribute in the sambaconfig entry). We have 18.000 users in a very small number of groups. The script looks at the /etc/passwd and do a map between unix group id (gidNumber) and the desired nt group id. So, for each account we runs the smbpasswd and a ldapmodify with the additional parameters: smbhome, profile path, and so in function of gidNumber... At this moment the script doesn't support for multiple groups for a user, but with a little of work it can manage the administrative accounts and add several "member" to the ldap groups. If you need it I can sent to you... I hope add the script to http://www.unav.es/cti/ldap-smb-howto.html this weekend. > I have tried rpcclient it only returns the machine accounts and > only a few of the users. My PDC is running cvs ver dated 12.05.1999 and I think is a little old... we are using Aug/05 versions... Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From john.rooke at lpsystems.com Tue Sep 28 08:16:51 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:10 2003 Subject: Problem with NT workstation loging in... Message-ID: <37F07973.F8E2B842@lpsystems.com> We are running samba 2.1-prealpha on SuSE Linux 6.0 and all seems to be OK. The only problem seems to be when I start up an NT Workstation 4.0 (SP5) PC called john. This attempts to become the master browser (as can be seen from the except from log.nmb below) meaning that the PC john cannot find the PDC (saturn - our Linux box running Samba) and thus logs on with a locally stored profile. If I then log out of john and logh back in all is OK and I can log onto our domain. I have set os level=100 in smb.conf on saturn so saturn should win out all the time. How do I stop john from trying to be the master browser when it starts up? John. [1999/09/27 10:15:56, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announc e(309) process_local_master_announce: Server JOHN at IP 10.1.1.8 is announcing itself as a local master browser for workgroup LPSYSTEMS and we think we are master. F orcing election. [1999/09/27 10:15:56, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(15 6) ***** Samba name server SATURN has stopped being a local master browser for workgrou p LPSYSTEMS on subnet 10.1.1.13 ***** [1999/09/27 10:16:14, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) ***** Samba name server SATURN is now a local master browser for workgroup LPSYSTEMS on subnet 10.1.1.13 ***** From wouter at source.be Tue Sep 28 12:37:05 1999 From: wouter at source.be (Wouter Belmans) Date: Tue Dec 2 02:27:10 2003 Subject: Probs installation Samba 2.0.3 on Sol 2.5.1 Message-ID: <000701bf09ae$2c007450$0c0ecfc3@homer> Hello, I hope I have the right mailadress for reaching the Samba-mailinggroup. I'm having problems installing Samba version 2.0.3 on a Solaris 2.5.1 machine. The installation itself was no problem: just a pkgadd of the different packages (which includes the blat-http server on port 901), and the soft was installed succesfully. After sending a sighup to the inetd-process (#kill -1 ), I could connect with a browser to the Samba configuration file. I made a straightforward smb.conf that, according to me, should let everybody in as guest "nobody" on three directories (/opt, /disk1, /disk2) without using a password. I've included the configuration file in the bottom of this mail (it passes the /usr/local/samba/bin/testparm-utility). The installation added the following lines to /etc/inetd.conf: ---------------- netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd /etc/services: -------------- netbios-ns 137/udp # samba service netbios-ssn 139/tcp It looks to me that these are the right entries to startup daemons smbd & nmbd when ports 137 & 139 are contacted. I have also tried the config by starting the daemons (/usr/local/samba/bin/smbd -D -d3 ; /usr/local/samba/bin/nmbd -D -d3) from a startup script (commenting out the netbios services in /etc/inetd.conf and /etc/services), that gave the exact same problems. The Samba-server is called sparc, and known by all NT-systems on IP-level. >From an NT system, trying to connect gives the following output: C:\>net use \\sparc\disk1 System error 53 has occurred. The network path was not found. C:\> I do not find anything in the Samba or Solaris log files that reports this failure in connection. When I try to connect on the Solaris-machine itself, with the local Samba-client, I get the following: #/usr/local/samba/bin/smbclient \\sparc\disk1 Error, not enough \'s in \sparcdisk1 # The connection is not made. The following command makes the connection succesfully (accepting a null-password): #/usr/local/samba/bin/smbclient \\\\sparc\\disk1 (Maybe that's normal, because in UNIX I have to escape the \-characters??) Does anybody have any idea what can be wrong? Thanks a lot, Wouter BELMANS, Support Engineer. ----------------------------------------- Email : wouter@source.be GSM : 0477/487.614 ----------------------------------------- OMNIS SOURCE Lozenberg, 6 Phone +32(0)2/721.54.10 B-1932 ZAVENTEM Fax +32(0)2/725.88.50 BELGIUM http://www.source.be ----------------------------------------- smb.conf -------- # Samba config file created using SWAT # from server-ascii-02 (192.168.91.98) # Date: 1999/09/22 19:25:06 # Global parameters workgroup = COMPANY netbios name = SPARC netbios aliases = test security = SHARE encrypt passwords = Yes update encrypted = Yes min passwd length = 4 null passwords = Yes [opt] comment = just a test share path = /opt read only = No guest ok = Yes [disk1] comment = external disk path = /disk1 read only = No guest ok = Yes [disk2] comment = external disk path = /disk2 read only = No guest ok = Yes From lisa at USNA.Navy.Mil Tue Sep 28 13:08:32 1999 From: lisa at USNA.Navy.Mil (Lisa Becktold {CADIG STAFF}) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords Message-ID: <199909281308.JAA05433@leto17.usna.navy.mil> Hi: I'm not sure of all the details concerning your configuration... are you running Samba as an NT PDC? We are running Samba on both an SGI and SUN server. Both are acting as PDCs of different domains. On the Sun server, I have "unix password sync" set and it works! (Thanks to a lot of help from this mailing list). This means that users can sit down at NT workstations that are members of the Sun server Samba domain, and when they change their password it changes both smbpasswd AND /etc/passwd. Is this what you're trying to do? If so, then you must rewrite your "passwd chat" script so that it doesn't prompt for the old password. I think this may be necessary because you can't decrypt that old password across NT/Samba/UNIX. These are the settings that worked for me: unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *passw*d*d*on* Run the UNIX "passwd username" program as root. What prompts do you see? Incorporate parts of those prompts with wild cards in your "passwd chat" script. One wrinkle - if you're running NIS, then you must run "unix password sync" on the NIS master. IT WILL NOT WORK ON AN NIS SLAVE, because the slave NIS server will prompt for the old password and will NOT change a user's password unless it gets the old password first. On the NT workstation, you will be prompted for the old password. Enter it, but don't worry - it doesn't percolate up to the UNIX passwd level. Samba is smart enough to parse out the old password, and just grab the new ones to pass to /usr/bin/passwd. Lisa > Originator: samba-ntdom@samba.org > From: Karl Dane > To: Multiple recipients of list SAMBA-NTDOM > Subject: Sync issue with encrypted passwords > MIME-Version: 1.0 > X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas > X-URL: http://samba.anu.edu.au/listproc > X-Comment: Discussion of NT domain controller support in Samba > Date: Mon, 27 Sep 1999 22:31:14 +1000 > > Hi guys, > > I get the following error when I run testparm against my smb.conf > file: > > "ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* > %n\n *new*password* %n\n *changed*] expects to use the old plaintext > password via the %o substitution. With encrypted passwords this is not > possible." > > I assume that this will cause problems when it comes to NT4w users > trying to change their passwords. > > How do I resolve this? Am I forced to use plaintext passwords when > syncing passwords with unix accounts? Or is the whole issue moot if I > were to use an LDAP backend? > > Any help is much appreciated. > > Thanks, > > -- > Karl Dane > Systems Administrator, Bibliotech > > Steinbach's Guideline for Systems Programming: > Never test for an error condition you don't know how to > handle. > > p.s. I attach my smb.conf for the sake of clarity. > > # Global parameters > workgroup = > netbios name = > server string = > interfaces = > encrypt passwords = Yes > log level = 1 > log file = /var/log/samba/log.