From k.zieger at odn.de Sat Jul 22 17:03:46 2000 From: k.zieger at odn.de (Klaus Zieger) Date: Tue Dec 2 02:30:10 2003 Subject: request to join this mailing list Message-ID: <000801bff3fe$cd34de20$f33ca8c0@fosnbg.de> Dear Madam, dear Sir, I would like to join the mailing list samba-ntdom. Yours sincerely, Klaus Zieger k.zieger@odn.de -------------- next part -------------- HTML attachment scrubbed and removed From ggeorge at digisolv.com Sat Jul 1 00:19:33 2000 From: ggeorge at digisolv.com (Gerry George) Date: Tue Dec 2 02:30:17 2003 Subject: Getting somewhere in my samba adventures... slowly Message-ID: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> At 12:08 PM 6/29/00, you wrote: > >From my recent experiences you may want to use a small NT box as the Primary >Domain Controller (PDC) and do the authentications through it. SAMBA is a >great >thing, however there are some lingering problems having it as a PDC, at least >that is my opinion. > >The Linux/SAMBA box then authenticates all the users through the PDC and >happy, >happy. Later as you progress and the next SAMBA version is released it is >not a >big deal to move the PDC job to SAMBA. Just had this idea. How about running NT4 under VMWare to act as the PDC and have Samba on the same box as your "normal" server? Anyone tried this as yet? Does NT4 run under VMWare? G. George >Mauricio Tavares wrote: > > > At 05:29 PM 6/29/00 +0300, "Valentin Pavlov" wrote: > > >Simply add "security = share" in global parameters. > > >But note - you will not be able to authenticate users. > > > > > I understand, but using what you suggested allowed me to do waht I > > consider to be the most important right now: find out if my samba server > > is working and I can connect to it. It works! So I am pretty happy now. > > Thanks! =) > > > > Now that has been taken care of, I can proceed to the next phase, which is > > setting the user authentication part. What I envision is to have people to > > log into to their NT/W98/W95/W2K boxes anad have that l/p already take care > > of what they have access to in the unix box. I plan in the end to run the > > unix box as primary server for the localnet and have our current NT server > > as secondary, asking the unix box for anything it may need such as > > usernames and stuff. > > > > Again, thanks for the help! =) Gerry E. George Information Technology Specialist, DigiSolv, Inc. http://www.digisolv.com .. From pjdc at eircom.net Sat Jul 1 01:15:22 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:17 2003 Subject: Getting somewhere in my samba adventures... slowly In-Reply-To: Gerry George's message of "Sat, 1 Jul 2000 10:31:55 +1000" References: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> Message-ID: >>>>> "Gerry" == Gerry George writes: Gerry> Just had this idea. Gerry> How about running NT4 under VMWare to act as the PDC and Gerry> have Samba on the same box as your "normal" server? Gerry> Anyone tried this as yet? Does NT4 run under VMWare? NT4 runs fine under VMWare. However, for it to work properly as a PDC, it will need a unique IP address, and for Linux to support two IP addresses on a interface (this is where my knowledge turns to pure speculation because I don't know how interface aliasing is implemented on Linux) the NIC may need to run in promiscuous mode, where the kernel must examine *every* datagram that comes over the wire to see if the IP address is one it owns. This can cause a major CPU load with some brands of NIC. *PLEASE* take these comment re aliasing with a pinch of salt; comments from people who know about Linux's IP aliasing mechanism would be welcome. It might be interesting to try the VMWare path, but I would suggest that if you want to get this working quickly with minimum risk, it would be wise to find a box somewhere to put NT Server on. I have put NT Server running as a PDC on an old 48M Pentium with Exchange 4.0 and it ran fine, if slowly. The major issue is the RAM available, as NT DCs load the entire SAM database into RAM when they boot. I believe the SAM overhead is roughly 1K per user account and 0.5K per machine account. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From awilliam at whitemice.org Sat Jul 1 02:36:46 2000 From: awilliam at whitemice.org (awilliam@whitemice.org) Date: Tue Dec 2 02:30:17 2003 Subject: Getting somewhere in my samba adventures... slowly In-Reply-To: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> References: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> Message-ID: <20000701.2364600@estate1.whitemice.org> >>From my recent experiences you may want to use a small NT box as the Primary >>Domain Controller (PDC) and do the authentications through it. SAMBA is a >>great >>thing, however there are some lingering problems having it as a PDC, at least >>that is my opinion. >> >>The Linux/SAMBA box then authenticates all the users through the PDC and >>happy, >>happy. Later as you progress and the next SAMBA version is released it is >>not a >>big deal to move the PDC job to SAMBA. > Just had this idea. > How about running NT4 under VMWare to act as the PDC and have Samba on the > same box as your "normal" server? > Anyone tried this as yet? Does NT4 run under VMWare? Yes, NT4 or 2000 work perfectly under Vmware, performance is pretty good too. But it doesn't save you from the massive licensing fees. From pjdc at eircom.net Sat Jul 1 02:04:54 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:17 2003 Subject: Getting somewhere in my samba adventures... slowly In-Reply-To: 's message of "Sat, 1 Jul 2000 11:37:06 +1000" References: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> <20000701.2364600@estate1.whitemice.org> Message-ID: >>>>> "AW" == writes: AW> Yes, NT4 or 2000 work perfectly under Vmware, performance is AW> pretty good too. But it doesn't save you from the massive AW> licensing fees. Some dishonest people just set the maximum connections to 1000 and forget about it. I try to keep in mind the truism "Two wrongs don't make a right"; if you steal from a thief you are lowering youself to his level. Luckily, the existence of free operating systems, Samba and Samba TNG does away with all these shenanigans. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From mdmingle at chartertn.net Sat Jul 1 05:12:06 2000 From: mdmingle at chartertn.net (Michael Mingle) Date: Tue Dec 2 02:30:17 2003 Subject: accessing Linux Samba shares in an NT Domain Message-ID: I have used Samba for about 2 years now and i have never had any problems setting up the shares so that my clients can view them. However, now i have an NT domain with a PDC and a BDC. I setup Samba so that it would login to the NT Domain and i set the password server = domainPDC . I have the server settings on domain in the smb.conf also. THe problem arises when i try to access the Samba shares that i have setup. WHat other settings do i have to change to enable browsing of my shares from another pc that is a member of the NT domain? Any help would be much appreciated. THanks, Michael Mingle From pjdc at eircom.net Sat Jul 1 12:59:55 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:17 2003 Subject: accessing Linux Samba shares in an NT Domain In-Reply-To: "Michael Mingle"'s message of "Sat, 1 Jul 2000 15:23:16 +1000" References: Message-ID: >>>>> "Michael" == Michael Mingle writes: Michael> I have used Samba for about 2 years now and i have never Michael> had any problems setting up the shares so that my clients Michael> can view them. However, now i have an NT domain with a Michael> PDC and a BDC. I setup Samba so that it would login to Michael> the NT Domain and i set the password server = domainPDC Michael> . I have the server settings on domain in the smb.conf Michael> also. THe problem arises when i try to access the Samba Michael> shares that i have setup. WHat other settings do i have Michael> to change to enable browsing of my shares from another pc Michael> that is a member of the NT domain? Just a couple of suggestions, as I am not quite sure what precise problem you are experiencing. AFAIK, you must use "wins server = ip.of.wins.server" and have "wins support = no" for a Linux box to correctly appear in the domain's browse list. Some things to check: * Which version of Samba do you have? * Have you created a machine account in the domain and added the Linux box to the domain with smbpasswd -j DOMAIN? * Does the user who is trying to access the Linux box have an account on the box? (This merely needs to exist, its password, etc. are not used by Samba.) * Does accessing the Linux shares directly with \\SERVER\SHARE from the Run dialog on the Windows box work? Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From for.walter at virgin.net Sat Jul 1 17:20:20 2000 From: for.walter at virgin.net (Walter Dresen) Date: Tue Dec 2 02:30:17 2003 Subject: Any linux utility like nt's rcmd out there? Message-ID: <001f01bfe380$a29d4c80$7a7b7b7b@s800> hi, sometimes i boot into linux at work (suse 6.3 and samba 2.0.7). is there any utility out there like rcmd that comes with nt reskit so that i could do things like unlocking nt accounts or resetting passwords? i do not want to move to tng and i do not need to use nt's usermanager... thanks.. From zen at sprynet.com Sat Jul 1 17:39:40 2000 From: zen at sprynet.com (John Cusick) Date: Tue Dec 2 02:30:17 2003 Subject: Samba BDC can't join Samba PDC Domain Message-ID: <395E2CDC.6769DEEE@sprynet.com> Using TNG 2.5 on two SuSE 6.4 machines upgraded to kernel 2.2.16 (smb.conf contents of each listed below). One machine has been functioning successfully as PDC for domain consisting of NT 4, Windows 2000 and Win95 workstations. Windows workstations can join domain and use all resources. Attempting to add the second Linux machine as BDC. Using rpcclient can successfully create machine account on PDC, but cannot join domain. No *.mac file is created on BDC nor is message returned confirming joining domain. Following commands are used and corresponding results received at BDC: rpcclient -S PDC -U admin%pass -W DOM (successful login to PDC) lsaquery (returns PDC as domain member and domain controller) createuser BDC -s -j (returns Create Domain User: OK) Would appreciate any suggestions! PDC smb.conf: > # Global parameters > workgroup = CNS > encrypt passwords = yes > smb passwd file = /usr/local/samba/private/smbpasswd > netbios name = SUSE > server string = Suse Linux [%v] > interfaces = 192.168.0.99/255.255.255.0 > os level = 65 > domain group map = /usr/local/samba/private/domaingroup.map > domain user map = /usr/local/samba/private/domainuser.map > domain logons = yes > logon path = \\%L\profile\%U > security = user > local master = yes > preferred master = yes > domain master = yes > wins support = yes > time server = yes > name resolve order = wins lmhosts hosts bcast > guest account = ftp > debug level = 5 > logon script = %U.bat > > [netlogon] > comment = The domain logon service > path = /usr/local/samba/netlogon > public = no > writeable = no > browseable = no > > [homes] > comment = Home Directories > read only = No > create mask = 0750 > browseable = No > > [profile] > path = /usr/local/samba/profile > writeable = yes > browsable = no > comment = PDC profile share > > [printers] > comment = All Printers > path = /tmp > create mask = 0700 > print ok = Yes > browseable = No > > [public] > comment = Public Stuff > path = /home/public > read only = No > guest ok = Yes > > [tmp] > comment = Temporary file space > path = /tmp > read only = No > guest ok = Yes > BDC smb.conf: > ; > ; /etc/smb.conf > ; > ; Copyright (c) 1999 SuSE GmbH Nuernberg, Germany. > ; > [global] > domain logons = yes > domain master = no > workgroup = cns > password server = suse > encrypt passwords = yes > wins server = 192.168.0.99 > local master = no > guest account = ftp > keep alive = 30 > os level = 20 > security = user > name resolve order = wins lmhosts hosts bcast > domain group map = /usr/local/samba/private/domaingroup.map > domain user map = /usr/local/samba/private/domainuser.map > logon path = \\suse\profile\%U > logon script = %U.bat > > passwd chat debug = yes > printing = bsd > printcap name = /etc/printcap > load printers = yes > > socket options = TCP_NODELAY > > > debug level = 10 > > > > interfaces = 192.168.0.97/255.255.255.0 > > > [netlogon] > path = /usr/local/samba/netlogon > > > [homes] > comment = Home directories > browseable = no > read only = no > create mode = 0750 > > [printers] > comment = All Printers > browseable = no > printable = yes > public = no > read only = yes > create mode = 0700 > directory = /tmp > > [tmp] > comment = Temporary file space > path = /tmp > read only = no > guest ok = yes > From esavage at digitalrage.org Sat Jul 1 20:17:04 2000 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:30:18 2003 Subject: Help Badly Message-ID: <811EE070004ED411A3EB00A0CC214822549A@DIGITALRAGENT> I have a few problems I will try to be brief but complete. I am trying to use samba as a file server on a nt network. I want to use swat to configure it first of all. I went into the /etc/services and swat 901/tcp is there. I went into /etc/inetd.conf and uncommented the swat line way down at the very bottom. I restarted the inetd services with kill -hup but no luck swat will not come up. So then I said the heck with it I can do it by hand. Look at the files below and see where I have gone wrong please. When I try to connect to this machine it gives me \\linuxpower is not acessable network not available. But strange thing is I can ping it by name and address. Plus if it was not available I would not be able to get out because it is the dns for my domain. This box is dual pentium 233 with 256 meg of ram and 10,000rpm UWscsi IBM 9.1 gig drive. And 3 2.1 gig Wide seagate scsi drives. # Global parameters [global] workgroup = DIGITALRAGE netbios name = LINUXPOWER server string = linuxpower name resolve order = lmhosts host bcast domain master = no dns proxy = no os level = 29 smb passwd file = /etc/smbpasswd security = server encrypt passwords = True log file = /var/log/samba/log.%m bind interfaces only = True read raw = no interfaces = eth0 192.168.11.30 debug level = 1 create mask = 0644 directory mask = 0755 level2 oplocks = true password server = 192.168.X.X read raw = no max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 192.168.X.X hosts allow = 192.168.X.X-192.168.X.X [homes] comment = Home Directories read only = No browseable = no [tmp] Comment = Temporary File Space path = /tmp read only = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No From pjdc at eircom.net Sat Jul 1 20:32:16 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:18 2003 Subject: Help Badly In-Reply-To: Elijah Savage's message of "Sun, 2 Jul 2000 06:15:43 +1000" References: <811EE070004ED411A3EB00A0CC214822549A@DIGITALRAGENT> Message-ID: >>>>> "Elijah" == Elijah Savage writes: Elijah> interfaces = eth0 192.168.11.30 The format of this line should be IP address/netmask, e.g.: interfaces = 192.168.11.30/255.255.255.0 -OR- interfaces = 192.168.11.30/24 Since this line is defective, Samba is not listening to the network at all. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From esavage at digitalrage.org Sat Jul 1 20:43:39 2000 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:30:18 2003 Subject: Help Badly Message-ID: <811EE070004ED411A3EB00A0CC214822549B@DIGITALRAGENT> I have just fixed that and I greatly appreciate it but its not working. Still the same error. Exact error Linuxpower is not accessible the network path was not found I did restart the services and even did a telinit 1 to make sure. -----Original Message----- From: Paul J Collins [mailto:pjdc@eircom.net] Sent: Saturday, July 01, 2000 4:27 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Help Badly >>>>> "Elijah" == Elijah Savage writes: Elijah> interfaces = eth0 192.168.11.30 The format of this line should be IP address/netmask, e.g.: interfaces = 192.168.11.30/255.255.255.0 -OR- interfaces = 192.168.11.30/24 Since this line is defective, Samba is not listening to the network at all. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Sat Jul 1 20:58:12 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:18 2003 Subject: Help Badly In-Reply-To: Elijah Savage's message of "Sun, 2 Jul 2000 06:41:39 +1000" References: <811EE070004ED411A3EB00A0CC214822549B@DIGITALRAGENT> Message-ID: >>>>> "Elijah" == Elijah Savage writes: Elijah> I have just fixed that and I greatly appreciate it but its not working. Elijah> Still the same error. Elijah> Exact error Elijah> Linuxpower is not accessible Elijah> the network path was not found Please check the samba logs for errors. The errors Windows clients give are generally too vague to diagnoe a problem. Your logs are probably in /var/log/samba, if you're using a version that came with your distribution. I'll have a better look at your config file now. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Sat Jul 1 21:04:26 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:18 2003 Subject: Help Badly In-Reply-To: Elijah Savage's message of "Sun, 2 Jul 2000 06:15:43 +1000" References: <811EE070004ED411A3EB00A0CC214822549A@DIGITALRAGENT> Message-ID: >>>>> "Elijah" == Elijah Savage writes: Elijah> I have a few problems I will try to be brief but complete. I am trying to Elijah> use samba as a file server on a nt network. I want to use swat to configure Elijah> it first of all. I went into the /etc/services and swat 901/tcp is there. I Elijah> went into /etc/inetd.conf and uncommented the swat line way down at the very Elijah> bottom. I restarted the inetd services with kill -hup but no luck swat will Elijah> not come up. So then I said the heck with it I can do it by hand. Look at Elijah> the files below and see where I have gone wrong please. When I try to Elijah> connect to this machine it gives me \\linuxpower is not acessable network Elijah> not available. But strange thing is I can ping it by name and address. Plus Elijah> if it was not available I would not be able to get out because it is the dns Elijah> for my domain. This box is dual pentium 233 with 256 meg of ram and Elijah> 10,000rpm UWscsi IBM 9.1 gig drive. And 3 2.1 gig Wide seagate scsi drives. Elijah> # Global parameters Elijah> [global] Elijah> workgroup = DIGITALRAGE Elijah> netbios name = LINUXPOWER Elijah> server string = linuxpower Elijah> name resolve order = lmhosts host bcast You should add wins here, since you have defined the wins server parameter below. Elijah> domain master = no Elijah> dns proxy = no Elijah> os level = 29 Elijah> smb passwd file = /etc/smbpasswd Elijah> security = server Elijah> encrypt passwords = True Elijah> log file = /var/log/samba/log.%m Elijah> bind interfaces only = True Elijah> read raw = no Elijah> interfaces = eth0 192.168.11.30 Covered this line in my previous post. Elijah> debug level = 1 Elijah> create mask = 0644 Elijah> directory mask = 0755 Elijah> level2 oplocks = true Elijah> password server = 192.168.X.X Elijah> read raw = no Elijah> max log size = 50 Elijah> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Elijah> dns proxy = No Elijah> wins server = 192.168.X.X Elijah> hosts allow = 192.168.X.X-192.168.X.X The format of this line is like this: hosts allow = 192.168.X. # all of this subnet, (192.168.X. is class C) Have you created an account on the Unix box for the user who is trying to access the machine from the Windows box? It is a requirement that every entry in smbpasswd have a corresponding entry in /etc/passwd, since Samba uses the UID/GID in the filesystem to determine access rights to files. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From esavage at digitalrage.org Sun Jul 2 00:02:10 2000 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:30:18 2003 Subject: Thank you all I fixed it Message-ID: <811EE070004ED411A3EB00A0CC214822549E@DIGITALRAGENT> I just subscribed to this group about 3 days ago, and I have a few others I subscribe to but by far this has to be the best one. I have gotten so many useful tips from this group. In reference to my problem I was having earlier after looking at the samba logs files as instructed by Paul I realized that something had to be wrong with the host allow option. So I decided to change this option to look somewhat like what Paul mentioned about bind interfaces(example:host allow = 192.168.11.0/255.255.255.0) and what do you know this fixed ALL of my problems including the swat issue. Thank to all those that sent responses to try and help. From esavage at digitalrage.org Sun Jul 2 02:00:31 2000 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:30:18 2003 Subject: Samba Bug? Message-ID: <811EE070004ED411A3EB00A0CC214822549F@DIGITALRAGENT> Everything is working great now with my samba setup. I had it join the ntdomain and all can browse their home directories. But I did notice one thing in swat under server status. It states that smbd and nmbd are not running. But of course I know it is. Is this a bug with samba or swat? I am using redhat 6.2 and samba version 2.06 the version that is bundled with the newest version of redhat. From holger at xpo.de Sun Jul 2 02:04:14 2000 From: holger at xpo.de (Holger Eilhard) Date: Tue Dec 2 02:30:18 2003 Subject: Samba Bug? In-Reply-To: <811EE070004ED411A3EB00A0CC214822549F@DIGITALRAGENT> Message-ID: Hello, > Everything is working great now with my samba setup. I had it join the > ntdomain and all can browse their home directories. But I did notice one > thing in swat under server status. It states that smbd and nmbd are not > running. But of course I know it is. Is this a bug with samba or > swat? I am > using redhat 6.2 and samba version 2.06 the version that is > bundled with the > newest version of redhat. I had this problem, too. I think this happens if the smbd and/or nmbd lock files aren't deleted. (e.g. not stopped by smb stop). Holger PS: Can anyone advise me a Samba Version with working LDAP Auth? -- Holger Eilhard - http://holger.xpo.de - holger@xpo.de From gcarter at valinux.com Sun Jul 2 02:39:35 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:18 2003 Subject: Samba Bug? References: Message-ID: <395EAB67.227B6B6F@valinux.com> Holger Eilhard wrote: > > PS: Can anyone advise me a Samba Version with working LDAP Auth? It's on the plate for 2.2.0 hopefully. I'm trying to work on it now. Of course, there is some experiemental help suport in SAMBA_TNG. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From holger at xpo.de Sun Jul 2 02:43:36 2000 From: holger at xpo.de (Holger Eilhard) Date: Tue Dec 2 02:30:18 2003 Subject: LDAP (was: Re: Samba Bug?) In-Reply-To: <395EAB67.227B6B6F@valinux.com> Message-ID: > Holger Eilhard wrote: > > > > PS: Can anyone advise me a Samba Version with working LDAP Auth? > > It's on the plate for 2.2.0 hopefully. I'm trying to work on > it now. Of course, there is some experiemental help suport > in SAMBA_TNG. Thanks for the fast answer! Can you tell me where/how to get the actual cvs builds of 2.x and TNG. I tried to search on several Samba Web Sites, but the everytime I got to us1.samba.org, and well, there got a 404... Holger -- Holger Eilhard - http://holger.xpo.de - holger@xpo.de From peter at cadcamlab.org Sun Jul 2 06:57:19 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:18 2003 Subject: Getting somewhere in my samba adventures... slowly References: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> Message-ID: <14686.58768.878393.279261@wire.cadcamlab.org> [Paul J Collins ] > for Linux to support two IP addresses on a interface (this is where > my knowledge turns to pure speculation because I don't know how > interface aliasing is implemented on Linux) the NIC may need to run > in promiscuous mode, where the kernel must examine *every* datagram > that comes over the wire to see if the IP address is one it owns. Though my hard knowledge here is as little as yours, I highly doubt that IP aliasing requires promiscuous mode in Linux (or any other OS). I think you've confused IP addresses with MAC (Ethernet hardware) addresses. All you really need is to have your ARP server (i.e. TCP/IP stack) answer ARP requests for more than one IP, using the same MAC address. ...And even if you needed multiple MAC addresses, many if not most NICs support some degree of multicasting. (Usually a programmable list or hash table of MAC addresses to listen for.) Peter From peter at cadcamlab.org Sun Jul 2 07:11:51 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:19 2003 Subject: Any linux utility like nt's rcmd out there? References: <001f01bfe380$a29d4c80$7a7b7b7b@s800> Message-ID: <14686.59815.808000.727853@wire.cadcamlab.org> [Walter Dresen ] > sometimes i boot into linux at work (suse 6.3 and samba 2.0.7). is > there any utility out there like rcmd that comes with nt reskit so > that i could do things like unlocking nt accounts or resetting > passwords? I do not know what rcmd does, but `rpcclient' and/or `samedit' seem to be what you want. I'm a little unclear on the distinction between the two, since rpcclient does seem to support user management functions, but samedit (which, BTW, exists only in TNG) seems to be the Enlightened Way. > i do not want to move to tng No need to move to TNG for smbd/nmbd, but you definitely want the TNG version of rpcclient/samedit, which is *much* more advanced than the other branches. Trust me on this one. Peter From peter at cadcamlab.org Sun Jul 2 10:26:12 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:19 2003 Subject: LDAP (was: Re: Samba Bug?) References: <395EAB67.227B6B6F@valinux.com> Message-ID: <14687.5911.798890.155541@wire.cadcamlab.org> [Holger Eilhard ] > Can you tell me where/how to get the actual cvs builds of 2.x and > TNG. I tried to search on several Samba Web Sites, but the everytime > I got to us1.samba.org, and well, there got a 404... # password is "cvs" cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login # HEAD aka 3.0pre cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba mv samba samba-head # yes, SAMBA_2_0 is an outdated tag name... cvs -d :pserver:cvs@cvs.samba.org:/cvsroot -r SAMBA_2_0 co samba mv samba samba-2.2pre cvs -d :pserver:cvs@cvs.samba.org:/cvsroot -r SAMBA_TNG co samba mv samba samba-tng Now you have all three major trees. Inside each of them you can do cvs update -dP at any time. (CVS remembers the -d and -r flags on a per-directory basis.) And yes, SAMBA_2_0 *is* an outdated tag name.... Peter From peter at cadcamlab.org Sun Jul 2 10:54:42 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:19 2003 Subject: Samba Bug? References: <811EE070004ED411A3EB00A0CC214822549F@DIGITALRAGENT> Message-ID: <14687.7964.667853.363527@wire.cadcamlab.org> [Elijah Savage ] > swat under server status. It states that smbd and nmbd are not > running. But of course I know it is. Is this a bug with samba or > swat? This might happen if you run smbd and nmbd out of inetd. Can't confirm or deny, as I've never tried swat. Peter From holger at xpo.de Sun Jul 2 11:50:31 2000 From: holger at xpo.de (Holger Eilhard) Date: Tue Dec 2 02:30:19 2003 Subject: LDAP (was: Re: Samba Bug?) In-Reply-To: <14687.5911.798890.155541@wire.cadcamlab.org> Message-ID: Hello, > [Holger Eilhard ] > > Can you tell me where/how to get the actual cvs builds of 2.x and > > TNG. I tried to search on several Samba Web Sites, but the everytime > > I got to us1.samba.org, and well, there got a 404... > > # password is "cvs" > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login > > # HEAD aka 3.0pre > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba > mv samba samba-head > > # yes, SAMBA_2_0 is an outdated tag name... > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot -r SAMBA_2_0 co samba > mv samba samba-2.2pre > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot -r SAMBA_TNG co samba > mv samba samba-tng > > Now you have all three major trees. Inside each of them you can do > > cvs update -dP > > at any time. (CVS remembers the -d and -r flags on a per-directory > basis.) And yes, SAMBA_2_0 *is* an outdated tag name.... Thanks, for the very detailed information on how to obtain the source trees. I'm getting the TNG Tree, for testing with win2k... Holger -- Holger Eilhard - http://holger.xpo.de - holger@xpo.de From pjdc at eircom.net Sun Jul 2 13:34:06 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:19 2003 Subject: Getting somewhere in my samba adventures... slowly In-Reply-To: Peter Samuelson's message of "Sun, 2 Jul 2000 17:06:40 +1000" References: <4.3.2.20000630201919.00c23cc0@mail.digisolv.com> <14686.58768.878393.279261@wire.cadcamlab.org> Message-ID: >>>>> "Peter" == Peter Samuelson writes: Peter> Though my hard knowledge here is as little as yours, I Peter> highly doubt that IP aliasing requires promiscuous mode in Peter> Linux (or any other OS). I think you've confused IP Peter> addresses with MAC (Ethernet hardware) addresses. All you Peter> really need is to have your ARP server (i.e. TCP/IP stack) Peter> answer ARP requests for more than one IP, using the same Peter> MAC address. That's where my reasoning went astray; I wasn't sure if it was allowable to have more than one IP address associated with a MAC address. I'm okay with the MAC address/IP address distinction, although when I first learned about networking at the MAC layer (round about the time I picked up a book about DECnet Phase IV, which is an OSI implementation), it was a surprise to discover there was a level of address resolution below that of DNS name -> IP number; up to then I had always assumed that the IP address was low as it got. Assumptions, eh? :-) Cheers, Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From flit at conex.com.br Sun Jul 2 15:52:34 2000 From: flit at conex.com.br (satan) Date: Tue Dec 2 02:30:19 2003 Subject: MIgration. in Hell Message-ID: <395F6542.B2974AA@conex.com.br> Ok, I got a BAD SITUATION NOW, my IT director tell me that I have 2 weeks to migrate a windows Nt domaint to a samba running in the sun server. My scenary is: I have 1000 accounts in a windows domain with roaming profiles and home directory in 1 PDC, and I have to migrate them to a sun machine running solaris. I am planning my actions, I think so the best is: 1-Do a Rescue disk on Nt. 2-Use lophtcrack to open it, and export to samba(this is a theory). 3-Create the users on samba. 4-Open the share home, and do a Drag and drop to transfer all the homes. 5-Pray. How you can see the step 2 and 5 are the hard thing, somebody has passed for this situation? somebody has a migration manual for desesperate people? TnXS! From awilliam at whitemice.org Sun Jul 2 20:32:46 2000 From: awilliam at whitemice.org (awilliam@whitemice.org) Date: Tue Dec 2 02:30:19 2003 Subject: Any linux utility like nt's rcmd out there? In-Reply-To: <001f01bfe380$a29d4c80$7a7b7b7b@s800> References: <001f01bfe380$a29d4c80$7a7b7b7b@s800> Message-ID: <20000702.20324600@estate1.whitemice.org> >sometimes i boot into linux at work (suse 6.3 and samba 2.0.7). is >there any utility out there like rcmd that comes with nt reskit so >that i could do things like unlocking nt accounts or resetting >passwords? i do not want to move to tng and i do not need to use nt's >usermanager... There is a rshd for NT floating around. I use it to change NT user accounts from UNIX shell scripts. I can send it too you if you like, I don't remember where I got it. From lars at kneschke.de Sun Jul 2 19:15:02 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:30:19 2003 Subject: MIgration. in Hell In-Reply-To: <395F6542.B2974AA@conex.com.br> Message-ID: I wish you much luck!! :-) Cu > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > satan > Sent: Sunday, July 02, 2000 4:54 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: MIgration. in Hell > > > > Ok, I got a BAD SITUATION NOW, my IT director tell me > that I have 2 > weeks to migrate a windows Nt domaint to a samba > running in the sun > server. > My scenary is: I have 1000 accounts in a windows > domain with roaming > profiles and home directory in 1 PDC, and I have to > migrate them to a > sun machine running solaris. > I am planning my actions, I think so the best is: > 1-Do a Rescue disk on Nt. > 2-Use lophtcrack to open it, and export to samba(this > is a theory). > 3-Create the users on samba. > 4-Open the share home, and do a Drag and drop to > transfer all the homes. > 5-Pray. > > How you can see the step 2 and 5 are the hard thing, > somebody has passed > for this situation? somebody has a migration manual > for desesperate > people? > TnXS! > > From larry at pkunk.net Sun Jul 2 21:17:42 2000 From: larry at pkunk.net (Lawrence Cotnam Jr.) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? Message-ID: Hello... I'm sure this question has been answered, quite extensively, but the mailing list archive is down and I'm just baffled. I've used CVS to pull latest TNG sources, compiled, and installed it. But I can't get it to work at all. I use smbpasswd to add my account (I have encrypt passwords = yes) and set security to 'user', but everytime I try to connect from my Windows 2000 Professional box, I can't.. the log file says my password doesn't match. I also can't connect with smbclient, using the account. Same error. What could I possibly be doing wrong? I migrated my smb.conf from 2.0.7 (which works perfectly). About the only thing I can do is after creating 'root' with smbpasswd, I can use samedit to connect and do SOME things, but not very much. Any help would be appreciated. :-) Lawrence D. Cotnam Jr. (775) 337-2536 email: larry@pkunk.net From holger at xpo.de Sun Jul 2 21:28:53 2000 From: holger at xpo.de (Holger Eilhard) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? In-Reply-To: Message-ID: Hi, > Hello... I'm sure this question has been answered, quite extensively, but > the mailing list archive is down and I'm just baffled. I've used CVS to > pull latest TNG sources, compiled, and installed it. But I can't > get it to > work at all. > > I use smbpasswd to add my account (I have encrypt passwords = yes) and set > security to 'user', but everytime I try to connect from my Windows 2000 > Professional box, I can't.. the log file says my password doesn't > match. I > also can't connect with smbclient, using the account. Same error. > > What could I possibly be doing wrong? I migrated my smb.conf from 2.0.7 > (which works perfectly). > > About the only thing I can do is after creating 'root' with > smbpasswd, I can > use samedit to connect and do SOME things, but not very much. > > Any help would be appreciated. :-) Try http://www.kneschke.de/projekte/samba_tng/faq/configuration.php3. Thats were I 'started' yesterday, hmm, today :) Some things changed, but I cannot seem to get it working on win2k, on 98 everythings' working fine. Holger -- Holger Eilhard - http://holger.xpo.de - holger@xpo.de From mgeddes at xavier.sa.edu.au Sun Jul 2 22:55:45 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:19 2003 Subject: MIgration. in Hell References: <395F6542.B2974AA@conex.com.br> Message-ID: <395FC871.9DE7D8FB@xavier.sa.edu.au> satan wrote: > > Ok, I got a BAD SITUATION NOW, my IT director tell me > that I have 2 > weeks to migrate a windows Nt domaint to a samba > running in the sun > server. > My scenary is: I have 1000 accounts in a windows > domain with roaming > profiles and home directory in 1 PDC, and I have to > migrate them to a > sun machine running solaris. > I am planning my actions, I think so the best is: > 1-Do a Rescue disk on Nt. > 2-Use lophtcrack to open it, and export to samba(this > is a theory). > 3-Create the users on samba. > 4-Open the share home, and do a Drag and drop to > transfer all the homes. > 5-Pray. > > How you can see the step 2 and 5 are the hard thing, > somebody has passed > for this situation? somebody has a migration manual > for desesperate > people? > TnXS! Try using pwdump (I think it's on the samba.org FTP site). It will turn your SAM database into a nice shiny smbpasswd file. Man I wish I had a sun server to run Samba on.... Good luck, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From pjdc at eircom.net Sun Jul 2 22:59:02 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? In-Reply-To: "Holger Eilhard"'s message of "Mon, 3 Jul 2000 07:33:07 +1000" References: Message-ID: >>>>> "Holger" == Holger Eilhard writes: Holger> were I 'started' yesterday, hmm, today :) Some things Holger> changed, but I cannot seem to get it working on win2k, on Holger> 98 everythings' working fine. I believe that domain logons in current CVS are broken. Try getting a CVS tree with the tag SAMBA_TNG_2_5_GOOD; this version has worked pretty well for NT domain logins. Password changing doesn't work in SAMBA_TNG_2_5_GOOD, however. Window 98 is "working" for you because the Windows 9x line uses a different and older set of protocols for domain logon than the ones NT uses. 98 uses SMB calls, while NT uses DEC/RPC calls to a different port. The fact that your Windows 98 box works does not indicate that TNG's new domain controller functionality is working. The only way to test TNG is using a Win2K or NT box, preferably an NT box because 2000 interacts with NT domains differently. Cheers, Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From sharpe at ns.aus.com Mon Jul 3 01:12:10 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:19 2003 Subject: MIgration. in Hell In-Reply-To: <395F6542.B2974AA@conex.com.br> Message-ID: <3.0.6.32.20000703101210.009d4850@203.16.214.248> At 12:54 AM 7/3/00 +1000, satan wrote: > >Ok, I got a BAD SITUATION NOW, my IT director tell me >that I have 2 >weeks to migrate a windows Nt domaint to a samba >running in the sun >server. >My scenary is: I have 1000 accounts in a windows >domain with roaming >profiles and home directory in 1 PDC, and I have to >migrate them to a >sun machine running solaris. >I am planning my actions, I think so the best is: >1-Do a Rescue disk on Nt. >2-Use lophtcrack to open it, and export to samba(this >is a theory). Use pwdump2. Tod Sabin has written a better pwdump that can get in behind syskey. I assume you have administrator access. >3-Create the users on samba. >4-Open the share home, and do a Drag and drop to >transfer all the homes. >5-Pray. Make sure you pray to the Samba gods :-) Let us know how it goes. Watch out for parameters like home path so you set up roaming profiles correctly, and so on. Good luck. Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From holger at xpo.de Sun Jul 2 23:03:41 2000 From: holger at xpo.de (Holger Eilhard) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? In-Reply-To: Message-ID: > >>>>> "Holger" == Holger Eilhard writes: > > Holger> were I 'started' yesterday, hmm, today :) Some things > Holger> changed, but I cannot seem to get it working on win2k, on > Holger> 98 everythings' working fine. > > I believe that domain logons in current CVS are broken. Try getting a > CVS tree with the tag SAMBA_TNG_2_5_GOOD; this version has worked > pretty well for NT domain logins. Password changing doesn't work in > SAMBA_TNG_2_5_GOOD, however. Doesn't really matter... :) My main point is that I can get Samba working under 9x and 2000, and preferably later on with LDAP support (yeah, currently I'm on the LDAP Trip ;) ). > Window 98 is "working" for you because the Windows 9x line uses a > different and older set of protocols for domain logon than the ones NT > uses. 98 uses SMB calls, while NT uses DEC/RPC calls to a different > port. The fact that your Windows 98 box works does not indicate that > TNG's new domain controller functionality is working. The only way to > test TNG is using a Win2K or NT box, preferably an NT box because 2000 > interacts with NT domains differently. I don't have NT available here anymore. I get some calls on the Linux box on port 445 (IIRC, could also be 449 or so). I looked up in my /etc/services and wasn't able to get any information on this port. Anyone please tell me what this port is user for? So I'll go my way on the next CVS tree (*_GOOD) :) Holger -- Holger Eilhard - http://holger.xpo.de - holger@xpo.de From D.Bannon at latrobe.edu.au Sun Jul 2 23:15:57 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:19 2003 Subject: Any linux utility like nt's rcmd out there? In-Reply-To: <14686.59815.808000.727853@wire.cadcamlab.org> References: <001f01bfe380$a29d4c80$7a7b7b7b@s800> Message-ID: <3.0.6.32.20000703091557.0088f800@bioserve.latrobe.edu.au> At 05:14 PM 02/07/2000 +1000, Peter Samuelson wrote: Peter, I don't think that the rpcclient and/or samedit from TNG will cooperate with (eg) 2.0.7. Is that what you are suggesting ? Does anyone have them working together ? Walter Dresen said : >> i do not want to move to tng > Peter Samuelson said : >No need to move to TNG for smbd/nmbd, but you definitely want the TNG >version of rpcclient/samedit, which is *much* more advanced than the >other branches. Trust me on this one. > >Peter > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Sun Jul 2 23:56:43 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? In-Reply-To: "Holger Eilhard"'s message of "Mon, 3 Jul 2000 09:07:37 +1000" References: Message-ID: >>>>> "Holger" == Holger Eilhard writes: Holger> Doesn't really matter... :) My main point is that I can Holger> get Samba working under 9x and 2000, and preferably later 9x should not present a problem, except for issues with the storage of profiles (which are client issues, I believe). Holger> on with LDAP support (yeah, currently I'm on the LDAP Trip Holger> ;) ). The LDAP schema for Samba was in flux the last I heard about it. Windows 2000 is less likely to work with TNG than NT4. Note that Samba 2.0.7 will work fully with Win2k clients as a standalone server, but not a PDC; 2.0.7's PDC support is in any incomplete and set to be scrapped. Holger> I don't have NT available here anymore. I get some calls That is a bummer. I don't believe that Windows 2000 Professional is much of a net gain over NT in an NT4 domain environment. Holger> on the Linux box on port 445 (IIRC, could also be 449 or Holger> so). I looked up in my /etc/services and wasn't able to Holger> get any information on this port. Anyone please tell me Holger> what this port is user for? Port 445/449 (I don't remember which, but probably 445) is the port that NT/Win2K use with DCE/RPC for domain authentication. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From peter at cadcamlab.org Mon Jul 3 00:12:11 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:19 2003 Subject: Any linux utility like nt's rcmd out there? References: <001f01bfe380$a29d4c80$7a7b7b7b@s800> <14686.59815.808000.727853@wire.cadcamlab.org> <3.0.6.32.20000703091557.0088f800@bioserve.latrobe.edu.au> Message-ID: <14687.55435.366584.777137@wire.cadcamlab.org> [David Bannon ] > I don't think that the rpcclient and/or samedit from TNG will > cooperate with (eg) 2.0.7. Is that what you are suggesting ? Does > anyone have them working together ? rpcclient/samedit are for remote administration of NT and NT-like systems. They implement the various RPC calls used to this end in NT. These calls are particularly useful because NT doesn't ship with a generalized remote access mechanism like telnet, ssh or xdmcp. So I assumed you were talking about remote administration of accounts on NT. In which case rpcclient/TNG is a much much better idea than rpcclient/HEAD or rpcclient/2.2pre. If instead you are wanting remote administration of Samba [non-TNG] accounts on Unix, the best option is probably to use ssh, then locally run smbpasswd. And that's about all I have to say about that. Peter From mgeddes at xavier.sa.edu.au Mon Jul 3 01:05:38 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:19 2003 Subject: SMBPASSWD perms Message-ID: <395FE6E2.BF8DE1CF@xavier.sa.edu.au> Hi, I know that the permissions for the smbpasswd file are supposed to be rw------- (for good reason ;-)), but does it matter who owns it? I have followed Lars' FAQ and created a non-root domain administrator, but in doing so, I cannot add a machine account from an NT box using the NT boxy thing. This also means that to do any account administration, I must ssh to the box and run smbpasswd / rpcclient. What are other people doing to overcome this problem (this is, of course, assuming that I haven't overlooked anything and there *is* a problems). Thanks heaps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mjwestkamper at weiinc.com Mon Jul 3 01:04:36 2000 From: mjwestkamper at weiinc.com (Mike) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? References: Message-ID: <395FE6A4.8907117C@weiinc.com> A couple of dumb things...only because I made these mistakes... Did you start the server components? Can you log on as a smbclient from the machine which SAMBA is installed? MIke "Lawrence Cotnam Jr." wrote: > Hello... I'm sure this question has been answered, quite extensively, but > the mailing list archive is down and I'm just baffled. I've used CVS to > pull latest TNG sources, compiled, and installed it. But I can't get it to > work at all. > > I use smbpasswd to add my account (I have encrypt passwords = yes) and set > security to 'user', but everytime I try to connect from my Windows 2000 > Professional box, I can't.. the log file says my password doesn't match. I > also can't connect with smbclient, using the account. Same error. > > What could I possibly be doing wrong? I migrated my smb.conf from 2.0.7 > (which works perfectly). > > About the only thing I can do is after creating 'root' with smbpasswd, I can > use samedit to connect and do SOME things, but not very much. > > Any help would be appreciated. :-) > > Lawrence D. Cotnam Jr. > (775) 337-2536 > email: larry@pkunk.net From gcarter at valinux.com Mon Jul 3 02:40:33 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:19 2003 Subject: TNG? Does it work? References: Message-ID: <395FFD21.3BF0B53E@valinux.com> Paul J Collins wrote: > > Port 445/449 (I don't remember which, but probably 445) is the port > that NT/Win2K use with DCE/RPC for domain authentication. 445/tcp is the port used for NetBIOS-less SMB. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From r_huelsmann at ish.de Mon Jul 3 06:02:58 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:30:20 2003 Subject: TNG samedit Message-ID: <001301bfe4b4$56543a70$3401a8c0@workstation_1a> hi ! i?m missing a little bit documentation on TNG... does anybody have docu about all the new programms that ship with TNG, like samedit ? greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.com/ r_huelsmann@ish.com phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000703/a7d5ba04/iso-8859-1QRalf_HFClsmann.obj From mgeddes at xavier.sa.edu.au Mon Jul 3 06:24:13 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:20 2003 Subject: TNG samedit References: <001301bfe4b4$56543a70$3401a8c0@workstation_1a> Message-ID: <3960318D.959BECDA@xavier.sa.edu.au> Ralf Huelsmann wrote: > > hi ! > > i?m missing a little bit documentation on TNG... > > does anybody have docu about all the new programms that ship > with TNG, like samedit ? > I thought I wrote that one. Check in the docs/yodldocs directory of the Samba TNG distribution. If you can't find the samedit one, try the rpcclient man page. rpcclient is samedit and regedit combined. Let me know of any broken bits in the man pages and I'll glady fix 'em. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From peter at cadcamlab.org Mon Jul 3 06:53:44 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:20 2003 Subject: LDAP (was: Re: Samba Bug?) References: <395EAB67.227B6B6F@valinux.com> <14687.5911.798890.155541@wire.cadcamlab.org> Message-ID: <14688.14286.940540.680136@wire.cadcamlab.org> [Peter Samuelson ] > # yes, SAMBA_2_0 is an outdated tag name... > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot -r SAMBA_2_0 co samba > mv samba samba-2.2pre > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot -r SAMBA_TNG co samba > mv samba samba-tng Oops. What I *meant* was, you have to specify the "co" command *before* the "-r TAG" option. Sorry for any confusion this may have caused......... Peter From mg at plum.de Mon Jul 3 07:13:13 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:20 2003 Subject: SMBPASSWD perms References: <395FE6E2.BF8DE1CF@xavier.sa.edu.au> Message-ID: <005a01bfe4be$26a4ffd0$0201010a@defiant> > Hi, > > I know that the permissions for the smbpasswd file are supposed to be > rw------- (for good reason ;-)), but does it matter who owns it? I have > followed Lars' FAQ and created a non-root domain administrator, but in > doing so, I cannot add a machine account from an NT box using the NT > boxy thing. This also means that to do any account administration, I > must ssh to the box and run smbpasswd / rpcclient. What are other people > doing to overcome this problem (this is, of course, assuming that I > haven't overlooked anything and there *is* a problems). look in the archive. There was quite some discussion about this topic, and IIRC some people event wanted to have smbpasswd rw-rw----, with uid root and gid of domain admins (or sambam or any other special group noone else is member of), so that a domain admin could add users, reset machine account, etc. regards, Michael From simo.sorce at polimi.it Mon Jul 3 07:47:36 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:20 2003 Subject: Samba Head w/ TNG setup - multiple .SID files? References: Message-ID: <39604518.F6EAEA68@polimi.it> HAve you tested with a symbolic link? mv TESTDOM1.SID.backup ln -s /etc/MACHINE.SID /etc/TESTDOM1.SID And start daemons. Hope this will help. Samuel Greenfeld wrote: > > At our organization, we were looking to integrate a test Windows 2000 machine into our samba setup. Here, samba plays a PDC. However, the system had to support 95/98 machines as well. So we followed the recommendation in the online TNG document and ran the smbd from the SAMBA_HEAD cvs tree and all the other utilities (nmbd, etc.) from the SAMBA_TNG cvs tree. > > We compiled the two of them into directories with two separate prefixes (/usr/local/samba.tng and /usr/local/samba.head). We shutdown the stable samba version we were using, started the alpha editions, and got the following error message in log.smbd whenever we tried to add the Win2k machine to the domain: > > ERROR: Samba cannot create a SAM SID for its domain (TESTDOM1). > both /etc/MACHINE.SID and /etc/TESTDOM1.SID exist when only one should, unable to continue > > In other words, we ran into a problem where some of the utilities seem to be using the /etc/MACHINE.SID file, while some utilities were using an /etc/TESTDOM1.SID file (the name of the domain we created). This caused samba to get confused, and completely screwed up domain logins from the NT 4.0 client we had hooked up in samba 2.0.7, which said the SID it knew for the domain controller was not it. Renaming either of these .SID files and restarting samba caused them to be recreated. No harm done, we simply shut down the experimental version, used the old .SID file we backed up, started samba 2.0.7, and everything was back to normal. During the entire time, we were quite careful to cd into the appropriate directories (/usr/local/samba.tng/sbin and /usr/local/samba.head/bin) and run "./daemonname" to ensure that the proper binary was started. > > Right now, this entire setup is experimental, so if anyone has any ideas on how to fix this (or wants us to track down which daemon is at fault), please let me know. We also ran into trouble getting samedit to run, but I do not know if this is related. > > Date of experiment: June 28, 2000 > Date of last CVS update & compile prior to experiment: June 28, 2000, early morning > Samba TNG prefix set to: /usr/local/samba.tng > Samba HEAD prefix set to: /usr/local/samba.head > /etc/smb.conf was shared between versions, /etc/smbpasswd also forced in both. > Operating system: Linux 2.2.14-6.1.1smp (yes, it needs to be upgraded, but we're waiting on some binary-only drivers) on a Dual Xeon 800 w/ 1024 MB RAM. > > > Sincerely, > Samuel Greenfeld > Electrical & Computer Engineering, Rowan University -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From peter at cadcamlab.org Mon Jul 3 13:07:07 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:20 2003 Subject: Samba Head w/ TNG setup - multiple .SID files? References: <39604518.F6EAEA68@polimi.it> Message-ID: <14688.36556.83988.472405@wire.cadcamlab.org> [Samuel Greenfeld ] > > ERROR: Samba cannot create a SAM SID for its domain (TESTDOM1). > > both /etc/MACHINE.SID and /etc/TESTDOM1.SID exist when only one should, unable to continue [Simo Sorce ] > HAve you tested with a symbolic link? > mv TESTDOM1.SID.backup > ln -s /etc/MACHINE.SID /etc/TESTDOM1.SID I doubt it would help. TNG is complaining that you still have your "legacy" file around. It figures you've got a misconfiguration somewhere so it refuses to go on. Try setting `--sysconfdir' (in `configure') to unique directories like /etc/samba-tng and /etc/samba-head. *Then* try the symlink idea.... Peter From lkcl at samba.org Mon Jul 3 14:39:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:21 2003 Subject: MIgration.in HELL Message-ID: hey dude, chill. use samedit to join the samba server as a BDC, then issue a samsync command. this will add every single PDC account to your samba server's BDC smbpasswd file. the only thing you will have to _have_ done, beforehand, is create the unix accounts. _or_, do the process twice, and have a script parse the output the first time to get the usernames, have the script run adduser you get the picture. luke Script started on Fri Jun 9 04:11:17 2000 [root@knight source]# bin/samedit -S changeme-nt4s -U root%test -l log Server: \\CHANGEME-NT4S: User: root Domain: Connection: OK [root@CHANGEME-NT4S]$ use \\knight -Uroot%test -W knight use \\knight -Uroot%test -Wknight Server: \\KNIGHT: User: root Domain: knight Connection: OK [knight\root@CHANGEME-NT4S]$ createuser knight$ -s -j domain createuser knight$ -s -j domain SAM Create Domain User Domain: DOMAIN Name: knight$ ACB: [S ] Create Domain User: OK Join KNIGHT to Domain DOMAIN Set $MACHINE.ACC: OK [knight\root@CHANGEME-NT4S]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: DOMAIN (S-1-5-21-4070507235-114175824-2771791698) Domain Controller - Domain: DOMAIN (S-1-5-21-4070507235-114175824-2771791698) [knight\root@CHANGEME-NT4S]$ samsync samsync SAM Database Sync ----------------- Domain: DOMAIN Group: Domain Admins Group: Domain Users Group: Domain Guests Group: testgroup Group: testgroup2 Group: testgroup3 Group: testgroup5 Group: testgroup6 Group: testgroup7 Account: Administrator { 0x01, 0xFC, 0x5A, 0x6B, 0xE7, 0xBC, 0x69, 0x29, 0xAA, 0xD3, 0xB4, 0x35, 0xB5, 0x14, 0x04, 0xEE }; { 0x0C, 0xB6, 0x94, 0x88, 0x05, 0xF7, 0x97, 0xBF, 0x2A, 0x82, 0x80, 0x79, 0x73, 0xB8, 0x95, 0x37 }; Account: Guest { 0xB3, 0xCC, 0x5A, 0x77, 0xA6, 0x8F, 0x64, 0x77, 0x61, 0x2A, 0x53, 0xE1, 0x2D, 0xFC, 0x18, 0x3B }; { 0xB3, 0xCC, 0x5A, 0x77, 0xA6, 0x8F, 0x64, 0x77, 0x61, 0x2A, 0x53, 0xE1, 0x2D, 0xFC, 0x18, 0x3B }; Account: CHANGEME-NT4S$ { 0x17, 0x47, 0xDB, 0xE6, 0x1B, 0xA8, 0x60, 0x32, 0x1D, 0x1A, 0xEE, 0x2B, 0x53, 0xF6, 0x29, 0xEA }; { 0x5E, 0x6A, 0xBA, 0x10, 0xF7, 0xA2, 0x3F, 0xDC, 0xEF, 0x50, 0xBA, 0x30, 0x62, 0x75, 0xBF, 0x53 }; Account: NT4-1$ { 0x8F, 0xCA, 0x67, 0xCF, 0x5A, 0x9F, 0xEB, 0x7D, 0xB0, 0x6F, 0xDA, 0xCB, 0xE2, 0xEF, 0xDE, 0xAB }; { 0x6D, 0x60, 0xD6, 0x79, 0x43, 0xE7, 0x2C, 0xE3, 0x46, 0xC3, 0x4C, 0xD1, 0xD4, 0xC9, 0xD6, 0x2C }; Account: root { 0x01, 0xFC, 0x5A, 0x6B, 0xE7, 0xBC, 0x69, 0x29, 0xAA, 0xD3, 0xB4, 0x35, 0xB5, 0x14, 0x04, 0xEE }; { 0x0C, 0xB6, 0x94, 0x88, 0x05, 0xF7, 0x97, 0xBF, 0x2A, 0x82, 0x80, 0x79, 0x73, 0xB8, 0x95, 0x37 }; Account: knight$ { 0xBF, 0xFB, 0x57, 0x74, 0x20, 0x86, 0xF0, 0x83, 0x1A, 0xD1, 0x2E, 0xDD, 0xA1, 0x3A, 0x11, 0xFC }; { 0x92, 0x3A, 0x73, 0x26, 0xCA, 0xFC, 0x62, 0xAD, 0x7E, 0x25, 0x04, 0x32, 0x56, 0x2D, 0x2A, 0x41 }; [knight\root@CHANGEME-NT4S]$ exit exit [root@knight source]# exit exit Script done on Fri Jun 9 04:12:06 2000 Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From cameron.ough at intel.com Mon Jul 3 16:53:25 2000 From: cameron.ough at intel.com (Ough, Cameron) Date: Tue Dec 2 02:30:21 2003 Subject: Unsubscribe Message-ID: I have unsubscribed a few times, and still ... nothing. Would someone please unsubscribe me? All of the unintentional receipients, please ignore this. From larry at pkunk.net Mon Jul 3 18:14:22 2000 From: larry at pkunk.net (Lawrence Cotnam Jr.) Date: Tue Dec 2 02:30:21 2003 Subject: TNG? Does it work? In-Reply-To: <395FE6A4.8907117C@weiinc.com> Message-ID: | -----Original Message----- | From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of | Mike | Sent: Sunday, July 02, 2000 6:06 PM | To: Multiple recipients of list SAMBA-NTDOM | Subject: Re: TNG? Does it work? | | | A couple of dumb things...only because I made these mistakes... | | Did you start the server components? Yep. Started srvsvcd wkssvcd lsarpcd samrd netlogond winregd nmbd smbd all running with security=user. If I try to use security=domain or server, some of the daemons refuse to stay running. | Can you log on as a smbclient from the machine which SAMBA is installed? Nope. It always says my password is not correct in the log and smbclient says session start failed. I can only connect to the 'server' software with samedit. Lawrence D. Cotnam Jr. (775) 337-2536 email: larry@pkunk.net From rez at moremagic.com Mon Jul 3 20:45:09 2000 From: rez at moremagic.com (=?iso-8859-1?Q?Lauri_Myll=E4ri?=) Date: Tue Dec 2 02:30:21 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: ; from kill-9@warbeast.com on Sat, Jul 01, 2000 at 01:38:33AM +1000 References: <20000629234743.A12642@moremagic.com> Message-ID: <20000703234509.D21153@moremagic.com> On Sat, Jul 01, 2000 at 01:38:33AM +1000, kill -9 wrote: > Create an account on domain1 pdc with the name of the other domain > (domain2$), and use the -i option (createuser -i domain2$ -p password) > (I think this is the format). Then create another account but with the > name of domain2's pdc, ex. (createuser domain2pdc$ -p password) > Do this but in reverse on the othe pdc. Unix accounts would have to be > done too on both. Then, I think you could just follow Elrond's > instructions, and use either smbpasswd -j domainname, or get the > domain sid for each domain using rpcclient -S otherpdc -U % -c 'lsaq', and > copy that SID into a file named DOMAIN1.SID. Do this for each domain. > Then I think you could use the trusting and trusted domains lines in each > smb.conf file. Sorry if this is unclear. As I said, I'm guessing, and > I've never really done this with 2 samba pdcs. Thank you for these instructions. I got to the point where pdc1 is trying to ask pdc2 for authentication, but fails with the following in log.netlogon (ip obfuscated on purpose): TODO: verify that the rid exists error connecting to oth.er.pdc.ip:445 (Connection refused) LSA_OPENSECRET: unknown error smbpasswd -j is not available anymore (suggests using samedit), so I used the rpcclient to get the SIDs manually. > > btw, I have a somewhat weird (but working solution) for keeping the > > account and group information updated on my samba pdc, samba servers, unix > > servers and workstations. > Thhat prog you speak of sounds very usefull. I would sure be interested in > seeing it available. I got a few replies to this, so I'm starting to prepare for a GPL release. I'll have to get final permission from higher powers :) and get the source cleaned up. From pjdc at eircom.net Mon Jul 3 21:52:57 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:21 2003 Subject: where is the cliffs module? Message-ID: Maybe I'm doing something stupidly wrong, but I can't check out the "cliffs" module from samba's CVS: $ cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login (Logging in to cvs@cvs.samba.org) CVS password: $ cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co cliffs cvs server: cannot find module `cliffs' - ignored cvs [checkout aborted]: cannot expand modules The "cliffs" module is not visible from cvsweb either. Suggestions, advice, abuse? Thanks, Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From mgeddes at xavier.sa.edu.au Mon Jul 3 23:24:32 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:21 2003 Subject: Unsubscribe References: Message-ID: <396120B0.8B7FD7E7@xavier.sa.edu.au> "Ough, Cameron" wrote: > > I have unsubscribed a few times, and still ... nothing. Would someone please > unsubscribe me? > > All of the unintentional receipients, please ignore this. I believe there are some destructions on the samba.org site -- Matthew Geddes Network Manager Xavier College Gawler, SA From pjdc at eircom.net Tue Jul 4 00:33:13 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:21 2003 Subject: Unsubscribe In-Reply-To: Matthew Geddes's message of "Tue, 4 Jul 2000 10:12:22 +1000" References: <396120B0.8B7FD7E7@xavier.sa.edu.au> Message-ID: >>>>> "Matthew" == Matthew Geddes writes: Matthew> I believe there are some destructions on the samba.org site To put it mildly. ;-) Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From larry at pkunk.net Tue Jul 4 05:24:26 2000 From: larry at pkunk.net (Lawrence Cotnam Jr.) Date: Tue Dec 2 02:30:21 2003 Subject: TNG...still doesn't work, for me... Message-ID: OK, I followed some advice posted here to try 'n get my UNIX machine to properly run Samba-TNG. I'll restate that I can and do run most successfully with version 2.0.7. Following a webpage setup instructions, I added two new users to /etc/passwd called FIREMOTH$ and FURY$, the names of the two machines using the Samba server. I created them with unusable passwords and homedirs of /nonexistent, login shell /sbin/nologin. Then I proceeded to modify a smb.conf retrieved from this webpage to my own needs, the result is thus: ***---begin smb.conf---*** [global] #NetBIOS name isn't needed if it's the same as the hostname netbios name = FIREMOTH workgroup = PKUNK-NET #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /usr/local/samba/private/domaingroup.map domain alias map = /usr/local/samba/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager #logon script = login.bat #logon drive = U: #logon home = \\MYSAMBAPDC\%U #logon path = \\MYSAMBAPDC\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /usr/local/samba/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /usr/local/samba/profile [profile] path = /usr/local/samba/profile writeable = yes ***---end smb.conf---*** I ran my startup script, which starts all daemons needed. I wasn't sure about the load order or if it even matters, but I used what the website showed (though it didn't specificly say anything loading stuff in order). I'm including my startup script here. ***---begin samba-tng.sh---*** #!/bin/sh pidfiledir=/usr/local/samba/var/locks sbindir=/usr/local/samba/sbin bindir=/usr/local/samba/bin # start if [ "x$1" = "x" -o "x$1" = "xstart" ]; then echo -n ' smbd' $sbindir/smbd echo -n ' nmbd' $sbindir/nmbd echo -n ' browserd' $sbindir/browserd echo -n ' lsarpcd' $sbindir/lsarpcd echo -n ' netlogond' $sbindir/netlogond echo -n ' samrd' $sbindir/samrd echo -n ' spoolssd' $sbindir/spoolssd echo -n ' srvsvcd' $sbindir/srvsvcd echo -n ' svcctld' $sbindir/svcctld echo -n ' winregd' $sbindir/winregd echo -n ' wkssvcd' $sbindir/wkssvcd # stop elif [ "x$1" = "xstop" ]; then if [ -f $pidfiledir/smbd.pid ]; then kill `cat $pidfiledir/smbd.pid` rm -f $pidfiledir/smbd.pid fi if [ -f $pidfiledir/nmbd.pid ]; then kill `cat $pidfiledir/nmbd.pid` rm -f $pidfiledir/nmbd.pid fi if [ -f $pidfiledir/winregd.pid ]; then kill `cat $pidfiledir/winregd.pid` rm -f $pidfiledir/winregd.pid fi if [ -f $pidfiledir/netlogond.pid ]; then kill `cat $pidfiledir/netlogond.pid` rm -f $pidfiledir/netlogond.pid fi if [ -f $pidfiledir/samrd.pid ]; then kill `cat $pidfiledir/samrd.pid` rm -f $pidfiledir/samrd.pid fi if [ -f $pidfiledir/lsarpcd.pid ]; then kill `cat $pidfiledir/lsarpcd.pid` rm -f $pidfiledir/lsarpcd.pid fi if [ -f $pidfiledir/wkssvcd.pid ]; then kill `cat $pidfiledir/wkssvcd.pid` rm -f $pidfiledir/wkssvcd.pid fi if [ -f $pidfiledir/srvsvcd.pid ]; then kill `cat $pidfiledir/srvsvcd.pid` rm -f $pidfiledir/srvsvcd.pid fi if [ -f $pidfiledir/svcctld.pid ]; then kill `cat $pidfiledir/svcctld.pid` rm -f $pidfiledir/svcctld.pid fi if [ -f $pidfiledir/browserd.pid ]; then kill `cat $pidfiledir/browserd.pid` rm -f $pidfiledir/browserd.pid fi if [ -f $pidfiledir/spoolssd ]; then kill `cat $pidfiledir/spoolssd.pid` rm -f $pidfiledir/spoolssd.pid fi echo "Samba server stopped." fi ***---end samba-tng.sh---*** After starting the server daemons (all of them loaded and stayed running), I proceeded to run samedit, given the parameters: -S. -U root% -l log All seems peachy so far. Transcript of the samedit session: {root}[/usr/local/samba/bin] firemoth:77> samedit -S. -U root% -l log [root@.]$ createuser root -p *** createuser root -p *** SAM Create Domain User Domain: PKUNK-NET Name: root ACB: [U ] Create Domain User: OK [root@.]$ createuser pkunk -p *** createuser pkunk -p *** SAM Create Domain User Domain: PKUNK-NET Name: pkunk ACB: [U ] Create Domain User: OK [root@.]$ createuser FIREMOTH$ createuser FIREMOTH$ SAM Create Domain User Domain: PKUNK-NET Name: firemoth$ ACB: [W ] Resetting Trust Account to insecure, initial, well-known value: "firemoth" FIREMOTH can now be joined to the domain, which should be done on a private, secure network as soon as possible Create Domain User: OK [root@.]$ createuser FURY$ createuser FURY$ SAM Create Domain User Domain: PKUNK-NET Name: fury$ ACB: [W ] Resetting Trust Account to insecure, initial, well-known value: "fury" FURY can now be joined to the domain, which should be done on a private, secure network as soon as possible Create Domain User: OK [root@.]$ q q I thought I'd finally gotten it to work... so I tried to login from my Windows 2000 workstation. It would not accept my password. I then tried to use smbclient to login. Transcript: {root}[/usr/local/samba/bin] firemoth:79> smbclient //FIREMOTH/ added interface ip=63.201.19.138 bcast=63.201.19.143 nmask=255.255.255.248 Password: session setup ok Domain=[PKUNK-NET] OS=[Unix] Server=[Samba TNG-alpha] failed tcon_X session setup ok Domain=[PKUNK-NET] OS=[Unix] Server=[Samba TNG-alpha] failed tcon_X At that point I'm returned to the prompt. So... any suggestions from anyone as to what I'm doing wrong? I'm using a build from cvs SAMBA_TNG_2_5_GOOD. Host operating system is FreeBSD 4.0-RELEASE. Lawrence D. Cotnam Jr. (775) 337-2536 email: larry@pkunk.net From J.L.Gilmour at exeter.ac.uk Tue Jul 4 07:34:33 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:30:21 2003 Subject: Newbie question... Message-ID: <1815093.200007040734@olib> I imagine this has been asked a thousand times - but with the 'search archive' facility down at the Samba web site... I've tried downloading Samba 2.1 from the cvs server at cvs.samba.org, it seems to get as far as asking for a password. No password seems to just timeout. Any suggestions? or any easier ways of downloading it? (I suppose a precompiled Solaris binary would be too much to ask? ) Thanks in advance, Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From wilson at coms.com Tue Jul 4 09:04:47 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:21 2003 Subject: Win98 on laptop to join Samba-NT Domain Message-ID: <3961A8AF.3144AE19@coms.com> Could anyone please let me know How to configure a Sony Vaio notebook running Win98 SE to join a NT domain, which is controlled by a Linux-Samba box running SAMBA_TNG_2_5_GOOD? Many thanks! From janet at bioss.sari.ac.uk Tue Jul 4 11:46:59 2000 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:30:21 2003 Subject: SAMBA-NTDOM digest 1409 References: Message-ID: <3961CEB3.31DED267@bioss.sari.ac.uk> Holger Eilhard writes > I don't have NT available here anymore. I get some calls on the Linux box on > port 445 (IIRC, could also be 449 or so). I looked up in my /etc/services > and wasn't able to get any information on this port. Anyone please tell me > what this port is user for? See http://www.isi.edu/in-notes/iana/assignments/port-numbers Looks like MS Stuff # [RFC1568] microsoft-ds 445/tcp Microsoft-DS microsoft-ds 445/udp Microsoft-DS Janet ************************************************************************* Janet Dickson | http://www.bioss.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* From helas at rbg.informatik.tu-darmstadt.de Tue Jul 4 12:11:12 2000 From: helas at rbg.informatik.tu-darmstadt.de (Martin Helas) Date: Tue Dec 2 02:30:21 2003 Subject: Newbie question... In-Reply-To: <1815093.200007040734@olib> Message-ID: > >I imagine this has been asked a thousand times - but with the 'search >archive' facility down at the Samba web site... > >I've tried downloading Samba 2.1 from the cvs server at cvs.samba.org, >it seems to get as far as asking for a password. No password seems to just >timeout. > >Any suggestions? or any easier ways of downloading it? (I suppose a >precompiled Solaris binary would be too much to ask? ) > >Thanks in advance, password: cvs its documented on the web page (there i found it) > >Jayne. >-- >+----+----+----+----+----+----+----+----+----+----+----+----+----+ > Jayne Gilmour, BSc. MSc. Unix & Network Administrator > Department of Computer Science, University of Exeter > > "Why is line printer paper strongest at the perforations?" >+----+----+----+----+----+----+----+----+----+----+----+----+----+ > From Jerome.Lefeuvre at iu-vannes.fr Tue Jul 4 13:24:03 2000 From: Jerome.Lefeuvre at iu-vannes.fr (Lefeuvre =?iso-8859-1?Q?J=E9r=F4me?=) Date: Tue Dec 2 02:30:21 2003 Subject: look for source code Message-ID: <3961E573.6BC31166@iu-vannes.fr> Hello, i'm looking up for the source code of samba 2.1.0 prealpha on mid-jun 99,because i've lost it.. can anyone forward me a archive or tell me where can i dowload it. Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: lefeuvre.vcf Type: text/x-vcard Size: 295 bytes Desc: Carte pour Lefeuvre Jérôme Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000704/7a600a99/lefeuvre.vcf From elrond at samba.org Tue Jul 4 15:43:55 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:21 2003 Subject: Any linux utility like nt's rcmd out there? In-Reply-To: <14686.59815.808000.727853@wire.cadcamlab.org>; from Peter Samuelson on Sun, Jul 02, 2000 at 05:13:55PM +1000 References: <001f01bfe380$a29d4c80$7a7b7b7b@s800> <14686.59815.808000.727853@wire.cadcamlab.org> Message-ID: <20000704174355.A14448@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sun, Jul 02, 2000 at 05:13:55PM +1000, Peter Samuelson wrote: > > [Walter Dresen ] > > sometimes i boot into linux at work (suse 6.3 and samba 2.0.7). is > > there any utility out there like rcmd that comes with nt reskit so > > that i could do things like unlocking nt accounts or resetting > > passwords? > > I do not know what rcmd does, but `rpcclient' and/or `samedit' seem to > be what you want. I'm a little unclear on the distinction between the > two, since rpcclient does seem to support user management functions, > but samedit (which, BTW, exists only in TNG) seems to be the > Enlightened Way. samedit is just a subset of rpcclient, nothing more. It simply only contains the commands used for usermanagement. If you like to have all commands at hand, use rpcclient, if you want a smaller list of commands,when you type "help", use samedit or one of the other subset-tools. [...] Elrond From elrond at samba.org Tue Jul 4 16:44:03 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:21 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: =?iso-8859-1?Q?=3C20000703234509=2ED21153=40moremagic=2Ecom=3E=3B_from_L?= =?iso-8859-1?Q?auri_Myll=E4ri_on_Tue=2C_Jul_04=2C_2000_at_06:48:18AM_+10?= =?iso-8859-1?Q?00?= References: <20000629234743.A12642@moremagic.com> <20000703234509.D21153@moremagic.com> Message-ID: <20000704184403.B14448@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Jul 04, 2000 at 06:48:18AM +1000, Lauri Myll?ri wrote: [...] > TODO: verify that the rid exists > error connecting to oth.er.pdc.ip:445 (Connection refused) > LSA_OPENSECRET: unknown error > > > smbpasswd -j is not available anymore (suggests using samedit), so Luke, what's the right way to get tng to "join" (realy, trust) another domain from rpcclient? Or how do you do a normal join to a domain, when you don't have admin-access to the pdc and so can't use rpcclient "createuser -j"? (I'm asking, because you disabled smbpasswd) > I used the rpcclient to get the SIDs manually. Well... When I first wrote this, I forgot, that the SIDs are only half the story, the other half are the machine (or in this case interdomain-trustaccount) -passwords... Maybe lsasetsecret can be used to do this... somehow... Luke? [...] Elrond From elrond at samba.org Tue Jul 4 16:47:18 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:21 2003 Subject: two way trust between samba tng pdc and nt pdc In-Reply-To: <395B9EC5.B3965892@grainsystems.com>; from Kevin Colby on Fri, Jun 30, 2000 at 05:11:19AM +1000 References: <20000628184516.B14350@baerbel.mug.maschinenbau.tu-darmstadt.de> <20000629204608.A20448@baerbel.mug.maschinenbau.tu-darmstadt.de> <395B9EC5.B3965892@grainsystems.com> Message-ID: <20000704184718.C14448@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jun 30, 2000 at 05:11:19AM +1000, Kevin Colby wrote: > Elrond wrote: > > On Fri, Jun 30, 2000 at 12:46:18AM +1000, kill -9 wrote: > > > > > > [...] could you or someone please clarify the format of the > > > 'trusted domains=' line? > > > > trusted domains = ntfsind=fsind > > > > Samba needs to know the name of a DC in that domain. > > I understand that it needs the DC name, but I must say this syntax > seems quite bizarre. I don't see how a domain "=" a DC list. [...] hehe... maybe a colon (":") would make more sense? ;) Elrond From elrond at samba.org Tue Jul 4 17:19:21 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:22 2003 Subject: MIgration. in Hell In-Reply-To: <395F6542.B2974AA@conex.com.br>; from satan on Mon, Jul 03, 2000 at 12:53:57AM +1000 References: <395F6542.B2974AA@conex.com.br> Message-ID: <20000704191921.E14448@baerbel.mug.maschinenbau.tu-darmstadt.de> Just one thing, you have to keep in mind: The new users will have new SIDs, and the ACLs inside the ntuser.dat are not letting in that user... so they will get problems with the profile... I've no good idea, how you could fix this in a batch-operation... Elrond On Mon, Jul 03, 2000 at 12:53:57AM +1000, satan wrote: > > Ok, I got a BAD SITUATION NOW, my IT director tell me > that I have 2 > weeks to migrate a windows Nt domaint to a samba > running in the sun > server. > My scenary is: I have 1000 accounts in a windows > domain with roaming > profiles and home directory in 1 PDC, and I have to > migrate them to a > sun machine running solaris. > I am planning my actions, I think so the best is: > 1-Do a Rescue disk on Nt. > 2-Use lophtcrack to open it, and export to samba(this > is a theory). > 3-Create the users on samba. > 4-Open the share home, and do a Drag and drop to > transfer all the homes. > 5-Pray. > > How you can see the step 2 and 5 are the hard thing, > somebody has passed > for this situation? somebody has a migration manual > for desesperate > people? > TnXS! From mjwestkamper at weiinc.com Tue Jul 4 17:43:11 2000 From: mjwestkamper at weiinc.com (Mike) Date: Tue Dec 2 02:30:22 2003 Subject: Startup Message-ID: <3962222F.1D550749@weiinc.com> My latest installation using SAMBA in an NT domain is working well. I have one very flukey problem.. I am using using Linux (RedHat dist 6.2) and the latest stable SAMBA (.07). I have an NT box as the PDC, for now, and a Linux file server with SAMBA and 70 clients. The clients are a mixed bag including older windows 95 clients. Security is domain. It seems where and how I start SAMBA makes a difference on the '95 logons. My question then is... Is there a preferred method for bring SAMBA up on boot? How to start, what parameters and in what sequence? By the way I did RTFM and could not seen to find an answer. Mike From tadams at pbl.ca Tue Jul 4 17:51:17 2000 From: tadams at pbl.ca (Tim Adams) Date: Tue Dec 2 02:30:22 2003 Subject: Connecting to a share from winnt4 Message-ID: <000e01bfe5e0$7536bda0$3cc809c0@wis.pbl.ca> The compile and install seemed to go fine, but I am not able to log a windows machine into the samba share. I have followed the advice on as closely as I could, even to downloading their smb.conf file (with some small modifications; it did not work as it was either). This started a few months ago with the TNG thread, but I did not have time to fiddle with it. There is starting to be a need for some of the PDC functionality of samba in our company again, but I am not sure what else to try. If anyone has an idea, please let me know. Thank you, Tim Adams Programmer/Analyst Information Technology Pollard Banknote Ltd. (204) 474-2323 ext.273 -------------- next part -------------- A non-text attachment was scrubbed... Name: Samba TNG.url Type: application/octet-stream Size: 121 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000704/3839c6b5/SambaTNG.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 1414 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000704/3839c6b5/smb.obj From darren at sandd.co.uk Tue Jul 4 17:37:23 2000 From: darren at sandd.co.uk (Darren Hammond) Date: Tue Dec 2 02:30:22 2003 Subject: Using NT 4.0 WKS and Novell Client In-Reply-To: <14682.46591.750283.920176@wire.cadcamlab.org> References: <3957927A.3A641F8B@sandd.co.uk> <14682.46591.750283.920176@wire.cadcamlab.org> Message-ID: <00070418523300.00755@Server> Sorry for needing that spelt out. I finally got around to trying this today. It has cleared up a few anomolies in MS browsing - thanks, but sadly I still get STOP errors and a blue screen when logging in with the Novell Client. If I uninstall the Novell Client or use the MS one, it works fine. I can even log in as a domain administrator, run scripts, etc. The only binding to Server & Workstation is wins client(tcp/ip). Is this normal? The only other service is Novell Client for Windows NT which is bound to the IPX/SPX compatible Transport. I checked all the bindings before and after the Novell Client was uninstalled. Other than the removal of the Novell Client Service, there was no change Occasionally I see a message refering to an access violation error on winlogon.exe, but I'm not sure if this a symptom rather than a cause. If anyone has any bright ideas, I'd be glad to hear them. For reference, Client is 4.7.1, samba is 2.0.7. smb.conf is based on D.Bannon's example. Darren On Thu, 29 Jun 2000, you wrote: > [Darren Hammond ] > > Unfortunately, the system I've inherited uses Zenworks to distribute > > applications and I believe I need the Novell Client for this. That > > bit works well, so I don't really want to change it. > > I think he meant just go to the "bindings" tab, view "all services" and > make sure services like Server and Workstation are *not* bound to > IPX/SPX but only TCP/IP. > > Peter From pjdc at eircom.net Tue Jul 4 18:04:56 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:22 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: Elrond's message of "Wed, 5 Jul 2000 02:47:25 +1000" References: <20000629234743.A12642@moremagic.com> <20000703234509.D21153@moremagic.com> <20000704184403.B14448@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: >>>>> "Elrond" == Elrond writes: Elrond> Well... When I first wrote this, I forgot, that the SIDs Just to get pedantic, all that is stored in smbpasswd is the RIDs; when you tag a RID onto the domain SID, you have a user's SID. Elrond> are only half the story, the other half are the machine Elrond> (or in this case interdomain-trustaccount) -passwords... Elrond> Maybe lsasetsecret can be used to do this... somehow... The passwords for the machine accounts are in smbpasswd. The inter-domain trust passwords are, as you say, stored as LSA secrets. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Tue Jul 4 18:19:41 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:22 2003 Subject: Using NT 4.0 WKS and Novell Client In-Reply-To: Darren Hammond's message of "Wed, 5 Jul 2000 03:58:10 +1000" References: <3957927A.3A641F8B@sandd.co.uk> <14682.46591.750283.920176@wire.cadcamlab.org> <00070418523300.00755@Server> Message-ID: >>>>> "Darren" == Darren Hammond writes: Darren> Occasionally I see a message refering to an access Darren> violation error on winlogon.exe, but I'm not sure if this Darren> a symptom rather than a cause. I presume that you have reapplied your service pack after each of these network configuration changes (including client installs/reinstalls)? Tedious, I know, but vital. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From D.Bannon at latrobe.edu.au Tue Jul 4 23:08:42 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:22 2003 Subject: Startup In-Reply-To: <3962222F.1D550749@weiinc.com> Message-ID: <3.0.6.32.20000705090842.0087d7a0@bioserve.latrobe.edu.au> At 03:44 AM 05/07/2000 +1000, Mike wrote: >My latest installation using SAMBA in an NT domain is working well. I >have one very flukey problem.. I am using using Linux (RedHat dist 6.2) >and the latest stable SAMBA (.07). I have an NT box as the PDC, for now, >and a Linux file server with SAMBA and 70 clients. The clients are a >mixed bag including older windows 95 clients. Security is domain. It >seems where and how I start SAMBA makes a difference on the '95 logons. >My question then is... > >Is there a preferred method for bring SAMBA up on boot? How to start, >what parameters and in what sequence? The proper way to do it is to have an 'S' call to your startup script in /etc/rc.d/rc3.d (and the 'K' ones too). Or you can be really lazy and just put /usr/local/sbin/samba start in /etc/rc.d/rc.local where the script in /usr/local/sbin/samba is an appropriate startup script. Ther are lots of versions around of suitable scripts. I use the following (based on origional RH stuff I think) : #!/bin/sh # # See how we were called. case "$1" in start) echo -n "Starting SMB services: " daemon /usr/local/samba/bin/smbd -D daemon /usr/local/samba/bin/nmbd -D echo touch /var/lock/subsys/smb ;; stop) echo -n "Shutting down SMB services: " killproc smbd killproc nmbd rm -f /var/lock/subsys/smb echo "" ;; who) /usr/local/samba/bin/smbstatus -b ;; pw) vi /usr/local/samba/private/smbpasswd ;; conf) vi /usr/local/samba/lib/smb.conf ;; status) status /usr/local/samba/bin/smbd status /usr/local/samba/bin/nmbd ;; restart) echo -n "Restarting SMB services: " $0 stop $0 start echo "done." ;; *) echo "Usage: smb {start|stop|restart|status|conf|who|pw}" exit 1 esac The only important thing about how you start it is that it must be started as a daemon. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Wed Jul 5 01:47:33 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:22 2003 Subject: Samba 2.0.7 RPM Message-ID: <396293B5.DD083BF8@xavier.sa.edu.au> Hi, I grabbed the 2.0.7-4 RPMS from the redhat updates FTP site for RH Linux 6.2. Does anyone know which features have been compiled in? To be more specific, I want to play with the utmp feature, on one of my boxes and am unsure what RedHat have done. Sorry for those who don't use the RPMS or Stable versions of Samba ;-). Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From skvidal at phy.duke.edu Wed Jul 5 01:39:32 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:22 2003 Subject: Samba 2.0.7 RPM In-Reply-To: <396293B5.DD083BF8@xavier.sa.edu.au> Message-ID: > I grabbed the 2.0.7-4 RPMS from the redhat updates FTP site for RH Linux > 6.2. Does anyone know which features have been compiled in? To be more > specific, I want to play with the utmp feature, on one of my boxes and > am unsure what RedHat have done. > check the srpms - the spec file will show you the configure line. -sv From mgeddes at xavier.sa.edu.au Wed Jul 5 02:56:14 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:22 2003 Subject: Samba 2.0.7 RPM References: Message-ID: <3962A3CE.4D1E6EB3@xavier.sa.edu.au> Seth Vidal wrote: > check the srpms - the spec file will show you the configure line. [Matt kicks himself quite hard]. Thanks, sorry for *that* waste of your time. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From lkcl at samba.org Wed Jul 5 11:17:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:22 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: <20000704184403.B14448@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Tue, 4 Jul 2000, Elrond wrote: > On Tue, Jul 04, 2000 at 06:48:18AM +1000, Lauri Myll?ri wrote: > [...] > > TODO: verify that the rid exists > > error connecting to oth.er.pdc.ip:445 (Connection refused) > > LSA_OPENSECRET: unknown error > > > > > > smbpasswd -j is not available anymore (suggests using samedit), so > > Luke, what's the right way to get tng to "join" (realy, > trust) another domain from rpcclient? > > Or how do you do a normal join to a domain, when you don't > have admin-access to the pdc and so can't use rpcclient > "createuser -j"? if you don't have the admin access to the pdc, you can't do *anything* that's the whole point of domain security. so createuser WKSTANAME$ -j DOMAINNAME it is. From simo.sorce at polimi.it Wed Jul 5 11:59:29 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:22 2003 Subject: Using NT 4.0 WKS and Novell Client References: <3957927A.3A641F8B@sandd.co.uk> <14682.46591.750283.920176@wire.cadcamlab.org> <00070418523300.00755@Server> Message-ID: <39632321.D054CF01@polimi.it> Paul J Collins wrote: > > >>>>> "Darren" == Darren Hammond writes: > > Darren> Occasionally I see a message refering to an access > Darren> violation error on winlogon.exe, but I'm not sure if this > Darren> a symptom rather than a cause. > > I presume that you have reapplied your service pack after each of > these network configuration changes (including client > installs/reinstalls)? Tedious, I know, but vital. > > Paul. > Paul is right, reapplyng service pack is vital, if however your problem persist I think the Novell Client, assusmes some kind of data normally set by an NT PDC (but not by samba 2.0.x) on logon answer to be set and crashes on a non tested condition. If this is the case it would be interesting to see what would happen with PDC support from samba TNG (that is more complete than 2.0.x). -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Wed Jul 5 12:07:34 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:22 2003 Subject: MIgration. in Hell References: <395F6542.B2974AA@conex.com.br> <20000704191921.E14448@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <39632506.DA6C8755@polimi.it> Elrond wrote: > > Just one thing, you have to keep in mind: > > The new users will have new SIDs, and the ACLs inside the > ntuser.dat are not letting in that user... so they will get > problems with the profile... > > I've no good idea, how you could fix this in a > batch-operation... if all the users profile are in the same directory and the profile directory has exactly the same name of the unix user than after creating the user account in passwd you may simply make a scipt like this: --------------------cut here------------ #!/bin/bash cd /path/to/profiles for i in * do chown $i $i done --------------------cut here------------ > > Elrond > > On Mon, Jul 03, 2000 at 12:53:57AM +1000, satan wrote: > > > > Ok, I got a BAD SITUATION NOW, my IT director tell me > > that I have 2 > > weeks to migrate a windows Nt domaint to a samba > > running in the sun > > server. > > My scenary is: I have 1000 accounts in a windows > > domain with roaming > > profiles and home directory in 1 PDC, and I have to > > migrate them to a > > sun machine running solaris. > > I am planning my actions, I think so the best is: > > 1-Do a Rescue disk on Nt. > > 2-Use lophtcrack to open it, and export to samba(this > > is a theory). > > 3-Create the users on samba. > > 4-Open the share home, and do a Drag and drop to > > transfer all the homes. > > 5-Pray. > > > > How you can see the step 2 and 5 are the hard thing, > > somebody has passed > > for this situation? somebody has a migration manual > > for desesperate > > people? > > TnXS! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mkuhne at microsoft.com Wed Jul 5 12:19:46 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:30:22 2003 Subject: AW: MIgration. in Hell Message-ID: <11035FE077A22746A2C1AD1426D403EC68BD3E@muc-msg-01.europe.corp.microsoft.com> No way, the ACLs that restrict access are inside ntuser.dat regards Martin -----Ursprüngliche Nachricht----- Von: Simo Sorce [mailto:simo.sorce@polimi.it] Gesendet: Mittwoch, 5. Juli 2000 14:10 An: Multiple recipients of list SAMBA-NTDOM Betreff: Re: MIgration. in Hell Elrond wrote: > > Just one thing, you have to keep in mind: > > The new users will have new SIDs, and the ACLs inside the > ntuser.dat are not letting in that user... so they will get > problems with the profile... > > I've no good idea, how you could fix this in a > batch-operation... if all the users profile are in the same directory and the profile directory has exactly the same name of the unix user than after creating the user account in passwd you may simply make a scipt like this: --------------------cut here------------ #!/bin/bash cd /path/to/profiles for i in * do chown $i $i done --------------------cut here------------ > > Elrond > > On Mon, Jul 03, 2000 at 12:53:57AM +1000, satan wrote: > > > > Ok, I got a BAD SITUATION NOW, my IT director tell me > > that I have 2 > > weeks to migrate a windows Nt domaint to a samba > > running in the sun > > server. > > My scenary is: I have 1000 accounts in a windows > > domain with roaming > > profiles and home directory in 1 PDC, and I have to > > migrate them to a > > sun machine running solaris. > > I am planning my actions, I think so the best is: > > 1-Do a Rescue disk on Nt. > > 2-Use lophtcrack to open it, and export to samba(this > > is a theory). > > 3-Create the users on samba. > > 4-Open the share home, and do a Drag and drop to > > transfer all the homes. > > 5-Pray. > > > > How you can see the step 2 and 5 are the hard thing, > > somebody has passed > > for this situation? somebody has a migration manual > > for desesperate > > people? > > TnXS! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Wed Jul 5 12:50:58 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:22 2003 Subject: AW: MIgration. in Hell References: <11035FE077A22746A2C1AD1426D403EC68BD3E@muc-msg-01.europe.corp.microsoft.com> Message-ID: <39632F32.86C83385@polimi.it> Martin Kuhne wrote: > > No way, the ACLs that restrict access are inside ntuser.dat > > regards > Martin > Ok there was a misunderstaing. I thought we were talking about permissions on the file system. Well my previous answer will make the home usable by the users as samba will authenticate file requests accordingly to the user's unix requests. A different story is the acl's on the registry saved into the ntuser.dat files. But at this point you may perform another operation: -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From peter at cadcamlab.org Wed Jul 5 12:59:12 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:23 2003 Subject: MIgration. in Hell References: <395F6542.B2974AA@conex.com.br> <20000704191921.E14448@baerbel.mug.maschinenbau.tu-darmstadt.de> <39632506.DA6C8755@polimi.it> Message-ID: <14691.12400.703351.770474@wire.cadcamlab.org> [Simo Sorce ] > #!/bin/bash > cd /path/to/profiles > for i in * > do > chown $i $i > done No good. The access control lists are stored *inside* the ntuser.dat files, so it's not just a simple matter of chmod or chown. ): This is why we Unix people just *love* the concept of opaque binary on-disk structures, as opposed to text files. (That's why there has been some resistance to the growing pervasiveness of *.tdb files in Samba, which we're trying to alleviate by making it easy to convert these to/from plain text.) Peter From kevinc at grainsystems.com Wed Jul 5 13:13:51 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:23 2003 Subject: two way trust between samba tng pdc and nt pdc References: <20000628184516.B14350@baerbel.mug.maschinenbau.tu-darmstadt.de> <20000629204608.A20448@baerbel.mug.maschinenbau.tu-darmstadt.de> <395B9EC5.B3965892@grainsystems.com> <20000704184718.C14448@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <3963348F.23D33B74@grainsystems.com> Elrond wrote: > Kevin Colby wrote: > > Elrond wrote: > > > kill -9 wrote: > > > > > > > > [...] could you or someone please clarify the format of the > > > > 'trusted domains=' line? > > > > > > trusted domains = ntfsind=fsind > > > > > > Samba needs to know the name of a DC in that domain. > > > > I understand that it needs the DC name, but I must say this syntax > > seems quite bizarre. I don't see how a domain "=" a DC list. > [...] > > hehe... maybe a colon (":") would make more sense? ;) Actually, that would make quite a bit more sense. - Kevin Colby kevinc@grainsystems.com From elrond at samba.org Wed Jul 5 13:40:55 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:23 2003 Subject: MIgration. in Hell In-Reply-To: <39632506.DA6C8755@polimi.it>; from Simo Sorce on Wed, Jul 05, 2000 at 10:08:39PM +1000 References: <395F6542.B2974AA@conex.com.br> <20000704191921.E14448@baerbel.mug.maschinenbau.tu-darmstadt.de> <39632506.DA6C8755@polimi.it> Message-ID: <20000705154055.A16930@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi, On Wed, Jul 05, 2000 at 10:08:39PM +1000, Simo Sorce wrote: > Elrond wrote: > > > > Just one thing, you have to keep in mind: > > > > The new users will have new SIDs, and the ACLs inside the ~~~~~~~~~~ > > ntuser.dat are not letting in that user... so they will get ~~~~~~~~~~ > > problems with the profile... > > > > I've no good idea, how you could fix this in a > > batch-operation... > > if all the users profile are in the same directory and the profile > directory has exactly the same name of the unix user than after creating > the user account in passwd you may simply make a scipt like this: > --------------------cut here------------ > #!/bin/bash > cd /path/to/profiles > for i in * > do > chown $i $i chown -R $i $i > done > --------------------cut here------------ Well, that fixes the unix-permissions, of course you have to do that too. The problem is: There's a file called ntuser.dat inside the profile, and this file contains (inside it!) also ACLs, that only allow the old user to read/modify it. The new User will not be able to read/modify it... Fixing this for one ntuser.dat isn't a problem, there are numerous methods to do it (regedt32, System Control, ...) But I don't know a method to do it in a batch operation. Elrond [...] From simo.sorce at polimi.it Wed Jul 5 13:42:35 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:23 2003 Subject: AW: MIgration. in Hell References: <11035FE077A22746A2C1AD1426D403EC68BD3E@muc-msg-01.europe.corp.microsoft.com> Message-ID: <39633B4B.A31F27A@polimi.it> Martin Kuhne wrote: > > No way, the ACLs that restrict access are inside ntuser.dat > > regards > Martin > Sorry for the previous incomplete answer! Ok there was a misunderstaing. I thought we were talking about permissions on the file system. Well my previous answer will make the home usable by the users as samba will authenticate file requests accordingly to the user's unix requests. A different story is the acl's on the registry saved into the ntuser.dat files. But at this point you may perform another operation: I've not tested this operation on a samba domain, but the copy profile option in Control Panel -> System Properties -> User Profiles provides the possibility to change an user profile ownership while copying it. Certainly it would be a pain an should be done only if maintaing a new profile is needed (otherwise removing ntuser.dat file will make winnt recrate a new one from the default profile). Remember that files placed on the desktop are in the profile directory so removing the entire profile may leed to the loosing of those files. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From elrond at samba.org Wed Jul 5 14:32:20 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:23 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: ; from Luke Kenneth Casson Leighton on Wed, Jul 05, 2000 at 09:20:33PM +1000 References: <20000704184403.B14448@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000705163220.B16930@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Jul 05, 2000 at 09:20:33PM +1000, Luke Kenneth Casson Leighton wrote: > On Tue, 4 Jul 2000, Elrond wrote: > > > On Tue, Jul 04, 2000 at 06:48:18AM +1000, Lauri Myll?ri wrote: > > [...] > > > TODO: verify that the rid exists > > > error connecting to oth.er.pdc.ip:445 (Connection refused) > > > LSA_OPENSECRET: unknown error > > > > > > > > > smbpasswd -j is not available anymore (suggests using samedit), so > > > > Luke, what's the right way to get tng to "join" (realy, > > trust) another domain from rpcclient? > > > > Or how do you do a normal join to a domain, when you don't > > have admin-access to the pdc and so can't use rpcclient > > "createuser -j"? > > if you don't have the admin access to the pdc, you can't do *anything* > that's the whole point of domain security. Well, for interdom trusts you don't need _direct_ admin acces. You give the admin of the other pdc a phone call, he sets up the other side and gives you a pw for the trust, then you setup your side with that pw. Okay, let's say, we have ntdom with ntpdc and sambadom with sambapdc. In these examples here, we want the sambapdc to trust the ntpdc. So what happens: sambaadmin asks the ntadmin to do his stuff. ntadmin does the stuff in the usrmgr, what effectively happens is: ntpdc> createuser -i sambadom$ -p foosecret sambaadmin now knows the pw. he must a) create a NTDOM.SID b) setup the lsasecret to contain the pw (foosecret), so samba can use the trust-relationship. So? How to do that from rpcclient? You can do that from usrmgr, you just select "add a new domain, that we trust", enter the domain name and the pw. that's all. (But I don't think, we have yet decoded all the stuff, that's needed for that, and I'm currently not realy in the position to test that all properly.) The same question arises when you want to join a domain and use the "unsecure" way (pw==machinename). Elrond From ralf at is.rice.edu Wed Jul 5 16:32:40 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:30:23 2003 Subject: Samba Bug? In-Reply-To: <14687.7964.667853.363527@wire.cadcamlab.org> Message-ID: I had the same situation with swat reporting that neither nmbd nor smbd were running. I believe I fixed it with the interfaces parameter. I think I remember adding localhost (127.0.0.1) to the conf file. Now this was quite a long time ago. If I'm mistaken, please pardon me. Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Sun, 2 Jul 2000, Peter Samuelson wrote: > > [Elijah Savage ] > > swat under server status. It states that smbd and nmbd are not > > running. But of course I know it is. Is this a bug with samba or > > swat? > > This might happen if you run smbd and nmbd out of inetd. Can't confirm > or deny, as I've never tried swat. > > Peter > From ralf at is.rice.edu Wed Jul 5 16:40:39 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:30:23 2003 Subject: MIgration. in Hell In-Reply-To: <395FC871.9DE7D8FB@xavier.sa.edu.au> Message-ID: Is there something to go the other way around? From samba password file to NT SAM??? Not that I want to migrate to NT. But I do have the need for someting of that nature. Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Mon, 3 Jul 2000, Matthew Geddes wrote: > satan wrote: > > > > Ok, I got a BAD SITUATION NOW, my IT director tell me > > > Try using pwdump (I think it's on the samba.org FTP site). It will turn > your SAM database into a nice shiny smbpasswd file. Man I wish I had a > sun server to run Samba on.... > > Good luck, > > Matt > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > From simo.sorce at polimi.it Wed Jul 5 16:50:30 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:23 2003 Subject: MIgration. in Hell References: Message-ID: <39636756.83B2E3B3@polimi.it> Alfredo Ramos wrote: > > Is there something to go the other way around? From samba password file to > NT SAM??? Not that I want to migrate to NT. But I do have the need for > someting of that nature. > > Thanks; > > Al. > making a samba TNG the BDC of an NT PDC and pushing the users from there would be a solution but I don't know if samba TNG is able to do this at now! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From gene_yee at hotmail.com Wed Jul 5 17:03:14 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:30:23 2003 Subject: Where to grab latest TNG? Message-ID: <20000705170314.3706.qmail@hotmail.com> Subject speaks for itself. Thanks. ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com From ralf at is.rice.edu Wed Jul 5 17:44:13 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:30:23 2003 Subject: MIgration. in Hell In-Reply-To: <39636756.83B2E3B3@polimi.it> Message-ID: Thanks Simo, but do you mean perhaps, making the NT a BDC and samba the PDC?? The syncronization is a one way process. It goes PDC->BDC. I have not been able to test that option. I'm having problems trying to make samba_tng work to the point where I'm able to join the domain from a workstation. Thanks for the reply though. Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Wed, 5 Jul 2000, Simo Sorce wrote: > Alfredo Ramos wrote: > > > > Is there something to go the other way around? From samba password file to > > NT SAM??? Not that I want to migrate to NT. But I do have the need for > > someting of that nature. > > > > Thanks; > > > > Al. > > > > making a samba TNG the BDC of an NT PDC and pushing the users from there > would be a solution but I don't know if samba TNG is able to do this at > now! > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! > From darren at sandd.co.uk Wed Jul 5 17:31:52 2000 From: darren at sandd.co.uk (Darren Hammond) Date: Tue Dec 2 02:30:23 2003 Subject: Using NT 4.0 WKS and Novell Client In-Reply-To: <39632321.D054CF01@polimi.it> References: <39632321.D054CF01@polimi.it> Message-ID: <00070518371800.00737@Server> I'm not sure I reapplied it after every change. It certainly was the last thing I did on the test workstation Still no joy with SP4. I suspect a later SP will not have much effect. I will try SP6A tomorrow anyway when I find the disk. I haven't tried the Terminal Servers yet. (SP5) I'm going to download TNG at the weekend and start looking at that. On Wed, 05 Jul 2000, you wrote: > Paul J Collins wrote: > > > > >>>>> "Darren" == Darren Hammond writes: > > > > Darren> Occasionally I see a message refering to an access > > Darren> violation error on winlogon.exe, but I'm not sure if this > > Darren> a symptom rather than a cause. > > > > I presume that you have reapplied your service pack after each of > > these network configuration changes (including client > > installs/reinstalls)? Tedious, I know, but vital. > > > > Paul. > > > > Paul is right, reapplyng service pack is vital, > if however your problem persist I think the Novell Client, assusmes some > kind of data normally set by an NT PDC (but not by samba 2.0.x) on logon > answer to be set and crashes on a non tested condition. > If this is the case it would be interesting to see what would happen > with PDC support from samba TNG (that is more complete than 2.0.x). > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! From mjwestkamper at weiinc.com Wed Jul 5 17:49:39 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:23 2003 Subject: Yet another oddity Message-ID: <39637533.F5FB081A@weiinc.com> To recap.. my latest installation using SAMBA in an NT domain is working well. I am using using Linux (RedHat dist 6.2) and the latest stable SAMBA (.07). I have an NT box as the PDC, for now, and a Linux file server with SAMBA and 70 clients. The clients are a mixed bag including older windows 95 clients. Security is domain. Here is the oddity... We suffered a blue screen of death on the NT PDC. The Linux/SAMBA server remained on-line. Upon reboot of the PDC nobody could log on. A little investigation points to the fact the Linux/SAMBA apparently took over as the PDC or at least partially so. The NT box reported that there was another PDC for the domain. I had to turn SAMBA off then re-boot the PDC then start SAMBA to restore "normal" operation. Is this the way it works? Any comments would be appreciated... Mike From lkcl at samba.org Wed Jul 5 17:53:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:23 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: <20000705163220.B16930@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > Well, for interdom trusts you don't need _direct_ admin > acces. ah, in that case you will need local admin. for sever wksta, you need two admin accounts and two admin passwords. for inter-dom, you need one, and the trusting passwd. > You give the admin of the other pdc a phone call, he > sets up the other side and gives you a pw for the trust, > then you setup your side with that pw. > > Okay, let's say, we have ntdom with ntpdc and sambadom with > sambapdc. > > In these examples here, we want the sambapdc to trust the > ntpdc. So what happens: > > sambaadmin asks the ntadmin to do his stuff. > > ntadmin does the stuff in the usrmgr, what effectively > happens is: > ntpdc> createuser -i sambadom$ -p foosecret > > sambaadmin now knows the pw. > > he must > a) create a NTDOM.SID > b) setup the lsasecret to contain the pw (foosecret), so > samba can use the trust-relationship. > > So? How to do that from rpcclient? i forget :) there is a -i [inter-domain] option to createuser. i haven;t set up an inter-domain trust relationship for about 6 months. From elrond at samba.org Wed Jul 5 18:34:42 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:23 2003 Subject: Where to grab latest TNG? In-Reply-To: <20000705170314.3706.qmail@hotmail.com>; from Gene Yee on Thu, Jul 06, 2000 at 03:04:30AM +1000 References: <20000705170314.3706.qmail@hotmail.com> Message-ID: <20000705203442.A17092@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Jul 06, 2000 at 03:04:30AM +1000, Gene Yee wrote: > > Subject speaks for itself. Thanks. > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com http://www.kneschke.de/projekte/samba_tng/ http://samba.org/cvs.html What about reading the FAQ? Elrond, who has no idea, why he's answering... From oakie at tamu.edu Wed Jul 5 18:52:25 2000 From: oakie at tamu.edu (Kenneth Oakeson) Date: Tue Dec 2 02:30:23 2003 Subject: Samba And and NetApp Filer Message-ID: <00d301bfe6b2$28f31650$51fb5ba5@tamu.edu> I need some help. I can map the NetApp filer, but when I do a 'ls' in the directory I get errors. Saying that the file or directory does not exist and I know the directories and files do, you can see them when you map the NetApp with NT. If you know the name of the directory you can change into it. I can also map NT with samba just fine with no problems. The NetApp is running a CIFS server so it should work. Also it will show some files in the root of a drive or folder once you change into it, but the last character on every file is missing. I think this might be a bug in samba but it could be a bug in the NetApp, Please help. Does anyone have any ideas. Kenneth Oakeson Microcomputer Specialist LAN Systems Support Texas A&M University *************************** Office: 862-1631 email: oakie@tamu.edu *************************** From zen at t-linux.com Thu Jul 6 10:27:14 2000 From: zen at t-linux.com (ZEN el GUAY) Date: Tue Dec 2 02:30:23 2003 Subject: Yet another oddity In-Reply-To: <39637533.F5FB081A@weiinc.com> References: <39637533.F5FB081A@weiinc.com> Message-ID: <00070606343200.00467@odin.t-linux.com> > > Here is the oddity... > > We suffered a blue screen of death on the NT PDC. The Linux/SAMBA server > remained on-line. Upon reboot of the PDC nobody could log on. A little > investigation points to the fact the Linux/SAMBA apparently took over as > the PDC or at least partially so. The NT box reported that there was > another PDC for the domain. > > I had to turn SAMBA off then re-boot the PDC then start SAMBA to restore > "normal" operation. Is this the way it works? > As far as I concern, everytime NT PDC was in trouble, their rpc remains online. So when they restarted, any connection must be re-established, including from Samba box. This happened to me some time ago. Otherwise no one could be able to log on. Or... this is something that I got surprise: any users even the non-exixtence users will be able to login to PDC... ( I experienced this once when using NT with SP4)... +++++++++++++++++++++++++++ FOOTBALLL WITHOUT FRONTIER +++++++++++++++++++++++++++ Let there be peace on Earth through football EURO 2000 ZEN O->^ (el GUAY) ======================== T-Linux It's Linux Time! zen@t-linux.com http://www.t-linux.com ======================== From mgeddes at xavier.sa.edu.au Wed Jul 5 23:30:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:23 2003 Subject: MIgration. in Hell References: Message-ID: <3963C51B.46F2A15B@xavier.sa.edu.au> Alfredo Ramos wrote: > > Is there something to go the other way around? From samba password file to > NT SAM??? Not that I want to migrate to NT. But I do have the need for > someting of that nature. > Apparently l0phtcrack is good at cracking LANMAN/NT passwords. ;-). -- Matthew Geddes Network Manager Xavier College Gawler, SA From pjdc at eircom.net Wed Jul 5 20:40:28 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:23 2003 Subject: Yet another oddity In-Reply-To: Mike Westkamper's message of "Thu, 6 Jul 2000 03:53:02 +1000" References: <39637533.F5FB081A@weiinc.com> Message-ID: >>>>> "Mike" == Mike Westkamper writes: Mike> We suffered a blue screen of death on the NT PDC. The Mike> Linux/SAMBA server remained on-line. Upon reboot of the PDC Mike> nobody could log on. A little investigation points to the Mike> fact the Linux/SAMBA apparently took over as the PDC or at Mike> least partially so. The NT box reported that there was Mike> another PDC for the domain. It sounds like Samba has been configured to compete with the PDC in the browser elections, and NT-based PDCs expect to be domain master browser and local master browser (I think). As a quick test, try setting the following in the [global] section of smb.conf: domain master = local master = no preferred master = no os level = 0 and then try booting the Samba box followed by the NT PDC. However, seeing the in smb.conf question would be a help. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From mgeddes at xavier.sa.edu.au Thu Jul 6 03:48:11 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:23 2003 Subject: Yet another oddity References: <39637533.F5FB081A@weiinc.com> Message-ID: <3964017B.AD80322D@xavier.sa.edu.au> Paul J Collins wrote: > It sounds like Samba has been configured to compete with the PDC in > the browser elections, and NT-based PDCs expect to be domain master > browser and local master browser (I think). As a quick test, try > setting the following in the [global] section of smb.conf: > > domain master = > local master = no > preferred master = no > os level = 0 I have found that doing this with Samba can quite often leave you off the browse list. I usually have everything set to yes, but have a low os level. It forces an election that it will always lose. It usually makes it appear in the browse list. Also, We have a couple of Windows 98 (first and second edition) laptops which occasionally steal Master browser status from the PDC. Not sure what's up with *that*. ;-) Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From GLeblanc at cu-portland.edu Thu Jul 6 03:43:53 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:23 2003 Subject: Yet another oddity Message-ID: > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Wednesday, July 05, 2000 8:34 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Yet another oddity > > Paul J Collins wrote: > > > It sounds like Samba has been configured to compete with the PDC in > > the browser elections, and NT-based PDCs expect to be domain master > > browser and local master browser (I think). As a quick test, try > > setting the following in the [global] section of smb.conf: > > > > domain master = > > local master = no > > preferred master = no > > os level = 0 > > I have found that doing this with Samba can quite often leave you off > the browse list. I usually have everything set to yes, but > have a low os > level. It forces an election that it will always lose. It > usually makes > it appear in the browse list. > > Also, We have a couple of Windows 98 (first and second > edition) laptops > which occasionally steal Master browser status from the PDC. Not sure > what's up with *that*. ;-) It's pretty simple, probably. I'm willing to bet that these machines have file and printer sharing installed on them. If not, they're you're totally SOL, because they shouldn't even be able to act as master browsers without it. To fix it, open the properties for MS file/printer sharing, and turn "Browse Master" to DISABLED. If that doesn't fix it, then you've got some other issues on your network... Later, Grego From tom at ee.ucl.ac.uk Thu Jul 6 11:10:04 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:30:23 2003 Subject: samba-TNG cvs update 6/7/00 11:00 doesn't compile Message-ID: <200007061110.MAA25379@picard.ee.ucl.ac.uk> Hello, samba-TNG cvs 6/7/00 11:00 BST gcc 2.8.1 Solaris 7 Sparc64 This doesn't compile. The problem seems to be on line 1026 of rpc_parse/parse_misc.c prs_unistr3 should be _prs_unistr3 according to the definition in parse_prs.c Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From raub at gator.net Thu Jul 6 12:56:51 2000 From: raub at gator.net (Mauricio Tavares) Date: Tue Dec 2 02:30:24 2003 Subject: Quick smbpasswd question Message-ID: <3.0.6.32.20000706085651.00813950@mail.gator.net> interceptor# ./smbpasswd -a raubvogel User "raubvogel" was not found in system password file. interceptor# Do the users that will access the samba server (or, the users in the network) have to be defined in the /etc/passwd file too? From fricke at Team.OWL-Online.DE Thu Jul 6 13:09:20 2000 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:30:24 2003 Subject: Antwort: Quick smbpasswd question Message-ID: Yes the users must have an entry in /etc/passwd -------------------------------------- Mit freundlichen Gr??en Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51-115 ...keep on headbangin? , that rocks!!! From johan.ostensson at orebro.lantmen.se Thu Jul 6 13:22:58 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:24 2003 Subject: Quick smbpasswd question Message-ID: <20000706132243Z25773591-25578+7405@samba.org> quick answer(probably well documented): yes /johan Johan ?stensson johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) note to Mauricio: sorry for sending you double mail, sometimes I'm way to fast :) > -----Ursprungligt meddelande----- > Fr?n: Mauricio Tavares [mailto:raub@gator.net] > Skickat: den 6 juli 2000 14:58 > Till: johan.ostensson@orebro.lantmen.se; Multiple recipients of list > SAMBA-NTDOM > ?mne: Quick smbpasswd question > > > interceptor# ./smbpasswd -a raubvogel > User "raubvogel" was not found in system password file. > interceptor# > > Do the users that will access the samba server (or, the users in the > network) have to be defined in the /etc/passwd file too? > From mg at plum.de Thu Jul 6 13:12:36 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:24 2003 Subject: Quick smbpasswd question References: <3.0.6.32.20000706085651.00813950@mail.gator.net> Message-ID: <007701bfe74b$dc06cd60$0b04010a@plum.int> > interceptor# ./smbpasswd -a raubvogel > User "raubvogel" was not found in system password file. > interceptor# > > Do the users that will access the samba server (or, the users in the > network) have to be defined in the /etc/passwd file too? quick answer: YES (even the machine accounts have to. Important for $HOME) regards, Michael From larry at pkunk.net Thu Jul 6 13:29:21 2000 From: larry at pkunk.net (Lawrence Cotnam Jr.) Date: Tue Dec 2 02:30:24 2003 Subject: Quick smbpasswd question In-Reply-To: <3.0.6.32.20000706085651.00813950@mail.gator.net> Message-ID: | -----Original Message----- | From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of | Mauricio Tavares | Sent: Thursday, July 06, 2000 5:59 AM | To: Multiple recipients of list SAMBA-NTDOM | Subject: Quick smbpasswd question | | | interceptor# ./smbpasswd -a raubvogel | User "raubvogel" was not found in system password file. | interceptor# | | Do the users that will access the samba server (or, the users in the | network) have to be defined in the /etc/passwd file too? | | Yes. Lawrence Cotnam Jr. (775) 337-2536 email: larry@pkunk.net From ulf.ziemann at prodesigncad.de Thu Jul 6 13:40:37 2000 From: ulf.ziemann at prodesigncad.de (Ulf Ziemann) Date: Tue Dec 2 02:30:24 2003 Subject: Quick smbpasswd question In-Reply-To: <3.0.6.32.20000706085651.00813950@mail.gator.net> Message-ID: <3964A875.1613.3DA6A7@localhost> Yes ! Have a look at the man-pages :-) Ulf Am Donnerstag, 6. Juli 2000 um 22:57 schrieb Mauricio Tavares : > interceptor# ./smbpasswd -a raubvogel > User "raubvogel" was not found in system password file. > interceptor# > > Do the users that will access the samba server (or, the users in the > network) have to be defined in the /etc/passwd file too? > > -- Dipl.-Ing. Ulf Ziemann Hochheimer Stra?e 47 - 99094 Erfurt FON : 0361 / 78930-70 FAX : 0361 / 78930-80 E-MAIL : ulf.ziemann@prodesigncad.de From nord at cdt.luth.se Thu Jul 6 13:36:48 2000 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:30:24 2003 Subject: configure options Message-ID: <39648B70.B675575E@cdt.luth.se> Hi, I got an updated TBNG today and am about to compile but I'm a little confused on some of the compile options. (RH Linux 2.2.16 kernel) Could someone answer the following please? What is --with-smbwrapper ? I want to be able to do DFS alla NT ie access \\mymachine\sharename\dir but actually get \\someothermachine\sharename\dir but which of the following options do I use? --with-dfs --with-msdfs Whats the difference between them? --with-ldap --with-nt5ldap --with-sam-pwdb={passdb,tdb,nt5ldap} Which do I need to be able to store account info in an LDAP server? Is there someone who has put together a good samba/ldap FAQ? --with-ssl Will this build me a server capable of talking both SSL and non SSL or will I need to compile one with-ssl and one without ssl? Will the --with-ssl comunicate directly with the Win2k SSL/TLS SMB features? Thanks for your help, /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From simo.sorce at polimi.it Thu Jul 6 13:38:08 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:24 2003 Subject: Quick smbpasswd question References: <3.0.6.32.20000706085651.00813950@mail.gator.net> Message-ID: <39648BC0.FF34B0D3@polimi.it> Mauricio Tavares wrote: > > interceptor# ./smbpasswd -a raubvogel > User "raubvogel" was not found in system password file. > interceptor# > > Do the users that will access the samba server (or, the users in the > network) have to be defined in the /etc/passwd file too? yes, you must have a valid user entry in your passwd. If you do not need users to log on on the unix machine I may suggest to add the following in passwd ex: raubvogel:*nologin*:501:100:Samba User:/:/bin/false -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From J.L.Gilmour at exeter.ac.uk Thu Jul 6 13:49:41 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:30:24 2003 Subject: Samba as PDC - unix/windows passwords Message-ID: <1853110.200007061349@olib> As I understand things, you _must_ have 'encrypt passwords' set to yes in order for NT clients to sucessfully join a domain, etc. But to authenticate NT users from the Unix password file, 'encrypt passwords' needs to be set to no. In other words, am I right in thinking I can't have a Samba server as PDC *and* use the Unix password file? 'twould be a great shame if this is the case... Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From Yoann.Dubreuil at ens.insa-rennes.fr Thu Jul 6 14:01:59 2000 From: Yoann.Dubreuil at ens.insa-rennes.fr (Yoann Dubreuil) Date: Tue Dec 2 02:30:25 2003 Subject: samba-TNG cvs update 6/7/00 11:00 doesn't compile Message-ID: <200007061401.QAA02812@diabolo.ens.insa-rennes.fr> Try this fix, it should be okay: remplace : if (!prs_unistr3(True,"unistr",name,ps,depth)) return False; by prs_unistr3(True, "unistr", name, ps, depth); (An #define do the job in include/rpc_misc.h) I got a question too: how does samedit work ? (it remplaces smbpasswd, but how can i create the first user before i set my server up) From kevinc at grainsystems.com Thu Jul 6 14:11:02 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords References: <1853110.200007061349@olib> Message-ID: <39649376.74D1EA1F@grainsystems.com> J.L.Gilmour@exeter.ac.uk wrote: > > In other words, am I right in thinking I can't have a Samba server as > PDC *and* use the Unix password file? Not directly, no. You can get both files running in sync though. Actually, if you can use a PAM, you don't need to worry about passwords, just the users' existence. Winbind would, I think, lighten even that burden, but it is still very new. - Kevin Colby kevinc@grainsystems.com From simo.sorce at polimi.it Thu Jul 6 14:21:41 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords References: <1853110.200007061349@olib> Message-ID: <396495F5.9BBFFEF1@polimi.it> J.L.Gilmour@exeter.ac.uk wrote: > > As I understand things, you _must_ have 'encrypt passwords' set to yes in > order for NT clients to sucessfully join a domain, etc. > > But to authenticate NT users from the Unix password file, 'encrypt passwords' > needs to be set to no. > > In other words, am I right in thinking I can't have a Samba server as PDC > *and* use the Unix password file? > > 'twould be a great shame if this is the case... > If you have no problems to have clear text password floating on your lan, than after SP3 you have to change a registry in NT 4 to let him accept plain text password again. Doing this you may set encrypt passwords to no and unix password sync to yes I don't mind the exact registry setting but you will certainly find it searching this list or documentation. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From J.L.Gilmour at exeter.ac.uk Thu Jul 6 14:38:01 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords In-Reply-To: <396495F5.9BBFFEF1@polimi.it> from "Simo Sorce" at Jul 6, 2000 04:21:41 pm Message-ID: <1837525.200007061438@olib> Simo wrote: > If you have no problems to have clear text password floating on your > lan, than after SP3 you have to change a registry in NT 4 to let him > accept plain text password again. In this case the password's are already going unencrypted across the network between Unix boxes. > Doing this you may set encrypt passwords to no and unix password sync to > yes Yes, but once you set 'encrypt passwords' to no, the Samba server can't be a PDC. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From bgmilne at ing.sun.ac.za Thu Jul 6 14:41:20 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords References: <1853110.200007061349@olib> <396495F5.9BBFFEF1@polimi.it> Message-ID: <39649A90.3994A4C6@ing.sun.ac.za> But I don't think NT will even allow domain logons then. Simo Sorce wrote: > > J.L.Gilmour@exeter.ac.uk wrote: > > > > As I understand things, you _must_ have 'encrypt passwords' set to yes in > > order for NT clients to sucessfully join a domain, etc. > > > > But to authenticate NT users from the Unix password file, 'encrypt passwords' > > needs to be set to no. > > > > In other words, am I right in thinking I can't have a Samba server as PDC > > *and* use the Unix password file? > > > > 'twould be a great shame if this is the case... > > > If you have no problems to have clear text password floating on your > lan, than after SP3 you have to change a registry in NT 4 to let him > accept plain text password again. > Doing this you may set encrypt passwords to no and unix password sync to > yes > I don't mind the exact registry setting but you will certainly find it > searching this list or documentation. > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From jwhamps at ilstu.edu Thu Jul 6 15:00:40 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:30:25 2003 Subject: Not in Browse list Message-ID: My Samba 2.07 server no longer shows up in network neighborhood, and it had before. For the life of me I can not figure out why it won't come back. I have set it to be the local master, and an OS level at 34 or 44 or something high but no luck . I have another samba server that always shows up in network neighborhood, they have almost identical smb.conf . except of course for the netbios name, and the os level. can someone tell me what I am missing? ------------------------------ Jeff Hampson -------------- next part -------------- HTML attachment scrubbed and removed From simo.sorce at polimi.it Thu Jul 6 15:45:22 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords References: <1837525.200007061438@olib> Message-ID: <3964A992.EB5E4DBB@polimi.it> J.L.Gilmour@exeter.ac.uk wrote: > > Simo wrote: > > > If you have no problems to have clear text password floating on your > > lan, than after SP3 you have to change a registry in NT 4 to let him > > accept plain text password again. > > In this case the password's are already going unencrypted across the network > between Unix boxes. > > > Doing this you may set encrypt passwords to no and unix password sync to > > yes > > Yes, but once you set 'encrypt passwords' to no, the Samba server can't > be a PDC. Yes this may be. Here I solved the problem by not permitting user to change their password through windows or standard unix tools. Instead I have set up an HTTPS server and I'm using PHP plus some setuid root executables to update both nis and samba password databases. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From anthony.johnson at langley.af.mil Thu Jul 6 15:48:07 2000 From: anthony.johnson at langley.af.mil (Johnson Anthony E Contr 27 IS/INYN) Date: Tue Dec 2 02:30:25 2003 Subject: Can't Initialize Shared memory - Please help a novice out! Message-ID: <8544DBEBBF6DD2118DF500204804EF1903297BFA@lfi-ms-025-02.langley.af.mil> I am a Samba and Unix novice. Mainly an NT admin. We are running ver 2.0.4b on Solaris 2.6 Our samba server was working fine for a long time until this morning. Everything works fine except for when I do an smbstatus I get the following error: Trying Sysv shmem open of size 104687, Error: can't initialize shared memory - exiting. Anyone know what this is and how I can fix? I really need someone's help because my Unix admin is still on Vacation. Thanx, A.J. From skvidal at phy.duke.edu Thu Jul 6 17:13:10 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords In-Reply-To: <3964A992.EB5E4DBB@polimi.it> Message-ID: > Yes this may be. > Here I solved the problem by not permitting user to change their > password through windows or standard unix tools. Instead I have set up > an HTTPS server and I'm using PHP plus some setuid root executables to > update both nis and samba password databases. can you make these scripts and configuration options available to the rest of us? I'd like to avoid having to do any work thats already been done. -sv From mjwestkamper at weiinc.com Thu Jul 6 17:42:42 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords References: Message-ID: <3964C512.2120D53B@weiinc.com> Here here! Would appreciate the same... Mike Seth Vidal wrote: > > Yes this may be. > > Here I solved the problem by not permitting user to change their > > password through windows or standard unix tools. Instead I have set up > > an HTTPS server and I'm using PHP plus some setuid root executables to > > update both nis and samba password databases. > > can you make these scripts and configuration options available to the rest > of us? > > I'd like to avoid having to do any work thats already been done. > -sv From FP-Samba-ML at GMX.NET Thu Jul 6 18:48:05 2000 From: FP-Samba-ML at GMX.NET (Fabian Pehla) Date: Tue Dec 2 02:30:25 2003 Subject: Problems using Samba in AS/U Domain Message-ID: <3964D465.51FE7ADF@GMX.NET> Hello, I've found some strange problem while trying to join a Domain controlled by an 'Advanced Server for Unix' (AS/U) on AIX. It seems to me, AS/U is just emulating NT 3.51. When I try to join the Domain using 'smbpasswd -j DOMAIN' an error like "auth challenge failed" or so occurs. So I'm not able to change the password for the Machine-Trust-Account which belongs to the SAMBA Client. There seem to be no errors in the AS/U log. Does anyone know how to get Samba joining this domain? Is there any switch at compile time or in smb.conf which I didn't find? B.t.w.: I'm Using Samba 2.0.7 on GNU/Linux Kernel 2.2.14 Thanks Fabian From darren at sandd.co.uk Thu Jul 6 17:33:52 2000 From: darren at sandd.co.uk (Darren Hammond) Date: Tue Dec 2 02:30:25 2003 Subject: Using NT 4.0 WKS and Novell Client - GOOD NEWS! In-Reply-To: <00070518371800.00737@Server> References: <39632321.D054CF01@polimi.it> <00070518371800.00737@Server> Message-ID: <00070618500000.00755@Server> > > I'm going to download TNG at the weekend and start looking at that. > > I got itchy fingers last night and downloaded 2_5_GOOD - much to the annoyance of my wife. I wish I did this ages ago. The thought of CVS downloads & compiling things usually makes a beginner like me feel queasy. No problems compiling and now both my Terminal Servers and Workstations can log into the domain with the Novell Client installed. I'm one helluva happy man. : - )))))))) One thing though - Do I understand the use of ntpass correctly? Use it as ntpass username to change a user's password. It keeps reporting FAILED. It's not a problem as I use createuser username -p password to reset it if I need to. Darren From yoshers at hotmail.com Thu Jul 6 18:06:07 2000 From: yoshers at hotmail.com (Kevin Chan) Date: Tue Dec 2 02:30:25 2003 Subject: slow download/upload Message-ID: <20000706180607.7525.qmail@hotmail.com> Ever since we moved our NT server to the Samba platform, I have noticed that loading the windows profile for each user has been very slow. In addition, we also frequently download large images of Win98 partitions for our users from our servers, and this has been noticeably slower as well. This was not the case before and they are independent events (meaning that it is not because we are overloading the system by doing downloading and logging on at the same time). Even when no one is logged on, the downloading is slow and even when no one is downloading, logging on is slow. In addition, we normally make adjustments to our images from time to time, which we then upload onto the server. For some reason, this process has become EXTREMELY slow... And I cannot figure out why and was hoping someone could give me some insight to what you have done to troubleshoot this kind of problem. If any more info is needed, please let me know. Thanks in advance, KevinChan SystemsAdministrator Administrative Computing ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com From skvidal at phy.duke.edu Thu Jul 6 18:15:32 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:25 2003 Subject: slow download/upload In-Reply-To: <20000706180607.7525.qmail@hotmail.com> Message-ID: > loading the windows profile for each user has been very slow. In addition, > we also frequently download large images of Win98 partitions for our users > from our servers, and this has been noticeably slower as well. This was not > the case before and they are independent events (meaning that it is not > because we are overloading the system by doing downloading and logging on at > the same time). Even when no one is logged on, the downloading is slow and > even when no one is downloading, logging on is slow. > > In addition, we normally make adjustments to our images from time to time, > which we then upload onto the server. For some reason, this process has > become EXTREMELY slow... > > And I cannot figure out why and was hoping someone could give me some > insight to what you have done to troubleshoot this kind of problem. > > If any more info is needed, please let me know. have you checked the profile size - if you don't keep watch on the netscape and internet explorer caches they can get fairly ridiculously big (like 15MB) Another issue your network - are you switched or shared? if shared do you have chattering card.. can you check your switches/hubs for collision percentages? do you have any mac's doing appletalk over this? they are VERY talkative. are you using netbeui AND tcp ip. if you are kill the netbeui/netbios - its crap and NOISY. try an ftp connection from the samba server to the other host see what speeds you get -sv From pjdc at eircom.net Thu Jul 6 20:01:00 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity In-Reply-To: Matthew Geddes's message of "Thu, 6 Jul 2000 13:34:09 +1000" References: <39637533.F5FB081A@weiinc.com> <3964017B.AD80322D@xavier.sa.edu.au> Message-ID: >>>>> "Matthew" == Matthew Geddes writes: Matthew> Also, We have a couple of Windows 98 (first and second Matthew> edition) laptops which occasionally steal Master browser Matthew> status from the PDC. Not sure what's up with *that*. ;-) There's an option somewhere in the TCP/IP properties in Windows 9x; I think it's on the NetBIOS tab, or maybe Advanced.. It's called "Become Master", and turning it off on your 98 boxen may help. Issues such as these can turn up if you run more than one protocol on your network; I believe that elections are fought over separate protocols, and the TCP/IP browse master may not be the IPX/SPX browse master. (I think this is correct.) There one of the browsing text documents (BROWSING.txt ?) in the Samba distribution covers all of this, including the reason for WINS (hint: subnets) and why you should only use one protocol on your Windows boxen. Cheers, Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From ed at schernau.com Thu Jul 6 20:07:21 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity References: <39637533.F5FB081A@weiinc.com> <3964017B.AD80322D@xavier.sa.edu.au> Message-ID: <3964E6F9.9795E1A7@schernau.com> Paul J Collins wrote: > > >>>>> "Matthew" == Matthew Geddes writes: > > Matthew> Also, We have a couple of Windows 98 (first and second > Matthew> edition) laptops which occasionally steal Master browser > Matthew> status from the PDC. Not sure what's up with *that*. ;-) > > Issues such as these can turn up if you run more than one protocol on > your network; I believe that elections are fought over separate > protocols, and the TCP/IP browse master may not be the IPX/SPX browse > master. (I think this is correct.) Yes, part of the browser election process is that the loser, based on OS level, etc., will demote itself. If it is the master browser for another protocol, it assumes it has won the election (maybe a 98 box beats a 95 laptop in NetBEUI) so refuses to submit to Samba. An NT PDC must be "domain master" and "local master", IIRC, whereas in Samba, they don't have to be the same machine. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From mgeddes at xavier.sa.edu.au Thu Jul 6 23:01:42 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:25 2003 Subject: Not in Browse list References: Message-ID: <39650FD6.188F62DE@xavier.sa.edu.au> > "Jeffrey W. Hampson" wrote: > > My Samba 2.07 server no longer shows up in network neighborhood, and > it had before. > For the life of me I can not figure out why it won't come back. > I have set it to be the local master, and an OS level at 34 or 44 or > something high but no luck > I have another samba server that always shows up in network > neighborhood, they have almost identical smb.conf . > except of course for the netbios name, and the os level. > > can someone tell me what I am missing? Not off hand, but your log files might. log.nmb from both machines will tell you what browser things are happening. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Thu Jul 6 23:21:25 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity References: <39637533.F5FB081A@weiinc.com> <3964017B.AD80322D@xavier.sa.edu.au> Message-ID: <39651475.4FD95F64@xavier.sa.edu.au> Paul J Collins wrote: > There's an option somewhere in the TCP/IP properties in Windows 9x; I > think it's on the NetBIOS tab, or maybe Advanced.. It's called > "Become Master", and turning it off on your 98 boxen may help. Yeah, got that one. We only use 1 protocol at a time... Surely you'd think that Windows 98 would lose an election with an NT PDC. -- Matthew Geddes Network Manager Xavier College Gawler, SA From sharpe at ns.aus.com Wed Jul 5 14:20:15 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:25 2003 Subject: Not in Browse list In-Reply-To: <39650FD6.188F62DE@xavier.sa.edu.au> References: Message-ID: <3.0.6.32.20000705232015.009fda00@203.16.214.248> At 08:47 AM 7/7/00 +1000, Matthew Geddes wrote: >> "Jeffrey W. Hampson" wrote: >> >> My Samba 2.07 server no longer shows up in network neighborhood, and >> it had before. >> For the life of me I can not figure out why it won't come back. >> I have set it to be the local master, and an OS level at 34 or 44 or >> something high but no luck >> I have another samba server that always shows up in network >> neighborhood, they have almost identical smb.conf . >> except of course for the netbios name, and the os level. >> >> can someone tell me what I am missing? > >Not off hand, but your log files might. log.nmb from both machines will >tell you what browser things are happening. Well, I can think of two things here. Either your Samba server is no longer sending announcements, or the master browser is not listening. You can check both of these with something like Ethereal or tcpdump. Restart samba and see what announcements it is sending. Ethereal understands these things. Also, try to browse, and look at the browse protocol messages being sent back and forth. Ethereal understands these as well. Is it possible that you are using NetBEUI on the clients as well as TCP? This will stuff browsing up, as Samba is TCP/UDP only! >Matt > >-- > >Matthew Geddes >Network Manager >Xavier College >Gawler, SA > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From GLeblanc at cu-portland.edu Thu Jul 6 23:50:58 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity Message-ID: > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Thursday, July 06, 2000 4:08 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Yet another oddity > > Paul J Collins wrote: > > > There's an option somewhere in the TCP/IP properties in > Windows 9x; I > > think it's on the NetBIOS tab, or maybe Advanced.. It's called > > "Become Master", and turning it off on your 98 boxen may help. > > Yeah, got that one. We only use 1 protocol at a time... > > Surely you'd think that Windows 98 would lose an election with an NT > PDC. Nope, often not. Win98 is NOT a network operating system, it doesn't even participate well on a network. DHCP doesnt' work well, DNS doesn't work well from DHCP, WINS doesn't work properly at all... Leave Win98 for home users when at all possible. Grego From pjdc at eircom.net Fri Jul 7 00:19:30 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity In-Reply-To: Gregory Leblanc's message of "Fri, 7 Jul 2000 09:52:37 +1000" References: Message-ID: >>>>> "Gregory" == Gregory Leblanc writes: >> From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] >> Surely you'd think that Windows 98 would lose an election with >> an NT PDC. Gregory> Nope, often not. Win98 is NOT a network operating Gregory> system, it doesn't even participate well on a network. Gregory> DHCP doesnt' work well, DNS doesn't work well from DHCP, Gregory> WINS doesn't work properly at all... Leave Win98 for Gregory> home users when at all possible. >From this can I conclude that Microsoft's definition of a "consumer" OS is "so b0rked that only a fool would rely on it to make a profit"? I've had to support Win9x in a business environment and it's not fun. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From GLeblanc at cu-portland.edu Fri Jul 7 00:11:51 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:25 2003 Subject: Problem with Office2000/Windows Installer Message-ID: I've sent a couple of messages about this to both of these lists, but I've never gotten it working. :-( I've got details, so I'll post to both lists, and see if anybody can, or has, made this work. I've got a share for Office 2000, with 2 sub directories under it, one for disk one, one for disk 2. When I try to run setup from a UNC (\\blofeld\office2000\disk1\setup), I get an error message that has a title of "Installation of System Software Installer LEGO". The rest of the error said "o the folder when used also with /T. /C: -- Override Install Command defined by author sYou must restart your [ok]" Which is REALLY weird in and of itself. The second error shows up when I map a drive, and try to run setup from the mapped drive. The title bar is the same, the error says " LoadString() Error. Could not load string resource. [ok]" Anybody managed to make this work from a Samba server? The CD that I'm using has Office2K with SR1 pre-applied. Samba is version rpm samba-2.0.5a-1 on RedHat 6.0 based system. Here's a section of my smb.conf [global] workgroup = ntdom comment = CD-ROM tower strict locking = no share modes = yes password server = mrbig secundus thumper local master = no security = DOMAIN encrypt passwords = yes wins support = no os level = 2 domain master = no prefered master = no netbios name = blofeld ;log file = /var/log/smb.log ;log level = 20 ;case sensitive = no default case = lower ;preserve case = yes preserve case = no ;short preserve case = yes short preserve case = no mangle case = yes ;mangled names = yes mangled names = no socket options=TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 And here's the section for the office2000 share. ;*****************section Office2000********************* [Office2000] comment = Microsoft Office2000 path = /samba/office2k/ ;guest ok = yes writeable = no Any help and suggestions are greatly appreciated. Sorry for this being such a long email, it's necessary to provide enough detail. Thanks, Grego From mgeddes at xavier.sa.edu.au Fri Jul 7 00:30:55 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity References: Message-ID: <396524BF.DD419F9E@xavier.sa.edu.au> Gregory Leblanc wrote: > Nope, often not. Win98 is NOT a network operating system, it doesn't even > participate well on a network. DHCP doesnt' work well, DNS doesn't work > well from DHCP, WINS doesn't work properly at all... Leave Win98 for home > users when at all possible. > Grego According to my housemate, it's not even good there. ;-). I realised that it wasn't a proper NOS, but I figured that it'd be reasonably easy to follow standards (hmmm very naive). ;-). Thanks, I'll let it rest now that it's completely OT. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From r_huelsmann at ish.de Fri Jul 7 07:38:39 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:30:25 2003 Subject: tng 2.5 doin strange things Message-ID: <002801bfe7e6$5dc773f0$3401a8c0@workstation_1a> hi ! my tng on suse 6.3 is working as pdc with nt4/w2000 clients. they have roaming profiles. first, i don?t know how i can set the userdir (hhomes) to any directory i want like /samba/%U BUT: tng ist realy slow on a netfinity 1000 piii 550mhz 128mb ram. there are only 7 clients. next (making me realy worry): in the top-directory of the smaba shares (an profiles shares) tng is writing more and more strange files with no names, names only made of spezial-chars and something like this. last: i still havent found the dou to the new tools like samedit. any place i can get them ? anybody who can mail them ? thanx ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.com/ r_huelsmann@ish.com phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000707/b3ed10cf/iso-8859-1QRalf_HFClsmann.obj From Yoann.Dubreuil at ens.insa-rennes.fr Fri Jul 7 09:14:04 2000 From: Yoann.Dubreuil at ens.insa-rennes.fr (Yoann Dubreuil) Date: Tue Dec 2 02:30:25 2003 Subject: Bug: nmbd crashes everytime ! Message-ID: <200007070914.LAA03260@diabolo.ens.insa-rennes.fr> Can anybody help me: I try to make a NT domain with Samba TNG, and the each time i started nmbd, it crashes before i can make any connection (crashes occurs less than 1 second after running it). the end of the log file: become_logon_server: Atempting to become logon server for workgroup INSA_INFOTEST on subnet 10.131.42.8 become_logon_server: go to first stage: register INSA_INFOTEST<1c> name initiate_name_register_packet: sending registration for name INSA_INFOTEST<1c> (bcast=Yes) to IP 10.131.255.255 Sending a packet of len 68 to (10.131.255.255) on port 137 [000] 0E 3D 29 10 00 01 00 00 00 00 00 01 20 45 4A 45 .=)..... .... EJE [010] 4F 46 44 45 42 46 50 45 4A 45 4F 45 47 45 50 46 OFDEBFPE JEOEGEPF [020] 45 45 46 46 44 46 45 43 41 43 41 42 4D 00 00 20 EEFFDFEC ACABM.. [030] 00 01 C0 0C 00 20 00 01 00 00 00 00 00 06 80 00 ..... .. ........ [040] 0A 83 2A 08 ..*. add_response_record: adding response record id:3645 to subnet 10.131.42.8. num_records:6 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. nmbd_subnetdb:namelist_entry_compare() -22 == memcmp( "INSA_INFOTEST<1b>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 31 == memcmp( "INSA_INFOTEST<1b>", "*<20>", 88 ) find_name_on_subnet: on subnet 10.131.42.8 - name INSA_INFOTEST<1b> NOT FOUND become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup INSA_INFOTEST on subnet 10.131.42.8 become_domain_master_browser_bcast: querying subnet 10.131.42.8 for domain master browser on workgroup INSA_INFOTEST nmbd_subnetdb:namelist_entry_compare() -22 == memcmp( "INSA_INFOTEST<1b>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 31 == memcmp( "INSA_INFOTEST<1b>", "*<20>", 88 ) find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name INSA_INFOTEST<1b> NOT FOUND nmbd_subnetdb:namelist_entry_compare() -22 == memcmp( "INSA_INFOTEST<1b>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 31 == memcmp( "INSA_INFOTEST<1b>", "*<20>", 88 ) find_name_on_subnet: on subnet 10.131.42.8 - name INSA_INFOTEST<1b> NOT FOUND initiate_name_query_packet: sending query for name INSA_INFOTEST<1b> (bcast=Yes) to IP 10.131.255.255 Sending a packet of len 50 to (10.131.255.255) on port 137 [000] 0E 3E 01 10 00 01 00 00 00 00 00 00 20 45 4A 45 .