%m > max log size = 200 > time server = Yes > socket options = TCP_NODELAY > printcap name = /etc/printcap > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > dns proxy = No > printing = bsd > print command = lpr -r -P%p %s > lpq command = lpq -P%p > lprm command = lprm -P%p %j > passwd program = /usr/bin/passwd > unix password sync = True > domain admin users = rince gwen atomix terence olly > domain admin group = rince gwen atomix terence olly > > [netlogon] > locking = no > public = no > browseable = yes > > ---------------------------------------------------------- Lisa M. Becktold - lisa@usna.navy.mil, (410) 293-6480 United States Naval Academy - CADIG 590 Holloway Road, Rickover Hall, Annapolis, MD 21402-5000 From skvidal at phy.duke.edu Tue Sep 28 13:17:57 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: <199909281308.JAA05433@leto17.usna.navy.mil> Message-ID: > > Run the UNIX "passwd username" program as root. What prompts do you see? > Incorporate parts of those prompts with wild cards in your "passwd chat" > script. how do you handle situations where the password passed to passwd will be objected to by your passwd cracklib. ie: passwd username enter old password - goodpass enter new password - badpass **** new password is idiotic you should be destroyed *** enter another new password - blah blah blah Is there a good way to get around this problem? -sv From lisa at USNA.Navy.Mil Tue Sep 28 14:20:20 1999 From: lisa at USNA.Navy.Mil (Lisa Becktold {CADIG STAFF}) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords Message-ID: <199909281420.KAA05462@leto17.usna.navy.mil> Hi, Seth: That's a good question....I haven't dealt with error prompts. Has anyone else created a "passwd chat" script to handle incorrect input? Is there any way to make your /usr/bin/passwd program (or wrapper) quit prompting for the user's old password? That "old password" seems to be a showstopper. On our UNIX server, if root runs "/usr/bin/passwd username", there is no "old password" prompt - and I believe that samba calls /usr/bin/passwd as root. Lisa > Originator: samba-ntdom@samba.org > From: Seth Vidal > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Sync issue with encrypted passwords > MIME-Version: 1.0 > X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas > X-URL: http://samba.anu.edu.au/listproc > X-Comment: Discussion of NT domain controller support in Samba > Date: Tue, 28 Sep 1999 23:20:06 +1000 > > > > > Run the UNIX "passwd username" program as root. What prompts do you see? > > Incorporate parts of those prompts with wild cards in your "passwd chat" > > script. > > how do you handle situations where the password passed to passwd will be > objected to by your passwd cracklib. > > ie: > passwd username > enter old password - goodpass > enter new password - badpass > **** new password is idiotic you should be destroyed *** > enter another new password - > > blah blah blah > > Is there a good way to get around this problem? > > -sv > > > > ---------------------------------------------------------- Lisa M. Becktold - lisa@usna.navy.mil, (410) 293-6480 United States Naval Academy - CADIG 590 Holloway Road, Rickover Hall, Annapolis, MD 21402-5000 From skvidal at phy.duke.edu Tue Sep 28 14:50:36 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: <199909281420.KAA05462@leto17.usna.navy.mil> Message-ID: > That's a good question....I haven't dealt with error prompts. Has anyone > else created a "passwd chat" script to handle incorrect input? > > Is there any way to make your /usr/bin/passwd program (or wrapper) quit > prompting for the user's old password? That "old password" seems to be > a showstopper. the old password never stopped me its the "new password is bad" problem for me. I ended up having to compile a different passwd that didn't have cracklib so the user could use any "bad" password they wanted. its not a good security system but... > On our UNIX server, if root runs "/usr/bin/passwd username", > there is no "old password" prompt - and I believe that samba calls > /usr/bin/passwd as root. Can we get a verification on how /usr/bin/passwd is called from one the samba coders? I'd like to know if its user or root. if its root then I know how I can defeat this. thanks -sv From jens.zechlin at topmail.de Tue Sep 28 15:58:39 1999 From: jens.zechlin at topmail.de (Jens Zechlin) Date: Tue Dec 2 02:27:10 2003 Subject: Win98-Screensaver causes traffic Message-ID: <199909281501.RAA13230@robg.evlka.de> I've a question about Win98 connected to a samba-server. If I open on the Win98 machine a file on the samba-server and the screensaver on the Win98 machine turns on while the file is open it causes much networktraffic (about 40 packets per second): The Win98 machine asks continously about the attributes of the folder which contains the opened file. If I do the same on a Win95 machine theres no networktraffic caused by the opened file. Does anybody know a cause and perthaps a solution of this problem?? Thanks! -------------------------------------------------------------- Jens Zechlin E-Mail: Jens.Zechlin@topmail.de und j.zechlin@tu-bs.de Tel.: +49 5109 515408 D2: +49 172 54 21 844 Fax.: +49 5109 515410 From Jean-Francois.Micouleau at dalalu.fr Tue Sep 28 15:06:31 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: Message-ID: On Wed, 29 Sep 1999, Seth Vidal wrote: > Can we get a verification on how /usr/bin/passwd is called from one the > samba coders? > > I'd like to know if its user or root. root reason already given in this mail thread. > if its root then I know how I can defeat this. From Dave.Stevenson at durham.ac.uk Tue Sep 28 15:41:10 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:10 2003 Subject: Problems moving PDC from 2.04 to 2.1alpha Message-ID: <3541.199909281541@gengis> seems to be the case that the SID number thing has changed 8-( resetting user profiles to default (ie blitzing them ) seems to be required.. anyone know of tools that can "diff" profiles a la sysdiff. (Have tried sysdiff with loading NTUSER.DAT hives but sysdiff only seems to look at HKLM and HKCU and can't see how to include other keys in sysdiff.ini only exclude.) guess this is off topic now... will report if solutions found > Date: Tue, 28 Sep 1999 05:16:35 +1000 > > Dave (and others), > > Most likely the problem is caused by a domain SID change. > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > From skvidal at phy.duke.edu Tue Sep 28 16:09:20 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: Message-ID: > > Can we get a verification on how /usr/bin/passwd is called from one the > > samba coders? > > > > I'd like to know if its user or root. > > root > > reason already given in this mail thread. oh. ok. I must not have seen the reason. sorry. thanks -sv From nunes at mozart.ulbra.tche.br Tue Sep 28 18:57:51 1999 From: nunes at mozart.ulbra.tche.br (Cristina Moreira Nunes) Date: Tue Dec 2 02:27:10 2003 Subject: Changing samba password in a Windows Message-ID: <99092816051800.20649@mozart> Hello, I have a samba running in a Linux. I am going to create a smbpasswd file for my passwd file. I want to put the same password for all users. Do you know if there is a way to users change theirs passwords in a first logon? I want that all users change theirs passwords. The users will go to use Windows 95/98. Thanks in advance, Cristina Nunes nunes@mozart.ulbra.br From nwaltham at yahoo.com Tue Sep 28 20:32:12 1999 From: nwaltham at yahoo.com (Nichoals Waltham) Date: Tue Dec 2 02:27:10 2003 Subject: Account Unknown problem on PDC Samba 2.0.5b Message-ID: <19990928.20321200@samanea.wwf.org.co> Samba 2.0.5a on Red Had Linux 5.2 with Kerner 2.2.12 running as PDC, encryption on, user level security When I try to add user from my Samba domain to groups or into security settings on my NT WS machine, it always shows as "Account Unknown". It may allow me to pick a user from the list of users on the Samba server, but after confirming the addition of a user and then going back into whatever properties window I was in, the account shows up as "WWFCOL\Account Unknown". Likewise If I log in as the local administrator on an NT Workstation and look at the list of roaming profiles, they all belong to account unknown. If left long enough the HDD will fill up with profiles belonging to "account unknown". From D.Bannon at latrobe.edu.au Tue Sep 28 22:46:50 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: References: <199909281420.KAA05462@leto17.usna.navy.mil> Message-ID: <3.0.6.32.19990929084650.00887b80@bioserve.latrobe.edu.au> >the old password never stopped me its the "new password is bad" problem >for me. > >I ended up having to compile a different passwd that didn't have cracklib >so the user could use any "bad" password they wanted. > Would'nt it have been enough to remove cracklib from your PAM stack (cracklib means that you are using PAM I think ?) ? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From skvidal at phy.duke.edu Tue Sep 28 23:08:58 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: <3.0.6.32.19990929084650.00887b80@bioserve.latrobe.edu.au> Message-ID: > >the old password never stopped me its the "new password is bad" problem > >for me. > > > >I ended up having to compile a different passwd that didn't have cracklib > >so the user could use any "bad" password they wanted. > > > Would'nt it have been enough to remove cracklib from your PAM stack > (cracklib means that you are using PAM I think ?) ? cracklib under debian is just compiled into the passwd binary. no pam taken into account. pam is a redhat/suse/caldera thing only. -sv From lonnie at borntreger.com Wed Sep 29 01:41:02 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:10 2003 Subject: Sync issue with encrypted passwords In-Reply-To: <199909281308.JAA05433@leto17.usna.navy.mil> Message-ID: <001001bf0a1b$b12a5700$0500000a@pocket.wh.com> OK. How about this problem. >From smb.conf: passwd program = /usr/bin/passwd %u passwd chat = New*password:* %n\n *enter*password:* %n\n *passwd*passwd*successfully* (the above is one contiguous line) >From the log: [1999/09/28 20:29:55, 10] smbd/chgpasswd.c:dochild(204) Invoking '/usr/bin/passwd 67goat' as password change program. [1999/09/28 20:29:56, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[New*password:*] responsebuf=[New password: ] [1999/09/28 20:29:56, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[ ] [1999/09/28 20:29:56, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*enter*password:*] responsebuf=[ Re-enter new password: ] [1999/09/28 20:29:56, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[ ] [1999/09/28 20:29:56, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*passwd*passwd*successfully*] responsebuf=[ passwd (SYSTEM): passwd successfully changed for 67goat] [1999/09/28 20:29:56, 3] smbd/chgpasswd.c:chat_with_program(328) The process is no longer waiting! I get a window with "password incorrect", and the samba password isn't changed, even though the UNIX password IS changed correctly. Any ideas on why the final chat line is marked as failing? It looks OK to me. Lonnie Borntreger > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Lisa Becktold {CADIG STAFF} > Sent: Tuesday, September 28, 1999 8:12 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Sync issue with encrypted passwords > > > Hi: > > I'm not sure of all the details concerning your configuration... > are you running Samba as an NT PDC? > > We are running Samba on both an SGI and SUN server. Both are > acting as PDCs of different domains. > > On the Sun server, I have "unix password sync" set and it works! > (Thanks to a lot of help from this mailing list). This means > that users can sit down at NT workstations that are members > of the Sun server Samba domain, and when they change their > password it changes both smbpasswd AND /etc/passwd. > > Is this what you're trying to do? > > If so, then you must rewrite your "passwd chat" script so that > it doesn't prompt for the old password. I think this may be > necessary because you can't decrypt that old password across > NT/Samba/UNIX. > > These are the settings that worked for me: > > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password* %n\n *new*password* > %n\n *passw*d*d*on* > > Run the UNIX "passwd username" program as root. What prompts > do you see? > Incorporate parts of those prompts with wild cards in your > "passwd chat" > script. > > One wrinkle - if you're running NIS, then you must run "unix > password sync" > on the NIS master. IT WILL NOT WORK ON AN NIS SLAVE, because > the slave > NIS server will prompt for the old password and will NOT > change a user's > password unless it gets the old password first. > > On the NT workstation, you will be prompted for the old > password. Enter it, > but don't worry - it doesn't percolate up to the UNIX passwd > level. Samba > is smart enough to parse out the old password, and just grab > the new ones > to pass to /usr/bin/passwd. > > Lisa > > > Originator: samba-ntdom@samba.org > > From: Karl Dane > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Sync issue with encrypted passwords > > MIME-Version: 1.0 > > X-Listprocessor-Version: 6.0d -- ListProcessor by > Anastasios Kotsikonas > > X-URL: http://samba.anu.edu.au/listproc > > X-Comment: Discussion of NT domain controller support in Samba > > Date: Mon, 27 Sep 1999 22:31:14 +1000 > > > > Hi guys, > > > > I get the following error when I run testparm against > my smb.conf > > file: > > > > "ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* > > %n\n *new*password* %n\n *changed*] expects to use the old plaintext > > password via the %o substitution. With encrypted passwords > this is not > > possible." > > > > I assume that this will cause problems when it comes to NT4w users > > trying to change their passwords. > > > > How do I resolve this? Am I forced to use plaintext passwords when > > syncing passwords with unix accounts? Or is the whole issue > moot if I > > were to use an LDAP backend? > > > > Any help is much appreciated. > > > > Thanks, > > > > -- > > Karl Dane > > Systems Administrator, Bibliotech > > > > Steinbach's Guideline for Systems Programming: > > Never test for an error condition you don't know how to > > handle. > > > > p.s. I attach my smb.conf for the sake of clarity. > > > > # Global parameters > > workgroup = > > netbios name = > > server string = > > interfaces = > > encrypt passwords = Yes > > log level = 1 > > log file = /var/log/samba/log.%m > > max log size = 200 > > time server = Yes > > socket options = TCP_NODELAY > > printcap name = /etc/printcap > > domain logons = Yes > > os level = 65 > > preferred master = Yes > > domain master = Yes > > dns proxy = No > > printing = bsd > > print command = lpr -r -P%p %s > > lpq command = lpq -P%p > > lprm command = lprm -P%p %j > > passwd program = /usr/bin/passwd > > unix password sync = True > > domain admin users = rince gwen atomix terence olly > > domain admin group = rince gwen atomix terence olly > > > > [netlogon] > > locking = no > > public = no > > browseable = yes > > > > > > ---------------------------------------------------------- > Lisa M. Becktold - lisa@usna.navy.mil, (410) 293-6480 > United States Naval Academy - CADIG > 590 Holloway Road, Rickover Hall, Annapolis, MD 21402-5000 > From fumiya at cij.co.jp Wed Sep 29 03:59:43 1999 From: fumiya at cij.co.jp (SATOH Fumiyasu) Date: Tue Dec 2 02:27:10 2003 Subject: suggestion of temple smb.conf for diff configurations In-Reply-To: <19990924113547.A13024@linux.sstu.runnet.ru> References: <19990924113547.A13024@linux.sstu.runnet.ru> Message-ID: <199909290359.AA00003@vaio.si.ykhm.cij.co.jp> Anatoly Pugachev wrote: >I would like to suggest if there in the samba distribution to have templates >of different samba comfiguration, example: smb.conf for standalone server, >smb.conf for samba acting as PDC, smb.conf for samba with LDAP integration >, smb.conf for samba in the domain, etc... Great! More suggestions for SWAT. * Step-by-Step server/share configuration wizard. * At first, administrator can choose a skeleton config from some typically templates. -- >8 -- signature -- >8 -- FROM : SATOH Fumiyasu WEB : http://www.bento.ad.jp/~fumiya/ WEB(LAN): http://kumasun.si.ykhm.cij.co.jp/ SAMBA : http://samba.bento.ad.jp/ From Dave.Stevenson at durham.ac.uk Wed Sep 29 06:09:34 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:10 2003 Subject: Account Unknown problem on PDC Samba 2.0.5b Message-ID: <3974.199909290609@gengis> > > Samba 2.0.5a on Red Had Linux 5.2 with Kerner 2.2.12 > running as PDC, encryption on, user level security > > When I try to add user from my Samba domain to > groups or into security settings on my NT WS > machine, it always shows as "Account Unknown". > It may allow me to pick a user from the list > of users on the Samba server, but after confirming > the addition of a user and then going back into > whatever properties window I was in, the account > shows up as "WWFCOL\Account Unknown". Likewise > If I log in as the local administrator on an NT Workstation > and look at the list of roaming profiles, they all belong > to account unknown. If left long enough the HDD will fill up > with profiles belonging to "account unknown". > I resolved similar problem (partially) by making sure that the unix id's were explicitly named in the appropriate unix group in /etc/group that I had mapped to "Domain Users" in the domaingroup.map file. (More in the nt-dom archive, maybe around july ) From wojtek at itl.waw.pl Wed Sep 29 07:56:46 1999 From: wojtek at itl.waw.pl (Wojciech Pietron) Date: Tue Dec 2 02:27:10 2003 Subject: Sophos with Samba Message-ID: <199909290756.JAA19364@gorgan.itl.waw.pl> Solaris 2.5.1 Samba 2.0.4b running as PDC NT Workstation 4.0 5SP Hello, have any of you ever tried to install Sophos Anti-Virus on Samba PCD working as a file server?. There is no problem when I make central installation on Samba. When I install a Sophos client on NT Workstation, it wants me to name the domain and the account that will be used while upgrading. I fill it with the correct domain name