>...... .... EJE [010] 4F 46 44 45 42 46 50 45 4A 45 4F 45 47 45 50 46 OFDEBFPE JEOEGEPF [020] 45 45 46 46 44 46 45 43 41 43 41 42 4C 00 00 20 EEFFDFEC ACABL.. [030] 00 01 .. add_response_record: adding response record id:3646 to subnet 10.131.42.8. num_records:7 read_udp_socket: lastip 10.131.42.8 lastport 137 read: 68 parse_nmb: packet id = 3640 Received a packet of len 68 from (10.131.42.8) port 137 discarding own packet from 10.131.42.8:137 read_udp_socket: lastip 10.131.42.8 lastport 138 read: 234 Received a packet of len 234 from (10.131.42.8) port 138 discarding own packet from 10.131.42.8:138 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. announce_myself_to_domain_master_browser: no unicast subnet, ignoring. read_udp_socket: lastip 10.131.42.8 lastport 137 read: 68 parse_nmb: packet id = 3641 Received a packet of len 68 from (10.131.42.8) port 137 discarding own packet from 10.131.42.8:137 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. announce_myself_to_domain_master_browser: no unicast subnet, ignoring. read_udp_socket: lastip 10.131.42.8 lastport 137 read: 68 parse_nmb: packet id = 3642 Received a packet of len 68 from (10.131.42.8) port 137 discarding own packet from 10.131.42.8:137 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. announce_myself_to_domain_master_browser: no unicast subnet, ignoring. read_udp_socket: lastip 10.131.42.8 lastport 137 read: 68 parse_nmb: packet id = 3643 Received a packet of len 68 from (10.131.42.8) port 137 discarding own packet from 10.131.42.8:137 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. announce_myself_to_domain_master_browser: no unicast subnet, ignoring. read_udp_socket: lastip 10.131.42.8 lastport 137 read: 68 parse_nmb: packet id = 3645 Received a packet of len 68 from (10.131.42.8) port 137 discarding own packet from 10.131.42.8:137 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. announce_myself_to_domain_master_browser: no unicast subnet, ignoring. read_udp_socket: lastip 10.131.42.8 lastport 137 read: 50 parse_nmb: packet id = 3646 Received a packet of len 50 from (10.131.42.8) port 137 discarding own packet from 10.131.42.8:137 find_workgroup_on_subnet: workgroup search for INSA_INFOTEST on subnet 10.131.42.8: found. announce_myself_to_domain_master_browser: no unicast subnet, ignoring. read_udp_socket: lastip 10.131.11.59 lastport 138 read: 201 Received a packet of len 201 from (10.131.11.59) port 138 nmbd_subnetdb:namelist_entry_compare() -26 == memcmp( "ENS<1d>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 27 == memcmp( "ENS<1d>", "*<20>", 88 ) find_name_on_subnet: on subnet 10.131.42.8 - name ENS<1d> NOT FOUND =============================================================== INTERNAL ERROR: Signal 11 in pid 2123 (TNG-alpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error and my smb.conf : [global] announce as = NT announce version = 4.2 server string = Samba TNG (%v) Test Server guest account = nobody encrypt passwords = yes guest ok = no valid users = etudian3 root directory = /usr/local/samba_TNG debug level = 100 debug timestamp = No interfaces = 10.131.42.8/16 allow hosts = 10.131.42./24 127./8 domain logons = yes workgroup = INSA_INFOTEST security = user logon drive = H: logon home = "\\clyde\%U" logon path = "\\%N\%U\profile" os level = 33 domain master = yes local master = no wins proxy = No wins support = No They are 4 or 5 domains in the network, could it be a problem ? Anybody has an idea ? From simo.sorce at polimi.it Fri Jul 7 09:23:58 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:25 2003 Subject: Samba as PDC - unix/windows passwords References: <3964C512.2120D53B@weiinc.com> Message-ID: <3965A1AE.57F8FF8B@polimi.it> Mike Westkamper wrote: > > Here here! > > Would appreciate the same... > > Mike > > Seth Vidal wrote: > > > > Yes this may be. > > > Here I solved the problem by not permitting user to change their > > > password through windows or standard unix tools. Instead I have set up > > > an HTTPS server and I'm using PHP plus some setuid root executables to > > > update both nis and samba password databases. > > > > can you make these scripts and configuration options available to the rest > > of us? > > > > I'd like to avoid having to do any work thats already been done. > > -sv Ok, there's something i put on my home page in a hurry. The 'thing' is really rough and messy and I consider it a starting point. Again the tgz is not up to date (I have not on hand just now the last modifications we made) but should work. See: http://www.geocities.com/SiliconValley/9757/samba.html -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Yoann.Dubreuil at ens.insa-rennes.fr Fri Jul 7 14:40:07 2000 From: Yoann.Dubreuil at ens.insa-rennes.fr (Yoann Dubreuil) Date: Tue Dec 2 02:30:25 2003 Subject: Samba TNG and Solaris 7 Message-ID: <200007071440.QAA03576@diabolo.ens.insa-rennes.fr> Hi ! Does anybody have a working PDC using Samba TNG on Solaris 7 ? If it's yes, could he tell me his configuration file. Because in the list of May, somebody had the same problem than me, and he didn't find a fix. Thanks -- Yoann Dubreuil. INSA de Rennes From burba at okbmei.msk.su Fri Jul 7 14:45:28 2000 From: burba at okbmei.msk.su (Alex S. Burba) Date: Tue Dec 2 02:30:25 2003 Subject: samba-TNG-2.5 and W2K browsing problems Message-ID: <200007071445.SAA47594@ns.okbmei.msk.su> Hello. I have a following problem: We have samba-TNG-2.5 (with-pam,with-syslog,with-quotas,with-profile), which is a PDC, in the network of workstations with W2K and a little of WIN95/98. I'am trying to set up samba to work as PDC, correctly, and now I have succeded in these things: -workstations are domain members, -via domain group/user map I can correctly set up rights of the domain users. -users of domain can finely log on to domain Now about my problems: -when I log to domain from W2K I can see only samba server in the Network Neighborehood, but nothing more. Even if the other workstations are working and logged on to domain. Sometimes 2 or 3 workstations apper in the browse list, but then suddenly disappear. If I use old samba-2.0.6 browsing is fine. What can I do? -when I log on to domain from WIN95/98 as a common user I can see a root home directory connected as a service [homes], but not my user directory! If I log on to domain from W2K I see my home directory connected as a service [homes]. What can I do? -Can I disable CREATING PROFILES ON SERVER? It is not very good for us to have profiles on server, it will be much better if W2K will store profiles on its disk. Sorry for my poor english. Here is my samba config: [global] netbios name = NS netbios string = NS server workgroup = GROUP domain group map = /usr/local/samba/lib/domain-group.map domain user map = /usr/local/samba/lib/domain-user.map log level = 1 security = user domain logons = yes encrypt passwords = yes os level = 65 domain master = yes preferred master = yes local master = yes wins support = yes time server = yes logon script = %U.bat logon drive = U: logon home = \\%L\%U logon path = \\%L\profiles\%U guest account = smbguest [homes] comment = Home Directories browseable = no writable = yes create mask = 0640 directory mode = 0750 [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = no writable = no share modes = no [profiles] path = /usr/local/samba/profiles browseable = no guest ok = yes writable = yes [winapps] comment = Windows Stuff path = /home/samba/winapps public = no writable = yes printable = no create mask = 0644 directory mode = 0755 -- Bye. Alex S. Burba From isyn at isi.wat.waw.pl Fri Jul 7 15:14:20 2000 From: isyn at isi.wat.waw.pl (isyn@isi.wat.waw.pl) Date: Tue Dec 2 02:30:25 2003 Subject: No subject Message-ID: qy From elrond at samba.org Fri Jul 7 17:38:02 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:25 2003 Subject: Yet another oddity In-Reply-To: ; from Paul J Collins on Fri, Jul 07, 2000 at 05:57:06AM +1000 References: <39637533.F5FB081A@weiinc.com> <3964017B.AD80322D@xavier.sa.edu.au> Message-ID: <20000707193802.A20176@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jul 07, 2000 at 05:57:06AM +1000, Paul J Collins wrote: > >>>>> "Matthew" == Matthew Geddes writes: > > Matthew> Also, We have a couple of Windows 98 (first and second > Matthew> edition) laptops which occasionally steal Master browser > Matthew> status from the PDC. Not sure what's up with *that*. ;-) > > There's an option somewhere in the TCP/IP properties in Windows 9x; I > think it's on the NetBIOS tab, or maybe Advanced.. It's called > "Become Master", and turning it off on your 98 boxen may help. > > Issues such as these can turn up if you run more than one protocol on > your network; I believe that elections are fought over separate > protocols, and the TCP/IP browse master may not be the IPX/SPX browse > master. (I think this is correct.) > > There one of the browsing text documents (BROWSING.txt ?) in the Samba > distribution covers all of this, including the reason for WINS (hint: > subnets) and why you should only use one protocol on your Windows > boxen. [...] Yep. There's a tool, that comes with the ntreskit, called browser monitor, you can look at all the browser masters for each protocol, quite interesting. And if you realy need to run more then one protocol, make sure, TCP/IP is prefered, because that's, where samba lives. :) Elrond From elrond at samba.org Fri Jul 7 17:45:42 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:26 2003 Subject: Yet another oddity In-Reply-To: <396524BF.DD419F9E@xavier.sa.edu.au>; from Matthew Geddes on Fri, Jul 07, 2000 at 10:19:19AM +1000 References: <396524BF.DD419F9E@xavier.sa.edu.au> Message-ID: <20000707194542.B20176@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jul 07, 2000 at 10:19:19AM +1000, Matthew Geddes wrote: > Gregory Leblanc wrote: > > > Nope, often not. Win98 is NOT a network operating system, it doesn't even > > participate well on a network. DHCP doesnt' work well, DNS doesn't work > > well from DHCP, WINS doesn't work properly at all... Uff... I didn't know, it was that bad... (I have only to do with nt, and everytime, when someone asks about 9x, I more or less run away. ;-)) > > Leave Win98 for home > > users when at all possible. > > Grego > > According to my housemate, it's not even good there. ;-). I thought, it was good for all those "cool" games? nt doesn't like a bunch of them, as I understand it. Elrond > I realised that it wasn't a proper NOS, but I figured that it'd be > reasonably easy to follow standards (hmmm very naive). ;-). > > Thanks, I'll let it rest now that it's completely OT. > > Matt > > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA From davec at columbiaenergygroup.com Fri Jul 7 17:54:26 2000 From: davec at columbiaenergygroup.com (davec@columbiaenergygroup.com) Date: Tue Dec 2 02:30:26 2003 Subject: One-stop-authentication-shop Message-ID: <0056990013125030000002L902*@MHS> I have poured over the samba 2.0.7 documentation, and have found bits & pieces of what I want, but not everything. I find it hard to think that no one else hasn't done / isn't doing what I want, which is: To host shares off a linux / samba server that I do admin, that gets its user authentication from an NT machine of which I am not an admin. Say the domain is "authdom" and there exists a user "joe" If I don't know the NT password for joe, is there a way for me to host a share on the samba server just for user "authdom\joe" ? What about a global group from "authdom" I have read that in order for a user to get a share off the linux machine, they must have an entry in the smbpasswd file, but if I don't know joe's authdom password, is there no way to get that entry automatically propagated? Thanks, Dave davec@ceg.com From MBrown at msdemo.ms.gmsmail.com Fri Jul 7 18:09:12 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:26 2003 Subject: One-stop-authentication-shop Message-ID: <8158CAF171AED311B73F0060085A92C901136C@msdemo.ms.gmsmail.com> Yes, I think you can do exactly that. I am just completing a migration where I had to do that for a short time as a stop gap measure to fix a mistake I'd made in planning. Basically what I'd done is set up the Samba server as a member of the NT domain (authdom in your case), set the password server to be the authdom PDC, and it seemed to do exactly what you're talking about. By the way, I find Samba's user directory feature to be far superior to NT's, but that may be because I did not know how to create a share for each NT user automagically that matched their username. I amay have left something out here, but I don't recall specifically changing any other defaults to make this work as you described. -Matthew Brown -----Original Message----- From: davec@columbiaenergygroup.com [mailto:davec@columbiaenergygroup.com] Sent: Friday, July 07, 2000 2:00 PM To: Multiple recipients of list SAMBA-NTDOM Subject: One-stop-authentication-shop I have poured over the samba 2.0.7 documentation, and have found bits & pieces of what I want, but not everything. I find it hard to think that no one else hasn't done / isn't doing what I want, which is: To host shares off a linux / samba server that I do admin, that gets its user authentication from an NT machine of which I am not an admin. Say the domain is "authdom" and there exists a user "joe" If I don't know the NT password for joe, is there a way for me to host a share on the samba server just for user "authdom\joe" ? What about a global group from "authdom" I have read that in order for a user to get a share off the linux machine, they must have an entry in the smbpasswd file, but if I don't know joe's authdom password, is there no way to get that entry automatically propagated? Thanks, Dave davec@ceg.com From elrond at samba.org Fri Jul 7 18:13:21 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:26 2003 Subject: One-stop-authentication-shop In-Reply-To: <0056990013125030000002L902*@MHS>; from davec@columbiaenergygroup.com on Sat, Jul 08, 2000 at 03:59:37AM +1000 References: <0056990013125030000002L902*@MHS> Message-ID: <20000707201321.C20176@baerbel.mug.maschinenbau.tu-darmstadt.de> check out "security = domain" and "security = server" Elrond On Sat, Jul 08, 2000 at 03:59:37AM +1000, davec@columbiaenergygroup.com wrote: > I have poured over the samba 2.0.7 documentation, and have found > bits & pieces of what I want, but not everything. > > I find it hard to think that no one else hasn't done / isn't doing what I > want, which is: > > To host shares off a linux / samba server that I do admin, that gets its user > authentication from an NT machine of which I am not an admin. > > Say the domain is "authdom" and there exists a user "joe" > > If I don't know the NT password for joe, is there a way for me to host > a share on the samba server just for user "authdom\joe" ? What > about a global group from "authdom" > > I have read that in order for a user to get a share off the linux machine, they > must have an entry in the smbpasswd file, but if I don't know joe's > authdom password, is there no way to get that entry automatically > propagated? > > Thanks, > > Dave > davec@ceg.com From Ben_Meyer at pfm.org Fri Jul 7 19:08:21 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:26 2003 Subject: PAM-NTDOM: Compile Errors Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE2617@NT_4> I am trying to compile the pam_ntdom version 0.24 but I am getting an error message stating that there is a parse error on every line where a DEBUG(LEVEL,MESSAGE) is. If I comment out all the lines in the file keeps compiling until the next file that a DEBUG(LEVEL,MESSAGE) in it. I don't want to comment out all of these lines since I am guessing they are for the error logs and are necessary to correctly diagnose problems after compilation. I am running RedHat 6.2. Thanks you, BRM From gcarter at valinux.com Fri Jul 7 20:32:33 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:26 2003 Subject: PAM-NTDOM: Compile Errors References: <2056AA5B2D1DD311BEA50008C709636C01AE2617@NT_4> Message-ID: <39663E61.E0AA365C@valinux.com> Ben Meyer wrote: > > I am trying to compile the pam_ntdom version 0.24 but I > am getting an error message stating that there is a parse > error on every line where a DEBUG(LEVEL,MESSAGE) is. If I > comment out all the lines in the file keeps > compiling until the next file that a DEBUG(LEVEL,MESSAGE) in > it. I don't want to comment out all of these lines since I > am guessing they are for the error logs and are necessary > to correctly diagnose problems after compilation. I > am running RedHat 6.2. Ben, Your analysis is correct. I noticed that about 2 -3 weeks ago. Haven't had time to do try and fix it. Luke? Are these your changes? jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From bgmilne at ing.sun.ac.za Sat Jul 8 10:36:32 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:26 2003 Subject: Samba error Message-ID: <39670430.E49D0977@ing.sun.ac.za> Hi, This might be a bit OT, but this machine is _going_ to be our PDC. I have been running samba 2.0.7 (installed from libc contribs rpms) on Mandrake 7.1. I have compiled a new kernel (2.2.16-9) from Mandrake to enable support for udma66. It looks like I picked up problems after that. Now the output of smbstatus is as follows: > ------------------------------------------------------------------------ > > Samba version 2.0.7 > Service uid gid pid machine > ---------------------------------------------- > bench bgmilne adm 1784 caedrawing6 (w.x.y.z) Fri Jul 7 19:56:53 2000 > > Can't initialise shared memory - exiting (w.x.y.x is where the real ip address was) It also said something like "Unable to open IPC area" or such (wasn't caught by "smbstatus > file") Any help would be appreciated on fixing this problem, or where to start looking . I have browsed the samba log files, but mostly get the above 2 messages. Thanks Buchan From elrond at samba.org Sat Jul 8 12:04:33 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:26 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: <39663E61.E0AA365C@valinux.com>; from Gerald Carter on Sat, Jul 08, 2000 at 06:28:48AM +1000 References: <2056AA5B2D1DD311BEA50008C709636C01AE2617@NT_4> <2056AA5B2D1DD311BEA50008C709636C01AE2617@NT_4> <39663E61.E0AA365C@valinux.com> Message-ID: <20000708140433.A20712@baerbel.mug.maschinenbau.tu-darmstadt.de> As far, as I know, pam_ntdom has been integrated into TNG. So you should checkout TNG from cvs and try make bin/pam_ntdom_auth.so I somehow remember, for pam_ntdom to work, you must run netlogond localy or somesuch... Take a look at pam_ntdom/README Tim Potter also wrote a new pam-module, that works together with winbindd, but I don't know much about that either, you might try: make nsswitch nsswitch/pam_winbind.so Some information on setting this up is in docs/manpages/winbindd.8. But I don't know much more about these things, since I didn't yet try any of them. (aix doesn't have nss or pam...) Elrond On Sat, Jul 08, 2000 at 06:28:48AM +1000, Gerald Carter wrote: > Ben Meyer wrote: > > > > I am trying to compile the pam_ntdom version 0.24 but I > > am getting an error message stating that there is a parse > > error on every line where a DEBUG(LEVEL,MESSAGE) is. If I > > comment out all the lines in the file keeps > > compiling until the next file that a DEBUG(LEVEL,MESSAGE) in > > it. I don't want to comment out all of these lines since I > > am guessing they are for the error logs and are necessary > > to correctly diagnose problems after compilation. I > > am running RedHat 6.2. > > Ben, > > Your analysis is correct. I noticed that about 2 -3 weeks ago. > Haven't had time to do try and fix it. Luke? Are these > your changes? > > > > > > > jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Sat Jul 8 12:12:38 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:26 2003 Subject: Samba error In-Reply-To: Buchan Milne's message of "Sat, 8 Jul 2000 20:40:13 +1000" References: <39670430.E49D0977@ing.sun.ac.za> Message-ID: >>>>> "Buchan" == Buchan Milne writes: >> Can't initialise shared memory - exiting Buchan> It also said something like "Unable to open IPC area" or Buchan> such (wasn't caught by "smbstatus > file") To catch all output from a process, do this (if you use a Bourne-style shell): $ command > file 2>&1 As for the errors you are getting, it sounds like System V IPC isn't enabled in your kernel. Assuming that you didn't remove the kernel's output files when you installed it, you can check it by doing: $ grep SYSV /usr/src/linux/.config The output I get is like this: CONFIG_SYSVIPC=y # CONFIG_SYSV_FS is not set The first line indicates that System V IPC is enabled. There must be a way to check by looking in /proc, but I can't think of any. The existence of the files /proc/sys/kernel/shmall and /proc/sys/kernel/shmmax may indicate that System V IPC is there, but since I have no kernels without it, I can't verify. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From lkneschke at vater-gmbh.de Sat Jul 8 12:14:20 2000 From: lkneschke at vater-gmbh.de (Lars Kneschke) Date: Tue Dec 2 02:30:27 2003 Subject: One-stop-authentication-shop In-Reply-To: <0056990013125030000002L902*@MHS> Message-ID: > To host shares off a linux / samba server that I do admin, that > gets its user > authentication from an NT machine of which I am not an admin. > > Say the domain is "authdom" and there exists a user "joe" > > If I don't know the NT password for joe, is there a way for me to host > a share on the samba server just for user "authdom\joe" ? What > about a global group from "authdom" > > I have read that in order for a user to get a share off the linux > machine, they > must have an entry in the smbpasswd file, but if I don't know joe's > authdom password, is there no way to get that entry automatically > propagated? You don't need the smbpasswd file, in your case! In the smbpasswdfile you will find username's, password hashes(os something like that:-)), and a userid. You need the smbpasswd file only if you are the password server. But in your case the password server is the pdc. The samba server gets the username and the "password" from the client, and forward's them to the pdc. Now the pdc is looking in his userdatabase(sam) and looks if the username and the "password" ist correct, and delivers the result to the samba server. If every thing is ok, the sambaserver lets the user in. In the next step samba looks in /etc/passwd to find the unix user(unixusername == windowsusername), to get unix user id(the unix uid is neccessary for local rights on the filesystem). => For any windows user you must have a unix user!! You can do this automatically. There exist a parameter in the smb.conf, to create the unixusers on the fly. If i mad any mistakes, anyone is invited to correct me! ;-) Cu -- Lars Kneschke http://www.kneschke.de From gcarter at valinux.com Sat Jul 8 13:22:27 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:27 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: <20000708140433.A20712@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Sat, 8 Jul 2000, Elrond wrote: > > As far, as I know, pam_ntdom has been integrated into TNG. > So you should checkout TNG from cvs and try > > make bin/pam_ntdom_auth.so > > I somehow remember, for pam_ntdom to work, you must run > netlogond localy or somesuch... Take a look at > pam_ntdom/README > I'm sorry, but that is just bad. Was that Luke's idea? That makes pam_ntdom unusable. :-( A PAM module should not require you to turn your machine into a server. > Tim Potter also wrote a new pam-module, that works together > with winbindd, but I don't know much about that either, you > might try: > > make nsswitch nsswitch/pam_winbind.so I'll take a look. Thanks Elrond. > Some information on setting this up is in > docs/manpages/winbindd.8. > > But I don't know much more about these things, since I > didn't yet try any of them. (aix doesn't have nss or > pam...) > jerry From pjdc at eircom.net Sat Jul 8 13:54:24 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:27 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: Gerald Carter's message of "Sat, 8 Jul 2000 23:24:24 +1000" References: Message-ID: >>>>> "Gerald" == Gerald Carter writes: Gerald> On Sat, 8 Jul 2000, Elrond wrote: >> I somehow remember, for pam_ntdom to work, you must run >> netlogond localy or somesuch... Take a look at >> pam_ntdom/README Gerald> I'm sorry, but that is just bad. Was that Luke's idea? Gerald> That makes pam_ntdom unusable. :-( A PAM module should not Gerald> require you to turn your machine into a server. You're not turning your machine into a server. All NT boxes (Workstations and Servers) run NETLOGON.EXE as a service that WINLOGON.EXE (in conjunction with MSGINA.DLL) communicates with when you log on to a domain. Complaining about having to run netlogond to log on to an NT domain is like complaining about having to run ypbind to log on to an NIS domain. In addition, netlogond is around 119K in size on my box. Do you really want a pam module of that size being loaded for every login? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From burba at okbmei.msk.su Sat Jul 8 14:22:50 2000 From: burba at okbmei.msk.su (Alex S. Burba) Date: Tue Dec 2 02:30:27 2003 Subject: root dir as a service [homes] Message-ID: <200007081422.SAA54925@ns.okbmei.msk.su> Hello, All. I have samba-TNG-2.5 set up as PDC, everything works, but if I log on to domain from Windows 95/98 as a common user I see a root directory connected as a service [homes]. Form W2K I see my real user home directory. What could it be? -- Bye. Alex S. Burba From elrond at samba.org Sat Jul 8 14:52:27 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:27 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: ; from Paul J Collins on Sat, Jul 08, 2000 at 11:48:12PM +1000 References: Message-ID: <20000708165227.A20120@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sat, Jul 08, 2000 at 11:48:12PM +1000, Paul J Collins wrote: > >>>>> "Gerald" == Gerald Carter writes: > > Gerald> On Sat, 8 Jul 2000, Elrond wrote: > >> I somehow remember, for pam_ntdom to work, you must run > >> netlogond localy or somesuch... Take a look at > >> pam_ntdom/README > > Gerald> I'm sorry, but that is just bad. Was that Luke's idea? > Gerald> That makes pam_ntdom unusable. :-( A PAM module should not > Gerald> require you to turn your machine into a server. > > You're not turning your machine into a server. All NT boxes > (Workstations and Servers) run NETLOGON.EXE as a service that > WINLOGON.EXE (in conjunction with MSGINA.DLL) communicates with when > you log on to a domain. > > Complaining about having to run netlogond to log on to an NT domain is > like complaining about having to run ypbind to log on to an NIS > domain. > > In addition, netlogond is around 119K in size on my box. Do you > really want a pam module of that size being loaded for every login? > > Paul. Thanks for the explanations, I've just started to read around in pam_ntdom. And it looks like one needs to run netlogond and lsarpcd, because netlogond is used to forward (or answer) the request, and lsarpcd stores the secrets for the secure-channsl to the remote domains. And for winbindd/pam from a realy quick glance, it looks like one needs lsarpcd at least. Elrond From bgmilne at ing.sun.ac.za Sat Jul 8 18:03:32 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:27 2003 Subject: Error using Netbench 6.0 for benchmarking Message-ID: <39676CF4.8AD12568@ing.sun.ac.za> Hi, I'm using Netbench 6.0 from ZD NEt Labs to convince all the anti-unix people here that samba/linux can do a better job at file serving. I am using 2.0.7 and will be implementing an NT Domain using the samba box as pdc. When I run netbench, it runs fine until it tries to start the 2nd "mix" (the first one with more than 1 client) that it cannot remove the semaphore logout.sem (stored on the share netbench uses) I checked the permissions, and the user that is running netbench on all the machines has permissions to delete the file. Manually deleting the file does not work until all the client machines have logged out. Does this have to do with oplocks ? Here is the output o smbstatus at the time when the file can not be deleted. I promise to post the results comparing NT Server 4.0 with linux2.2.16/samba2.0.7 on a dual booting 500 Celeron with 64MB ram and a 13 GB UDMA66 hardrive with Highpoint 366 controller (should be pretty conclusive, since the only difference between the 2 wil be the location of files on the hard drive) Thanks Buchan -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| -------------- next part -------------- 455 DENY_NONE RDWR EXCLUSIVE+BATCH /home/samba/bench/netbench/NETBENCH/initmix.sem Sat Jul 8 21:49:34 2000 500 DENY_NONE RDWR EXCLUSIVE+BATCH /home/samba/bench/netbench/NETBENCH/logout.sem Sat Jul 8 21:50:15 2000 From ed at schernau.com Sat Jul 8 19:49:25 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:28 2003 Subject: pam_ntdom subset of TNG = bad idea Message-ID: <396785C5.5546B7F0@schernau.com> Why should one need to CVS the whole TNG setup stuff, and run a couple of daemons, just to use pam_ntdom?? You didn't before.... Argh, how annoying. What was broken about it before? -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From peter at cadcamlab.org Sat Jul 8 21:25:38 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:28 2003 Subject: Using NT 4.0 WKS and Novell Client - GOOD NEWS! References: <39632321.D054CF01@polimi.it> <00070518371800.00737@Server> <00070618500000.00755@Server> Message-ID: <14695.39941.382861.832989@wire.cadcamlab.org> [Darren Hammond ] > One thing though - Do I understand the use of ntpass correctly? Use > it as ntpass username to change a user's password. It keeps reporting > FAILED. NT password changing is known not to work with 2_5_GOOD. It works in subsequent alpha releases, but those have other (more serious) problems. Peter From gcarter at valinux.com Sat Jul 8 14:59:39 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:28 2003 Subject: pam_ntdom subset of TNG = bad idea References: <396785C5.5546B7F0@schernau.com> Message-ID: <396741DB.3BC4E30E@valinux.com> Edward Schernau wrote: > > Why should one need to CVS the whole TNG setup stuff, > and run a couple of daemons, just to use pam_ntdom?? You > didn't before.... > > Argh, how annoying. What was broken about it before? If this is true, I agree. I'm looking into it. Thanks for being patient. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From peter at cadcamlab.org Sat Jul 8 22:08:35 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:28 2003 Subject: pam_ntdom subset of TNG = bad idea References: <396785C5.5546B7F0@schernau.com> Message-ID: <14695.41930.62940.222311@wire.cadcamlab.org> [Edward Schernau ] > Why should one need to CVS the whole TNG setup stuff, and run a > couple of daemons, just to use pam_ntdom?? You didn't before.... Code sharing. In Luke's split-daemon architecture, code is shared via IPC rather than via libraries. If anyone noticed that this seems similar to a microkernel architecture, well, there's a reason for that. Luke modeled it after Windows NT, which is of course a microkernel architecture. (Although NTOSKRNL + HAL do perhaps stretch the meaning of the "micro-" prefix.) > Argh, how annoying. What was broken about it before? Did it *exist* and/or *work* before? I was under the impression that the TNG pam_ntdom is Luke's adaptation of Dave Airlie's pam_smb. Was there in fact a pre-existing pam_ntdom, as opposed to just pam_smb? Peter From gcarter at valinux.com Sat Jul 8 15:18:31 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:28 2003 Subject: pam_ntdom subset of TNG = bad idea References: <396785C5.5546B7F0@schernau.com> <14695.41930.62940.222311@wire.cadcamlab.org> Message-ID: <39674647.63D6B7BC@valinux.com> Peter Samuelson wrote: > > Did it *exist* and/or *work* before? I was under > the impression that the TNG pam_ntdom is Luke's > adaptation of Dave Airlie's pam_smb. Was there in > fact a pre-existing pam_ntdom, as opposed to just pam_smb? pam_ntdom has existed since something like the fall of '98 and it did work before. Luke wrote it when the Samba PDC code was iniitally being implemented. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Sat Jul 8 23:39:52 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:28 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: Gerald Carter's message of "Sat, 08 Jul 2000 10:12:56 -0500" References: <396744F8.378A33E1@valinux.com> Message-ID: >>>>> "Gerald" == Gerald Carter writes: Gerald> Paul J Collins wrote: >> >> You're not turning your machine into a server. >> All NT boxes (Workstations and Servers) run NETLOGON.EXE >> as a service that WINLOGON.EXE (in conjunction >> with MSGINA.DLL) communicates with when you log on to >> a domain. Gerald> MSGINA is for graphical logons and has no relevance Gerald> here. And as for comparing to the NetLogon service In this scenario, login is similar to WINLOGON.EXE, the PAM modules are similar to MSGINA.DLL and the two TNG daemons lsarpcd and netlogond are similar to LSASS.EXE and NETLOGON.EXE. WINLOGON.EXE is the part that manages starting the user session; Yes, MSGINA.DLL handles the dialog, but it does the talking to the security sub-system also. Saying that MSGINA.DLL applies only to graphical logins is incorrect. Gerald> on an NT box, my UNIX box was not an NT box and I Gerald> don't want it to be. Fine, but the architecture of NT's security systems in not automatically bad and invalid, just because it happens to belong to NT. Gerald> Luke and I have gone wrong the discussion before. Gerald> UNIX is not NT period. NT and Unix have many features in common; too many to list here. They also have plenty of differences. Not everything in Unix is good, and not everything in NT is bad. Very general, I know, but so was your statement. >> Complaining about having to run netlogond to log on to >> an NT domain is like complaining about having to run >> ypbind to log on to an NIS domain. Gerald> I'm sorry Paul. I understand your argument, but Gerald> I disagree, and I seriously doubt you will change Gerald> my mind. No offense mind you. I am not attempting to do so; the only person who can change your mind is you. All that other people can do is provide information. Gerald> If you didn't need netlogond and lsarpcd before, Gerald> someone give me a **technical** reason why you Gerald> need them now. I'm sure Luke could do that; I know very little about pam_ntdom. >> In addition, netlogond is around 119K in size on my >> box. Do you really want a pam module of that size >> being loaded for every login? Gerald> The fact is that you have no changed the way Gerald> administrators are used to dealing with pam modules. Looks like administrators will have to learn something new, something they do every day of their lives. Gerald> If pam_ntdom was an isolated piece of software in a Gerald> vacuum with no history of how it should configured, When you say "isolated piece of software in a vacuum", do you mean with repsect to previous versions of pam_ntdom, or PAM modules in general? PAM is a tool; in this case it's being used to hook up a stub that talks to a couple of daemons implementing NT-style domain security. People do new things with old tools all the time. Gerald> then I could care less what dependencies you throw Gerald> on it. If you can name one other widely used PAM Gerald> module that requires this type of setup, I will be Gerald> change my mind. Indirectly, via whichever pam module checks the password; if you use nis via nss, then ypbind has to be running for the NIS domain to be contacted. I don't believe that an administrator used to running NIS would be overly concerned that connecting to an NT domain requires a daemon or two. Gerald> And speaking of the size, this argument should be Gerald> irrelevant considering modern VMM systems. My point regarding size was that I was under the impression that things such as PAM modules should be kept as small as possible in order to facilitate security auditing. I know that the 119K chunk of code is still involved, but at least now it is in a separate process and connected to PAM only by an RPC pipe that uses reasonably well-defined message formats. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From gcarter at valinux.com Sat Jul 8 18:48:22 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:28 2003 Subject: PAM-NTDOM: Compile Errors References: <396744F8.378A33E1@valinux.com> Message-ID: <39677776.2F81F7D4@valinux.com> Paul, I appreciate you even tone throughout your messages. I apologize if I sounded rude or short in my previous mails. :-) Paul J Collins wrote: > > In this scenario, login is similar to WINLOGON.EXE, Nice analogies. > Fine, but the architecture of NT's security systems > in not automatically bad and invalid, just because > it happens to belong to NT. I never meant to imply that it was. Let me give a bit of history here. Luke and I (and others) have over the months and years had discussions over issues similar to this. Luke has in the past wanted to make UNIX into NT in every aspect. Not necessarily from a services point of view, but from an architectural point of view. I disagree. Not that I think one is better than the other. I simply think Samba is an interoperability tool, and not an operating system. This is probably capped off with having to merge rpcclient from TNG into HEAD at the moment has rather irratated me. ;-) > NT and Unix have many features in common; too many to > list here. They also have plenty of differences. > Not everything in Unix is good, and not everything in > NT is bad. Very general, I know, but so was your > statement. My previous statements led to misinterpretation. I have never said NT is bad. I apologize. :-) > Gerald> If you didn't need netlogond and lsarpcd before, > Gerald> someone give me a **technical** reason why you > Gerald> need them now. > > I'm sure Luke could do that; I know very little > about pam_ntdom. Here is what it comes down to. I think this was a non necessary change that had no basis in technical issues. Please, someone jump in and correct me if I'm an wrong. I have no pride. If I'm wrong, then I'm wrong. > Looks like administrators will have to learn > something new, something they do every day of > their lives. ok. Let's ask the admins. How many people think that having to run netlogond and lsarpcd in order to use pam_ntdom is a good idea? Please send me private mails and I will tally the results. No need to clutter the list. IMO these are the two important issues to focus on: - top priority: was the changed needed in order to provide a higher or enhanced level of service or quality? - do sysadmins care about having to install another running service in order to use pam_ntdom (which was previously unnecessary)? If those people who use it frequently don't care, why should I raise the issue. arguments about "That is the way NT does it" do not count. Finally, releasing a version that does not even compile (ftp://ftp.samba.org/pub/samba/pam_ntdom/pam_ntdom-0.23.tar.gz) is in bad form, considering that the README file in the same directory make no mention of the changes we have been discussing. jerry ---------------------------------------------------------------------- http://www.samba.org jerry@samba.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sharpe at ns.aus.com Fri Jul 7 06:38:03 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:28 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: <39677776.2F81F7D4@valinux.com> References: <396744F8.378A33E1@valinux.com> Message-ID: <3.0.6.32.20000707153803.008e8d30@203.16.214.248> At 11:47 AM 7/9/00 +1000, Gerald Carter wrote: >Paul, > >Paul J Collins wrote: >> >> In this scenario, login is similar to WINLOGON.EXE, > > >Nice analogies. > >> Fine, but the architecture of NT's security systems >> in not automatically bad and invalid, just because >> it happens to belong to NT. > >I never meant to imply that it was. Let me give a >bit of history here. Luke and I (and others) have over >the months and years had discussions over issues >similar to this. Luke has in the past wanted to make >UNIX into NT in every aspect. Not necessarily from a >services point of view, but from an architectural >point of view. > >I disagree. Not that I think one is better than the >other. I simply think Samba is an interoperability tool, >and not an operating system. The heart of the matter seems to be the argument between Andrew and Luke over how to structure Samba. Luke seems to prefer a process-ful approach that mirrors NT's approach. Andrew appears to prefer a shared-library-ful approach that is more like PAM or nsswitch in concept. There are advantages to both, but the advantages of Luke's approach are mainly felt by developers. System administrators care more about complexity of configuration and management. The shared-library-ful approach has advantages that many administrators will prefer, IMO. Less processes to worry about and check that they are running and so forth. >This is probably capped off with having to merge >rpcclient from TNG into HEAD at the moment has >rather irratated me. ;-) It has clearly affected your spelling as well :-) >> NT and Unix have many features in common; too many to >> list here. They also have plenty of differences. >> Not everything in Unix is good, and not everything in >> NT is bad. Very general, I know, but so was your >> statement. > >My previous statements led to misinterpretation. I >have never said NT is bad. I apologize. :-) Oh, I dunno, I find the statement "NT is bad, Linux is good" has a lot of appeal :-) >> Gerald> If you didn't need netlogond and lsarpcd before, >> Gerald> someone give me a **technical** reason why you >> Gerald> need them now. >> >> I'm sure Luke could do that; I know very little >> about pam_ntdom. > >Here is what it comes down to. I think this was >a non necessary change that had no basis in technical >issues. See above. >Please, someone jump in and correct me if I'm an >wrong. I have no pride. If I'm wrong, then I'm wrong. > >> Looks like administrators will have to learn >> something new, something they do every day of >> their lives. > >ok. Let's ask the admins. How many people think >that having to run netlogond and lsarpcd in order >to use pam_ntdom is a good idea? Please send >me private mails and I will tally the results. >No need to clutter the list. I think that having lots of extra daemons will make life more difficult for admins. >IMO these are the two important issues to focus on: > >- top priority: was the changed needed in order > to provide a higher or enhanced level of > service or quality? > >- do sysadmins care about having to install another > running service in order to use pam_ntdom > (which was previously unnecessary)? If those people > who use it frequently don't care, why should I > raise the issue. This increases the complexity for administrators, which means that even clearer documentation must be written. No one seems willing to do the documentation, so I would suggest that we not increase the complexity like this. >arguments about "That is the way NT does it" do >not count. Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From martinja at ice-works.com Sun Jul 9 02:50:54 2000 From: martinja at ice-works.com (Joseph A. Martin (The LaterDude)) Date: Tue Dec 2 02:30:28 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: Gerald Carter's message of "Sun, 9 Jul 2000 11:47:11 +1000" References: <396744F8.378A33E1@valinux.com> <39677776.2F81F7D4@valinux.com> Message-ID: <878zvcuicx.fsf@hallam.later.dude> Gerald Carter writes: > ok. Let's ask the admins. How many people think > that having to run netlogond and lsarpcd in order > to use pam_ntdom is a good idea? Please send > me private mails and I will tally the results. > No need to clutter the list. Okay, I am sending this to the whole list because I wanted to give some reasons for my vote. Short answer: I think it is a good thing. Long answer: I dislike the extra overhead of having to grab the latest TNG sources, compile and install everything and to get pam_ntdom working. However, I do like the idea that my system works in as similar a manner as possible to NT as far as login is concerned. I think pam_ntdom is a good marriage of the Linux and NT methods of doing authentication and since we are marrying Linux and NT this is good thing overall. later, joseph -- the "LaterDude" @ (martinja@ice-works.com || ICQ #52640402) http://www.ice-works.com/personal/LaterDude/index.html All opinions expressed are my own and not necessarily those of my employer unless otherwise noted. From lkcl at samba.org Mon Jul 10 11:40:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:28 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: <39677776.2F81F7D4@valinux.com> Message-ID: > I never meant to imply that it was. Let me give a > bit of history here. Luke and I (and others) have over > the months and years had discussions over issues > similar to this. Luke has in the past wanted to make > UNIX into NT in every aspect. Not necessarily from a > services point of view, but from an architectural > point of view. both. the possibility of being able to tell microsoft, here, install these services on this version of linux, with these libraries, then hit "compile" on your office msdn development environment, and you will get a native linux office suite. > I disagree. Not that I think one is better than the > other. I simply think Samba is an interoperability tool, > and not an operating system. samba requires support from the OS it is running on. we can provide a mapping between NT and unix worlds as best we can [and will have to continue to do so]. direct support from the underlying OS to provide that interoperability - e.g a filesystem that provides Unicode direct-to-disk - would be of enormous benefit. > This is probably capped off with having to merge > rpcclient from TNG into HEAD at the moment has > rather irratated me. ;-) kudos to you for taking _that_ task on. > Finally, releasing a version that does not even compile > (ftp://ftp.samba.org/pub/samba/pam_ntdom/pam_ntdom-0.23.tar.gz) > is in bad form, considering that the README file in the > same directory make no mention of the changes we have > been discussing. *shrug*. pam_ntdom is not a high priority for me. plus, the way that PAM works makes it difficult to securely provide the exact semantics of nt authentication. so, for those people who have been asking, i tell them that pam_ntdom is superceded by winbindd. From pmal at space.gr Mon Jul 10 13:03:50 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:30:28 2003 Subject: Error connecting to port 445 References: Message-ID: <007701bfea6f$4a9f8160$04aa000a@space.gr> I'm experiencing some problems trying to setup a samba bdc (that will server as a backup for a samba pdc). When I use rpcclient to add the bdc to the pdc domain using the -j switch I get the error message "error connecting to 10.0.1.32:445 (Connection refused)" The same error message I get even when I simply try rpcclient -S thepdcname -U root%password -W domain Any hints on that one? Best regards, Panagiotis From Ben_Meyer at pfm.org Mon Jul 10 13:07:27 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:28 2003 Subject: PAM_NTDOM->SAMBA CVS Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE261A@NT_4> So if I am understanding things correctly, I need to go and grab the CVS version of Samba. (1) Where do I find the CVS versions? I normally try to stay away from developement versions but I guess I have to make an exception in this case. (2) What version should I grab? Would Samba-TNG-2.5-Good (I think that's what I've heard about on the list) be suffiecient? (3) Thanks for the help. And just to note, I would have to agree that having to update to Samba TNG just to use the pam_ntdom package and leaving the last version in such a condition that it cannot be compiled is not a very nice thing to do. All I needed it for was web authentication, and I have been happy with 2.0.6, so it's a bit of an upgrade for me. Not to mention that it forces those of us that want to stay away from Development version software into such arenas. (I'm not saying it's bad, but it's not good either.) BRM From pgquiles.teleline.es at teleline.es Mon Jul 10 14:48:51 2000 From: pgquiles.teleline.es at teleline.es (Pau Garcia i Quiles) Date: Tue Dec 2 02:30:28 2003 Subject: Trouble when re-joining a NT Domain Message-ID: <00071014550105.00792@snl> Hi! I'm trying to join a Samba 2.0.7 server to a NT Domain (say THE_DOMAIN). When the domain administrator added my server (say GREAT_SERVER), I did smbpasswd -j THE_DOMAIN. I did not pass a "-r" parameter because I had configured password server = * (broadcast). I was succesfully joining the domain, but I didn't remember I did already joined, and I relaunched that order: smbpasswd -j THE_DOMAIN. Now I get this: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine TEJAT. Error was : NT_STATUS_ACCESS_DENIED. 2000/07/10 14:52:54 : change_trust_account_password: Failed to change password for domain UPVNET. Unable to join domain UPVNET. What can I do? (besides removing GREAT_SERVER from THE_DOMAIN and adding it again) :-? Please, send answer to pgq@poboxes.com (or crosspost it) Thank you. -- Pau Garcia i Quiles pgq@poboxes.com # Fido -> 2:346/3.25 Coordinador de traduccions del Caliu (http://caliu.upc.es) From pjdc at eircom.net Mon Jul 10 18:33:24 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:28 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: Luke Kenneth Casson Leighton's message of "Mon, 10 Jul 2000 21:43:03 +1000" References: Message-ID: >>>>> "Luke" == Luke Kenneth Casson Leighton writes: >> I never meant to imply that it was. Let me give a >> bit of history here. Luke and I (and others) have over >> the months and years had discussions over issues >> similar to this. Luke has in the past wanted to make >> UNIX into NT in every aspect. Not necessarily from a >> services point of view, but from an architectural >> point of view. Luke> both. the possibility of being able to tell microsoft, Luke> here, install these services on this version of linux, with Luke> these libraries, then hit "compile" on your office msdn Luke> development environment, and you will get a native linux Luke> office suite. First of all, Microsoft Office running on a bunch of Windows-emulating services (would CSRSS.EXE be one of these?) is not "native". In a similar fashion, a Unix app running on cygwin and using X for its display is not really "native" either. I follow the Wine project a little, and the things they have to do in order to run Windows binaries lift Wine a large step above being a toolkit. Second, I don't understand why this is a useful goal. Programs such as Emacs have had difficulty mixing well with NT (e.g. NT's primitive process model; okay "different" process model); why should the converse not be true? And if you follow that approach to NT/Unix integration, why not just drop Samba, implement the Win32 API (Wine!) the NT system traps and suggest that Microsoft recompile SRV.EXE, et al. on Unix? Which brings me to my next point. Office and such rely on a number of chunks of software, updated versions of which these applications frequently install themselves. One example that springs to mind is the COM/OLE libaries. Do you reimplement those, or use Microsoft's versions? >> I disagree. Not that I think one is better than the >> other. I simply think Samba is an interoperability tool, >> and not an operating system. Luke> samba requires support from the OS it is running on. we can Luke> provide a mapping between NT and unix worlds as best we can Luke> [and will have to continue to do so]. One example of Samba meeting the underlying OS with some unease is in the area of utmp/wtmp handling. As I recall, almost every Unix is/was a special case. Luke> direct support from the underlying OS to provide that Luke> interoperability - e.g a filesystem that provides Unicode Luke> direct-to-disk - would be of enormous benefit. I'm pretty sure that ext2fs on Linux can store UTF-8 filenames; is UTF-8 just "not good enough" (both in this case and in general)? Can other Unix filesystems handle UTF-8 in a useful fashion? Luke> *shrug*. pam_ntdom is not a high priority for me. plus, Maybe not, but it has a user base, and it is a priority for them. Luke> the way that PAM works makes it difficult to securely Luke> provide the exact semantics of nt authentication. I'd like some details on this; if it's been written up, an URL. I've found it difficult to locate documentation for PAM in the past. Luke> so, for those people who have been asking, i tell them that Luke> pam_ntdom is superceded by winbindd. I hope this doesn't sound sarcastic, but is it safe to assume that winbindd is close to a "final solution", or is there a chance of it being abandoned in the same fashion as pam_ntdom has been? This is a bit of a ramble. Hope some sense shines through. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From skvidal at phy.duke.edu Mon Jul 10 22:38:07 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:28 2003 Subject: samba and multiple servers Message-ID: Hi, I've got many servers that act as project spaces for the experimentalist and theorist groups in physics. For the unix side accessing the data is over automounted nfs partitions. This works fine - however when accessing them from samba its VERY slow - mostly b/c its making 2 different network connections - smb to the win machine and then an additional connection over nfs to the automounted file server. So I've been setting up smb servers (via samba of course) on each of the project space machines that need windows access. This works very well and performance is great. however I'd like it if the users didn't have to chase down the machine in the network neighborhood (which is becoming very large). so I was hopping there is someway in samba to have a fileshare point to another fileshare: ie: They go to \\sambaserver\projectspace1 and that redirects them to \\projectspace1\filespace or whatever. This would seem like a good feature if its possible - it would be similar to a web redirect. Is this already available and I am just ignorant of it or is there another way I'm missing? thanks -sv From ed at schernau.com Mon Jul 10 22:46:13 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:29 2003 Subject: pam_ntdom CVS Message-ID: <396A5235.A318A8B2@schernau.com> well, either way, I'm glad I got an old CVS working snapshot somewhere on a backup... -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From pjdc at eircom.net Mon Jul 10 22:58:49 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:29 2003 Subject: samba and multiple servers In-Reply-To: Seth Vidal's message of "Tue, 11 Jul 2000 08:40:03 +1000" References: Message-ID: >>>>> "Seth" == Seth Vidal writes: Seth> however I'd like it if the users didn't have to chase down Seth> the machine in the network neighborhood (which is becoming Seth> very large). I know this is not an answer, but are you aware that you can type things like \\projectspace1\filespace into the Start/Run box? It saves a fortune of time than using Network Neighborhood and Find Computer. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From D.Bannon at latrobe.edu.au Mon Jul 10 22:58:01 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:29 2003 Subject: PAM_NTDOM->SAMBA CVS In-Reply-To: <2056AA5B2D1DD311BEA50008C709636C01AE261A@NT_4> Message-ID: <3.0.6.32.20000711085801.00879e90@bioserve.latrobe.edu.au> At 11:14 PM 10/07/2000 +1000, Ben Meyer wrote: >So if I am understanding things correctly, I need to go and grab the CVS >version of Samba. ..... All I >needed it for was web authentication, and I have been happy with 2.0.6, Then all you need is PAM_SMB, it works fine as a stand alone product (that is, no need for TNG). There is a pam modual for Netscape server and it works well. There is a suggestion that pam_smb is not as secure as pam_ntdom but if you are getting the passwords from the web anyway its hardly worth worrying about. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Mon Jul 10 23:07:22 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:29 2003 Subject: pam_ntdom CVS In-Reply-To: Edward Schernau's message of "Tue, 11 Jul 2000 08:48:21 +1000" References: <396A5235.A318A8B2@schernau.com> Message-ID: >>>>> "Edward" == Edward Schernau writes: Edward> well, either way, I'm glad I got an old CVS working Edward> snapshot somewhere on a backup... Er, is this in reply to something? Me lost. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From skvidal at phy.duke.edu Mon Jul 10 23:02:36 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:29 2003 Subject: samba and multiple servers In-Reply-To: Message-ID: > I know this is not an answer, but are you aware that you can type > things like \\projectspace1\filespace into the Start/Run box? It > saves a fortune of time than using Network Neighborhood and Find > Computer. I know this. and You know this - users can't cope all the time. its nice to be able to give out - consistent instructions :) thanks though. -sv From pjdc at eircom.net Mon Jul 10 23:23:21 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:29 2003 Subject: samba and multiple servers In-Reply-To: Seth Vidal's message of "Tue, 11 Jul 2000 09:06:39 +1000" References: Message-ID: >>>>> "Seth" == Seth Vidal writes: Seth> its nice to be able to give out - consistent instructions :) How about creating a central share (or one for each group) that contains shortcuts to all the shares the users need? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From skvidal at phy.duke.edu Mon Jul 10 23:23:03 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:29 2003 Subject: samba and multiple servers In-Reply-To: Message-ID: > How about creating a central share (or one for each group) that > contains shortcuts to all the shares the users need? thats a pretty good idea. any programs for linux to make .lnk files? -sv From pjdc at eircom.net Tue Jul 11 00:21:53 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers In-Reply-To: Seth Vidal's message of "Tue, 11 Jul 2000 09:24:59 +1000" References: Message-ID: >>>>> "Seth" == Seth Vidal writes: Seth> any programs for linux to make .lnk files? Not that I know of. I have a feeling that a .lnk file is a serialized COM object, so your best bet would be to use a Windows box to create them. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From mgeddes at xavier.sa.edu.au Tue Jul 11 00:45:29 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers References: Message-ID: <396A6E29.15A56B90@xavier.sa.edu.au> Paul J Collins wrote: > > >>>>> "Seth" == Seth Vidal writes: > > Seth> any programs for linux to make .lnk files? > > Not that I know of. I have a feeling that a .lnk file is a serialized > COM object, so your best bet would be to use a Windows box to create > them. Does Samba follow Unix symlinks? Not the same, I know, but it could help ni some cases. -- Matthew Geddes Network Manager Xavier College Gawler, SA From sharpe at ns.aus.com Tue Jul 11 01:17:53 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers In-Reply-To: <396A6E29.15A56B90@xavier.sa.edu.au> References: Message-ID: <3.0.6.32.20000711101753.00a07160@203.16.214.248> At 10:30 AM 7/11/00 +1000, Matthew Geddes wrote: >Paul J Collins wrote: >> >> >>>>> "Seth" == Seth Vidal writes: >> >> Seth> any programs for linux to make .lnk files? >> >> Not that I know of. I have a feeling that a .lnk file is a serialized >> COM object, so your best bet would be to use a Windows box to create >> them. > >Does Samba follow Unix symlinks? Not the same, I know, but it could help >ni some cases. Yes, it does follow symlinks. The default is on, but you can control it with the 'wide links' parameter or some such ... >-- > >Matthew Geddes >Network Manager >Xavier College >Gawler, SA > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From moser at egu.schule.ulm.de Tue Jul 11 04:14:50 2000 From: moser at egu.schule.ulm.de (Steffen Moser) Date: Tue Dec 2 02:30:30 2003 Subject: TNG samedit References: <001301bfe4b4$56543a70$3401a8c0@workstation_1a> Message-ID: <396A9F3A.1C2A3E7E@egu.schule.ulm.de> Hello, Ralf Huelsmann wrote: > i?m missing a little bit documentation on TNG... > > does anybody have docu about all the new programms that ship > with TNG, like samedit ? Especially regarding "samedit" you can have a look at: http://www.sambahq.de/programme.php3/samedit.html (German version) An English version is available at: http://www.sambahq.de/programme.php3/samedit_en.html Bye, Steffen From Braun at lswi01.wiwi.uni-tuebingen.de Tue Jul 11 06:24:06 2000 From: Braun at lswi01.wiwi.uni-tuebingen.de (Braun, Matthias) Date: Tue Dec 2 02:30:30 2003 Subject: AW: Trouble when re-joining a NT Domain Message-ID: Hi, we've got the same problem but on a "first try" to join our domain. if a solution is send to you "exclusively" (not over the list), maybe you could share the info to me. One possible solution could be to delete the GREAT_SERVER out of the domain with the Server manager of WinNT. Then the name/id of the computer is available to a new domain-member. thanks Matthias > ---------- > Von: Pau Garcia i Quiles[SMTP:pgquiles.teleline.es@teleline.es] > Antwort an: pgquiles.teleline.es@teleline.es > Gesendet: Montag, 10. Juli 2000 16:58 > An: Multiple recipients of list SAMBA-NTDOM > Betreff: Trouble when re-joining a NT Domain > > Hi! > > I'm trying to join a Samba 2.0.7 server to a NT Domain (say THE_DOMAIN). > When > the domain administrator added my server (say GREAT_SERVER), I did > smbpasswd -j > THE_DOMAIN. I did not pass a "-r" parameter because I had configured > password > server = * (broadcast). > > I was succesfully joining the domain, but I didn't remember I did already > joined, and I relaunched that order: smbpasswd -j THE_DOMAIN. Now I get > this: > > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > TEJAT. Error was : NT_STATUS_ACCESS_DENIED. > 2000/07/10 14:52:54 : change_trust_account_password: Failed to change > password for domain UPVNET. > Unable to join domain UPVNET. > > What can I do? (besides removing GREAT_SERVER from THE_DOMAIN and adding > it > again) :-? > > Please, send answer to pgq@poboxes.com (or crosspost it) > > Thank you. > -- > Pau Garcia i Quiles > pgq@poboxes.com # Fido -> 2:346/3.25 > Coordinador de traduccions del Caliu > (http://caliu.upc.es) > From simo.sorce at polimi.it Tue Jul 11 07:52:50 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:30 2003 Subject: PAM-NTDOM: Compile Errors References: Message-ID: <396AD252.8B2C9D3E@polimi.it> I was a little scared about replying on this argument to Luke, but as a Samba/Unix user I think a comment on this must be made. Paul J Collins wrote: > > >>>>> "Luke" == Luke Kenneth Casson Leighton writes: > > >> I never meant to imply that it was. Let me give a > >> bit of history here. Luke and I (and others) have over > >> the months and years had discussions over issues > >> similar to this. Luke has in the past wanted to make > >> UNIX into NT in every aspect. Not necessarily from a > >> services point of view, but from an architectural > >> point of view. > > Luke> both. the possibility of being able to tell microsoft, > Luke> here, install these services on this version of linux, with > Luke> these libraries, then hit "compile" on your office msdn > Luke> development environment, and you will get a native linux > Luke> office suite. > > First of all, Microsoft Office running on a bunch of Windows-emulating > services (would CSRSS.EXE be one of these?) is not "native". In a > similar fashion, a Unix app running on cygwin and using X for its > display is not really "native" either. I follow the Wine project a > little, and the things they have to do in order to run Windows > binaries lift Wine a large step above being a toolkit. > > Second, I don't understand why this is a useful goal. Programs such > as Emacs have had difficulty mixing well with NT (e.g. NT's primitive > process model; okay "different" process model); why should the > converse not be true? And if you follow that approach to NT/Unix > integration, why not just drop Samba, implement the Win32 API (Wine!) > the NT system traps and suggest that Microsoft recompile SRV.EXE, et > al. on Unix? > > Which brings me to my next point. Office and such rely on a number of > chunks of software, updated versions of which these applications > frequently install themselves. One example that springs to mind is > the COM/OLE libaries. Do you reimplement those, or use Microsoft's > versions? I agree with Paul and don't care at all if M$ products will recompile easily. I want a stable platform and avoid especially as possibile the bad design of infrastructure that M$ services and programs often provides. > > >> I disagree. Not that I think one is better than the > >> other. I simply think Samba is an interoperability tool, > >> and not an operating system. > > Luke> samba requires support from the OS it is running on. we can > Luke> provide a mapping between NT and unix worlds as best we can > Luke> [and will have to continue to do so]. > Here again, If I want the same way M$ do things than what better than an M$ product? Honestly I choose Samba because it runs on a proven stable/maintenable/understandable/customizable platform as Unix is and don't want to return to crappy way M$ build their software. > One example of Samba meeting the underlying OS with some unease is in > the area of utmp/wtmp handling. As I recall, almost every Unix is/was > a special case. > > Luke> direct support from the underlying OS to provide that > Luke> interoperability - e.g a filesystem that provides Unicode > Luke> direct-to-disk - would be of enormous benefit. > > I'm pretty sure that ext2fs on Linux can store UTF-8 filenames; is > UTF-8 just "not good enough" (both in this case and in general)? Can > other Unix filesystems handle UTF-8 in a useful fashion? > > Luke> *shrug*. pam_ntdom is not a high priority for me. plus, > > Maybe not, but it has a user base, and it is a priority for them. > > Luke> the way that PAM works makes it difficult to securely > Luke> provide the exact semantics of nt authentication. > > I'd like some details on this; if it's been written up, an URL. I've > found it difficult to locate documentation for PAM in the past. > > Luke> so, for those people who have been asking, i tell them that > Luke> pam_ntdom is superceded by winbindd. > > I hope this doesn't sound sarcastic, but is it safe to assume that > winbindd is close to a "final solution", or is there a chance of it > being abandoned in the same fashion as pam_ntdom has been? > > This is a bit of a ramble. Hope some sense shines through. > > Paul. > I've tested and used pam_ntdom and it was a really good tool? But going a little further I really dislike the way password are stored and transmitted in current releases and dislike also the fact (with pam_ntdom) that my unix account need to have their password stored in M$ format (and winbindd will follow this scheme). A simple way to do synchronization between the two worlds is really a need, but the solution may also be to change M$ side. (At least Kerberos would be an alternative but the way they implement it, is really a threat to us) I tested NISGINA for example and it was not to bad. Would it be so difficult to implent a replacement of the msgina dll with a sambagina that would permit to use passwords the way unix does? With the best wishes for the optimum work done untill now by the samba team. Simo Sorce. P.S: Excuse my bad english. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From hardy at stico.de Tue Jul 11 09:12:06 2000 From: hardy at stico.de (H. Vogelbein) Date: Tue Dec 2 02:30:30 2003 Subject: trusted domains Message-ID: <200007110912.LAA05804@darkstar.stico.de> hi folks, I'm using TNG 2.5 on linux as PDC for the domain STICO. I want to use a NT Server (NT 4 SP 6) for password authentication in domain STICO-NT. So I put "password server = ntserver" in my smb.conf. Password authentication is then processed on the NT Server, but I don't have access to my Userprofiles on the Samba-Box. Log.smb: error connecting to 192.6.1.13:445 (Connection refused) li_nt_setup_creds: auth2 challenge failed. status: c000018b domain_client_validate: credentials failed (\\NTSERVER) SMB LM/NT Password did not match! Rejecting user 'hardy': authentication failed Is it possible that samba becomes a trusted domain on STICO-NT and vice versa? Can anybody help to implement it? I have to use TNG because of win2000. cheers From pmal at space.gr Tue Jul 11 09:32:27 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:30:30 2003 Subject: Samsync Credentials References: <007701bfea6f$4a9f8160$04aa000a@space.gr> Message-ID: <004a01bfeb1a$eddca280$04aa000a@space.gr> I was able to create the trust between the pdc and the bdc (I needed the use \\workstation command which I believe in not mentioned in any of the faq's) Now when I try to samsync I get the following "cli_nt_setup_creds: auth2 challenge failed. status: c0000022" Anyone have any ideas? I give you all my best... From hanak at IRIS.osu.cz Tue Jul 11 09:38:18 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:30:30 2003 Subject: Win95 password change Message-ID: Hi all, i have one question. How to change NT domain password from win9x box joined to NT DOM? I'm still using samba-2.1prealpha on RH6.2. After trying to change password through Control panel -> Password, it still gives me message "can't find domain controller..." Thanks for your time. Ciao O.H. From greg at discreet.com Tue Jul 11 11:13:31 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers In-Reply-To: Message-ID: How about a login script that just makes the shares? Greg On 10-Jul-00 Seth Vidal wrote: >> How about creating a central share (or one for each group) that >> contains shortcuts to all the shares the users need? > > thats a pretty good idea. > > any programs for linux to make .lnk files? > > -sv > --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From nord at cdt.luth.se Tue Jul 11 11:26:01 2000 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers References: Message-ID: <396B0449.C254E4B@cdt.luth.se> Microsft DFS. You can do this in Windows NT + 2k. And in samba as the share enter .../computer/share IIRC I'm not sure about the compile option ./compile --with-msdfs (or with--dfs - no one did answer my previous question on this) Although the clients need to be DFS aware Win 95 is not. /James Seth Vidal wrote: > > Hi, > I've got many servers that act as project spaces for the experimentalist > and theorist groups in physics. For the unix side accessing the data is > over automounted nfs partitions. This works fine - however when accessing > them from samba its VERY slow - mostly b/c its making 2 different network > connections - smb to the win machine and then an additional connection > over nfs to the automounted file server. So I've been setting up smb > servers (via samba of course) on each of the project space machines that > need windows access. This works very well and performance is great. > > however I'd like it if the users didn't have to chase down the machine in > the network neighborhood (which is becoming very large). > > so I was hopping there is someway in samba to have a fileshare point to > another fileshare: > ie: > They go to \\sambaserver\projectspace1 and that redirects them to > \\projectspace1\filespace or whatever. > > This would seem like a good feature if its possible - it would be similar > to a web redirect. > > Is this already available and I am just ignorant of it or is there another > way I'm missing? > > thanks > -sv -- Technology is a word that describes something that doesn't work yet. Douglas Adams From nord at cdt.luth.se Tue Jul 11 11:29:24 2000 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers References: <396B0449.C254E4B@cdt.luth.se> Message-ID: <396B0514.CF0251C0@cdt.luth.se> check out $src/samba/examples/dce-dfs James Nord wrote: > > Microsft DFS. > > You can do this in Windows NT + 2k. > > And in samba as the share enter .../computer/share > IIRC > > I'm not sure about the compile option > ./compile --with-msdfs > (or with--dfs - no one did answer my previous question on this) > > Although the clients need to be DFS aware Win 95 is not. > > /James > > Seth Vidal wrote: > > > > Hi, > > I've got many servers that act as project spaces for the experimentalist > > and theorist groups in physics. For the unix side accessing the data is > > over automounted nfs partitions. This works fine - however when accessing > > them from samba its VERY slow - mostly b/c its making 2 different network > > connections - smb to the win machine and then an additional connection > > over nfs to the automounted file server. So I've been setting up smb > > servers (via samba of course) on each of the project space machines that > > need windows access. This works very well and performance is great. > > > > however I'd like it if the users didn't have to chase down the machine in > > the network neighborhood (which is becoming very large). > > > > so I was hopping there is someway in samba to have a fileshare point to > > another fileshare: > > ie: > > They go to \\sambaserver\projectspace1 and that redirects them to > > \\projectspace1\filespace or whatever. > > > > This would seem like a good feature if its possible - it would be similar > > to a web redirect. > > > > Is this already available and I am just ignorant of it or is there another > > way I'm missing? > > > > thanks > > -sv > > -- > Technology is a word that describes something that doesn't work yet. > Douglas Adams -- Technology is a word that describes something that doesn't work yet. Douglas Adams From skvidal at phy.duke.edu Tue Jul 11 13:50:02 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:30 2003 Subject: samba and multiple servers In-Reply-To: Message-ID: > How about a login script that just makes the shares? > lots of different project spaces - lots of different drives that COULD be mounted. MANY MANY more than 26 -sv From doverbey at att.com Tue Jul 11 14:46:25 2000 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:30:30 2003 Subject: trust between two samba-tng pdcs? Message-ID: Where can I get an English version of "Samedit"? Thanks Doverbey@att.com From zen at t-linux.com Wed Jul 12 02:41:03 2000 From: zen at t-linux.com (M. ZEN Muttaqien) Date: Tue Dec 2 02:30:30 2003 Subject: Printer Pool Message-ID: <00071122424200.00995@odin.t-linux.com> Hi all, I am wondering how is the Printer Pool running in Samba? Is there anyone successfully do it? I really want to hear... Thank you, ZEN O->^ ======================== From gcarter at valinux.com Tue Jul 11 15:58:25 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:30 2003 Subject: Printer Pool References: <00071122424200.00995@odin.t-linux.com> Message-ID: <396B4421.24B2D2D4@valinux.com> "M. ZEN Muttaqien" wrote: > > Hi all, > I am wondering how is the Printer Pool running in Samba? > Is there anyone successfully do it? > I really want to hear... Do you mean Windows NT feature of assigning a printer to multiple ports? If so, then the answer is that Samba will not support this. Although you can achieve this functionality by configuring the uderlying printing subsystem to do load balancing. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mjwestkamper at weiinc.com Tue Jul 11 16:22:20 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:30 2003 Subject: Drives & Shares Message-ID: <396B49BC.A43AC156@weiinc.com> I have have 10 18GB SCSI drives on an intel box serving our network. This the same one I mentioned before should anyone remember. It is running SAMBA as a member of an NT domain. Working well, save a couple of odd things now and then. With 10 18GB drives I find there is quite a bit of management and moving of files and shares as one drive gets used and we must slop over to another. Is there some neat way I can treat the 10 drives as one and have SAMBA or Linux worry about where the data gets placed? Mike From mg at plum.de Tue Jul 11 18:32:01 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:30 2003 Subject: Drives & Shares In-Reply-To: <396B49BC.A43AC156@weiinc.com>; from mjwestkamper@weiinc.com on Die, Jul 11, 2000 at 18:22:56 +0200 References: <396B49BC.A43AC156@weiinc.com> Message-ID: <20000711203201.A1038@defiant> Am Die, 11 Jul 2000 18:22:56 schrieb Mike Westkamper: > I have have 10 18GB SCSI drives on an intel box serving our network. > This the same one I mentioned before should anyone remember. It is > running SAMBA as a member of an NT domain. Working well, save a couple > of odd things now and then. > > With 10 18GB drives I find there is quite a bit of management and moving > of files and shares as one drive gets used and we must slop over to > another. Is there some neat way I can treat the 10 drives as one and > have SAMBA or Linux worry about where the data gets placed? you are looking for software raid or LVM. Both are included in the 2.4 releases of the linux-kernel regards, Michael From mjwestkamper at weiinc.com Tue Jul 11 16:44:23 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:30 2003 Subject: Drives & Shares References: <396B49BC.A43AC156@weiinc.com> <20000711203201.A1038@defiant> Message-ID: <396B4EE7.8918D997@weiinc.com> As far as SAMBA is concerned is there a preference between software raid or lvm? (Relaibility, performance, backup?) Michael Glauche wrote: > Am Die, 11 Jul 2000 18:22:56 schrieb Mike Westkamper: > > I have have 10 18GB SCSI drives on an intel box serving our network. > > This the same one I mentioned before should anyone remember. It is > > running SAMBA as a member of an NT domain. Working well, save a couple > > of odd things now and then. > > > > With 10 18GB drives I find there is quite a bit of management and moving > > of files and shares as one drive gets used and we must slop over to > > another. Is there some neat way I can treat the 10 drives as one and > > have SAMBA or Linux worry about where the data gets placed? > > you are looking for software raid or LVM. Both are included in the 2.4 > releases > of the linux-kernel > > regards, > Michael From simo.sorce at polimi.it Tue Jul 11 16:47:01 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:30 2003 Subject: Drives & Shares Message-ID: <396B4F85.55D451F0@polimi.it> Mike Westkamper wrote: > > I have have 10 18GB SCSI drives on an intel box serving our network. > This the same one I mentioned before should anyone remember. It is > running SAMBA as a member of an NT domain. Working well, save a couple > of odd things now and then. > > With 10 18GB drives I find there is quite a bit of management and moving > of files and shares as one drive gets used and we must slop over to > another. Is there some neat way I can treat the 10 drives as one and > have SAMBA or Linux worry about where the data gets placed? > > Mike Make the disks part of a Raid Array. You may do this through the md module. Just now striping (major speed) and mirrorig (fail safe) are supported. With Raid 5 (not yet supported) scheme you (at a cost of a disk) have redoundancy so that if a disk fail you still have all the data. see Documentation/md.txt in your kernel tree. and Software-RAID.HOWTO here is an example of my /etc/raidtab file: -------------------->8-cut here-8<------------------------- raiddev /dev/md0 raid-level 1 nr-raid-disks 2 chunk-size 64k persistent-superblock 1 #nr-spare-disks 0 device /dev/sdb1 raid-disk 0 device /dev/sdc1 raid-disk 1 -------------------->8-cut here-8<------------------------- As you see my two scsi disk partitions (sdb1,sdc1) are join in a mirrored (raid-level 1) way so if one disk fails the other still have all the data. See also man mkraid man raidtab man raidstart if you have raidtools . -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Tue Jul 11 16:52:22 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:30 2003 Subject: Drives & Shares Message-ID: <396B50C6.39763389@polimi.it> > you are looking for software raid or LVM. Both are included in the 2.4 > releases > of the linux-kernel > > regards, > Michael md devices and lvm are supported in 2.2.x kernel too. (At least by RH and Suse) -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From MBrown at msdemo.ms.gmsmail.com Tue Jul 11 16:57:03 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:30 2003 Subject: Intermittent login trouble Message-ID: <8158CAF171AED311B73F0060085A92C9011374@msdemo.ms.gmsmail.com> I have a stable Samba install that is very happily plugging along. However, from time to time it will lock a user or a set of users out for no reason I can find. For example, UserA cannot log into Machine1, but UserB and UserC can. And on other occasions it will be similar except that UserA can log into Machine1 but not Machine2, while UserB can log into Machine2 but not Machine1. I am running 2.0.7 as a PDC authenticating only win95 and win98 users. brgrds, -Matthew Brown From mg at plum.de Tue Jul 11 19:02:24 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:30 2003 Subject: Drives & Shares In-Reply-To: <396B4EE7.8918D997@weiinc.com>; from mjwestkamper@weiinc.com on Die, Jul 11, 2000 at 18:46:00 +0200 References: <396B4EE7.8918D997@weiinc.com> Message-ID: <20000711210224.B1038@defiant> Am Die, 11 Jul 2000 18:46:00 schrieb Mike Westkamper: > As far as SAMBA is concerned is there a preference between software raid or > lvm? (Relaibility, performance, backup?) > depends on what you want, what you are looking for. LVM : is an abstraction layer between the disks and the OS (and samba:) you can add more drives to gain more space (if you use an fs that supports resizing), and you can get more performance (data can be striped on the disks) Raid: Raid 5 is quite usefull, because it uses one disk (not physical, rather the size of it) for parity information, so you can swap any drive anytime, which is very handy, if one drive fails. All drives will act as one huge logical drive (md0) You can find more information about it in the Linux-howto's (http://www.kernelnotes.org/howto/) regards, Michael From mg at plum.de Tue Jul 11 19:03:46 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:31 2003 Subject: Intermittent login trouble In-Reply-To: <8158CAF171AED311B73F0060085A92C9011374@msdemo.ms.gmsmail.com>; from MBrown@msdemo.ms.gmsmail.com on Die, Jul 11, 2000 at 18:57:26 +0200 References: <8158CAF171AED311B73F0060085A92C9011374@msdemo.ms.gmsmail.com> Message-ID: <20000711210346.C1038@defiant> Am Die, 11 Jul 2000 18:57:26 schrieb "Brown, Matthew": > I have a stable Samba install that is very happily plugging along. However, > from time to time it will lock a user or a set of users out for no reason I > can find. For example, UserA cannot log into Machine1, but UserB and UserC > can. And on other occasions it will be similar except that UserA can log > into Machine1 but not Machine2, while UserB can log into Machine2 but not > Machine1. > > I am running 2.0.7 as a PDC authenticating only win95 and win98 users. this looks awfully like browsing issues. Do you use wins ? if not, you should do "wins support=yes" in your smb.conf, and point the win* config to the samba IP. regards, Michael From mblack at csihq.com Tue Jul 11 17:18:43 2000 From: mblack at csihq.com (Mike Black) Date: Tue Dec 2 02:30:31 2003 Subject: Cluster Size Error References: <396B49BC.A43AC156@weiinc.com> <20000711203201.A1038@defiant> Message-ID: <021301bfeb5c$10c15ed0$e1de11cc@csihq.com> Just download Microsoft Visual Studio SP4. When trying to unpack the files on a Samba server (2.0.7) I get the following message on the NT box: "The cluster size in this system is not supported". Is MSoft trying to screw us again?? Here's a tcpdump of the attempt -- medusa is the Linux Samba server, mblack is the NT machine trying to unpack an SP4 file tcpdump: listening on eth0 08:03:00.510598 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 50564429:50564517(88) ack 1177766117 win 8508 >>> NBT Packet NBT Session Packet Flags=0x0 Length=84 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA0 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35587 Word Count = 23 smbvwv[]= smb_vwv[0]=8 (0x8) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=1024 (0x400) smb_vwv[18]=2 (0x2) smb_vwv[19]=40 (0x28) smb_vwv[20]=9 (0x9) smb_vwv[21]=5045 (0x13B5) smb_vwv[22]=1 (0x1) smb_bcc=3 smb_buf[]= [000] 4B 00 5C K.\ (DF) 08:03:00.511187 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 1:40(39) ack 88 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA0 Error class = 0x2 Error code = 65535 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35587 Word Count = 0 SMBError = ERRSRV - ERRnosupport (Function not supported.) smb_bcc=0 (DF) 08:03:00.511736 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 88:193(105) ack 40 win 8469 >>> NBT Packet NBT Session Packet Flags=0x0 Length=101 SMB PACKET: SMBtrans2 (REQUEST) SMB Command = 0x32 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 35651 Word Count = 15 TRANSACT2_QPATHINFO param_length=33 data_length=0 TotParam=33 TotData=0 MaxParam=2 MaxData=40 MaxSetup=0 Flags=0x0 TimeOut=0 Res1=0x0 ParamCnt=33 ParamOff=68 DataCnt=0 DataOff=0 SetupCnt=1 TransactionName=SMB2 Paramaters= Data: (33 bytes) [000] 01 01 00 00 00 00 5C 53 6F 66 74 77 61 72 65 5C ......\S oftware\ [010] 4D 69 63 72 6F 73 6F 66 74 5C 56 53 36 53 50 34 Microsof t\VS6SP4 [020] 00 . Data= (DF) 08:03:00.512110 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 40:142(102) ack 193 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=98 SMB PACKET: SMBtrans2 (REPLY) SMB Command = 0x32 Error class = 0x0 Error code = 0 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 35651 Word Count = 10 TRANSACT2_QPATHINFO param_length=2 data_length=36 TotParam=2 TotData=36 Res1=0x0 ParamCnt=2 ParamOff=58 ParamDisp0 DataCnt=36 DataOff=62 DataDisp=0 SetupCnt=0 Paramaters= Data: (2 bytes) [000] 00 00 .. Data= Data: (36 bytes) [000] 80 48 89 A9 2F EB BF 01 00 BD 5B C4 2F EB BF 01 .H../... ..[./... [010] 80 48 89 A9 2F EB BF 01 80 48 89 A9 2F EB BF 01 .H../... .H../... [020] 10 00 00 00 .... (DF) 08:03:00.512576 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 193:281(88) ack 142 win 8367 >>> NBT Packet NBT Session Packet Flags=0x0 Length=84 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA0 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35715 Word Count = 23 smbvwv[]= smb_vwv[0]=8 (0x8) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=1024 (0x400) smb_vwv[18]=2 (0x2) smb_vwv[19]=40 (0x28) smb_vwv[20]=9 (0x9) smb_vwv[21]=5045 (0x13B5) smb_vwv[22]=1 (0x1) smb_bcc=3 smb_buf[]= [000] 4B 00 5C K.\ (DF) 08:03:00.512769 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 142:181(39) ack 281 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA0 Error class = 0x2 Error code = 65535 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35715 Word Count = 0 SMBError = ERRSRV - ERRnosupport (Function not supported.) smb_bcc=0 (DF) 08:03:00.513280 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 281:408(127) ack 181 win 8328 >>> NBT Packet NBT Session Packet Flags=0x0 Length=123 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA2 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35779 Word Count = 24 smbvwv[]= smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=9984 (0x2700) smb_vwv[3]=1536 (0x600) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=256 (0x100) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]=0 (0x0) smb_vwv[15]=768 (0x300) smb_vwv[16]=0 (0x0) smb_vwv[17]=256 (0x100) smb_vwv[18]=0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=1 (0x1) smb_vwv[21]=512 (0x200) smb_vwv[22]=0 (0x0) smb_vwv[23]=0 (0x0) smb_bcc=40 smb_buf[]= [000] 5C 53 6F 66 74 77 61 72 65 5C 4D 69 63 72 6F 73 \Softwar e\Micros [010] 6F 66 74 5C 56 53 36 53 50 34 5C 7E 54 4D 50 34 oft\VS6S P4\~TMP4 [020] 33 35 32 2E 54 4D 50 00 352.TMP. (DF) 08:03:00.514139 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 181:220(39) ack 408 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA2 Error class = 0x1 Error code = 2 Flags1 = 0x88 Flags2 = 0x1 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35779 Word Count = 0 SMBError = ERRDOS - ERRbadfile (File not found.) smb_bcc=0 (DF) 08:03:00.514564 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 408:535(127) ack 220 win 8289 >>> NBT Packet NBT Session Packet Flags=0x0 Length=123 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA2 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35843 Word Count = 24 smbvwv[]= smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=9984 (0x2700) smb_vwv[3]=1536 (0x600) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=38400 (0x9600) smb_vwv[8]=769 (0x301) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=512 (0x200) smb_vwv[18]=0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16 (0x10) smb_vwv[21]=512 (0x200) smb_vwv[22]=0 (0x0) smb_vwv[23]=768 (0x300) smb_bcc=40 smb_buf[]= [000] 5C 53 6F 66 74 77 61 72 65 5C 4D 69 63 72 6F 73 \Softwar e\Micros [010] 6F 66 74 5C 56 53 36 53 50 34 5C 7E 54 4D 50 34 oft\VS6S P4\~TMP4 [020] 33 35 32 2E 54 4D 50 00 352.TMP. (DF) 08:03:00.515310 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 220:327(107) ack 535 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=103 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA2 Error class = 0x0 Error code = 0 Flags1 = 0x88 Flags2 = 0x1 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 35843 Word Count = 34 smbvwv[]= smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=49664 (0xC200) smb_vwv[3]=531 (0x213) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=15346 (0x3BF2) smb_vwv[7]=12277 (0x2FF5) smb_vwv[8]=49131 (0xBFEB) smb_vwv[9]=1 (0x1) smb_vwv[10]=15346 (0x3BF2) smb_vwv[11]=12277 (0x2FF5) smb_vwv[12]=49131 (0xBFEB) smb_vwv[13]=1 (0x1) smb_vwv[14]=15346 (0x3BF2) smb_vwv[15]=12277 (0x2FF5) smb_vwv[16]=49131 (0xBFEB) smb_vwv[17]=1 (0x1) smb_vwv[18]=15346 (0x3BF2) smb_vwv[19]=12277 (0x2FF5) smb_vwv[20]=49131 (0xBFEB) smb_vwv[21]=8193 (0x2001) smb_vwv[22]=0 (0x0) smb_vwv[23]=0 (0x0) smb_vwv[24]=0 (0x0) smb_vwv[25]=0 (0x0) smb_vwv[26]=0 (0x0) smb_vwv[27]=0 (0x0) smb_vwv[28]=0 (0x0) smb_vwv[29]=0 (0x0) smb_vwv[30]=0 (0x0) smb_vwv[31]=0 (0x0) smb_vwv[32]=0 (0x0) smb_vwv[33]=0 (0x0) smb_bcc=0 (DF) 08:03:00.515739 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 535:581(46) ack 327 win 8182 >>> NBT Packet NBT Session Packet Flags=0x0 Length=42 SMB PACKET: SMBclose (REQUEST) SMB Command = 0x4 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 35907 Word Count = 3 smbvwv[]= Handle=5058 Time=NULL smb_bcc=0 (DF) 08:03:00.515972 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 327:366(39) ack 581 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBclose (REPLY) SMB Command = 0x4 Error class = 0x0 Error code = 0 Flags1 = 0x88 Flags2 = 0x1 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 35907 Word Count = 0 smb_bcc=0 (DF) 08:03:00.516319 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 581:663(82) ack 366 win 8143 >>> NBT Packet NBT Session Packet Flags=0x0 Length=78 SMB PACKET: SMBunlink (REQUEST) SMB Command = 0x6 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 35971 Word Count = 1 smbvwv[]= Attrib=HIDDEN SYSTEM smbbuf[]= Path=\Software\Microsoft\VS6SP4\~TMP4352.TMP (DF) 08:03:00.516693 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 366:405(39) ack 663 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunlink (REPLY) SMB Command = 0x6 Error class = 0x0 Error code = 0 Flags1 = 0x88 Flags2 = 0x1 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 35971 Word Count = 0 smb_bcc=0 (DF) 08:03:00.517063 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 663:751(88) ack 405 win 8104 >>> NBT Packet NBT Session Packet Flags=0x0 Length=84 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA0 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36035 Word Count = 23 smbvwv[]= smb_vwv[0]=8 (0x8) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=1024 (0x400) smb_vwv[18]=2 (0x2) smb_vwv[19]=40 (0x28) smb_vwv[20]=9 (0x9) smb_vwv[21]=5045 (0x13B5) smb_vwv[22]=1 (0x1) smb_bcc=3 smb_buf[]= [000] 28 00 5C (.\ (DF) 08:03:00.517251 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 405:444(39) ack 751 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA0 Error class = 0x2 Error code = 65535 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36035 Word Count = 0 SMBError = ERRSRV - ERRnosupport (Function not supported.) smb_bcc=0 (DF) 08:03:00.517673 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 751:856(105) ack 444 win 8065 >>> NBT Packet NBT Session Packet Flags=0x0 Length=101 SMB PACKET: SMBtrans2 (REQUEST) SMB Command = 0x32 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 36099 Word Count = 15 TRANSACT2_QPATHINFO param_length=33 data_length=0 TotParam=33 TotData=0 MaxParam=2 MaxData=40 MaxSetup=0 Flags=0x0 TimeOut=0 Res1=0x0 ParamCnt=33 ParamOff=68 DataCnt=0 DataOff=0 SetupCnt=1 TransactionName=SMB2 Paramaters= Data: (33 bytes) [000] 01 01 00 00 00 00 5C 53 6F 66 74 77 61 72 65 5C ......\S oftware\ [010] 4D 69 63 72 6F 73 6F 66 74 5C 56 53 36 53 50 34 Microsof t\VS6SP4 [020] 00 . Data= (DF) 08:03:00.517948 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 444:546(102) ack 856 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=98 SMB PACKET: SMBtrans2 (REPLY) SMB Command = 0x32 Error class = 0x0 Error code = 0 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 51966 UID = 100 MID = 36099 Word Count = 10 TRANSACT2_QPATHINFO param_length=2 data_length=36 TotParam=2 TotData=36 Res1=0x0 ParamCnt=2 ParamOff=58 ParamDisp0 DataCnt=36 DataOff=62 DataDisp=0 SetupCnt=0 Paramaters= Data: (2 bytes) [000] 00 00 .. Data= Data: (36 bytes) [000] 00 F2 3B F5 2F EB BF 01 00 F2 3B F5 2F EB BF 01 ..;./... ..;./... [010] 00 F2 3B F5 2F EB BF 01 00 F2 3B F5 2F EB BF 01 ..;./... ..;./... [020] 10 00 00 00 .... (DF) 08:03:00.518392 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 856:944(88) ack 546 win 7963 >>> NBT Packet NBT Session Packet Flags=0x0 Length=84 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA0 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36163 Word Count = 23 smbvwv[]= smb_vwv[0]=8 (0x8) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=1024 (0x400) smb_vwv[18]=2 (0x2) smb_vwv[19]=40 (0x28) smb_vwv[20]=9 (0x9) smb_vwv[21]=5045 (0x13B5) smb_vwv[22]=1 (0x1) smb_bcc=3 smb_buf[]= [000] 28 00 5C (.\ (DF) 08:03:00.518600 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 546:585(39) ack 944 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA0 Error class = 0x2 Error code = 65535 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36163 Word Count = 0 SMBError = ERRSRV - ERRnosupport (Function not supported.) smb_bcc=0 (DF) 08:03:00.518963 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 944:1032(88) ack 585 win 7924 >>> NBT Packet NBT Session Packet Flags=0x0 Length=84 SMB PACKET: SMBunknown (REQUEST) SMB Command = 0xA0 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36227 Word Count = 23 smbvwv[]= smb_vwv[0]=8 (0x8) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=1024 (0x400) smb_vwv[18]=2 (0x2) smb_vwv[19]=40 (0x28) smb_vwv[20]=9 (0x9) smb_vwv[21]=5045 (0x13B5) smb_vwv[22]=1 (0x1) smb_bcc=3 smb_buf[]= [000] 4B 00 5C K.\ (DF) 08:03:00.519158 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 585:624(39) ack 1032 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 SMB PACKET: SMBunknown (REPLY) SMB Command = 0xA0 Error class = 0x2 Error code = 65535 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36227 Word Count = 0 SMBError = ERRSRV - ERRnosupport (Function not supported.) smb_bcc=0 (DF) 08:03:00.519665 mblack.csihq.com.4866 > medusa.csihq.com.netbios-ssn: P 1032:1106(74) ack 624 win 7885 >>> NBT Packet NBT Session Packet Flags=0x0 Length=70 SMB PACKET: SMBtrans2 (REQUEST) SMB Command = 0x32 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36291 Word Count = 15 TRANSACT2_QFSINFO param_length=2 data_length=0 TotParam=2 TotData=0 MaxParam=2 MaxData=24 MaxSetup=0 Flags=0x0 TimeOut=0 Res1=0x0 ParamCnt=2 ParamOff=68 DataCnt=0 DataOff=0 SetupCnt=1 TransactionName=SMB2 InfoLevel=259 (DF) 08:03:00.520591 medusa.csihq.com.netbios-ssn > mblack.csihq.com.4866: P 624:710(86) ack 1106 win 16060 >>> NBT Packet NBT Session Packet Flags=0x0 Length=82 SMB PACKET: SMBtrans2 (REPLY) SMB Command = 0x32 Error class = 0x0 Error code = 0 Flags1 = 0x88 Flags2 = 0x41 Tree ID = 2 Proc ID = 54208 UID = 100 MID = 36291 Word Count = 10 TRANSACT2_QFSINFO param_length=0 data_length=24 TotParam=0 TotData=24 Res1=0x0 ParamCnt=0 ParamOff=58 ParamDisp0 DataCnt=24 DataOff=58 DataDisp=0 SetupCnt=0 UnknownLevel Data: (24 bytes) [000] 8B CE 00 00 00 00 00 00 28 2E 00 00 00 00 00 00 ........ (....... [010] 00 01 00 00 00 02 00 00 ........ data: [000] 8B CE 00 00 00 00 00 00 28 2E 00 00 00 00 00 00 ........ (....... [010] 00 01 00 00 00 02 00 00 ........ ________________________________________ Michael D. Black Principal Engineer mblack@csihq.com 321-676-2923,x203 http://www.csihq.com Computer Science Innovations http://www.csihq.com/~mike My home page FAX 321-676-2355 From ed at schernau.com Tue Jul 11 17:22:03 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:31 2003 Subject: linux vs. RAID vs. S/N ratio Message-ID: <396B57BB.FA480FAE@schernau.com> lets not get too detailed about raid configs, especially when you really don't know what you're talking about. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From pjdc at eircom.net Tue Jul 11 17:41:34 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:31 2003 Subject: samba and multiple servers In-Reply-To: Richard Sharpe's message of "Tue, 11 Jul 2000 10:43:11 +1000" References: <3.0.6.32.20000711101753.00a07160@203.16.214.248> Message-ID: >>>>> "Richard" == Richard Sharpe writes: Richard> At 10:30 AM 7/11/00 +1000, Matthew Geddes wrote: >> Does Samba follow Unix symlinks? Not the same, I know, but it could help >> ni some cases. Richard> Yes, it does follow symlinks. The default is on, but you Richard> can control it with the 'wide links' parameter or some Richard> such ... What "wide links" does is make sure that symbolic links don't point outside the shared tree. It's an expensive option to use; every file opened must be lstat'd and if it is a link, a readlink call must be made to check it (i.e. one system call per file open, and possibly two). And if that points to a file/directory inside the tree, then *that* must be checked (more system calls). If potentially malicious people do not have Unix-level access (i.e. such that they could create a symlink) to the Samba shares, then leave "wide links = on". Note also that the symlink interpretation is done by the OS kernel on the Samba server; it is therefore not possible to symlink to shares on other servers. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Tue Jul 11 18:08:55 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:31 2003 Subject: linux vs. RAID vs. S/N ratio In-Reply-To: Edward Schernau's message of "Wed, 12 Jul 2000 03:23:29 +1000" References: <396B57BB.FA480FAE@schernau.com> Message-ID: >>>>> "Edward" == Edward Schernau writes: Edward> lets not get too detailed about raid configs, especially Edward> when you really don't know what you're talking about. Okay... Suppose you had 10 18 gig disks to configure as you liked for Samba to serve up; how would you do it? People in general prefer not to spread incorrect information. Gentle corrections are always welcome. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From mjwestkamper at weiinc.com Tue Jul 11 18:48:33 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:31 2003 Subject: linux vs. RAID vs. S/N ratio References: <396B57BB.FA480FAE@schernau.com> Message-ID: <396B6C01.43CFCABF@weiinc.com> I for one am trying to pick a good way to have SAMBA serve up the 10 18gb drives as if it were one drive. Unless I am mistaken the consensus seems to be to use the RAID that comes with the distribution. I am working on that right now. If I am off course please yell! Mike Paul J Collins wrote: > >>>>> "Edward" == Edward Schernau writes: > > Edward> lets not get too detailed about raid configs, especially > Edward> when you really don't know what you're talking about. > > Okay... Suppose you had 10 18 gig disks to configure as you liked for > Samba to serve up; how would you do it? > > People in general prefer not to spread incorrect information. Gentle > corrections are always welcome. > > Paul. > > -- > Paul Collins - - - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Tue Jul 11 19:16:13 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:32 2003 Subject: linux vs. RAID vs. S/N ratio In-Reply-To: Mike Westkamper's message of "Wed, 12 Jul 2000 04:50:59 +1000" References: <396B57BB.FA480FAE@schernau.com> <396B6C01.43CFCABF@weiinc.com> Message-ID: >>>>> "Mike" == Mike Westkamper writes: Mike> I for one am trying to pick a good way to have SAMBA serve Mike> up the 10 18gb drives as if it were one drive. Unless I am Mike> mistaken the consensus seems to be to use the RAID that Mike> comes with the distribution. I am working on that right Mike> now. If I am off course please yell! Ignoring for now issues of what RAID implementation you using (hardware, software, wetware) and where your OS is kept, I would be inclined to make one RAID 5 volume out of the 10 disks, create directories in the root of this drive for the shares, and share 'em out. Then I could forget about which shares hold how much, until the disk fills up. That said, my experience of RAID is confined to smallish installations; three to six disks, which we normally set up as RAID 5. The other option is to give EMC a call and buy a Symmetrix. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From hulet at ittc.ukans.edu Tue Jul 11 19:08:41 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:30:32 2003 Subject: linux vs. RAID vs. S/N ratio In-Reply-To: <396B6C01.43CFCABF@weiinc.com> Message-ID: I would vote for a hardware RAID controller unless you are trying to save money and don't care about performance. Michael Hulet Network System Administrator ITTC, University of Kansas On Wed, 12 Jul 2000, Mike Westkamper wrote: > I for one am trying to pick a good way to have SAMBA serve up the 10 18gb > drives as if it were one drive. Unless I am mistaken the consensus seems > to be to use the RAID that comes with the distribution. I am working on > that right now. If I am off course please yell! > > Mike > > Paul J Collins wrote: > > > >>>>> "Edward" == Edward Schernau writes: > > > > Edward> lets not get too detailed about raid configs, especially > > Edward> when you really don't know what you're talking about. > > > > Okay... Suppose you had 10 18 gig disks to configure as you liked for > > Samba to serve up; how would you do it? > > > > People in general prefer not to spread incorrect information. Gentle > > corrections are always welcome. > > > > Paul. > > > > -- > > Paul Collins - - - - - - - [ A&P,a&f ] > > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > > "Where? Where is the town? Now it's nothing but flowers!" > From mg at plum.de Tue Jul 11 19:33:56 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:32 2003 Subject: linux vs. RAID vs. S/N ratio In-Reply-To: ; from hulet@ittc.ukans.edu on Die, Jul 11, 2000 at 21:12:12 +0200 References: Message-ID: <20000711213356.I1038@defiant> Am Die, 11 Jul 2000 21:12:12 schrieb Michael S. Hulet: > I would vote for a hardware RAID controller unless you are trying to save > money and don't care about performance. > actually software raid is usually faster than hardware raid. But HW raid has many other advantages, such as hot plug, transparent reconstruction (install linux while it's building the array ;) regards, Michael From Bielenberg at t-online.de Tue Jul 11 21:11:58 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:30:32 2003 Subject: drop NT-server Message-ID: <396B8D9E.9F5EEA63@t-online.de> Hi, I am running a net of about 10 NT4-workstations and a NT4-server as PDC. Another Linux-2.2-Server routes into the internet. Now I have installed Samba 2.0.7 to use this server as a PDC. It already stores the profiles of the users and I think, it also can do this little authentification job too. But if I try to take the NT-Server out of the net I am not able to get my users into the new _old_ net. What I did: -created Unix-accounts for every workstation, put them into the smbpasswd with 'smbpasswd -a -w $' -created Unix-accounts for every user, put them into smbpasswd with 'smbpasswd -a ' -logged out the workstations out of the domain -removed the NT-server -restarted samba with a new smb.conf to act as PDC -logged in the workstations to the domain (same name, but now on samba) -got the message: 'successfully joined the domain' Now the only user who can log in is the administrator of the workstation, all other users get the message 'wrong password'. What went wrong? Could anybody give me a step-by-step help or show me, where to find it? Thanks in advance G?nter From skvidal at phy.duke.edu Tue Jul 11 21:14:21 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:32 2003 Subject: samba and multiple servers In-Reply-To: <396B0449.C254E4B@cdt.luth.se> Message-ID: > Although the clients need to be DFS aware Win 95 is not. out of curiosity - is win98 I sorta assumed it wasn't but I thought I'd ask. -sv From ed at schernau.com Tue Jul 11 21:56:02 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:32 2003 Subject: Linux + RAID + Samba Message-ID: <396B97F2.FC8C6324@schernau.com> I just meant be sure what you know Linux RAID can do thats all.. sorry to spark such a big discussion. RAID is definitely the way to go on this job. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From ralf at is.rice.edu Tue Jul 11 22:11:32 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:30:32 2003 Subject: MIgration.in HELL In-Reply-To: Message-ID: Is the reverse possible? I mean, can samba-tng be joined by an NT BDC, and use samsync on the samba server to sync the NT SAM with the samba password file? If I try to load NT as a BDC for a samba-tng domain, I can't go past the prompt for the PDC and domain name. I get "Can not locate PDC". I've been able to make the samba server join the NT PDC and issue administrator commands. I've even had samba show up on Server Mgr on the NT as a BDC. But when I try to promote the samba server to PDC, the NT server complains "The RPC server is not available". I'm sure the RPC server it is talking about is on the samba server because I hear activity on the disk drive as soon as I issue the promote command. What is the proper way to make samba a BDC for an NT PDC? If there is any. Please help! Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Tue, 4 Jul 2000, Luke Kenneth Casson Leighton wrote: > hey dude, chill. use samedit to join the samba server as a BDC, then > issue a samsync command. this will add every single PDC account to your > samba server's BDC smbpasswd file. the only thing you will have to _have_ > done, beforehand, is create the unix accounts. > > _or_, do the process twice, and have a script parse the output the first > time to get the usernames, have the script run adduser you get the > picture. > > luke > > Script started on Fri Jun 9 04:11:17 2000 > [root@knight source]# bin/samedit -S changeme-nt4s -U root%test -l log > Server: \\CHANGEME-NT4S: User: root Domain: > Connection: OK > > [root@CHANGEME-NT4S]$ use \\knight -Uroot%test -W knight > use \\knight -Uroot%test -Wknight > Server: \\KNIGHT: User: root Domain: knight > Connection: OK > > [knight\root@CHANGEME-NT4S]$ createuser knight$ -s -j domain > createuser knight$ -s -j domain > SAM Create Domain User > Domain: DOMAIN Name: knight$ ACB: [S ] > Create Domain User: OK > Join KNIGHT to Domain DOMAIN > Set $MACHINE.ACC: OK > > [knight\root@CHANGEME-NT4S]$ lsaquery > lsaquery > LSA Query Info Policy > Domain Member - Domain: DOMAIN (S-1-5-21-4070507235-114175824-2771791698) > Domain Controller - Domain: DOMAIN (S-1-5-21-4070507235-114175824-2771791698) > > [knight\root@CHANGEME-NT4S]$ samsync > samsync > SAM Database Sync > ----------------- > Domain: DOMAIN > Group: Domain Admins > Group: Domain Users > Group: Domain Guests > Group: testgroup > Group: testgroup2 > Group: testgroup3 > Group: testgroup5 > Group: testgroup6 > Group: testgroup7 > Account: Administrator > { > 0x01, 0xFC, 0x5A, 0x6B, 0xE7, 0xBC, 0x69, 0x29, > 0xAA, 0xD3, 0xB4, 0x35, 0xB5, 0x14, 0x04, 0xEE > }; > { > 0x0C, 0xB6, 0x94, 0x88, 0x05, 0xF7, 0x97, 0xBF, > 0x2A, 0x82, 0x80, 0x79, 0x73, 0xB8, 0x95, 0x37 > }; > Account: Guest > { > 0xB3, 0xCC, 0x5A, 0x77, 0xA6, 0x8F, 0x64, 0x77, > 0x61, 0x2A, 0x53, 0xE1, 0x2D, 0xFC, 0x18, 0x3B > }; > { > 0xB3, 0xCC, 0x5A, 0x77, 0xA6, 0x8F, 0x64, 0x77, > 0x61, 0x2A, 0x53, 0xE1, 0x2D, 0xFC, 0x18, 0x3B > }; > Account: CHANGEME-NT4S$ > { > 0x17, 0x47, 0xDB, 0xE6, 0x1B, 0xA8, 0x60, 0x32, > 0x1D, 0x1A, 0xEE, 0x2B, 0x53, 0xF6, 0x29, 0xEA > }; > { > 0x5E, 0x6A, 0xBA, 0x10, 0xF7, 0xA2, 0x3F, 0xDC, > 0xEF, 0x50, 0xBA, 0x30, 0x62, 0x75, 0xBF, 0x53 > }; > Account: NT4-1$ > { > 0x8F, 0xCA, 0x67, 0xCF, 0x5A, 0x9F, 0xEB, 0x7D, > 0xB0, 0x6F, 0xDA, 0xCB, 0xE2, 0xEF, 0xDE, 0xAB > }; > { > 0x6D, 0x60, 0xD6, 0x79, 0x43, 0xE7, 0x2C, 0xE3, > 0x46, 0xC3, 0x4C, 0xD1, 0xD4, 0xC9, 0xD6, 0x2C > }; > Account: root > { > 0x01, 0xFC, 0x5A, 0x6B, 0xE7, 0xBC, 0x69, 0x29, > 0xAA, 0xD3, 0xB4, 0x35, 0xB5, 0x14, 0x04, 0xEE > }; > { > 0x0C, 0xB6, 0x94, 0x88, 0x05, 0xF7, 0x97, 0xBF, > 0x2A, 0x82, 0x80, 0x79, 0x73, 0xB8, 0x95, 0x37 > }; > Account: knight$ > { > 0xBF, 0xFB, 0x57, 0x74, 0x20, 0x86, 0xF0, 0x83, > 0x1A, 0xD1, 0x2E, 0xDD, 0xA1, 0x3A, 0x11, 0xFC > }; > { > 0x92, 0x3A, 0x73, 0x26, 0xCA, 0xFC, 0x62, 0xAD, > 0x7E, 0x25, 0x04, 0x32, 0x56, 0x2D, 0x2A, 0x41 > }; > > [knight\root@CHANGEME-NT4S]$ exit > exit > [root@knight source]# exit > exit > > Script done on Fri Jun 9 04:12:06 2000 > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > From mjwestkamper at weiinc.com Tue Jul 11 22:33:24 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:32 2003 Subject: Linux + RAID + Samba References: <396B97F2.FC8C6324@schernau.com> Message-ID: <396BA0B4.C82DB176@weiinc.com> I thank all who participated in the Drives & Shares discussion. It is most refreshing to work with compentent people. I will contribute where I can as well. Mike Edward Schernau wrote: > I just meant be sure what you know Linux RAID can do thats > all.. sorry to spark such a big discussion. RAID is definitely > the way to go on this job. > -- > Edward Schernau, mailto:ed@schernau.com > Network Architect http://www.schernau.com > RC5-64#: 243249 e-gold acct #:131897 From mgeddes at xavier.sa.edu.au Tue Jul 11 23:46:44 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:32 2003 Subject: trust between two samba-tng pdcs? References: Message-ID: <396BB1E4.783E4B56@xavier.sa.edu.au> "Overbey, Alfred D (Dudley), ALCOO" wrote: > > Where can I get an English version of "Samedit"? > > Thanks > Doverbey@att.com Which bit's not in english? Are you talking about the documentation or the "online help" in samedit. Apparently there are one or two commands in samedit which havne't been translated yet. If you want to know any specifics, mail the list. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From lkcl at samba.org Wed Jul 12 00:00:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:32 2003 Subject: MIgration.in HELL In-Reply-To: Message-ID: > I've been able to make the samba server join the NT PDC and issue > administrator commands. I've even had samba show up on Server Mgr on the > NT as a BDC. But when I try to promote the samba server to PDC, the NT you can't do that. From pjdc at eircom.net Wed Jul 12 00:24:34 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:32 2003 Subject: MIgration.in HELL In-Reply-To: Luke Kenneth Casson Leighton's message of "Wed, 12 Jul 2000 10:02:55 +1000" References: Message-ID: >>>>> "Luke" == Luke Kenneth Casson Leighton writes: >> I've been able to make the samba server join the NT PDC and issue >> administrator commands. I've even had samba show up on Server Mgr on the >> NT as a BDC. But when I try to promote the samba server to PDC, the NT Luke> you can't do that. Okay, according to Lars' FAQ pages, a TNG BDC's smb.conf is distinguished from a PDC's by these two parameters: [global] password server = PDCNAME domain master = no If I shut down a TNG BDC that I have just samsynced with an NT PDC, take the NT PDC down, and alter the BDC's smb.conf to remove the first line and change the second to "yes", will it then work as a PDC when it is brought back up? If not, what *would* need to be done? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From tarragon at infoxchange.net.au Wed Jul 12 06:03:34 2000 From: tarragon at infoxchange.net.au (Tarragon Allen) Date: Tue Dec 2 02:30:32 2003 Subject: File locking and sharing problems with Access Message-ID: <001e01bfebc6$e9ec4250$f45315cb@infoxchange.net.au> I have a linux server running Samba 2.0.6, and I have a share on the server which holds an access database that several people have to access simultaneously. I had the database hosted on another machine (Windows 98) with no hassles, however after I moved it to a shared drive on the Samba server, it returns with this error 'Couldn't use "//TALOS/USDOCS/User Database.mdb", file already in use' from Access 97, or 'Could not lock file' from Access 2000, whenever a second person tries to open the file. However (and I've only just noticed this feature) if I log into one workstation with my samba username/password, open the database, then go to another machine, log in as myself, I can open the database multiple times with no problems. This makes me think that the locks are set on a per user basis... The workstations are running Windows 98 SE. Any suggestions? Here is a copy of the relevent sections of my smb.conf file: ---------------------------- [global] workgroup = IX netbios name = TALOS security = user invalid users = root bin daemon adm sync shutdown halt mail news uucp operator games gopher ftp lp squid wins support = yes domain master = yes preferred master = yes os level = 34 map to guest = Bad User guest account = guest [usdocs] comment = User Support Document Repository path = /home/samba/shares/usdocs public = no writeable = no read list = @usteam write list = @usteam ------------------------------- usteam is a unix group containing four members of our support team. Thanks, Tarragon Allen From george at v-sync.bg Wed Jul 12 07:16:11 2000 From: george at v-sync.bg (George Terziysky) Date: Tue Dec 2 02:30:32 2003 Subject: THE LINUX fun References: <3.0.6.32.20000706085651.00813950@mail.gator.net> <007701bfe74b$dc06cd60$0b04010a@plum.int> Message-ID: <003b01bfebd1$0e787210$298f74d4@hot> http://www.kimble.org/kimmovie/ From lkneschke at vater-gmbh.de Wed Jul 12 07:47:39 2000 From: lkneschke at vater-gmbh.de (Lars Kneschke) Date: Tue Dec 2 02:30:33 2003 Subject: drop NT-server In-Reply-To: <396B8D9E.9F5EEA63@t-online.de> Message-ID: > What I did: > -created Unix-accounts for every workstation, put them into the > smbpasswd with 'smbpasswd -a -w $' > -created Unix-accounts for every user, put them into smbpasswd with > 'smbpasswd -a ' > -logged out the workstations out of the domain > -removed the NT-server > -restarted samba with a new smb.conf to act as PDC > -logged in the workstations to the domain (same name, but now on samba) > -got the message: 'successfully joined the domain' Look's good! > Now the only user who can log in is the administrator of the > workstation, all other users get the message 'wrong password'. What went > wrong? > Could anybody give me a step-by-step help or show me, where to find it? i would set the "debug level" to 10 and watch the logfile. log.smb Maybe you should choose another domain name too. Cu From simo.sorce at polimi.it Wed Jul 12 07:49:59 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:33 2003 Subject: drop NT-server References: <396B8D9E.9F5EEA63@t-online.de> Message-ID: <396C2327.BCC33915@polimi.it> G?nter Bielenberg wrote: > > Hi, > > I am running a net of about 10 NT4-workstations and a NT4-server as PDC. > Another Linux-2.2-Server routes into the internet. Now I have installed > Samba 2.0.7 to use this server as a PDC. It already stores the profiles > of the users and I think, it also can do this little authentification > job too. > But if I try to take the NT-Server out of the net I am not able to get > my users into the new _old_ net. > > What I did: > -created Unix-accounts for every workstation, put them into the > smbpasswd with 'smbpasswd -a -w $' > -created Unix-accounts for every user, put them into smbpasswd with > 'smbpasswd -a ' > -logged out the workstations out of the domain > -removed the NT-server > -restarted samba with a new smb.conf to act as PDC > -logged in the workstations to the domain (same name, but now on samba) > -got the message: 'successfully joined the domain' > > Now the only user who can log in is the administrator of the > workstation, all other users get the message 'wrong password'. What went > wrong? > Could anybody give me a step-by-step help or show me, where to find it? > > Thanks in advance > > G?nter Really bogus question. Have you selected the correct domain to log in? In the domain combo at login? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Wed Jul 12 07:51:58 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:33 2003 Subject: linux vs. RAID vs. S/N ratio References: <396B57BB.FA480FAE@schernau.com> Message-ID: <396C239E.42262011@polimi.it> Edward Schernau wrote: > > lets not get too detailed about raid configs, especially > when you really don't know what you're talking about. Do I missed some mail? How you refer to? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From teilo at cdt.luth.se Wed Jul 12 10:06:26 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:30:33 2003 Subject: samba and multiple servers References: Message-ID: <396C4322.819BD5C1@cdt.luth.se> Seth Vidal wrote: > > > Although the clients need to be DFS aware Win 95 is not. > out of curiosity - is win98 > > I sorta assumed it wasn't but I thought I'd ask. Oops, 95 is DFS aware. from http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp > With the Dfs software, you can create a Dfs tree root on any server running Windows NT > erver version 4.0. Each Dfs tree you create is accessible by users of computers running > Windows NT Workstation version 4.0, Windows NT Server version 4.0, and Windows? 95. The above page also gives a good overview of what DFS is for those that want to know. The author reserves the right to be wrong ;-) /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From richard.jones at talkcast.com Wed Jul 12 12:25:31 2000 From: richard.jones at talkcast.com (Richard Jones) Date: Tue Dec 2 02:30:33 2003 Subject: International Roaming Message-ID: Dom, Matt has authorised my having international roaming. Ricardo -- Internal Systems Administration Talkcast Corporation plc p +44 (0) 20 7959 1526 m +44 (0) 7776 198 197 f +44 (0) 20 7959 1550 116 Baker Street, London W1M 1LB -- From MBrown at msdemo.ms.gmsmail.com Wed Jul 12 13:22:27 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:33 2003 Subject: International Roaming Message-ID: <8158CAF171AED311B73F0060085A92C901137A@msdemo.ms.gmsmail.com> Congrats! -----Original Message----- From: Richard Jones [mailto:richard.jones@talkcast.com] Sent: Wednesday, July 12, 2000 8:28 AM To: Multiple recipients of list SAMBA-NTDOM Subject: International Roaming Dom, Matt has authorised my having international roaming. Ricardo -- Internal Systems Administration Talkcast Corporation plc p +44 (0) 20 7959 1526 m +44 (0) 7776 198 197 f +44 (0) 20 7959 1550 116 Baker Street, London W1M 1LB -- From MBrown at msdemo.ms.gmsmail.com Wed Jul 12 13:27:01 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:33 2003 Subject: File locking and sharing problems with Access Message-ID: <8158CAF171AED311B73F0060085A92C901137B@msdemo.ms.gmsmail.com> Isn't this a 'share modes' issue? I had the same problem, but I remember fixing it with a simple setting. I think it was share modes = yes, but I cannot recall at this specific moment. I guess I could conceive of it being a problem of the create mask as well. Perhaps the .LDB file created to lock the database is being masked as 0700 or something like that, effectively locking out any other users but the user who first opens the file (thus creating the owner-locked version of the ..LDB). TO check this one, open the access db then do a ls -l on the directory with the access db, looking for the .LDB file. Look at its permissions. -Matthew Brown -----Original Message----- From: Tarragon Allen [mailto:tarragon@infoxchange.net.au] Sent: Wednesday, July 12, 2000 2:08 AM To: Multiple recipients of list SAMBA-NTDOM Subject: File locking and sharing problems with Access I have a linux server running Samba 2.0.6, and I have a share on the server which holds an access database that several people have to access simultaneously. I had the database hosted on another machine (Windows 98) with no hassles, however after I moved it to a shared drive on the Samba server, it returns with this error 'Couldn't use "//TALOS/USDOCS/User Database.mdb", file already in use' from Access 97, or 'Could not lock file' from Access 2000, whenever a second person tries to open the file. However (and I've only just noticed this feature) if I log into one workstation with my samba username/password, open the database, then go to another machine, log in as myself, I can open the database multiple times with no problems. This makes me think that the locks are set on a per user basis... The workstations are running Windows 98 SE. Any suggestions? Here is a copy of the relevent sections of my smb.conf file: ---------------------------- [global] workgroup = IX netbios name = TALOS security = user invalid users = root bin daemon adm sync shutdown halt mail news uucp operator games gopher ftp lp squid wins support = yes domain master = yes preferred master = yes os level = 34 map to guest = Bad User guest account = guest [usdocs] comment = User Support Document Repository path = /home/samba/shares/usdocs public = no writeable = no read list = @usteam write list = @usteam ------------------------------- usteam is a unix group containing four members of our support team. Thanks, Tarragon Allen From richard.jones at talkcast.com Wed Jul 12 13:52:06 2000 From: richard.jones at talkcast.com (Richard Jones) Date: Tue Dec 2 02:30:33 2003 Subject: International Roaming Message-ID: Apologies, still trying to get to grips with M$ Outlook's 'intelligent' address book -- Internal Systems Administration Talkcast Corporation plc p +44 (0) 20 7959 1526 m +44 (0) 7776 198 197 f +44 (0) 20 7959 1550 116 Baker Street, London W1M 1LB -- From wilson at coms.com Wed Jul 12 13:55:14 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:33 2003 Subject: Synchronising roaming profile with local profile Message-ID: <396C78C2.315C8562@coms.com> A 'profile' share has been created in my smb.conf file for enabling roaming profile functions. In the WINNT directory, the profile settings of a user are stored into several sub-directories, e.g. wilson.001, wilson.002 and so on, whereas in Samba only one directory per each user. I don't think it will work by simply copying everything from the user profile directories in NT to the corresponding Samba user profile directory. I tried to log-in as administrator in the local domain and did some work on profile with User Manager -> User Properties -> User Environmental Profile, but it didn't work (maybe the information I supplied was not correct, e.g. path). So, could anyone please let me know the proper way of transferring the local user profiles to their PDC's roaming profiles? From Ben_Meyer at pfm.org Wed Jul 12 14:50:12 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:33 2003 Subject: NT Authentication Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE262F@NT_4> Is there a way to authenticate to an NT PDC/BDC for a user that does not have an account on the local linux/samba system? The user does not need to have any access rights to anything on the system, and the authentication is being used only to make sure they are a valid user on the network. Thanks, Ben Meyer From simo.sorce at polimi.it Wed Jul 12 17:11:15 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:33 2003 Subject: International Roaming References: Message-ID: <396CA6B3.5E94BE75@polimi.it> Richard Jones wrote: > > Apologies, still trying to get to grips with M$ Outlook's 'intelligent' > address book > the best way is del outlook.exe :) -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From kkc at uclink4.berkeley.edu Wed Jul 12 17:13:55 2000 From: kkc at uclink4.berkeley.edu (Kevin Chan) Date: Tue Dec 2 02:30:33 2003 Subject: port for samba? Message-ID: <4.3.1.2.20000712101303.00adb990@uclink4.berkeley.edu> I was wondering if anyone out there knows what port samba uses for talking with NT. Thanks in advance, KevinChan Systems Administrator Administrative Computing From pjdc at eircom.net Wed Jul 12 17:33:27 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:33 2003 Subject: International Roaming In-Reply-To: "Richard Jones"'s message of "Wed, 12 Jul 2000 22:28:33 +1000" References: Message-ID: >>>>> "Richard" == Richard Jones writes: Richard> Matt has authorised my having international roaming. Cool! Now you can go to anywhere in the world and yet remain in contact with your loved ones! Matt, you rule! Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Wed Jul 12 17:40:43 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:33 2003 Subject: NT Authentication In-Reply-To: Ben Meyer's message of "Thu, 13 Jul 2000 00:57:17 +1000" References: <2056AA5B2D1DD311BEA50008C709636C01AE262F@NT_4> Message-ID: >>>>> "Ben" == Ben Meyer writes: Ben> Is there a way to authenticate to an NT PDC/BDC for a user Ben> that does not have an account on the local linux/samba Ben> system? The user does not need to have any access rights to Ben> anything on the system, and the authentication is being used Ben> only to make sure they are a valid user on the network. *ALL* of the Samba infrastructure requires that domain users have a Unix account on the server. You may, however, be able to use rpcclient to connect to the PDC and use ntlogin to see if the user can do so. You could then use expect or similar to drive rpcclient, if you need to encapsulate it in a script or something; you should not pass passwords to programs on the command line as they may be visible in a process listing. Ben> Thanks, Ben> Ben Meyer -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Wed Jul 12 17:41:44 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:33 2003 Subject: port for samba? In-Reply-To: Kevin Chan's message of "Thu, 13 Jul 2000 03:17:10 +1000" References: <4.3.1.2.20000712101303.00adb990@uclink4.berkeley.edu> Message-ID: >>>>> "Kevin" == Kevin Chan writes: Kevin> I was wondering if anyone out there knows what port samba uses for talking Kevin> with NT. 445 mostly; sometimes NT thunks down to SMB calls on port 139 for SMB calls that are not implemented over DCE/RPC. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From gcarter at valinux.com Wed Jul 12 17:51:34 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:33 2003 Subject: port for samba? References: <4.3.1.2.20000712101303.00adb990@uclink4.berkeley.edu> Message-ID: <396CB026.7150F9D9@valinux.com> Kevin Chan wrote: > > I was wondering if anyone out there knows what port samba > uses for talking with NT. NetBIOS over TCP/IP ports 137/udp name server 138/udp datagram 139/tcp session service SMB is implemented on top of the NetBIOS session service (MS's RPC implementation sits on top of SMB named pipes). Windows 2000 allows you to do away with NetBIOS by supported SMB directly over TCP/IP (ala port 445/tcp). However, no release version of Samba supports port 445 yet. ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tarragon at infoxchange.net.au Wed Jul 12 23:22:46 2000 From: tarragon at infoxchange.net.au (Tarragon Allen) Date: Tue Dec 2 02:30:33 2003 Subject: File locking and sharing problems with Access In-Reply-To: <8158CAF171AED311B73F0060085A92C901137B@msdemo.ms.gmsmail.com> Message-ID: <003301bfec58$16a6ca90$f45315cb@infoxchange.net.au> > I had the same problem, but I remember fixing it with a > simple setting. I > think it was share modes = yes, but I cannot recall at this > specific moment. > > I guess I could conceive of it being a problem of the create > mask as well. > Perhaps the .LDB file created to lock the database is being Changing 'share modes' and 'oplocks' didn't help, but setting 'create mask = 774' fixed it. Thanks for all your help. t From sam at topic.com.au Wed Jul 12 23:30:24 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:30:33 2003 Subject: NT Authentication In-Reply-To: ; from pjdc@eircom.net on Thu, Jul 13, 2000 at 03:34:15AM +1000 References: <2056AA5B2D1DD311BEA50008C709636C01AE262F@NT_4> Message-ID: <20000713093024.A28881@topic.com.au> Paul J Collins wrote: > > *ALL* of the Samba infrastructure requires that domain users have a > Unix account on the server. You may, however, be able to use > rpcclient to connect to the PDC and use ntlogin to see if the user can > do so. You could then use expect or similar to drive rpcclient, if > you need to encapsulate it in a script or something; you should not > pass passwords to programs on the command line as they may be visible > in a process listing. There is a thing called winbind in Samba TNG, which is a Name Service module that can use Samba or an NT PDC to provide account information. Just like NIS, only different. Just like nss_ldap, only different. Using winbind means you don't need account entries in the password file, just on the PDC. One catch: I know it exists, it's in CVS, I don't know if it actually *works*. ;) Oh, and it'll only work on systems that have an nsswitch: Linux, Solaris, maybe HP-UX, not sure what else. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | PGP key available on key servers PGP key fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000713/6609a99f/attachment.bin From pjdc at eircom.net Wed Jul 12 23:53:36 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:33 2003 Subject: NT Authentication In-Reply-To: Sam Couter's message of "Thu, 13 Jul 2000 09:32:52 +1000" References: <2056AA5B2D1DD311BEA50008C709636C01AE262F@NT_4> <20000713093024.A28881@topic.com.au> Message-ID: >>>>> "Sam" == Sam Couter writes: Sam> There is a thing called winbind in Samba TNG, which is a Name Sam> Service module that can use Samba or an NT PDC to provide Sam> account information. Just like NIS, only different. Just like Sam> nss_ldap, only different. Kind of an automated, sensible, useful version of my method. ;-) I'd forgotten about the nsswitch/PAM-integrated stuff. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From Bielenberg at t-online.de Wed Jul 12 23:54:05 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:30:34 2003 Subject: drop NT-server References: Message-ID: <396D051D.3CA33018@t-online.de> moin (or hi), Lars Kneschke schrieb: > > > What I did: > > -created Unix-accounts for every workstation, put them into the > > smbpasswd with 'smbpasswd -a -w $' > > -created Unix-accounts for every user, put them into smbpasswd with > > 'smbpasswd -a ' > > -logged out the workstations out of the domain > > -removed the NT-server > > -restarted samba with a new smb.conf to act as PDC > > -logged in the workstations to the domain (same name, but now on samba) > > -got the message: 'successfully joined the domain' > Look's good! > > > Now the only user who can log in is the administrator of the > > workstation, all other users get the message 'wrong password'. What went > > wrong? I fixed it myself: had changed user-groups manually, but not consequently in all files. Now this message no longer occures, but... > i would set the "debug level" to 10 and watch the logfile. log.smb I did the whole procedure again, watching the logfiles and found Linux identifying my users 'win' and 'administrator' correctly. I was not surprised to see that this user don't have their well-known own desktop (I've written about that in another mail some days ago). The problem is, I have no administrator's account to my domain. The workstation's admin is not able to grant the domain user profiles (which are still on my disk) to the new users. They are annouced as 'unknown' and cannot be copied. How I hate this foggy Windows-stuff!! > Maybe you should choose another domain name too. really? Thanks G?nter From sharpe at ns.aus.com Thu Jul 13 09:45:49 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:34 2003 Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) Message-ID: <3.0.6.32.20000713184549.009d16b0@203.16.214.248> Hi, I was doing some checking with what I though was Samba TNG 2.5 good (I blew the sources away, so I can't be sure ... :-), and I noticed that I could join the domain from a Win2K Pro system using root as the account to create the trust account, but could not join using administator. root and administrator are both members of the "Domain Admins" group, while they are also members of the "Domain Users" group, as are a few other accounts. I can also log on to the domain as root, and as win95user and I assume some other accounts, but not with administrator. I have used samedit to set the password for administrator correctly, and I have changed the group owner for private/smbpasswd to domainadmins which is mapped to from "Domain Admins", and have done a chmod 660 on privat/smbpasswd as well. The error message I get in var/log.netlogond is something about _samr_open_user: status c000064 and cache->Policy not found etc. And I get told that no such user exist, even though the user exists and has the correct password (the NT hash is the same as root's NT hash, which means that it has the same password as root, which is what I intended. Has anyone else seen this error? Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) From p.mayers at ic.ac.uk Thu Jul 13 08:31:08 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:34 2003 Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F814D9@icex1.cc.ic.ac.uk> I believe samba will reset the permissions on the smbpasswd file. IIRC, Luke stated you must be root. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Richard Sharpe [mailto:sharpe@ns.aus.com] Sent: 13 July 2000 08:19 To: Multiple recipients of list SAMBA-NTDOM Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) root and administrator are both members of the "Domain Admins" group, while they are also members of the "Domain Users" group, as are a few other accounts. <...> I have used samedit to set the password for administrator correctly, and I have changed the group owner for private/smbpasswd to domainadmins which is mapped to from "Domain Admins", and have done a chmod 660 on privat/smbpasswd as well. From p.mayers at ic.ac.uk Thu Jul 13 08:33:16 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:34 2003 Subject: port for samba? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F814DA@icex1.cc.ic.ac.uk> Win2K = 445 NT4 = 139 445 is SMB without NetBIOS (and without virtual servers thanks to dumbass Microsoft...) and is new in Win2K. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Paul J Collins [mailto:pjdc@eircom.net] Sent: 12 July 2000 18:37 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: port for samba? >>>>> "Kevin" == Kevin Chan writes: Kevin> I was wondering if anyone out there knows what port samba uses for talking Kevin> with NT. 445 mostly; sometimes NT thunks down to SMB calls on port 139 for SMB calls that are not implemented over DCE/RPC. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From sharpe at ns.aus.com Thu Jul 13 11:07:34 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:34 2003 Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F814D9@icex1.cc.ic.ac.uk > Message-ID: <3.0.6.32.20000713200734.009e2100@203.16.214.248> At 06:31 PM 7/13/00 +1000, Mayers, Philip J wrote: >I believe samba will reset the permissions on the smbpasswd file. IIRC, Luke >stated you must be root. You are absolutely correct. It does do that. I wonder how samba handles domain admins then? >Regards, >Phil > >+----------------------------------+ >| Phil Mayers, Network Support | >| Centre for Computing Services | >| Imperial College | >+----------------------------------+ > >-----Original Message----- >From: Richard Sharpe [mailto:sharpe@ns.aus.com] >Sent: 13 July 2000 08:19 >To: Multiple recipients of list SAMBA-NTDOM >Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) > > >root and administrator are both members of the "Domain Admins" group, while >they are also members of the "Domain Users" group, as are a few other >accounts. > ><...> > >I have used samedit to set the password for administrator correctly, and I >have changed the group owner for private/smbpasswd to domainadmins which is >mapped to from "Domain Admins", and have done a chmod 660 on >privat/smbpasswd as well. > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) From mg at plum.de Thu Jul 13 10:58:52 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:34 2003 Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) In-Reply-To: <3.0.6.32.20000713200734.009e2100@203..16.214.248>; from sharpe@ns.aus.com on Don, Jul 13, 2000 at 10:44:36 +0200 References: <3.0.6.32.20000713200734.009e2100@203.16.214.248> Message-ID: <20000713125852.A776@defiant> Am Don, 13 Jul 2000 10:44:36 schrieb Richard Sharpe: > At 06:31 PM 7/13/00 +1000, Mayers, Philip J wrote: > >I believe samba will reset the permissions on the smbpasswd file. IIRC, Luke > >stated you must be root. > > You are absolutely correct. It does do that. I wonder how samba handles > domain admins then? it doesn't, as it is 0600 .. We had quite a discussion about this 1-2 Months ago .. regards, Michael From sharpe at ns.aus.com Thu Jul 13 11:46:43 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:34 2003 Subject: Archive does not work ... Aaaaargh Message-ID: <3.0.6.32.20000713204643.008fc100@203.16.214.248> Hi, The archive does not work. Damn, I can't seach to find out what the discussion was ... Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) From Thierry_DANJEAN at Coface.com Thu Jul 13 12:59:57 2000 From: Thierry_DANJEAN at Coface.com (Thierry_DANJEAN@Coface.com) Date: Tue Dec 2 02:30:34 2003 Subject: SUBSCRIBE Message-ID: SUBSCRIBE -------------------------------------------------------------------------- Pour s?curiser le commerce inter-entreprises, traditionnel ou sur le web, le Groupe Coface propose @rating, premier syst?me mondial de notation d'entreprises accessible sur Internet au http://www.cofacerating.com In order to make e-commerce or traditional business-to-business transactions safe, the Coface Group offers @rating, the first insurable business rating on the web at http://www.cofacerating.com From peter at cadcamlab.org Thu Jul 13 13:55:12 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:34 2003 Subject: Trouble when re-joining a NT Domain References: <00071014550105.00792@snl> Message-ID: <14701.51504.286091.358487@wire.cadcamlab.org> [Pau Garcia i Quiles ] > I was succesfully joining the domain, but I didn't remember I did > already joined, and I relaunched that order: smbpasswd -j > THE_DOMAIN. Now I get this: > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED Joining the domain in Samba 2.0.x involves connecting to the PDC using the "default password" for your machine name (the default password is easily-computed and well-known, ergo not very secure), then changing your machine account password and storing the new (random) one in the local file "{DOMAIN}.{MACHINE}.mac". I don't know whether a failed attempt to join trashes your {DOMAIN}.{MACHINE}.mac file. If so, you will need to re-join the domain. If not, you are still in the domain. > What can I do? (besides removing GREAT_SERVER from THE_DOMAIN and > adding it again) :-? If "THE_DOMAIN.GREAT_SERVER.mac" was trashed by smbpasswd the second time, this is your only option. Peter From peter at cadcamlab.org Thu Jul 13 14:05:45 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:34 2003 Subject: samba and multiple servers References: Message-ID: <14701.52245.977276.907718@wire.cadcamlab.org> [Seth Vidal ] > I've got many servers that act as project spaces for the > experimentalist and theorist groups in physics. For the unix side > accessing the data is over automounted nfs partitions. This works > fine - however when accessing them from samba its VERY slow - mostly > b/c its making 2 different network connections - smb to the win > machine and then an additional connection over nfs to the automounted > file server. So I've been setting up smb servers (via samba of > course) on each of the project space machines that need windows > access. This works very well and performance is great. If each user only has need of a single share, treat it as a home dir. You can specify home directories with User Manager for Domains. If any project member could need access to arbitrarily many shares, I guess you're stuck with the pile o' shortcuts as someone else suggested. Peter From wilson at coms.com Thu Jul 13 14:03:55 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:34 2003 Subject: ntdom faq outdate? Message-ID: <396DCC4B.19B74E34@coms.com> I was trying to work out of 'How do I configure an account as a domain administrator?' from the faq http://de.samba.org/samba/docs/ntdom_faq/page4.html#4-3-1 'domain group map' works for me, but not either 'domain user map' or 'local group map'. Have these two parameters gone away, too? ------------------------------------- Let me elaborate a bit more on what I mean above: I presume users in the adm group of the localgroup.map would have the priviledge to perform administrative tasks on a client machine (local domain) when they have valid user accounts on that workstation when I have done the following: Add a line to the [global] section of smb.conf file: local group map = /usr/local/samba/lib/localgroup.map Add a line to the file /usr/local/samba/lib/localgroup: localadm=BUILTIN\Administrators where localadm is a group of users (to-be-local administrators) specified in the /etc/group file --------------------------------------- I presume 'root' will become a domain administrator or I can log into a NT-PDC domain as 'administrator' when I have done the following: Add this line to the [global] section of smb.conf file domain user map = /usr/local/samba/lib/domainuser.map Add this line to the file /usr/local/samba/lib/domainuser.map: root-Administrator administrator admin Add a samba account for root: smbpasswd -a root ------------------------------------------- If my thinkings are totally wrong, sorry to bother you and please correct me. From skvidal at phy.duke.edu Thu Jul 13 14:07:40 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:34 2003 Subject: samba and multiple servers In-Reply-To: <14701.52245.977276.907718@wire.cadcamlab.org> Message-ID: > If each user only has need of a single share, treat it as a home dir. > You can specify home directories with User Manager for Domains. unfortunately no. They are mixed groups. we're trying to centralize on a few big servers in raid configurations - the idea being a few VERY safe baskets with lots of eggs is better than A LOT of very fragile baskets with just a few eggs each. > If any project member could need access to arbitrarily many shares, I > guess you're stuck with the pile o' shortcuts as someone else > suggested. pile o' shortcuts it is. thanks for the help though. -sv From sharpe at ns.aus.com Thu Jul 13 16:34:51 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:34 2003 Subject: Trouble when re-joining a NT Domain In-Reply-To: <14701.51504.286091.358487@wire.cadcamlab.org> References: <00071014550105.00792@snl> Message-ID: <3.0.6.32.20000714013451.009e4ca0@203.16.214.248> At 11:56 PM 7/13/00 +1000, Peter Samuelson wrote: > >[Pau Garcia i Quiles ] >> I was succesfully joining the domain, but I didn't remember I did >> already joined, and I relaunched that order: smbpasswd -j >> THE_DOMAIN. Now I get this: > >> cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > >Joining the domain in Samba 2.0.x involves connecting to the PDC using >the "default password" for your machine name (the default password is >easily-computed and well-known, ergo not very secure), then changing >your machine account password and storing the new (random) one in the >local file "{DOMAIN}.{MACHINE}.mac". Hmmm, I was under the impression that it changed the NT4 hash for the machine trust account in the smbpasswd file ... >I don't know whether a failed attempt to join trashes your >{DOMAIN}.{MACHINE}.mac file. If so, you will need to re-join the >domain. If not, you are still in the domain. > >> What can I do? (besides removing GREAT_SERVER from THE_DOMAIN and >> adding it again) :-? > >If "THE_DOMAIN.GREAT_SERVER.mac" was trashed by smbpasswd the second >time, this is your only option. Ummmm, I have had lots of success simply adding the machine account again: smbpasswd -a -m machine >Peter > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) From kellermg at potsdam.edu Thu Jul 13 14:21:01 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:34 2003 Subject: Printer Pool References: <00071122424200.00995@odin.t-linux.com> Message-ID: <396DD04D.DF77BF05@potsdam.edu> "M. ZEN Muttaqien" wrote: > > Hi all, > I am wondering how is the Printer Pool running in Samba? > Is there anyone successfully do it? > I really want to hear... Samba doesn't need to support this "feature"- You could easily write an IF for lpd, however, that does. I have several different filters for load-balancing, accounting, etc. -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From peter at cadcamlab.org Thu Jul 13 14:21:33 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:34 2003 Subject: Drives & Shares References: <396B50C6.39763389@polimi.it> Message-ID: <14701.52558.720186.846260@wire.cadcamlab.org> [Simo Sorce ] > md devices and lvm are supported in 2.2.x kernel too. (At least by RH > and Suse) There's md and then there's md. Before committing to it, make sure your vendor supports the new-style md (i.e. Ingo's RAID 0.90) which does NOT come by default with Linux 2.2.x. RAID 0.90 is MUCH better. It also pays off if you make sure that your vendor supports LVM version 0.8final as opposed to 0.8i. The transition to 2.4.x will be easier. (The difficulty is that the userspace tools are not compatible between the two versions, so you can't dual-boot if you don't match versions. Believe me, with the many kernel versions I've run, this has bitten me more than once.) Peter From gcarter at valinux.com Thu Jul 13 14:28:38 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:34 2003 Subject: Trouble when re-joining a NT Domain References: <00071014550105.00792@snl> <3.0.6.32.20000714013451.009e4ca0@203.16.214.248> Message-ID: <396DD216.6F1C2029@valinux.com> Richard Sharpe wrote: > > Hmmm, I was under the impression that it changed the > NT4 hash for the machine trust account in the smbpasswd > file ... You're thinking of Samba as a PDC and an NT client. Samba as a client and NT as the PDC in this discussion (if I've read the thread correctly). > Ummmm, I have had lots of success simply adding > the machine account again: > > smbpasswd -a -m machine Again, this is for creating machine trust accounts on the Samba PDC. Not joining a Samba box to an NT domain. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rajeeva at research.bell-labs.com Thu Jul 13 15:53:10 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:30:34 2003 Subject: NT printing Message-ID: <396DE5E6.89815D0D@research.bell-labs.com> Hi, What is the status of NTprinting in samba head/samba-tng branch. I tried compiling samba-tng version from cvs today, but was unable to add the printer from NT machine. Thanks, rajeev From Jean-Francois.Micouleau at dalalu.fr Thu Jul 13 16:11:40 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:30:34 2003 Subject: NT printing In-Reply-To: <396DE5E6.89815D0D@research.bell-labs.com> Message-ID: On Fri, 14 Jul 2000, Rajeev Agrawala wrote: > What is the status of NTprinting in samba head/samba-tng branch. I tried > compiling samba-tng version from cvs today, but was unable to add the > printer from NT machine. the most current code is in the head branch. it has changed a lot and use a tdb file to store the printers and drivers informations instead of the ascii text files. There are still 2 or 3 bugs we are chasing down. J.F. From elrond at samba.org Thu Jul 13 16:48:42 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:34 2003 Subject: configure options In-Reply-To: <39648B70.B675575E@cdt.luth.se>; from James Nord on Thu, Jul 06, 2000 at 11:39:12PM +1000 References: <39648B70.B675575E@cdt.luth.se> Message-ID: <20000713184841.A12062@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Jul 06, 2000 at 11:39:12PM +1000, James Nord wrote: > Hi, > > I got an updated TBNG today and am about to compile but I'm a little > confused on some of the compile options. > (RH Linux 2.2.16 kernel) > Could someone answer the following please? > > What is --with-smbwrapper ? Ignore that. (If you don't know, what it is, you don't need it.) > I want to be able to do DFS alla NT ie access \\mymachine\sharename\dir > but actually get \\someothermachine\sharename\dir but which of the > following options do I use? > > --with-dfs This is fo Unixr DCE/RPC's DFS. It tries to build a samba, that can authenticate against that. You probably don't need that. > --with-msdfs You want this. BUT: This is completely untested and might not even compile in TNG. If you want this, you should run a HEAD samba on another machine, that is going to be your fileserver. TNG is mainly intended for PDC-functionality, not fileserving. We try to keep fileserving running, but not to its full extent. > Whats the difference between them? > > --with-ldap > --with-nt5ldap > --with-sam-pwdb={passdb,tdb,nt5ldap} > Which do I need to be able to store account info in an LDAP server? > Is there someone who has put together a good samba/ldap FAQ? AFAIK nt5ldap isn't yet usable. And I have no idea, wether the others work. --with-sam-pwdb=tdb should work to some degree. It will store the passwords in a tdb-database. But I can't recommend that currently. > --with-ssl > Will this build me a server capable of talking both SSL and non SSL or > will I need to compile one with-ssl and one without ssl? > Will the --with-ssl comunicate directly with the Win2k SSL/TLS SMB > features? No idea at all, not even, wether it works in tng. But I expect, that it is intended to be able to do both: ssl and non-ssl. > Thanks for your help, A little late. I'm checking samba-ntdom only at non-regular times. Elrond From elrond at samba.org Thu Jul 13 16:56:32 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:34 2003 Subject: slow download/upload In-Reply-To: <20000706180607.7525.qmail@hotmail.com>; from Kevin Chan on Fri, Jul 07, 2000 at 04:07:16AM +1000 References: <20000706180607.7525.qmail@hotmail.com> Message-ID: <20000713185632.B12062@baerbel.mug.maschinenbau.tu-darmstadt.de> Assuming, you talk about TNG. I've no good idea, why it got slower. (And I'm not going to profile tng...) My current best recommendation is to use HEAD or 2.0.x for normal fileserving and TNG only for PDC-functionality. Elrond On Fri, Jul 07, 2000 at 04:07:16AM +1000, Kevin Chan wrote: > Ever since we moved our NT server to the Samba platform, I have noticed that > loading the windows profile for each user has been very slow. In addition, > we also frequently download large images of Win98 partitions for our users > from our servers, and this has been noticeably slower as well. This was not > the case before and they are independent events (meaning that it is not > because we are overloading the system by doing downloading and logging on at > the same time). Even when no one is logged on, the downloading is slow and > even when no one is downloading, logging on is slow. > > In addition, we normally make adjustments to our images from time to time, > which we then upload onto the server. For some reason, this process has > become EXTREMELY slow... > > And I cannot figure out why and was hoping someone could give me some > insight to what you have done to troubleshoot this kind of problem. > > If any more info is needed, please let me know. > > Thanks in advance, > KevinChan > > SystemsAdministrator > Administrative Computing > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com From elrond at samba.org Thu Jul 13 17:30:19 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:34 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: ; from Paul J Collins on Tue, Jul 11, 2000 at 04:26:46AM +1000 References: Message-ID: <20000713193019.C12062@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Jul 11, 2000 at 04:26:46AM +1000, Paul J Collins wrote: > >>>>> "Luke" == Luke Kenneth Casson Leighton writes: > > >> I never meant to imply that it was. Let me give a > >> bit of history here. Luke and I (and others) have over > >> the months and years had discussions over issues > >> similar to this. Luke has in the past wanted to make > >> UNIX into NT in every aspect. Not necessarily from a > >> services point of view, but from an architectural > >> point of view. > > Luke> both. the possibility of being able to tell microsoft, > Luke> here, install these services on this version of linux, with > Luke> these libraries, then hit "compile" on your office msdn > Luke> development environment, and you will get a native linux > Luke> office suite. > > First of all, Microsoft Office running on a bunch of Windows-emulating > services (would CSRSS.EXE be one of these?) is not "native". In a > similar fashion, a Unix app running on cygwin and using X for its > display is not really "native" either. I follow the Wine project a > little, and the things they have to do in order to run Windows > binaries lift Wine a large step above being a toolkit. > > Second, I don't understand why this is a useful goal. Programs such > as Emacs have had difficulty mixing well with NT (e.g. NT's primitive > process model; okay "different" process model); why should the > converse not be true? And if you follow that approach to NT/Unix > integration, why not just drop Samba, implement the Win32 API (Wine!) > the NT system traps and suggest that Microsoft recompile SRV.EXE, et > al. on Unix? > > Which brings me to my next point. Office and such rely on a number of > chunks of software, updated versions of which these applications > frequently install themselves. One example that springs to mind is > the COM/OLE libaries. Do you reimplement those, or use Microsoft's > versions? That's, were wine comes in. Wine tries to achieve exactly, what Luke asked about above. They try to provide the complete Win32-API in source-form. You can already drop in win32-programs, compile them and then you get a unix-binary, linked against some libraries. I was even able to compile wine a long time ago on AIX on an RS/6000. And try to start the provided progman. Well, I got an error-msg and the amount of patching, that I have done to get it compiling (well... in those times, I haven't even thought about sending them a patch...) was quite disappointing, so I dropped that. Some weeks ago, I've taken a look at their sources again. There's quite some interesting stuff in there. Even stuff, that resembles utility-functions in samba. And they even have the client-functions, that resemble the functions that are used in rpcclient. But: They haven't got the right implementation Most of these functions are just either fakes or running funny stuff against the registry... samba is doing the right thing in this area... Some cooperation in this area might be of interest... at least to the wine-developers. [...] Elrond From pjdc at eircom.net Thu Jul 13 18:01:39 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:34 2003 Subject: port for samba? In-Reply-To: "Mayers, Philip J"'s message of "Thu, 13 Jul 2000 18:35:56 +1000" References: <0846B011B9A4D111A1EE006097DA4FCE02F814DA@icex1.cc.ic.ac.uk> Message-ID: >>>>> "Mayers" == Mayers, Philip J writes: Mayers> 445 is SMB without NetBIOS (and without virtual servers Mayers> thanks to dumbass Microsoft...) and is new in Win2K. Woops, my mistake. More details are here: http://kt.linuxcare.com/samba/sm20000210_11_print.epl#2 Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From rajeeva at research.bell-labs.com Thu Jul 13 19:12:51 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:30:34 2003 Subject: NT printing References: Message-ID: <396E14B3.57391212@research.bell-labs.com> I compiled latest head branch code and tried adding nt printer. The problems I faced were: 1. In the log files it complains doing parameter nt forms file = /LPRng/samba/lib/nt/ntforms.def [2000/07/13 12:00:32, 0] param/loadparm.c:map_parameter(1816) Unknown parameter encountered: "nt forms file" [2000/07/13 12:00:32, 0] param/loadparm.c:lp_do_parameter(2418) Ignoring unknown parameter "nt forms file" doing parameter nt printer driver = /LPRng/samba/lib/nt [2000/07/13 12:00:32, 0] param/loadparm.c:map_parameter(1816) Unknown parameter encountered: "nt printer driver" [2000/07/13 12:00:32, 0] param/loadparm.c:lp_do_parameter(2418) Ignoring unknown parameter "nt printer driver" 2. When I try to add a printer, I get User name: rajeeva Real name: Rajeev Agrawala Chained message switch message SMBtconX (pid 12094) setting sec ctx (0, 0) Got device type IPC ACCEPTED: validated uid ok as non-guest Initialising default vfs hooks Connect path is /tmp setting sec ctx (20702, 20702) dos_ChDir to /tmp karma (135.104.54.43) connect to service IPC$ as user rajeeva (uid=20702, gid=20 702) (pid 12094) setting sec ctx (0, 0) tconX service=ipc$ user=rajeeva Transaction 3 of length 524 switch message SMBtrans (pid 12094) setting sec ctx (20702, 20702) trans <\PIPE\> data=444 params=0 setup=2 named pipe command on <> name search for pipe pnum=7034 api_fd_reply: INVALID PIPE HANDLE: 7034 Unsupported API fd command Thanks, rajeev Jean Francois Micouleau wrote: > > On Fri, 14 Jul 2000, Rajeev Agrawala wrote: > > > What is the status of NTprinting in samba head/samba-tng branch. I tried > > compiling samba-tng version from cvs today, but was unable to add the > > printer from NT machine. > > the most current code is in the head branch. it has changed a lot and use > a tdb file to store the printers and drivers informations instead of the > ascii text files. > > There are still 2 or 3 bugs we are chasing down. > > J.F. From gcarter at valinux.com Thu Jul 13 19:38:27 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:34 2003 Subject: NT printing References: <396E14B3.57391212@research.bell-labs.com> Message-ID: <396E1AB3.E8C809F0@valinux.com> Rajeev Agrawala wrote: > > I compiled latest head branch code and tried adding nt printer. The > problems I faced were: > > 1. In the log files it complains > > doing parameter nt forms file = /LPRng/samba/lib/nt/ntforms.def > [2000/07/13 12:00:32, 0] param/loadparm.c:map_parameter(1816) > Unknown parameter encountered: "nt forms file" > [2000/07/13 12:00:32, 0] param/loadparm.c:lp_do_parameter(2418) > Ignoring unknown parameter "nt forms file" > doing parameter nt printer driver = /LPRng/samba/lib/nt > [2000/07/13 12:00:32, 0] param/loadparm.c:map_parameter(1816) > Unknown parameter encountered: "nt printer driver" > [2000/07/13 12:00:32, 0] param/loadparm.c:lp_do_parameter(2418) > Ignoring unknown parameter "nt printer driver" Ummm...these parameters were never put into HEAD I don't think. And they are unnecessary now as the information is stored in a TDB file (hard coded path at the moment). > > 2. When I try to add a printer, I get > > User name: rajeeva Real name: Rajeev Agrawala > Chained message > switch message SMBtconX (pid 12094) > setting sec ctx (0, 0) > Got device type IPC > ACCEPTED: validated uid ok as non-guest > Initialising default vfs hooks > Connect path is /tmp > setting sec ctx (20702, 20702) > dos_ChDir to /tmp > karma (135.104.54.43) connect to service IPC$ as user rajeeva > (uid=20702, gid=20 > 702) (pid 12094) > setting sec ctx (0, 0) > tconX service=ipc$ user=rajeeva > Transaction 3 of length 524 > switch message SMBtrans (pid 12094) > setting sec ctx (20702, 20702) > trans <\PIPE\> data=444 params=0 setup=2 > named pipe command on <> name > search for pipe pnum=7034 > api_fd_reply: INVALID PIPE HANDLE: 7034 > Unsupported API fd command Yup. I think it works ok if you disable the security descriptor stuff in the code. Like JF mentioned, it's now quite there yet. Still working on it. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Jean-Francois.Micouleau at dalalu.fr Thu Jul 13 21:07:50 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:30:34 2003 Subject: NT printing In-Reply-To: <396E1AB3.E8C809F0@valinux.com> Message-ID: On Fri, 14 Jul 2000, Gerald Carter wrote: > Ummm...these parameters were never put into HEAD I > don't think. And they are unnecessary now as the > information is stored in a TDB file (hard coded path at > the moment). nope, these parameters were in HEAD before we had the TDB. > > Transaction 3 of length 524 > > switch message SMBtrans (pid 12094) > > setting sec ctx (20702, 20702) > > trans <\PIPE\> data=444 params=0 setup=2 > > named pipe command on <> name > > search for pipe pnum=7034 > > api_fd_reply: INVALID PIPE HANDLE: 7034 > > Unsupported API fd command not really usefull log file :-) > Yup. I think it works ok if you disable > the security descriptor stuff in the code. > Like JF mentioned, it's now quite there yet. > Still working on it. yep, it looks like the only real bug we still have is the secdesc. Outside of that bug, NT is still behaving strange but that's due to a design change in samba, that I'm reverting. J.F. From rajeeva at research.bell-labs.com Thu Jul 13 21:09:25 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:30:34 2003 Subject: NT printing References: <396E14B3.57391212@research.bell-labs.com> <396E1AB3.E8C809F0@valinux.com> Message-ID: <396E3005.E8261B8A@research.bell-labs.com> Gerald Carter wrote: > > Yup. I think it works ok if you disable > the security descriptor stuff in the code. > Like JF mentioned, it's now quite there yet. > Still working on it. > Is there a way, I can test that. Like what part of code I need to disable etc. Thanks, rajeev From mgeddes at xavier.sa.edu.au Thu Jul 13 23:01:40 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:34 2003 Subject: Problems with Win2K and Samba-TNG_2_5_good (I think) References: <3.0.6.32.20000713184549.009d16b0@203.16.214.248> Message-ID: <396E4A54.4FCA75A4@xavier.sa.edu.au> Richard Sharpe wrote: > > Hi, > > I was doing some checking with what I though was Samba TNG 2.5 good (I blew > the sources away, so I can't be sure ... :-), and I noticed that I could > join the domain from a Win2K Pro system using root as the account to create > the trust account, but could not join using administator. I had problems with using root as the administrator. I now use a different account (domadmin). Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Thu Jul 13 23:20:38 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:34 2003 Subject: ntdom faq outdate? References: <396DCC4B.19B74E34@coms.com> Message-ID: <396E4EC6.66399514@xavier.sa.edu.au> Wilson Yau wrote: > > I was trying to work out of 'How do I configure an account as a domain > administrator?' from the faq > > http://de.samba.org/samba/docs/ntdom_faq/page4.html#4-3-1 > > 'domain group map' works for me, but not either 'domain user map' or > 'local group map'. Have these two parameters gone away, too? I believe you're looking at the FAQ for Samba 2.0 NTDOM. Try http://www.kneschke.de/projekte/samba_tng/ Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From zen at t-linux.com Fri Jul 14 14:22:36 2000 From: zen at t-linux.com (M. ZEN Muttaqien) Date: Tue Dec 2 02:30:34 2003 Subject: Printer Pool In-Reply-To: <396DD04D.DF77BF05@potsdam.edu> References: <00071122424200.00995@odin.t-linux.com> <396DD04D.DF77BF05@potsdam.edu> Message-ID: <00071410225807.00473@odin.t-linux.com> > Samba doesn't need to support this "feature"- You could easily write an > IF for lpd, however, that does. I have several different filters for > load-balancing, accounting, etc. > -- > Well, thank you Matthew... I'll try this.. I just need it for a clients who has the same printers in their network, all of 'em... ZEN O->^ (el GUAY) ======================== From samba-ntdom-interest at enstor.com.au Fri Jul 14 07:24:18 2000 From: samba-ntdom-interest at enstor.com.au (Matthew Flanagan) Date: Tue Dec 2 02:30:34 2003 Subject: TNG: local/domain membership problem Message-ID: <396EC038.E64740F7@enstor.com.au> Hi, I'm am running Samba TNG 2.5 GOOD on Linux 2.2.14 and I'm having a problem with verifying that a domain user is a member of a local group. Here is how it is set up: PDC - PC running Linux 2.2.14 + Samba TNG 2.5 GOOD, PDC for domain 'DOMAIN'. NT1 - PC running NT4 SP5, member of DOMAIN. NT1\LOCALUSERS - A group local to host NT1 with only member 'DOMAIN\Domain Users'. DOMAIN\USER1 is a member of 'DOMAIN\Domain Users'. USER1 can login to NT1 with out any obvious problems, the user profile is fetched and home dir is mounted. Now when an application running on NT1 attempts to verify if USER1 is a member of LOCALUSERS it fails. If I then make USER1 and direct member of LOCALUSERS and rerun the application it succeeds. Has anyone come across this problem before in Samba or can anyone verify it? Which logs should I be perusing to determine where the problem is occurring? regards matthew -- Matthew Flanagan Phone: 02 9900 2104 matthew.flanagan@enstor.com.au Mobile: 0414 642 557 EnStor Pty Ltd Fax: 02 9900 2199 From k.v.veen at orades.nl Fri Jul 14 08:41:52 2000 From: k.v.veen at orades.nl (Kees van Veen) Date: Tue Dec 2 02:30:34 2003 Subject: Password server * Message-ID: <396ED250.F6EA3DA8@orades.nl> Hello everybody, Does anybody has experience with the option "PASSWORD SERVER = *" I am running samba 2.0.7 and have a normal PDC and BDC setup. Everything goes fine no lockouts, no trouble no nothing, the only tiny problem I have experienced is when a failure of my PDC occurs. When my PDC has a Blue screen of death, the complete authentication for logging in on my samba server goes wrong. I used the setting pwd server =* because I see this in the help, but the election from PDC & BDC doesn't seem to work because the BDC was still there.. Can anyone help me out ..??? Greetz KC -- ------------------------------------------------------------------- 12:03am up 356 days, 6 users, load average: 0.68, 0.43, 0.30 89 processes: 88 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 1.2% user, 1.2% system, 0.0% nice, 97.4% idle Mem: 257620K av, 130248K used, 127372K free, 56024K shrd, 35632K buff Swap: 401584K av, 280K used, 401304K free 52548K cached -------------- next part -------------- HTML attachment scrubbed and removed From andre at amsoft.de Fri Jul 14 08:36:54 2000 From: andre at amsoft.de (=?iso-8859-1?Q?Andr=E9_Stollenwerk?=) Date: Tue Dec 2 02:30:35 2003 Subject: subscribe Message-ID: <002401bfed6e$aa77b2e0$a288a8c0@local> -------------- next part -------------- HTML attachment scrubbed and removed From wilson at coms.com Fri Jul 14 09:06:16 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:35 2003 Subject: ntdom faq outdate? References: <396DCC4B.19B74E34@coms.com> <396E4EC6.66399514@xavier.sa.edu.au> Message-ID: <396ED808.A0E4A91C@coms.com> Dear Matthew, > I believe you're looking at the FAQ for Samba 2.0 NTDOM. Try > http://www.kneschke.de/projekte/samba_tng/ > It look like a different angle of presenting a similar topic. What more might be: -------------------- Tell samba where to look for the configfile. The configfile must be worldreadable. chmod ugo+r /opt/samba-tng/private/domaingroup.map ------------------------ but the files I created were already world readable and the material concerning 'configuring domain administrators' covered in both faqs are more or less the same and seemms to be applicable to both 2.x and TNG version. Referring to my first post, after doing what the faq suggests, root is just like an ordinary user (no priviledge to do admin tasks) and I couldn't logon to the NT domain as administrator, even I've put root=administrator in the domainuser.map file. Do I have to put root in the domain adm group? But what's the point of doing root=administrator then? Confusing & Frustrating..... But thank you for your responding to my post. Wish to receive more feedback & help.... Hope someone could resolve for me these Samba-NTDOM mysteries. Best regards, Wilson Yau From jens.skripczynski at igd.fhg.de Fri Jul 14 11:04:16 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:30:35 2003 Subject: subscribe In-Reply-To: <002401bfed6e$aa77b2e0$a288a8c0@local>; from andre@amsoft.de on Fri, Jul 14, 2000 at 06:44:19PM +1000 References: <002401bfed6e$aa77b2e0$a288a8c0@local> Message-ID: <20000714130416.A11713@igd.fhg.de> See: Ciao SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Mailinglist subscribtion Web Interface: http://lists.samba.org/cgi-bin/weblist Old Mailinglist digest http://us1.samba.org/listproc/samba-ntdom/ Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From jens.skripczynski at igd.fhg.de Fri Jul 14 11:04:49 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:30:35 2003 Subject: SUBSCRIBE In-Reply-To: ; from Thierry_DANJEAN@Coface.com on Thu, Jul 13, 2000 at 11:08:23PM +1000 References: Message-ID: <20000714130449.B11713@igd.fhg.de> Thierry_DANJEAN@Coface.com: > SUBSCRIBE see: SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Mailinglist subscribtion Web Interface: http://lists.samba.org/cgi-bin/weblist Old Mailinglist digest http://us1.samba.org/listproc/samba-ntdom/ Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From kellermg at potsdam.edu Fri Jul 14 16:34:16 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:35 2003 Subject: Printer Pool References: <00071122424200.00995@odin.t-linux.com> <396DD04D.DF77BF05@potsdam.edu> <00071410225807.00473@odin.t-linux.com> Message-ID: <396F4108.5AB73138@potsdam.edu> "M. ZEN Muttaqien" wrote: > > > Samba doesn't need to support this "feature"- You could easily write an > > IF for lpd, however, that does. I have several different filters for > > load-balancing, accounting, etc. > > -- > > > Well, thank you Matthew... I'll try this.. > I just need it for a clients who has the same printers in their network, all of > 'em... No problem- Conceptually, you'll have one queue for the "balancer", that everyone prints to, and then an extra queue for every individual printer. Your IF will process the drop, and pick whichever printer (however you want to determine it), and then requeue the job onto the selected printer using the lpr command with the -r and -h flags. -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From elrond at samba.org Fri Jul 14 16:49:14 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:35 2003 Subject: NT Authentication In-Reply-To: ; from Paul J Collins on Thu, Jul 13, 2000 at 03:33:10AM +1000 References: <2056AA5B2D1DD311BEA50008C709636C01AE262F@NT_4> Message-ID: <20000714184914.A15336@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Jul 13, 2000 at 03:33:10AM +1000, Paul J Collins wrote: > >>>>> "Ben" == Ben Meyer writes: > > Ben> Is there a way to authenticate to an NT PDC/BDC for a user > Ben> that does not have an account on the local linux/samba > Ben> system? The user does not need to have any access rights to > Ben> anything on the system, and the authentication is being used > Ben> only to make sure they are a valid user on the network. Could you explain a little, for what you need that? > *ALL* of the Samba infrastructure requires that domain users have a > Unix account on the server. [...] There's one function currently, that doesn't need that, at least, as far, as I've looked at it: _net_sam_logon This might mean, that samba can forward a logon-request to a trusted domain, maybe meaning, you could even login at an ntwks, that is a member of the samba-domain with a user from the trusted domain without a unix-user for that... of course, you will get a bunch of errors, becuse the nt machine wants to read ntconfig.pol and the like. ;) This might even help Ben. Elrond From elrond at samba.org Fri Jul 14 17:03:21 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:35 2003 Subject: TNG: local/domain membership problem In-Reply-To: <396EC038.E64740F7@enstor.com.au>; from Matthew Flanagan on Fri, Jul 14, 2000 at 05:25:15PM +1000 References: <396EC038.E64740F7@enstor.com.au> Message-ID: <20000714190321.B15336@baerbel.mug.maschinenbau.tu-darmstadt.de> The questionis, how this application checks, wether you're in the group or not. It has two methods for doing so: a) Check the group directly, wether the user is listed or not. b) check the credentials of the currently logged in user, wether it contains the local group. You can test, if your credentials contain the local group with two methods: 1. secedit.exe, comes with ntreskit. It shows you your complete credentailset 2. Create some local directory, and only give the local group permissions in it, then check, wether you realy can use those permissions. I currently would guess, that the application is broken and uses method a) from above. Elrond On Fri, Jul 14, 2000 at 05:25:15PM +1000, Matthew Flanagan wrote: > Hi, > > I'm am running Samba TNG 2.5 GOOD on Linux 2.2.14 and I'm having a > problem with verifying that a domain user is a member of a local group. > Here is how it is set up: > > PDC - PC running Linux 2.2.14 + Samba TNG 2.5 GOOD, PDC for domain > 'DOMAIN'. > NT1 - PC running NT4 SP5, member of DOMAIN. > > NT1\LOCALUSERS - A group local to host NT1 with only member > 'DOMAIN\Domain Users'. > > DOMAIN\USER1 is a member of 'DOMAIN\Domain Users'. > > USER1 can login to NT1 with out any obvious problems, the user profile > is fetched and home dir is mounted. > > Now when an application running on NT1 attempts to verify if USER1 is a > member of LOCALUSERS it fails. > If I then make USER1 and direct member of LOCALUSERS and rerun the > application it succeeds. > > Has anyone come across this problem before in Samba or can anyone verify > it? > > Which logs should I be perusing to determine where the problem is > occurring? > > regards > > matthew > > -- > Matthew Flanagan Phone: 02 9900 2104 > matthew.flanagan@enstor.com.au Mobile: 0414 642 557 > EnStor Pty Ltd Fax: 02 9900 2199 From Ben_Meyer at pfm.org Fri Jul 14 18:42:23 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:35 2003 Subject: NT Authentication Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE2648@NT_4> On Thu, Jul 13, 2000 at 03:33:10AM +1000, Paul J Collins wrote: >> >>>>> "Ben" == Ben Meyer writes: >> >> Ben> Is there a way to authenticate to an NT PDC/BDC for a user >> Ben> that does not have an account on the local linux/samba >> Ben> system? The user does not need to have any access rights to >> Ben> anything on the system, and the authentication is being used >> Ben> only to make sure they are a valid user on the network.>> >Could you explain a little, for what you need that? Basically, I am writing a website people to do certain things. For these things to be done, I need to know who the person is b/c it deals with various information about the person. Everyone who is going to be using the website is already a part of the domain and has a username and password on the NT systems (the PDC & BDC). The system that my website resides on is a Linux system running Apache w/Php and has Samba installed so that things can be shared with people working in Windows. Since the people already have an account with NT, I figure why create a second account system and have to deal with passwords which they can forget when I can simply use some of the software provided to access the NT authentication systems and use their current account. The only thing I am using the NT Authentication for is to make sure their username and password are correct. I just need to be able to pass a user and password to NT and see if they are valid. Thus far, I have come across PAM_SMB, PAM_NTLM (Both of which can be combined with PHP_PAM for my use),Authen-Smb, PAM_SMBPASS, MOD_NTLM, and a few others. But have had troubles to some degree with various ones. Obviously I would prefer something that can be accessed from Php run and Run through Samba to authenticate to the PDC. I have also found documentation saying that in order for a user to be authenticated by NT through Samba they must have a Samba Account (smbpasswords or whatever it is called) on the Samba server as well as their NT account. I would like to forgo having to create the accounts on the Linux system and have to manage those accounts and their passwords and just authenticate to the NT system. The users are not using anything but the web interface and therefore do not need home directories, file permissions, or any other kind of access onto the system, just access to the website which will be using the NT PDC for authentication. > >> *ALL* of the Samba infrastructure requires that domain users have a >> Unix account on the server. >There's one function currently, that doesn't need that, at >least, as far, as I've looked at it: >_net_sam_logon >This might mean, that samba can forward a logon-request to >a trusted domain, maybe meaning, you could even login at an >ntwks, that is a member of the samba-domain with a user >from the trusted domain without a unix-user for that... of >course, you will get a bunch of errors, becuse the nt >machine wants to read ntconfig.pol and the like. ;)> The logon-request forwarding is really all I need as long as returned true/false to the calling application. It's not the Linux OS making the call here. Thanks, Ben M. From kevinc at grainsystems.com Fri Jul 14 19:05:57 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:35 2003 Subject: NT Authentication References: <2056AA5B2D1DD311BEA50008C709636C01AE2648@NT_4> Message-ID: <396F6495.DD3A4175@grainsystems.com> I cannot recall the specifics, but I thought that a simple auth check could be done via rpcclient. If so, it would be a simple matter to have the CGI or ASP or whatever call that. I think this was even mentioned here before. Does anyone recall the details of that? - Kevin Colby kevinc@grainsystems.com Ben Meyer wrote: > > On Thu, Jul 13, 2000 at 03:33:10AM +1000, Paul J Collins wrote: > >> >>>>> "Ben" == Ben Meyer writes: > >> > >> Ben> Is there a way to authenticate to an NT PDC/BDC for a user > >> Ben> that does not have an account on the local linux/samba > >> Ben> system? The user does not need to have any access rights to > >> Ben> anything on the system, and the authentication is being used > >> Ben> only to make sure they are a valid user on the network.>> > >Could you explain a little, for what you need that? > > Basically, I am writing a website people to do certain things. For these > things to be done, I need to know who the person is b/c it deals with > various information about the person. Everyone who is going to be using the > website is already a part of the domain and has a username and password on > the NT systems (the PDC & BDC). The system that my website resides on is a > Linux system running Apache w/Php and has Samba installed so that things can > be shared with people working in Windows. Since the people already have an > account with NT, I figure why create a second account system and have to > deal with passwords which they can forget when I can simply use some of the > software provided to access the NT authentication systems and use their > current account. The only thing I am using the NT Authentication for is to > make sure their username and password are correct. I just need to be able to > pass a user and password to NT and see if they are valid. > > Thus far, I have come across PAM_SMB, PAM_NTLM (Both of which can be > combined with PHP_PAM for my use),Authen-Smb, PAM_SMBPASS, MOD_NTLM, and a > few others. But have had troubles to some degree with various ones. > Obviously I would prefer something that can be accessed from Php run and Run > through Samba to authenticate to the PDC. I have also found documentation > saying that in order for a user to be authenticated by NT through Samba they > must have a Samba Account (smbpasswords or whatever it is called) on the > Samba server as well as their NT account. I would like to forgo having to > create the accounts on the Linux system and have to manage those accounts > and their passwords and just authenticate to the NT system. The users are > not using anything but the web interface and therefore do not need home > directories, file permissions, or any other kind of access onto the system, > just access to the website which will be using the NT PDC for > authentication. > > > > >> *ALL* of the Samba infrastructure requires that domain users have a > >> Unix account on the server. > >There's one function currently, that doesn't need that, at > >least, as far, as I've looked at it: > >_net_sam_logon > >This might mean, that samba can forward a logon-request to > >a trusted domain, maybe meaning, you could even login at an > >ntwks, that is a member of the samba-domain with a user > >from the trusted domain without a unix-user for that... of > >course, you will get a bunch of errors, becuse the nt > >machine wants to read ntconfig.pol and the like. ;)> > > The logon-request forwarding is really all I need as long as returned > true/false to the calling application. It's not the Linux OS making the call > here. > > Thanks, > Ben M. From lkneschke at vater-gmbh.de Fri Jul 14 20:07:40 2000 From: lkneschke at vater-gmbh.de (Lars Kneschke) Date: Tue Dec 2 02:30:35 2003 Subject: ntdom faq outdate? In-Reply-To: <396ED808.A0E4A91C@coms.com> Message-ID: > but the files I created were already world readable and the material > concerning 'configuring domain administrators' covered in both faqs are > more or less the same and seemms to be applicable to both 2.x and TNG > version. > > Referring to my first post, after doing what the faq suggests, root is > just like an ordinary user (no priviledge to do admin tasks) and I > couldn't logon to the NT domain as administrator, even I've put > root=administrator in the domainuser.map file. This maps the name "administrator" to the name "root". > Do I have to put root in the domain adm group? > But what's the point of doing root=administrator then? > Confusing & Frustrating..... Why? ;-) > But thank you for your responding to my post. > Wish to receive more feedback & help.... > Hope someone could resolve for me these Samba-NTDOM mysteries. Which Samba version do you use? Samba 2.0.X: domain admin group = @admingroup <== this is a unix group, any user in this group is a administrator Samba TNG: have a look at the FAQ at www.kneschke.de/ ..... This should work. With Samba TNG you should be able to administrat your windows nt box, if log in as root. Cu -- Lars Kneschke http://www.kneschke.de From lkcl at samba.org Fri Jul 14 23:01:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:35 2003 Subject: PAM-NTDOM: Compile Errors In-Reply-To: <20000713193019.C12062@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > Some cooperation in this area might be of interest... at > least to the wine-developers. ... if they release under a GPL license. From Gree3776 at rowan.edu Sat Jul 15 17:03:45 2000 From: Gree3776 at rowan.edu (Samuel Greenfeld) Date: Tue Dec 2 02:30:35 2003 Subject: Chrooting samba - what is needed? / a way to run win2k with a 2.0.7 PDC (almost) Message-ID: For the fun of it, I tried starting our test samba PDC in a chroot() environment. I have successfully gotten a copy of wu-ftpd running in this environment, and all the (known) dependancies of smbd and nmbd are in there. However, I ran into a slight glitch I am having trouble tracking down. Nmbd seems to have no problems. But smbd (from 2.0.7) has a weird one. It lets users log onto the server just fine. Copying files with known names also works properly. But when you try to list a directory, smbd will send the list, panic, and terminate the connection. At the moment, no socket options are set, so the defaults are in use. Only the copy of smbd and nmbd in the chroot'd area were running. The same smbd and nmbd binaries have no problems when running in a non-chroot setup. smbclient's response: ------------------ smb: \> ls (directory listing goes here - *no* directory size total given) Error in dskattr: code 0 smb: \> read_socket_with_timeout: timeout read. read error = Broken pipe. Broken pipe [command prompt outside of smbd]> smb.machinename log (default debug level - I did some at level 9 if you really want to see those): -------------------- [2000/07/15 11:49:55, 1] smbd/service.c:make_connection(550) testsys (127.0.0.1) connect to service public1 as user testuser (uid=10000, gid=1 000) (pid 24836) [2000/07/15 11:49:55, 0] lib/fault.c:fault_report(40) =============================================================== [2000/07/15 11:49:55, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 24836 (2.0.7) Please read the file BUGS.txt in the distribution [2000/07/15 11:49:55, 0] lib/fault.c:fault_report(43) =============================================================== [2000/07/15 11:49:55, 0] lib/util.c:smb_panic(2381) PANIC: internal error log.smb (tells nothing at the default setting): [2000/07/15 12:28:39, 1] smbd/server.c:main(641) smbd version 2.0.7 started. Copyright Andrew Tridgell 1992-1998 [2000/07/15 12:28:39, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. General layout: /jail1 /jail1/var /jail1/var/tmp /jail1/var/run /jail1/var/lock /jail1/var/lock/samba /jail1/var/spool /jail1/var/spool/samba /jail1/var/spool/samba/ece201 /jail1/var/spool/samba/ece238 /jail1/var/spool/samba/ecenull /jail1/var/spool/lpd /jail1/var/spool/lpd/ece201 /jail1/var/spool/lpd/ece238 /jail1/var/spool/lpd/ecenull /jail1/var/log /jail1/var/log/samba /jail1/bin /jail1/etc /jail1/etc/pam.d /jail1/etc/codepages /jail1/lib /jail1/lib/security /jail1/dev (log, null, zero) /jail1/usr /jail1/usr/local /jail1/usr/lib /jail1/usr/bin /jail1/usr/sbin /jail1/usr/share /jail1/usr/share/locale /jail1/usr/share/locale/en_US /jail1/usr/share/locale/en_US/LC_MESSAGES /jail1/sbin /jail1/tmp Is there some temporary file or area that I am not providing used when a directory is accessed? This system also runs quotas - could there be a problem with that? In other news, while I have not gotten my work with the CVS HEAD and TNG combination together working correctly, one thing I have discovered is that one can temporarily rename a samba MACHINE.SID file YOURDOM.SID, start up TNG instead of 2.0.7, and add any Windows 2000 boxes you have onto your network. You can then rename YOURDOM.SID back to MACHINE.SID, startup 2.0.7, and the windows 2k machines will continue to respect samba as their domain controller (including profile support, although note it will merrily pull up NT4 profiles and their different start menus as well). So if you only have to add win2k boxes to your system on rare occasion, this might be an alternative for you. Do this at your own risk, however: I have not fully tested this yet. I'm probably also oversimplifying the process a bit. Pardon me if this has been mentioned before. Sincerely, Samuel Greenfeld Electrical/Computer Engineering, Rowan University From D.Bannon at latrobe.edu.au Sun Jul 16 23:13:10 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:35 2003 Subject: NT Authentication In-Reply-To: <2056AA5B2D1DD311BEA50008C709636C01AE2648@NT_4> Message-ID: <3.0.6.32.20000717091310.0087e260@bioserve.latrobe.edu.au> At 04:49 AM 15/07/2000 +1000, Ben Meyer wrote: >.... >Basically, I am writing a website ... Since the people already have an >account with NT, ....access the NT authentication systems and use their >current account. The only thing I am using the NT Authentication for is to >make sure their username and password are correct. I just need to be able to >pass a user and password to NT and see if they are valid. > >Thus far, I have come across PAM_SMB, Then why not point the PAM_SMB stack straight at the NT PDC and BDC and not use samba at all ? (Gee fancy me saying that !). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Mon Jul 17 00:04:20 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:35 2003 Subject: NT Authentication In-Reply-To: David Bannon's message of "Mon, 17 Jul 2000 09:14:57 +1000" References: <3.0.6.32.20000717091310.0087e260@bioserve.latrobe.edu.au> Message-ID: >>>>> "David" == David Bannon writes: David> Then why not point the PAM_SMB stack straight at the NT PDC David> and BDC and not use samba at all ? (Gee fancy me saying David> that !). Am I seeing things? "Not use samba" ? Unsubscribe this man *immediately*! ;-) Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From sneakums at eircom.net Mon Jul 17 00:13:28 2000 From: sneakums at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:35 2003 Subject: lame address in the list In-Reply-To: Mail Delivery Subsystem's message of "Mon, 17 Jul 2000 02:00:00 +0200" References: <200007170000.BAA30550@ns.fsik.cvut.cz> Message-ID: >>>>> "Mail" == Mail Delivery Subsystem writes: Mail> The original message was received at Mon, 17 Jul 2000 01:59:50 +0200 Mail> from fsiknet.fsik.cvut.cz [147.32.48.2] Mail> ----- The following addresses had permanent fatal errors ----- Mail> Mail> ----- Transcript of session follows ----- Mail> ... while talking to lagrange.fsik.cvut.cz.: >>>> RCPT To: Mail> <<< 550 ... User unknown Mail> 550 ... User unknown Can we please remove this person from the list? I've got about 50 of these damn things already. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From petry at rbg.informatik.tu-darmstadt.de Mon Jul 17 11:13:54 2000 From: petry at rbg.informatik.tu-darmstadt.de (Urban Petry) Date: Tue Dec 2 02:30:36 2003 Subject: various probs with TNG 2.5 configuration Message-ID: <200007171109.NAA30915@dagobert.sd-w.de> Hi there, first of all: Is there any *searchable* and *working* mailing list archive of samba-ntdom out there right now ? The one on samba.org is offline for a couple of days now and the one at http://samba.cadcamlab.org/lists/ offers no search functionality. I just recently rejoined the list so I bet my questions were asked before ... any hints very welcome. Now to my problems: I'm running samba tng 2.5 as a PDC on linux (2.2.16, SuSE 6.4) with the installation and configuration tips from Lars' excellent web site. NT and W2K workstations could instantly join the domain. My smb.conf is attached at the end of this mail. 1. problem: whenever I try to connect to the samba server from a client which is not in the samba controlled domain, I can only log in if I fully qualify the username (e.g. "TESTDOMAIN\user" instead of just "user"). Is this the expected behaviour or can it be changed that only the username is sufficient ? 2. problem: when using variable substitutions (e.g. %S, %u, %L) in my share definitions it doesn't work on the homes share. There I use /home/samabsrv/pchomes/%S as the path argument, but when I connect to that share (either from joined or stand-alone client), I get to see all the client directories (in /home/sambasrv/pchomes) which gives me the impression that the substitution doesn't work at all and returns an empty string. The same happens with %u and %U. Needless to say that "logon home" doesn't work, too. On the other hand when looking at the profiles share, everything works fine and the clients get/store their profiles correctly ??? BTW, when leaving out the path statement in the homes section, samba successfully uses the right unix homedirs ... I have checked the log files at different debugging levels but couldn't find anything strange. If you need more information just let me know what. Has someone experienced such a behaviour before ? Desperately waiting for your tips ... ;-) Cheers Urban == smb.conf =========================================================== # Global parameters [global] workgroup = TESTDOMAIN netbios name = TESTPDC encrypt passwords = Yes update encrypted = Yes unix password sync = Yes log file = /opt/samba-tng/var/smb.log.%m max log size = 0 time server = Yes domain group map = /opt/samba-tng/private/domaingroup.map logon script = LOGIN.BAT logon path = \\%L\profiles\%U logon drive = U: logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = True domain master = True [homes] comment = home directory path = /home/sambasrv/pchomes/%S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/sambasrv/netlogon guest ok = Yes [profiles] comment = Network Profile Storage path = /home/sambasrv/profiles read only = No From wilson at coms.com Mon Jul 17 11:08:36 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:36 2003 Subject: ntdom faq outdate? References: Message-ID: <3972E934.62358A35@coms.com> Lars Kneschke wrote: > > > but the files I created were already world readable and the material > > concerning 'configuring domain administrators' covered in both faqs are > > more or less the same and seemms to be applicable to both 2.x and TNG > > version. > > > > Referring to my first post, after doing what the faq suggests, root is > > just like an ordinary user (no priviledge to do admin tasks) and I > > couldn't logon to the NT domain as administrator, even I've put > > root=administrator in the domainuser.map file. > This maps the name "administrator" to the name "root". > If I don't put 'root' in the domain admin group, 'administratotor' can only logon to the local domain, but not the NT domain. > > Do I have to put root in the domain adm group? > > But what's the point of doing root=administrator then? > > > Confusing & Frustrating..... > Why? ;-) If I don't put 'root' in the domain admin group, 'root' logon to the NT domain as a ordinary user only. > > > But thank you for your responding to my post. > > Wish to receive more feedback & help.... > > Hope someone could resolve for me these Samba-NTDOM mysteries. > Which Samba version do you use? > I'm using samba_TNG_2_5_GOOD > Samba 2.0.X: > > domain admin group = @admingroup <== this is a unix group, any user in this > group is a administrator > > Samba TNG: > > have a look at the FAQ at www.kneschke.de/ ..... This should work. > With Samba TNG you should be able to administrat your windows nt box, if log > in as root. I tried that already. What frustrating me is that: If 'root' has to be added in the domain admin group, why the FAQ doesn't mention this crucial step? What the FAQs (both 2.x & TNG) cover is only how to make an ordinary user become a domain admin in general. Maybe it's commom sense, but I think it does no harm to add a line for the explicity of how to logon the the NT domain as 'administrator' which, actually maps to the home directory of 'root', the superuser in Linux and most importantly this 'administrator' or 'root' is a domain admin who can perform all the administrative tasks. From Christian.Duclou at eeigm.inpl-nancy.fr Mon Jul 17 12:20:46 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:30:36 2003 Subject: Who stole -b option of "smbstatus" ? Message-ID: <3972FA1E.9C320DAC@eeigm.inpl-nancy.fr> Hi, Not realy a bug ... I notice that "-b" option isn't mentionned by 'smbstatus', but it is in man page and it works. C.D. -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: +33 383.3683.27 - Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ From Andrew333s at aol.com Mon Jul 17 19:40:29 2000 From: Andrew333s at aol.com (Andrew333s@aol.com) Date: Tue Dec 2 02:30:36 2003 Subject: password problem Message-ID: <20000717193926Z26433565-25578+16463@samba.org> I just recently set up Samba TNG 2.5.3. I compiled it and installed it to /opt/samba-tng, I created the password file (/opt/samba-tng/private/smbpasswd), got a conf file from http://www.kneschke.de/projekte/samba_tng, and started all the daemons. However, everytime I try to log onto the domain from windows 2000 or windows 98, or access shared folders from windows 2000 or windows 98, the username/password is always incorrect. My logs say that the password was invalid, even though I am sure the password I entered was correct. Any ideas? From rfs at aw.com.pl Mon Jul 17 19:53:25 2000 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:30:36 2003 Subject: password problem References: <20000717193926Z26433565-25578+16463@samba.org> Message-ID: <39736435.13DB7573@aw.com.pl> Andrew333s@aol.com wrote: > > I just recently set up Samba TNG 2.5.3. I compiled it and installed it to /opt/samba-tng, I created the password file (/opt/samba-tng/private/smbpasswd), got a conf file from http://www.kneschke.de/projekte/samba_tng, and started all the daemons. However, everytime I try to log onto the domain from windows 2000 or windows 98, or access shared folders from windows 2000 or windows 98, the username/password is always incorrect. My logs say that the password was invalid, even though I am sure the password I entered was correct. Any ideas? please,please,please wrap text in your email manually or set-up your email client to make "a little narrower" text. thank you very much :-) Rafa? From petry at rbg.informatik.tu-darmstadt.de Mon Jul 17 20:08:51 2000 From: petry at rbg.informatik.tu-darmstadt.de (Urban Petry) Date: Tue Dec 2 02:30:36 2003 Subject: password problem Message-ID: <200007172004.WAA16740@dagobert.sd-w.de> > windows 2000 or windows 98, or access shared folders from windows 2000 or windows 98, the username/password is always incorrect. My logs say that > the password was invalid, even though I am sure the password I entered was correct. Any ideas? Have you tried giving a "fully qualified" username like "DOMAIN\user" ? That's the only thing that works for me (although I have 2.5). Have retyped and checked the name and password many times till I found this out ;-) Cheers Urban From michael at hum.auc.dk Mon Jul 17 21:36:36 2000 From: michael at hum.auc.dk (Michael Collin Nielsen) Date: Tue Dec 2 02:30:36 2003 Subject: development of TNGs samedit/rpcclient In-Reply-To: <200007172004.WAA16740@dagobert.sd-w.de> Message-ID: Hi We have a network with about 3000 users with unix accounts on our Solaris servers and NT accounts in our NT Domain controlled by a NT3.51 PDC. Currently when we create new users we have a perl-script, that creates a unix account for the user and at the same time creates a bat file with net user, net group and wfprof commands that will create the user in the NT domain. The script is quite easily executed by logging in using a unix winframe client, but... while looking through the tools in TNG I noticed that somebody had added some code to rpcclient that looks as if it was put there in order make it possible to change all the entries in the SAM database. Is someone currently implementing a facility that would make it possible to change things like loginscript, profilepath and username in the SAM database ? Is there a tool/command like samedit that edits winframe information (like wfprofilepath) ? -Michael -- Michael Collin Nielsen mailto:michael@hum.auc.dk M.Sc.E.E. http://www.hum.auc.dk/~michael Sysadm in Faculty of Humanities, Aalborg University From mgeddes at xavier.sa.edu.au Mon Jul 17 23:47:19 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:36 2003 Subject: password problem References: <20000717193926Z26433565-25578+16463@samba.org> Message-ID: <39739B07.66A62013@xavier.sa.edu.au> Andrew333s@aol.com wrote: > > I just recently set up Samba TNG 2.5.3. I compiled it and installed it to /opt/samba-tng, I created the password file (/opt/samba-tng/private/smbpasswd), got a conf file from http://www.kneschke.de/projekte/samba_tng, and started all the daemons. However, everytime I try to log onto the domain from windows 2000 or windows 98, or access shared folders from windows 2000 or windows 98, the username/password is always incorrect. My logs say that the password was invalid, even though I am sure the password I entered was correct. Any ideas? Yeah. There's a few of us having the same problem. I plan to get past this today ;-). Maybe Richard Sharpe or Lars Kneschke have had more success this week? Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From Bielenberg at t-online.de Tue Jul 18 00:50:25 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:30:36 2003 Subject: moving from NT-Server to Samba References: Message-ID: <3973A9D1.E08F853E@t-online.de> Hi, this problem still drives me to despair: I am running a net of about 10 NT4-workstations and a NT4-server as PDC. Another Linux-2.2-Server routes into the internet. Now I have installed Samba 2.0.7 to use this server as a PDC. It already stores the profiles of the users and I think, it also could do this little authentification job too, so I can remove one of them. But if I try to take the NT-Server out of the net I am not able to get my users into the new _old_ net. What I did: -created Unix-accounts for every workstation, put them into the smbpasswd with 'smbpasswd -a -w $' -created Unix-accounts for every user, put them into smbpasswd with 'smbpasswd -a ' -logged out the workstations out of the domain -removed the NT-server -restarted samba with a new smb.conf to act as PDC -logged in the workstations to the domain (same name, but now on samba) -got the message: 'successfully joined the domain' But now the only user who can find his environment is the administrator of the workstation, all other users get a new desktop, and I cannot log in as a domain-administrator. So I can't see a way to use my user-proiles again, which are still on the server. I include my smb.conf here: [global] workgroup = PEANUTS netbios name = LUCY server string = Samba %v interfaces = 192.168.11.101/255.255.255.0 security = user encrypt passwords = Yes smb passwd file = /etc/smbpasswd password server = LUCY username map = /etc/username.map password level = 2 log file = /var/log/samba.log keepalive = 30 socket options = TCP_NODELAY os level = 65 guest ok = Yes logon path = \\lucy\profile\%U logon home = \\Lucy\homes domain logons = yes domain master = yes local master = yes preferred master = yes wins support = yes time server = yes map to guest = Bad User domain admin users = admin admin users = admin domain admin group = ntadmin [homes] comment = Heimatverzeichnis path = /home/%u/Daten create mask = 0700 guest ok = No browseable = No writeable = yes [profile] path = /home/profile writeable = yes browseable = yes public = yes create mode = 0755 [NETLOGON] path = /home/profile/%U/scripts writeable = yes guest ok = yes [Kyocera] path = /tmp print ok = Yes printer name = lp Thanks G?nter From peter at cadcamlab.org Tue Jul 18 02:10:54 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:36 2003 Subject: moving from NT-Server to Samba References: <3973A9D1.E08F853E@t-online.de> Message-ID: <14707.47924.831331.353997@wire.cadcamlab.org> [G?nter Bielenberg ] > But now the only user who can find his environment is the > administrator of the workstation, all other users get a new desktop, > and I cannot log in as a domain-administrator. So I can't see a way > to use my user-proiles again, which are still on the server. I'm betting this is a consequence of profile permissions. You see, user profiles actually store account permissions (of who is allowed to use the profile) *inside* the file, rather than just relying on the file permissions. Not only that, but they store this info using the user SID, not the username, so when you switch to a different domain (the Samba domain), you get different users. I think you may be able to get on the old PDC (the one machine that hasn't joined the new domain yet, right?) and access the profiles. If so, copy the profiles to the local machine, then use My Computer -> right-click -> Properties -> User Profiles and specify that "everyone" can use the profile. Then copy it back to [profile] where it belongs. Do the same in reverse from a computer that *has* joined the Samba domain. With any luck, you can grant permission only to the user who is actually supposed to own the profile. All this is untested, of course. I don't even know if I'm on the right track. I keep my hands off roaming profiles; I make the NT admin here handle that stuff while I mostly play with Unix.... Peter From mgeddes at xavier.sa.edu.au Tue Jul 18 03:52:12 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:36 2003 Subject: Shameless gloating Message-ID: <3973D46C.CD4E7AA4@xavier.sa.edu.au> Hi all, Just got samba TNG working on RedHat 6.2. I can log in (Domain admin or otherwise) use User Damager for Domains when root, change passwords using the NT dialog box as the user and I can join a domain when root. This was done with today's CVS, but I imagine it isn't restricted just to that. The only problem I can find (besides the few RPC calls not finished yet) is that the domain alias map thing doesn't appear to work. Has this changed lately? I am following the instructions on Lars' FAQ. Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From keller at eng.nepean.uws.edu.au Tue Jul 18 04:59:00 2000 From: keller at eng.nepean.uws.edu.au (William Keller) Date: Tue Dec 2 02:30:36 2003 Subject: NSS.H on SOLARIS 7 Message-ID: Hi all, I've been trying to compile winbind for some time on a sparc Solaris 7 box but can't seem to get very far at all. The make procedure always fails as follows: [root@europa source]# gmake nsswitch Compiling nsswitch/wins.c with -fpic nsswitch/wins.c:26: nss.h: No such file or directory make: *** [nsswitch/wins.po] Error 1 >From this, I get the impression it only works under Linux (nss-pam enabled), as RedHat 6.2 seems to include nss.h file - but not Solaris. Solaris does include the followig though: /usr/include/nss_common.h /usr/include/nss_dbdefs.h /usr/include/nss_netdir.h /usr/include/nsswitch.h Coule someone please verify whether winbind does work on Solaris 7 ? I'm probably missing something really trivial right? *insert smart comment here* :) I'd appreciate any pointers! William Keller From eiben at busitec.de Tue Jul 18 08:52:03 2000 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:30:36 2003 Subject: Password sync Message-ID: <005601bff095$71cee100$6800a8c0@busitec.de> Hi, I'm running Samba 2.0.6 (or 2.0.7) with SuSE 6.2 and I want to keep my samba and my Unix passwords in sync. Since SuSE 6.2 uses PAM I supposed I don't have to use the "password chat" from smb.conf ... or am I mistaken? I already tried setting a password chat up but it doesn't seem to work, I always get an error message on my Windows NT prompt after changing my password. This is a copy of my smb.conf: --- cut --- cut --- cut --- unix realname = yes unix password sync = true passwd chat debug = True passwd program = /usr/bin/passwd %u passwd chat = "*New password:*" %n\n "*New password (again):*" %n\n "*Password changed*" . --- cut --- cut --- cut --- -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de From k.v.veen at orades.nl Tue Jul 18 09:51:03 2000 From: k.v.veen at orades.nl (Kees van Veen) Date: Tue Dec 2 02:30:36 2003 Subject: Password server * Message-ID: <39742887.DB4DD122@orades.nl> Hello everybody, Does anybody has experience with the option "PASSWORD SERVER = *" I am running samba 2.0.7 and have a normal PDC and BDC setup. Everything goes fine no lockouts, no trouble no nothing, the only tiny problem I have experienced is when a failure of my PDC occurs. When my PDC has a Blue screen of death, the complete authentication for logging in on my samba server goes wrong. I used the setting pwd server =* because I see this in the help, but the election from PDC & BDC doesn't seem to work because the BDC was still there.. Can anyone help me out ..??? Greetz KC k.v.veen@orades.nl -- ------------------------------------------------------------------- 12:03am up 356 days, 6 users, load average: 0.68, 0.43, 0.30 89 processes: 88 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 1.2% user, 1.2% system, 0.0% nice, 97.4% idle Mem: 257620K av, 130248K used, 127372K free, 56024K shrd, 35632K buff Swap: 401584K av, 280K used, 401304K free 52548K cached From pmal at space.gr Tue Jul 18 10:38:59 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:30:36 2003 Subject: Trust Relationship with TNG as trusted Message-ID: <024701bff0a4$61cd23c0$04aa000a@space.gr> I'm trying to create a trust relationship between my Windows NT 4 PDC and my Samba TNG PDC with the samba machine as trusted and the nt machine as trusting. IS there any documents describing the steps? I was unable to find any kind of documentation so any help would be much appreciated... ================== Panagiotis Malakoudis Systems Administrator Technical Division Space Hellas S.A. ================== From pjdc at eircom.net Tue Jul 18 17:27:33 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:36 2003 Subject: moving from NT-Server to Samba In-Reply-To: Peter Samuelson's message of "Tue, 18 Jul 2000 12:12:27 +1000" References: <3973A9D1.E08F853E@t-online.de> <14707.47924.831331.353997@wire.cadcamlab.org> Message-ID: >>>>> "Peter" == Peter Samuelson writes: Peter> I'm betting this is a consequence of profile permissions. Peter> You see, user profiles actually store account permissions Peter> (of who is allowed to use the profile) *inside* the file, Peter> rather than just relying on the file permissions. Not only Peter> that, but they store this info using the user SID, not the Peter> username, so when you switch to a different domain (the Peter> Samba domain), you get different users. Er, not quite. A profile is a tree of files & directories (whose ownership and permissions are significant); one of these files is NTUSER.DAT. That file is a registry hive, and the ACLs on the keys in it of course refer to the owner's SID. You can work on Registry ACLs using REGEDT32; you have to mount the hives on some existing part of the Registry in order to work on them. However, your suggestion sounds like a lot less hassle. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From Fabricio at tc.df.gov.br Tue Jul 18 17:33:13 2000 From: Fabricio at tc.df.gov.br (Fabricio Bianco Abreu) Date: Tue Dec 2 02:30:36 2003 Subject: Samba 2.0.7 PDC and MS-Exchange/SNA Server Message-ID: <540DA5E188A2D3118996006008A0C27903068B@MARTE> Products belonging to Microsoft BackOffice family (e.g. MS Exchange Server, MS SNA Server and MS SQL Server) may use WinNT domain controllers information about users and domain groups to implement access methods for their own services. Given these cenarios: - MS Exchange may assign mailboxes to a certain domain user; - MS SNA Server may assign rights to a certain domain group access a pool of logical units. I REALLY need to migrate a full MS Network to a linux/unix/samba environment. Six NT machines are providing login, profiles, file, Exchange and SNA services to about 400 Win95 workstations. Questions are: - Are these products able to use Samba 2.0.7 Domain Controller functionalities concerning users and groups?? - Would MS Exchange Server perceive Samba 2.0.7 as a NT DC and perform authentication to its mailboxes users?? As I see it, it resembles the login process. - Would Win95 workstations share files and printers on a user level base (in opposition to share level sharing) having Samba 2.0.7 for domain controller ?? I am not interested on User Manager or Server Manager stuff. It is not an issue if I have to use a Samba box to administer user information on such domain. Sorry for my lame English. Best regards, Fabricio Bianco Abreu Network Manager Tribunal de Contas do Distrito Federal - Brazil. From Andrew333s at aol.com Tue Jul 18 17:40:47 2000 From: Andrew333s at aol.com (Andrew333s@aol.com) Date: Tue Dec 2 02:30:36 2003 Subject: password problem Message-ID: <20000718173939Z26235154-25578+17165@samba.org> I can now use a fully qualified username (domainname\username) to access shares. However, in windows 98, if you try to log on using a fully qualified username, it says invalid username (because there is a backslash in it). How do I fix this? -------------------------------------------------------------------------------- From pjdc at eircom.net Tue Jul 18 18:56:34 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:36 2003 Subject: Shameless gloating In-Reply-To: Matthew Geddes's message of "Tue, 18 Jul 2000 13:36:27 +1000" References: <3973D46C.CD4E7AA4@xavier.sa.edu.au> Message-ID: >>>>> "Matthew" == Matthew Geddes writes: Matthew> Hi all, Matthew> Just got samba TNG working on RedHat 6.2. I can log in Matthew> (Domain admin or otherwise) use User Damager for Domains Matthew> when root, change passwords using the NT dialog box as Matthew> the user and I can join a domain when root. Matthew> This was done with today's CVS, but I imagine it isn't Matthew> restricted just to that. I just updated, built and installed; it works! Haven't tried anything major with it yet. A big thank you to those who fixed it. Matthew> The only problem I can find (besides the few RPC calls Matthew> not finished yet) is that the domain alias map thing Matthew> doesn't appear to work. Has this changed lately? I am Matthew> following the instructions on Lars' FAQ. What are domain aliases? What are they good for? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From kris.ozzy at lineone.net Tue Jul 18 20:35:01 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:30:36 2003 Subject: Samba 2.0.7 Message-ID: <01BFF0F7.B18BA2D0.kris.ozzy@lineone.net> Hi, Question 1 I've got a Samba server (2.0.7) set up as a PDC. I have several NT4.0 Wrk. setup on the network and about 50 users. Each workstation can join the domain and each user can logon. The problem is the roaming profiles. The workstations will get the profiles from the server and store then in c:\winnt\profiles\%U. The only problem now is the workstations will not use the profiles. Each user uses the same profile and they get the annoying "Welcome to Windoz NT" screen each time they login. Question 2 What are the correct paramaters to use in the smb.conf file (2.0.7) for specifing domain administrators, local administrators and setting up domain groups. I have found some paramaters but they dont seem to be working. They can be found near the top of my smb.conf file. Could someone please suggest a solution. I have attached my smb.conf file. -------------------------------- Kristyan Osborne kris.ozzy@lineone.net begin 600 smb.conf M(R!4:&ES(&ES('1H92!M86EN(%-A;6)A(&-O;F9I9W5R871I;VX@9FEL92X@ M66]U('-H;W5L9"!R96%D('1H90HC('-M8BYC;VYF*#4I(&UA;G5A;"!P86=E M(&EN(&]R9&5R('1O('5N9&5R2$I(&UO2!W M:7-H('1O(&5N86)L90HC"B,@3D]413H@5VAE;F5V97(@>6]U(&UO9&EF>2!T M:&ES(&9I;&4@>6]U('-H;W5L9"!R=6X@=&AE(&-O;6UA;F0@(G1E6]U(&AA=F4@;F]T(&UA;GD@86YY(&)A6]U"!S964*(R!T:&4@6]U)VQL(&YE960@=&AI65S"@HC('EO=2!M87D@=VES:"!T;R!O=F5R6]U('1O M(&%U=&]M871I8V%L;'D@;V)T86EN(&$@<')I;G1E7-T96T*.R @('!R:6YT8V%P(&YA;64@/2!L M<'-T870*"B,@270@2!T:&4@<')I;G0@"P@:'!U>"P@<6YX M"CL@("!P5]L979E;"YT>'0@ M9F]R(&1E=&%I;',N"B @('-E8W5R:71Y(#T@=7-E<@H*(R!5'0@:6X@=&AE(%-A M;6)A(&1O8W5M96YT871I;VXN"B,@1&\@;F]T(&5N86)L92!T:&ES(&]P=&EO M;B!U;FQE6]U(&AA=F4@7!T('!A65S"@HC($]3($QE M=F5L(&1E=&5R;6EN97,@=&AE('!R96-E9&5N8V4@;V8@=&AI6]U(&%L2!H:6=H97(@8VAA;F-E(&]F('=I;FYI;F<@ M=&AE(&5L96-T:6]N"B @('!R969E6]U(&AA=F4@86X@3E0@6]U('=A;G0@4V%M8F$@=&\@8F4@82!D;VUA M:6X@;&]G;VX@2!F;W(@5VEN.34@86YD(%=I;DY4*0HC(" @(" @(" E3"!S=6)S=&ET=71E M65S"@HC(%=)3E,@4V5R=F5R("T@5&5L;',@=&AE($Y-0D0@ M8V]M<&]N96YT@H*(R!724Y3(%!R;WAY("T@5&5L;',@4V%M8F$@=&\@86YS=V5R(&YA M;64@65S"@HC M($1.4R!02 M('1E;&QS(%-A;6)A('=H971H97(@;W(@;F]T('1O('1R M>2!T;R!R97-O;'9E($YE=$))3U,@;F%M97,*(R!V:6$@1$Y3(&YS;&]O:W5P M'D@/2!N;R *"B,@3E0@4$1#(&QO9V]N M(&%N9"!P87-S=V0@65S"FYT(&%C M;"!S=7!P;W)T(#T@=')U90IP65S"F-A65S"@HC(&=E;F5R86P*=&EM92!S97)V97(@/2!T2!F;W(@1&]M86EN($QO9V]N65S"B @('=R:71A8FQE M(#T@;F\*(" @<')I;G1A8FQE(#T@;F\*"B-S8W-I8V0R"EMC9')O;3)="B @ M(&-O;6UE;G0@/2!C9')O,FT*(" @<&%T:" ]("]M;G0O8V1R;VTR"B @('9O M;'5M92 ]($5.0T%2.39!5$Q3"B @('!U8FQI8R ]('EE65S"B @('!R:6YT86)L92 ](&YO"@HC4'5B;&EC"EM0=6)L:6-="B @(&-O M;6UE;G0@/2!0=6)L:6,@1&ER96-T;W)Y"B @('!A=&@@/2 O:&]M92]0=6)L M:6,*(" @<'5B;&EC(#T@;F\*(" @=F%L:60@=7-E65S"B @("!G=65S="!O:R ](&YO"B @("!W6]U(&AA=F4@82!"4T0M65S"@HC(%1H:7,@;VYE(&ES('5S969U;"!F;W(@<&5O<&QE('1O('-H87)E M(&9I;&5S"EMT;7!="B @(&-O;6UE;G0@/2!496UP;W)A2!A8V-E2P@8G5T M(')E860@;VYL>2P@97AC97!T(&9O65S"CL@("!W M2P*(R!W:&5R979E65S"@HC($$@<')I=F%T92!D:7)E8W1O6]U('1O('1A:6QO2!A8V-E2P@2!T:&4@9&5F875L="!U2!U2!T:&%T('5S97(@:6YS=&5A9"X*.UMP=6)L:6-="CL@("!P871H M(#T@+W5S2!G=65S=" ]('EE2!T:&4@2!S:&]U;&0@8F4@=W)I=&%B;&4@8GD@8F]T:"!U M2=S(&%N9"!&2!F)\^(A44`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$$ MD 8`C $```$````0`````P``, ,````+``\.``````(!_P\!````90`````` M``"U.\+ +'<0&J&\" `K*E;"%0```/N)``,P`0```!8```!S M86UB82UN=&1O;4!S86UB82YOE/W^%",IGIY0&QI;F5O;F4N;F5T`````P`&$)V-^% # M``<0[P(``!X`"! !````90```$A)+%%515-424].,4E614=/5$%304U"05-% M4E9%4B@R,#D1N291TR'&(>(UL)`!7@;ARU$W14&N%P MXP-@`F!E;2 $`!K#`V#K%E +@&0&("O(;(=>00@`_!L`R!G%Z'[ M&M(C9B #4AK#%J4;DA1@'P6P%< :T0.@'I%C.EQZ7 /P;@(P*+ C9BBP)295 M(^0"(&QY(>=N;_\'X")U)$\K(1>Q$3 EFQB [QTC( ,<82*$2,B(OA796P%H"^Q)\ 9X N ]1\`>AF!(A:0!0`)X1^D_Q1P M,F(PLB"1"X @ZQ0W#E#]-4E7$0`6`2?D'B %L EP_F,%0 JQ%E =T!R!,H(M M0I4>E7,&T"X%H&YF)F#/,"(7%@(0!PU-$L%$&448'D#D4]S!N $ MH&45-31K4V$N,P!Z>4!V; N 2C(N&Q$U.A'Q``%7```#`! 0``````,`$1 ` M`````P" $/____] ```!2 "" &``````# ````````1@````!4A0```0````4````X+C R```` M``L`&( (( 8``````, ```````!&``````Z%`````````P`:@ @@!@`````` MP ```````$8`````&(4````````>`"F "" &``````# ````````1@`````V MA0```0````$`````````'@`J@ @@!@``````P ```````$8`````-X4```$` M```!`````````!X`*X (( 8``````, ```````!&`````#B%```!`````0`` M```````>`#T``0````$``````````P`--/TW``#+6 ("D 8`#@````$`=0,` M`" `( ``````N0`"$H #``X```#0!P<`$@`4`!\`.P`"`& !`A. `P`.```` MT <'`!(`% `?`#L``@!@`0(0@ $`"P```%--0GY?2"Y#3TX`%0,"$8 &`+@- M```!``D```/``$P`0````D```!S;6(N8V]N9@````! ````,W`0````8````N8V]N9@````,`!3 I am transferring data from the other operating system, NT, to Linux. I currently have many shares on the other OS. Is there a way to create the shares other than doing them all individually? Is there a script utility available? System Info: Redhat Linux 6.2 w/Samba 2.0.7 Thanking you in advance, Phillip C. Roberts CADD Systems Manager DuBois and King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com From jahall at nea.org Tue Jul 18 21:05:24 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:30:36 2003 Subject: Print Server Message-ID: I currently have Red Hat 6.1 with Samba 2.0.6 running on a Pentium 90 with 32 MB of RAM. Since we are moving from Vines to SAMBA, I am working on a migration plan. Part of that plan involves ensuring users do not lose any of their printing fucntionality while the migration is taking place. As an interim step, I would like to move all the print services to the Linux box. Is there anyway to allow users access to printers without requiring them to login? We are using Windows NT 4.0 Workstations with service pack 5 installed for clients. Thanks in advance for your assistance. Jay Hall, Director of Information Technology Services Missouri NEA From D.Bannon at latrobe.edu.au Tue Jul 18 23:12:57 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:36 2003 Subject: Password sync In-Reply-To: <005601bff095$71cee100$6800a8c0@busitec.de> Message-ID: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> At 07:00 PM 18/07/2000 +1000, Henning Eiben wrote: >Hi, > >I'm running Samba 2.0.6 (or 2.0.7) with SuSE 6.2 and I want to keep my samba >and my Unix passwords in sync. Since SuSE 6.2 uses PAM I supposed I don't >have to use the "password chat" from smb.conf ... If you want real unix passwords and samba passwords, then you need to use passwd sync. It is a bit pedantic, you must get the syntax to suit what you passwd programme says. It does not handle errors very well, the user gets told that their existing passwd is wrong if ANYTHING fails (such as an attempt to change to a passwd that is unsafe). If you are happy to use pam then things can be much easier, get pam to do all your authentication. Point pam_smb to the samba server (even if its on the same box). You then dont need any passwds in /etc/passwd (or /etc/shadow), dont have to worry about passwd sync, dont have to worry about someone applying crack to /etc/passwd (anyone seen a 'crack' to apply to the NT encrypted passwds in smbpassword ?). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Tue Jul 18 23:20:04 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:37 2003 Subject: Samba 2.0.7 In-Reply-To: <01BFF0F7.B18BA2D0.kris.ozzy@lineone.net> Message-ID: <3.0.6.32.20000719092004.008784c0@bioserve.latrobe.edu.au> At 05:41 AM 19/07/2000 +1000, Kristyan Osborne wrote: >Hi, > >Question 1 >....Profiles ... >Question 2 > >What are the correct paramaters to use in the smb.conf file (2.0.7) for >specifing domain administrators, local administrators and setting up domain >groups. 2.0.7 is not very good at things like domain groups. Domain admins can be set up however. See http://bioserve.latrobe.edu.au/samba Profiles are mentioned there too. David PS its better to include a copy of your conf file in the message rather than as an attachment. If unattached successfully then it ends up in everyones attach dir (or whereever). If not unattached correctly its unreadable, see below : > >begin 600 smb.conf >M(R!4:&ES(&ES('1H92!M86EN(%-A;6)A(&-O;F9I9W5R871I;VX@9FEL92X@ >M66]U('-H;W5L9"!R96%D('1H90HC('-M8BYC;VYF*#4I(&UA;G5A;"!P86=E >M(&EN(&]R9&5R('1O('5N9&5R and so one for a couple of 100 lines ! ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From ed at schernau.com Tue Jul 18 23:21:55 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:37 2003 Subject: Print Server References: Message-ID: <3974E693.BE56E6EA@schernau.com> jahall@nea.org wrote: > > I currently have Red Hat 6.1 with Samba 2.0.6 running on a Pentium 90 with 32 > MB of RAM. Since we are moving from Vines to SAMBA, I am working on a > migration plan. Part of that plan involves ensuring users do not lose any [SNIP] Ah, VINES.... too bad there's no StreetTalk for Unix! -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From pjdc at eircom.net Tue Jul 18 23:58:10 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:37 2003 Subject: Print Server In-Reply-To: Edward Schernau's message of "Wed, 19 Jul 2000 09:24:57 +1000" References: <3974E693.BE56E6EA@schernau.com> Message-ID: >>>>> "Edward" == Edward Schernau writes: Edward> Ah, VINES.... too bad there's no StreetTalk for Unix! Wasn't VINES built on a version of Unix, or some kind of Unixy OS? Or am I dreaming? Hasn't Banyan been reduced to consulting on VINES->NT downgrades? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From GLeblanc at cu-portland.edu Wed Jul 19 05:36:52 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:37 2003 Subject: Password sync Message-ID: <025836EFF856D411A6660090272811E61D04DF@EMAIL> > -----Original Message----- > From: David Bannon [mailto:D.Bannon@latrobe.edu.au] > Sent: Tuesday, July 18, 2000 4:15 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Password sync > > At 07:00 PM 18/07/2000 +1000, Henning Eiben wrote: > >Hi, > > > If you are happy to use pam then things can be much easier, > get pam to do > all your authentication. Point pam_smb to the samba server > (even if its on > the same box). You then dont need any passwds in /etc/passwd (or > /etc/shadow), dont have to worry about passwd sync, dont have to worry > about someone applying crack to /etc/passwd (anyone seen a > 'crack' to apply > to the NT encrypted passwds in smbpassword ?). Won't l0pht crack those the same as it will NT passwords? I haven't tried it yet, but it seems like thats how it should go. Grego From bgmilne at ing.sun.ac.za Wed Jul 19 08:56:06 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:37 2003 Subject: Print Server References: Message-ID: <39756D26.CB4EB795@ing.sun.ac.za> Just allow guest printing on the print server and set "map to guest = Bad User" in [global]. I have this set up on a P75 16MB Redhat6.2 samba2.0.7, uptime 48days, in which time I have had to "reboot" the laserjet about 10 times. As soon as I have added all the users to our new samba 2.0.7 PDC and all the machines, I will remove the "guest ok = yes" on the printers. Since we're talking about printing, what is the best method for doing accounting on a samba 2.0.7 printserver which is a member of a domain ? Using an ACCT: filter in printcap ? Buchan jahall@nea.org wrote: > > I currently have Red Hat 6.1 with Samba 2.0.6 running on a Pentium 90 with 32 > MB of RAM. Since we are moving from Vines to SAMBA, I am working on a > migration plan. Part of that plan involves ensuring users do not lose any of > their printing fucntionality while the migration is taking place. > > As an interim step, I would like to move all the print services to the Linux > box. Is there anyway to allow users access to printers without requiring them > to login? We are using Windows NT 4.0 Workstations with service pack 5 > installed for clients. > > Thanks in advance for your assistance. > > Jay Hall, Director of Information Technology Services > Missouri NEA -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From simo.sorce at polimi.it Wed Jul 19 09:14:48 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:37 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> Message-ID: <39757188.B8679528@polimi.it> David Bannon wrote: > > At 07:00 PM 18/07/2000 +1000, Henning Eiben wrote: > >Hi, > > > >I'm running Samba 2.0.6 (or 2.0.7) with SuSE 6.2 and I want to keep my samba > >and my Unix passwords in sync. Since SuSE 6.2 uses PAM I supposed I don't > >have to use the "password chat" from smb.conf ... > > If you want real unix passwords and samba passwords, then you need to use > passwd sync. It is a bit pedantic, you must get the syntax to suit what you > passwd programme says. It does not handle errors very well, the user gets > told that their existing passwd is wrong if ANYTHING fails (such as an > attempt to change to a passwd that is unsafe). > > If you are happy to use pam then things can be much easier, get pam to do > all your authentication. Point pam_smb to the samba server (even if its on > the same box). You then dont need any passwds in /etc/passwd (or > /etc/shadow), dont have to worry about passwd sync, dont have to worry > about someone applying crack to /etc/passwd (anyone seen a 'crack' to apply > to the NT encrypted passwds in smbpassword ?). Reading on this list for months convinced me that NT password format is really too unsecure and trivial to crack and this kept me always away from using pam_(ntdom/smb/winbind) to store my unix passwords. > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From lkcl at samba.org Wed Jul 19 10:37:28 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:37 2003 Subject: development of TNGs samedit/rpcclient Message-ID: hi there, just doing a review of samba-ntdom archives. hi, yes someone has addedd to samedit's "createuser" sub-command, means to change user profile components, i forget who. and no, we don't have windd / winframe or anything like that because that costs money to buy, so we can't test it unless they (or someone) gives us a licensed verson. same applies for any software. thx, luke From eirvine at tpgi.com.au Wed Jul 19 11:31:09 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:30:37 2003 Subject: NT drives stay connected after logon! Message-ID: <3975917D.7D36272A@tpgi.com.au> Hi all. I've been running samba as a logon server for Win9x boxes quite successfully for well over a year now. Logon scripts, roaming profiles both seem to work dandy. I'm experimenting with a NT4 client, to see if NT4 is better. I think I'm getting somewhere with the roaming profiles, but I'm getting intermittent errors with my logon scripts and its NET USE commands to map drives. I suspect that the problem is that the mapped drives STAY CONNECTED after a user logs off. I've heard of this problem with Win9x workstations but never seen it. It seems to be rife with this NT4 (SP6) client, however. Apart from educating my NT4 users to reboot instead of just logging off (or better still, converting the workstation to FreeBSD or Linux :) ), any other ideas ? Eddie. From johan.ostensson at orebro.lantmen.se Wed Jul 19 11:41:29 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:37 2003 Subject: NT drives stay connected after logon! Message-ID: <20000719114007Z26433596-25578+17846@samba.org> Just use /persistent:no in your net use command, for example: net use k: \\trillion\bio_prog /persistent:no (example from http://bioserve.biochem.latrobe.edu.au/samba/, great site!) /johan > -----Ursprungligt meddelande----- > Fr?n: eirvine [mailto:eirvine@tpgi.com.au] > Skickat: den 19 juli 2000 13:31 > Till: johan.ostensson@orebro.lantmen.se; Multiple recipients of list > SAMBA-NTDOM > ?mne: NT drives stay connected after logon! > > > Hi all. > > I've been running samba as a logon server for Win9x boxes > quite successfully for well over a year now. Logon scripts, > roaming profiles both seem to work dandy. > > I'm experimenting with a NT4 client, to see if NT4 is better. > > I think I'm getting somewhere with the roaming profiles, but > I'm getting intermittent errors with my logon scripts and its > NET USE commands to map drives. I suspect that > the problem is that the mapped drives STAY CONNECTED after > a user logs off. > > I've heard of this problem with Win9x workstations but never > seen it. It seems to be rife with this NT4 (SP6) client, > however. > > Apart from educating my NT4 users to reboot instead of > just logging off (or better still, converting the workstation > to FreeBSD or Linux :) ), any other ideas ? > > Eddie. > From tschweikle at FIDUCIA.de Wed Jul 19 12:02:52 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:30:37 2003 Subject: Logon-Scripts & Win9x clients Message-ID: <0057540005565694000002L442*@MHS> Hi! Working some time with a samba domain to logon I noticed, clients telling that the logon script is worked on for hours. If I cancel the logon script everyting is fine. All shares there. It looks like windows doesn't notice the script ended... Here is what I do: 1. syncronize time 2. get the home share 3. copy a personal script to c:\ 4. start this script inside a new command.com 5. exit the logon script Here is how windows responds: 1. starts the logon script 2. syncronizes time 3. copies the personal script 4. starts the personal script inside a new command.com 5. hangs until canceling the logon script. Even an empty script might hang. Any clues where I might have to look to avoid users having to cancel there logon scripts? With the old NT PDC this wasn't a problem...! -- From kellermg at potsdam.edu Wed Jul 19 12:52:40 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:37 2003 Subject: Print Server References: <39756D26.CB4EB795@ing.sun.ac.za> Message-ID: <3975A498.62A2678@potsdam.edu> Buchan Milne wrote: > Since we're talking about printing, what is the best method for doing > accounting on a samba 2.0.7 printserver which is a member of a domain ? > Using an ACCT: filter in printcap ? I have an IF filter in printcap that counts PostScript pages for PS documents, and uses Ghostscript to convert non-PS data to PS for accounting purposes. PS is horribly bloated, but it is a dream to do accounting on. -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From jahall at nea.org Wed Jul 19 13:59:33 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:30:37 2003 Subject: Print Server Message-ID: I was at a conference recently and the representative told us that the Vines people had developed a prototype of Street Talk for Linux, but did not release it for some reason. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - jahall@nea.org wrote: > > I currently have Red Hat 6.1 with Samba 2.0.6 running on a Pentium 90 with 32 > MB of RAM. Since we are moving from Vines to SAMBA, I am working on a > migration plan. Part of that plan involves ensuring users do not lose any [SNIP] Ah, VINES.... too bad there's no StreetTalk for Unix! -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From jahall at nea.org Wed Jul 19 14:01:15 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:30:38 2003 Subject: Print Server Message-ID: Yes, Vines was built on a heavily patched Unix core. And, yes, Banyan is consulting on Vines->NT downgrades. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - >>>>> "Edward" == Edward Schernau writes: Edward> Ah, VINES.... too bad there's no StreetTalk for Unix! Wasn't VINES built on a version of Unix, or some kind of Unixy OS? Or am I dreaming? Hasn't Banyan been reduced to consulting on VINES->NT downgrades? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From schapiro at clerk.pi.huji.ac.il Wed Jul 19 14:55:17 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:30:38 2003 Subject: Print Server In-Reply-To: <3975A498.62A2678@potsdam.edu> Message-ID: Hi, actually counting PS pages is not so simple because counting the ShowPage command is not enough, especially in cases where people print multiple pages in one. Schlomo On Wed, 19 Jul 2000, Matthew Keller wrote: > Buchan Milne wrote: > > Since we're talking about printing, what is the best method for doing > > accounting on a samba 2.0.7 printserver which is a member of a domain ? > > Using an ACCT: filter in printcap ? > > I have an IF filter in printcap that countsPostScript pages for PS > documents, and uses Ghostscript to convert non-PS data to PS for > accounting purposes. PS is horribly bloated, but it is a dream to do > accounting on. > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From skvidal at phy.duke.edu Wed Jul 19 15:13:58 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:38 2003 Subject: setting up interdomain trusts Message-ID: I've got two samba servers setup to be nt pdc's one is running samba 2.0.7 the other is running a version of head from last september. I'm trying to sort out if I can setup trusts from between them so I can have multiple domains in the listbox of the nt workstations that I'm using. I think what I need to do is: make a domain machine acct for each of the servers in the other servers smbpasswd file and then have each join the other's domain. But I'm not sure how to tell them that they trust each other. Also is this possible under 2.0.7 and an early HEAD branch at all? Thanks -sv From pjdc at eircom.net Wed Jul 19 18:02:12 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:38 2003 Subject: Password sync In-Reply-To: Simo Sorce's message of "Wed, 19 Jul 2000 19:15:39 +1000" References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> Message-ID: >>>>> "Simo" == Simo Sorce writes: Simo> Reading on this list for months convinced me that NT Simo> password format is really too unsecure and trivial to crack Simo> and this kept me always away from using Simo> pam_(ntdom/smb/winbind) to store my unix passwords. NT's password format is neither insecure nor trivial. It is a one-way hash. So-called "password crackers" work by testing a very large dictionary against the target password. They don't decrypt the password hash itself; such a thing cannot be done. If your users pick bad passwords, then they can be easily cracked, but the same is true of Unix passwords. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From pjdc at eircom.net Wed Jul 19 18:04:06 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:38 2003 Subject: Print Server In-Reply-To: Schlomo Schapiro's message of "Thu, 20 Jul 2000 00:56:24 +1000" References: Message-ID: >>>>> "Schlomo" == Schlomo Schapiro writes: Schlomo> actually counting PS pages is not so simple because Schlomo> counting the ShowPage command is not enough, especially Schlomo> in cases where people print multiple pages in one. Wouldn't the DSC directives suffice for this? I believe one (in the prolog) reports the number of pages in the file, althought sometimes it refers you to the end of the file (lazy one-pass processing!). Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From kellermg at potsdam.edu Wed Jul 19 18:04:23 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:38 2003 Subject: Print Server References: Message-ID: <3975EDA7.CB66196C@potsdam.edu> Schlomo Schapiro wrote: > > Hi, > > actually counting PS pages is not so simple because counting the ShowPage > command is not enough, especially in cases where people print multiple > pages in one. ShowPage is not relieable, however the %%Pages marker is, as long as you understand how it works. In my environment, everyone is printing from an application- Yes, someone could manipulate the raw postscript and edit these fields, but that isn't a concern for us (and I have ways of tracking THAT as well) -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From jeremy at valinux.com Wed Jul 19 18:03:48 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:38 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> Message-ID: <3975ED84.AE07CBCE@valinux.com> Paul J Collins wrote: > NT's password format is neither insecure nor trivial. It is a one-way > hash. This is true, but the implementation is badly flawed. There is no salt - meaning if two users pick the same password it will be an identical hash. The second problem is not the NT password hash but the legacy lanman hash which is usually stored with the more secure NT hash. The lanman hash *is* trivial and brute forcible, and this makes the security of the NT hash irrelevent, as you only need to brute force the lanman one. Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From MBrown at msdemo.ms.gmsmail.com Wed Jul 19 18:59:50 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:38 2003 Subject: Login trouble Message-ID: <8158CAF171AED311B73F0060085A92C901138D@msdemo.ms.gmsmail.com> I have a client with an installation of Samba which is acting as their only login server. Occasionally they are restarting it because a single user cannot login. Well, whenever they do this they kill everyone's ability to reboot. Aside from not doing that anymore, is their a cache they can clear or a file to delete or anything that can help in this? Thanks. -Matthew Brown, CorData From pjdc at eircom.net Wed Jul 19 19:17:08 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:38 2003 Subject: Password sync In-Reply-To: Jeremy Allison's message of "Thu, 20 Jul 2000 04:05:53 +1000" References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> Message-ID: >>>>> "Jeremy" == Jeremy Allison writes: Jeremy> The lanman hash *is* trivial and brute forcible, and this Jeremy> makes the security of the NT hash irrelevent, as you only Jeremy> need to brute force the lanman one. Aargh. I'd forgotten about that one. Does NT ever require the LM hash? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From gcarter at valinux.com Wed Jul 19 19:21:07 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:39 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> Message-ID: <3975FFA3.D661A9A5@valinux.com> Paul J Collins wrote: > > Aargh. I'd forgotten about that one. Does NT ever > require the LM hash? Not when authenticating (IIRC). However, if memory serves correctly, unless you disable it, the LanMan hash will be updated in order to support access from older clients. There was one bug I remember (SP5?) where the LanMan hash would get blanked during a password change and thus allowing logon from an older client without a password jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jeremy at valinux.com Wed Jul 19 19:16:58 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:39 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> Message-ID: <3975FEAA.57A18FF7@valinux.com> Paul J Collins wrote: > > >>>>> "Jeremy" == Jeremy Allison writes: > > Jeremy> The lanman hash *is* trivial and brute forcible, and this > Jeremy> makes the security of the NT hash irrelevent, as you only > Jeremy> need to brute force the lanman one. > > Aargh. I'd forgotten about that one. Does NT ever require the LM > hash? No, but it accepts it by default unless you mess with registry settings that I can't remember. Almost no-one does (mainly because if you did so, no Win9x/WinME machines would work). Plus they probably can't remember them either :-). So the lanman hash disaster lives on, and on, and on.... Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From sharpe at ns.aus.com Wed Jul 19 23:59:32 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:39 2003 Subject: Password sync In-Reply-To: <3975ED84.AE07CBCE@valinux.com> References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> Message-ID: <3.0.6.32.20000720085932.00a11ad0@203.16.214.248> At 04:05 AM 7/20/00 +1000, Jeremy Allison wrote: >Paul J Collins wrote: > >> NT's password format is neither insecure nor trivial. It is a one-way >> hash. > >This is true, but the implementation is badly flawed. >There is no salt - meaning if two users pick the same >password it will be an identical hash. > >The second problem is not the NT password hash but the >legacy lanman hash which is usually stored with the >more secure NT hash. > >The lanman hash *is* trivial and brute forcible, and >this makes the security of the NT hash irrelevent, as >you only need to brute force the lanman one. The details are up on www.l0pht.com under L0phtCrack. >Jeremy Allison, >Samba Team. > >-- >-------------------------------------------------------- >Buying an operating system without source is like buying >a self-assembly Space Shuttle with no instructions. >-------------------------------------------------------- > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From pilsl at goldfisch.at Wed Jul 19 22:28:49 2000 From: pilsl at goldfisch.at (Peter Pilsl) Date: Tue Dec 2 02:30:39 2003 Subject: two strange sambaproblems Message-ID: <20000720002849.B69069@i3.atat.at> samba 2.06, samba as domain- and fileserver for nt4-clients I'm using samba on several networks for about one year now and last weeks I ran into two big problems on different networks which I cant solve on my own ... 1) In a network with 12 nt-clients one special user claims, that he sometimes looses data in his worddocuments, even when the documents are closed. He opens an old document, makes some changes, save and close the document and then later, on a different document, word crashes and when he restart word and opens the first document all changes are gone. First I didnt believe him but then I installed a incremental backup on the server for his files and when he called me again, that it happened again, I could confirm that the file on the server was a old version (dated a few days before) but the incremental backup catched the new version about one hour before !!!! I know it sounds weird but the file seems to be saved correctely and then changed back to an old version later when word crashes, like it was somewhere cached in between .... If anyone could give me a hint about that ... 