and existing account, but Sophos says there is no such an account on domain name, that is not true. Is it connected with the fact, that NT Workstation treats all users authorizated in PDC as SAMBA_DOMAIN/Accout Unknown? Where is the problem? I will appreciate any help. Thanks, wojtek -- Wojciech Pietron National Institute of Telecommunications P7 Szachowa 1, 04-894 Warsaw, POLAND e-mail: W.Pietron@itl.waw.pl tel: +48 22 8128236 From lobo at geolog.geol.agh.edu.pl Wed Sep 29 08:09:27 1999 From: lobo at geolog.geol.agh.edu.pl (Lukasz Sznajder) Date: Tue Dec 2 02:27:10 2003 Subject: No subject In-Reply-To: <199909290756.JAA19364@gorgan.itl.waw.pl> Message-ID: ?ukasz Sznajder _______________________________________________________________________________ My blood is RED, and my heart is at the LEFT side of my body. --------------------------------------------------------Somebody-I-Don't-Know-- On Wed, 29 Sep 1999, Wojciech Pietron wrote: > Solaris 2.5.1 > Samba 2.0.4b running as PDC > NT Workstation 4.0 5SP > > Hello, > > have any of you ever tried to install Sophos Anti-Virus > on Samba PCD working as a file server?. > > There is no problem when I make central installation on Samba. > When I install a Sophos client on NT Workstation, it wants me to name > the domain and the account that will be used while upgrading. > I fill it with the correct domain name and existing account, > but Sophos says there is no such an account on domain name, > that is not true. > > Is it connected with the fact, that NT Workstation treats all > users authorizated in PDC as SAMBA_DOMAIN/Accout Unknown? > > Where is the problem? I will appreciate any help. > > Thanks, > wojtek > -- > Wojciech Pietron National Institute of Telecommunications P7 > Szachowa 1, 04-894 Warsaw, POLAND > e-mail: W.Pietron@itl.waw.pl tel: +48 22 8128236 > From richard.derks at itplus.nl Wed Sep 29 08:12:45 1999 From: richard.derks at itplus.nl (Derks, Richard) Date: Tue Dec 2 02:27:10 2003 Subject: problem wit usrmgr running samba 2.05a on REDHAT 6.0 Message-ID: <9112F4142CCDD111BA9C00062905319A48DECC@hkv-svr-exch-01.itplus.nl> Hello, I am using samba 2.05a on linux (server and nt4 sp4 workstation as client) I have installed samba, but the user manager for domains is complaining about "RPC fault protocol error" But the server manager is working fine. Im have installed the plainpasswrd.reg for nt4 (and running sp 4) . What could be the cause of the problem. An other question: The documentation on the web suggest that i should use "domain group map " in the smb.conf but But testparm gives an error on this (invaild option) Is there documentation with what are vaild options for the smb.conf in version 2.05a, or should a use an other version of samba. thanks in advance, With kind regards ITPlus Richard Derks E-mail Richard.Derks@itplus.nl From db at med-in.uni-sb.de Wed Sep 29 08:24:21 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:27:10 2003 Subject: Allow Users Only special PCs W9x / NT Message-ID: Sirs, I want to allow users only special PCs. As example: user x should be allowed to logon at PCs a and b and c but not at the other 50 PCs. This should be done for a lot of users and PCs. With lot of effort this could be done in the startup-scipt for Win NT. But under W9x I don't have any user information in the environnement. Is it possible to use some properties of samba to do such thing? Thanks Dieter Dr. med. dipl.-math Dieter Becker Medizinische Universitaets- und Poliklinik Innere Medizin III D - 66421 Homburg / Saar ########################################### Tel.: (0 / +49) 6841 - 16 3046 Fax.: (0 / +49) 6841 - 16 3043 Email: db@med-in.uni-sb.de From mg at plum.de Wed Sep 29 08:47:08 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:10 2003 Subject: problem wit usrmgr running samba 2.05a on REDHAT 6.0 References: <9112F4142CCDD111BA9C00062905319A48DECC@hkv-svr-exch-01.itplus.nl> Message-ID: <37F1D20C.EDD739C4@plum.de> "Derks, Richard" wrote: > > Hello, > > I am using samba 2.05a on linux (server and nt4 sp4 workstation as > client) > I have installed samba, but the user manager for domains is complaining > about "RPC fault protocol error" > But the server manager is working fine. > > Im have installed the plainpasswrd.reg for nt4 (and running sp 4) . > What could be the cause of the problem. The usrmgr does not really work good with 2.0.5a. lot of RPC functionality is only in the current HEAD code. You also said, that you are using plain text passwords. That tells me that your linux is not running as a PDC (they must be encrypted), and usrmgr needs a PDC to work. > An other question: > > The documentation on the web suggest that i should use "domain group map > " in the smb.conf but > But testparm gives an error on this (invaild option) > Is there documentation with what are vaild options for the smb.conf in > version 2.05a, or should a use an other version of samba. domain group map is IIRC a 2.1.0prealpha only parameter. use user map instead. regards, Michael -- http://www.sambahq.de/ From mg at plum.de Wed Sep 29 08:51:57 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:10 2003 Subject: Allow Users Only special PCs W9x / NT References: Message-ID: <37F1D32D.5C1F270A@plum.de> "Dr. Dieter Becker" wrote: > > Sirs, > > I want to allow users only special PCs. As example: > user x should be allowed to logon at PCs a and b and c > but not at the other 50 PCs. > > This should be done for a lot of users and PCs. > > With lot of effort this could > be done in the startup-scipt for Win NT. But under > W9x I don't have any user information in the environnement. > > Is it possible to use some properties of samba > to do such thing? I think something like this could be done with preexec scripts. But I am not 100% sure about this. This functionality is on NT server right ? I don't know if samba supports this native yet. Where could this information be stored on samba side ? (the same goes to login time restictions, etc) regards, Michael -- http://www.sambahq.de/ From alanh at pinacl.co.uk Wed Sep 29 08:55:28 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:10 2003 Subject: smbpasswd seg faults Message-ID: <01BF0A60.C2EF15D0.alanh@pinacl.co.uk> I working with a current cvs tree of 2.1, and smbpasswd seg faults with.... cli_connet_serverlist: Domain password server not available Segmentation fault. I've backtraced it with gdb and in utils/smbpasswd.c we initialize the pwdb with is_server set to False, so then it looks for a 'password server' entry which I don't have one as all the authentication is done on this machine. I've set the is_server to True and now it runs but now it can't find user entries in the smbpasswd file, yet the old 2.0.5 smbpasswd works on this machine. Alan. From bodo.buerger at gmx.de Wed Sep 29 10:15:47 1999 From: bodo.buerger at gmx.de (Bodo =?ISO-8859-1?Q?B=FCrger?=) Date: Tue Dec 2 02:27:11 2003 Subject: errormessage - failed session setup Message-ID: <01BF0A74.6C8DF530.bodo.buerger@gmx.de> Hello, i got the latest code for samba with cvs and installed it with ./configure; make; make install. Then i started the services from inet.d. The Problem is, when i want to login with an existing user account (smbclient -L myserver -U root) the server says after getting the password - "failed session setup". If i type in a wrong password, the error message is the same. But : "smbclient -L myserver -U ftp" works fine without a password ( -U% also). What is the reason for this? Thanks Bodo bodo.buerger@gmx.de +49 35604 40351 From john.rooke at lpsystems.com Wed Sep 29 10:39:09 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:11 2003 Subject: Problems accessing hiden shares Message-ID: <37F1EC4D.12E97AAA@lpsystems.com> Hi We use samba-2.1-prealpha on SuSE Linux 6.0 as a PDC with a network of NT Workstation 4.0 PC's. When I try and access a PC hidden share from my NT Workstation e.g. \\pc1\c$ I get a message 'The network path was not found.". I am set up as a Domain Admins user in User Manager For Domains so it should be OK. What am I missing? -- John Rooke Director L&P Systems Limited john.rooke@lpsystems.com From tschweikle at FIDUCIA.de Wed Sep 29 12:32:32 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:11 2003 Subject: Problems accessing hiden shares Message-ID: <0057540001890542000002L422*@MHS> john.rooke wrote: >Hi > >We use samba-2.1-prealpha on SuSE Linux 6.0 as a PDC with a network of >NT Workstation 4.0 PC's. > >When I try and access a PC hidden share from my NT Workstation e.g. >\\pc1\c$ I get a message 'The network path was not found.". I am set up >as a Domain Admins user in User Manager For Domains so it should be OK. > >What am I missing? With the error message given, there are three possebilities: 1. Are you trying to access the mentioned share on your samba box? If, the answer is easy: it doesn't exist there. Samba only shares what is given in 'smb.conf'. 