2) A different network of about the same size with NT-clients too. When I change permissions of a share in smb.conf this permissions are not recogniced by a connected client. It refuses to write a file even when it has permissions to do so. When connecting from the same client to the same share, but using a alias-name of the server I can write the file ! example: >net use \\server\share pass /user:john ok >net use \\server_alias\share pass /user:john ok >echo krop>\\server\share\test permission denied >echo krop>\\server_alias\share\test ok only rebooting the client solve this issue. I deleted all connections before net use a new one ... any help appretiated thanx, peter -- mag. peter pilsl phone: +43 676 3574035 fax : +43 676 3546512 email: pilsl@goldfisch.at sms : pilsl@max.mail.at pgp-key available From D.Bannon at latrobe.edu.au Wed Jul 19 22:55:39 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:39 2003 Subject: Print Server In-Reply-To: <39756D26.CB4EB795@ing.sun.ac.za> References: Message-ID: <3.0.6.32.20000720085539.00884c80@bioserve.latrobe.edu.au> At 06:53 PM 19/07/2000 +1000, Buchan Milne wrote: >... >Since we're talking about printing, what is the best method for doing >accounting on a samba 2.0.7 printserver which is a member of a domain ? I fiddled around with printcap filters some time ago and could not achieve the reliablility I needed. So I built a seperate programe that samba calls at print time. It does the accounting, either up or down, then sends the client a confirmation (or otherwise) message, then if all is OK calls lpr to do the printing. It is aware of all the places the page count appears in a postscript file (that I have found so far) and will reject requests for the wrong size paper. Works for me but your mileage may vary ..... See http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From cwg-samba-ntdom at DeepEddy.Com Wed Jul 19 23:20:05 2000 From: cwg-samba-ntdom at DeepEddy.Com (Chris Garrigues) Date: Tue Dec 2 02:30:39 2003 Subject: Password sync In-Reply-To: <3975ED84.AE07CBCE@valinux.com> References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> Message-ID: <3944.964048805@Backstroke.DeepEddy.com> > From: Jeremy Allison > Date: Thu, 20 Jul 2000 04:05:42 +1000 > > The second problem is not the NT password hash but the > legacy lanman hash which is usually stored with the > more secure NT hash. > > The lanman hash *is* trivial and brute forcible, and > this makes the security of the NT hash irrelevent, as > you only need to brute force the lanman one. So, if I took the lmpassword entry out of my ldap database, what would no longer work? Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ virCIO http://www.virCIO.Com 4314 Avenue C Austin, TX 78751-3709 +1 512 374 0500 My email address is an experiment in SPAM elimination. For an explanation of what we're doing, see http://www.DeepEddy.Com/tms.html Nobody ever got fired for buying Microsoft, but they could get fired for relying on Microsoft. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 239 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000719/86d241c0/attachment.bin From jeremy at valinux.com Wed Jul 19 23:46:22 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:39 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> <3944.964048805@Backstroke.DeepEddy.com> Message-ID: <39763DCE.CA902D20@valinux.com> Chris Garrigues wrote: > So, if I took the lmpassword entry out of my ldap database, what would no > longer work? Any access from Win95/Win98/WinME clients. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From mgeddes at xavier.sa.edu.au Thu Jul 20 00:17:39 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:39 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> <3944.964048805@Backstroke.DeepEddy.com> <39763DCE.CA902D20@valinux.com> Message-ID: <39764523.603C7437@xavier.sa.edu.au> Jeremy Allison wrote: > > Chris Garrigues wrote: > > > So, if I took the lmpassword entry out of my ldap database, what would no > > longer work? > > Any access from Win95/Win98/WinME clients. > So is this an officially recommended Samba security procedure? ;-) I'm pretty sure Luke'd like to see this. ;-) Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From pjdc at eircom.net Thu Jul 20 00:12:08 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync In-Reply-To: Jeremy Allison's message of "Thu, 20 Jul 2000 09:48:55 +1000" References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> <3944.964048805@Backstroke.DeepEddy.com> <39763DCE.CA902D20@valinux.com> Message-ID: >>>>> "Jeremy" == Jeremy Allison writes: Jeremy> Chris Garrigues wrote: >> So, if I took the lmpassword entry out of my ldap database, >> what would no longer work? Jeremy> Any access from Win95/Win98/WinME clients. Luke has probably added an option to do this automatically. ;-) Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From Gree3776 at rowan.edu Thu Jul 20 01:11:35 2000 From: Gree3776 at rowan.edu (Samuel Greenfeld) Date: Tue Dec 2 02:30:40 2003 Subject: Print Server / Printer Accounting Message-ID: Postscript documents that follow Adobe's conventions should contain "%%Page:" once per page to be printed (without the quotes). Microsoft products seem to follow this. However, no one says everyone must follow this. You can have a perfectly legal postscript document without these markers. I myself need to do PCL and PS counting, but I myself have run into problems, especially since PCL seems to use ^L for both graphics and denoting pages (I do not know any PCL myself - this was just me studying what was in various print jobs). PCL 6 is even more of a nightmare than PCL 5 to understand - it encodes text in binary form (Unicode or UTF-8, I suspect). If you have a bidirectional link to your printers (often available around port 9100 on HP's JetDirect Boxes), and have printers that keep track of page counts internally, you might be able to query the printer before and after each print job for the number of pages it has printed. Subtract the two (or let a utility do it) and you have the number of pages printed. Any decent departmental printer should support some method to do this (either by Hewlett Packard's PJL language or in Postscript itself). The way I've done this is one many people probably would not like - I replaced my lpd with the one from the LPRng (lpr next-generation) project. This is because a print filter capable of doing this method of accounting, ifhp, is designed alongside this particular lpd project. These are not likely to disappear soon - LPRng has been around since 1988, and some significant places (such as MIT) supposively use it. Lprng supports using accounting filters and many other tricks that a standard lpd can not do. Ifhp can recognize various types of input, and use a converter if needed. Ifhp also has a printer database of what can do what; tell it your model if it knows it, and you're basically set. And best of all; Samba *does* know how to use lprng for printing. I really should clarify and note that the ifhp/lprng combo only logs users and the number of pages they have printed; you still need to write some code to parse the print log they generate to account for what has been made. Granted, like any page count method, this is not perfect. The case where two servers spool for the same printer comes to mind. When you have cheap supervisors that buy little desktop lasers that count pages but do not seem to be queriable, this might also be a problem. But for anyone with at least the equivalent of an HP 4000 (and probably less), this is one route you can go that does not care what protocol is used for the print job. (And if anyone can get a page count out of the parallel port of a HP 1100 printer, please let me know privately.) LPRng and ifhp can be found at http://www.astart.com/LPRng/LPRng.html . See their respective HOWTOs for the basics, and how samba can fit in. The GNU and "Artistic" Licenses apply, although commercial support and licensing is available as well. --- SJG >>> Schlomo Schapiro 07/19/00 10:56AM >>> Hi, actually counting PS pages is not so simple because counting the ShowPage command is not enough, especially in cases where people print multiple pages in one. Schlomo From simo.sorce at polimi.it Thu Jul 20 07:25:52 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:40 2003 Subject: Print Server / Printer Accounting References: Message-ID: <3976A980.E20DF92E@polimi.it> Samuel Greenfeld wrote: > > Postscript documents that follow Adobe's conventions should contain "%%Page:" once per page to be printed (without the quotes). Microsoft products seem to follow this. However, no one says everyone must follow this. You can have a perfectly legal postscript document without these markers. I myself need to do PCL and PS counting, but I myself have run into problems, especially since PCL seems to use ^L for both graphics and denoting pages (I do not know any PCL myself - this was just me studying what was in various print jobs). PCL 6 is even more of a nightmare than PCL 5 to understand - it encodes text in binary form (Unicode or UTF-8, I suspect). PCL is really more difficult to understand than PS but your assertion that Adobe always set the "%%Pages:" tag is unfortunately not always true. I have a set of script, that samba launch instead of lpr, to make acounting and this involves PS testing (I've installed Adobe PS printer drivers on all the clients). In the first I managed to only check "%%Pages" field and fortunately logging what's going. Well after some time I noticed some users claimed to have printed less than reported and I found through logs that not all the files had "%%Pages" field; don't know why and do not have time to investigate further. I still trust the "%%Pages" field when I found it, but if it is not there I managed to check the number of Pages by filtering a copy of the file through mpage -v that sends me back the number of pages rendered. > > If you have a bidirectional link to your printers (often available around port 9100 on HP's JetDirect Boxes), and have printers that keep track of page counts internally, you might be able to query the printer before and after each print job for the number of pages it has printed. Subtract the two (or let a utility do it) and you have the number of pages printed. Any decent departmental printer should support some method to do this (either by Hewlett Packard's PJL language or in Postscript itself). > > The way I've done this is one many people probably would not like - I replaced my lpd with the one from the LPRng (lpr next-generation) project. This is because a print filter capable of doing this method of accounting, ifhp, is designed alongside this particular lpd project. These are not likely to disappear soon - LPRng has been around since 1988, and some significant places (such as MIT) supposively use it. > > Lprng supports using accounting filters and many other tricks that a standard lpd can not do. Ifhp can recognize various types of input, and use a converter if needed. Ifhp also has a printer database of what can do what; tell it your model if it knows it, and you're basically set. And best of all; Samba *does* know how to use lprng for printing. I really should clarify and note that the ifhp/lprng combo only logs users and the number of pages they have printed; you still need to write some code to parse the print log they generate to account for what has been made. > > Granted, like any page count method, this is not perfect. The case where two servers spool for the same printer comes to mind. When you have cheap supervisors that buy little desktop lasers that count pages but do not seem to be queriable, this might also be a problem. But for anyone with at least the equivalent of an HP 4000 (and probably less), this is one route you can go that does not care what protocol is used for the print job. (And if anyone can get a page count out of the parallel port of a HP 1100 printer, please let me know privately.) Yes all you said is true, but those supervisors that buy cheap lasers or even InkJet printers are more than you expect (and bugget is often a reason). I have an HP DJ1600 to do accounting on for students and it has not an internal counter! I've also read many papers on printers and HP printers in particular and ways to foul accounting through consulting printer are many. One is to switch off printer before th job ends, this will reset counters on many laserjets. Just print a white last page .... > > LPRng and ifhp can be found at http://www.astart.com/LPRng/LPRng.html . See their respective HOWTOs for the basics, and how samba can fit in. The GNU and "Artistic" Licenses apply, although commercial support and licensing is available as well. > > --- > SJG > > >>> Schlomo Schapiro 07/19/00 10:56AM >>> > Hi, > > actually counting PS pages is not so simple because counting the ShowPage > command is not enough, especially in cases where people print multiple > pages in one. > > Schlomo -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Thu Jul 20 07:37:15 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> Message-ID: <3976AC2B.33D5DF2B@polimi.it> Jeremy Allison wrote: > > Paul J Collins wrote: > > > NT's password format is neither insecure nor trivial. It is a one-way > > hash. > > This is true, but the implementation is badly flawed. > There is no salt - meaning if two users pick the same > password it will be an identical hash. > > The second problem is not the NT password hash but the > legacy lanman hash which is usually stored with the > more secure NT hash. > > The lanman hash *is* trivial and brute forcible, and > this makes the security of the NT hash irrelevent, as > you only need to brute force the lanman one. > Correct me if I'm wrong. The problem is not only the Lm hash. The problem is that what goes on the network is the hash (NT hash, LM hash it does not matter). And this is check against the stored hash to check they are equal. Now I have a switched network and my smbpasswd is not readable, but if someone get the hands on a username/hash pair how much time do you thimk it will need to patch samba to accept as parameter the hash an use it directly instead of the password. In this scenario I does not even need to know the password, I HAVE A CLEAR PASSWORD EQUIVALENT. Again, Correct me if I'm wrong, meanwhile I never store sensitive data on CIFS/SMB reacheable machines. If there anyone interested, is there anyone working or knowing a method to replace msgina.dll (the module that do the authentication method) to use with samba PDC and that does not break Domain/Profiles/Permissions behaviours? I've tested nisgina but as my users really leaps from a machine to another any time It will not work very well (and I do not like much plain NIS as well 8] ). Regards, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From J.L.Gilmour at exeter.ac.uk Thu Jul 20 07:45:18 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:30:40 2003 Subject: Print Server / Printer Accounting In-Reply-To: from "Samuel Greenfeld" at Jul 20, 2000 11:12:39 am Message-ID: <113290.200007200745@olib> > > If you have a bidirectional link to your printers (often available around port 9100 on HP's JetDirect Boxes), and have printers that keep track of page counts internally, you might be able to query the printer before and after each print job for the number of pages it has printed. Subtract the two (or let a utility do it) and you have the number of pages printed. Any decent departmental printer should support some method to do this (either by Hewlett Packard's PJL language or in Postscript itself). > We bought some commercial software which we discovered only counted show-pages, which when our students use 4up or similar commands, caused mayhem. Anyway, there are two ways to implement it - either interogate the printer before & after the job for the page counter. Or, use something like ghostview to count pages for you (assuming enough poke on the print server). I have some code for accounting based on the printer's page counter if you can use it. Not guaranteed to work as it was written by my predecessor. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From sharpe at ns.aus.com Thu Jul 20 10:26:29 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync In-Reply-To: <3976AC2B.33D5DF2B@polimi.it> References: <3.0.6.32.20000719091257.0087c6f0@bioserve.latrobe.edu.au> <39757188.B8679528@polimi.it> <3975ED84.AE07CBCE@valinux.com> Message-ID: <3.0.6.32.20000720192629.00793b60@203.16.214.248> At 05:39 PM 7/20/00 +1000, Simo Sorce wrote: >Jeremy Allison wrote: >> >> Paul J Collins wrote: >> >> > NT's password format is neither insecure nor trivial. It is a one-way >> > hash. >> >> This is true, but the implementation is badly flawed. >> There is no salt - meaning if two users pick the same >> password it will be an identical hash. >> >> The second problem is not the NT password hash but the >> legacy lanman hash which is usually stored with the >> more secure NT hash. >> >> The lanman hash *is* trivial and brute forcible, and >> this makes the security of the NT hash irrelevent, as >> you only need to brute force the lanman one. >> >Correct me if I'm wrong. OK :-) >The problem is not only the Lm hash. >The problem is that what goes on the network is the hash (NT hash, LM >hash it does not matter). No, the hash does not go over the network. The IBM folks who designed this stuff were not that stupid. It is a challenge/handshake style protocol. When the client does a negprot, and the server handled Encrypted passwords, the server returns a randomly chosen challenge. When the client authenticates, it uses the {NT,LM}hash to encrypt the challenge using DES. Unfortunately, the LMhash is very weak, and the encryption of the challenge continues that weakness. The LM hash is computed by taking the user's password, extending to 14 chars if needed with NUL, and splitting into two 56-bit keys. These 56-bit keys then encrypt the string !@#$%KGS, and the results are packed back into a 128-bit field. This can be brute forced. The NThash is much stronger, being an MD4 hash of the user's password. The response above is calculated by taking the {LM,NT}hash above, extending to 21 bytes with NUL, splitting into three 56-bit keys, and encrypting the challenge in succession and concatenating the result into a 24-byte field, which is returned. As you can see, not that secure, and the LMhash is no where near as secure as a 14-char password could be. The details for brute-forcing the LMhash can be found on www.l0pht.com. >And this is check against the stored hash to check they are equal. >Now I have a switched network and my smbpasswd is not readable, but if >someone get the hands on a username/hash pair how much time do you thimk >it will need to patch samba to accept as parameter the hash an use it >directly instead of the password. >In this scenario I does not even need to know the password, I HAVE A >CLEAR PASSWORD EQUIVALENT. > >Again, Correct me if I'm wrong, meanwhile I never store sensitive data >on CIFS/SMB reacheable machines. > >If there anyone interested, is there anyone working or knowing a method >to replace msgina.dll (the module that do the authentication method) to >use with samba PDC and that does not break Domain/Profiles/Permissions >behaviours? >I've tested nisgina but as my users really leaps from a machine to >another any time It will not work very well (and I do not like much >plain NIS as well 8] ). > >Regards, >Simo. > >-- >Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano >E-mail: simo.sorce@polimi.it >Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 >----------------------------------------------------------------- >Be happy, use Linux! > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From Jean-Francois.Micouleau at dalalu.fr Thu Jul 20 08:40:30 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync In-Reply-To: <3976AC2B.33D5DF2B@polimi.it> Message-ID: On Thu, 20 Jul 2000, Simo Sorce wrote: > The problem is not only the Lm hash. > The problem is that what goes on the network is the hash (NT hash, LM > hash it does not matter). No. What goes on the network is a challenge/response. The clear text equivalent hashes are not sent directly. > If there anyone interested, is there anyone working or knowing a method > to replace msgina.dll (the module that do the authentication method) to > use with samba PDC and that does not break Domain/Profiles/Permissions > behaviours? correct way to do it is at the lsa layer and not the gina one. If you want stronger security go to NT2K and kerberos. > I've tested nisgina but as my users really leaps from a machine to > another any time It will not work very well (and I do not like much > plain NIS as well 8] ). nisgina doesn't work at all with roaming profiles as it creates local SID. J.F. From simo.sorce at polimi.it Thu Jul 20 08:59:03 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync References: Message-ID: <3976BF57.B0D7B241@polimi.it> Jean Francois Micouleau wrote: > > On Thu, 20 Jul 2000, Simo Sorce wrote: > > > The problem is not only the Lm hash. > > The problem is that what goes on the network is the hash (NT hash, LM > > hash it does not matter). > > No. What goes on the network is a challenge/response. The clear text > equivalent hashes are not sent directly. > > > If there anyone interested, is there anyone working or knowing a method > > to replace msgina.dll (the module that do the authentication method) to > > use with samba PDC and that does not break Domain/Profiles/Permissions > > behaviours? > > correct way to do it is at the lsa layer and not the gina one. > > If you want stronger security go to NT2K and kerberos. When the problem with kerberos ticket will be solved I will provide to that users that want to use w2k workstation an unix kerberos server. I'm not going to change my cheap|high-configurable|low-resource-requesting|customizable|reliable|trusted unix/linux box to a problematic|unmaintenable|weak|untrustable w2k server to do authentication for my users. Anyway my path is to have a NT4->linux transition than NT4->w2k also for desktops. By the way let the annoying problems/battles to struggle out of the discussion, I have those NT4 clients and a migration path to anything is not planned, so I still searching a way to change what layer is needed. Meanwhile samba is working greatly and let my scripts do very positive jobs. > > > I've tested nisgina but as my users really leaps from a machine to > > another any time It will not work very well (and I do not like much > > plain NIS as well 8] ). > > nisgina doesn't work at all with roaming profiles as it creates local SID. I know this, it is the problem with users that change machine I've told in the post. > > J.F. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From eiben at busitec.de Thu Jul 20 14:35:59 2000 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync In-Reply-To: <005601bff095$71cee100$6800a8c0@busitec.de> Message-ID: <007d01bff257$d2592f80$6800a8c0@busitec.de> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Henning Eiben > Sent: Tuesday, July 18, 2000 10:59 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Password sync > > > I'm running Samba 2.0.6 (or 2.0.7) with SuSE 6.2 and I want to > keep my samba > and my Unix passwords in sync. Since SuSE 6.2 uses PAM I supposed I don't [...] Hello! Could we please focus (just a little bit) on my prob? Im very interested in all this stuff about NT-Password and Unix/Linux but currently I'm more interested in getting this working ... thx! -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de From kevinc at grainsystems.com Thu Jul 20 15:13:56 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:40 2003 Subject: Print Server / Printer Accounting References: Message-ID: <39771734.2015986E@grainsystems.com> Samuel Greenfeld wrote: > > [...] I myself need to do PCL and PS counting, but I myself have run > into problems, especially since PCL seems to use ^L for both graphics > and denoting pages (I do not know any PCL myself - this was just me > studying what was in various print jobs). PCL 6 is even more of a > nightmare than PCL 5 to understand - it encodes text in binary form > (Unicode or UTF-8, I suspect). In PCL, the ^L will definitely denote a new page, unless it is part of a section of raster data. These can be detected by also parsing for raster begins, which will tell you how many characters to jump ahead. The actual raster begin code is "*r#A", where # is the section size (e.g. "*r55Axxxxxx..."). I believe raster graphics also need "*rB" or "*rC" at the end of raster. PCL isn't too difficult if you have a good reference. It's just visually cryptic. - Kevin Colby kevinc@grainsystems.com From Michael.Keightley at quadstone.com Thu Jul 20 15:47:37 2000 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:30:40 2003 Subject: Problems with trust between Samba-tng 2.5 and 2.07 Message-ID: <200007201547.QAA28531@gromit.quadstone.co.uk> We have 2 domains here, one running Samba 2.07, the other running Samba-tng 2.5. Samba-tng 2.5 is for our Windows 2000 machines, 2.07 is for our NT4 machines. When I try to map a drive from a Windows 2000 PC onto an NT4 machine (in our 2.07 domain) I get this error on the NT4 machine: The trust relationship between this workstation and the primary domain failed. How do I get our tng 2.5 domain controller to trust all the PCs in our 2.07 domain? Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From GLeblanc at cu-portland.edu Thu Jul 20 16:05:12 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync Message-ID: <025836EFF856D411A6660090272811E61D04E6@EMAIL> > -----Original Message----- > From: Jeremy Allison [mailto:jeremy@valinux.com] > Sent: Wednesday, July 19, 2000 4:49 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Password sync > > Chris Garrigues wrote: > > > So, if I took the lmpassword entry out of my ldap database, > what would no > > longer work? > > Any access from Win95/Win98/WinME clients. Uhm, what is WinME? I'm assuming that WFWG and DOS clients would also be broken... Grego From kellermg at potsdam.edu Thu Jul 20 16:15:01 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:40 2003 Subject: Password sync References: <025836EFF856D411A6660090272811E61D04E6@EMAIL> Message-ID: <39772585.913BA527@potsdam.edu> Gregory Leblanc wrote: > Uhm, what is WinME? I'm assuming that WFWG and DOS clients would also be > broken... Millenium, the Win98 successor. -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From dqpr10 at canal-plus.fr Thu Jul 20 16:19:24 2000 From: dqpr10 at canal-plus.fr (dqpr10@canal-plus.fr) Date: Tue Dec 2 02:30:41 2003 Subject: Password sync References: <025836EFF856D411A6660090272811E61D04E6@EMAIL> Message-ID: <3977268C.416DF582@canal-plus.fr> WinMe = Windows Millenium GLeblanc@cu-portland.edu a ?crit : > > > -----Original Message----- > > From: Jeremy Allison [mailto:jeremy@valinux.com] > > Sent: Wednesday, July 19, 2000 4:49 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: Password sync > > > > Chris Garrigues wrote: > > > > > So, if I took the lmpassword entry out of my ldap database, > > what would no > > > longer work? > > > > Any access from Win95/Win98/WinME clients. > > Uhm, what is WinME? I'm assuming that WFWG and DOS clients would also be > broken... > Grego -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Benoit Boudeville | CANAL+ Technologies -= -= Computer System Engineer | 34, place Raoul Dautry =- =- mailto:bboudev@canal-plus.fr | 75516 Paris Cedex 15 -= -= Tel: 01.71.71.55.83 | Fax: 01.71.71.55.77 =- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -------------- next part -------------- A non-text attachment was scrubbed... Name: bboudevi.vcf Type: text/x-vcard Size: 324 bytes Desc: Carte pour Benoit Boudeville - Admin Syst?me Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000720/85192694/bboudevi.vcf From elrond at samba.org Thu Jul 20 18:40:01 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:41 2003 Subject: development of TNGs samedit/rpcclient In-Reply-To: ; from Luke Kenneth Casson Leighton on Wed, Jul 19, 2000 at 08:39:10PM +1000 References: Message-ID: <20000720204001.A12186@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Jul 19, 2000 at 08:39:10PM +1000, Luke Kenneth Casson Leighton wrote: > hi there, just doing a review of samba-ntdom archives. > > hi, yes someone has addedd to samedit's "createuser" sub-command, means to > change user profile components, i forget who. > > and no, we don't have windd / winframe or anything like that because that > costs money to buy, so we can't test it unless they (or someone) gives us > a licensed verson. > > same applies for any software. > > thx, luke Well, I've got an nt-terminal server with Citrix here... But I'm not that much interested in the Citrix-stuff nor the tse-stuff, so I'm not going to look at it. Elrond From Ben_Meyer at pfm.org Thu Jul 20 18:39:25 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:41 2003 Subject: Win2k, Samba, & Win'9x Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE266E@NT_4> I have am on a network that primarily operates with NT4 server. We are testing Win2k and Linux. I have just setup a linux box so that it operates through the Win2k test system, but am unable to browse it. Under Win2k I get a prompt for user name and password but it will not accept it, under Win'95 I get a prompt asking for a password for the user $IPC as if there were no shares, but it has several shares. I am using Samba version 2.0.6 on Red Hat 6.2. It is a fresh install. Would this problem be solved if I upgraded to Samba 2.0.7? Thank you. Ben M. From elrond at samba.org Thu Jul 20 18:47:35 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:41 2003 Subject: setting up interdomain trusts In-Reply-To: ; from Seth Vidal on Thu, Jul 20, 2000 at 01:14:22AM +1000 References: Message-ID: <20000720204735.B12186@baerbel.mug.maschinenbau.tu-darmstadt.de> 2.0.7 will not allow you to trust an another domain. For HEAD I guess: No also. TNG is in an early state of this... I've just commited yesterday (or so) something, that will make the trusted domain name to show up in the listbox, but I wasn't able to test this any further, because the trusted domain was a fake (there was no DC for it, I just configuredf TNG to the point, that it believed, that this trust was there.) I'm planning for some days to write a "[TNG] Status (?)" mail to samba-ntdom for a while... hope, I get it done domrrow... And I hope to explain some points of setting this up. (It's not easy.) Elrond On Thu, Jul 20, 2000 at 01:14:22AM +1000, Seth Vidal wrote: > I've got two samba servers setup to be nt pdc's one is running samba 2.0.7 > the other is running a version of head from last september. I'm trying to > sort out if I can setup trusts from between them so I can have multiple > domains in the listbox of the nt workstations that I'm using. > > I think what I need to do is: > make a domain machine acct for each of the servers in the other servers > smbpasswd file and then have each join the other's domain. But I'm not > sure how to tell them that they trust each other. > > Also is this possible under 2.0.7 and an early HEAD branch at all? > > Thanks > -sv > From memphis_ms at gmx.net Thu Jul 20 19:49:46 2000 From: memphis_ms at gmx.net (memphis_ms@gmx.net) Date: Tue Dec 2 02:30:41 2003 Subject: Status of TNG Message-ID: <16627.964122586@www1.gmx.net> Hello, I have been following this mailing list for a while now, and I have done some web research about TNG. I want to set up a FreeBSD/Samba server sometime in August. I don't seem to be able to find the latest info on TNG, as of how well it performs as a PDC for NT4 and NT5, if it performs decently as some sort of file server as well (although I think I saw it mentioned more often that it cannot, not knowing if this is old info or not). In other words, can someone direct me to the ultimate source of TNG wisdom? A FAQ? Something? Thanks, Raoul -- Sent through GMX FreeMail - http://www.gmx.net From Ben_Meyer at pfm.org Thu Jul 20 20:16:49 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:41 2003 Subject: Win2k, Samba, & Win'9x Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE2672@NT_4> For clarity, as Kevin Colby pointed out to me, here is some more information. The network itself is running NT4 PDC/BDCs. The Win2k machine is running as a PDC of its own test domain. The Linux/Samba system is being run as a client to the two. I have been able to successfully get it on the NT4 domain as with my other linux systems. I would like to try to get it to be a member of the win2k domain. However, in either case, this system will not allow users to access it. Q. To remove from a domain, you simply delete (or rename) the DOMAIN.MACHINE.mac file, right? Thanks, Ben M. > I have am on a network that primarily operates with NT4 server. We are > testing Win2k and Linux. I have just setup a linux box so > that it operates > through the Win2k test system, but am unable to browse it. > Under Win2k I get > a prompt for user name and password but it will not accept > it, under Win'95 > I get a prompt asking for a password for the user $IPC as if > there were no > shares, but it has several shares. > > I am using Samba version 2.0.6 on Red Hat 6.2. It is a fresh > install. Would > this problem be solved if I upgraded to Samba 2.0.7? > > Thank you. > > Ben M. > From peter at cadcamlab.org Thu Jul 20 20:35:10 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:41 2003 Subject: Win2k, Samba, & Win'9x References: <2056AA5B2D1DD311BEA50008C709636C01AE2672@NT_4> Message-ID: <14711.24725.515663.480476@wire.cadcamlab.org> [Ben Meyer ] > I am using Samba version 2.0.6 on Red Hat 6.2. It is a fresh > install. Would this problem be solved if I upgraded to Samba 2.0.7? Very possibly. 2.0.7 fixed several known W2K bugs. Try it and see. > Q. To remove from a domain, you simply delete (or rename) the > DOMAIN.MACHINE.mac file, right? At the Samba end, yes. (And of course change the WORKGROUP= line in smb.conf.) At the PDC end, you have to remove the machine trust account. The easiest way to do this in NT is in Server Manager. Peter From Ben_Meyer at pfm.org Thu Jul 20 20:34:56 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:41 2003 Subject: Win2k, Samba, & Win'9x Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE2673@NT_4> > [Ben Meyer ] > > Q. To remove from a domain, you simply delete (or rename) the > > DOMAIN.MACHINE.mac file, right? > At the Samba end, yes. (And of course change the WORKGROUP= line in > smb.conf.) At the PDC end, you have to remove the machine trust > account. The easiest way to do this in NT is in Server Manager. So WORKGROUP= decides which domain you log onto? And what if I disable the account instead of removing it? Should this not have the same effect? Thanks, Ben M. From crh at nts.umn.edu Thu Jul 20 21:11:21 2000 From: crh at nts.umn.edu (Christopher R. Hertel) Date: Tue Dec 2 02:30:41 2003 Subject: Win2k, Samba, & Win'9x In-Reply-To: <2056AA5B2D1DD311BEA50008C709636C01AE2673@NT_4> from Ben Meyer at "Jul 20, 2000 04:34:56 pm" Message-ID: <200007202111.QAA03957@nts.nts.umn.edu> > So WORKGROUP= decides which domain you log onto? An NT Domain is a Workgroup with a Domain Controller. Basically, they are the same thing. Chris -)----- -- Christopher R. Hertel -)----- University of Minnesota crh@nts.umn.edu Networking and Telecommunications Services Ideals are like stars; you will not succeed in touching them with your hands...you choose them as your guides, and following them you will reach your destiny. --Carl Schultz From mgeddes at xavier.sa.edu.au Thu Jul 20 23:01:15 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:41 2003 Subject: Status of TNG References: <16627.964122586@www1.gmx.net> Message-ID: <397784BB.B446F55C@xavier.sa.edu.au> memphis_ms@gmx.net wrote: > > Hello, > > I have been following this mailing list for a while now, and I have done > some web research about TNG. I want to set up a FreeBSD/Samba server sometime > in August. > I don't seem to be able to find the latest info on TNG, as of how well it > performs as a PDC for NT4 and NT5, if it performs decently as some sort of > file server as well (although I think I saw it mentioned more often that it > cannot, not knowing if this is old info or not). I don't know of any benchmarks (perhaps you would like to volunteer). >From personal experience, I can control an NT 4 style domain, have Windows 95 / 98 clients log in as well and have Windows 2000/NT 5 a member of the same domain. File serving works, but I haven't tried printing. > > In other words, can someone direct me to the ultimate source of TNG > wisdom? A FAQ? Something? > Try Lars' FAQ http://www.kneschke.de/projeckte/samba_tng/ Hope this helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From peter at cadcamlab.org Fri Jul 21 01:12:36 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:42 2003 Subject: Win2k, Samba, & Win'9x References: <2056AA5B2D1DD311BEA50008C709636C01AE2673@NT_4> <200007202111.QAA03957@nts.nts.umn.edu> Message-ID: <14711.41699.313818.769325@wire.cadcamlab.org> [Chris Hertel ] > An NT Domain is a Workgroup with a Domain Controller. Basically, > they are the same thing. That's what I thought. Imagine my surprise when I first saw the Windows95 network setup. In one place it has you fill in the workgroup name, and in another it has you fill in which domain you want to log into. The two do not have to be the same. Is there any use for this (mis)feature? Peter From adrian.head at bytecomm.com.au Fri Jul 21 01:41:10 2000 From: adrian.head at bytecomm.com.au (Adrian Head) Date: Tue Dec 2 02:30:42 2003 Subject: Print Server / Printer Accounting Message-ID: Quite some time ago I tried to get the internal page count out of a HP LaserJet 4MV with a DirectJet card. I tried a few things at the time including SNMP but could not find the page count. What did I miss at the time?? Where can I go to get more information - for memory HP web site and service support were not very helpful. Thanks Adrian Head > -----Original Message----- > From: J.L.Gilmour@exeter.ac.uk [SMTP:J.L.Gilmour@exeter.ac.uk] > Sent: Thursday, 20 July 2000 17:46 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Print Server / Printer Accounting > > > > > If you have a bidirectional link to your printers (often > available around port 9100 on HP's JetDirect Boxes), and have printers > that keep track of page counts internally, you might be able to query > the printer before and after each print job for the number of pages it > has printed. Subtract the two (or let a utility do it) and you have > the number of pages printed. Any decent departmental printer should > support some method to do this (either by Hewlett Packard's PJL > language or in Postscript itself). > > > > We bought some commercial software which we discovered only counted > show-pages, > which when our students use 4up or similar commands, caused mayhem. > > Anyway, there are two ways to implement it - either interogate the > printer > before & after the job for the page counter. Or, use something like > ghostview to count pages for you (assuming enough poke on the print > server). > > I have some code for accounting based on the printer's page counter if > you > can use it. Not guaranteed to work as it was written by my > predecessor. > > > Jayne. > > -- > +----+----+----+----+----+----+----+----+----+----+----+----+----+ > Jayne Gilmour, BSc. MSc. Unix & Network Administrator > Department of Computer Science, University of Exeter > > "Why is line printer paper strongest at the perforations?" > +----+----+----+----+----+----+----+----+----+----+----+----+----+ From grg at ridley.unimelb.edu.au Fri Jul 21 02:01:26 2000 From: grg at ridley.unimelb.edu.au (Glen Gibb) Date: Tue Dec 2 02:30:42 2003 Subject: Print Server / Printer Accounting In-Reply-To: Message-ID: One of the printers at my site is an HP LaserJet 4. I tried numerous ways to get the page count from it, and in the end I discovered the only way that worked for me was to query it for the page count using PostScript (even if the job just printed was PCL). LPRng is able to query the printer for a page count using postscript commands. Glen Gibb Ridley College On Fri, 21 Jul 2000, Adrian Head wrote: > Quite some time ago I tried to get the internal page count out of a HP > LaserJet 4MV with a DirectJet card. I tried a few things at the time > including SNMP but could not find the page count. What did I miss at > the time?? Where can I go to get more information - for memory HP web > site and service support were not very helpful. > > Thanks > > Adrian Head > > > -----Original Message----- > > From: J.L.Gilmour@exeter.ac.uk [SMTP:J.L.Gilmour@exeter.ac.uk] > > Sent: Thursday, 20 July 2000 17:46 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: Print Server / Printer Accounting > > > > > > > > If you have a bidirectional link to your printers (often > > available around port 9100 on HP's JetDirect Boxes), and have printers > > that keep track of page counts internally, you might be able to query > > the printer before and after each print job for the number of pages it > > has printed. Subtract the two (or let a utility do it) and you have > > the number of pages printed. Any decent departmental printer should > > support some method to do this (either by Hewlett Packard's PJL > > language or in Postscript itself). > > > > > > > We bought some commercial software which we discovered only counted > > show-pages, > > which when our students use 4up or similar commands, caused mayhem. > > > > Anyway, there are two ways to implement it - either interogate the > > printer > > before & after the job for the page counter. Or, use something like > > ghostview to count pages for you (assuming enough poke on the print > > server). > > > > I have some code for accounting based on the printer's page counter if > > you > > can use it. Not guaranteed to work as it was written by my > > predecessor. > > > > > > Jayne. > > > > -- > > +----+----+----+----+----+----+----+----+----+----+----+----+----+ > > Jayne Gilmour, BSc. MSc. Unix & Network Administrator > > Department of Computer Science, University of Exeter > > > > "Why is line printer paper strongest at the perforations?" > > +----+----+----+----+----+----+----+----+----+----+----+----+----+ > From crh at nts.umn.edu Fri Jul 21 07:01:09 2000 From: crh at nts.umn.edu (Christopher R. Hertel) Date: Tue Dec 2 02:30:42 2003 Subject: Win2k, Samba, & Win'9x In-Reply-To: <14711.41699.313818.769325@wire.cadcamlab.org> from Peter Samuelson at "Jul 20, 2000 08:12:36 pm" Message-ID: <200007210701.CAA28721@nts.nts.umn.edu> Hmmm... I don't know. The Workgroup field would indicate a workgroup within which to offer services. The NT Domain login would be for requesting services. I have no idea if that is useful. Chris -)----- > [Chris Hertel ] > > An NT Domain is a Workgroup with a Domain Controller. Basically, > > they are the same thing. > > That's what I thought. Imagine my surprise when I first saw the > Windows95 network setup. In one place it has you fill in the workgroup > name, and in another it has you fill in which domain you want to log > into. The two do not have to be the same. > > Is there any use for this (mis)feature? > > Peter > -- Christopher R. Hertel -)----- University of Minnesota crh@nts.umn.edu Networking and Telecommunications Services Ideals are like stars; you will not succeed in touching them with your hands...you choose them as your guides, and following them you will reach your destiny. --Carl Schultz From J.L.Gilmour at exeter.ac.uk Fri Jul 21 07:13:44 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:30:42 2003 Subject: Print Server / Printer Accounting In-Reply-To: from "Adrian Head" at Jul 21, 2000 11:40:48 am Message-ID: <131756.200007210713@olib> > > Quite some time ago I tried to get the internal page count out of a HP > LaserJet 4MV with a DirectJet card. I tried a few things at the time > including SNMP but could not find the page count. What did I miss at > the time?? Where can I go to get more information - for memory HP web > site and service support were not very helpful. > Our printers all have postscript options... then its easy. Well, easy if you like writing programs in postscript ;-) Jayne. +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From sascha.willuweit at charite.de Fri Jul 21 07:41:12 2000 From: sascha.willuweit at charite.de (Sascha Willuweit) Date: Tue Dec 2 02:30:42 2003 Subject: PANIC Message-ID: <3977FE98.C3F1A93C@charite.de> hi, my nmb.log contains this: [2000/07/20 15:33:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 141.42.24.50: code = 0x7 [2000/07/20 15:33:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(179) process_logon_packet: GETDC request from T3E at IP 141.42.24.50, reporting DNA domain DNANETZ 0xc ntversion=1 lm_nt token=ffff lm_20 token=ffff [2000/07/20 15:33:37, 0] lib/fault.c:fault_report(40) =============================================================== [2000/07/20 15:33:37, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 527 (2.0.7) Please read the file BUGS.txt in the distribution [2000/07/20 15:33:37, 0] lib/fault.c:fault_report(43) =============================================================== [2000/07/20 15:33:37, 0] lib/util.c:smb_panic(2381) PANIC: internal error after the panic i wasn't alble to logon to my domain but all hosts they were allready connected still could access the mounted shares on DNA! my configuration: DNA --> Samba 2.0.7 T3E --> NT WS4(sp6a) no Domainlogon to Domain DNANETZ MANY OTHER HOSTS --> W95OSR2 Domainlogon to DNANETZ Does anybody have a hint for THIS?? please reply. -------------------------------------------------------- Sascha Willuweit Institut f?r Rechtsmedizin Genetisches Forschungslabor Universit?tsklinikum Charit? Medizinische Fakult?t der Humboldt-Universit?t zu Berlin http://ystr.charite.de From simo.sorce at polimi.it Fri Jul 21 07:43:14 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:42 2003 Subject: Win2k, Samba, & Win'9x References: <200007210701.CAA28721@nts.nts.umn.edu> Message-ID: <3977FF12.6F27B4B0@polimi.it> "Christopher R. Hertel" wrote: > > Hmmm... I don't know. The Workgroup field would indicate a workgroup > within which to offer services. The NT Domain login would be for > requesting services. I have no idea if that is useful. > When I saw this I interpreted as this: Workgroup is the workgroup you operate in. Domain is to search the server for user autenthication if you want it. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Fri Jul 21 07:36:37 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:42 2003 Subject: Password sync References: <025836EFF856D411A6660090272811E61D04E6@EMAIL> <3977268C.416DF582@canal-plus.fr> Message-ID: <3977FD85.F1B3C58A@polimi.it> dqpr10@canal-plus.fr wrote: > > WinMe = Windows Millenium > As Win98SE = Windows 98 Second Edition WinME = Windows Millenium Edition -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From kellermg at potsdam.edu Fri Jul 21 12:27:46 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:42 2003 Subject: Print Server / Printer Accounting References: Message-ID: <397841C2.FCD9A6F2@potsdam.edu> Adrian Head wrote: > > Quite some time ago I tried to get the internal page count out of a HP > LaserJet 4MV with a DirectJet card. I tried a few things at the time > including SNMP but could not find the page count. What did I miss at > the time?? Where can I go to get more information - for memory HP web > site and service support were not very helpful. Make a TCP connection to port 9100 and send the PJL command @PJL INFO PAGECOUNT. A Perl snippet is below. my $sock=IO::Socket::INET->new(PeerAddr => "$ipaddress", PeerPort => '9100', Proto => 'tcp', Type => SOCK_STREAM) || die "Sorry, could no t connect to $ipaddress, port 9100.\n!"; my $eol="\x0A"; # Hardcode the return character for portability my $pagecount="\@PJL INFO PAGECOUNT$eol"; my $stuff; $sock->send("$pagecount"); $sock->recv($stuff, 1024); close $sock; -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From Ben_Meyer at pfm.org Fri Jul 21 12:57:59 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:42 2003 Subject: Win2k, Samba, & Win'9x Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE2675@NT_4> > "Christopher R. Hertel" wrote: > > Hmmm... I don't know. The Workgroup field would indicate > a workgroup > > within which to offer services. The NT Domain login would be for > > requesting services. I have no idea if that is useful. > When I saw this I interpreted as this: > Workgroup is the workgroup you operate in. > Domain is to search the server for user autenthication if you want it. So basically what it comes down to is that it is incorrectly implemented, and so the server can only technically be part of the workgroup with the same name as the Domain, correct? Since Microsoft Corp. has made the distinction in their products, which provide the standards for what Samba is suppose to be, should we not also make the distinction and thereby have a field for the domain and a field for the workgroup, thus allowing the administrator to choose which domain they want the system to log in to? Ben M. From timothy_d_cole at md.northgrum.com Fri Jul 21 14:26:56 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:30:42 2003 Subject: Win2k, Samba, & Win'9x Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F470DC@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Ben Meyer [SMTP:Ben_Meyer@pfm.org] > Sent: Friday, July 21, 2000 9:03 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Win2k, Samba, & Win'9x > > should we not also make the distinction and thereby have a > field for the domain and a field for the workgroup, thus allowing the > administrator to choose which domain they want the system to log in to? > We effectively do that with the "password server" parameter, although plainly that won't do for "security = domain" -- but Win9x/ME don't really do domain membership anyway. Samba pretty much follows the NT model, though -- which it should. I don't think it's worth messing with emulating Win9x in any particular way; that way lies madness. From gcarter at valinux.com Fri Jul 21 09:43:27 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:42 2003 Subject: Win2k, Samba, & Win'9x References: <51FBD4A8EFD9D111BA7300A0C927DADB03F470DC@xcgmd008.md.essd.northgrum.com> Message-ID: <39781B3F.34BACA42@valinux.com> "Cole, Timothy D." wrote: > > We effectively do that with the "password server" > parameter, although plainly that won't do for "security > = domain" -- but Win9x/ME don't really do domain > membership anyway. > > Samba pretty much follows the NT model, though -- which > it should. I don't think it's worth messing with emulating > Win9x in any particular way; that way lies madness. Argghh! You beat me to it Tim. Oh well...since I've already typed it up. ...... OK. I've basically been ignoring this thread. Then I saw this message and decided to jump in. If I have missed so much of it that I an misunderstanding the context, please correct me. Windows 9x does allow you to specify a different workgroup from the domain it validates against. Windows NT does not. Windows 9x is the mistake that won't die :-) It is basically still here for people to play games on. So when given a choice of whether Samba should act like Windows NT or the brain dead Windows 9x, I would choose the former. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From davec at columbiaenergygroup.com Sat Jul 22 00:06:10 2000 From: davec at columbiaenergygroup.com (davec@columbiaenergygroup.com) Date: Tue Dec 2 02:30:43 2003 Subject: Why have a Domain & Workgroup name Message-ID: <0056990013395789000002L992*@MHS> I read this thread, and hope I can clear up a little about some of the fogginess. I won't pretend to understand why Microsoft implemented networking in the manner, but I will provide a way to make use it to your advantage. Christopher R. Hertel" Wrote: >> So WORKGROUP= decides which domain you log onto? >An NT Domain is a Workgroup with a Domain Controller. Basically, they >are the same thing. >Chris -)----- I take exception to this comparison, because it is a tad oversimplified. Simo Sorce Wrote: >When I saw this I interpreted as this: >Workgroup is the workgroup you operate in. >Domain is to search the server for user autenthication if you want it. Correct Peter Samuelson wrote: >> An NT Domain is a Workgroup with a Domain Controller. Basically, >> they are the same thing. >That's what I thought. Imagine my surprise when I first saw the >Windows95 network setup. In one place it has you fill in the workgroup >name, and in another it has you fill in which domain you want to log >into. The two do not have to be the same. >Is there any use for this (mis)feature? >Peter I couldn't tell you if this is a (mis)feature, but I can tell you how you can exploit it to your advantage. Image you administrate a 1000 user NT domain (My condolenses :-) Lets say this domain is split across 3 geographical areas, New York, New Orleans, and New Ampsterdam, all tied together via a 256K frame relay triangle. You want all of your users to authenticate from the same domain, so that they can authenticate from any of your offices, but you don't want to be eating up a lot of bandwidth via authentication or broswer elections. Here is where it pays to use that windows 95 "workgroup" feature. You have a primary domain controller in New York, for the domain "AUTHDOM", with two backup domain controllers in New Orleans & New Ampsterdam. You then set up your windows 95 boxes to "Log On To" the AUTHDOM Domain. BUT you set the workgroup to your clients to "NEWYORK", "NEWORL" and "NEWAMP" in thier respective cites.. This way everytime your clients double click their network neighborhood, you don't have browser elections forced across your frame relay line. Of course an election will occur if a user explores the WHOLE network neighboorhood, but you can either take that hit, or disable such browsing in the policy. This feature doesn't have to be applied across WAN links, you may be able to "exploit" it within a single building... think of it as "subnetting for naming services" I wash my hands of any WINS questions they may arise from my explanations ;-) Hope that helps, Dave From phil at elec.uow.edu.au Sat Jul 22 02:39:42 2000 From: phil at elec.uow.edu.au (Philip Ciufo) Date: Tue Dec 2 02:30:43 2003 Subject: cross-subnet authentication Message-ID: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> I've been using samba for a while now as a PDC and now require to move several NT workstations into a new subnet, one that is different from the subnet the PDC resides in. I tried the move already and the workstation comes up with the error "a pdc for the domain could not be found". I placed an entry in the lmhosts file of the workstation and this made no difference. I ran samba with a higher log level, but have lost the logs. However, I did see a "rejecting dgram ..." message of sort in the nmbd log file. I can reproduce the error, so if anyone feels I really need the log file then I can post it. My issue here is really if anyone has had a samba PDC in A.B.C.any subnet and the workstation in A.B.D.any subnet and been able to get the workstation to authenticate? If so, was there anything special you had to do? Thanks, Phil -- Philip Ciufo - __o email: phil@elec.uow.edu.au School of Electrical, Computer - _`\<,_ phone: 61-2-42213133 and Telecommunications _ (_) /(_) FAX: 61-2-42213236 Engineering University of Wollongong, Northfields Ave, Wollongong N.S.W. 2522 Australia. Somewhere on the blue planet ... From lynn at cis.usouthal.edu Sat Jul 22 03:07:04 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:30:43 2003 Subject: cross-subnet authentication In-Reply-To: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> Message-ID: The way I got around the problem was to assign another IP address to the Linux server on which I run samba. Keith Lynn On Sat, 22 Jul 2000, Philip Ciufo wrote: > I've been using samba for a while now as a PDC and now require to move > several NT workstations into a new subnet, one that is different from the > subnet the PDC resides in. I tried the move already and the workstation > comes up with the error "a pdc for the domain could not be found". I > placed an entry in the lmhosts file of the workstation and this made no > difference. > > I ran samba with a higher log level, but have lost the logs. However, I > did see a "rejecting dgram ..." message of sort in the nmbd log file. I > can reproduce the error, so if anyone feels I really need the log file > then I can post it. > > My issue here is really if anyone has had a samba PDC in A.B.C.any > subnet and the workstation in A.B.D.any subnet and been able to get the > workstation to authenticate? If so, was there anything special you had to > do? > > Thanks, > > Phil > > -- > Philip Ciufo - __o email: phil@elec.uow.edu.au > School of Electrical, Computer - _`\<,_ phone: 61-2-42213133 > and Telecommunications _ (_) /(_) FAX: 61-2-42213236 > Engineering > University of Wollongong, Northfields Ave, Wollongong N.S.W. 2522 > Australia. Somewhere on the blue planet ... > From skvidal at phy.duke.edu Sat Jul 22 03:08:46 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:43 2003 Subject: cross-subnet authentication In-Reply-To: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> Message-ID: > several NT workstations into a new subnet, one that is different from the > subnet the PDC resides in. I tried the move already and the workstation > comes up with the error "a pdc for the domain could not be found". I > placed an entry in the lmhosts file of the workstation and this made no > difference. > > I ran samba with a higher log level, but have lost the logs. However, I > did see a "rejecting dgram ..." message of sort in the nmbd log file. I > can reproduce the error, so if anyone feels I really need the log file > then I can post it. > > My issue here is really if anyone has had a samba PDC in A.B.C.any > subnet and the workstation in A.B.D.any subnet and been able to get the > workstation to authenticate? If so, was there anything special you had to > do? > This may not be the solution but make sure your samba pdc is setup to be a wins server (wins support = yes) and then make sure your NT machines in the other subnet know to talk to that wins server. -sv From JTait at wyrddreams.demon.co.uk Sat Jul 22 11:54:28 2000 From: JTait at wyrddreams.demon.co.uk (James Tait) Date: Tue Dec 2 02:30:43 2003 Subject: cross-subnet authentication In-Reply-To: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> Message-ID: Hi, On Sat, 22 Jul 2000, Philip Ciufo wrote: > I ran samba with a higher log level, but have lost the logs. However, I > did see a "rejecting dgram ..." message of sort in the nmbd log file. I > can reproduce the error, so if anyone feels I really need the log file > then I can post it. Make sure your samba server is set to receive packets on the new subnet with the interfaces= paramater in smb.conf. -------------------------------------+------------------------------------ James Tait, BSc | ICQ# 17834893 MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 -------------------------------------+------------------------------------ From lars at kneschke.de Sat Jul 22 15:40:12 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:30:43 2003 Subject: cross-subnet authentication References: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> Message-ID: <3979C05B.8037B52C@kneschke.de> Philip Ciufo wrote: > > I've been using samba for a while now as a PDC and now require to move > several NT workstations into a new subnet, one that is different from the > subnet the PDC resides in. I tried the move already and the workstation > comes up with the error "a pdc for the domain could not be found". I > placed an entry in the lmhosts file of the workstation and this made no > difference. > > I ran samba with a higher log level, but have lost the logs. However, I > did see a "rejecting dgram ..." message of sort in the nmbd log file. I > can reproduce the error, so if anyone feels I really need the log file > then I can post it. > > My issue here is really if anyone has had a samba PDC in A.B.C.any > subnet and the workstation in A.B.D.any subnet and been able to get the > workstation to authenticate? If so, was there anything special you had to > do? If you have Windows workstations in different subnets then the pdc you need a wins server. It makes no difference if the pdc is a windows nt or samba server. Samba acts as wins server, when you set the parameter "wins support = yes" in the global section of your smb.conf. Why do you need a wins server? With out wins, the windows workstation finds it's pdc, sending broadcasts. But a router normaly doesn't route broadcast. So no workstation in another subnet then the pdc, will find the pdc. If you are using a wins server, the client registers itself and his function(pdc, domainmasterbrowser, local masterbrowser) at the wins server. If the client searches his pdc, it will ask the wins server, which gives him the ip address of the pdc. You need to configure the windows workstation to use wins. Cu From iainr at civ.hw.ac.uk Sat Jul 22 18:35:01 2000 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:30:43 2003 Subject: cross-subnet authentication References: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> <3979C05B.8037B52C@kneschke.de> Message-ID: <3979E955.A4D01BD4@civ.hw.ac.uk> Lars Kneschke wrote: > > Philip Ciufo wrote: > > > > I've been using samba for a while now as a PDC and now require to move > > several NT workstations into a new subnet, one that is different from the > > subnet the PDC resides in. I tried the move already and the workstation > > comes up with the error "a pdc for the domain could not be found". I > > placed an entry in the lmhosts file of the workstation and this made no > > difference. > > > > I ran samba with a higher log level, but have lost the logs. However, I > > did see a "rejecting dgram ..." message of sort in the nmbd log file. I > > can reproduce the error, so if anyone feels I really need the log file > > then I can post it. > > > > My issue here is really if anyone has had a samba PDC in A.B.C.any > > subnet and the workstation in A.B.D.any subnet and been able to get the > > workstation to authenticate? If so, was there anything special you had to > > do? > If you have Windows workstations in different subnets then the pdc you > need a wins server. It makes no difference if the pdc is a windows nt or > samba server. Samba acts as wins server, when you set the parameter > "wins support = yes" in the global section of your smb.conf. > > Why do you need a wins server? > > With out wins, the windows workstation finds it's pdc, sending > broadcasts. But a router normaly doesn't route broadcast. So no > workstation in another subnet then the pdc, will find the pdc. > If you are using a wins server, the client registers itself and his > function(pdc, domainmasterbrowser, local masterbrowser) at the wins > server. If the client searches his pdc, it will ask the wins server, > which gives him the ip address of the pdc. > You need to configure the windows workstation to use wins. > > Cu Lars is right, if you configure your samba as a wins server and point the NT PC's at it they will be able to see the PDC (you should be able to do cross subnet browsing as well), we have a couple of labs that run happily like this, if you need examples of the smb.conf files we use then e-mail me. -- Iain Rae Computing Officer Dept. Civil & Offshore Engineering Heriot-Watt University From elrond at samba.org Sat Jul 22 19:22:24 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:43 2003 Subject: [TNG] Status (?) Message-ID: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi all of you, This time, I'm trying to write a "status-report" for the current cvs-version of TNG. What happened in the last time ============================== The release of 2.5(.3) is quite some time ago, so I don't know rely, what happened since then, so I'm trying to write the stuff, that comes to my mind. ;) Some annoying pipe-reusing has been fixed (it's only a workaround). Interesting is still, that it was only reported for Suns, but it should have happened everywhere, and I couldn't reproduce this myself. Sander wrote some Smart Memory Allocator for the parser, so maybe TNG is now a little faster, when it comes to big things. I've also tried to merge some things from HEAD, but some would have meant more drastic modifications, so I didn't do that. I've tried to merge some oplock-stuff from HEAD, but I don't know anything about that, so that might be broken. I've added some bunch of rpcclient-commands for viewing privileges/rights on remote NT-boxes. Try: "enumprivs -i" and "lsaenumsids -p" (for -p you need to be admin, the rest work anonymously). lsa_lookup_names/sids has been fixed to some degree, but there are still issues left (never ending story/saga). The server-side implementation of lsa_enum_trusted_domains has been writen. This means: If samba is trusting another domain, the member of the samba-domain now know about this trust and show the trusted domain in the logon-dialog and other dialogs. This doesn't mean, that this works any further nor the opposite (wasn't able to test). For instructions on setting up trusts, see below. The kickoff_time and the password_last_set-time were exchanged on the wire and now should be correct. Luke noted, that multiple-pdu might be broken. This means, that large queries and responses will have problems, this will especialy affect printing, but also might affect usrmgr in large domains and the like. Printing isn't currently interesting to me, so I don't know, wether it works or not. Someone noted some time ago, that password-changing doesn't work. From rpcclient it works at least for me. Also some internal restructuring happened to make TNG look more like HEAD. What I would like ================= Okay, so much for that. I wont be able to work on samba the whole next week, nor will I be able to read mail or something like this. This means, that this is a good time to test current cvs, since it wont change and people have a common basis to discuss problems and research them. So what I would like people to do: Test current cvs and try everything out, that is of interest. If you get it to crash or find a real bug, please try to write up a good bug-report to samba-ntdom (people on the list should be able to help out in how to do so) Otherwise write some _short_ status-report at the end of next week, so I know, what stuff works, and what doesn't work, for those things, that don't work, please maybe also write a short note, how important that would be. If stuff looks good, I will ask Luke to make an alpha-2.6 release. (So you could think of current cvs as pre-2.6). On my list, what should happen then is writing up some internal support functions for using sidlc for DCE/RPC and making policy-handles more secure. Interdomain trust-relationships =============================== Okay, I wrote above, I'm going to explain, how to setup those. First of all, I have to write, that this all is still more experimental than all of the rest, so don't expect anything. Okay, for simplicity, we have a samba-tng domain SAMBADOM with its PDC SAMBAPDC, and the same on the NT-side: NTDOM and NTPDC. 1. NTDOM trusts SAMBADOM (this was already descibed by someone, some time ago, so those might be able to give more help) Okay, this is quite simple to setup: - Go to SAMBAPDC and create the users ntpdc$ and ntdom$ in your passwd. - Create both in you smbpasswd as interdom-trust-accounts with rpcclient: createuser ntdom$ -i createuser ntpdc$ -i samuserset ntdom$ -p somepw samuserset ntpdc$ -p somepw (use the _same_ pw above) - Go to ntpdc - Use usrmgr to tell ntpdc, that is trusting SAMBADOM and use the pw specified above. - If you know the registry key to stop the PDC to change the trust-passwords in regular times, this will help, otherwise: - Every 2/4 weeks, the ntpdc will change the password, but it will only change the password on one of the both entries above, so you must copy the new pw over to the other. (My guess is, it will change the ntdom$-pw) One of my next things will be to get rid of those two entries and only have one, ntdom$ 2. sambadom trusts ntdom This is more complex but should work to some degree: - Go to ntpdc and prepare the stuff there ("allowed to trust this domain") - IMPORTANT: Use a password, which has length, that is precisely eight (8) characters long. (This has something to do with enryptions, and we don't know yet the behaviour for other length, that are not a multiple of 4 - Add something like this to your smb.conf: trusted domains = ntdom=ntpdc - Run rpcclient -S ntpdc -U % [NTPDC]$ lsaq you need the Domain-SID from there. - Find the directory with the file SAMBADOM.SID in it. - Create a file NTDOM.SID there, with the only content being the above SID. - rpcclient -S . -U root% (as root) $ createsecret G$$NTDOM $ setsecret G$$NTDOM pw-for-trust (pw-for-trust is from above and exactly 8 chars long) That should be it. samba will not currently try to change the trust-pw, so you might need to tell your ntpdc, that this is not necessary (no idea, how to do that) Okay, that's for it. Elrond From lkcl at samba.org Sat Jul 22 21:27:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:43 2003 Subject: [TNG] Status (?) In-Reply-To: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > being the above SID. > - rpcclient -S . -U root% (as root) > $ createsecret G$$NTDOM > $ setsecret G$$NTDOM pw-for-trust > (pw-for-trust is from above and exactly 8 chars long) hi elrond, i started a createuser -i which does the setsecret like this. a long while back. it's commented-out. From mgeddes at mail.xavier.sa.edu.au Sun Jul 23 09:15:24 2000 From: mgeddes at mail.xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:43 2003 Subject: [TNG] Status (?) In-Reply-To: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <200007230915.SAA32108@mail.xavier.sa.edu.au> Quoting Elrond : > I\'ve also tried to merge some things from HEAD, but some > would have meant more drastic modifications, so I didn\'t do > that. I\'ve tried to merge some oplock-stuff from HEAD, but > I don\'t know anything about that, so that might be broken. >From what I understand, TNG is being merged into HEAD, due to some file system patches that were applied after the split. Not being a programmer and not knowing the Samba code as well as most of you, wouldn\'t it be easier to merge the other way? CVS should be able to give you a complete set of diffs for everything that was changed, shouldn\'t it? This would mean that you\'d have a complete source list of everything that needs to be changed, that could be \'crossed off\' as you work through it. OK, so it wouldn\'t be a small list, but the changes in TNG wouldn\'t make a small list either. ;-) Of course, it couls be entirely possible that I don\'t know what I am talking about ;-). Thanks, Matt Matthew Geddes Network Manager Xavier College Gawler, SA ======================================= Xavier College Gawler, South Australia visit http://www.xavier.sa.edu.au/ --------------------------------------- Xavier College Staff E-mail is Powered by IMP http://www.horde.org/ From pjdc at eircom.net Sun Jul 23 13:31:58 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:43 2003 Subject: [TNG] Status (?) In-Reply-To: Matthew Geddes's message of "Sun, 23 Jul 2000 20:39:03 +1000" References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <200007230915.SAA32108@mail.xavier.sa.edu.au> Message-ID: >>>>> "Matthew" == Matthew Geddes writes: Matthew> From what I understand, TNG is being merged into HEAD, Matthew> due to some file system patches that were applied after Matthew> the split. Not being a programmer and not knowing the Matthew> Samba code as well as most of you, wouldn\'t it be easier ^ ^ First off, what's with the backslashes? Matthew> to merge the other way? CVS should be able to give you a IIRC, Luke and Jeremy (I think it was Jeremy) tried a HEAD->TNG merge a while back, but it turned out that TNG->HEAD merge was far, far easier to do. I don't know precisely why. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From gcarter at valinux.com Sun Jul 23 19:33:41 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:44 2003 Subject: [TNG] Status (?) References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <200007230915.SAA32108@mail.xavier.sa.edu.au> Message-ID: <397B4895.F185BED0@valinux.com> Matthew Geddes wrote: > > From what I understand, TNG is being merged into HEAD, > due to some file system patches that were applied after > the split. Not being a programmer and not knowing the > Samba code as well as most of you, wouldn\'t it be easier > to merge the other way? CVS should be able to give you a > complete set of diffs for everything that was changed, > shouldn\'t it? This would mean that you\'d have a complete > source list of everything that needs to be changed, that > could be \'crossed off\' as you work through it. OK, so it > wouldn\'t be a small list, but the changes in TNG > wouldn\'t make a small list either. ;-) HEAD offers more stable file serving code. This is the main staple of most Samba users. While the PDC code is very important, far more people would cry fowl if we broke Samba as a file server just to add PDC support. Besides, all this, the architechtural differences between TNG and HEAD make it almost impossible to merge the two without simply a wholesale replacement. And that won't happen since it would break countless already installed servers and configurations. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From D.Bannon at latrobe.edu.au Sun Jul 23 23:29:53 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:44 2003 Subject: [TNG] Status (and merging) In-Reply-To: <397B4895.F185BED0@valinux.com> References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <200007230915.SAA32108@mail.xavier.sa.edu.au> Message-ID: <3.0.6.32.20000724092953.00880570@bioserve.latrobe.edu.au> At 06:07 AM 24/07/2000 +1000, Gerald Carter wrote: > ....... >Besides, all this, the architechtural differences between >TNG and HEAD make it almost impossible to merge the two >without simply a wholesale replacement. And that won't >happen since it would break countless already installed >servers and configurations. Does this mean that we are heading into the same dead end that stopped the 'old head branch' circa mid '99 ? I still have two domains controlled by that branch, it did a good job up until about October from memory, when printing started to get troublesome. If TNG cannot be merged back into mainstream Samba then that sounds like mainstream Samba won't do PDC to W2000 and that is plain scary. Can I suggest the team considers slowing down on some of the gee wiz functions and concentrating on heading towards a useable product for people like me who face the prospect of needing a PDC that accepts W2000 clients and provides performance similar to 'main stream' samba. The pressure for a product like this is getting pretty significent, even I have started to think about products from the Evil Empire ! (Not seriously but Samba must fight to remain relevent). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Mon Jul 24 00:15:17 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:44 2003 Subject: [TNG] Status (and merging) References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <3.0.6.32.20000724092953.00880570@bioserve.latrobe.edu.au> Message-ID: <397B8A95.69E79980@xavier.sa.edu.au> David Bannon wrote: > If TNG cannot be merged back into mainstream Samba then that sounds like > mainstream Samba won't do PDC to W2000 and that is plain scary. > Can I suggest the team considers slowing down on some of the gee wiz > functions and concentrating on heading towards a useable product for people > like me who face the prospect of needing a PDC that accepts W2000 clients > and provides performance similar to 'main stream' samba. The pressure for a > product like this is getting pretty significent, even I have started to > think about products from the Evil Empire ! (Not seriously but Samba must > fight to remain relevent). SAMBA_TNG_2_5_GOOD and later CVS work with Win2K, NT, 9x. I have used it with profiles, Login scripts and printing. User Damager for Domains also mostly works ;-). Maybe this would be enough for us that have to use Samba TNG now and let the Samba team work on the merge (samba 3?). -- Matthew Geddes Network Manager Xavier College Gawler, SA From skvidal at phy.duke.edu Mon Jul 24 00:05:52 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:44 2003 Subject: [TNG] Status (and merging) In-Reply-To: <3.0.6.32.20000724092953.00880570@bioserve.latrobe.edu.au> Message-ID: > > Does this mean that we are heading into the same dead end that stopped the > 'old head branch' circa mid '99 ? I still have two domains controlled by > that branch, it did a good job up until about October from memory, when > printing started to get troublesome. > > If TNG cannot be merged back into mainstream Samba then that sounds like > mainstream Samba won't do PDC to W2000 and that is plain scary. > > Can I suggest the team considers slowing down on some of the gee wiz > functions and concentrating on heading towards a useable product for people > like me who face the prospect of needing a PDC that accepts W2000 clients > and provides performance similar to 'main stream' samba. The pressure for a > product like this is getting pretty significent, even I have started to > think about products from the Evil Empire ! (Not seriously but Samba must > fight to remain relevent). This discussion was had back in late 99 early 00 and it came up to people wanting w2k supported and nt and some of 9X in a nice fashion. Now that A LOT of the samba team are working for valinux is there a plan? Can we be privy to this plan? It would be nice to know where its going so I can know what (w/i relative norms) to expect for this year - and where to push my network. thanks -sv From flit at conex.com.br Mon Jul 24 02:02:38 2000 From: flit at conex.com.br (satan) Date: Tue Dec 2 02:30:44 2003 Subject: trust relationship Message-ID: <397BA3BE.E2E92D0E@conex.com.br> Ok, folks, now I have a samba 2.0.7 and I have the need to do a domain relationship is this possible in the samba 2.0.7 (not the tng)? From skvidal at phy.duke.edu Mon Jul 24 01:04:32 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:44 2003 Subject: trust relationship In-Reply-To: <397BA3BE.E2E92D0E@conex.com.br> Message-ID: > Ok, folks, now I have a samba 2.0.7 and I have the need to do a domain > relationship is this possible in the samba 2.0.7 (not the tng)? no. and to the maintainer of samba.org GET THE ARCHIVES SEARCH BACK ON LINE - please! -sv From zen at t-linux.com Mon Jul 24 12:41:11 2000 From: zen at t-linux.com (M. ZEN Muttaqien) Date: Tue Dec 2 02:30:44 2003 Subject: Archive was: trust relationship In-Reply-To: References: Message-ID: <00072408431302.00427@odin.t-linux.com> > > and to the maintainer of samba.org > > GET THE ARCHIVES SEARCH BACK ON LINE - please! > Yes, pleeeease... I do have same request as Seth Vidal... I need to find some news in the archives, but I can't do it now... -- Morpheus : There is a difference between knowing the path and walking the path ZEN O->^ (el GUAY) ======================== From simo.sorce at polimi.it Mon Jul 24 07:50:35 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:44 2003 Subject: cross-subnet authentication References: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> <3979C05B.8037B52C@kneschke.de> <3979E955.A4D01BD4@civ.hw.ac.uk> Message-ID: <397BF54B.F449D5C2@polimi.it> Iain Rae wrote: > > Lars Kneschke wrote: > > > > Philip Ciufo wrote: > > > > > > I've been using samba for a while now as a PDC and now require to move > > > several NT workstations into a new subnet, one that is different from the > > > subnet the PDC resides in. I tried the move already and the workstation > > > comes up with the error "a pdc for the domain could not be found". I > > > placed an entry in the lmhosts file of the workstation and this made no > > > difference. > > > > > > I ran samba with a higher log level, but have lost the logs. However, I > > > did see a "rejecting dgram ..." message of sort in the nmbd log file. I > > > can reproduce the error, so if anyone feels I really need the log file > > > then I can post it. > > > > > > My issue here is really if anyone has had a samba PDC in A.B.C.any > > > subnet and the workstation in A.B.D.any subnet and been able to get the > > > workstation to authenticate? If so, was there anything special you had to > > > do? > > If you have Windows workstations in different subnets then the pdc you > > need a wins server. It makes no difference if the pdc is a windows nt or > > samba server. Samba acts as wins server, when you set the parameter > > "wins support = yes" in the global section of your smb.conf. > > > > Why do you need a wins server? > > > > With out wins, the windows workstation finds it's pdc, sending > > broadcasts. But a router normaly doesn't route broadcast. So no > > workstation in another subnet then the pdc, will find the pdc. > > If you are using a wins server, the client registers itself and his > > function(pdc, domainmasterbrowser, local masterbrowser) at the wins > > server. If the client searches his pdc, it will ask the wins server, > > which gives him the ip address of the pdc. > > You need to configure the windows workstation to use wins. > > > > Cu > Lars is right, if you configure your samba as a wins server and > point the NT PC's at it they will be able to see the PDC (you should be > able to do cross subnet browsing as well), we have a couple of labs that > run happily like this, if you need examples of the smb.conf files we use > then e-mail me. > Another option to check is also the "host allow =". Be sure you permit your NT workstation to connect! host allow may be blank but usually contains the IP numbers of the machines allowed to connect. ex: host allow = 127. 192.168.1. 10.0.0.2 127. is the field that permit loopback connections (necessary) 192.168.1. permit access from the whole 192.168.1 network 10.0.0.2 permit access specifically from this address. if you have a host allow option be sure your new network is listed. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From dfritz at cocos-net.de Mon Jul 24 08:42:17 2000 From: dfritz at cocos-net.de (Dominik Fritz) Date: Tue Dec 2 02:30:44 2003 Subject: calling a virus scanner before opening and delivering a file Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Is ist possible to call a virus scanner before samba delivers a file to a client? Dominik -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOXvy/hRiNmEIbIaEEQLPuwCgjODDc0FcVO2tFf7HUT7uGl59MnoAnA5K 5VW5AW9zZd5Ipv9tEUpLSVvK =gb43 -----END PGP SIGNATURE----- From bgmilne at ing.sun.ac.za Mon Jul 24 10:25:26 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:44 2003 Subject: Samba 2.0.7 PDC not updating Domian user list References: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> Message-ID: <397C1996.74750666@ing.sun.ac.za> Hi, I have a Samba 2.0.7 serving as PDC on a small network, and after adding a new user (unix user and via smbpasswd) the domain user list is not updated. This is a problem, as I am trying to copy their profile to the PDC, and need to give their domain account access to their profile (among other things). Does anybody know how to fix this. I have restarted samba, and also rebooted (compiled new kernel over the weekend). Also, does anyone know when samba will: 1) Continue to show the domain users in the permissions dialogs on windows clients (instead of the DOMAIN\Account Unknown) 2) Support domain groups -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From gcarter at valinux.com Mon Jul 24 11:06:02 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:44 2003 Subject: trust relationship References: Message-ID: <397C231A.7BDFDD32@valinux.com> Seth Vidal wrote: > > GET THE ARCHIVES SEARCH BACK ON LINE - please! Tim is working on it very ferverently. Samba-technical and Samba-cvs have been moved over already. Samba and samba-ntdom are a little more involved due to the size of the lists. See http://us4.samba.org/mailman/listinfo/ for a growing list of mail archives. Sorry that these are searchable yet. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Mon Jul 24 12:00:57 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <200007230915.SAA32108@mail.xavier.sa.edu.au> <3.0.6.32.20000724092953.00880570@bioserve.latrobe.edu.au> Message-ID: <397C2FF9.3E3F6A88@valinux.com> David Bannon wrote: > > Does this mean that we are heading into the same dead > end that stopped the 'old head branch' circa mid '99 ? Possibly. We've all known this though, and I've even said it on this list. There's no reason to get back into the why this happened again. If you've been around long enough, you know why. TNG was never meant to become a release branch. It was meant for Luke to experiment with so that development in the main branch could continue and releases/bugfixes could continually be done. > If TNG cannot be merged back into mainstream Samba > then that sounds like mainstream Samba won't do PDC > to W2000 and that is plain scary. Nope. That's not what i said. We have to grab designs and code from TNG but certain things like 20 daemons to run Samba will mostly likely remain only in TNG. > Can I suggest the team considers slowing down on some > of the gee wiz functions and concentrating on heading > towards a useable product for people like me who face > the prospect of needing a PDC that accepts W2000 clients > and provides performance similar to 'main stream' samba. I'm going to follow up with a general roadmap message and everyone can respond with which wiz bang features we're working on that no one wants. Fair enough. > The pressure for a product like this is getting pretty > significent, even I have started to think about products > from the Evil Empire ! (Not seriously but Samba must > fight to remain relevent). Well, I'm going to play the other side here, ok? I've run the Samba PDC code in a production environment, so I think I qualify as a voice of reason here. If I were to take you statement at face value, then Samba would not be relevant today (since it does not offer a full PDC implementation). However, we all know based up these mailing lists, that is not the case. Currently, the Samba team is made up of about 2 dozen people. So I'm sure that begs the question, "How does one become a member?" It's not hard really. Write code, write documentation, take the ball an run with it (remember that Andrew is the benevolent dictator in this). Now out of two dozen members (grown in size over the years), code check ins now-a-days are by about 1/2 dozen people. That's a programming team of 6 people staring at bits on the wire, reading as much documentation as is available (writing it in other cases), and still trying to maintainable code quality in releases. Does anyone here realize that we had to rewrite the entire locking semantics for 2.2.0? it is now what we believe to be the most robust, and solid locking code available in Samba or out. (ask me this again after the release of 2.2.0 though :) ). Andrew has also implemented a small database library and we've lookup stores to this in order to improve speed and scalability. My point is that no one has said anything about these (although they were extremely necessary). How do I know they were necessary and not simply some exercise in frivolous coding? Because I can dig up benchmarks that showed extreme numbers of context switches on Sun E3000 running Solaris 2.6 due to lookups in the status.lck file upon startup of a new smbd. So at this point I'm probably rambling. I hope that no one has taken offense as it was certainly not meant in anyway. I just think what has happened (and please don't anyone take this wrong), is that to focus on the PDC implementation is but one part of the whole. Maybe everyone has got stars in their eyes from watching Luke (and Elrond and Matty and others) work on this. I don't know. They've all done incredible work. Just be careful not to downplay those that keep releases coming and fix bugs so that MS Word can save to a Samba share. :-) :-) Until you actually look at the code in TNG and then look at the code in HEAD, you will **never** understand what we talk about the differences between the two. Trust me on this one. I know that which I speak of since working on the rpcclient merge from TNG into HEAD. :-) That's it for now. Please, no flames, ok? I will gladly respond to logical questions comments, but not flames. I'm way too busy right now. Oh...and thanks for using Samba. :-) :-) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Mon Jul 24 12:09:35 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) References: Message-ID: <397C31FF.D9287E9D@valinux.com> Seth Vidal wrote: > > Now that A LOT of the samba team are working for valinux > is there a plan? Can we be privy to this plan? It would be > nice to know where its going so I can know what (w/i relative > norms) to expect for this year - and where to push my network. Someone higher than myself will have to answer this. I can only tell you as far as what plans are for 2.2.0. We seriously hope to have this out in the next few months. Would love to have it out by mid August. I can't make that call though. Maybe looking into September. What will be in 2.2.0? - rewritten locking semantics - TDB support for various internals databases - merged rpcclient from TNG - Support for Windows NT point and print features (automatic print driver install) - consolidation of printer driver management methods for Windows 95/98 and NT - support for storing accounts in LDAP (this one is the sketchiest right now) Probably some other things I have forgotten, but the above list is a good starting point. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From skvidal at phy.duke.edu Mon Jul 24 13:05:28 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) In-Reply-To: <397C31FF.D9287E9D@valinux.com> Message-ID: > Someone higher than myself will have to answer this. > I can only tell you as far as what plans are for 2.2.0. > > We seriously hope to have this out in the next few > months. Would love to have it out by mid August. > I can't make that call though. Maybe looking > into September. > > What will be in 2.2.0? > > - rewritten locking semantics > - TDB support for various internals databases > - merged rpcclient from TNG > - Support for Windows NT point and print > features (automatic print driver install) > - consolidation of printer driver management > methods for Windows 95/98 and NT > - support for storing accounts in LDAP (this one > is the sketchiest right now) > > Probably some other things I have forgotten, but the > above list is a good starting point. This helps tremendously. I think the concern that myself and others have is that while, the code is available, a general roadmap is not, so many of us don't know where samba is headed and are a concerned in that regard. Regarding the technical issues: are there plans to include samedit from tng as well? is the imprints programs going to be the "consolidation of printer driver mangement" portion? Which LDAP version are you targeting (v2 or v3?) Thanks for the answers they are very helpful. -sv From gcarter at valinux.com Mon Jul 24 13:24:10 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) References: Message-ID: <397C437A.8BED1380@valinux.com> Seth Vidal wrote: > > I think the concern that myself and others have is > that while, the code is available, a general roadmap is > not, so many of us don't know where samba is headed > and are a concerned in that regard. Yeah, I think this has been a general and consistent comment in the past. > Regarding the technical issues: > are there plans to include samedit from tng as well? Undecided. > is the imprints programs going to be the "consolidation > of printer driver mangement" portion? Part of it yes, but Imprints (for those who don't know, look at http://imprints.sourceforge.net) is going to be considered external to Samba. By consolidation, I mean the way by which Samba will support uploading and downloading of Windows 95/98/NT printer drivers. We got ourselves into a little bit of a hole with the Windows 95 design. The main problem is that the 'printer driver location' parameter for supporting Win9x print driver download is a service level parameter. However, when uploading drivers via the Windows NT Add Printer Wizard (which is how we will support NT driver upload), the GetPrinterDriverDirectory() RPC can only return one directory per **architechture**. See the problem here? So what we are working on is a means of migrating from the current Win9x support to a model that supports the NT 4 APW (which I'm working on implementing in rpcclient). The 'printer driver location' will then become a depreciated parameter and hopefully be gone by 3.0 (and possibly sooner). > Which LDAP version are you targeting (v2 or v3?) OpenLDAP 2.0 is out in limited Beta right now. Since it supports v3 and SASL, it would be nice to support advanced features of the newer LDAP RFC's. This is really all in the design phase unfortunately (LDAP in Samba that is). I need to revisit the schema as well. This means that the existing experimental schema's in TNG may or may not work out of the box with the released support (once it is completed). Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From elrond at samba.org Mon Jul 24 13:21:15 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) In-Reply-To: ; from Seth Vidal on Mon, Jul 24, 2000 at 11:05:29PM +1000 References: <397C31FF.D9287E9D@valinux.com> Message-ID: <20000724152115.A15788@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Jul 24, 2000 at 11:05:29PM +1000, Seth Vidal wrote: [...] > > - merged rpcclient from TNG [...] > Regarding the technical issues: > are there plans to include samedit from tng as well? samedit is simply a subset of rpcclient. You can give any commands, you give to samedit, also to rpcclient. rpcclient just includes a whole lot of more commands and tends to be a little "chaotic" ;) Elrond From holm at informatik.umu.se Mon Jul 24 13:28:45 2000 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) Message-ID: <200007241328.PAA15288@jupiter.informatik.umu.se> Gerald Carter wrote: > What will be in 2.2.0? > > - rewritten locking semantics > - TDB support for various internals databases > - merged rpcclient from TNG > - Support for Windows NT point and print > features (automatic print driver install) > - consolidation of printer driver management > methods for Windows 95/98 and NT > - support for storing accounts in LDAP (this one > is the sketchiest right now) > > Probably some other things I have forgotten, but the > above list is a good starting point. This is what I HAVE to have running by the end of the week: - W2k "domain clients" ("NT4-style" domain will do) - Accounts in LDAP - Some kind of printing - Shares from the server - Password changing from W2k and/or smbpasswd I'm quit sure all the point above is very important but in my situation I can't benifit from them since we will be running W2k :-( ----------------------------------------------------------------------------- ?ke Holmlund Tel: +46 - 90 786 57 16 Ume? University Fax: +46 - 90 786 65 50 Dept of informatics Email: holm@informatik.umu.se SE-901 87 Ume? Sweden From JTait at wyrddreams.demon.co.uk Mon Jul 24 13:21:32 2000 From: JTait at wyrddreams.demon.co.uk (James Tait) Date: Tue Dec 2 02:30:45 2003 Subject: cross-subnet authentication In-Reply-To: <397BF54B.F449D5C2@polimi.it> Message-ID: This is, of course, what I had intended - I'll check my smb.conf properly next time I propose a solution. On Mon, 24 Jul 2000, Simo Sorce wrote: > Another option to check is also the "host allow =". > Be sure you permit your NT workstation to connect! > host allow may be blank but usually contains the IP numbers of the > machines allowed to connect. > ex: host allow = 127. 192.168.1. 10.0.0.2 > 127. is the field that permit loopback connections (necessary) > 192.168.1. permit access from the whole 192.168.1 network > 10.0.0.2 permit access specifically from this address. -------------------------------------+------------------------------------ James Tait, BSc | ICQ# 17834893 MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 -------------------------------------+------------------------------------ From skvidal at phy.duke.edu Mon Jul 24 13:35:50 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) In-Reply-To: <200007241328.PAA15288@jupiter.informatik.umu.se> Message-ID: > This is what I HAVE to have running by the end of the week: and you started when? > - W2k "domain clients" ("NT4-style" domain will do) I think you will HAVE to use TNG for this. > - Accounts in LDAP I hope you've had experience with LDAP in the past. Reading this might help: http://www.unav.es/cti/ldap-smb-howto.html > - Some kind of printing that shouldn't be a problem as long as you don't want the point and shoot printing > - Shares from the server works with 2.0.7 which is what you should use for the fileserving portion > - Password changing from W2k and/or smbpasswd dunno about w2k password changing. I would suggest a small webpage and the ability to change passwords in there. -sv From gcarter at valinux.com Mon Jul 24 13:56:43 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:45 2003 Subject: [TNG] Status (and merging) References: <200007241328.PAA15288@jupiter.informatik.umu.se> Message-ID: <397C4B1B.C05667B7@valinux.com> ?ke Holmlund wrote: > > This is what I HAVE to have running by the end of the week: My sympathies :-\ > - W2k "domain clients" ("NT4-style" domain will do) > - Accounts in LDAP Just so you realize that this may or may not work out of the box when the LDAP support in Samba becomes official. > - Some kind of printing > - Shares from the server > - Password changing from W2k and/or smbpasswd > > I'm quit sure all the point above is very important but > in my situation I can't benifit from them since we will > be running W2k :-( The NT point and print stuff will work with Win2k clients. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From elrond at samba.org Mon Jul 24 14:04:11 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) In-Reply-To: <397C2FF9.3E3F6A88@valinux.com>; from Gerald Carter on Mon, Jul 24, 2000 at 10:10:20PM +1000 References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <397C2FF9.3E3F6A88@valinux.com> Message-ID: <20000724160411.B15788@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Jul 24, 2000 at 10:10:20PM +1000, Gerald Carter wrote: > David Bannon wrote: > > > > Does this mean that we are heading into the same dead > > end that stopped the 'old head branch' circa mid '99 ? > > Possibly. We've all known this though, and I've even > said it on this list. There's no reason to get back > into the why this happened again. If you've been > around long enough, you know why. TNG was never meant > to become a release branch. It was meant for Luke to > experiment with so that development in the main branch > could continue and releases/bugfixes could continually > be done. How I see it currently: TNG is a playground for Luke and others (including me). Some of us try to merge stuff from HEAD. Luke did a great job in this area... When the mods to HEAD aren't too complex, I'm trying to merge them into TNG too. (For example, the whole select/notify-change in HEAD was too fast/big to easily follow it, so I just even didn't try it.) > > If TNG cannot be merged back into mainstream Samba > > then that sounds like mainstream Samba won't do PDC > > to W2000 and that is plain scary. > > Nope. That's not what i said. We have to grab designs > and code from TNG but certain things like 20 daemons > to run Samba will mostly likely remain only in TNG. Yeah, that's how I see it too. BTW: Currently merging over the server-code for the daemons and not using different daemons would create a big security-hole. I have some plans to fix this in TNG. But my time is seriously limited. (I've a whole lot of plans on internalchanges for TNG, including this one and others to make live with sidlc lots easier, most of these are nearly fully complete in my head... I simply need the time to code them up...) [...] > Currently, the Samba team is made up of about 2 dozen > people. So I'm sure that begs the question, "How does > one become a member?" It's not hard really. Write code, > write documentation, take the ball an run with it (remember > that Andrew is the benevolent dictator in this). :) > Now out of two dozen members (grown in size over the years), > code check ins now-a-days are by about 1/2 dozen people. > That's a programming team of 6 people staring at bits on > the wire, reading as much documentation as is available > (writing it in other cases), and still trying to maintainable > code quality in releases. and wasting their free time... (for... hmmm) > Does anyone here realize that we had to rewrite the entire > locking semantics for 2.2.0? it is now what we believe to > be the most robust, and solid locking code available in > Samba or out. (ask me this again after the release of > 2.2.0 though :) ). This locking-code is already in TNG, and people seem to use it, so it can't be too broken. ;) > Andrew has also implemented a small > database library and we've lookup stores to this in > order to improve speed and scalability. Sidenote: I've already written this up on samba-technical: tdb doesn't scale properly: If the tdb gets too large, you end up with linear searches, because the hash-tables have a fixed size. (I know, how hard it is to get dynamic resizing hashtables [in a file], so no offense intended!) [...] > So at this point I'm probably rambling. I hope that no > one has taken offense as it was certainly not meant in > anyway. I just think what has happened (and please don't > anyone take this wrong), is that to focus on the PDC > implementation is but one part of the whole. Maybe > everyone has got stars in their eyes from watching Luke > (and Elrond and Matty and others) work on this. ;) I would like to see someone with stars in their eyes. ;) [...] > Until you actually look at the code in TNG > and then look at the code in HEAD, you will **never** > understand what we talk about the differences between > the two. Trust me on this one. I know that which I > speak of since working on the rpcclient merge from TNG > into HEAD. :-) I know some of this stuff... so I haven't looked much at HEAD. And I fully respect all the work on HEAD/2.x, because I know, this work is done with attention to stability and stuff like that, because that is, what all the major users want (including me for non-pdc-stuff. I wouldn't tell people to use samba, if it weren't that stable) On the other side, I can work on TNG and don't need to worry, when it breaks for some time, because everyone, who uses it, knew before, that they're using alpha-code. One of the reasons, why I've also currently stopped working on TNG: If the current TNG-code looks to be stable to some degree, Luke can make up an alpha-2.6-release and if someone complains about cvs being broken again, one can simply tell them to use 2.6. ;) And to write up some "final words": I don't want TNG to die too early. My idea is, that TNG being something like "reference-material" for PDC-stuff and HEAD slowly taking over stuff from it. When HEAD has everythig from TNG, TNG might die. [...] > Please, no flames, ok? I liked the mail very much, so why should I write a flame? And I think, I tend to be more on the TNG-side. ;) > I will gladly respond to logical questions comments, but > not flames. I'm way too busy right now. :-) > Oh...and thanks for using Samba. :-) :-) Thanks for maintaining it. Without it, this small institute here in the university either wouldn't have any pdc (everyone with a local account) or a scarry nt-pdc... > Cheers, > jerry Elrond From mhinzke at hinzke.de Mon Jul 24 15:51:44 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:46 2003 Subject: workstations that aren't in the domain Message-ID: <1437348616.20000724175144@hinzke.de> Hello Samba TNG, I yesterday compiled the cvs and all works fine. Bute I got one big problem. I got some Windows NT Workstations that are only in my workgroup and not in my domain. So since if replaced the samba-2.0.7 with the cvs this workstation could not access the shares. log.smb says: prs_grow_data: 4 > 0 LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match! Rejecting user 'shop': authentication failed Closing connections Changed root to / netbios connect: name1=MAIL name2=REPRO prs_grow_data: 4 > 0 LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match! Rejecting user 'shop': authentication failed Closing connections Changed root to / netbios connect: name1=MAIL name2=REPRO I thought it would be possible to have some workstations in the domain and some other in the workgroup. It is at the moment not possible to add all nt client to the domain. All users are add with samedit also, the trust accounts ... Does anyone could help me ? Mit freundlichen Gr??en Volker Hinzke GmbH Magnus Hinzke Linux forever -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From icoupeau at unav.es Mon Jul 24 16:59:40 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) References: <200007241328.PAA15288@jupiter.informatik.umu.se> <397C4B1B.C05667B7@valinux.com> Message-ID: <397C75FC.2E4392D9@unav.es> Gerald Carter wrote: > > ?ke Holmlund wrote: > > > > This is what I HAVE to have running by the end of the week: > > My sympathies :-\ > > > - W2k "domain clients" ("NT4-style" domain will do) > > - Accounts in LDAP > > Just so you realize that this may or may not work out > of the box when the LDAP support in Samba becomes > official. Great! I'm waiting for it... as soon as made "runable", I going to test it and update the docs... http://www.unav.es/cti/ldap-smb-howto.html I'm adding two or three rudimentary perl scripts (a lot of people ask me for it), but I hope update it for use the Net-LDAPapi (or Mozilla) modules. What about a posix_account-samba unified schema? Thanks, Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From admin at praesi.hercynia.verb.tu-clausthal.de Mon Jul 24 17:15:50 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?X-UNKNOWN?Q?Sascha_L=FCtzel_als_Serveradmin?=) Date: Tue Dec 2 02:30:46 2003 Subject: Where to get SAMBA TNG In-Reply-To: <397C75FC.2E4392D9@unav.es> Message-ID: Hello to everyone!! I tried to get SAMBA TNG with CVS, but the Version I get didn't compile. Where can I get a version wich does compile. Thanks Sascha From pjdc at eircom.net Mon Jul 24 18:27:29 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) In-Reply-To: Gerald Carter's message of "Mon, 24 Jul 2000 23:20:06 +1000" References: <397C437A.8BED1380@valinux.com> Message-ID: >>>>> "Gerald" == Gerald Carter writes: Gerald> Seth Vidal wrote: >> Regarding the technical issues: >> are there plans to include samedit from tng as well? Gerald> Undecided. I was under the impression that samedit's functionality is a strict subset of rpcclient's. If this is true, isn't samedit unnecessary? -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From gcarter at valinux.com Mon Jul 24 19:54:30 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) References: <397C437A.8BED1380@valinux.com> Message-ID: <397C9EF6.5AAEFA0F@valinux.com> Paul J Collins wrote: > > >>>>> "Gerald" == Gerald Carter writes: > > Gerald> Seth Vidal wrote: > > >> Regarding the technical issues: > >> are there plans to include samedit from tng as well? > > Gerald> Undecided. > > I was under the impression that samedit's functionality > is a strict subset of rpcclient's. If this is true, > isn't samedit unnecessary? Yes it is a subset. I think the question will be whether or not Luke gets his wish to do away with smbpasswd, which is an issue I am dodging altogether at the moment. :-) I can say that in the interest of not breaking all the currently installed servers when they are upgraded to 2.2.0, the smbpasswd will most likely stay around a little while longer. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Mon Jul 24 20:13:27 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:46 2003 Subject: Where to get SAMBA TNG In-Reply-To: Sascha =?iso-8859-1?q?L=FCtzel?= als Serveradmin's message of "Tue, 25 Jul 2000 03:16:53 +1000" References: Message-ID: >>>>> "Sascha" == Sascha L?tzel als Serveradmin writes: Sascha> I tried to get SAMBA TNG with CVS, but the Version I get Sascha> didn't compile. Where can I get a version wich does Sascha> compile. Please post the errors you get for the file that fails to compile; without that, help is simply not possible. If TNG doesn't compile, it probably means that a) your machine lacks some libraries or something; b) someone is working on TNG and either hasn't finished checking all their changes yet or has (surely not!) broken it. If b) is the case, the only thing you can do is try again later, or try checking out the SAMBA_TNG_2_5_GOOD branch. Or you could try an alpha release from ftp.samba.org. Bear in mind that these latter two are both old-ish. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From abrooks at css.tayloru.edu Mon Jul 24 20:17:25 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) In-Reply-To: <397C9EF6.5AAEFA0F@valinux.com> Message-ID: On Tue, 25 Jul 2000, Gerald Carter wrote: > > >> Regarding the technical issues: > > >> are there plans to include samedit from tng as well? > > > > Gerald> Undecided. > > > > I was under the impression that samedit's functionality > > is a strict subset of rpcclient's. If this is true, > > isn't samedit unnecessary? > > Yes it is a subset. I think the question will be whether > or not Luke gets his wish to do away with smbpasswd, > which is an issue I am dodging altogether at the moment. :-) > > I can say that in the interest of not breaking all > the currently installed servers when they are upgraded > to 2.2.0, the smbpasswd will most likely stay around a little > while longer. Hmmm.... Would it be possible to provide a shell or perl script wrapper which can behave like smbpasswd on behalf of samedit? This seems like the path of least resistance if it is possible. This leaves current users in the position to decide when they get rid of smbpasswd. Sorry, haven't played with samedit to know if this is possible -- haven't had time. -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168, abrooks [SHIFT"2"] css.tayloru.edu Computing Systems Resource Manager, Taylor University, CSS Department PGP public key: http://www.css.tayloru.edu/~abrooks/pgpkey/abrooks.asc PGP key fingerprint = 75 83 D2 9C 44 C7 00 C8 07 A1 6C F0 BD 04 C0 60 From Mohammad.Ghaeini at albertsons.com Mon Jul 24 21:50:31 2000 From: Mohammad.Ghaeini at albertsons.com (Mohammad Ghaeini) Date: Tue Dec 2 02:30:46 2003 Subject: Need to run NT-based program from Solaris. Message-ID: I have a situation where a large sized data file is downloaded/uploaded from a Solaris-x86 server. The data file is used by a vendor supplied program which runs as a background process on an NT workstation. The vendor will not port this utility to Solaris. My problem is: How do I run the NT-based program with the Solaris-based data file as input? I would like to avoid making a second copy of the data file on the NT workstation. I'm told that the NT workstation is not capable of mapping a drive to the Solaris server in such a way that multiple background processes are able to access the drive. Has anyone come across this situation before? Thanks in advance, Mohammad From mgeddes at xavier.sa.edu.au Mon Jul 24 23:22:00 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:46 2003 Subject: was [TNG] Status (and merging) References: <200007241328.PAA15288@jupiter.informatik.umu.se> Message-ID: <397CCF98.288B7387@xavier.sa.edu.au> ?ke Holmlund wrote: > This is what I HAVE to have running by the end of the week: > > - W2k "domain clients" ("NT4-style" domain will do) > - Accounts in LDAP > - Some kind of printing > - Shares from the server > - Password changing from W2k and/or smbpasswd > > I'm quit sure all the point above is very important but in my situation > I can't benifit from them since we will be running W2k :-( Where are you up to? I have successfully done all except the LDAP stuff with the TNG from a couple of days ago. LDAP compiles in, but I haven't played with it past that. Check out the SMB-LDAP howto. Someone else posted a link. I think you can get this done. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From D.Bannon at latrobe.edu.au Mon Jul 24 23:05:44 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) In-Reply-To: References: <200007241328.PAA15288@jupiter.informatik.umu.se> Message-ID: <3.0.6.32.20000725090544.00882bd0@bioserve.latrobe.edu.au> At 11:36 PM 24/07/2000 +1000, Seth Vidal wrote: > ........ >> - Shares from the server >works with 2.0.7 which is what you should use for the fileserving portion > Seth, is the dual 2.0.7 / TNG model valid (on the one box) ? I was under the impression HEAD/TNG model was suggested once but since March this year Lars FAQ says it does not work. A 207/TNG would be very nice ..... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From peter at cadcamlab.org Mon Jul 24 23:53:00 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:46 2003 Subject: [TNG] Status (and merging) References: <397C9EF6.5AAEFA0F@valinux.com> Message-ID: <14716.54550.934574.428750@wire.cadcamlab.org> [Aaron Brooks ] > Hmmm.... Would it be possible to provide a shell or perl script > wrapper which can behave like smbpasswd on behalf of samedit? This > seems like the path of least resistance if it is possible. This > leaves current users in the position to decide when they get rid of > smbpasswd. Here's my understanding: rpcclient and smbpasswd may *appear* to do similar things, but under the hood they're completely different. smbpasswd uses the win9x calls, rpcclient uses the nt calls. Apparently the nt calls are much more secure, surprise surprise. In the case of smbpasswd -j for joining a domain, it works by knowing the well-known default machine password for the domain, assuming you've already been on the PDC to create the account. Thus it doesn't need any other authentication to the server. rpcclient, on the other hand, must authenticate as an administrator on the server because it creates the machine account with a random password. ANYWAY, what I was getting at is that (at least as I understand it) it is not directly possible to emulate smbpasswd using rpcclient/samedit, because they use different network calls. The best you could do is emulate the *user interface*. That would help some people, but the main concern here is people with Samba 2.0.x PDC's, which do not properly support the rpcclient calls. Peter From r_huelsmann at ish.de Tue Jul 25 00:04:38 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:30:47 2003 Subject: arrgg.. tng makes me crazy.. impossible to just have one guest share ? Message-ID: <002101bff5cb$ec8a5c40$3401a8c0@workstation_1a> hi ! having work with tng before (pdc with nt/w2k-clients/romaing profiles) i?m setting up a new server. for several reasons, i want to have just von guest = ok , wirteable share. nor problem with the stabel release. i usualy set - encrypted pw = ok - security = share in the sahre - guest ok = yes - brwoseable = yes - read only = no now, with tng 2.5 there are two different problems - if i use security = share , i see the sever. but if i click him, it says, that the server services aren?t running - if i use security = user , set up a machine account with useradd/smbpasswd and also a user account, there commes a login-windows asking me for username/pw... but he doesn?t accept the user/pass. in the log it says wrong password... waht would you expect me to set up just this share for guests ? greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.com/ r_huelsmann@ish.com phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000725/331e61c3/iso-8859-1QRalf_HFClsmann.obj From peter at cadcamlab.org Tue Jul 25 00:05:33 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:47 2003 Subject: Need to run NT-based program from Solaris. References: Message-ID: <14716.55666.539943.248465@wire.cadcamlab.org> [Mohammad Ghaeini ] > I have a situation where a large sized data file is > downloaded/uploaded from a Solaris-x86 server. The data file is used > by a vendor supplied program which runs as a background process on an > NT workstation. The vendor will not port this utility to Solaris. You might investigave WINE (www.winehq.com). I don't know what their level of support is for Solaris/x86, but with a great deal of luck you may be able to get your vendor app to run under it. Failing that, see if VMWare supports Solaris, and if so, run NT under that. Peter From m.scheede at stud.uni-goettingen.de Tue Jul 25 00:25:33 2000 From: m.scheede at stud.uni-goettingen.de (m.scheede@stud.uni-goettingen.de) Date: Tue Dec 2 02:30:47 2003 Subject: subscribe Message-ID: <397CDE7D.81A98585@stud.uni-goettingen.de> subscribe From admin at praesi.hercynia.verb.tu-clausthal.de Tue Jul 25 00:35:35 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:30:47 2003 Subject: Thanks and another Problem References: Message-ID: <004e01bff5d0$408e1800$aceeae8b@oelfuss> Hello and Thanks to everyone who helped me getting TNG 2.5.3 (alpha). Now I have a problem. I can log onto the domain but I couldn't connect to the services at the Server. I am using TNG 2.5.3 (alpha) and SuSE 6.2. Another Question is how do profiles work, or i it right how do I try it??? This is my smb.conf file: [global] status = yes server string = Corpsserver domain user map = /usr/local/samba/private/domainuser.map domain group map = /usr/local/samba/private/domaingroup.map workgroup = hercynia encrypt passwords = yes domain master = yes local master = yes preferred master = yes security = user wins support = yes log level = 5 debug level = 5 os level = 66 guest account = nobody hosts allow = 139.174.238. 127. socket options = TCP_NODELAY share modes = yes locking = yes strict locking = yes keepalive = 1 character set = iso8859-1 domain logons = yes logon path = \\%L\profiles\%U logon script = %U.bat [netlogon] comment = Netlogon Service path = /samba/netlogon locking = no publick = no writeable = no [profiles] path = /samba/profiles create mode = 0777 browseable = yes directory mode = 0777 writeable = yes [home] comment = Heimatverzeichnis path=/home/%U browseable = yes guest ok = yes read only = no create mode = 0600 directory mode = 0700 [print$] comment = network print driver folder path = /usr/local/samba/lib/drivers case sensitive = no mangled names = no mangle case = no writable = yes [Minolta_6L] comment = Minolta Page Pro 6L printer = lp2 printer driver = "APS PS" printer driver location = \\%L\print$ path = /tmp [share] browseable = yes comment = Einer fuer alle force group = hercynia path = /share writable = yes create mode = 0770 create mask = 0770 [corpsordner] browseable = yes comment = Alle Corpsinterna path = \topsecret writable = yes create mode = 0770 create mask = 0770 [mp3] browseable = yes path = /mp3 comment = Musik fuer alle create mode = 0770 create mask = 0770 writable = yes From skvidal at phy.duke.edu Tue Jul 25 02:50:57 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:47 2003 Subject: [TNG] Status (and merging) In-Reply-To: <3.0.6.32.20000725090544.00882bd0@bioserve.latrobe.edu.au> Message-ID: > At 11:36 PM 24/07/2000 +1000, Seth Vidal wrote: > > ........ > >> - Shares from the server > >works with 2.0.7 which is what you should use for the fileserving portion > > > > Seth, is the dual 2.0.7 / TNG model valid (on the one box) ? I was under > the impression HEAD/TNG model was suggested once but since March this year > Lars FAQ says it does not work. > > A 207/TNG would be very nice ..... thats suprising. I know 2.0.7 can join TNG/use it as a password server so I can't imagine why they would conflict. I'm using an earlier HEAD snapshot but it doesn't make much sense that they would conflict when you have 2 different ips and build trees. -sv From mhinzke at hinzke.de Tue Jul 25 06:11:53 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:47 2003 Subject: WS in a workgroup couldn't access an PDC Message-ID: <16527057.20000725081153@hinzke.de> Hallo Samba TNG, I found something in my log files: Found policy hnd[9] [000] 00 00 00 00 80 22 7F 1D FF F5 BF 01 82 5A 00 00 .....".. .....Z.. [010] 01 00 00 00 .... policy(pnum=9 ): Closing SMB LM/NT Password did not match! Rejecting user 'mhinzke': authentication failed 32 bit error packet at line 493 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] error string = Datei oder Verzeichnis nicht gefunden size=35 This happens if I try to access the PDC with a workstation that isn't in the domain, only in the workgroup (I already send a mail yesterday). Can anyone tell something about my problem ? cu Magnus Hinzke LINUX - because booting is for adding hardware -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From teddy at ladograd.ru Tue Jul 25 06:20:10 2000 From: teddy at ladograd.ru (=?ISO-8859-1?Q? =E6=A3=C4=CF=D2?= =?ISO-8859-1?Q?=EB=D5=C2=C1=CE=C5=C3 ?=) Date: Tue Dec 2 02:30:47 2003 Subject: TNG & international characters Message-ID: <001901bff600$62a86820$64c6a8c0@localnet1> Hello, All! I try to replace my working Samba 2.07 with Samba-TNG.2.5.3, using same config. Next, when I open any share on Samba server, I see only English characters, names of files and folders in Russian has not been displayed. Trying "valid chars" in smb.conf has no success. Help me please, so I want to try new features in TNG. Thanks. Teddy. -------------- next part -------------- HTML attachment scrubbed and removed From admin at praesi.hercynia.verb.tu-clausthal.de Tue Jul 25 08:36:56 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:30:47 2003 Subject: WS in a workgroup couldn't access an PDC References: <16527057.20000725081153@hinzke.de> Message-ID: <000901bff613$7ea928d0$aceeae8b@oelfuss> Hello, I have the same Problem and I can log onto the Domain but if I try to browse the server shares, homes and printer, I get ask for username and password. I typed all right, but get the same errormessage in the logs like you, don't know how to fix it. I use SAMBA TNG 2.5.3 alpha. Sascha ----- Original Message ----- From: "Magnus Hinzke" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Tuesday, July 25, 2000 8:11 AM Subject: WS in a workgroup couldn't access an PDC > Hallo Samba TNG, > > I found something in my log files: > Found policy hnd[9] [000] 00 00 00 00 80 22 7F 1D FF F5 BF 01 82 5A 00 00 .....".. .....Z.. > [010] 01 00 00 00 .... > policy(pnum=9 ): Closing > SMB LM/NT Password did not match! > Rejecting user 'mhinzke': authentication failed > 32 bit error packet at line 493 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] > error string = Datei oder Verzeichnis nicht gefunden > size=35 > > This happens if I try to access the PDC with a workstation that isn't in > the domain, only in the workgroup (I already send a mail yesterday). > > Can anyone tell something about my problem ? > > cu > Magnus Hinzke > > LINUX - because booting is for adding hardware > > -- > Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de > ------------------------------------------------------------------- > Mitglied im Wirtschaftsverband Kopie und Medientechnik > http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de > Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 > > From psv at transgaz.tomsk.ru Tue Jul 25 01:57:01 2000 From: psv at transgaz.tomsk.ru (Sergey Podushkin) Date: Tue Dec 2 02:30:47 2003 Subject: TNG & international characters References: <001901bff600$62a86820$64c6a8c0@localnet1> Message-ID: <397CF3ED.B8248787@comm.ttg> > ????? ??????? wrote: > > Hello, All! > > I try to replace my working Samba 2.07 with Samba-TNG.2.5.3, using > same config. > Next, when I open any share on Samba server, I see only English > characters, names of files and folders in Russian has not been > displayed. Trying "valid chars" in smb.conf has no success. > > Help me please, so I want to try new features in TNG. > Thanks. > > Teddy. Hi You have to use the same settings as in 2.0.7, like character set = KOI8-R client code page = 866 I have my TNG 2.5 (2.5.3 is known as broken) working just fine with russian symbols. Sergey. From dfritz at cocos-net.de Tue Jul 25 09:11:08 2000 From: dfritz at cocos-net.de (Dominik Fritz) Date: Tue Dec 2 02:30:47 2003 Subject: WS in a workgroup couldn't access an PDC In-Reply-To: <000901bff613$7ea928d0$aceeae8b@oelfuss> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sascha I had the same problem as you some month ago. these things a broken in 2.5.3. you have to use tng 2.5. Or you try this workaround: Restart the damons after you have loged into the domain. Dominik -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOX1LixRiNmEIbIaEEQIICwCg/dVvnyUcHrQR4oU0PIyMEA99QqMAn33/ /WIf/J1SF/qra/08KzXmFKUu =Tyr4 -----END PGP SIGNATURE----- From peter at cadcamlab.org Tue Jul 25 09:24:42 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:47 2003 Subject: [TNG] Status (and merging) References: <3.0.6.32.20000725090544.00882bd0@bioserve.latrobe.edu.au> Message-ID: <14717.23276.722495.404472@wire.cadcamlab.org> [David Bannon] > > Seth, is the dual 2.0.7 / TNG model valid (on the one box) ? I was > > under the impression HEAD/TNG model was suggested once but since > > March this year Lars FAQ says it does not work. [Seth Vidal ] > thats suprising. I know 2.0.7 can join TNG/use it as a password > server so I can't imagine why they would conflict. What David was referring to was the work Luke L did late last year, not long after creating the split-daemon architecture in TNG. You have *one* instance of Samba where the HEAD branch does the fileserving and the TNG branch does the DC and auth stuff. They communicate through local sockets, just like the multiple TNG daemons do. HEAD would first try a socket and, if nobody was home, revert to its builtin code. At the time, Luke was very excited about the ability to develop all the daemonettes independently -- the theory was that development cycles would be independent and thus short. (Three weeks, I think he said at one point.) And many people did use "mixed-mode", since HEAD file/print-serving was so much better. It was a nice theory. But apparently the socket protocol was not as nicely abstracted as one might have hoped, and it was not long (two months?) before HEAD and TNG could no longer talk to each other, rendering the exercise largely moot. (The exercise of including HEAD, that is -- I still think the split daemons in TNG are useful.) Peter From m.brodbelt at acu.ac.uk Tue Jul 25 10:38:59 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:30:48 2003 Subject: [TNG] Status (and merging) References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <397C2FF9.3E3F6A88@valinux.com> Message-ID: <397D6E43.3988EFA7@acu.ac.uk> > > The pressure for a product like this is getting pretty > > significent, even I have started to think about products > > from the Evil Empire ! (Not seriously but Samba must > > fight to remain relevent). > > Well, I'm going to play the other side here, ok? I've > run the Samba PDC code in a production environment, so I > think I qualify as a voice of reason here. > > If I were to take you statement at face value, then > Samba would not be relevant today (since it does not > offer a full PDC implementation). However, we all know > based up these mailing lists, that is not the case. I'm another one looking forward to full NT PDC code. I'd like to get rid of my NT4 PDC. However, it's more important to me that I retain stability with Samba, than that the developers jump the gun to get the new features out of the door. I can live with my PDC for as long as it takes, and as all the box does is authentication, it's even realtively stable.... > Does anyone here realize that we had to rewrite the entire > locking semantics for 2.2.0? it is now what we believe to > be the most robust, and solid locking code available in > Samba or out. (ask me this again after the release of > 2.2.0 though :) ). Andrew has also implemented a small > database library and we've lookup stores to this in > order to improve speed and scalability. I think this is symptomatic of a great many endeavours - much of the most necessary work is "down in the trenches", and does not attract the attention that new feature development attracts. Microsoft and other proprietary software vendors suffer from this - their software is bad because it's more profitable in the business world to add features than to make sure the ones you have actually work. It's a great strength of free software that the authors actually care about code quality, and don't have marketing departments breathing down their necks.... I certainly (and I believe I'm speaking for many others) appreciate the enormous amount of work that is done to make sure Samba "just works". It's this kind of work that lets me have a server last rebooted in October, while an NT site I visited last week reboots their machines several times a week. Without the work put in by all you guys, I, and others like me, would be spending all our time running around fixing things, instead of actually getting things done. > > Please, no flames, ok? I will gladly respond to logical > questions comments, but not flames. I'm way too busy > right now. > > Oh...and thanks for using Samba. :-) :-) Thank *you* for all the work that makes it possible for us to use it.... Mike. From holm at informatik.umu.se Tue Jul 25 11:31:15 2000 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Tue Dec 2 02:30:48 2003 Subject: was [TNG] Status (and merging) Message-ID: <200007251131.NAA26736@jupiter.informatik.umu.se> Matthew Geddes wrote > ?ke Holmlund wrote: > > > This is what I HAVE to have running by the end of the week: > > > > - W2k "domain clients" ("NT4-style" domain will do) > > - Accounts in LDAP > > - Some kind of printing > > - Shares from the server > > - Password changing from W2k and/or smbpasswd > > > > I'm quit sure all the point above is very important but in my situation > > I can't benifit from them since we will be running W2k :-( > > Where are you up to? > > I have successfully done all except the LDAP stuff with the TNG from a > couple of days ago. LDAP compiles in, but I haven't played with it past > that. Check out the SMB-LDAP howto. Someone else posted a link. I think > you can get this done. Right now I'm using TNG 2.5 on Sun/sparc Solaris 7. I tried a cvs checkout yesterday but it didn't compile and I didn't have time to look into it: Linking bin/smbd ild: (undefined symbol) is_msdfs_volume -- referenced in the text segment of smbd/trans2.o *** Error code 5 make: Fatal error: Command failed for target `bin/smbd' This is "working" (there are problems but I think I can live with them): - W2k machines can join the domain and users can log in. Profiles work. Haven't tried policies yet (W2k an poicies, hmm....:-) - Users and machines in LDAP (using Netscape Directory Server) I have been fiddling around a bit with the LDAP-code to get it to work closer to what I want it to do. - Printing kind of works. However, I get a number (~2-4) "empty" print- jobs everty time i try to print something. I will write a small lp- wrapper and just remove those empty print files. There is also a problem with the %p variable. It's used for both the printer name in print commands and in connection with NIS maps. The NIS map code interferes with the print commands. I just commented out the NIS-code :-) - Shares seem to work. - Passwords are my biggest problem right now. Smbpasswd doesn't get the NT-password (hash) right and I really need a way for users to change their passwords. There is also a "minor" problem with populating the LDAP database with ~1000 users and passwords....... Yes, I have read encryption.txt but it doesn't seem to help. I will probably have to create a script that populates the LDAP database from out NIS+ tables, creates and sets a random password and send a mail to every user telling them the password and how to change it (every potential W2k user is also a Unix user). Anyone done this before? :-) There are a LOT of things I haven't tried (usermgr.exe, groups, administrator accounts...) but for the time beeing I think I can live without them. I'm looking for really basic functionality right now. Regards, ----------------------------------------------------------------------------- ?ke Holmlund Tel: +46 - 90 786 57 16 Ume? University Fax: +46 - 90 786 65 50 Dept of informatics Email: holm@informatik.umu.se SE-901 87 Ume? Sweden From jens.skripczynski at igd.fhg.de Tue Jul 25 11:59:24 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:30:48 2003 Subject: [TNG] Status (?) In-Reply-To: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de>; from elrond@samba.org on Sat, Jul 22, 2000 at 09:22:24PM +0200 References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000725135924.A5428@igd.fhg.de> Elrond: > This time, I'm trying to write a "status-report" for the > current cvs-version of TNG. currently not working with windows 95 clients: - Domain logon. The netlogon.bat spcified in the smb.conf in not executed when logging in from a Win95 client - share connect is _real_ slow Connecting with share that was previously connected to the samba server take at least 10 times longer than in Jan. with TNG or today with the main Branch - printing issue files are spooled but not printed printers cannot be installed properly - TNG makes a lot of error messges in the log files when loggin in from a Win 95 client annoying: - Warning about security hazards when using TNG daemons mode 0700 .... Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From admin at praesi.hercynia.verb.tu-clausthal.de Tue Jul 25 13:08:20 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:30:48 2003 Subject: How to setup printer with TNG 2.5 Message-ID: <003d01bff639$67e91300$aceeae8b@oelfuss> Hi!! I would like to setup printers on my TNG PDC. I alredy tried, but by installing the printer on NT4WKS an error message occured. Sounds somthing like that "could not establish connection to printer: wrong printername". can sombody help me??? Thanks Sascha -------------- next part -------------- HTML attachment scrubbed and removed From bgmilne at ing.sun.ac.za Tue Jul 25 14:57:33 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:48 2003 Subject: [Fwd: Samba 2.0.7 PDC not updating Domian user list] Message-ID: <397DAADD.AC3407F8@ing.sun.ac.za> I think this one got lost in the flood of TNG update posts. Also, from a win98 client, I can't get the list of users. Buchan -------- Original Message -------- Subject: Samba 2.0.7 PDC not updating Domian user list Date: Mon, 24 Jul 2000 12:25:26 +0200 From: Buchan Milne Organization: Centre for Automotive Engineering To: Multiple recipients of list SAMBA-NTDOM References: <200007220239.e6M2dgJ14241@ghoul.snrc.uow.edu.au> Hi, I have a Samba 2.0.7 serving as PDC on a small network, and after adding a new user (unix user and via smbpasswd) the domain user list is not updated. This is a problem, as I am trying to copy their profile to the PDC, and need to give their domain account access to their profile (among other things). Does anybody know how to fix this. I have restarted samba, and also rebooted (compiled new kernel over the weekend). Also, does anyone know when samba will: 1) Continue to show the domain users in the permissions dialogs on windows clients (instead of the DOMAIN\Account Unknown) 2) Support domain groups -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From gcarter at valinux.com Tue Jul 25 15:01:37 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:48 2003 Subject: [TNG] Status (and merging) References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <397C2FF9.3E3F6A88@valinux.com> <20000724160411.B15788@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <397DABD1.DD2BBEF1@valinux.com> Elrond wrote: > > TNG is a playground for Luke and others (including me). > Some of us try to merge stuff from HEAD. Luke did a great > job in this area... When the mods to HEAD aren't too > complex, I'm trying to merge them into TNG too. Yup. A playground is a nice term. :-) > (I've a whole lot of plans on internalchanges for TNG, > including this one and others to make live with sidlc lots > easier, most of these are nearly fully complete in my > head... I simply need the time to code them up...) Ah...there's the rub (i thought you were on vacation anyways?!) > This locking-code is already in TNG, and people seem to use > it, so it can't be too broken. ;) Good. I didn't realize that. > And I fully respect all the work on HEAD/2.x, because I > know, this work is done with attention to stability and > stuff like that, because that is, what all the major users > want (including me for non-pdc-stuff. I wouldn't tell > people to use samba, if it weren't that stable) > On the other side, I can work on TNG and don't need to > worry, when it breaks for some time, because everyone, who > uses it, knew before, that they're using alpha-code. Exactly. :-) > I don't want TNG to die too early. My idea is, that TNG > being something like "reference-material" for PDC-stuff and > HEAD slowly taking over stuff from it. When HEAD has > everythig from TNG, TNG might die. I don't think TNG is going to die anytime soon. There way too much information in it. I think the term reference implementation is probably a good fit. TNG works and proves that things can be done. Whether it does them the best way possible is a debate for another day. It's purpose is to prove that PDC support can be done and to learn from our mistakes. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Tue Jul 25 19:43:12 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:48 2003 Subject: Need to run NT-based program from Solaris. In-Reply-To: Peter Samuelson's message of "Tue, 25 Jul 2000 10:05:44 +1000" References: <14716.55666.539943.248465@wire.cadcamlab.org> Message-ID: >>>>> "Peter" == Peter Samuelson writes: Peter> [Mohammad Ghaeini ] -snip- >> NT workstation. The vendor will not port this utility to Solaris. -snip- Peter> Failing that, see if VMWare supports Solaris, and if so, Peter> run NT under that. Currently Linux-only (and NT). On the plus side, it works, and not too sluggishly either. Lots of RAM is a necessity. I use NT in a VMWare box for testing (okay, playing with) TNG. Is WABI still around/used/supported? -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From gcarter at valinux.com Tue Jul 25 20:04:24 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:48 2003 Subject: Need to run NT-based program from Solaris. References: <14716.55666.539943.248465@wire.cadcamlab.org> Message-ID: <397DF2C8.C421BAD9@valinux.com> Paul J Collins wrote: > > Is WABI still around/used/supported? No, Sun has the Sun PCI card now for the Ultra 10's (maybe 5's as well?) jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Fabricio at tc.df.gov.br Tue Jul 25 20:30:08 2000 From: Fabricio at tc.df.gov.br (Fabricio Bianco Abreu) Date: Tue Dec 2 02:30:48 2003 Subject: Samba 2.0.7 PDC and MS-Exchange/SNA Server Message-ID: <540DA5E188A2D3118996006008A0C27903068D@MARTE> I think this one got lost in the flood of TNG update posts. To make sure we all know what products and technologies are involved lets state it: - MS Windows Nt v. 4.0 (service pack 4) - MS Exchange Server v. 5.0 (service pack 2) - MS SNA Server v. 3.0 Fabricio > ---------- > De: Fabricio Bianco Abreu[SMTP:Fabricio@tc.df.gov.br] > Responder: Fabricio@tc.df.gov.br > Enviada: Ter?a-feira, 18 de Julho de 2000 14:37 > Para: Multiple recipients of list SAMBA-NTDOM > Assunto: Samba 2.0.7 PDC and MS-Exchange/SNA Server > > Products belonging to Microsoft BackOffice family (e.g. MS Exchange > Server, > MS SNA Server and MS SQL Server) may use WinNT domain controllers > information about users and domain groups to implement access methods for > their own services. > > Given these cenarios: > - MS Exchange may assign mailboxes to a certain domain user; > - MS SNA Server may assign rights to a certain domain group access a pool > of > logical units. > > I REALLY need to migrate a full MS Network to a linux/unix/samba > environment. Six NT machines are providing login, profiles, file, Exchange > and SNA services to about 400 Win95 workstations. > > Questions are: > - Are these products able to use Samba 2.0.7 Domain Controller > functionalities concerning users and groups?? > - Would MS Exchange Server perceive Samba 2.0.7 as a NT DC and perform > authentication to its mailboxes users?? As I see it, it resembles the > login > process. > - Would Win95 workstations share files and printers on a user level base > (in > opposition to share level sharing) having Samba 2.0.7 for domain > controller > ?? > > I am not interested on User Manager or Server Manager stuff. It is not an > issue if I have to use a Samba box to administer user information on such > domain. > > Sorry for my lame English. > > Best regards, > > Fabricio Bianco Abreu > Network Manager > Tribunal de Contas do Distrito Federal - Brazil. > From GLeblanc at cu-portland.edu Tue Jul 25 21:13:36 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:48 2003 Subject: Need to run NT-based program from Solaris. Message-ID: <025836EFF856D411A6660090272811E61D0509@EMAIL> > -----Original Message----- > From: Gerald Carter [mailto:gcarter@valinux.com] > Sent: Tuesday, July 25, 2000 1:02 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Need to run NT-based program from Solaris. > > Paul J Collins wrote: > > > > Is WABI still around/used/supported? > > No, Sun has the Sun PCI card now for the Ultra 10's > (maybe 5's as well?) The SunPCI should work in any PCI SPARC machine. It's quite hard (from all reports) to get it to talk to the machine that it's plugged into. To be more clear, if the SunPCI card is in your Ultra10, it's hard to make it talk to said Ultra10, but not hard to make it talk to some other machine on the network. Sun has had SBUS cards that performed the same functions, but were much slower (along the lines of 133MHz K5). Assuming that you want to test NT working with Samba (what's the proper capitalization for that?) on your Ultra, you WILL need a machine performing routing that is external to your computer. The SunPCI cannot communicate directly with the machine that's hosting it. Grego From jon.erickson at neicoltech.org Tue Jul 25 22:43:00 2000 From: jon.erickson at neicoltech.org (Jon Erickson) Date: Tue Dec 2 02:30:48 2003 Subject: SUBSCRIBE Message-ID: ---------------------------------------------- Jon Erickson NEI College of Technology Work - 763.782.7342 Fax - 763.782.7329 ---------------------------------------------- From griffy at math.umd.edu Tue Jul 25 22:55:50 2000 From: griffy at math.umd.edu (Tim Strobell aka Griffy) Date: Tue Dec 2 02:30:49 2003 Subject: tng as bdc, what have i forgotten? Message-ID: <20000725185550.G5344@laplace.math.umd.edu> howdy samba gurus, i've just slurped down SAMBA_TNG from cvs, and have it happily compiled and installed. i'm trying to add the samba box as a bdc (SAMBABDC) to our existing domain (MATHNT, pdc is NTSERVER). when i try to create the trust acct for the samba box on the nt server, it fails miserably. i'm following Lars Kneschke's TNG info... (hi Lars!) [MATHNT\griffy@NTSERVER]$ createuser SAMBABDC$ -s -j MATHNT createuser SAMBABDC$ -s -j MATHNT SAM Create Domain User Domain: MATHNT Name: sambabdc$ ACB: [S ] Create Domain User: OK Join SAMBABDC to Domain MATHNT LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED Set $MACHINE.ACC: FAILED what have i forgotten to do? :-) i'd normally search through the archives before posting, but... many thanks, tim -- Tim "Griffy" Strobell, griffy@math.umd.edu, (301) 405-8175 Assistant Sysadmin, Server Janitor, and Customer Service Associate Department of Mathematics, University of Maryland at College Park From I.Marmaridis at uws.edu.au Tue Jul 25 23:50:45 2000 From: I.Marmaridis at uws.edu.au (Makis Marmaridis) Date: Tue Dec 2 02:30:49 2003 Subject: Username map problem! Message-ID: <002a01bff693$26d5bb70$23499a89@pclan2> Hi all, I am setting up a server as a domain controller serving 7 clients (NT 4.0 workstation). The server runs RedHat linux 6.0 with the latest kernel and Samba_TNG_Alpha_2.5. Although I thought I had everything working fine, when I tried to logon to the domain as one of the users the logon attempt failed (I got the message about incorrect username or password in NT). I checked the logs and the following error message showed up: "[2000/07/26 04:10:00, 0] lib/username.c:map_username(87) can't open username map /etc/samba/users.map" I have tried giving 777 permissions to the mapping file but still nothing changed. I ever compiled and installed samba 2.07 instead but the same problem persists. The relevant line of my smb.conf is below: username map = /etc/samba/users.map An extract of the users.map file is below: 99580793 = s9580793 99580807 = s9580807 99580810 = s9580810 99580823 = s9580823 99580966 = s9580966 99581464 = s9581464 99582366 = s9582366 99584069 = s9584069 99584610 = s9584610 * the username to the right is the unix one. Users will be using the one to the left to logon. each unix username has an account created in smbpasswd. Except for this problem where it seems that Samba cannot map a username to its corresponding unix username, logons work beautifully! Also, in the samba log file (samba.log.smb), I noticed entries about (haven't got the exact wording) : requested 10000 files 10401 available. But that only looked like a warning and not an error. I would appreciate any help as it is critical that I get the server in production as soon as possible. (Sorry for the size of the email!) Thank you in advance, Makis. From griffy at math.umd.edu Tue Jul 25 23:49:25 2000 From: griffy at math.umd.edu (Tim Strobell aka Griffy) Date: Tue Dec 2 02:30:49 2003 Subject: Need to run NT-based program from Solaris. In-Reply-To: <025836EFF856D411A6660090272811E61D0509@EMAIL>; from GLeblanc@cu-portland.edu on Wed, Jul 26, 2000 at 07:13:38AM +1000 References: <025836EFF856D411A6660090272811E61D0509@EMAIL> Message-ID: <20000725194925.H5344@laplace.math.umd.edu> |>The SunPCI should work in any PCI SPARC machine. It's quite hard (from all |>reports) to get it to talk to the machine that it's plugged into. IP and IPX seem to work fine from the PCI cards. FYI, the SunPCi OS needs to have a static route added to the routing tables in order for it to see the host. Tim -- Tim "Griffy" Strobell, griffy@math.umd.edu, (301) 405-8175 Assistant Sysadmin, Server Janitor, and Customer Service Associate Department of Mathematics, University of Maryland at College Park From mgeddes at xavier.sa.edu.au Wed Jul 26 00:20:56 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:49 2003 Subject: Username map problem! References: <002a01bff693$26d5bb70$23499a89@pclan2> Message-ID: <397E2EE8.A0BBF457@xavier.sa.edu.au> Makis Marmaridis wrote: > > > 99580793 = s9580793 > 99580807 = s9580807 > 99580810 = s9580810 > 99580823 = s9580823 > 99580966 = s9580966 > 99581464 = s9581464 > 99582366 = s9582366 > 99584069 = s9584069 > 99584610 = s9584610 > > > > * the username to the right is the unix one. Users will be using the one to > the left to logon. > each unix username has an account created in smbpasswd. Other way round. Unix to the Left, Windows to the Right. -- Matthew Geddes Network Manager Xavier College Gawler, SA From mushroom at innocent.com Wed Jul 26 01:15:34 2000 From: mushroom at innocent.com (satan) Date: Tue Dec 2 02:30:49 2003 Subject: Samba PDC and Jetadmin Message-ID: <397E3BB6.817AD268@innocent.com> Now I am in a deeper trouble, I have a sun e450 running solaris, and samba 2.0.7, My problem is that when a user send a job it prints ok, BUT the user cannot cancel his job, looking in the samba commands I saw that the cancel command is not working, it complains that cannot talk with the printer service. My suspect is the jet admin. Somebody has a advice in this subject? Wich command I have to put on smb.conf to cancel a job on jetadmin (hp). From I.Marmaridis at uws.edu.au Wed Jul 26 01:54:21 2000 From: I.Marmaridis at uws.edu.au (Makis Marmaridis) Date: Tue Dec 2 02:30:49 2003 Subject: Username map problem! In-Reply-To: <397E2EE8.A0BBF457@xavier.sa.edu.au> Message-ID: <003101bff6a4$6b0ee170$23499a89@pclan2> Thank you Matthew for your prompt reply, I have now changed the entries in the users.map file but it still behaves exactly the same way. It still refuses to open the file according to the log file entry. Any ideas...? Regards, Makis. -----Original Message----- From: mgeddes@mail.xavier.sa.edu.au [mailto:mgeddes@mail.xavier.sa.edu.au]On Behalf Of Matthew Geddes Sent: Wednesday, 26 July 2000 10:21 AM To: I.Marmaridis@uws.edu.au Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: Username map problem! Makis Marmaridis wrote: > > > 99580793 = s9580793 > 99580807 = s9580807 > 99580810 = s9580810 > 99580823 = s9580823 > 99580966 = s9580966 > 99581464 = s9581464 > 99582366 = s9582366 > 99584069 = s9584069 > 99584610 = s9584610 > > > > * the username to the right is the unix one. Users will be using the one to > the left to logon. > each unix username has an account created in smbpasswd. Other way round. Unix to the Left, Windows to the Right. -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Wed Jul 26 02:40:16 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:49 2003 Subject: Username map problem! References: <003101bff6a4$6b0ee170$23499a89@pclan2> Message-ID: <397E4F90.D627DD1B@xavier.sa.edu.au> Makis Marmaridis wrote: > > Thank you Matthew for your prompt reply, > > I have now changed the entries in the users.map file but it still behaves > exactly the same way. It still refuses to open the file according to the log > file entry. > > Any ideas...? Do you have the domain users map = line and domain group map line = set in your smb.conf? Check this. If not, the smb.conf man page and Lars' FAQ should be enough to show you how. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mhinzke at hinzke.de Tue Jul 25 19:32:55 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:49 2003 Subject: CVS Version and an workgroup Message-ID: <568760897.20000725213255@hinzke.de> Hello, I already posted my problem to this this, but I think you don't have understood me. I got some workstation on NT running in a workgroup called "HINZKE" on my samba-2.0.7 so, now I want to switch over to a domain called "HINZKE",too. So I installed samba-tng-cvs from sunday and joined with one of my nt client the domain "HINZKE". The other nt clients still are in the the workgroup "HINZKE". If I join the domain all works fine, but the workstations that are still in the workgroup cannot access the pdc, they can join the domain, but I want them to be in a workgroup. I want a workstation that is in the workgroup "HINZK" to access the shares of the PDC "HINZKE". I hope someone have understood me and can give me a hint! Sorry, for posting to this topic three times, but I cannot find any help on web or so ... :-( cu Magnus Hinzke LINUX, the only way to be free! -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From fricke at Team.OWL-Online.DE Wed Jul 26 09:58:55 2000 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:30:49 2003 Subject: Slow Motion Message-ID: Opening a file from the PDC over samba is VERY slow on my network. Are there any features to make it faster? I?m running samba 2.06 on a linux-machine. -------------------------------------- Mit freundlichen Gr??en Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51-115 http://team.owl-online.de/ ...keep on headbangin? , that rocks!!! From edevolder at eft.be Wed Jul 26 10:16:24 2000 From: edevolder at eft.be (EFT.Eric Devolder) Date: Tue Dec 2 02:30:49 2003 Subject: Need for FAQ & Howtos about samba-TNG + SWAT problems Message-ID: <1BC82160B665D31188B8009027A8EAB40BFEFD@woody.plasky.eft.be> Hello, I successfully managed to compile and binary install a samba-TNG. However, I feel completely disappointed with the new environment ( many more things than in samba 2.0.x ). I would like first to work with SWAT, but I'm always kicked off ! anyone an idea (as there are no logs for swat...) ? My access is always rejected (do I have to define an access in smbpasswd file ? ) In general, I have a *serious* lack of information. May someone please send some URLs to HOWTOs, FAQ, etc... ? (also, the archive of samba are no more accessible for the moment...) Enjoy samba, Regards, Eric. Note: This message and its attachements have been checked for viruses by InterScan VirusWall V3.4 From ed at schernau.com Wed Jul 26 10:24:38 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:49 2003 Subject: Need for FAQ & Howtos about samba-TNG + SWAT problems References: <1BC82160B665D31188B8009027A8EAB40BFEFD@woody.plasky.eft.be> Message-ID: <397EBC66.AE7267A4@schernau.com> "EFT.Eric Devolder" wrote: > I would like first to work with SWAT, but I'm always kicked off ! anyone an > idea (as there are no logs for swat...) ? My access is always rejected (do I > have to define an access in smbpasswd file ? ) I'd avoid SWAT. It has the nasty habit of removing your comments. It also will insert commands in your share defs if you use the "copy =" option, which means if you ever STOP using the "copy =" option, the entries are all still there. Stay away from the GUI, trust in the command line. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From jens.skripczynski at igd.fhg.de Wed Jul 26 10:40:04 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:30:49 2003 Subject: SUBSCRIBE In-Reply-To: ; from jon.erickson@neicoltech.org on Wed, Jul 26, 2000 at 08:42:48AM +1000 References: Message-ID: <20000726124004.A10437@igd.fhg.de> see: SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Mailinglist subscribtion Web Interface: http://lists.samba.org/cgi-bin/weblist Old Mailinglist digest http://us1.samba.org/listproc/samba-ntdom/ Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From mg at plum.de Wed Jul 26 10:41:25 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:49 2003 Subject: Need for FAQ & Howtos about samba-TNG + SWAT problems References: <1BC82160B665D31188B8009027A8EAB40BFEFD@woody.plasky.eft.be> Message-ID: <014001bff6ee$0c6c59a0$0201010a@defiant> > Hello, > > I successfully managed to compile and binary install a samba-TNG. However, I > feel completely disappointed with the new environment ( many more things > than in samba 2.0.x ). > > I would like first to work with SWAT, but I'm always kicked off ! anyone an > idea (as there are no logs for swat...) ? My access is always rejected (do I > have to define an access in smbpasswd file ? ) > > In general, I have a *serious* lack of information. May someone please send > some URLs to HOWTOs, FAQ, etc... ? (also, the archive of samba are no more > accessible for the moment...) IIRC swat does not work in TNG (even if, its pure coincidence ;) If you look for information, look in the following places: TNG Howto: http://www.kneschke.de/projekte/samba_tng/index.php3 TNG & LDAP http://www.unav.es/cti/ldap-smb-howto.html German doku: http://www.sambahq.de/ regards, Michael From mushroom at innocent.com Wed Jul 26 11:41:16 2000 From: mushroom at innocent.com (mushroom@innocent.com) Date: Tue Dec 2 02:30:49 2003 Subject: Samba PDC and Jetadmin Message-ID: <200007261141.IAA28257@pa06.conex.com.br> Yep, but I Cant cancel a print job that is queued.. > > > > >
>As far as I know the HP can only accept one TCP connection at a time.