2. If trying to access this on an other NT box. Have a look if it is realy shared there. One might have made registry entrys to have this box not share these normaly default shares or just stoped sharing these by hand from Server- Manager 3. If the share you want to access is on a Win9x box --- it might not even be running neccessary services, thus not sharing anything at all. -- From john.rooke at lpsystems.com Wed Sep 29 13:42:54 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:11 2003 Subject: [Fwd: Problems accessing hiden shares] Message-ID: <37F2175E.146D9F5A@lpsystems.com> John Rooke wrote: > Thaks for the reply. > > It does not seem to be any of the suggestions you made: > > I am trying to access shares on one NTW 4.0 PC from another NTW4.0 PC in a > domain where the PDC is Samba 2.1-prealpha. I try to access a known share > \\neilp\cdrom and this does not work. It also does not work on hidden shares > e.g. \\neilp\c$. I get the same error message each time:-( > > I can, however, see all the shares on both our Samba servers (Linux PDC and > SCO OpenServer ordinary domain member). > > Help! > > John. > > tschweikle@FIDUCIA.de wrote: > > > john.rooke wrote: > > > > >Hi > > > > > >We use samba-2.1-prealpha on SuSE Linux 6.0 as a PDC with a network of > > >NT Workstation 4.0 PC's. > > > > > >When I try and access a PC hidden share from my NT Workstation e.g. > > >\\pc1\c$ I get a message 'The network path was not found.". I am set up > > >as a Domain Admins user in User Manager For Domains so it should be OK. > > > > > >What am I missing? > > > > With the error message given, there are three possebilities: > > > > 1. Are you trying to access the mentioned share on your samba > > box? If, the answer is easy: it doesn't exist there. Samba > > only shares what is given in 'smb.conf'. > > > > 2. If trying to access this on an other NT box. Have a look > > if it is realy shared there. One might have made registry > > entrys to have this box not share these normaly default > > shares or just stoped sharing these by hand from Server- > > Manager > > > > 3. If the share you want to access is on a Win9x box --- it > > might not even be running neccessary services, thus not > > sharing anything at all. > > > > -- > > -- > John Rooke > Director > L&P Systems Limited > john.rooke@lpsystems.com -- John Rooke Director L&P Systems Limited john.rooke@lpsystems.com From hulet at ittc.ukans.edu Wed Sep 29 14:12:05 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:27:11 2003 Subject: Allow Users Only special PCs W9x / NT In-Reply-To: Message-ID: I did something similar with a custom smb.conf files for this machines. I pointed the smb passwd file = /usr/local/samba/blah to a stripped down password file. If they were not at that particular machine, they wouldn't have any entry in the smbpasswd file and couldn't log in. You would have to maintain X number of smbpasswd files however. Michael Hulet Network System Administrator ITTC, University of Kansas On Wed, 29 Sep 1999, Dr. Dieter Becker wrote: > Sirs, > > I want to allow users only special PCs. As example: > user x should be allowed to logon at PCs a and b and c > but not at the other 50 PCs. > > This should be done for a lot of users and PCs. > > With lot of effort this could > be done in the startup-scipt for Win NT. But under > W9x I don't have any user information in the environnement. > > Is it possible to use some properties of samba > to do such thing? > > Thanks > > Dieter > > Dr. med. dipl.-math Dieter Becker > Medizinische Universitaets- und Poliklinik > Innere Medizin III > D - 66421 Homburg / Saar > ########################################### > Tel.: (0 / +49) 6841 - 16 3046 > Fax.: (0 / +49) 6841 - 16 3043 > Email: db@med-in.uni-sb.de > > > From mmiller at vermeermfg.com Wed Sep 29 14:51:19 1999 From: mmiller at vermeermfg.com (Matthew Miller) Date: Tue Dec 2 02:27:11 2003 Subject: [Fwd: Problems accessing hiden shares] References: <37F2175E.146D9F5A@lpsystems.com> Message-ID: <37F22766.88131D94@vermeermfg.com> Not sure if you knew this, but NT has separate permissions on the share level. If the share is on a NT machine, log on as the local administrator and check the shared permissions (right click on the shared folder, properties, share tab). Just a suggestion. Matt Miller Systems Administrator Vermeer Mfg John Rooke wrote: > John Rooke wrote: > > > Thaks for the reply. > > > > It does not seem to be any of the suggestions you made: > > > > I am trying to access shares on one NTW 4.0 PC from another NTW4.0 PC in a > > domain where the PDC is Samba 2.1-prealpha. I try to access a known share > > \\neilp\cdrom and this does not work. It also does not work on hidden shares > > e.g. \\neilp\c$. I get the same error message each time:-( > > > > I can, however, see all the shares on both our Samba servers (Linux PDC and > > SCO OpenServer ordinary domain member). > > > > Help! > > > > John. > > > > tschweikle@FIDUCIA.de wrote: > > > > > john.rooke wrote: > > > > > > >Hi > > > > > > > >We use samba-2.1-prealpha on SuSE Linux 6.0 as a PDC with a network of > > > >NT Workstation 4.0 PC's. > > > > > > > >When I try and access a PC hidden share from my NT Workstation e.g. > > > >\\pc1\c$ I get a message 'The network path was not found.". I am set up > > > >as a Domain Admins user in User Manager For Domains so it should be OK. > > > > > > > >What am I missing? > > > > > > With the error message given, there are three possebilities: > > > > > > 1. Are you trying to access the mentioned share on your samba > > > box? If, the answer is easy: it doesn't exist there. Samba > > > only shares what is given in 'smb.conf'. > > > > > > 2. If trying to access this on an other NT box. Have a look > > > if it is realy shared there. One might have made registry > > > entrys to have this box not share these normaly default > > > shares or just stoped sharing these by hand from Server- > > > Manager > > > > > > 3. If the share you want to access is on a Win9x box --- it > > > might not even be running neccessary services, thus not > > > sharing anything at all. > > > > > > -- > > > > -- > > John Rooke > > Director > > L&P Systems Limited > > john.rooke@lpsystems.com > > -- > John Rooke > Director > L&P Systems Limited > john.rooke@lpsystems.com From john.rooke at lpsystems.com Wed Sep 29 15:18:07 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:11 2003 Subject: [Fwd: Problems accessing hiden shares] References: <37F2175E.146D9F5A@lpsystems.com> <37F22766.88131D94@vermeermfg.com> Message-ID: <37F22DAE.2D58E849@lpsystems.com> Problem solved:-) The Linux PDC could not resolve the PC names via WINS as we do not have a WINS server on our network. I added a wins support = Yes to smb.conf and all works exactly as it should do. Thanks everyone for your help in this. John. Matthew Miller wrote: > Not sure if you knew this, but NT has separate permissions on the share level. If > the share is on a NT machine, log on as the local administrator and check the > shared permissions (right click on the shared folder, properties, share tab). > > Just a suggestion. > > Matt Miller > Systems Administrator > Vermeer Mfg > > John Rooke wrote: > > > John Rooke wrote: > > > > > Thaks for the reply. > > > > > > It does not seem to be any of the suggestions you made: > > > > > > I am trying to access shares on one NTW 4.0 PC from another NTW4.0 PC in a > > > domain where the PDC is Samba 2.1-prealpha. I try to access a known share > > > \\neilp\cdrom and this does not work. It also does not work on hidden shares > > > e.g. \\neilp\c$. I get the same error message each time:-( > > > > > > I can, however, see all the shares on both our Samba servers (Linux PDC and > > > SCO OpenServer ordinary domain member). > > > > > > Help! > > > > > > John. > > > > > > tschweikle@FIDUCIA.de wrote: > > > > > > > john.rooke wrote: > > > > > > > > >Hi > > > > > > > > > >We use samba-2.1-prealpha on SuSE Linux 6.0 as a PDC with a network of > > > > >NT Workstation 4.0 PC's. > > > > > > > > > >When I try and access a PC hidden share from my NT Workstation e.g. > > > > >\\pc1\c$ I get a message 'The network path was not found.". I am set up > > > > >as a Domain Admins user in User Manager For Domains so it should be OK. > > > > > > > > > >What am I missing? > > > > > > > > With the error message given, there are three possebilities: > > > > > > > > 1. Are you trying to access the mentioned share on your samba > > > > box? If, the answer is easy: it doesn't exist there. Samba > > > > only shares what is given in 'smb.conf'. > > > > > > > > 2. If trying to access this on an other NT box. Have a look > > > > if it is realy shared there. One might have made registry > > > > entrys to have this box not share these normaly default > > > > shares or just stoped sharing these by hand from Server- > > > > Manager > > > > > > > > 3. If the share you want to access is on a Win9x box --- it > > > > might not even be running neccessary services, thus not > > > > sharing anything at all. > > > > > > > > -- > > > > > > -- > > > John Rooke > > > Director > > > L&P Systems Limited > > > john.rooke@lpsystems.com > > > > -- > > John Rooke > > Director > > L&P Systems Limited > > john.rooke@lpsystems.com -- John Rooke Director L&P Systems Limited john.rooke@lpsystems.com From tschweikle at FIDUCIA.de Wed Sep 29 15:51:56 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:11 2003 Subject: [Fwd: Problems accessing hiden shares] Message-ID: <0057540001891748000002L482*@MHS> john.rooke wrote: > John Rooke wrote: > >> Thaks for the reply. >> >> It does not seem to be any of the suggestions you made: >> >> I am trying to access shares on one NTW 4.0 PC from another NTW4.0 PC in a >> domain where the PDC is Samba 2.1-prealpha. I try to access a known share >> \\neilp\cdrom and this does not work. It also does not work on hidden shares >> e.g. \\neilp\c$. I get the same error message each time:-( >> >> I can, however, see all the shares on both our Samba servers (Linux PDC and >> SCO OpenServer ordinary domain member). Is WINS support enabled on the Linux PDC? If not, enable it. Then have a look if all of these NT clients know about the WINS server. -- From bodo.buerger at gmx.de Wed Sep 29 17:57:04 1999 From: bodo.buerger at gmx.de (Bodo =?ISO-8859-1?Q?B=FCrger?=) Date: Tue Dec 2 02:27:11 2003 Subject: error connecting to 192.168.0.99:445 (Connection refused) ?? Message-ID: <01BF0AB4.E2D27E60.bodo.buerger@gmx.de> Hello, i have samba-2.1.0-prealpha (last code-updated 1999-09-26) on my SuSE 6.1 - System. In the future I want to have a SAMBA-Server as PDC with 2 NT-Workstations. That's why I turned Password encryption on and enabled domain logons in my smb.conf. After making the private/smbpasswd I can sucessfully do something like this: "smbclient -L myserver -U user". But if I want to change a password with "smbpasswd user" (tested as root) I get the message: error connecting to 192.168.0.99:445 (Connection refused) [this is the IP of my samba-server] New SMB Password: ... Changing the password is done successfully, but why I'm getting this error? Also I can't join the SAMBA-Domain with my NT-WKS. Errormessage is: "PDC of the Domain can not be found". I follwed all the instructions from ENCRYPTION.TXT, but it isn't working. What's going on here? Can anybody help me? Thanks Bodo bodo.buerger@gmx.de +49 35604 40351 From simonmu at optimation.co.nz Wed Sep 29 20:35:47 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:11 2003 Subject: Allow Users Only special PCs W9x / NT In-Reply-To: Message-ID: On Wed, 29 Sep 1999, Dr. Dieter Becker wrote: I want to allow users only special PCs. As example: user x should be allowed to logon at PCs a and b and c but not at the other 50 PCs. This should be done for a lot of users and PCs. With lot of effort this could be done in the startup-scipt for Win NT. But under W9x I don't have any user information in the environnement. Is it possible to use some properties of samba to do such thing? You could do it buy having a line in your smb.conf: include = %U.conf and then for a user named bob make a bob.conf file and put it in it: hosts allow = pc1 pc2 pc3 I have no idea if this will work but it is a start. You will need to disallow anonymous access. Regards Simon Murcott From D.Bannon at latrobe.edu.au Wed Sep 29 22:49:19 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:11 2003 Subject: Allow Users Only special PCs W9x / NT In-Reply-To: Message-ID: <3.0.6.32.19990930084919.0088acb0@bioserve.latrobe.edu.au> At 06:28 PM 29/09/1999 +1000, Dr. Dieter Becker wrote: >Sirs, > >I want to allow users only special PCs. As example: >user x should be allowed to logon at PCs a and b and c >but not at the other 50 PCs. > >W9x I don't have any user information in the environnement. Perhaps by creating groups under unix and then using preexec scripts to test if a logon was from someone in the appropriate group.... But your real problem will be stopping people from bypassing the logon on Win95 machines. 'Out of the box' win95 is not in any way secure, anyone can press 'cancel' button. There have been a number of suggestions on how to tighten win95 logon security but they all come with a price (IMHO) that involves setup difficulties, convience when something goes wrong etc. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From swaters at amicus.com Wed Sep 29 23:03:09 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:11 2003 Subject: Allow Users Only special PCs W9x / NT References: <3.0.6.32.19990930084919.0088acb0@bioserve.latrobe.edu.au> Message-ID: <37F29AAD.9D7D6C59@amicus.com> David Bannon wrote: > > At 06:28 PM 29/09/1999 +1000, Dr. Dieter Becker wrote: > >Sirs, > > > >I want to allow users only special PCs. As example: > >user x should be allowed to logon at PCs a and b and c > >but not at the other 50 PCs. > > > >W9x I don't have any user information in the environnement. > > Perhaps by creating groups under unix and then using preexec scripts to > test if a logon was from someone in the appropriate group.... But your real > problem will be stopping people from bypassing the logon on Win95 machines. > 'Out of the box' win95 is not in any way secure, anyone can press 'cancel' > button. There have been a number of suggestions on how to tighten win95 > logon security but they all come with a price (IMHO) that involves setup > difficulties, convience when something goes wrong etc. you can set up profiles and user the profile editor to restrict some things like only allowing a person to log on if they've logged on to the domain and whatnot. however, i have had some bad experiences w/ Win95 profile-downloading in the past. for some reason, it wouldn't see the samba box and would load locally from time to time. YMMV, hopefully. :) -- stephen From rizvii at versaware.com Thu Sep 30 08:27:23 1999 From: rizvii at versaware.com (rizvi inamdar) Date: Tue Dec 2 02:27:11 2003 Subject: No subject Message-ID: <002501bf0b1d$b13bb2e0$6c01a8c0@versa> hi i am having a class C network of 200 users connected to linux server using a windows nt workstation. first winnt workstation loggon locally then from Network Neighborhood i click on linux server then i will be able to loggon to linux server so i want to loggon from windows NT workstation to linux server directly with out loggin on locally . is it possible or not if possible how can i configure reply on rizvii@versaware.com -------------- next part -------------- HTML attachment scrubbed and removed From john.rooke at lpsystems.com Thu Sep 30 09:32:19 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:11 2003 Subject: Problems with nmblookup Message-ID: <37F32E23.A4A1289C@lpsystems.com> Hi all, I've nearly got everything working here with our SuSE Linux 6.0 based samba 2.1-prealpha PDC and NTW4.0 network. The only remaining problem is I can't connect to shares on a NTW4.0 PC called john. All other PC's on the network are OK. I have traced this down to a problem with WINS in that if I do a nmblookup -d20 john I get the output below. I have wins support = Yes and dns proxy = Yes in smb.conf and can ping john OK from the Linux server. It seems to be something to do with NetBios names. Any suggestions as to how I can fix this would be appreciated. Thanks, John. doing parameter dns proxy = Yes pm_process() returned Yes lp_servicenumber: couldn't find homes Added interface ip=10.1.1.13 bcast=10.1.1.255 nmask=255.255.255.0 bind succeeded on port 0 Socket opened. Sending queries to 10.1.1.255 nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=JOHN<00> q_type=32 q_class=1 Sending a packet of len 50 to (10.1.1.255) on port 137 nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=JOHN<00> q_type=32 q_class=1 Sending a packet of len 50 to (10.1.1.255) on port 137 nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=JOHN<00> q_type=32 q_class=1 Sending a packet of len 50 to (10.1.1.255) on port 137 name_query failed to find name john From richardb at awesoft.com Thu Sep 30 09:47:38 1999 From: richardb at awesoft.com (Richard Bleeker) Date: Tue Dec 2 02:27:11 2003 Subject: help with NT Domain Administrator Message-ID: <003c01bf0b28$d4cf0e40$e8c816c4@rjb> Hi There, I have recently replaced my NT Server which was acting as PDC with linux and discovered that I had to download the latest source code from the CVS repositories. That done, I recompiled and followed the instructions layed down in the online FAQ at http://us1.samba.org/samba/docs/ntdom_faq/page4.html I now want to administer my domain from another pc running NT 4. So, I have managed to log onto the new linux domain controller, but it seems that I no longer have Administrator rights the FAQ page told me to try setting domain group map domain user map local group map in my /etc/smb.conf file, but on running testparm it said that those options aren't recognised. a "man smb.conf" says that these options are no longer supported now that I've updated the source code for SAMBA, and that I must look for help on this