>So...if you cannot cancel an active print job.  You should be able to cancel
>any that are queued after it though (that haven't been sent to the printer).
>I don't think this is a weakness of SAMBA -- it's HP's fault...
>
>________________________________________
>Michael D. Black   Principal Engineer
>mblack@csihq.com  321-676-2923,x203
>http://www.csihq.com  Computer Science Innovations
>http://www.csihq.com/~mike  My home page
>FAX 321-676-2355
>----- Original Message -----
>From: "satan" 
>To: "Multiple recipients of list SAMBA-NTDOM" 
>Sent: Tuesday, July 25, 2000 8:14 PM
>Subject: Samba PDC and Jetadmin
>
>
>Now I am in a deeper trouble, I have a sun e450 running solaris, and
>samba 2.0.7, My problem is that when a user send a job it prints ok, BUT
>the user cannot cancel his job, looking in the samba commands I saw that
>the cancel command is not working, it complains that cannot talk with
>the printer service. My suspect is the jet admin.
>Somebody has a advice in this subject? Wich command I have to put on
>smb.conf to cancel a job on jetadmin (hp).
>
>
> > > > From edevolder at eft.be Wed Jul 26 12:10:08 2000 From: edevolder at eft.be (EFT.Eric Devolder) Date: Tue Dec 2 02:30:49 2003 Subject: Was: Need for FAQ & Howtos about samba-TNG + SWAT problems Message-ID: <1BC82160B665D31188B8009027A8EAB40BFEFE@woody.plasky.eft.be> Hi again. Ok, for the moment I will forget about SWAT. Thank you for the links, but I already read them ! I found lots of information, but some is still missing... By the way, Here follow my wants. I would like to set up a PDC with SAMBA-PDC but only as an authentication server, and keep our samba 2.0.7 for file server & maybe print server (which deserves about 30 users and handles 4 printers). So, for the moment our samba 2.0.7 acts as a PDC, with the well-known problems due to the fact the emulation is not perfect ; I mean, there is no possibility to perform trust relationship, the fact that win2K cannot logon, etc... My questions are the following then: 1? If I want to setup my TNG, is it roughly the same as with samba 2.0.x ? ( meaning create users in Unix and then use smbpasswd utility to create workstations & users accounts ) ? Must I use domain group map and domain user map options in smb.conf with samba TNG ? 2? Is it possible with such a configuration to allow joining domain directly with the tools of Windows NT ? 3? How to establish a trust relationship with another domain ? 4? I think the printing routines are better with samba TNG. Is that true ? (closer to NT mode )? enabling printing is as with 2.0.x ? 5? What is the purpose of samedit ? Is this tool useful only for SAM replication between PDC and BDC ? I apologize for asking so much questions, and I appreciate your help. By the way, feel free to send me your config files (smb.conf especially), even more in the case you have the same kind of configuration. Thank you, Eric :) Note: This message and its attachements have been checked for viruses by InterScan VirusWall V3.4 From mg at plum.de Wed Jul 26 12:25:35 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:50 2003 Subject: Need for FAQ & Howtos about samba-TNG + SWAT problems References: <1BC82160B665D31188B8009027A8EAB40BFEFE@woody.plasky.eft.be> Message-ID: <018801bff6fc$992fc760$0201010a@defiant> > Hi again. > > Ok, for the moment I will forget about SWAT. > > Thank you for the links, but I already read them ! I found lots of > information, but some is still missing... > > By the way, Here follow my wants. I would like to set up a PDC with > SAMBA-PDC but only as an authentication server, and keep our samba 2.0.7 for > file server & maybe print server (which deserves about 30 users and handles > 4 printers). > > So, for the moment our samba 2.0.7 acts as a PDC, with the well-known > problems due to the fact the emulation is not perfect ; I mean, there is no > possibility to perform trust relationship, the fact that win2K cannot logon, > etc... > > My questions are the following then: > > 1? If I want to setup my TNG, is it roughly the same as with samba 2.0.x ? ( > meaning create users in Unix and then use smbpasswd utility to create > workstations & users accounts ) ? Must I use domain group map and domain > user map options in smb.conf with samba TNG ? Its about the same, but this IS in the links ;) you CAN use domain group map and domain user map, it's not mandantory ;) > 2? Is it possible with such a configuration to allow joining domain directly > with the tools of Windows NT ? (This should be also on the links I posted .. :) Yes. with TNG you can skip the smbpasswd -a -m machine$ part of the usre creation, if you specify the ROOT (*yuck* ... has to be as smbpasswd is allways -rw------ !!! :(((() user and password (you must add him to the smbpasswd, of course) > 3? How to establish a trust relationship with another domain ? ah .. that thing is *very* experimental, it was discussed not long ago here ... (how to make it work with CVS) > 4? I think the printing routines are better with samba TNG. Is that true ? > (closer to NT mode )? enabling printing is as with 2.0.x ? No. Printing is better in HEAD. HEAD and TNG printing is very simmilar (the same new code by JF :), with the difference that the TNG code is more buggy ;) (I did try the TNG printing some time ago, but ran into a couple of problems ...) > 5? What is the purpose of samedit ? Is this tool useful only for SAM > replication between PDC and BDC ? Samedit will hopefully replace the "smbpasswd" utility in TNG. it is a more "sane" version of rpcclient, and maybe even some sort of usrmgr.exe in a console app. > I apologize for asking so much questions, and I appreciate your help. By the > way, feel free to send me your config files (smb.conf especially), even more > in the case you have the same kind of configuration. regards, Michael From Christian.Heinz at nbg9.siemens.de Wed Jul 26 12:19:44 2000 From: Christian.Heinz at nbg9.siemens.de (Heinz Christian) Date: Tue Dec 2 02:30:50 2003 Subject: Samba PDC and Jetadmin Message-ID: <11DD9734B036D311947400805F0DD60774F4C7@nbgv101a.nbg9.siemens.de> Hi! your problem is not the jetdirect - it is instead the printing subsystem. if you use a kind of bsd lpr, then only root or the owner (user!) of the job can interact with it. so you have root:somegroup as permissions for all lpr queues and lpr/lpq/lpc knows via the print-control-file about the owner. via samba, this does not work if you have the printers shared for groups or you use user-mappings. have a look instead on lprng - there you can set up via /etc/lpd.conf which user(s) can control the queues. an side effect is that displaying print jobs in printmanager and pause/restart queues works also ;-) > ---------- > From: mushroom@innocent.com[SMTP:mushroom@innocent.com] > Reply To: mushroom@innocent.com > Sent: Mittwoch, 26. Juli 2000 13:41 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Re: Samba PDC and Jetadmin > > Yep, but I Cant cancel a print job that is queued.. > > > > > > > > > >
> >As far as I know the HP can only accept one TCP connection at a time.
> >So...if you cannot cancel an active print job.  You should be able to
> cancel
> >any that are queued after it though (that haven't been sent to the
> printer).
> >I don't think this is a weakness of SAMBA -- it's HP's fault...
> >
> >________________________________________
> >Michael D. Black   Principal Engineer
> >mblack@csihq.com  321-676-2923,x203
> >http://www.csihq.com  Computer
> Science Innovations
> >http://www.csihq.com/~mike  My
> home page
> >FAX 321-676-2355
> >----- Original Message -----
> >From: "satan" 
> >To: "Multiple recipients of list SAMBA-NTDOM" 
> >Sent: Tuesday, July 25, 2000 8:14 PM
> >Subject: Samba PDC and Jetadmin
> >
> >
> >Now I am in a deeper trouble, I have a sun e450 running solaris, and
> >samba 2.0.7, My problem is that when a user send a job it prints ok, BUT
> >the user cannot cancel his job, looking in the samba commands I saw that
> >the cancel command is not working, it complains that cannot talk with
> >the printer service. My suspect is the jet admin.
> >Somebody has a advice in this subject? Wich command I have to put on
> >smb.conf to cancel a job on jetadmin (hp).
> >
> >
> > > > > > > > > From yugami at monochromatic.net Wed Jul 26 22:00:11 2000 From: yugami at monochromatic.net (Marc Britten) Date: Tue Dec 2 02:30:50 2003 Subject: subscribe Message-ID: <01a101bff74c$e1d5bec0$a3fca8c0@cybernetusa.com> just in case you read this, i can't get subscribed to the list, and I REALLY NEED TOO. thanks From pjdc at eircom.net Wed Jul 26 22:20:14 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:50 2003 Subject: subscribe In-Reply-To: "Marc Britten"'s message of "Thu, 27 Jul 2000 07:55:00 +1000" References: <01a101bff74c$e1d5bec0$a3fca8c0@cybernetusa.com> Message-ID: >>>>> "Marc" == Marc Britten writes: Marc> just in case you read this, i can't get subscribed to the Marc> list, and I REALLY NEED TOO. >From http://www.samba.org/listproc/: Subscribing To subscribe to one of the mailing lists send an email to listproc@samba.org with no subject and a body of "subscribe listname Your Full Name". You should receive a welcome message back within a few minutes. Goodnight. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From mgeddes at xavier.sa.edu.au Thu Jul 27 00:31:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:50 2003 Subject: SAMEDIT commands Message-ID: <397F82F5.14D39642@xavier.sa.edu.au> Hi, I'm looking for the samedit commands needed to: a) enable/disable a user account b) join a domain as a BDC c) join a domain as a workstation/member server Can anyone help? Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From pjdc at eircom.net Thu Jul 27 00:54:01 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:50 2003 Subject: SAMEDIT commands In-Reply-To: Matthew Geddes's message of "Thu, 27 Jul 2000 10:14:22 +1000" References: <397F82F5.14D39642@xavier.sa.edu.au> Message-ID: >>>>> "Matthew" == Matthew Geddes writes: Matthew> Hi, Matthew> I'm looking for the samedit commands needed to: Matthew> a) enable/disable a user account Not sure how to do it from samedit, but you can disable a user account by overwriting the first space in the [...] part of the smbpasswd line with a captial letter D. I'm not sure if the order of the flags is significant; I created a new domain user, and the flags were NDU. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From mgeddes at xavier.sa.edu.au Thu Jul 27 01:14:24 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:50 2003 Subject: SAMEDIT commands References: <397F82F5.14D39642@xavier.sa.edu.au> Message-ID: <397F8CF0.5E14D928@xavier.sa.edu.au> Paul J Collins wrote: > Not sure how to do it from samedit, but you can disable a user account > by overwriting the first space in the [...] part of the smbpasswd line > with a captial letter D. I'm not sure if the order of the flags is > significant; I created a new domain user, and the flags were NDU. Yeah, Got that one, but I want to play around a bit with the TDB stuff. I think it might be samuserset2 with some options. I'm checking the source as we speak to see what I can find, but I'm no programmer, so it may take a while. I promise to update the manual for anything I find ;-). Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Thu Jul 27 01:45:17 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:50 2003 Subject: SAMEDIT commands References: <397F82F5.14D39642@xavier.sa.edu.au> <397F8CF0.5E14D928@xavier.sa.edu.au> Message-ID: <397F942D.F1C8C8E1@xavier.sa.edu.au> Matthew Geddes wrote: I really do feel like a dickhead replying to my own posting, but anyway > Yeah, Got that one, but I want to play around a bit with the TDB stuff. > I think it might be samuserset2 with some options. I'm checking the > source as we speak to see what I can find, but I'm no programmer, so it > may take a while. I promise to update the manual for anything I find The command to enable an account that has been disabled is: samuserset2 -c 1 and to disable an account: samuserset2 -s 1 I'll find out the rest and send a diff of the man pages.... Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Thu Jul 27 03:09:10 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:50 2003 Subject: Manual pages for SAMEDIT Message-ID: <397FA7D6.90A735FC@xavier.sa.edu.au> Hi, For those of you who desperately need to use the createuser, samuserset and samuserset2 commands, I have written some updates to the man pages. You can find them at http://woftam.xavier.sa.edu.au/~mgeddes/ . Elrond/Luke: I will do a diff and send 'em across at some stage soon. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From zen at t-linux.com Thu Jul 27 15:00:25 2000 From: zen at t-linux.com (ZEN) Date: Tue Dec 2 02:30:50 2003 Subject: rpcclient's manual In-Reply-To: <397F82F5.14D39642@xavier.sa.edu.au> References: <397F82F5.14D39642@xavier.sa.edu.au> Message-ID: <00072711034900.00858@odin.valhalla.net> Hello all, I've noticed in the recent stable version of Samba-2.0.7 there hasn't been a manual for rpcclient. Is there anyone willing to write it? Or does it need any help? I'll be glad to do that... -- Morpheus : There is a difference between knowing the path and walking the path ZEN O->^ (el GUAY) ======================== From simo.sorce at polimi.it Thu Jul 27 07:09:10 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:50 2003 Subject: subscribe References: <01a101bff74c$e1d5bec0$a3fca8c0@cybernetusa.com> Message-ID: <397FE016.195E3F21@polimi.it> Paul J Collins wrote: > > >>>>> "Marc" == Marc Britten writes: > > Marc> just in case you read this, i can't get subscribed to the > Marc> list, and I REALLY NEED TOO. > > >From http://www.samba.org/listproc/: > > Subscribing > > To subscribe to one of the mailing lists send an email to > listproc@samba.org with no subject and a body of "subscribe > listname Your Full Name". You should receive a welcome message back > within a few minutes. > > Goodnight. There may be a problem Paul. I'm subscribed to samba-ntdom and yesterday I've sent a mail to listproc to subscribe myself also to samba generic list but have not received any reply nor confirmation messages! Is there something wrong with listproc? Can the maintainer control what happens? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From s.striker at striker.nl Thu Jul 27 07:44:41 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:30:50 2003 Subject: subscribe In-Reply-To: <397FE016.195E3F21@polimi.it> Message-ID: > General information about the mailing list is at: > > http://us4.samba.org/mailman/listinfo/samba-cvs [...] > You can also make such adjustments via email by sending a message to: > > samba-cvs-request@samba.org And for the other lists too I believe, just substitute samba-cvs for another mailing list. Tim replaced the listservers some time ago, he is probably the one who knows all details when it comes to migration of users from listproc to mailman. Sander Striker >Paul J Collins wrote: >> >> >>>>> "Marc" == Marc Britten writes: >> >> Marc> just in case you read this, i can't get subscribed to the >> Marc> list, and I REALLY NEED TOO. >> >> >From http://www.samba.org/listproc/: >> >> Subscribing >> >> To subscribe to one of the mailing lists send an email to >> listproc@samba.org with no subject and a body of "subscribe >> listname Your Full Name". You should receive a welcome message back >> within a few minutes. >> >> Goodnight. > >There may be a problem Paul. >I'm subscribed to samba-ntdom and yesterday I've sent a mail to listproc >to subscribe myself also to samba generic list but have not received any >reply nor confirmation messages! >Is there something wrong with listproc? >Can the maintainer control what happens? > >-- >Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano >E-mail: simo.sorce@polimi.it >Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 >----------------------------------------------------------------- >Be happy, use Linux! > From yugami at monochromatic.net Thu Jul 27 14:09:33 2000 From: yugami at monochromatic.net (Marc Britten) Date: Tue Dec 2 02:30:50 2003 Subject: subscribe Message-ID: <020d01bff7d4$4d3f3a60$a3fca8c0@cybernetusa.com> perhaps i should have been more explicit. I have sent in total 5 emails to listproc@samba.org with the correct formatting from 2 different accounts(ok, one had bad formatting, i stuck everything in the subject JIC) and have not heard a peep back. I've recieved lots of other mail through both accounds so i know that they are working properly. thanks, marc >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> There may be a problem Paul. I'm subscribed to samba-ntdom and yesterday I've sent a mail to listproc to subscribe myself also to samba generic list but have not received any reply nor confirmation messages! Is there something wrong with listproc? Can the maintainer control what happens? From yugami at monochromatic.net Thu Jul 27 14:25:56 2000 From: yugami at monochromatic.net (Marc Britten) Date: Tue Dec 2 02:30:50 2003 Subject: TNG server not showing up in Domain list Message-ID: <021301bff7d6$96b8f8f0$a3fca8c0@cybernetusa.com> ok, i have domain1 and domain2 domain1 is controlled by actual NT servers, it is the domain i am currently logged into. domain2 is controled by a samba-tng(from the SAMBA_TNG tag in cvs) server configed as a pdc as per the faq at http://www.kneschke.de/projekte/samba_tng/index.php3 I go into network neighborhood, and everything shows up peachy, domain2 is there and i can browse it(the samba pdc is pointed to the wins server in domain1) if i go to look at the pdc i have to login, but login works fine(using encryped passwords). I pull up server manager or user manager for domains and goto file/select domain and domain2 does not show up. attached is my smb.conf, its basicly the default slightly modified to exist the way i want it to. oh, and make sure to include me in the replies because i cannot get subscribed to the list. thanks, marc britten From c.d.r.hines at reading.ac.uk Thu Jul 27 15:07:03 2000 From: c.d.r.hines at reading.ac.uk (Chris Hines) Date: Tue Dec 2 02:30:50 2003 Subject: Samba Domains & Password authenication Message-ID: I would like to use samba as an NT domain controller for NT 4 & Windows 9X and posibly windows 2000. I have configured samba 2.0.7 and samba NTG as domain controllers and they seem to work. We wish our users to use a single password accross UNIX & windows which are copied from a central NIS map managed by the University. Some time in the future the university intends to start and active directory and provide us with a windows password server. Using the plain text registry update I was hopping to get samba to 1) validate machine passwords from the smbpassword file 2) validate user passwords from NIS or later from a password server Is this posible? Does the samba architure already do this or is there some documentation around which would point me to correct region of the code to do this? As for windows 2000, is samba TNG stable enought to use as a domain controller? It seem to work well enought with the two machines I tested with. Many thanks for your help. Chris From yugami at monochromatic.net Thu Jul 27 16:04:53 2000 From: yugami at monochromatic.net (Marc Britten) Date: Tue Dec 2 02:30:51 2003 Subject: TNG server not showing up in Domain list Message-ID: <023c01bff7e4$72d689d0$a3fca8c0@cybernetusa.com> just relized i didn't do the attachment -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 10775 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000727/caaa63b8/smb.obj From memphis_ms at gmx.net Thu Jul 27 16:54:26 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:30:51 2003 Subject: Samba Domains & Password authenication References: Message-ID: <39806942.FBAD16C3@gmx.net> Hi, my understanding is that the best bet is to activate unix password synchronising, which makes sure that if smbpasswd changes the password, the underlying UNIX does, too. If you then also use smbpasswd to change UNIX passwords, then the passwords are synchronized. Plain passwords are a possibility, but not a desirable one. My question now is: With your system, does the local unix communicate any password changes back to the NIS? If so, it should be fine. If not, probably not. Raoul Chris Hines wrote: > I would like to use samba as an NT domain controller for NT 4 & Windows 9X > and posibly windows 2000. I have configured samba 2.0.7 and samba NTG as > domain controllers and they seem to work. > > We wish our users to use a single password accross UNIX & windows which > are copied from a central NIS map managed by the University. Some time in > the future the university intends to start and active directory and > provide us with a windows password server. > > Using the plain text registry update I was hopping to get samba to > 1) validate machine passwords from the smbpassword file > 2) validate user passwords from NIS or later from a password server > > Is this posible? Does the samba architure already do this or is there some > documentation around which would point me to correct region of the code to > do this? > > As for windows 2000, is samba TNG stable enought to use as a domain > controller? It seem to work well enought with the two machines I tested > with. > > Many thanks for your help. > > Chris > From icoupeau at unav.es Thu Jul 27 17:57:10 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:30:51 2003 Subject: ldap utilities Message-ID: <398077F6.73923A5C@unav.es> I added several scripts for populate the ldap-database http://www.unav.es/cti/ldap-smb/ldap-smb-TNG-howto.html (the ldap schema may change) or http://www.unav.es/cti/ldap-smb/ldap-smb-HEAD-howto.html they are simple, but may help (I hope). Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From kevinc at grainsystems.com Thu Jul 27 18:18:32 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:51 2003 Subject: Samba Domains & Password authenication References: <39806942.FBAD16C3@gmx.net> Message-ID: <39807CF8.42B32D91@grainsystems.com> As I understand it, you will have to run TNG on the NIS master in order to get the NT hashes and NIS to be properly synchronized. (An NIS client will not be allowed to change a password without knowing the cleartext old password--something Samba will not know.) Then you can run 2.0.x file servers in addition, and you won't have to run around applying a registry patch to NT workstations. In fact, is there even a clear-text registry hack for Win2000? - Kevin Colby kevinc@grainsystems.com Raoul Schroeder wrote: > > Hi, > > my understanding is that the best bet is to activate unix password > synchronising, which makes sure that if smbpasswd changes the password, the > underlying UNIX does, too. > If you then also use smbpasswd to change UNIX passwords, then the passwords > are synchronized. > Plain passwords are a possibility, but not a desirable one. > > My question now is: With your system, does the local unix communicate any > password changes back to the NIS? If so, it should be fine. If not, probably > not. > > Raoul > > Chris Hines wrote: > > > I would like to use samba as an NT domain controller for NT 4 & Windows 9X > > and posibly windows 2000. I have configured samba 2.0.7 and samba NTG as > > domain controllers and they seem to work. > > > > We wish our users to use a single password accross UNIX & windows which > > are copied from a central NIS map managed by the University. Some time in > > the future the university intends to start and active directory and > > provide us with a windows password server. > > > > Using the plain text registry update I was hopping to get samba to > > 1) validate machine passwords from the smbpassword file > > 2) validate user passwords from NIS or later from a password server > > > > Is this posible? Does the samba architure already do this or is there some > > documentation around which would point me to correct region of the code to > > do this? > > > > As for windows 2000, is samba TNG stable enought to use as a domain > > controller? It seem to work well enought with the two machines I tested > > with. > > > > Many thanks for your help. > > > > Chris > > From mushroom at innocent.com Thu Jul 27 18:24:59 2000 From: mushroom at innocent.com (mushroom@innocent.com) Date: Tue Dec 2 02:30:51 2003 Subject: Cancel Print Jobs Message-ID: <200007271824.PAA12188@pa06.conex.com.br> Hi, in my enviroment we need that a third person like a teacher be able to cancel the printer jobs from the students. How this is possible, I try to put admin user = teacher or domain admin user = teacher but when I put this even the student cannot cancel his job. Theres a solution to another person cancel a job that comes from another user? From memphis_ms at gmx.net Thu Jul 27 18:43:54 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:30:51 2003 Subject: Samba Domains & Password authenication References: <39806942.FBAD16C3@gmx.net> <39807CF8.42B32D91@grainsystems.com> Message-ID: <398082EA.A54EFE14@gmx.net> > Then you can run 2.0.x file servers in addition, and you won't > have to run around applying a registry patch to NT workstations. > In fact, is there even a clear-text registry hack for Win2000? ftp://ftp.samba.org/pub/samba/docs/Win2000_PlainPassword.reg From emaciel at gravatai.ulbra.tche.br Thu Jul 27 20:08:11 2000 From: emaciel at gravatai.ulbra.tche.br (Eduardo) Date: Tue Dec 2 02:30:51 2003 Subject: No subject Message-ID: <007601bff806$64eb55e0$0401010a@ulbra.tche.br> confirm 805970 -------------- next part -------------- HTML attachment scrubbed and removed From rsorenson30 at netscape.net Thu Jul 27 20:34:20 2000 From: rsorenson30 at netscape.net (rsorenson30@netscape.net) Date: Tue Dec 2 02:30:51 2003 Subject: Moving NT users to Samba PDC Message-ID: <5436B6DC.4C2CED96.52FAC810@netscape.net> I am looking to move my existing NT PDC to a Samba PDC. Is it possible to move my users and password from my NT PDC to the new Samba PDC ? I am not looking forward to the thought that I may have to do manual entry. Any of the reading on the mailing lists and Samba docs do not mention, how to move an existing NT PDC to a Samba PDC. If there is some help out there it would be much appreciated. thanks ---------- Get your own FREE, personal Netscape Webmail account today at http://home.netscape.com/webmail/ From johan.ostensson at orebro.lantmen.se Mon Jul 31 06:59:20 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:51 2003 Subject: stupid list! Message-ID: <20000731065639Z27329057-25578+28690@samba.org> wtf is wrong with the list? I've got some mails 4-5 times now! And a losta errormsgs too! irritating! ;-/ /johan --- Johan ?stensson johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) From serina at ing.unibs.it Mon Jul 31 07:33:28 2000 From: serina at ing.unibs.it (Ivan Serina) Date: Tue Dec 2 02:30:51 2003 Subject: password server = NTSERVER Message-ID: <39852BC8.2C009DD5@ing.unibs.it> Hi everybody! I'm using a Samba 2.0.7 PDC for controlling my network with Win95 and WinNT clients. This seems to work well (although I'm having some problems with the printers configurations) Now I also need to use a Win2000 Terminal Server but samba doesn't authenticate the users. Is it correct to use a win2000 PDC server and " password server =NTSERVER" for samba? Does it work? (Does Samba work with the Win200 Server?) Are there any other "stable" solutions? Thank you in advance Ivan Serina From simo.sorce at polimi.it Mon Jul 31 08:02:36 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:52 2003 Subject: Migrating from NT to Samba: Managing non-roaming profiles. References: <39834F3B.20021.69B54B@localhost> Message-ID: <3985329C.62A5B520@polimi.it> Frank Fuerst wrote: > > I'm not sure wether this is a samba-specific question at all, but, > since migrating from NT to Samba appears to be common for Samba- > users, I hope there's somebody in the list who has encountered the > same problems... > > We have a small domain with an NT PDC and don't use roaming > profiles (because the software installed on the different PC's is really > quite different, as is the work that is usually done on a particular > machine). Now I've migrated a test Win95 and a test NT Workstation > to the new domain. With the Win95 PC everything goes well. > > But on the NT Wks, a new Profile named user.000 is created (just as > if the same login name also existed for local logons). The question > now is, how do I get every user to see his/her familiar profile when > logging in to the new domain? This happens because even if the username is equal the user's SID is different, so the accounts are different. > > Is it possible to just copy the file NTuser.dat and the directories from > user to user.000, and then delete user? No, don't do this. In NTUser.dat files there are the user's registry portions. These registry have permissions (as files) and copying over other users registry may led to an unusable account becuse of wrong permissions on registry. > > Or is there any other possibility? You may do the following (not really secure anyway). Open every users registry loading the NTUSER.DAT of every user on a custom registry key (hive) with regedt32 (not regedit). Change the ownership of all the registry owned by the previous user to everyone (This is because with samba 2.0.x you cannot retrieve the users list in regedt32. If you are using samba TNG and you see the list of users replace with the correct user). save the hive on the NTUSER.DAT of the correct user. Change also the ownership on the profile's files. > > I asume that it is not possible, or at least wouldn't help, to just turn > off the old PDC and use the old domain's name for the Samba > domain? Useless in effect. > > TIA, Frank > -- > Frank Fuerst, Institut fuer Biochemie und Biologie der Uni Potsdam > Karl-Liebknecht-Str. 24-25, Haus 25, 14476 Golm > Tel.: +49-331-977-5244; Fax.: +49-331-977-5062 > ffrank@rz.uni-potsdam.de Good Luck, Simo -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Mon Jul 31 08:06:38 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:52 2003 Subject: WINS query References: Message-ID: <3985338E.6924713E@polimi.it> Leo Lahav wrote: > > Dear Sir, > > I came accross your message in the SAMBA newsgroup and it seemed to me that > you know a lot about browsing. I currecntly run a WINS server in a 2000+ > machine nework, however, browsing in windows sucks! it takes forever for > all hte machines to appear (15) and most of the time not all machines do > appear. my question is actually composed of two parts > > 1) is there a way to get Network Neighborhood to show ALL computers on the > network which it gets from the WINS server, even after 1 hour, you sitll > only see a fraction of the computers (No, the WINS database is not > corrupted) Are you sure all the machines register himself to the wins server? (Have you set the wins server on every machine in the network properties?) Do all of you clients be always on? > > 2) Most imporantly!! - is there a way to QUERY the NT WINS server for ALL > of it registered computers... ??? If I remember correctly there's somewhere in control panel a WINS tab when you activate the wins server service. There you should see all the registered machines. > > Thanks in advance, > > leo > leoman@tamu.edu -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Mon Jul 31 08:08:52 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:52 2003 Subject: Domains, browse lists and profile permissions References: <200007281752.TAA02729@jupiter.informatik.umu.se> Message-ID: <39853414.20E35CCD@polimi.it> HOW MANY MESSAGES ARE YOU GOING TO SEND US? From simo.sorce at polimi.it Mon Jul 31 08:15:01 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:52 2003 Subject: Problem with the maps References: <000001bff893$3f9259a0$6e320180@charlielabtop> Message-ID: <39853585.5877DFF0@polimi.it> Karl-Heinz Schulz wrote: > > Samba 2.07 > > I have the following settings: > > directory mask 02770 > force directory mode 02770 > > create mask 0660 > force create mode 0660 > > I have the problem that whenever a file is saved the ownership changes to > the "main" group of the last user. > > How can I really force the ownership only to the "sales" group? > > Thank you This needs a UNIX solution and not a samba one. Simply put the suid bit on directory 's group permission. Ex: if you need to store files from many users in the directory /home/contracts and want them to all be saved as group sales do the following: Give the directory the group ownership of sales: -> chown .sales /home/contracts Then give the directory the suid bit on group: -> chmod g+s /home/contracts >From now every file created has his group set to "sales". Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Mon Jul 31 08:20:36 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:52 2003 Subject: stupid list! References: <20000731065639Z27329057-25578+28690@samba.org> Message-ID: <398536D4.C75E2878@polimi.it> Johan ?stensson wrote: > > wtf is wrong with the list? I've got some mails 4-5 times now! And a losta > errormsgs too! > > irritating! ;-/ > > /johan > > --- > Johan ?stensson > johan.ostensson@orebro.lantmen.se (work) > johan.ostensson@swipnet.se (home) Something is wrong, but this is not the common behaviour of this lists. However, it is not pleasant!!! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From johan.ostensson at orebro.lantmen.se Mon Jul 31 08:37:48 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:52 2003 Subject: Warning: message 13HqEo-0004fK-00 delayed 48 hours Message-ID: <20000731083443Z27329059-25578+28812@samba.org> I don't want this... Any listadmins awake? /johan > -----Ursprungligt meddelande----- > Fr?n: Mail Delivery System [mailto:Mailer-Daemon@netscapeonline.co.uk] > Skickat: den 29 juli 2000 18:24 > Till: johan.ostensson@orebro.lantmen.se; samba-ntdom@samba.org > ?mne: Warning: message 13HqEo-0004fK-00 delayed 48 hours > > > This message was created automatically by mail delivery software. > > A message that you sent has not yet been delivered to all of > its recipients > after more than 48 hours on the queue on > mailserver.netscapeonline.co.uk. > > The message identifier is: 13HqEo-0004fK-00 > The subject of the message is: Re: TNG server not showing up > in Domain list > The date of the message is: Fri, 28 Jul 2000 02:00:20 +1000 > > The address to which the message has not yet been delivered is: > > mtsconsultancy@[194.200.20.41] > > No action is required on your part. Delivery attempts will > continue for > some time, and this warning may be repeated at intervals if > the message > remains undelivered. Eventually the mail delivery software > will give up, > and when that happens, the message will be returned to you. > From holm at informatik.umu.se Mon Jul 31 08:38:37 2000 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Tue Dec 2 02:30:52 2003 Subject: Domains, browse lists and profile permissions Message-ID: <200007310838.KAA12597@jupiter.informatik.umu.se> > Date: Mon, 31 Jul 2000 10:08:52 +0200 > From: Simo Sorce > X-Accept-Language: en > To: ?ke Holmlund > CC: samba-ntdom@samba.org > Subject: Re: Domains, browse lists and profile permissions > Content-Transfer-Encoding: 7bit > Content-Transfer-Encoding: 7bit > > HOW MANY MESSAGES ARE YOU GOING TO SEND US? Tried to send it twice on friday and got error messages saying it couldn't be delivered. Today it pops up all over the place :-( The listserver isn't 100% healthy right now! /?H From ffrank at rz.uni-potsdam.de Mon Jul 31 09:07:42 2000 From: ffrank at rz.uni-potsdam.de (Frank Fuerst) Date: Tue Dec 2 02:30:52 2003 Subject: Migrating from NT to Samba: Managing non-roaming profiles. In-Reply-To: <39834F3B.20021.69B54B@localhost> Message-ID: <39855DFE.10785.5F766B@localhost> Hi all, I must apologize for this "mailbombing" - I sent the first mail just after I subscribed to the list and got an error message, so I thought I was not yet allowed to mail to the list. And tried again later, got an other message, and tried a third time. This accounts only for three copies of the mail, I guess the other ones are due to our postmaster - the network connections where totally messed up yesterday. But you've had your revenge: For every mail I sent, I got at least 5 back, telling me my message had been forwarded to somebody I don't know, or was undeliverable... Sorry for the inconvenience, Frank -- Frank Fuerst, Institut fuer Biochemie und Biologie der Uni Potsdam Karl-Liebknecht-Str. 24-25, Haus 25, 14476 Golm Tel.: +49-331-977-5244; Fax.: +49-331-977-5062 ffrank@rz.uni-potsdam.de From s.striker at striker.nl Mon Jul 31 09:11:54 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:30:52 2003 Subject: Patience, WAS: RE: stupid list! In-Reply-To: <398536D4.C75E2878@polimi.it> Message-ID: Hi, Everyone, please be patient while the list is being fixed. Tim is working on it and everything will be fine. You just have to show a little patience. It is indeed very annoying to see several messages over and over again, but imagine what would happen if everbody on this list would start complaining about it... So please don't. Tim is aware of the problem, so no need to contact him or other members about this particular list problem. Thanks for your attention and understanding, Sander Striker From gerry at mccb.org Mon Jul 31 06:16:19 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:30:52 2003 Subject: Difference between Samba 2.0.x and TNG? In-Reply-To: <20000725185550.G5344@laplace.math.umd.edu> Message-ID: <4.3.1.1.20000731121451.00a7a660@mail.mccb.org> A simple question, but until I started reading this list, I didn't know TNG existed. What are the differences between the two? If there is a document that explains this, I'll be glad to read it. Thanks, Gerry Kirk From c.d.r.hines at reading.ac.uk Mon Jul 31 10:05:57 2000 From: c.d.r.hines at reading.ac.uk (Chris Hines) Date: Tue Dec 2 02:30:52 2003 Subject: Samba Domains & Password authenication In-Reply-To: Message-ID: Many thanks for the reply I have recieved on this. Unfortunatly the password database NIS password database is owned and updated by a different department so there is no way I can synchronise the passwords. I have tried looking at the domain login code to try to make it work against nis passwords. I have applied the plain text password registry change on the NT workstation, modified the source code so that it does not exit on an invalid password in smbpassword and calls net_login_inveractive in rpc_server/srv_netlog.c. I was expecting to find a plain text version of the users password in NET_ID_INFO_1 *id1 which I could then compare against NIS, however I can't find one. Is it posible to get a passsword to compare against UNIX password when it connects to the domain? If so what am I missing. Many thanks for all your help. Chris On Thu, 27 Jul 2000, Chris Hines wrote: > > I would like to use samba as an NT domain controller for NT 4 & Windows 9X > and posibly windows 2000. I have configured samba 2.0.7 and samba NTG as > domain controllers and they seem to work. > > We wish our users to use a single password accross UNIX & windows which > are copied from a central NIS map managed by the University. Some time in > the future the university intends to start and active directory and > provide us with a windows password server. > > Using the plain text registry update I was hopping to get samba to > 1) validate machine passwords from the smbpassword file > 2) validate user passwords from NIS or later from a password server > > Is this posible? Does the samba architure already do this or is there some > documentation around which would point me to correct region of the code to > do this? > > As for windows 2000, is samba TNG stable enought to use as a domain > controller? It seem to work well enought with the two machines I tested > with. > > Many thanks for your help. > > > Chris > > > > From david at contract.plus.com Mon Jul 31 02:33:17 2000 From: david at contract.plus.com (David Lester) Date: Tue Dec 2 02:30:53 2003 Subject: WINS query Message-ID: <61B79939594ED4118F3B00A024550454382F@NTSERVER1> -----Original Message----- From: Leo Lahav [ mailto:leoman@tamu.edu ] Sent: 30 July 2000 03:46 To: samba-ntdom@samba.org Subject: WINS query Dear Sir, I came accross your message in the SAMBA newsgroup and it seemed to me that you know a lot about browsing. I currecntly run a WINS server in a 2000+ machine nework, however, browsing in windows sucks! it takes forever for all hte machines to appear (15) and most of the time not all machines do appear. my question is actually composed of two parts 1) is there a way to get Network Neighborhood to show ALL computers on the network which it gets from the WINS server, even after 1 hour, you sitll only see a fraction of the computers (No, the WINS database is not corrupted) Is the network in a domain or in a workgroup ? Is the workgroup/domain name in the workgroup entry of the network neighbour hood (2nd Tab Page) ? Is the WINS SERVER setting ip address in all the machines (TCP/IP protocol) ? Are you using TCP/IP on its own (advised if possible) ? Other protocols tend to slow it down. David 2) Most imporantly!! - is there a way to QUERY the NT WINS server for ALL of it registered computers... ??? Computer Manager on the WINS Server if it's set up right. Thanks in advance, leo leoman@tamu.edu -------------- next part -------------- HTML attachment scrubbed and removed From bgmilne at ing.sun.ac.za Mon Jul 31 12:24:14 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:53 2003 Subject: Migrating from NT to Samba: Managing non-roaming profiles. References: <39834F3B.20021.69B54B@localhost> <3985329C.62A5B520@polimi.it> <39855EBD.3D9781B2@ing.sun.ac.za> <39855F60.A7E7BADD@polimi.it> Message-ID: <39856FEE.9785C325@ing.sun.ac.za> I have done this successfully on most of the machines I have joined, running with 2.0.7. My user list has died (is static). Is this what you meant? Is there any way to get it going again ???? Simo Sorce wrote: > > Buchan Milne wrote: > > > > You should also be able to copy the profile from the Control Panel -> > > System -> User Profiles, just remember to set who can use the profile. > > > > This is the way I have been copying profiles to the samba 2.0.x PDC when > > migrating to a domain. I now only have one problem, in that I can't do > > it for users who I have just added to the domain, since they don't apear > > on the user list for the domain. I am still waiting for someone to reply > > on that issue! > > > > Buchan > > > Yes, this would be the prefferred way, but as in 2.0.x PDC support is > limited, you cannot have the users browsing list, so it is nearly > impossible to use this method. > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From john at taalee.com Mon Jul 31 13:26:20 2000 From: john at taalee.com (John Taylor) Date: Tue Dec 2 02:30:53 2003 Subject: NetApp Filer and Samba In-Reply-To: <00ea01bffaf1$fad18280$51fb5ba5@tamu.edu>; from oakie@tamu.edu on Mon, Jul 31, 2000 at 08:18:24AM -0500 References: <20000729225044.A76008@taalee.com> <00ea01bffaf1$fad18280$51fb5ba5@tamu.edu> Message-ID: <20000731092620.A98112@taalee.com> We are using: NetApp Release 5.3.5R3: Thu Jun 15 10:49:14 PDT 2000 I tried to do a tcpdump( the one w/ smb support) and it looks like it is looking for a service called MAILSLOT. Maybe this is the serivce that was not found?? Also, I can't get the cifs setup to complete. I get this message: Enter the NT Domain for the filer: LABS CIFS server is beginning domain installation. CIFS server is locating PDC. CIFS - Primary Domain Controller must be active for installation. CIFS local server is shutting down... Mon Jul 31 13:14:20 GMT [rc]: Connection with DC \\SPECTRUM terminated On Mon, Jul 31, 2000 at 08:18:24AM -0500, Kenneth Oakeson wrote: > Are you using WINS. If not then it won't be able to fine the name romeo. You > might have to use DNS or straight IP. Also, check to see what version of > the OnTap software you are running. So far versions 5.3.2R1P1 and 5.3.4R1 > don't work with samba. The last letter on a file will be cut off. > > > Kenneth Oakeson > Microcomputer Specialist > LAN Systems Support > Texas A&M University > *************************** > Office: 862-1631 > email: oakie@tamu.edu > *************************** > > ----- Original Message ----- > From: "John Taylor" > To: > Sent: Saturday, July 29, 2000 9:50 PM > Subject: NetApp Filer and Samba > > > > > > > > We just purchased two NetApp Filer 720's with cifs and nfs modules. We do > > not have a true NT PDC server, but use a cvs version from 10/99 of samba > on > > linux as our PDC. This works very well for us, but not with the filer. > > > > We also tried samba-tng-alpha.2.5.3, with no luck either. > > The message in the log.smb (for tng 2.5.3) says this: > > > > log.smb:romeo (192.168.11.5) couldn't find service > > (romeo is the name of the filer) > > > > Is there a version of samba that will work with the filer? > > > > Thanks, > > John > > > > -- > > > > John Taylor Taalee, Inc. > > john@taalee.com 706 353 1484 x 206 > > Systems Analyst http://www.taalee.com/ > > > -- John Taylor Taalee, Inc. john@taalee.com 706 353 1484 x 206 Systems Analyst http://www.taalee.com/ From Bielenberg at t-online.de Mon Jul 31 14:09:54 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:30:53 2003 Subject: not accessible References: <008301bffa96$b31aa710$1e2cc382@rodgers> Message-ID: <398588B2.84775639@t-online.de> Chandra schrieb: > I have a query on accessing a Unix box from NT using the samba setup. > Samba is running of a Unix box called Unx and accessed by NT clientIn > the smb.conf configuratio file, I have used the following setting. > > Option 1 > > [u/user] > > path = /u/user > > force group = mine > > writable = yes > > create mask = 0770 > > preserve case = yes > > > > Option 2 > > [u/user] > > path = /u/user > > admin users = user > > writable = yes > > preserve case = yes > > The user is a member of the mine group. The Unix permissions are set > to Owner - user, group - mine and the mode is 0770. But when I try to > access the share point I get the followin error. > > \\server/u/user is not accessible > > The network name cannot be found > > There are other mounting point with different setting that seem to > work, which means samba is working and able to access. > > What am I doing wrong. > > Thanks > chandra did you try \\server\u/user? remember, you're on the DOS-side of life. maybe 'u/user' is not a clever name for a share, try something without '/' in it. regards G?nter From jeremy at valinux.com Mon Jul 31 16:54:59 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:53 2003 Subject: NetApp Filer and Samba References: <20000729225044.A76008@taalee.com> Message-ID: <3985AF63.E64200E5@valinux.com> John Taylor wrote: > > We just purchased two NetApp Filer 720's with cifs and nfs modules. We do > not have a true NT PDC server, but use a cvs version from 10/99 of samba on > linux as our PDC. This works very well for us, but not with the filer. > > We also tried samba-tng-alpha.2.5.3, with no luck either. > The message in the log.smb (for tng 2.5.3) says this: > > log.smb:romeo (192.168.11.5) couldn't find service > (romeo is the name of the filer) > > Is there a version of samba that will work with the filer? No I'm afraid NetApp need to fix their filer software for this. As I recall, the NetApp ignores one of the 'unicode present' bits and always assumes unicode in some transactions. I'm sure Paul from NetApp will correct me if I'm wrong on this. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Mon Jul 31 16:58:32 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:53 2003 Subject: WINS query References: <3984DE24.C1EEB6A@schernau.com> Message-ID: <3985B038.EAD11D34@valinux.com> Edward Schernau wrote: > > Someone (Jeremy?) once said that since NT is supposedly POSIX, > you could recompile nmbd and smbd for NT - would an NT nmbd > work better, as in be more predicatable and configurable? NT is only minimally POSIX. Using Cygwin32 you might be able to get nmbd to work, but it depends on some interesting semantics of UNIX sockets to get the interfaces list etc. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From elrond at samba.org Mon Jul 31 17:05:36 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:53 2003 Subject: Difference between Samba 2.0.x and TNG? In-Reply-To: <4.3.1.1.20000731121451.00a7a660@mail.mccb.org>; from Gerry Kirk on Mon, Jul 31, 2000 at 07:30:40PM +1000 References: <20000725185550.G5344@laplace.math.umd.edu> <4.3.1.1.20000731121451.00a7a660@mail.mccb.org> Message-ID: <20000731190536.A18108@baerbel.mug.maschinenbau.tu-darmstadt.de> http://www.kneschke.de/projekte/samba_tng/ Elrond On Mon, Jul 31, 2000 at 07:30:40PM +1000, Gerry Kirk wrote: > A simple question, but until I started reading this list, I didn't know TNG > existed. What are the differences between the two? > > If there is a document that explains this, I'll be glad to read it. > > Thanks, > Gerry Kirk From elrond at samba.org Mon Jul 31 17:24:10 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:53 2003 Subject: CVS Version and an workgroup In-Reply-To: <39828B96.ABD2C9EC@valinux.com>; from Gerald Carter on Sat, Jul 29, 2000 at 02:45:26AM -0500 References: <568760897.20000725213255@hinzke.de> <39828B96.ABD2C9EC@valinux.com> Message-ID: <20000731192410.B18108@baerbel.mug.maschinenbau.tu-darmstadt.de> The problem is, that TNG currently only let's one access a share, if you connect as DOMAIN\user or PDCNAME\user. You can use this also in the username/pw-dialog-boxes, when they pop up. Luke introduced this behaviour some time ago. I don't know, wether this is the "correct" NT-behaviour, nor do I have the inclination to remove one of my workstations here from their domain and put them in a workgroup, for which I have user-access to the pdc. Elrond On Sat, Jul 29, 2000 at 02:45:26AM -0500, Gerald Carter wrote: > Magnus Hinzke wrote: > > > > I want a workstation that is in the workgroup "HINZK" to access > > the shares of the PDC "HINZKE". > > Magnus, > > >From an NT client in the workgroup HINZK, run some thing > similar to this from a command prompt window... > > net use x: \\\share /user:HINKZE\ > > where you are actually specifying a domain account to use in > the authentication step. > > > > > > Cheers, > jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Mon Jul 31 17:36:59 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:53 2003 Subject: TNG server not showing up in Domain list In-Reply-To: "Marc Britten"'s message of "Sun, 30 Jul 2000 15:06:08 -0400" References: <021301bff7d6$96b8f8f0$a3fca8c0@cybernetusa.com> <20000729193633.C11254@baerbel.mug.maschinenbau.tu-darmstadt.de> <001f01bffa59$3adf2880$a3fca8c0@cybernetusa.com> Message-ID: >>>>> "Marc" == Marc Britten writes: Marc> typing in the name of the domain seems to work, however when Marc> ever i try to get this workstaiton to join the domain(using Marc> the control panel and the create account checkbox(user root) Marc> rundll32 crashes. rundll32 loads a dll on-demand and calls calls an entry point in it; it's likely that it is the dll that is crashing -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Mon Jul 31 17:39:09 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:53 2003 Subject: WINS query In-Reply-To: Edward Schernau's message of "Sun, 30 Jul 2000 22:02:12 -0400" References: <3984DE24.C1EEB6A@schernau.com> Message-ID: >>>>> "Edward" == Edward Schernau writes: Edward> Someone (Jeremy?) once said that since NT is supposedly Edward> POSIX, you could recompile nmbd and smbd for NT - would an Edward> NT nmbd work better, as in be more predicatable and Edward> configurable? To the best of my knowledge, NT has only POSIX.1, which excludes useful things such as shell tools and networking (specifically, Berkeley sockets). -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From elrond at samba.org Mon Jul 31 17:37:40 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:53 2003 Subject: password-auth fails In-Reply-To: <20000730111130.A74293@i3.atat.at>; from Peter Pilsl on Sun, Jul 30, 2000 at 11:11:30AM +0200 References: <20000730111130.A74293@i3.atat.at> Message-ID: <20000731193740.C18108@baerbel.mug.maschinenbau.tu-darmstadt.de> Try SAMBASERVER\test1 as the user in the dialog-box with username/pw. (This is becoming a FAQ...) Elrond On Sun, Jul 30, 2000 at 11:11:30AM +0200, Peter Pilsl wrote: > just downloaded the latest samba-tng-code with cvs and installed it > according to the helpful webpage of lars kneschke. I didnt set up a > domain, I just added two users with samedit and included two public > shares in smb.conf and now I cant connect to the samba-machine from w2k or > nt4 cause of wrong password. I am defintely sure I typed the password > correct on both sides. > > thats what the logs tell me: > LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND > SMB LM/NT Password did not match! > Rejecting user 'test1': authentication failed > > the users are stored in /usr/local/samba/private/smbpasswd and the > pass-hashes in this files are the same than the one created by > samba-2.07 (where connecting works of course) > there is another file beside smbpasswd called smbpassword, but its empty ?! > > > any idea ? > > thanks, > > peter > > -- > mag. peter pilsl > phone: +43 676 3574035 > fax : +43 676 3546512 > email: pilsl@goldfisch.at > sms : pilsl@max.mail.at > > pgp-key available From elrond at samba.org Mon Jul 31 17:46:06 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:53 2003 Subject: password server = NTSERVER In-Reply-To: <39852BC8.2C009DD5@ing.unibs.it>; from Ivan Serina on Mon, Jul 31, 2000 at 05:20:38PM +1000 References: <39852BC8.2C009DD5@ing.unibs.it> Message-ID: <20000731194606.D18108@baerbel.mug.maschinenbau.tu-darmstadt.de> stable... ummm.... If you wouldn't ask for stable: Use TNG as an authentication server only... and let the 2.0.x box use it as password server (better yet, make it a member of the domain) and also make the w2k-box a member of the TNG domain. But since you ask for stable: You will need to use some nt-box (either the w2k-box in nt4-compatibility mode or soms nt4 server) as your pdc... 2.0.x shpuld work with a w2k-pdc... But I realy don't know. Elrond On Mon, Jul 31, 2000 at 05:20:38PM +1000, Ivan Serina wrote: > > Hi everybody! > > > I'm using a Samba 2.0.7 PDC for controlling my network with Win95 and > WinNT clients. > This seems to work well (although I'm having some problems with the > printers configurations) > > Now I also need to use a Win2000 Terminal Server but samba doesn't > authenticate the users. > > Is it correct to use a win2000 PDC server and > " password server =NTSERVER" for samba? > Does it work? (Does Samba work with the Win200 Server?) > > Are there any other "stable" solutions? > > Thank you in advance > > Ivan Serina From danny at cs.huji.ac.il Mon Jul 31 18:55:13 2000 From: danny at cs.huji.ac.il (Danny Braniss) Date: Tue Dec 2 02:30:53 2003 Subject: NetApp Filer and Samba In-Reply-To: Your message of Tue, 1 Aug 2000 02:54:14 +1000 . Message-ID: In message <3985AF63.E64200E5@valinux.com>you write: }No I'm afraid NetApp need to fix their filer software }for this. As I recall, the NetApp ignores one of the 'unicode }present' bits and always assumes unicode in some transactions. } }I'm sure Paul from NetApp will correct me if I'm wrong }on this. } }Regards, } } Jeremy Allison, } Samba Team. } how many pizzas will it take for the samba team to come up with a workaround? i know that no amount of pizzas will get netapp to fix it -i have tried now for several years- danny PS: how many out there have netapp filers and would like it to work with samba's PDC? From jeremy at valinux.com Mon Jul 31 19:04:48 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:54 2003 Subject: NetApp Filer and Samba References: Message-ID: <3985CDD0.56BA5446@valinux.com> Danny Braniss wrote: > how many pizzas will it take for the samba team to come up with a workaround? > > i know that no amount of pizzas will get netapp to fix it -i have tried now > for several years- > > danny > PS: how many out there have netapp filers and would like it to work with > samba's PDC? Well we don't have access to a NetApp to test against I'm afraid. Another question for people currently using NetApps - what (CIFS) feature made you decide to use a NetApp ? Is there anything missing in Samba that would make it suit you better ? (and yes I *know* about ACLs - we're working in it, ok :-). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From danny at cs.huji.ac.il Mon Jul 31 19:13:44 2000 From: danny at cs.huji.ac.il (Danny Braniss) Date: Tue Dec 2 02:30:54 2003 Subject: NetApp Filer and Samba In-Reply-To: Your message of Mon, 31 Jul 2000 12:04:48 -0700 . Message-ID: In message <3985CDD0.56BA5446@valinux.com>you write: }Danny Braniss wrote: }Well we don't have access to a NetApp to test against }I'm afraid. well, i have 2 and am willing to spend some time helping to debug. } }Another question for people currently using NetApps - what }(CIFS) feature made you decide to use a NetApp ? Is there }anything missing in Samba that would make it suit you better ? }(and yes I *know* about ACLs - we're working in it, ok :-). } we are mainly a unix shop, so cifs was/is a side benefit(?). one filer is used for home dirs, so it's nice to be able to share it among unix and ms. danny }-- }-------------------------------------------------------- }Buying an operating system without source is like buying }a self-assembly Space Shuttle with no instructions. }-------------------------------------------------------- From dfischer at valueamerica.com Mon Jul 31 19:55:55 2000 From: dfischer at valueamerica.com (Douglas K. Fischer) Date: Tue Dec 2 02:30:54 2003 Subject: NetApp Filer and Samba In-Reply-To: <3985CDD0.56BA5446@valinux.com> Message-ID: On Tue, 1 Aug 2000, Jeremy Allison wrote: > Well we don't have access to a NetApp to test against > I'm afraid. > > Another question for people currently using NetApps - what > (CIFS) feature made you decide to use a NetApp ? Is there > anything missing in Samba that would make it suit you better ? > (and yes I *know* about ACLs - we're working in it, ok :-). Can't speak too much toward CIFS features. The main impetus behind our NetApp purchase was NFS performance. NFS-mounting /var/mail is horrible, unless sourced from a NetApp. When it comes to CIFS, we're solid Samba disciples :-) We are currently using an NT PDC, but might be looking to move to a Samba PDC in the future. Interoperability between NetApps and Samba PDCs would definitely be nice if we make that move. Doug *>>>>>>>>>>-*-<<<<<<<<<<-*^*->>>>>>>>>>-*-<<<<<<<<<<* | Douglas K. Fischer Senior Unix Administrator | | MIS - Systems Group DFischer@valueamerica.com | | Value America, Inc. http://www.valueamerica.com | | Phone: (804) 951 - 4383 Fax: (804) 951 - 4041 | *>>>>>>>>>>-*-<<<<<<<<<<-*_*->>>>>>>>>>-*-<<<<<<<<<<* From oakie at tamu.edu Mon Jul 31 20:12:14 2000 From: oakie at tamu.edu (Kenneth Oakeson) Date: Tue Dec 2 02:30:54 2003 Subject: NetApp Filer and Samba Message-ID: <009c01bffb2b$9e3b5fc0$51fb5ba5@tamu.edu> Just to let everyone know the program Sharity works with a Netapp but is not as good as samba would be if it didn't have the problem with the NetApp. Our UNIX department went with it because it could do a mixed tree of CIFS and NFS. And then that way we could use the home drives on the UNIX cluster and on NT. Sharity link http://www.obdev.at/Products/Sharity.html It does have the source, maybe the samba guys can use it. Kenneth Oakeson Microcomputer Specialist LAN Systems Support Texas A&M University *************************** Office: 862-1631 email: oakie@tamu.edu *************************** From anders at cwd.no Mon Jul 31 20:48:32 2000 From: anders at cwd.no (anders@cwd.no) Date: Tue Dec 2 02:30:54 2003 Subject: Warning: message 13HSBw-0002q0-00 delayed 72 hours Message-ID: Let me guess.... The mail which they sent to samba-ntdom, which samba-ntdom then will distribute to this guy is delayed, in which case we're in an evil circle. Someone please filter out these, or unsubscribe this guy! Anders Mail Delivery System cc: Sent by: Subject: Warning: message 13HSBw-0002q0-00 delayed 72 hours samba-ntdom-admin@samba.or g 29.07.2000 20:20 This message was created automatically by mail delivery software. A message that you sent has not yet been delivered to all of its recipients after more than 72 hours on the queue on mailserver1.netscapeonline.co.uk. The message identifier is: 13HSBw-0002q0-00 The subject of the message is: CVS Version and an workgroup The date of the message is: Wed, 26 Jul 2000 16:27:28 +1000 The address to which the message has not yet been delivered is: mtsconsultancy@[194.200.20.41] No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you. From jasonjensen at home.com Mon Jul 31 20:50:48 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:30:54 2003 Subject: Warning: message 13HSBw-0002q0-00 delayed 72 hours References: Message-ID: <007001bffb31$018117f0$6be30318@jason> LAFF.. never heard such funny shit.. bullshit.. but VERY FUNNY! i was chacking to see if i had a virus maybe :P ----- Original Message ----- From: To: "Multiple recipients of list SAMBA-NTDOM" Sent: Monday, July 31, 2000 3:45 PM Subject: Re: Warning: message 13HSBw-0002q0-00 delayed 72 hours > > Let me guess.... The mail which they sent to samba-ntdom, which samba-ntdom > then will distribute to this guy is delayed, in > which case we're in an evil circle. > > > Someone please filter out these, or unsubscribe this guy! > > Anders > > > > > Mail Delivery System > ine.co.uk> cc: > Sent by: Subject: Warning: message 13HSBw-0002q0-00 delayed 72 hours > samba-ntdom-admin@samba.or > g > > > 29.07.2000 20:20 > > > > > > This message was created automatically by mail delivery software. > > A message that you sent has not yet been delivered to all of its recipients > after more than 72 hours on the queue on mailserver1.netscapeonline.co.uk. > > The message identifier is: 13HSBw-0002q0-00 > The subject of the message is: CVS Version and an workgroup > The date of the message is: Wed, 26 Jul 2000 16:27:28 +1000 > > The address to which the message has not yet been delivered is: > > mtsconsultancy@[194.200.20.41] > > No action is required on your part. Delivery attempts will continue for > some time, and this warning may be repeated at intervals if the message > remains undelivered. Eventually the mail delivery software will give up, > and when that happens, the message will be returned to you. > > > > From jeremy at valinux.com Mon Jul 31 21:40:59 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:54 2003 Subject: NetApp Filer and Samba References: Message-ID: <3985F26B.3529FA2D@valinux.com> "Douglas K. Fischer" wrote: > > Can't speak too much toward CIFS features. The main impetus behind our > NetApp purchase was NFS performance. NFS-mounting /var/mail is horrible, > unless sourced from a NetApp. When it comes to CIFS, we're solid Samba > disciples :-) Interesting. Every tried a later Linux kernel ? That's what we use here at VA, and it works well (mind you we spent lots of time on Linux NFS fixes). > We are currently using an NT PDC, but might be looking to move to a Samba > PDC in the future. Interoperability between NetApps and Samba PDCs would > definitely be nice if we make that move. Not currently easy to do unless someone with access to a NetApp wants to donate the code changes needed, sorry. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From matlab at control.co.za Mon Jul 31 22:27:41 2000 From: matlab at control.co.za (MATLAB Control Models) Date: Tue Dec 2 02:30:54 2003 Subject: Samba 2.0.7 PDC not updating user list Message-ID: <0FYL003WH2FQEM@jhb-imta.mweb.co.za> Ah, but 2.0.7 has made a list. Thus there must be some way to update it. I have no need for user manager for domains to work on the samba box, just to be able to authenticate users on the client workstations. This is working fine except that the list does not update. Where is the list stored ? How can it be updated. Can I force samba to update the list. > Date: Mon, 31 Jul 2000 12:11:03 +1000 > From: David Bannon > Subject: Re: Samba 2.0.7 PDC not updating user list > To: matlab@mweb.co.za, Multiple recipients of list SAMBA-NTDOM > > At 05:47 PM 30/07/2000 +0200, Buchan Milne wrote: > >Hi, > > > >I have a samba box (2.0.7) as PDC ...... but are not > >listed in the list of users in the domain. This is the list you see > > Sorry, 207 support for User manager for Domains is hardly there at all. If > you want those sort of facilities you will need to use TNG or possibly one > of the old versions of NTDom both of which are pretty different to 207. > > David > > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > |-------------------------------------------------| Control Models - Matlab for Africa See our webpage at http://www.control.co.za mailto:matlab@control.co.za Please reply to the above address, not the default! |-------------------------------------------------| From kevinc at grainsystems.com Mon Jul 31 22:37:38 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:54 2003 Subject: NetApp Filer and Samba References: <3985F26B.3529FA2D@valinux.com> Message-ID: <3985FFB2.D0DAFC4@grainsystems.com> Jeremy Allison wrote: > "Douglas K. Fischer" wrote: > > > > Can't speak too much toward CIFS features. The main impetus behind our > > NetApp purchase was NFS performance. NFS-mounting /var/mail is horrible, > > unless sourced from a NetApp. When it comes to CIFS, we're solid Samba > > disciples :-) > > Interesting. Every tried a later Linux kernel ? That's what we use > here at VA, and it works well (mind you we spent lots of time on Linux > NFS fixes). As you mentioned though, Linux-based Samba is not currently a viable solution for many (including us) without full ACL support. We're just limping along with NT until this is resolved. - Kevin Colby kevinc@grainsystems.com From D.Bannon at latrobe.edu.au Mon Jul 31 22:45:24 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:55 2003 Subject: Difference between Samba 2.0.x and TNG? In-Reply-To: <4.3.1.1.20000731121451.00a7a660@mail.mccb.org> References: <20000725185550.G5344@laplace.math.umd.edu> Message-ID: <3.0.6.32.20000801084524.00880a70@bioserve.latrobe.edu.au> At 07:31 PM 31/07/2000 +1000, Gerry Kirk wrote: >A simple question, but until I started reading this list, I didn't know TNG >existed. What are the differences between the two? > >If there is a document that explains this, I'll be glad to read it. > Have a look at http://bioserve.latrobe.edu.au/samba David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Jul 31 23:03:47 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:55 2003 Subject: Samba 2.0.7 PDC not updating user list In-Reply-To: <0FYL003WH2FQEM@jhb-imta.mweb.co.za> Message-ID: <3.0.6.32.20000801090347.00879100@bioserve.latrobe.edu.au> At 12:27 AM 01/08/2000 +0200, MATLAB Control Models wrote: >Ah, but 2.0.7 has made a list. Thus there must be some way to update it. > >I have no need for user manager for domains to work on the samba box, just to >be able to authenticate users on the client workstations. This is working fine >except that the list does not update. > >Where is the list stored ? How can it be updated. Can I force samba to update >the list. > Hmm... What we have here is a failure to communicate ! When you say that samba is not updating its passwd list what are you doing and what is samba not doing ? Have you created the origional smbpasswd (data) file ? You should be using the program smbpasswd to add a user to the smbpasswd file. There should already be an entry in /etc/passwd for that user. For example under linux as root : > adduser -n -s /bin/false -g users joeblow > smbpasswd -a joeblow Joe Blow will then be prompted to enter a password. You should be able to see the entry in smbpasswd by : > tail /usr/local/samba/private/smbpasswd All of the above command produce reasonable error messages and 'User manager for Domains' is not involved at any stage. More info on http://bioserve.latrobe.edu.au/samba David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From matlab at control.co.za Mon Jul 31 23:49:23 2000 From: matlab at control.co.za (MATLAB Control Models) Date: Tue Dec 2 02:30:55 2003 Subject: Samba 2.0.7 PDC not updating user list Message-ID: <0FYL004WG67WTW@jhb-imta.mweb.co.za> No, the users have accounts (unix and samba) made with "adduser .. user" and "smbpasswd -a user", they can log in to the domain, but they are not added to the user list seen from the NT clients. This list is seen in a)User Manager for domains before you try and edit an entry and get Dr Watson b)Copy a profile from System applet in Control Panel, and set who can use the profile c)Add permissions for a domain user to access a windows share d)Make local groups cosisting of domain users. All of these work, and show me the old list of users, not including those I have recently added, although they can log into the domain, browse thier home directory etc. I need d to work at a minimum, but b would also be nice. The other 2 are not necessary but I think they all use the same list. Unfortunately I can't send you pieces of my smbpasswd and passwd files, or even smb.conf, but I can assure you that this is the ONLY problem I am having, which makes it very irritating. I want to join my samba printer to the domain so I don't have to allow guest printing, butI can only do that once all the users can access shares they had access to before. This means I need to add them to a local group or a share acl. Thanks for the replies so far. I guess I am one of the few doing this kind of stuff with 2.0.7, but I was led to believe that 2.0.7 could do this, and on my test domain everything worked that I needed. Buchan > Date: Tue, 01 Aug 2000 09:03:47 +1000 > From: David Bannon > Subject: Re: Samba 2.0.7 PDC not updating user list > To: matlab@control.co.za, Multiple recipients of list SAMBA-NTDOM > > At 12:27 AM 01/08/2000 +0200, MATLAB Control Models wrote: > >Ah, but 2.0.7 has made a list. Thus there must be some way to update it. > > > >I have no need for user manager for domains to work on the samba box, just > to > >be able to authenticate users on the client workstations. This is working > fine > >except that the list does not update. > > > >Where is the list stored ? How can it be updated. Can I force samba to > update > >the list. > > > > Hmm... What we have here is a failure to communicate ! > > When you say that samba is not updating its passwd list what are you doing > and what is samba not doing ? > > Have you created the origional smbpasswd (data) file ? You should be using > the program smbpasswd to add a user to the smbpasswd file. There should > already be an entry in /etc/passwd for that user. For example under linux > as root : > > > adduser -n -s /bin/false -g users joeblow > > smbpasswd -a joeblow > > Joe Blow will then be prompted to enter a password. You should be able to > see the entry in smbpasswd by : > > tail /usr/local/samba/private/smbpasswd > > All of the above command produce reasonable error messages and 'User > manager for Domains' is not involved at any stage. More info on > http://bioserve.latrobe.edu.au/samba > > David > > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > |-------------------------------------------------| Control Models - Matlab for Africa See our webpage at http://www.control.co.za mailto:matlab@control.co.za Please reply to the above address, not the default! |-------------------------------------------------|