mail list So....here I am asking - Please Help Me! thanks Richard Bleeker From richardb at awesoft.com Thu Sep 30 13:10:56 1999 From: richardb at awesoft.com (Richard Bleeker) Date: Tue Dec 2 02:27:11 2003 Subject: help with NT Domain Administrator Message-ID: <002701bf0b45$3bc246a0$e8c816c4@rjb> no, my version is the latest from the CVS repository - downloaded yesterday I only put the >domain group map >domain user map >local group map entries into my smb.conf file because that's what the FAQ on the website suggested... how do I use the "user map = " command? >I now want to administer my domain from another pc running NT 4. So, I have >managed >to log onto the new linux domain controller, but it seems that I no longer >have Administrator rights Thanks, Richard -----Original Message----- From: Derks, Richard To: 'richardb@awesoft.com' Date: Thursday, September 30, 1999 3:05 PM Subject: RE: help with NT Domain Administrator >Richard , > >IT looks like that you have a old version, > >domain group map >domain user map >local group map > >These commands oly work with version 2.1 prealpha. > > >But you could try user map= in the smb.conf. > > > > With kind regards > > ITPlus > Richard Derks > E-mail Richard.Derks@itplus.nl > > > >-----Oorspronkelijk bericht----- >Van: Richard Bleeker [mailto:richardb@awesoft.com] >Verzonden: donderdag 30 september 1999 11:50 >Aan: Multiple recipients of list SAMBA-NTDOM >Onderwerp: help with NT Domain Administrator > > >Hi There, > >I have recently replaced my NT Server which was acting as PDC with linux >and >discovered that >I had to download the latest source code from the CVS repositories. >That done, I recompiled and followed the instructions layed down in the >online FAQ >at http://us1.samba.org/samba/docs/ntdom_faq/page4.html > >I now want to administer my domain from another pc running NT 4. So, I >have >managed >to log onto the new linux domain controller, but it seems that I no >longer >have Administrator rights > >the FAQ page told me to try setting > >domain group map >domain user map >local group map > >in my /etc/smb.conf file, but on running testparm it said that those >options >aren't recognised. > >a "man smb.conf" says that these options are no longer supported now >that >I've updated the source code for SAMBA, and that I must look for help on >this mail list > > >So....here I am asking - Please Help Me! > >thanks > >Richard Bleeker From kevin_myer at elanco.k12.pa.us Thu Sep 30 13:28:13 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:27:11 2003 Subject: 16-bit DOS application file locking problem Message-ID: Hello, If someone has a pretty good memory, they might remember that I posted about an apparently file locking problem I was having with our library automation system over the summer. I think that I can provide a little more detail at this point and hopefuly someone will have some fresh insights. The problem: trying to use a multiuser library system which ran under DOS (and is now running in a "DOS" shell under Windows NT 4.0). Access control is created by having two different users - Circulation and Patron. Circulation has full control, Patron only has access to a Card Catalog section and read access to the database directory. However, it appears that certain activities trigger some sort of lock on certain files, effectively rendering a multiuser application to be only single user. For example, 8 workstations are logged in as Patron and are searching the card catalog. Circulation logs into the main circulation computer and starts cataloging. All the other users get bumped off with errors about not being able to access the database or "Index positioning no longer current". My original problem was being unable to use the system at all with more than one machine at a time because not more than one machine could get at a certain semaphore file at a time. I found a work around by adding: fake oplocks = yes veto oplock files = /*.SEM/ to that volumes configuration in my smb.conf. As far as I know, I have duplicated file permissions on my Linux box as close as possible to what they were when the volume was hosted off a Windows NT box. So it would seem to me that Linux has some sort of different locking mechanism for files than NT did and that is preventing certain functions of our library system from working the way they used to. Documentation seems to indicate that certain locking features are missing in x86 Linux versions of Samba. Ideally, I'd love to dump this 16-bit DOS version of the library software and go to a Windows version but that won't happen for at least another year and the librarians are getting antsy to be able to fully use the system like they used to be able to. Guess I should have tested the setup a little more thoroughly before declaring it production ready ;) By the way, for what its worth: RedHat Linux 5.2 with kernel 2.2.10 with software RAID5 Dual Pentium II 300Mhz 512Mb RAM 10/100 Ethernet If anyone can enlightenment on file locking, ala Samba, or point me to documentation, I'd really appreciate it. Thanks, Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From f_meyka at gmx.de Thu Sep 30 14:18:32 1999 From: f_meyka at gmx.de (FMK) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT Message-ID: <001701bf0b4e$ae11a5d0$9063a8c0@meyka> Hi all I got my 2.05a to work as PDC, but how can I "teach" it that certain people should get Administrator-rights on the NT-machine from where they log on ? regards Florian Meyer-Kassel -------------- next part -------------- HTML attachment scrubbed and removed From richardb at awesoft.com Thu Sep 30 14:32:50 1999 From: richardb at awesoft.com (Richard Bleeker) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT Message-ID: <001801bf0b50$ac505be0$e8c816c4@rjb> Yay! Somebody who understands my dillemma please help me, I have the same situation here Richard -----Original Message----- From: FMK To: Multiple recipients of list SAMBA-NTDOM Date: Thursday, September 30, 1999 4:19 PM Subject: becoming local admin on NT Hi all I got my 2.05a to work as PDC, but how can I "teach" it that certain people should get Administrator-rights on the NT-machine from where they log on ? regards Florian Meyer-Kassel -------------- next part -------------- HTML attachment scrubbed and removed From mmiller at vermeermfg.com Thu Sep 30 14:41:15 1999 From: mmiller at vermeermfg.com (Matthew Miller) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT References: <001801bf0b50$ac505be0$e8c816c4@rjb> Message-ID: <37F3768B.CCDFF96C@vermeermfg.com> I also share your pain. I've submitted my question twice and both times it has been ignored :( Maybe we should form our own support group :) Richard Bleeker wrote: > Yay! Somebody who understands my dillemma please help me, I have the > same situation here Richard > > -----Original Message----- > From: FMK > To: Multiple recipients of list SAMBA-NTDOM > > Date: Thursday, September 30, 1999 4:19 PM > Subject: becoming local admin on NT > Hi all I got my 2.05a to work as PDC, but how can I "teach" > it that certain people should get Administrator-rights on > the NT-machine from where they log on ? regards Florian > Meyer-Kassel > From denes at ppgia.pucpr.br Thu Sep 30 15:00:34 1999 From: denes at ppgia.pucpr.br (Alexandre Denes dos Santos) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT In-Reply-To: <37F3768B.CCDFF96C@vermeermfg.com> Message-ID: I have the same problem and, as far as I could understand, nobody could get the users rights to work well. So I think that your message has not been ignored. The problem is that nobody knows the answer :) . Best regards. Denes On Fri, 1 Oct 1999, Matthew Miller wrote: > I also share your pain. I've submitted my question twice and both times > it has been ignored :( Maybe we should form our own support group :) > From Christof.Panzner at berker.de Thu Sep 30 15:04:28 1999 From: Christof.Panzner at berker.de (Christof.Panzner@berker.de) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT (Samba 2.0.5) Message-ID: Hi! Create a unix-group named ntlocaladmin (or whatever you want). Add the local admin users to this group. Add the paramter domain admin group = ntlocaladmin to you smb.conf. Restart Samba. After a local logon use the NT-workstation user manager to add the the domain-group Domain Admins to the local admin group. Testet only with a domain-user-account, but should work with the domain-group. Bye Christof From p.mayers at ic.ac.uk Thu Sep 30 15:04:38 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF9A5@icex1.cc.ic.ac.uk> Ok, here's the answer: There needs to be a group which all the people you want to be admins are members of. You then need to add that group to the Administrators group in the local NT workstation. for example, using LDAP passwd backend, you create a group called "Domain Admins" and add the users to that group. When the workstation is added to the domain, the Domain Admins group is automatically added to the local "administrators" group. If you can't get user/group mapping working (and thus can't map the unix group [adm for example, or wheel], then you'll have to add the group manually]. Cheers, Phil -----Original Message----- From: Matthew Miller To: Multiple recipients of list SAMBA-NTDOM Sent: 9/30/99 3:44 PM Subject: Re: becoming local admin on NT I also share your pain. I've submitted my question twice and both times it has been ignored :( Maybe we should form our own support group :) Richard Bleeker wrote: > Yay! Somebody who understands my dillemma please help me, I have the > same situation here Richard > > -----Original Message----- > From: FMK > To: Multiple recipients of list SAMBA-NTDOM > > Date: Thursday, September 30, 1999 4:19 PM > Subject: becoming local admin on NT > Hi all I got my 2.05a to work as PDC, but how can I "teach" > it that certain people should get Administrator-rights on > the NT-machine from where they log on ? regards Florian > Meyer-Kassel > From greg at discreet.com Thu Sep 30 15:08:07 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT In-Reply-To: Message-ID: I dont't use 205 as a PDCS so I'm guessing but did you try domain admin users = user1,user2.... Greg On 30-Sep-99 Alexandre Denes dos Santos wrote: > I have the same problem and, as far as I could understand, nobody could > get the users rights to work well. So I think that your message has not > been ignored. The problem is that nobody knows the answer :) . > > Best regards. > Denes > > On Fri, 1 Oct 1999, Matthew Miller wrote: > >> I also share your pain. I've submitted my question twice and both times >> it has been ignored :( Maybe we should form our own support group :) >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From mmt4q at ee.virginia.edu Thu Sep 30 15:12:26 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT References: Message-ID: <37F37DDA.EFCC34AE@ee.virginia.edu> I'm running Samba 2.0.2 as a PDC on a Solaris 2.6 NIS master. I don't have everything working correct (unix password sync and profiles) but I do have "administrator" privileges when I log into the domain by adding the following to my smb.conf: ; needed for "staff" group members to have administrator priv. on pcs domain admin group = @staff Where "staff" is a group listed in /etc/group or /var/yp/group staff::10:me, you, bob, mary The "domain admin group" setting is not in use in the CVS Head branch. Take a look at summer 98 entries regarding domain admin group in NT-DOM archive. Hope this helps, Melissa Alexandre Denes dos Santos wrote: > I have the same problem and, as far as I could understand, nobody could > get the users rights to work well. So I think that your message has not > been ignored. The problem is that nobody knows the answer :) . > > Best regards. > Denes > > On Fri, 1 Oct 1999, Matthew Miller wrote: > > > I also share your pain. I've submitted my question twice and both times > > it has been ignored :( Maybe we should form our own support group :) > > -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From green at UMDNJ.EDU Thu Sep 30 15:46:29 1999 From: green at UMDNJ.EDU (Cliff Green) Date: Tue Dec 2 02:27:11 2003 Subject: Allow Users Only special PCs W9x / NT In-Reply-To: <3.0.6.32.19990930084919.0088acb0@bioserve.latrobe.edu.au> Message-ID: On Thu, 30 Sep 1999, David Bannon enscribed thusly: > At 06:28 PM 29/09/1999 +1000, Dr. Dieter Becker wrote: [munch] > >I want to allow users only special PCs. As example: > >user x should be allowed to logon at PCs a and b and c > >but not at the other 50 PCs. [munch] > But your real problem will be stopping people from bypassing the logon > on Win95 machines. 'Out of the box' win95 is not in any way secure, > anyone can press 'cancel' button. There have been a number of > suggestions on how to tighten win95 logon security but they all come > with a price (IMHO) that involves setup difficulties, convience when > something goes wrong etc. This thread surfaces every now and then, and several good and worthy approaches have been aired. I have a question about another approach: http://support.microsoft.com/support/kb/articles/Q178/9/79.ASP refers to a hotfix available in msnp32.dll, the network provider dll for Win9x, which is supposed to address this problem (hit or enter a bogus domainname to bypass login security). My question is: has anyone gotten and tried this hotfix? If so, does it actually deliver? c -- Cliff Green green@umdnj.edu Academic Computing Service UMDNJ From travis.stockwell at intel.com Thu Sep 30 16:07:05 1999 From: travis.stockwell at intel.com (Stockwell, Travis) Date: Tue Dec 2 02:27:11 2003 Subject: Was the trust question ever answered? Message-ID: <1C866BFE7D63D211AC3E00A0C969E973020E2C4D@orsmsx39.jf.intel.com> I would also like to do this. I want my linux domain to be trusted by an NT domain (and linux to know that the NT domain is 'trusting'). Apparently you have to do both? -----Original Message----- From: Jonas Oberg [mailto:jonas@coyote.org] Sent: Monday, September 27, 1999 1:12 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Trust Is it possible to setup trusts between a domain running Samba and one running NT Server? What I'd like to do is make it possible for users sitting at computers in the domain FOO to logon to the domain BAR. Jonas From roamdad at ibm.net Thu Sep 30 16:12:40 1999 From: roamdad at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:27:11 2003 Subject: Problems with nmblookup References: <37F32E23.A4A1289C@lpsystems.com> Message-ID: <37F38BF7.DD3530A6@ibm.net> Have you checked the sub-net mask on john ? All I can think of. John Rooke wrote: > Hi all, > > I've nearly got everything working here with our SuSE Linux 6.0 based > samba 2.1-prealpha PDC and NTW4.0 network. The only remaining problem is > I can't connect to shares on a NTW4.0 PC called john. All other PC's on > the network are OK. > > I have traced this down to a problem with WINS in that if I do a > nmblookup -d20 john I get the output below. > > I have wins support = Yes and dns proxy = Yes in smb.conf and can ping > john OK from the Linux server. It seems to be something to do with > NetBios names. > > Any suggestions as to how I can fix this would be appreciated. > > Thanks, > > John. > > doing parameter dns proxy = Yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Added interface ip=10.1.1.13 bcast=10.1.1.255 nmask=255.255.255.0 > bind succeeded on port 0 > Socket opened. > Sending queries to 10.1.1.255 > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > response=No > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=JOHN<00> q_type=32 q_class=1 > Sending a packet of len 50 to (10.1.1.255) on port 137 > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > response=No > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=JOHN<00> q_type=32 q_class=1 > Sending a packet of len 50 to (10.1.1.255) on port 137 > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > response=No > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=JOHN<00> q_type=32 q_class=1 > Sending a packet of len 50 to (10.1.1.255) on port 137 > name_query failed to find name john -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@hotmail.com From cartegw at Eng.Auburn.EDU Thu Sep 30 16:15:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:11 2003 Subject: Was the trust question ever answered? References: <1C866BFE7D63D211AC3E00A0C969E973020E2C4D@orsmsx39.jf.intel.com> Message-ID: <37F38CB0.39197CE4@eng.auburn.edu> "Stockwell, Travis" wrote: > > I would also like to do this. I want my linux domain to > be trusted by an NT domain (and linux to know that the NT > domain is 'trusting'). Apparently you have to do both? Trust relationships are not completely implemented yet. Some preliminary work has been done though. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From D.Bannon at latrobe.edu.au Thu Sep 30 22:56:57 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT In-Reply-To: <001701bf0b4e$ae11a5d0$9063a8c0@meyka> Message-ID: <3.0.6.32.19991001085657.008ae780@bioserve.latrobe.edu.au> > Question about 2.05 domain admin ...... You will find that this list is really about the NTDom version of Samba, available only via csv, not the 2.05 'full release'. There is a system in 2.05 that works, should be documented in the samba 'kit' somewhere. But the important point is that it is different from the system in the NTDom branch. Consider using the NTDom version it does such things much better, to see how its done, see the FAQ, its very clear. On another matter, the convention when posting to mailing lists is to use unformatted text, all that html in you message make it hard for some people to read and even more difficult to reply to. I see this : At 12:13 AM 01/10/1999 +1000, FMK wrote: > Hi all "" it that certain people should get Administrator-rights on >the NT-machine from where they log on ? regards Florian Meyer-Kassel David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed !