From mjorda at berlitz.de Thu Nov 1 00:36:03 2001 From: mjorda at berlitz.de (mjorda@berlitz.de) Date: Tue Dec 2 02:36:36 2003 Subject: Samba ist very slow Message-ID: <3BE11819.30634.A11F997@localhost> Hello list members, ist' really a pain in the neck ..... running samba as PDC and everything is working fine but ... if a user tries to open a Word, Excel, PDF etc. document by double clicking on the file in the explorer it take 30 to 50 seconds to open a 5 kb file. This is not always like that but mostly - very strange. With explorer and copy I don't have that problem. I found in a news group a solution. They said, the caus of the prob is an incorrerctly defaulted parameter, which affects programs opening files but does not affect copying files with explorer. So, they recommended to put 4 lines in the smb.conf to solve the prob. lock directory = /var/spool/locks/samba share modes = yes oplocks = true locking = yes I did that but the prob was not solved. Has anybody any idea to get rid of that. I mean I'm not the only person in the world trying to open files by double clicking them whit samba. Maybe someone had that prob and solved it. thanks in advance. Manfred From joe_kroboth at chernay.com Thu Nov 1 05:28:01 2001 From: joe_kroboth at chernay.com (Kroboth, Joe) Date: Tue Dec 2 02:36:36 2003 Subject: Help - Winbindd shuts down. Message-ID: <36B7C8AFF80DD311B8C200105ACAFC7D2AFB6B@ftp.chernay.com> Hello, Running, Redhat 7.1 with 2.2.2 using winbind. Everything works great except winbind shutsdown about once a day. this can happen at any time. I need to restart the winbind service. The log file /var/log/samba/log.winbindd is empty. If I need to enable logging how do I do it? Should I be looking for the log elsewhere? The samba server is in a branch office connected to the PDC and BDC over a 750Kb VPN. Could this be a problem? Thanks, Joe From jerry at samba.org Thu Nov 1 06:43:03 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:36 2003 Subject: Help In-Reply-To: <74745B5500AD8E4B9C48BC9CCECB6E010FB37D@OCCLUST04EVS1.ugd.att.com> Message-ID: On Tue, 30 Oct 2001, Overbey, Alfred D (Dudley), ALCOO wrote: > I am trying to upgrade from samba 1.9.18p10 to either samba 2.2.1 or > samba-2.2.2; besides the additional functionality, I was told that I > needed one of these for Win2K functionality. After installing the new > version 2.2.1, my client machines can no longer connect to their > shares, personal or public shares. I have a smbpasswd file which > includes the machine names of the clients along with logins. This > file was generated using the convert script. The permissions are 600. > When connecting, I receive one of the following messages: "Access is > denied." Or "The specified network password is not correct." We are > using the registry hack for clear text passwords. This all work fine > for the previous version. Would someone kindly tell me what it is > that I missed or screwed up? Thanks doverbey@att.com the default for "security" was changed from share to user between the 1.9.x series and the 2.x release. Perhaps you have been bitten by this? cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From ross at lyximer.net Thu Nov 1 08:12:02 2001 From: ross at lyximer.net (Ross McKillop) Date: Tue Dec 2 02:36:36 2003 Subject: Remote Log Off Message-ID: Is there any way (preferably from the linux server) to force windows 2000 sessions to log off, so that (for example) at 9pm i can log off all workstations or those in a certain area of the building? Any help would be much appreciated Yours, Ross McKillop From Eric.Wallace at nsc.com Thu Nov 1 08:36:21 2001 From: Eric.Wallace at nsc.com (Eric Wallace) Date: Tue Dec 2 02:36:36 2003 Subject: Limit access for users. Message-ID: < "080E43BE178F6287*/c=US/admd= /prmd=National/o=notes/ou=Americas/s=Wallace/g=Eric/"@MHS> Bruno-- What you're looking for are standard features of NT domains. You can't use Samba to create these settings, but if you are using Samba as a domain controller it can enforce these settings for you. The following are centralized administration techniques for NT domains. This will definitely work for NT Workstation clients, but if you're using Windoze 95/98 as clients, some of this doesn't work at all, and it will not be easy to enforce (sorry, I can't help you much there). 1.) Mandatory Profiles -- Configure a user with the settings you want and logout of that account. Save the user profile to the server's profile share (whatever you specified), but rename the user's registry hive from NTUSER.DAT to NTUSER.MAN. Specify this user profile path in the user's configuration with User Manager for Domains (if you're using an NT Server as the PDC) or in Samba (if Samba is the PDC). 2.) Restricted "Desktop" Folder -- There are several possibilities for this. You can change the NTFS permissions on the default user profile's "Desktop" directory to read-only for the users, or you can use Policy Editor to change the location of the default user's "Desktop" directory to a writeable spot in their roaming profile. (Don't forget to put the NTCONFIG.POL file in your domain controller's NETLOGON share.) These are just simple explanations--you're going to have to read up on the subject in order to get this to work right. I highly recommend buying a good book on NT administration, or searching the archives at "Windows 2000 Magazine" (http://www.windows2000mag.com) for short articles on these subjects ("mandatory profiles", "Policy Editor", etc.). Email me off the list (eric.wallace@nsc.com) if you'd like more suggestions for reading material. ~eric w. wallace national semiconductor/maine i.s. infrastructure senior system engineer From ariel at jusbaires.gov.ar Thu Nov 1 10:21:02 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:36 2003 Subject: Profiles store in server References: Message-ID: <044201c16301$ec782b20$1a3ca8ac@jusbaoires.gov.ar> I have a samba PDC. all its working ok. i have one share per user and maps its to the users with the "net use p: /home" in the logon script. the problem is that im using this script to add a drive in "My Computer" and the users copy important data to this drive and later ill back up directly in the server... using the policies i activate roaming profiles and now all the "Aplication Data" is copying to the drive of the user.. thats ok, but i want to know if there is a way to choose another directory to store the data of the profile of the users and "hide" (browseable = no) this data to the user, because the users only knows about microsoft office files and when they come to its own directory the see a lot of garbage (aplication data containign IE, Outlook Express, etc.) thx From amoote at fpelectronics.com Thu Nov 1 11:01:12 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:36 2003 Subject: Win2K Roaming Profile Problem Message-ID: I get this error when I try to login to the domain from a Win2K box: "Windows cannot create profile directory \\shockwave\amoote\profile.pds. You will be logged on with a local profile only. Changes to the profile will not be propagated to the server. Contact your network administrator." Apparantly roaming profiles are not working. I've looked through alot of the documentation and tried many setups (centralized profiles under one directory, profiles under the users' homes) but none of it works properly. Any ideas? Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From mitchlist at home.com Thu Nov 1 11:28:28 2001 From: mitchlist at home.com (mitchlist) Date: Tue Dec 2 02:36:36 2003 Subject: Profiles store in server Message-ID: <011101305.41222@webbox.com> I get around this as follows: I have 2 directorys: /home/username = username's share (NS and stuff is written here) share as username this isn't browsable /home/username/dosroot = username's FILES go here share as XYZ (I say user/files) I dont have a lot of users!) >--- Original Message --- >From: "Ariel Mella" >To: , >Date: 11/1/01 1:20:45 PM > >I have a samba PDC. >all its working ok. >i have one share per user and maps its to the users with the "net use p: >/home" in the logon script. >the problem is that im using this script to add a drive in "My Computer" and >the users copy important data to this drive and later ill back up directly >in the server... >using the policies i activate roaming profiles and now all the "Aplication >Data" is copying to the drive of the user.. thats ok, but i want to know if >there is a way to choose another directory to store the data of the profile >of the users and "hide" (browseable = no) this data to the user, because the >users only knows about microsoft office files and when they come to its own >directory the see a lot of garbage (aplication data containign IE, Outlook >Express, etc.) > >thx > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > From samba at denverdata.com Thu Nov 1 11:55:01 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:37 2003 Subject: Win2K Roaming Profile Problem In-Reply-To: Message-ID: What Samba version? What SP of Win2K? What do you have in smb.conf for "logon path"? Do you have a profiles share? What do your samba logs have to say? Give us some info and we may be able to help you. I've had Win2K SP2 roaming profiles with Samba 2.2.1a as PDC working for many months with no problems. Upgrading to Samba 2.2.2 posed some problems with profiles so I'm sticking with 2.2.1a, but it had more to do with our LDAP backend and RIDs, then any general failure of roaming profiles. I don't use a separate profiles share. Profiles are stored in the users unix home directory in a .ntprofile dir, "logon path = \\server\%U\.ntprofile" HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of > amoote@fpelectronics.com > Sent: Thursday, November 01, 2001 12:01 PM > To: samba-ntdom > Subject: Win2K Roaming Profile Problem > > > I get this error when I try to login to the domain from a Win2K box: > > "Windows cannot create profile directory \\shockwave\amoote\profile.pds. > You will be logged on with a local profile only. > Changes to the profile will not be propagated to the server. > Contact your network administrator." > > Apparantly roaming profiles are not working. I've looked through alot of > the documentation and tried many setups (centralized profiles under one > directory, profiles under the users' homes) but none of it works properly. > > Any ideas? > > Regards, > > Alan B. Moote > Systems Administrator > MARK IV Industries > tel: 905.624.7908 > fax: 905.625.6197 > > > From ariel at jusbaires.gov.ar Thu Nov 1 11:56:02 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:37 2003 Subject: Profiles store in server References: <011101305.41222@webbox.com> Message-ID: <003501c1630f$2f0e2540$1a3ca8ac@jusbaoires.gov.ar> If i understud well: > /home/username = username's share (NS and stuff is >written here) > /home/username/dosroot = username's FILES go here user: ariel profile directory (server): /home/ariel files directory (server) docs, xls, etc.: /home/ariel/docs logon home = \\%N\%U\\docs logon path = \\%N\%U im right? thx again From tarjei at nu.no Thu Nov 1 12:05:09 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:36:37 2003 Subject: Samba ist very slow References: <3BE11819.30634.A11F997@localhost> Message-ID: <3BE0BE2C.70AAFA75@nu.no> This could be a wins/dns problem. check that dns & wins lookups are working properly on your machine. Tarjei mjorda@berlitz.de wrote: > > Hello list members, > > ist' really a pain in the neck ..... running samba as PDC and > everything is working fine but ... if a user tries to open a Word, > Excel, PDF etc. document by double clicking on the file in the > explorer it take 30 to 50 seconds to open a 5 kb file. This is not > always like that but mostly - very strange. With explorer and copy I > don't have that problem. > I found in a news group a solution. They said, the caus of the prob > is an incorrerctly defaulted parameter, which affects programs > opening files but does not affect copying files with explorer. So, > they recommended to put 4 lines in the smb.conf to solve the prob. > > lock directory = /var/spool/locks/samba > share modes = yes > oplocks = true > locking = yes > > I did that but the prob was not solved. > > Has anybody any idea to get rid of that. I mean I'm not the only > person in the world trying to open files by double clicking them whit > samba. Maybe someone had that prob and solved it. > > thanks in advance. > > Manfred From ariel at jusbaires.gov.ar Thu Nov 1 12:44:14 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:37 2003 Subject: Trusth relationship Message-ID: <002701c16315$fb506ea0$1a3ca8ac@jusbaoires.gov.ar> i have a samba PDC "A" and i want to maintain trusth relationships betwen another PDC "B" (NT SERVER) to give acces to the users of "A" to the shares of "B" and the users of "B" acces to the shares of "A". any idea? thx -------------- next part -------------- HTML attachment scrubbed and removed From bunny at hao.ucar.edu Thu Nov 1 13:29:04 2001 From: bunny at hao.ucar.edu (Bunny Pfau) Date: Tue Dec 2 02:36:37 2003 Subject: Win2K Roaming Profile Problem Message-ID: <200111012129.OAA29047@jabba.hao.ucar.edu> I got an error similar to this and it was a permissions problem. My problem boiled down to that I had listed myself in the "admin users" parameter, and so then when I was logged in to the win2k computer and trying to connect to the samba home share, I was being mapped as "nobody".. Just an idea. Bunny Pfau --- Bunny Pfau National Center for Atmospheric Research bunny@ucar.edu High Altitude Observatory tel: 303 497-1555 P.O. Box 3000 fax: 303 497-1589 Boulder, CO 80307-3000 -> -> I get this error when I try to login to the domain from a Win2K box: -> -> "Windows cannot create profile directory \\shockwave\amoote\profile.pds. -> You will be logged on with a local profile only. -> Changes to the profile will not be propagated to the server. -> Contact your network administrator." -> -> Apparantly roaming profiles are not working. I've looked through alot of -> the documentation and tried many setups (centralized profiles under one -> directory, profiles under the users' homes) but none of it works properly. -> -> Any ideas? -> -> Regards, -> -> Alan B. Moote -> Systems Administrator -> MARK IV Industries -> tel: 905.624.7908 -> fax: 905.625.6197 -> -> From gaubrig at yahoo.com Thu Nov 1 14:09:01 2001 From: gaubrig at yahoo.com (Gaurang Pandya) Date: Tue Dec 2 02:36:37 2003 Subject: Joining samba in ADS Message-ID: <20011101220904.34350.qmail@web10201.mail.yahoo.com> Hi Group, I am new user of samba so please be nice to me. I am trying to add my samba server 2.0.8 OS : RH Linux 7.1 to W2K active directory but I am not able to do it. Can any one help me. cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challange failed modify_trust_password: unable to setup the PDC credentials to machine . Error was : NT_STATUS_ACCESS_DENIED. 2001/10/30 02:10:22 : change_trust_account_password: Failed to change password for domain Unable to join domain . Can any one help me...Please... Gaurang. __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com From newsinabox at yahoo.de Thu Nov 1 14:29:02 2001 From: newsinabox at yahoo.de (Oliver) Date: Tue Dec 2 02:36:37 2003 Subject: [OT] Cross-posting Message-ID: <01C1632D.211E5A40.newsinabox@yahoo.de> Hi all! Since I'm subscribed to more than one samba list I would appreciate if people stop cross-posting their threads to more than one of them. Try to choose the appropriate list and if you don't get an answer you still can try to get one on a different list. The expiry date of this list will soon be reached if so many people keep cross-posting. Many people get annoyed if they have to re-read lots of threads again and again and will simply stop answering to questions. And they might even decide to unsubscribe. I don't think that this is what everybody wants them to do and to be the destination for this list. So once again: Please, try to avoid cross-posting! Cheers, Oliver _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From eirvine at tpgi.com.au Thu Nov 1 16:45:01 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:36:37 2003 Subject: Samba ist very slow References: <3BE11819.30634.A11F997@localhost> Message-ID: <3BE1EC58.AF047F0D@tpgi.com.au> Hi, mjorda@berlitz.de wrote: > > Hello list members, > > ist' really a pain in the neck ..... running samba as PDC and > everything is working fine but ... if a user tries to open a Word, > Excel, PDF etc. document by double clicking on the file in the > explorer it take 30 to 50 seconds to open a 5 kb file. This is not > always like that but mostly - very strange. With explorer and copy I > don't have that problem. > I found in a news group a solution. They said, the caus of the prob > is an incorrerctly defaulted parameter, which affects programs > opening files but does not affect copying files with explorer. So, > they recommended to put 4 lines in the smb.conf to solve the prob. > > lock directory = /var/spool/locks/samba > share modes = yes > oplocks = true > locking = yes Just as an experiment, comment out the last three lines and put in this: fake oplocks = yes Eddie. > > I did that but the prob was not solved. > > Has anybody any idea to get rid of that. I mean I'm not the only > person in the world trying to open files by double clicking them whit > samba. Maybe someone had that prob and solved it. > > thanks in advance. > > Manfred From terry_cheung at hk.ml.com Thu Nov 1 21:34:02 2001 From: terry_cheung at hk.ml.com (Cheung, Terry (Hong Kong)) Date: Tue Dec 2 02:36:37 2003 Subject: Cannot join Samba Domain from a XP machince Message-ID: <11F5F0A6DB12D2119A1900805F8B7009052B1913@hkpsexh4.hk.ml.com> Hi, I have a Samba server working properly with ME as sharing files in workgroup before. Recently, I have upgraded my ME to XP and tried to make the Samba as the domain controller. I have followed the documentation samba.org that teaching how to set up domain controller for Win NT. The XP can communicate withe the server and see the shares in the Network Neighbourhood but failed to join domain while getting this error message: "The procedure number is out of range" when I tried using root as the user to join it. I have also added and machine trust account in the Linux 7.1 and smbpasswd already. What else am I missing?? Please help. Thank you very much. Regards, Terry From bolke at xs4all.nl Fri Nov 2 00:26:03 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:37 2003 Subject: Remote Log Off In-Reply-To: Message-ID: Not a plain logoff but wouldnt a shutdown and restart be sufficient? try "shutdown" (you'll have to download it first though) Don't know which RPC commands it executes, but then the Samba team might be of help cheers Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Ross McKillop Verzonden: donderdag 1 november 2001 17:12 Aan: samba-ntdom@lists.samba.org Onderwerp: Remote Log Off Is there any way (preferably from the linux server) to force windows 2000 sessions to log off, so that (for example) at 9pm i can log off all workstations or those in a certain area of the building? Any help would be much appreciated Yours, Ross McKillop From oenustech at oenus.com Fri Nov 2 01:30:07 2001 From: oenustech at oenus.com (OenusTech) Date: Tue Dec 2 02:36:37 2003 Subject: Win2k Roaming Profiles problems under NTFS Message-ID: <2694.192.168.1.13.1004693420.squirrel@mail.oenus.com> Hi there! I have a Samba 2.2.2 PDC on linux 2.4.13 with ACL (acl.bestbits.at) support installed. There seems to be a problem with Roaming Profiles. Win2k with local NTFS filesystem will never delete roaming profiles (yes, I have regedited the DeleteRoamingCache to 1). In fact, any time TheUser logs back in, a new folder named TheUser.OURDOMAIN.??? (where ? is an integer) will be created, duplicating the files never erased before. That DOESN?T happen if the Win2k client has a FAT32 filesystem (user/group permissions do not exist), so I assumed it might be a permissions problem (in fact, I, Administrator, cannot delete these profiles unless I waste 10 minutes changing the set-by-the-system permissions for those profiles). At the begining, I thought that might a problem for not having ACL support in the server, for not being able to save the original profile?s permissions as created by Win2k the first time, but now I do have it, ACL works perfect, but this odd behavior continues. Has anyone else here experienced this? Does anyone know of a solution? TIA, Ignasi Garcia From Daniel.Moeller at de.bosch.com Fri Nov 2 02:19:02 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:37 2003 Subject: AW: Better printing (driver handling) docs ? Message-ID: <1121C3ABCA53C945B821A821CDD67F62F68405@simail21.desi2.bosch.com> Hi Ken, HP-UX uses -1,-2 UID and GID in /etc/passwd and /etc/group. I work around this by changing the entries to 65535 and 65534 (signed vs. unsigned). I don't know if this has any bad influence. Anyone comments? Kind regards, Danny -----Urspr?ngliche Nachricht----- Von: Ken Stone [mailto:ken@sdd.hp.com] Gesendet: Mittwoch, 17. Oktober 2001 19:25 An: samba-ntdom@lists.samba.org Betreff: Better printing (driver handling) docs ? OS = HP-UX 10.20 .... latest (as of this morning) CVS bits for SAMBA_2_2 I still don't get anything in the printers folder when I browse and I get messages in the log.smbd like [2001/10/17 10:07:54, 0, pid=3103, effective(0, 1), real(0, 0)] lib/util_sec.c:(77) Failed to set uid privileges to (-1,-2) now set to (0,0) [2001/10/17 10:07:54, 0, pid=3103, effective(0, 1), real(0, 0)] lib/util.c:(1055) PANIC: failed to set uid Pointers/help appreciated .... -- Ken From Alexander.Dubielczyk at gmx.de Fri Nov 2 06:07:02 2001 From: Alexander.Dubielczyk at gmx.de (Alexander Dubielczyk) Date: Tue Dec 2 02:36:37 2003 Subject: machine password timeout Message-ID: <15zeyn-0hXV7gC@fmrl02.sul.t-online.com> Hi list, can anyone tell me the valid range for the value of this "machine password timeout" parameter? I`d like to disable changing the machine password, because I use workstations with a read-only harddisk. Setting the parameter to "0" does not seem to work. Gru?, Alex (AlexDu@Nrh.De) From amoote at fpelectronics.com Fri Nov 2 06:19:02 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:37 2003 Subject: Roaming Profiles Exclusions Message-ID: Is there any way to exclude certain directories from the roaming profiles? For example, I don't really want the Start Menu to be stored on the server. Can I NOT propogate that directroy to the server? Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From amoote at fpelectronics.com Fri Nov 2 06:50:06 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:37 2003 Subject: Roaming Profiles Exclusions Message-ID: That key is not in my registry. I am using Win2K SP2. The thing is that I am trying to fix a profile problem I am having. When I login...I get no errors, but when I log out, I get an error saying it cannot update my Cookies directory. I think it cannot update ANY directory, it just so happens that Cookies is the first one it tries and it fails after that. Is it possible that the PC is closing the connection to the server before it uploads the profile? Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 "D.W. Bouhuijs" To: Subject: Re: Roaming Profiles Exclusions 11/02/2001 09:39 AM Hi. Perhaps this is what U are looking for. HKCU\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs Value will be: Start Menu Derk. From bikramjeet77 at yahoo.com Fri Nov 2 11:10:02 2001 From: bikramjeet77 at yahoo.com (bikramjeet assal) Date: Tue Dec 2 02:36:37 2003 Subject: SAMBA AS A PDC Message-ID: <20011102191047.39489.qmail@web14602.mail.yahoo.com> hello group, I m trying to configure Samba Server as a Primary Domain Controller to check for authentication. When the user logins to the domain specified in the smb.conf file, the user is asked for username and password.This password needs to be encrypted for samba server to work as a PDC.These passwords are compared against the ones in smbpasswd file. I compiled samba using files pam_smbpass and pam options as follows: configure --with-pam --with-pam_smbpass but when clients connect to samba server domain, samba do not make use PAM files at all. Can anybody tell me how this things is working ? because i compiled samba using PAM as shown above. waitiing for reply. bikram. __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com From fperfumov at nexo.es Fri Nov 2 13:13:02 2001 From: fperfumov at nexo.es (Fernando Perfumo) Date: Tue Dec 2 02:36:37 2003 Subject: One samba server + two interfaces Message-ID: <3BE31A71.7E481705@nexo.es> Hi. Is it possible to make samba to export two different sets of shares based on the network interface IP? Linux slakware 8, two network interfaces. Thanks all. From jbeauchamp at gesinc.com Fri Nov 2 13:30:02 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:36:37 2003 Subject: One samba server + two interfaces References: <3BE31A71.7E481705@nexo.es> Message-ID: <009201c163fe$be5d19a0$1d01a8c0@gesinc.com> I believe this can be done by creating multiple smb.conf files and then using the bind interfaces to bind each to a separate NIC (or something like this). Of course I could be all wrong . James ----- Original Message ----- From: "Fernando Perfumo" To: Sent: Friday, November 02, 2001 2:13 PM Subject: One samba server + two interfaces > Hi. > Is it possible to make samba to export two different sets of shares > based on the > network interface IP? > Linux slakware 8, two network interfaces. > Thanks all. > From ggoodrich at medinotes.com Fri Nov 2 15:36:02 2001 From: ggoodrich at medinotes.com (Greg Goodrich) Date: Tue Dec 2 02:36:37 2003 Subject: Problems using samba as a PDC Message-ID: <3BE32E09.C49CF30B@medinotes.com> I just subscribed to the group, so please accept my apology if this post doesn't flow into the proper thread. I've recently set up samba 2.2.2 on RedHat 7.1 as a PDC with a mixed network of win98, win2k, NT 4. This may not be the proper way to resolve all this, but this is how I got migrated over from an NT4 PDC. First, I set up the Samba PDC stuff on the new server as per the instructions in the HOWTO docs available from the samba website. This includes setting up users/passwords that were the same as on the old domain. Now, we needed to keep our existing PDC on the network for a while, and it needed to coexist, so we changed the domain name of the new box, but I'm not certain that that will matter in the grand scheme of things, assuming that noone tries to run both the NT PDC and the Linux Samba PDC on the network at the same time. One important step is to set up the roaming profile stuff in the Samba settup so that each user will have a unique place on the server for their roaming profile (It states in the documentation that this shouldn't be in their "home" directory; I used a share called [profiles], and set up their path as the username they logged in with, using the %U macro, something like this: logon path = \\%L\profiles\%U) The next step is to go to each user's machine and back up their roaming profile into this new share, under the user's subdirectory (this will have to be created, and it seems to create it in the backup process if it is typed into the path, just make sure that the dialog box goes away after the copy, otherwise the copy didn't really work). A limitation that seems to exist by using this mechanism is that the user in the new domain seems to need to be an administrator on their local machine in order to be able to use this copy of the profile. I believe that this is because of the NT/2000 security model, and how it stamps the files in the profile with access rights to the old domain user. That being said, it is very important that you can log into each local machine as a LOCAL administrator NOT a domain admin, as once the domain is switched out to the new one, the domain admin account will be unavailable and the new domain account doesn't have privileges on the local machine at this point. This is very important!!! At this point, it is possible to switch over to the new domain on each machine. This is done via the networking settings, and changing the domain name to the new one. There seems to be somewhat of a "bug" in Win2k that sometimes when a new domain name is typed in, and okay is pressed, it will give an error about conflicting permissions of some sort. Assuming no misspellings on anything typed in, this error seems bogus, and causes an extra step of changing the machine to using a workgroup (pick any name), rebooting, and then changing to the new domain, with yet another reboot (windows users should be used to this reboot stuff :) If the domain names are to remain the same, then this extra step may be necessary on each machine to accomplish having the workstation create the machine account on the new PDC. If the workstation sees no change in the domain name, it will not prompt to create a new computer account in the domain. Now, assuming the last step went okay, and the machine joined the new domain and rebooted, then it is time to log into the local machine as administrator. Once in, set up the user's account (the new domain user account) as an administrator of the local machine (add to the local machine's administrator group). Then log out of the administrator account, and log in as the user. If all went well, then the user's original profile should've made it over intact. If this last step is not performed, then the profile will copy from the server to the local machine, but it will act very strangely. Certain things appear to work, while others clearly do not. Making the user an admin on the local machine solves these problems (although it may create others for all I know). This process works best for non-win9x client machines, as they really don't join a domain, and don't play nice with others :) While I am certainly no expert on this stuff, our network does seem to be working okay with the linux samba PDC. I'll try to find the time to answer any ???'s that people may have about the above procedures to the best of my ability. -- Greg Goodrich Senior Software Engineer MediNotes Corp. ggoodrich@medinotes.com From awilliam at whitemice.org Fri Nov 2 17:33:03 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:37 2003 Subject: Roaming Profiles Exclusions In-Reply-To: References: Message-ID: <1004754770.5473.1.camel@estate1.whitemice.org> >Is there any way to exclude certain directories from the roaming profiles? >For example, I don't really want the Start Menu to be stored on the server. >Can I NOT propogate that directroy to the server? This is a poledit thing. You an semicolon delimit a list of directories to exclude. From con at gfm.co.uk Sat Nov 3 07:51:03 2001 From: con at gfm.co.uk (Con Harte) Date: Tue Dec 2 02:36:37 2003 Subject: Profiles on a smb PDC Message-ID: <5.0.2.1.0.20011103153726.00a7e600@voodoo> Hopefully someone can help me out with a small problem we're experiencing... When a user logs in on a Win9X PC there used to be a warning message that "\\GFMNET01\NOBODY\Cookies" cannot be accessed. I notice that either SWAT or the default config file (using a RH7.1 binary dist of 2.2.2) had the variable substitution of %u for "logon path" and "logon home". I changed this to uppercase %U, and now it doesn't seem to try to access unix user "nobody"'s profile. However, when logging out the user gets a message that it cannot access a file in "C:\Windows\Profiles\Conh\Cookies" (Profile Error 2: File may be open or locked by another process.) This is a nuisance at best, and worse - I don't know what might be going wrong behind the scenes, that I'm not told about, eg. does this single failure prevent the rest of the profile from being stored? It could be talking about file "index.dat", which is locked and open whilst Windows runs, but surely Microsoft know this, and there is a way around this that doesn't throw up error or warning messages to the user? If anyone can help I'd be very grateful. Con Harte. Systems Administrator GFM Services Ltd. 42 Phoenix Court Hawkins Road Colchester Essex CO2 8JY Tel: (01206) 791 733 Fax: (01206) 791 735 From noel at lolith.net Sat Nov 3 10:16:20 2001 From: noel at lolith.net (Noel Kelly) Date: Tue Dec 2 02:36:37 2003 Subject: Win2k Roaming Profiles problems under NTFS Message-ID: <019e01c163f2$658bc9e0$0200a8c0@ayala> This behaviour sounds like Windoze 2000 Workstation WITHOUT Service Pack 1 or 2 installed. There is a bug in Win2000 whereby the NTUSER.DAT file is not released by the OS until a reboot is performed. Hence the reason you cannot delete the profiles from the workstation and hence the reason the profile never gets copied to the server. We had huge trouble with this for about six months - people had tens of profiles on their machines .001, .002 etc. We blamed Novell and their client but then, surprise, surprise, it was M$ as per normal. What a monumental waste of time. Load the service pack and profiles will copy successfully. Noel Date: Fri, 2 Nov 2001 10:30:20 +0100 (CET) Subject: Win2k Roaming Profiles problems under NTFS From: "OenusTech" To: , Hi there! I have a Samba 2.2.2 PDC on linux 2.4.13 with ACL (acl.bestbits.at) support installed. There seems to be a problem with Roaming Profiles. Win2k with local NTFS filesystem will never delete roaming profiles (yes, I have regedited the DeleteRoamingCache to 1). In fact, any time TheUser logs back in, a new folder named TheUser.OURDOMAIN.??? (where ? is an integer) will be created, duplicating the files never erased before. That DOESN?T happen if the Win2k client has a FAT32 filesystem (user/group permissions do not exist), so I assumed it might be a permissions problem (in fact, I, Administrator, cannot delete these profiles unless I waste 10 minutes changing the set-by-the-system permissions for those profiles). At the begining, I thought that might a problem for not having ACL support in the server, for not being able to save the original profile?s permissions as created by Win2k the first time, but now I do have it, ACL works perfect, but this odd behavior continues. Has anyone else here experienced this? Does anyone know of a solution? TIA, Ignasi Garcia From pfaff at edge.cis.mcmaster.ca Sat Nov 3 14:10:02 2001 From: pfaff at edge.cis.mcmaster.ca (Todd Pfaff) Date: Tue Dec 2 02:36:37 2003 Subject: Win2k Roaming Profiles problems under NTFS In-Reply-To: <019e01c163f2$658bc9e0$0200a8c0@ayala> Message-ID: Ignasi, You mention that you set DeleteRoamingCache in the registry. I was also having this problem with Windows 2000, even with Service Pack 2 installed, until I realized that DeleteRoamingCache is in different locations in WinNT and Win2000. WinNT... \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon DeleteRoamingCache =3D REG_DWORD 0x1 Win2000... \Registry\Machine\SOFTWARE\Policies\Microsoft\Windows\System DeleteRoamingCache =3D REG_DWORD 0x1 On Fri, 2 Nov 2001, Noel Kelly wrote: > This behaviour sounds like Windoze 2000 Workstation WITHOUT Service Pack = 1 > or 2 installed. There is a bug in Win2000 whereby the NTUSER.DAT file is > not released by the OS until a reboot is performed. Hence the reason you > cannot delete the profiles from the workstation and hence the reason the > profile never gets copied to the server. >=20 > We had huge trouble with this for about six months - people had tens of > profiles on their machines .001, .002 etc. We blamed Novell and their > client but then, surprise, surprise, it was M$ as per normal. What a > monumental waste of time. >=20 > Load the service pack and profiles will copy successfully. >=20 >=20 >=20 > Noel >=20 >=20 >=20 > Date: Fri, 2 Nov 2001 10:30:20 +0100 (CET) >=20 > Subject: Win2k Roaming Profiles problems under NTFS >=20 > From: "OenusTech" >=20 > To: , >=20 > Hi there! >=20 > I have a Samba 2.2.2 PDC on linux 2.4.13 with ACL (acl.bestbits.at) suppo= rt >=20 > installed. There seems to be a problem with Roaming Profiles. Win2k with >=20 > local NTFS filesystem will never delete roaming profiles (yes, I have >=20 > regedited the DeleteRoamingCache to 1). In fact, any time TheUser logs ba= ck >=20 > in, a new folder named TheUser.OURDOMAIN.??? (where ? is an integer) will >=20 > be created, duplicating the files never erased before. That DOESN=B4T hap= pen >=20 > if the Win2k client has a FAT32 filesystem (user/group permissions do not >=20 > exist), so I assumed it might be a permissions problem (in fact, I, >=20 > Administrator, cannot delete these profiles unless I waste 10 minutes >=20 > changing the set-by-the-system permissions for those profiles). At the >=20 > begining, I thought that might a problem for not having ACL support in th= e >=20 > server, for not being able to save the original profile=B4s permissions a= s >=20 > created by Win2k the first time, but now I do have it, ACL works perfect, >=20 > but this odd behavior continues. >=20 > Has anyone else here experienced this? Does anyone know of a solution? >=20 > TIA, >=20 > Ignasi Garcia >=20 >=20 >=20 > --=20 > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >=20 -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From peter.tunstall at ntlworld.com Sun Nov 4 01:34:01 2001 From: peter.tunstall at ntlworld.com (Peter Tunstall) Date: Tue Dec 2 02:36:37 2003 Subject: Trying to use SAMB as a PDC for WinME Roaming profiles & as print server Message-ID: <000101c16513$d9e91640$0200a8c0@mshome> I have scoured all the resources etc read the SAMBA project docs front to back, used diagnosis.txt , all to no avail I can only get so far and then no further. At the moment I am concentrating on the roaming profile issue, I will try printing myself later. Can anyone help I have run out of ideas, I willing to bet the solution is looking me in the face but I have been trying to sort this for about two weeks now, during which I must have completely reinstalled about five times. I can't see the wood for the trees now, and the wife is threatening divorce, but I am not going to give up. Any help to fix the problem or new leads would be much appreciated much appreciated. I have included below my hardware details, smb.conf and as much other info as possible regarding steps already taken. THANKS Peter First Hardware:- 2 WinME machine (PIII 450 & a P4 1.3) 1 Fresco firewall (466 Dx2) 1 P100 70Mb Ram set up as Linux box, Mandrake 8.1, setup as DNS server and SAMBA 2.2.2 server. My smb conf is as follows:- # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2001/11/03 17:31:01 # Global parameters [global] workgroup = MSHOME netbios name = SERVER server string = Samba Server %v encrypt passwords = Yes password level = 8 username level = 8 unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat domain admin group = users logon script = %U.bat logon path = \\%N\profile\%U logon drive = X: logon home = \\L%\%U\.profiles domain logons = Yes os level = 255 lm announce = True lm interval = 30 preferred master = True domain master = True dns proxy = No wins support = Yes default service = homes remote announce = 192.168.0.2/mshome 192.168.0.1/mshome [netlogon] path = /data/dos/netlogon hosts allow = 192.168.0.1 192.168.0.2 [homes] comment = Home Directories read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/lpd/Printer create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. lpq command = lpstat -o %p lprm command = cancel %p-%j browseable = No [shared] comment = shared temp directory path = /home/shared read only = No guest ok = Yes delete readonly = Yes Network setup Windose TCP/IP IP's set 192.168.0.X Subnet Mask 255.255.255.0 WINS disabled DNS enabled 192.168.0.3 (server) host domain mshome Gateway 192.168.0.100 (router/firewall) Primary Network Login Client for microsoft networks properties NT logon set domain mshome Progress so far:- When I go login from Win I get a ' no server available to athenticate passwrd' In windows from network places entire network nothing showing but if I search for server it is found and all comments etc correct, also can see shares and the correct user home dir based on login. ie if user1 logs in I see user1 home and so on. Good news I hope somthing is working. But still I cannot get SAMBA to authenticate and download profiles etc. Next I tried the diagnostics. TEST 1 testparm shows no errors Test 2 can ping OK both ways Test 3 smbclient -L server I get a positive response no problem Test 4 nmblookup -B server __SAMBA__ again get proper response Test 5 nmblookup -B main '*' querying * on 192.168.0.2 name query failed to find name * Test 6 nmblookup -d 2 All I get is a successful response from the server itself, nothing from the windows boxes. Test 7 smbclient //server/tmp works fine login and get smb> prompt. Test 8 net view from PC all i see is the PC itself nothing else. I have also put the server in the LMhosts file on win box and still no joy. Thanks Peter From renegade at infolink.com.br Sun Nov 4 13:25:01 2001 From: renegade at infolink.com.br (renegade) Date: Tue Dec 2 02:36:37 2003 Subject: Samba and icons Message-ID: <3BE5B2C7.1000305@infolink.com.br> Hi all, I have instaled on my PC a RH 7.1 and Samba 2.07. The Samba server is configured to act in mode security=server, and authenticates clients on NT PDC. My clients, wich running win98, don't associate correct icons with .exe files. The showed icons seems to be ms-dos program icons. With other extensions (i.e: .txt, .pdf, etc.), everything works fine. This is a bug related in this version of samba or wrong set of smb.conf? Tks, From Dave at keston.u-net.com Sun Nov 4 13:48:01 2001 From: Dave at keston.u-net.com (David Flynn) Date: Tue Dec 2 02:36:37 2003 Subject: Samba and icons References: <3BE5B2C7.1000305@infolink.com.br> Message-ID: <005801c1657a$aa326750$1901a8c0@node0.idium.eu.org> Evening; > Hi all, > > My clients, wich running win98, don't associate correct icons with .exe > files. The showed icons seems to be ms-dos program icons. With other > extensions (i.e: .txt, .pdf, etc.), everything works fine. > > This is a bug related in this version of samba or wrong set of smb.conf? That is possibly normal windows behavior, if an executable dose not have an icon in its resources (a part of the executable binary), then windows will display it with a default. If you know the program should have an icon and has the wrong one, you need to purge the local icon cache (which is something windows maintains for speed, but can easily become corrupt) -- you will need something like tweek ui to do that. Windows would show the same problem though if it were unable to read the file, ie, it was only able to get a dirlisting. Regards, Dave From eantunes at fiuxint02.mp.pe.gov.br Sun Nov 4 19:58:02 2001 From: eantunes at fiuxint02.mp.pe.gov.br (Eugenio Antunes) Date: Tue Dec 2 02:36:37 2003 Subject: SAMBA and MTS Message-ID: <001b01c165ad$faed7c60$50a96b0a@dns> I had problems in configure SAMBA to work well with MTS. When the PDC is a WIN NT machine everything works, like a magic. When the PDC is a UNIX BOX with SAMBA, I had problems. It seams that the MTS try validate an account in SAMBA with no success, but in MTS machine I can logon in the PDC without problem. Somebody can help me. Any sugestion is welcome. Thank you. Eug?nio Antunes. -------------- next part -------------- HTML attachment scrubbed and removed From eantunes at fiuxint02.mp.pe.gov.br Sun Nov 4 20:03:04 2001 From: eantunes at fiuxint02.mp.pe.gov.br (Eugenio Antunes) Date: Tue Dec 2 02:36:37 2003 Subject: samba and mts Message-ID: <003a01c165ae$98e45420$50a96b0a@dns> I had problems in configure SAMBA to work well with MTS.When the PDC is a WIN NT machine everything works, like a magic.When the PDC is a UNIX BOX with SAMBA, I had problems.It seams that the MTS try validate an account in SAMBA with no success, but in MTS machine I can logon in the PDC without problem. Somebody help me. Any sugestion is welcome. Thanks. Eugenio Antunes. -------------- next part -------------- HTML attachment scrubbed and removed From eantunes at fiuxint02.mp.pe.gov.br Sun Nov 4 20:07:01 2001 From: eantunes at fiuxint02.mp.pe.gov.br (Eugenio Antunes) Date: Tue Dec 2 02:36:37 2003 Subject: SAMBA AND MTS Message-ID: <004e01c165af$347eec60$50a96b0a@dns> I had problems in configure SAMBA to work well with MTS. When the PDC is a WIN NT machine everything works, like a magic. When the PDC is a UNIX BOX with SAMBA, I had problems. It seams that the MTS try validate an account in SAMBA with no success, but in MTS machine I can logon in the PDC without problem. Somebody can help me. Any sugestion is welcome. Thanks. Eug?nio Antunes. From turan at eee.metu.edu.tr Sun Nov 4 22:14:02 2001 From: turan at eee.metu.edu.tr (Turan Demirci) Date: Tue Dec 2 02:36:37 2003 Subject: Nt roaming profiles gets corrupted Message-ID: <20011105060024.11419.qmail@ee.eee.metu.edu.tr> Hello to every one...! I have a student lab with 53 nt machines and samba as a PDC serving to approx. 500 student. Now I have problems with roaming profiles. Roaming profiles gets corrupted and students needs to delete them. This makes them angry :) I have searched web but could not found any way to solve this problem. Had anybody managed to overcome this problem? From sachse at aeb.de Mon Nov 5 01:52:02 2001 From: sachse at aeb.de (=?ISO-8859-1?Q?L=FCder_Sachse?=) Date: Tue Dec 2 02:36:37 2003 Subject: User Management with Active Directory Message-ID: <21CE916A03CA@aeb.de> Hi! I have a Samba Server running in an Active Directory Environment. Currently everyone who has a login to our network has access to the samba shares on the linux box. I would like to restrict access on this server to certain user groups. The samba server should still get the user/pass from the Active Directory Server but it should grant access just to some groups. Is it possible to get the user groups and to decide wheter they have access or not? Thanks in advance. Lueder Lueder Sachse Dokumentation & Marketing ------------------------------------------------------------ AEB GmbH Julius-Hoelder-Str. 39 Tel. +49 711 7 28 42-229 D-70597 Stuttgart Fax. +49 711 7 28 42-333 http://www.aeb.de/ eMail: sachse@aeb.de From Trent.Vanest at bdk.com Mon Nov 5 06:55:05 2001 From: Trent.Vanest at bdk.com (Vanest, Trent) Date: Tue Dec 2 02:36:37 2003 Subject: NT/AIX file count doesn't match. Message-ID: <9D05B795DE16D411870300508BCF78940579CF5C@towexc04.bd.com> Hello, Whenever I check the amount of files in my AIX directories vs. my NT (samba) mounts they have different file counts. Does anyone know of any reasons why some files wouldn't show up on NT? Trent Lee Vanest This message was scanned for viruses on behalf of The Black & Decker Corporation. -------------- next part -------------- HTML attachment scrubbed and removed From rickera2 at SLU.EDU Mon Nov 5 08:24:02 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:37 2003 Subject: log issues.. Message-ID: <3BE6BD45.A2548E1C@slu.edu> I have seen this twice and have no idea as to what this means. Can anyone shed some light on this? Cheers, Tony Security Violations =-=-=-=-=-=-=-=-=-= Nov 4 04:02:01 sifl nmbd[24147]: Got SIGHUP dumping debug info. Unusual System Events =-=-=-=-=-=-=-=-=-=-= Nov 4 04:02:01 sifl syslogd 1.4-0: restart. Nov 4 04:02:01 sifl syslogd 1.4-0: restart. Nov 4 04:02:01 sifl syslogd 1.4-0: restart. Nov 4 04:02:01 sifl syslogd 1.4-0: restart. Nov 4 04:02:01 sifl syslogd 1.4-0: restart. Nov 4 04:02:01 sifl syslogd 1.4-0: restart. Nov 4 04:02:01 sifl nmbd[24147]: [2001/11/04 04:02:01, 0] nmbd/nmbd.c:sig_hup(92) Nov 4 04:02:01 sifl nmbd[24147]: Got SIGHUP dumping debug info. Nov 4 04:02:01 sifl nmbd[24147]: [2001/11/04 04:02:01, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) Nov 4 04:02:01 sifl nmbd[24147]: dump_workgroups() Nov 4 04:02:01 sifl nmbd[24147]: dump workgroup on subnet 192.168.20.1: netmask= 255.255.255.0: Nov 4 04:02:01 sifl nmbd[24147]: ^IPMO(1) current master browser = SIFL Nov 4 04:02:01 sifl nmbd[24147]: ^I^ISIFL 40049b0b (PMO Samba Server) Nov 4 04:02:01 sifl nmbd[24147]: [2001/11/04 04:02:01, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) Nov 4 04:02:01 sifl nmbd[24147]: dump_workgroups() Nov 4 04:02:01 sifl nmbd[24147]: dump workgroup on subnet 192.168.20.2: netmask= 255.255.255.0: Nov 4 04:02:01 sifl nmbd[24147]: ^IPMO(1) current master browser = SIFL Nov 4 04:02:01 sifl nmbd[24147]: ^I^ISIFL 40049b0b (PMO Samba Server) Nov 4 04:02:01 sifl nmbd[24147]: [2001/11/04 04:02:01, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) Nov 4 04:02:01 sifl nmbd[24147]: dump_workgroups() Nov 4 04:02:01 sifl nmbd[24147]: dump workgroup on subnet UNICAST_SUBNET: netmask= 165.134.1.26: Nov 4 04:02:01 sifl nmbd[24147]: ^IPMO(1) current master browser = UNKNOWN Nov 4 04:02:01 sifl nmbd[24147]: ^I^ISIFL 40019b0b (PMO Samba Server) Nov 4 04:02:01 sifl smbd[24142]: [2001/11/04 04:02:01, 0] smbd/server.c:sig_hup(384) Nov 4 04:02:01 sifl smbd[24151]: [2001/11/04 04:02:01, 0] smbd/server.c:sig_hup(384) Nov 4 04:02:01 sifl smbd[24151]: Got SIGHUP Nov 4 04:02:01 sifl smbd[24163]: [2001/11/04 04:02:01, 0] smbd/server.c:sig_hup(384) Nov 4 04:02:01 sifl smbd[24163]: Got SIGHUP Nov 4 04:02:01 sifl smbd[25091]: [2001/11/04 04:02:01, 0] smbd/server.c:sig_hup(384) Nov 4 04:02:01 sifl smbd[25091]: Got SIGHUP Nov 4 04:02:01 sifl smbd[24142]: Got SIGHUP Nov 4 04:03:59 sifl nmbd[24147]: [2001/11/04 04:03:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From ariel at jusbaires.gov.ar Mon Nov 5 09:04:26 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:37 2003 Subject: trusth realtions between samba PDC and NT PDC Message-ID: <006301c1661b$d2393840$1a3ca8ac@jusbaires.gov.ar> i have a samba PDC and a NT PDC working in mi local net.. in the samba PDC there are around 800 users.. in the NT PDC there are aroun 400 users.. i want my user to can use the shares of the NT and the shares of the clients of the NT.. in Microsoft terms this is called Trusth relationship.. how can i do this with samba? thx! From thorsten.stettin at gemplus.com Mon Nov 5 09:19:03 2001 From: thorsten.stettin at gemplus.com (Thorsten Stettin) Date: Tue Dec 2 02:36:37 2003 Subject: trusth realtions between samba PDC and NT PDC Message-ID: <20011105171908.B488A108012@frolic.celocom.de> Am 05.11.2001 18:03:41, schrieb "Ariel Mella" : >i have a samba PDC and a NT PDC working in mi local net.. >in the samba PDC there are around 800 users.. in the NT PDC there are aroun >400 users.. >i want my user to can use the shares of the NT and the shares of the clients >of the NT.. >in Microsoft terms this is called Trusth relationship.. >how can i do this with samba? >thx! > Sorry, but there are no trust relationships between Samba controlled systems and windows nt controlled systems and between Samba controlled systems as well! Regards Thorsten From MelloL at dtees.com Mon Nov 5 09:42:05 2001 From: MelloL at dtees.com (Mello, Luiz) Date: Tue Dec 2 02:36:37 2003 Subject: Winbind crashing PDC Message-ID: <0F595785B8F5D411848600B0D0B04DC15E831C@DTE_AA_05> I am trying to make our samba server authenticate against our NT 4 PDC with no success. I am following the how to by John Trostel with samba 2.2.2 on RH 7.2. Created a machine account for samba on the pdc, compiled samba with winbind and with pam, built a smb.conf with domain master = no; local master = no; preferred master = no; os level =32. If I try to join the domain using smbpasswd I get the error cli_pipe: return critical error. error code was 0." This causes the PDC to crash, and no passwords are accepted on the PDC. If I try to restart the PDC I get the error no sufficient permissions. The only way to do it is with the PWR button. If I try to join the domain using samba that was not compiled with winbind it joins fine. Has someone has success in having samba authenticate with a NT4 PDC using winbind? What could be going on? Thanks! Luiz-Robertto Mello LAN Administrator From ink at inconnu.isu.edu Mon Nov 5 11:55:16 2001 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:36:37 2003 Subject: Win2K Roaming Profile Problem In-Reply-To: Message-ID: On Thu, 1 Nov 2001, Doug Douglass wrote: > What Samba version? > > What SP of Win2K? > > What do you have in smb.conf for "logon path"? Do you have a profiles share? > > What do your samba logs have to say? > > Give us some info and we may be able to help you. > > I've had Win2K SP2 roaming profiles with Samba 2.2.1a as PDC working for > many months with no problems. Upgrading to Samba 2.2.2 posed some problems > with profiles so I'm sticking with 2.2.1a, but it had more to do with our > LDAP backend and RIDs, then any general failure of roaming profiles. What problems are you seeing with 2.2.2? One thing we've noticed with W2k and 2.2.2 is that every time a user logs on with Windows 2000, it creates a new profile (eg, "user" "user.1" "user.2" "user.3" etc.). We haven't really dealt with Windows 2000 before now, so we're not sure if it is a Windows 2000 issue or a Samba issue... NT4 domain logins work just fine, though. -- It is financially more expensive to go to prison than to attend Harvard. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From ink at inconnu.isu.edu Mon Nov 5 11:58:02 2001 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:36:37 2003 Subject: Nt roaming profiles gets corrupted In-Reply-To: <20011105060024.11419.qmail@ee.eee.metu.edu.tr> Message-ID: On Mon, 5 Nov 2001, Turan Demirci wrote: > Hello to every one...! > > I have a student lab with 53 nt machines and samba as a PDC > serving to approx. 500 student. > > Now I have problems with roaming profiles. Roaming profiles gets > corrupted and students needs to delete them. This makes them > angry :) > > I have searched web but could not found any way to solve this > problem. > > Had anybody managed to overcome this problem? Turn off "oplocks" on the share that has the profiles. Turn on "strict allocate". -- It is financially more expensive to go to prison than to attend Harvard. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From gaubrig at yahoo.com Mon Nov 5 12:35:02 2001 From: gaubrig at yahoo.com (Gaurang Pandya) Date: Tue Dec 2 02:36:38 2003 Subject: trusth realtions between samba PDC and NT PDC In-Reply-To: <006301c1661b$d2393840$1a3ca8ac@jusbaires.gov.ar> Message-ID: <20011105203517.54701.qmail@web10206.mail.yahoo.com> Hi Ariel, In samba 2.2.2 you have an configuration option like "Allow trusted Doamin" make it "yes" preferibliy through SWAT. Which should solve your problem. Gaurang. --- Ariel Mella wrote: > i have a samba PDC and a NT PDC working in mi local > net.. > in the samba PDC there are around 800 users.. in the > NT PDC there are aroun > 400 users.. > i want my user to can use the shares of the NT and > the shares of the clients > of the NT.. > in Microsoft terms this is called Trusth > relationship.. > how can i do this with samba? > thx! > > > __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com From sevans at foundation.sdsu.edu Mon Nov 5 12:54:01 2001 From: sevans at foundation.sdsu.edu (Steve Evans) Date: Tue Dec 2 02:36:38 2003 Subject: Samba 2.2.2 and Active Directory Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A73F3@foundation.foundation.sdsu.edu> It seems like the best way to get Samba to use Windows accounts for authentication is to use LDAP. Would any agree with this? If so any good documentation on this? I know it is in development but I'd like to start poking around with it. Steve From gaubrig at yahoo.com Mon Nov 5 13:08:22 2001 From: gaubrig at yahoo.com (Gaurang Pandya) Date: Tue Dec 2 02:36:38 2003 Subject: OS levels in SAMBA Message-ID: <20011105210838.6802.qmail@web10207.mail.yahoo.com> Hi Group, Can any one tell me what are different OS levels in samba and what does each of that mean. Gaurang. __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com From s354199 at student.uq.edu.au Mon Nov 5 14:47:02 2001 From: s354199 at student.uq.edu.au (Elliot Mackenzie) Date: Tue Dec 2 02:36:38 2003 Subject: FW: XP/Samba securities Message-ID: <000801c1664b$de60a2e0$0401a8c0@macka> I had an existing setup here with 2K machines logging on to a samba pdc. After some early hiccups with failed logons (resolved with the aid of kind people on this list I ), I was able to get XP machines logging on to the samba (2.2.2) domain. However I have noticed some differences. Previously with the 2K machines, it was not possible for users to install software among other things. With the XP machines, users are free to install software, drivers, codecs - in fact, users are able to do anything an administrator can do short of changing passwords and creating users (users cannot do this). They are not marked or in a group marked for administrator privileges. Fortunately these machines are still isolated as test machines, but this may pose a problem. Is this normal or is there something I have done incorrectly? Is there a more convenient way to prevent this or is it just a matter of finding a decent policy editor and setting up the XP machines differently from the existing 2K machines? Regards, Elliot. From Eric.Wallace at nsc.com Mon Nov 5 14:52:03 2001 From: Eric.Wallace at nsc.com (Eric Wallace) Date: Tue Dec 2 02:36:38 2003 Subject: Unable to join domain Message-ID: < "0E9723BE7177043F*/c=US/admd= /prmd=National/o=notes/ou=Americas/s=Wallace/g=Eric/"@MHS> I'm failing to convince Samba 2.2.2 on several Solaris8/Sparc machines to join the NT4 domain. It's just taunting me now, with no useful error messages! Yes, I'm following directions: (a) add the server name in NT's Server Mangler, (b) run 'smbpasswd -j MEFP -r MEADMIN01 -UAdministrator%domainadminpassword' (yes, that's the domain name and PDC name, and no, I didn't tell you the real password). This is the output: INFO: Debug class all level = 3 (pid 15702 from pid 15702) added interface ip=139.187.212.99 bcast=139.187.255.255 nmask=255.255.0.0 added interface ip=127.0.0.1 bcast=255.255.255.255 nmask=0.0.0.0 resolve_lmhosts: Attempting lmhosts lookup for name MEADMIN01<0x20> Connecting to 139.187.48.34 at port 139 session setup ok Domain=[MEFP] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] Unable to join domain MEFP. Other things I've tried: * using the NT-based WINS server, or local LMHOSTS * deleting 'secrets.tdb' before trying again Also, I've changed to log level 10 and read the whole dang output... The communication seems to be working fine, from authentication to establishing the pipes, etc. Towards the end, there's an error "error closing user policywrite_socket(4,45)", a write and a read, and then smbpasswd dies with the same message "Unable to join domain MEFP." If anyone has any ideas, please help (on-list or off). I've put my butt on the line to say that Samba could solve some of our problems, and I'm still convinced it can, I just need to get it authenticating properly! Eric W. Wallace National Semiconductor/Maine I.S. Infrastructure Sr. System Engineer eric.wallace@nsc.com From j.schmidt at extracom.de Tue Nov 6 01:38:02 2001 From: j.schmidt at extracom.de (Jens Uwe Schmidt) Date: Tue Dec 2 02:36:38 2003 Subject: AW: OS levels in SAMBA In-Reply-To: <20011105210838.6802.qmail@web10207.mail.yahoo.com> Message-ID: Hi, with the OS level you can adjust, if the samba server wins or looses the game of becoming the local master browser in your smb network. See the file BROWSING.txt in the documentation. There are also examples. cheers JUS > -----Ursprungliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Gaurang Pandya > Gesendet: Montag, 5. November 2001 22:09 > An: samba-ntdom@lists.samba.org > Betreff: OS levels in SAMBA > > > Hi Group, > > Can any one tell me what are different OS levels in > samba and what does each of that mean. > > Gaurang. > > __________________________________________________ > Do You Yahoo!? > Find a job, post your resume. > http://careers.yahoo.com > From tarjei at nu.no Tue Nov 6 02:16:02 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:36:38 2003 Subject: Samba 2.2.2 and Active Directory References: <20C245C5F9A41949A359CCDBF4B3ADED2A73F3@foundation.foundation.sdsu.edu> Message-ID: <3BE7B82A.9B23EBF6@nu.no> I haven't heard anyone try to use samba/ldap w AD, but you'll find some ldap refs here: www.samba-tng.org/docs.html please note that they are for samba-tng, but a lot should work for 2.2.2 as well. Tarjei Steve Evans wrote: > > It seems like the best way to get Samba to use Windows accounts for > authentication is to use LDAP. Would any agree with this? If so any > good documentation on this? I know it is in development but I'd like to > start poking around with it. > > Steve From oenustech at oenus.com Tue Nov 6 02:41:03 2001 From: oenustech at oenus.com (OenusTech) Date: Tue Dec 2 02:36:38 2003 Subject: delete roaming profiles under win2k and PGP. Not good. Message-ID: <1260.192.168.1.13.1005043298.squirrel@mail.oenus.com> Hi there! After some long hours trying to figure out some nasty behavior related to win2k automatically deleting roaming cached profiles, I?d like to share the results with you guys for any future reference. CONFIG: Samba 2.2.2 stack release with ACL support linux kernel version 2.4.13-ac4 with ACL many win2ksp2 machines with NTFS PGP 7.0.3 installed on all win machines PROBLEM: Roaming profiles won?t be deleted after user logs out. When user logs back in a profile duplicates under folder $user.$domain.??? where ? is an integer beetween 0 and 9. Ok, first, and following the guidelines in samba-2.2.2/docs/README- Win2kSP2, nt acl support = no must be put on smb.conf?s [profiles] configuration. Even if Samba acts as PDC it needs to be put in the file. That means that all files in our profiles must ignore acls, but unix user and group permissions wich are still maintained. :-( Second, and source of my last headaches, PGP will lock the folder $user\Application Data\PGP after $user logs out. This folder cannot be deleted by anybody (not even an Administrator) until reboot applied. Ugly! If PGP uninstalled roaming profiles work and can be deleted Now, my question for all PGP users here, has anybody been able to use the delete roaming profiles behavior with PGP installed in win2k machines? Regards, and many thanks to Noel and Todd for helping me. Ignacio From ariel at jusbaires.gov.ar Tue Nov 6 04:07:02 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:38 2003 Subject: trusth realtions between samba PDC and NT PDC References: <20011105203517.54701.qmail@web10206.mail.yahoo.com> Message-ID: <004a01c166bb$7ffd2aa0$1a3ca8ac@jusbaires.gov.ar> > In samba 2.2.2 you have an configuration option like > "Allow trusted Doamin" make it "yes" preferibliy > through SWAT. Which should solve your problem. ok. i set this option to yes in the smb.conf.... and then what... how i tell in what domains i trust?? another person respond me that is imposible to do trust relations at the moment with samba... and .. why are you telling me that do that from SWAT??? i can?t find a rason to change my smb.conf from SWAT.. thx > > in the samba PDC there are around 800 users.. in the > > NT PDC there are aroun > > 400 users.. > > i want my user to can use the shares of the NT and > > the shares of the clients > > of the NT.. > > in Microsoft terms this is called Trusth > > relationship.. > > how can i do this with samba? > > thx! > > > > > > > From abartlet at pcug.org.au Tue Nov 6 04:29:19 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:36:38 2003 Subject: trusth realtions between samba PDC and NT PDC References: <20011105203517.54701.qmail@web10206.mail.yahoo.com> Message-ID: <3BE7D779.BA0A73E9@bartlett.house> Note that that option assumes samba is a *member* of an NT domain, and that trust exists between these two *NT* domains. Samba simply does not have the functionality to maintain domain trusts. This is being (slowly) worked on, but it takes time and considerable effort. Andrew Bartlett Gaurang Pandya wrote: > > Hi Ariel, > > In samba 2.2.2 you have an configuration option like > "Allow trusted Doamin" make it "yes" preferibliy > through SWAT. Which should solve your problem. > > Gaurang. > --- Ariel Mella wrote: > > i have a samba PDC and a NT PDC working in mi local > > net.. > > in the samba PDC there are around 800 users.. in the > > NT PDC there are aroun > > 400 users.. > > i want my user to can use the shares of the NT and > > the shares of the clients > > of the NT.. > > in Microsoft terms this is called Trusth > > relationship.. > > how can i do this with samba? > > thx! > > > > > > > > __________________________________________________ > Do You Yahoo!? > Find a job, post your resume. > http://careers.yahoo.com > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Andrew Bartlett abartlet@pcug.org.au Samba Team member, Build Farm maintainer abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net From pjmp at kingsfords.co.uk Tue Nov 6 04:41:09 2001 From: pjmp at kingsfords.co.uk (Peter Polkinghorne) Date: Tue Dec 2 02:36:38 2003 Subject: Unix to SMB password synchronisation Message-ID: <200111061241.MAA29662@helios.kingsfords.co.uk> I have set up a web page describing my Unix to SMB password synchronisiation which also has the source code to the C front end and expect script used. http://www.btinternet.com/~p.polkinghorne/samba/u2s/ Note this is a Solaris specific solution - but should be adaptable to other Unices. Hope this helps someone ... -- Peter Polkinghorne, IT Manager Kingsford Stacey Blackwell ppolkinghorne@kingsfords.co.uk 14 Old Square, Lincoln's Inn (44) 020 7447 1200 London WC2A 3UB From abartlet at pcug.org.au Tue Nov 6 05:29:02 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:36:38 2003 Subject: Unix to SMB password synchronisation References: <200111061241.MAA29662@helios.kingsfords.co.uk> Message-ID: <3BE7E55F.2CC6B80@bartlett.house> Peter Polkinghorne wrote: > > I have set up a web page describing my Unix to SMB password synchronisiation > which also has the source code to the C front end and expect script used. > > http://www.btinternet.com/~p.polkinghorne/samba/u2s/ > > Note this is a Solaris specific solution - but should be adaptable to other > Unices. > > Hope this helps someone ... The pam_smbpass module included in the distribution has the same aims btw, you might want to look into it. -- Andrew Bartlett abartlet@pcug.org.au Samba Team member, Build Farm maintainer abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net From aubin.galinotti at activia.net Tue Nov 6 06:02:02 2001 From: aubin.galinotti at activia.net (Aubin Galinotti) Date: Tue Dec 2 02:36:38 2003 Subject: Samba 2.2.1a as PDC ... Win2k srv client, don't wan't roaming profiles Message-ID: <3BE7ED20.8040501@activia.net> Hello all, While reading the mailling-list archives I have seen many people having problem to set up roaming profiles, I have exactly the opposite problem. I don't have roaming profiles set on my server and I don't want them. But I tried to add a Win2000 advanced server in the domain (just as member, no BDC or wathever) and when I log on the windos box, it complain about not being able to get the profile from the server. So how can I desactivate roaming profiles ? is it something on the samba server side or on the windows server side ? I don't have the "logon path" parametter, and no share named "Profiles" I tried using poledit to set the default o local profile rather than roaming profiles (tried to save them as NTconfig.pol or ntconfig.pol in the netlogon share) but it still don't work If anyone have an idea ? Aubin Galinotti here is a summary of my config : ### Samba server ### Samba 2.2.1a running on RedHat 7.2 (installed using RPM) ### smb.conf ### [global] netbios name = PDC workgroup = WORKGROUP os level = 64 preferred master = yes domain master = yes local master = yes domain logons = yes security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd logon drive = X: logon script = %u.bat [netlogon] comment = Network Logon Service path = /data/samba/netlogon locking = no public = no browseable = yes guest ok = yes writable = no case sensitive = no preserve case = yes short preserve case = no default case = yes From turner at uvs.is Tue Nov 6 06:58:03 2001 From: turner at uvs.is (turner@uvs.is) Date: Tue Dec 2 02:36:38 2003 Subject: Joining A Linux Box Running Samba To Win2000 Running Active Directory Message-ID: Hello, I have beat my head against the wall with this for some time now. I have had no luck searching the mailing list archives either. Sigh. My needs are very simple. I simply want to join a Linux box (RH 7.1) to a Win2000 network running active directory. Nothing fancy here. The Linux box should behave as any othe Win2K client. Could a kind soul please email me the recipe to make this happen for me? Thanks for your time. Cheers, Douglass Turner email: turner@uvs.is From ariel at jusbaires.gov.ar Tue Nov 6 07:30:42 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:38 2003 Subject: antivirus for samba Message-ID: <021601c166d7$d41c22a0$1a3ca8ac@jusbaires.gov.ar> hi! anyone have tried in a production server with the antivirus for samba ?? www.openantivirus.org From ad at ordix.de Tue Nov 6 07:57:03 2001 From: ad at ordix.de (Andre Dirr) Date: Tue Dec 2 02:36:38 2003 Subject: Samba as BDC Message-ID: <5.1.0.14.2.20011106165504.00a7f378@pop.ordix.de> hallo, we have a network with a windows nt pdc and want a unix machine with samba to be a bdc. my question: is it possible? i couldn?t find anything about it in the docs. thanks for answers, andre/ORDIX AG From stefan at kornhuber.com Tue Nov 6 08:06:06 2001 From: stefan at kornhuber.com (Stefan Kornhuber) Date: Tue Dec 2 02:36:38 2003 Subject: Samba 2.2.1a/PDC and winnt client Message-ID: <20011106160555.EF1AB420F@lists.samba.org> Hi! I updated my system from samba 2.0.10 to 2.2.1a. Under the 2.0.10 samba server as a PDC the windows clients work normal and if I want to login on a winnt 4.0(SP6a) client I had the normal user rights. Then I updated the server to 2.2.1a. If i login on a winnt station now, it seems that I will only get guest rights. If I change desktop settings and I logout and login then I will also see the standard desktop again. Is there a user right file or must I change my smb.conf file? --------------------smb.conf--------------------------------- [global] workgroup = DOMAINNAME encrypt passwords = Yes map to guest = Bad User keepalive = 30 logon script = %U.bat domain logons = Yes os level = 65 preferred master = Yes domain master = Yes kernel oplocks = No admin users = root passwd program= /usr/bin/passwd unix password sync = Yes print command = /usr/bin/lpr -P%p -r %s map system = Yes map hidden = Yes time server = Yes time offset = 60 [netlogon] path = /GESICHERT/netlogon [homes] comment = Heimatverzeichnis von %U writeable = Yes create mask = 0750 browseable = No [projekt] comment = PROJEKTLAUFWERK path = /GESICHERT/projekt create mask = 0770 directory mask = 0770 ------------------------------------------------------------- I hope you could help me!!! thx for your help!!! steve From j.schmidt at extracom.de Tue Nov 6 08:07:02 2001 From: j.schmidt at extracom.de (Jens Uwe Schmidt) Date: Tue Dec 2 02:36:38 2003 Subject: AW: Samba as BDC In-Reply-To: <5.1.0.14.2.20011106165504.00a7f378@pop.ordix.de> Message-ID: Asfar as I know - this is not possible (yet?) Bye JUS > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Andre Dirr > Gesendet: Dienstag, 6. November 2001 16:57 > An: samba-ntdom@lists.samba.org > Betreff: Samba as BDC > > > hallo, > > we have a network with a windows nt pdc and want a unix machine > with samba > to be a bdc. > my question: is it possible? i couldn?t find anything about it in > the docs. > thanks for answers, > > andre/ORDIX AG > > From greg at kwikfind.com Tue Nov 6 08:41:21 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:38 2003 Subject: Samba as BDC In-Reply-To: Message-ID: > Asfar as I know - this is not possible (yet?) That is correct. It may be possible in the head code branch, but it is not currently possible in Samba 2.2.2. Regrads, Greg Zartman From robert.szentmihalyi at entracom.de Tue Nov 6 08:46:03 2001 From: robert.szentmihalyi at entracom.de (Robert Szentmihalyi) Date: Tue Dec 2 02:36:38 2003 Subject: Samba as BDC In-Reply-To: References: Message-ID: <200111061747546.SM00162@there> > Asfar as I know - this is not possible (yet?) Not yet with the head branch of Samba - wait for 3.0... It is, however, possible using Samba TNG > > > Bye > > JUS cheers, Robert > > > -----Urspr?ngliche Nachricht----- > > Von: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Andre > > Dirr Gesendet: Dienstag, 6. November 2001 16:57 > > An: samba-ntdom@lists.samba.org > > Betreff: Samba as BDC > > > > > > hallo, > > > > we have a network with a windows nt pdc and want a unix machine > > with samba > > to be a bdc. > > my question: is it possible? i couldn?t find anything about it > > in the docs. > > thanks for answers, > > > > andre/ORDIX AG -- Where do you want to be tomorrow? Entracom. Building Linux systems. http://www.entracom.de From amoote at fpelectronics.com Tue Nov 6 09:00:07 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:38 2003 Subject: Samba as BDC Message-ID: I have heard some talk of this version of Samba. What exactly _IS_ Samba TNG? Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 Robert Szentmihalyi , "Andre Dirr" , tracom.de> Sent by: cc: samba-ntdom-admin@lists Subject: Re: Samba as BDC .samba.org 11/06/2001 11:46 AM > Asfar as I know - this is not possible (yet?) Not yet with the head branch of Samba - wait for 3.0... It is, however, possible using Samba TNG > > > Bye > > JUS cheers, Robert > > > -----Urspr?ngliche Nachricht----- > > Von: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Andre > > Dirr Gesendet: Dienstag, 6. November 2001 16:57 > > An: samba-ntdom@lists.samba.org > > Betreff: Samba as BDC > > > > > > hallo, > > > > we have a network with a windows nt pdc and want a unix machine > > with samba > > to be a bdc. > > my question: is it possible? i couldn?t find anything about it > > in the docs. > > thanks for answers, > > > > andre/ORDIX AG -- Where do you want to be tomorrow? Entracom. Building Linux systems. http://www.entracom.de From amoote at fpelectronics.com Tue Nov 6 11:12:05 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:38 2003 Subject: Samba as BDC Message-ID: That doesn't mean much to me. Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 "Brian Cavanagh" To: amoote@fpelectronics.com Subject: Re: Samba as BDC 11/06/2001 01:53 PM Its Samba, The Next Generation. >From: amoote@fpelectronics.com >To: Robert Szentmihalyi >CC: samba-ntdom@lists.samba.org >Subject: Re: Samba as BDC >Date: Tue, 6 Nov 2001 11:58:26 -0500 > > >I have heard some talk of this version of Samba. What exactly _IS_ Samba >TNG? > >Regards, > >Alan B. Moote >Systems Administrator >MARK IV Industries >tel: 905.624.7908 >fax: 905.625.6197 > > > > > Robert Szentmihalyi > , "Andre Dirr" , > tracom.de> > Sent by: cc: > samba-ntdom-admin@lists Subject: Re: Samba as BDC > .samba.org > > > 11/06/2001 11:46 AM > > > > > > > > Asfar as I know - this is not possible (yet?) > >Not yet with the head branch of Samba - wait for 3.0... >It is, however, possible using Samba TNG > > > > > > > Bye > > > > JUS > >cheers, > Robert > > > > > > -----Urspr?ngliche Nachricht----- > > > Von: samba-ntdom-admin@lists.samba.org > > > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Andre > > > Dirr Gesendet: Dienstag, 6. November 2001 16:57 > > > An: samba-ntdom@lists.samba.org > > > Betreff: Samba as BDC > > > > > > > > > hallo, > > > > > > we have a network with a windows nt pdc and want a unix machine > > > with samba > > > to be a bdc. > > > my question: is it possible? i couldn?t find anything about it > > > in the docs. > > > thanks for answers, > > > > > > andre/ORDIX AG > >-- >Where do you want to be tomorrow? > >Entracom. Building Linux systems. >http://www.entracom.de > > > > > > > Get your FREE download of MSN Explorer at http://explorer.msn.com From j_lores at hotmail.com Tue Nov 6 14:59:05 2001 From: j_lores at hotmail.com (Jorge A. Lores) Date: Tue Dec 2 02:36:38 2003 Subject: New to Samba, mounting disks from a PC Message-ID: Hi guys, I am new to Samba and I am somewhat familiar with Windows NT. I am having problems when I try to mount a shared resource from a PC. I need some guidance, a starting point would be nice. My situation: The linux machine(where Samba resides)named MADUX is on a workgroup called MYGROUP. The PC client named KM0033 is on a workgroup called KMLAB. I created a resource in the smb.conf file called "tmp". Contents of the smb.conf are: [global] encrypt passwords = Yes security = domain workgroup = KMLAB password server = * [homes] guest ok = no read only = no [tmp] path = /root read only = yes From johan.carlsson at rangeservant.se Tue Nov 6 23:39:02 2001 From: johan.carlsson at rangeservant.se (Johan Carlsson) Date: Tue Dec 2 02:36:38 2003 Subject: Message-ID: From con at gfm.co.uk Wed Nov 7 03:34:02 2001 From: con at gfm.co.uk (Con Harte) Date: Tue Dec 2 02:36:39 2003 Subject: New to Samba, mounting disks from a PC In-Reply-To: Message-ID: <5.0.2.1.0.20011107112728.00a870f0@voodoo> Hi. I could be wrong but it looks like your Samba machine needs to become a member of the domain "MYGROUP" if that is actually a domain as opposed to a workgroup. You state that it is a "workgroup", so I'm figuring that's exactly what it is, in which case you might want to reconsider the " security = " setting in your smb.conf file. The setting "security = domain" expects to find a domain controller within that workgroup that can authenticate logons. Try "security = server". If this isn't right, anyone please feel free to comment on my answer. Hope that helps. Con. At 22:59 06/11/01, you wrote: >Hi guys, > >I am new to Samba and I am somewhat >familiar with Windows NT. I am having >problems when I try to mount a shared >resource from a PC. I need some guidance, >a starting point would be nice. > >My situation: >The linux machine(where Samba resides)named MADUX is on a >workgroup called MYGROUP. The PC client named KM0033 is >on a workgroup called KMLAB. I created a resource >in the smb.conf file called "tmp". Contents of the smb.conf are: >[global] >encrypt passwords = Yes >security = domain >workgroup = KMLAB >password server = * > >[homes] >guest ok = no >read only = no > >[tmp] >path = /root >read only = yes > > From the Linux machine, when I type "smbclient //madux/tmp", I get the >message "tree connect failed: ERRSRV-ERRinvnetname >(Invalid network name in tree connect.)" But when I type >"smbclient //madux/root", where "root" is a username(superuser), >this works. > From the PC machine, when I type "net use x: \\madux\tmp" >I get prompted for a password. After I type the password, whether correct or incorrect, I get the message "The account is not >authorized to login from this station". > >Question(s): >How do I make the linux machine part of the KMLAB workgroup? >(guidelines) > >What could be the source of my problems? >(guidelines) > > >Note: >I've been tackling my problems for a couple of days. >I know that I am probably asking for too much, but some >help would be appreciated it. > > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > +======================================= + + + Con Harte -- Systems Administrator + + GFM Services Ltd + + 42 Phoenix Court + + Hawkins Road + + Colchester + + Essex + + CO2 8JY + + Telephone: +44 (0)1206 791 733 + + Facsimile: +44 (0)1206 791 735 + + Email: sysadmin@gfm.co.uk + + + ======================================== From penschuck at gmx.de Wed Nov 7 08:11:06 2001 From: penschuck at gmx.de (penschuck@gmx.de) Date: Tue Dec 2 02:36:39 2003 Subject: Procedure out of Time @ 2K and XP Domain-Logon Message-ID: <17583.1005149474@www51.gmx.net> Hi and thanks for reading or maybe helping me ;-) I run an Samba-PDC under Redhat 7.1 and the latest Samba Release. If I try to Logon the Domain under Win2k and WinXP i get the Error "Procedure out of Time". I`ve done all the things in the Manuals in the Shell, in Swat or Webmin or enything else... I never seen a File named "ZEITZ.PDC_ZEITZ.mac" and I don`t know how to generate such File. But I think the Log's will say more...this is the Samba-log of the WKS named "GROSSER" the Domain is "ZEITZ". [2001/10/28 21:03:18, 0] passdb/smbpassfile.c:trust_password_lock(118) trust_password_lock: cannot open file /etc/samba/ZEITZ.PDC_ZEITZ.mac - Error was No such file or directory. [2001/10/28 21:03:18, 0] passdb/smbpassfile.c:trust_get_passwd(287) domain_client_validate: unable to open the machine account password file for machine PDC_ZEITZ in domain ZEITZ. [2001/10/28 21:03:19, 0] passdb/smbpassfile.c:trust_password_lock(118) trust_password_lock: cannot open file /etc/samba/ZEITZ.PDC_ZEITZ.mac - Error was No such file or directory. [2001/10/28 21:03:19, 0] passdb/smbpassfile.c:trust_get_passwd(287) domain_client_validate: unable to open the machine account password file for machine PDC_ZEITZ in domain ZEITZ. And this is my smb.conf: [global] path = /home domain master = yes preferred master = yes dns proxy = yes share modes = no logon path = home\profiles name resolve order = wins dns bcast lmhosts encrypt passwords = yes null passwords = yes time server = yes status = yes valid users = GROSSER$,root,ich,nobody wins support = true keep alive = 30 domain admin group = @root security = domain ssl ca certfile = /usr/share/ssl/certs/ca-bundle.crt domain logons = yes workgroup = ZEITZ server string = Samba local master = yes log file = /var/log/samba/%m.log netbios name = PDC_ZEITZ username map = /etc/samba/user.map os level = 65 domain admin users = root GROSSER$ [ich] path = /home/ich browsable = yes writable = yes # valid users = ich # public = no [doc's] path = /usr/share/doc browsable = yes writable = no public = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = yes valid users = ich root GROSSER$ [Profiles] path = /home/profiles browseable = yes guest ok = yes # nt acl support = yes THANX Jan :p -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From cyroreal at bol.com.br Wed Nov 7 08:12:09 2001 From: cyroreal at bol.com.br (cyroreal) Date: Tue Dec 2 02:36:39 2003 Subject: Backup with samba Message-ID: Hello all, I've got a samba 2.2.2 server that is the PDC of my network, and i want to make a backup of all win98 workstation on the server, the my documents forlder of each win98 client as computername_date.tar.gz. Besides that i want also make a backup of the /home directory of my server as server_date.tar.gz and the copy everything to a cdrw on the server. What backup software do you guys sugest me to use?? Or the better way is to create scripts and use crontab to copy it to the server. Tanks in advance for the help. Cyro __________________________________________________________________________ AcessoBOL, s=F3 R$ 9,90! O menor pre=E7o do mercado! Assine j=E1! http://www.bol.com.br/acessobol From gaubrig at yahoo.com Wed Nov 7 08:15:03 2001 From: gaubrig at yahoo.com (Gaurang Pandya) Date: Tue Dec 2 02:36:39 2003 Subject: Joining A Linux Box Running Samba To Win2000 Running Active Directory In-Reply-To: Message-ID: <20011107161538.44561.qmail@web10207.mail.yahoo.com> I am also facing the same problem plesae help me too.. Gaurang. --- turner@uvs.is wrote: > Hello, > > I have beat my head against the wall with this for > some time now. I have > had no luck searching the mailing list archives > either. Sigh. > > My needs are very simple. I simply want to join a > Linux box (RH 7.1) to a > Win2000 network running active directory. Nothing > fancy here. The Linux box > should behave as any othe Win2K client. > > Could a kind soul please email me the recipe to make > this happen for me? > > Thanks for your time. > > Cheers, > Douglass Turner > email: turner@uvs.is > > > __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com From rickera2 at SLU.EDU Wed Nov 7 08:59:02 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:39 2003 Subject: Odd behavior logging in revisited.. Message-ID: <3BE96883.12A5C0BC@slu.edu> All, I have posted this issue before but received little response. The issue is when a user logs in to samba, sometimes it will give the "incorrect password or access to your server has been denied" error. This has happened to me (including others) and I know I typed the correct password. I will hit enter again at the log on box and then it will authenticate. I see nothing in the logs that gives me an idea as to what is happening. I do one of 3 things if it will not let a user log in: 1. smbpasswd -a user name 2. have the user retype their user name in the log on box 3. last resort: delete user in etc/passwd and /etc/samba/smbpasswd and re-enter them. There is no pattern that I can see, some times 1 will work, sometimes not. Same with 2 and 3. Could this be a bug? My setup is Red Hat 7.1 with smb 2.2.2 Any help or guidance is appreciated. Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From turner at uvs.is Wed Nov 7 09:00:11 2001 From: turner at uvs.is (turner@uvs.is) Date: Tue Dec 2 02:36:39 2003 Subject: How to use smbwrapper Message-ID: If I missed this in the docs I apologize, but I have not found any explaination about how to use smbwrapper. "Using Samba" recommdends including --with-smbwrapper during configuration. Done. Now how do I experience the joys of using it? Cheers, Douglass Turner From filipi at technologist.com Wed Nov 7 09:02:04 2001 From: filipi at technologist.com (Filipi D. Vianna) Date: Tue Dec 2 02:36:39 2003 Subject: Backup with samba References: Message-ID: <3BE9686B.238EDF12@technologist.com> cyroreal wrote: > I've got a samba 2.2.2 server that is > the PDC of my network, and i want to > make a backup of all win98 workstation > on the server, the my documents > forlder of each win98 client as > computername_date.tar.gz. Besides that > i want also make a backup of the /home > directory of my server as > server_date.tar.gz and the copy > everything to a cdrw on the server. > What backup software do you guys > sugest me to use?? Or the better way > is to create scripts and use crontab > to copy it to the server. > Tanks in advance for the help. I already did the same thing you want to do, and I did using crotab calling some cshell scripts and everything is going fine. Regards, Filipi From ariel at jusbaires.gov.ar Wed Nov 7 10:25:02 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:42 2003 Subject: Backup with samba References: <3BE9686B.238EDF12@technologist.com> Message-ID: <003f01c167b9$60bd1660$1a3ca8ac@jusbaires.gov.ar> > I already did the same thing you want to do, > and I did using crotab calling some cshell > scripts and everything is going fine. Would be great if you can submit the scripts! i mean... GNU its about that.. or not? > > Regards, > Filipi > > From ggoodrich at medinotes.com Wed Nov 7 14:48:02 2001 From: ggoodrich at medinotes.com (Greg Goodrich) Date: Tue Dec 2 02:36:42 2003 Subject: Browse list problems with linux PDC Message-ID: <3BE9BA0D.E111BDA8@medinotes.com> I've set up a RedHat 7.1 box with samba 2.2.2 running as a PDC to replace an aging WinNT4 Small Business Server machine. The problem is that when I go to a windows client machine and bring up the network neighborhood, only some of the machines are listed in the network. I'm not certain if this just started happening, or if it has only showed a subset of the machines on the network since the switch. I've been reading through the documentation trying to find the answer to this problem, including the BROWSING.txt included with samba. My samba package is configured to use the guest account "nobody". This user does exist in my /etc/passwd file, but it isn't in the smbpasswd file. I'm not sure if it needs to be. When I try using: smbclient -N -L I get: added interface ip=10.0.0.1 bcast=10.0.0.255 nmask=255.255.255.0 Anonymous login successful Domain=[MEDINOTES2] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment --------- ---- ------- Error returning browse list: ERRDOS - ERRnoaccess (Access denied.) Server Comment --------- ------- Workgroup Master --------- ------- Anyone have any ideas? TIA -- Greg Goodrich Senior Software Engineer MediNotes Corp. ggoodrich@medinotes.com From samba at denverdata.com Wed Nov 7 15:47:01 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:42 2003 Subject: Backup with samba In-Reply-To: <003f01c167b9$60bd1660$1a3ca8ac@jusbaires.gov.ar> Message-ID: amanda (www.amanda.org) is a great backup/restore tool capable of backing up windoze clients (via smbclient). It might be overkill for your needs, and it's really designed for backing up to tape, but can be run "tapeless". > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ariel Mella > Sent: Wednesday, November 07, 2001 11:24 AM > To: Filipi D. Vianna > Cc: samba-nt-domain > Subject: Re: Backup with samba > > > > > I already did the same thing you want to do, > > and I did using crotab calling some cshell > > scripts and everything is going fine. > > Would be great if you can submit the scripts! > i mean... GNU its about that.. or not? > > > > Regards, > > Filipi > > > > > > From greg at kwikfind.com Wed Nov 7 16:25:01 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:42 2003 Subject: share size Message-ID: Does anyone know of a way to determine the size of a share, in bytes/KB, using smbclient? Thank you Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From ross at lyximer.net Wed Nov 7 16:35:02 2001 From: ross at lyximer.net (Ross McKillop) Date: Tue Dec 2 02:36:42 2003 Subject: Software Installs & Policies Message-ID: Just a few questions, I am running a samba/windows 2000 network with about 25 workstations that use the samba box both as a fileserver and PDC... I have two questions... 1) What is the easiest way to remotely install software across all of the windows workstations... IS there an easy way? I looked into using the "Network Install Tab" tip and created a share called apps containing the application cds (just in a standard linux folder) and an apps.inf file with the appropriate settings, and a pointer to this added in the appropriate place to all the client machine's registries. although it doesnt appear to work... 2) I have an NTConfig.POL file running normally, and without problems however it seems unable to enforce restrictions per group or per user using only Default User and Default Computer settings... What could I be doing wrong, everything else seems to work.... I'm running version 2.2.1a from CVS a month or so ago. The help of anyone who can shed a little light on these two things would be much appreciated. From ross at lyximer.net Wed Nov 7 16:37:04 2001 From: ross at lyximer.net (Ross McKillop) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: Message-ID: Mount the share using smbmount (mount -t smbfs) then simply use df as you would normally... on my system this gives an output along the lines of.... [root@willow /root]# df -h Filesystem Size Used Avail Use% Mounted on //general1/c$ 7.5G 3.2G 4.3G 43% /mnt/ntws/general1/c //general2/c$ 7.5G 2.2G 5.3G 29% /mnt/ntws/general2/c //general3/c$ 19G 1.2G 17G 7% /mnt/ntws/general3/c //general4/c$ 19G 1.3G 17G 7% /mnt/ntws/general4/c //general5/c$ 19G 1.6G 17G 9% /mnt/ntws/general5/c //general7/c$ 4.0G 1.6G 2.4G 39% /mnt/ntws/general7/c //general9/c$ 19G 7.7G 11G 40% /mnt/ntws/general9/c //general11/c$ 19G 1.9G 16G 11% /mnt/ntws/general11/c //general12/c$ 19G 1.2G 17G 7% /mnt/ntws/general12/c //general13/c$ 7.9G 1006M 6.8G 13% /mnt/ntws/general13/c I dont know if there's an easier way? On Wed, 7 Nov 2001, Greg Zartman wrote: > Does anyone know of a way to determine the size of a share, in bytes/KB, > using smbclient? > > Thank you > > Greg J. Zartman, P.E. > Vice-President > Logging Engineering International, Inc. > (541)683-8383 fax (541)683-8144 > www.leiinc.com > > From greg at kwikfind.com Wed Nov 7 16:44:10 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: Message-ID: Ross, > Mount the share using smbmount (mount -t smbfs) > then simply use df as you would normally... on my system this gives an > output along the lines of.... Thanks. That's the method I was currently using. Didn't know if there was a way to do it without mounting. Oh well.. Greg From jasonc at reinit.org Wed Nov 7 19:32:05 2001 From: jasonc at reinit.org (Jason Cook) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: ; from greg@kwikfind.com on Wed, Nov 07, 2001 at 04:38:37PM -0800 References: Message-ID: <20011107223136.A6712@panacea.canonical.org> * Greg Zartman (greg@kwikfind.com) wrote: > Ross, > > > Mount the share using smbmount (mount -t smbfs) > > then simply use df as you would normally... on my system this gives an > > output along the lines of.... > > Thanks. That's the method I was currently using. Didn't know if there was > a way to do it without mounting. Oh well.. > > Greg > I got bored and wrote a script using smbclient that outputs sizes of shares on hosts. Just put in the password and update the $remote entries to match your environment. I know the code is mildly nasty, but I'm still learning :) http://reinit.org/source/smb_sizes.plx -- Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD evolServ Technology | Home page: http://reinit.org Give a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. -- John A. Hrastar -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011107/0240f7e0/attachment.bin From peter.milburn at sofcom.com.au Wed Nov 7 20:27:03 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:36:42 2003 Subject: Samba 2.2.2 Message-ID: Hi, just starting to upgrade to samba 2.2.2 from 2.2.1a ? I am having a problem with a samba machine joining the samba PDC, I get the error ? No password server list given in smb.conf - unable to join domain ? This is a cut of what I am using ? security = domain password server = * encrypt passwords = yes Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** ? -------------- next part -------------- A non-text attachment was scrubbed... Name: BDY.RTF Type: application/rtf Size: 9592 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011107/4295155b/BDY.rtf From jasonc at reinit.org Wed Nov 7 21:25:03 2001 From: jasonc at reinit.org (Jason Cook) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: <20011107223136.A6712@panacea.canonical.org>; from jasonc@reinit.org on Wed, Nov 07, 2001 at 10:31:36PM -0500 References: <20011107223136.A6712@panacea.canonical.org> Message-ID: <20011108002528.B9067@panacea.canonical.org> * Jason Cook (jasonc@reinit.org) wrote: > * Greg Zartman (greg@kwikfind.com) wrote: > > Ross, > > > > > Mount the share using smbmount (mount -t smbfs) > > > then simply use df as you would normally... on my system this gives an > > > output along the lines of.... > > > > Thanks. That's the method I was currently using. Didn't know if there was > > a way to do it without mounting. Oh well.. > > > > Greg > > > > I got bored and wrote a script using smbclient that outputs sizes of > shares on hosts. Just put in the password and update the $remote > entries to match your environment. I know the code is mildly nasty, > but I'm still learning :) > I've been trying to modify the script to to list the sizes of all the machines in the workgroup and have run into a small problem. I think I have found a bug in smbclient. I can't seem to use -L to look up the shares on a machine without being asked for a password. Since -L is an option but I am not connecting to a share the password doesn't get parsed correctly so I am stuck with a prompt. Am I doing things wrong or is this a bug? -- Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD evolServ Technology | Home page: http://reinit.org The point of life is to be happy. -- The Dali Lama -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011107/9b2599c5/attachment.bin From jasonc at reinit.org Wed Nov 7 21:28:02 2001 From: jasonc at reinit.org (Jason Cook) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: <20011108002528.B9067@panacea.canonical.org>; from jasonc@reinit.org on Thu, Nov 08, 2001 at 12:25:28AM -0500 References: <20011107223136.A6712@panacea.canonical.org> <20011108002528.B9067@panacea.canonical.org> Message-ID: <20011108002747.C9067@panacea.canonical.org> * Jason Cook (jasonc@reinit.org) wrote: > > > > I got bored and wrote a script using smbclient that outputs sizes of > > shares on hosts. Just put in the password and update the $remote > > entries to match your environment. I know the code is mildly nasty, > > but I'm still learning :) > > > > I've been trying to modify the script to to list the sizes of all the > machines in the workgroup and have run into a small problem. I think > I have found a bug in smbclient. I can't seem to use -L to look up > the shares on a machine without being asked for a password. Since -L > is an option but I am not connecting to a share the password doesn't > get parsed correctly so I am stuck with a prompt. > > Am I doing things wrong or is this a bug? > I found a workaround by putting in a bogus share name. -- Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD evolServ Technology | Home page: http://reinit.org "If it's a hobby for us and a job for you, then why are you doing such a shoddy job?" -- Linus Torvalds, regarding Microsoft -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011107/b063b16c/attachment.bin From daniel.botella at teuchos.fr Wed Nov 7 23:11:03 2001 From: daniel.botella at teuchos.fr (Daniel Botella) Date: Tue Dec 2 02:36:42 2003 Subject: Multiple Samba server in Domain Message-ID: <6a42e266705dde39.705dde396a42e266@teuchos.fr> I clarify that i would have : 1 samba PDC which authenticate users and manage homes directory for a lot of them 1 or more other samba server (not PDC) which manage the directory of the others users. Then I can't set logon home for all users in the global section : example : user A1 and A2 have their home directory on the PDC user B1 and B2 ont the second samba server the logon home parameter would be : logon home = \\PDCserver\%u for users A1 and A2 and logon home = \\2ndserver\%u for users B1 and B2 Another question is about the user's creation. Must I add the users on the two samba server ? ----- Original Message ----- From: "Daniel Botella" Date: Wednesday, October 31, 2001 3:49 pm Subject: Multiple Samba server in Domain > Hello, > > I Have a PDC on my domain wichn manage users with home on > directories on > it > I Would install a second samba server and distibute the user's > home > among the two servers > > How (and where ) can I declare to the PDC that one specific user > must > connect to the specific samba server and mount his home directory > on it. > > > > > From c-3 at gmx.net Thu Nov 8 00:06:06 2001 From: c-3 at gmx.net (Markus Stahl) Date: Tue Dec 2 02:36:42 2003 Subject: Backup with samba References: Message-ID: <11186.1005206743@www33.gmx.net> > > I've got a samba 2.2.2 server that is > the PDC of my network, and i want to > make a backup of all win98 workstation > on the server, the my documents > forlder of each win98 client as > computername_date.tar.gz. Besides that > i want also make a backup of the /home > directory of my server as > server_date.tar.gz and the copy > everything to a cdrw on the server. Just a question: what about mapping the 'my documents' folder to the home share on your server? That would make backup process easier and safer, due you don't have to make the 'my folder' directory a share on every win98 machine and it would also isolate the personal files of all users if they want to save them in 'my folder'. Or isn't your server always available? > What backup software do you guys > sugest me to use?? Or the better way > is to create scripts and use crontab > to copy it to the server. I would say that depends on your abilities. But of writing a custom script could propably better fit your needs and is of course cheaper. ;) -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From R.J.Mckeating at lboro.ac.uk Thu Nov 8 03:42:02 2001 From: R.J.Mckeating at lboro.ac.uk (Ron McKeating) Date: Tue Dec 2 02:36:42 2003 Subject: Machine Accounts Message-ID: <1005219308.29315.39.camel@sprocket> Hi all, I was wondering if any of you could offer me some advice. I want to use samba for our file store for about 600 student lab seats. I cannot seem to make the automatic adding of the machine account work. I can do it manually, but I do not want to have to visit 600 pc's and log in manually as root. We create one image of the lab pc's and then distribute it to the labs using multicast ghost. Basically I want to create the ghost image so that all the machines log into our samba pdc on boot up. We can create all our student user accounts in advance, no problem there, but I need all the machine accounts to be automatically created as soon as to machine tries to log in. Is this possible, or do I need to take a different approach? Ron -- Ron McKeating Computing Officer Computing Services Loughborough University http://www.ronmac.lboro.ac.uk/~ccrjm/ Tel: 01509 222329 Fax: 01509 223989 From josef.balom at iot-consulting.de Thu Nov 8 07:27:02 2001 From: josef.balom at iot-consulting.de (Josef Balom) Date: Tue Dec 2 02:36:42 2003 Subject: re Message-ID: confirm 427626 From josef.balom at iot-consulting.de Thu Nov 8 07:57:03 2001 From: josef.balom at iot-consulting.de (Josef Balom) Date: Tue Dec 2 02:36:42 2003 Subject: Windows DC and Linux Client Message-ID: Hopefully someone can help me. we have a Network where is a NT DomainController and any Windows clients. Now I want to connect with a linux client to the DC. Is there a way to do this? I have configured the IP and subnetmask on the linux client but I couldn?t see any of the windows computers in my network. On the windows pc is the linux client also invisible. _________________________________________________________ Josef Balom IOT Dr. Sorg Unternehmensberatung Boschetsrieder Str. 12 81379 M?nchen Tel: (+49) 89 / 74 28 77 - 0 Fax: (+49) 89 / 74 28 77 - 77 e-Mail: mailto:josef.balom@iot-consulting.de Home: http://www.iot-consulting.de/ http://www.iot-unternehmensberatung.de/ From greg at kwikfind.com Thu Nov 8 08:49:16 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:42 2003 Subject: share size References: <20011107223136.A6712@panacea.canonical.org> Message-ID: <004001c16873$644bc6e0$b5203ace@greg> Jason, Thanks for the script. Actually, I'll give you a little background on what I'm doing. This actually fits another active thread on this mailing list. I've put together perl program that ties together three Samba programs to achived data from all online windows clients, with a share named backup, back to the server. The reason that I'm looking to find out share size is so that I can keep track of how much data that I'm trying to archive back to the server hard drive so that I don't inadvertantly fill it up with client backup data. ;o) Currently, I create a temporary mount point, mount the share using smbmount, then run a df on the share mount. When I'm finished, I unmount the share and delete the mount point. Works fine, but seems a little slopply. Maybe it's the best way to perform this task, but not sure. Regards, Greg J. Zartman ----- Original Message ----- From: Jason Cook To: Samba NTDOM Sent: Wednesday, November 07, 2001 7:31 PM Subject: Re: share size From aaa at netman.dk Thu Nov 8 10:16:50 2001 From: aaa at netman.dk (Alaa Alamood) Date: Tue Dec 2 02:36:42 2003 Subject: Samba and nis question Message-ID: <3BEAD9BF.46676EF3@netman.dk> Hi Thanks for this nice product I have samba 2.2.2 running on alpha server (tru64 5.1), samba configured to be PDC, and I have yppasswd on my server, my questions are 1- How is possible to sync. smbpasswd with yppasswd when I enable sync passwd like the following passwd program = /usr/bin/yppasswd unix password sync = yes passwd chat = *New*SMB*password* %n\n *Retype*new*SMB*password:* %n\n *Password*changed*for*user* and try to change the password from the user I got the following error machine 127.0.0.1 rejected the password chang: Error was: the specified password is ivalid 2- I have made scripte to register the machines into yppasswd and smbpasswd and I add the following in smb.conf file add user scripte /usr/local/bin/addmachine -a %m when I try to join the domain from win2k no thing happen any body know why thanks in advanc Alaa From mg at trash.net Thu Nov 8 11:45:01 2001 From: mg at trash.net (Mathias Gygax) Date: Tue Dec 2 02:36:42 2003 Subject: re In-Reply-To: ; from josef.balom@iot-consulting.de on Don, Nov 08, 2001 at 04:24:57 +0100 References: Message-ID: <20011108204819.A10346@chiba.dyndns.org> On Don, Nov 08, 2001 at 04:24:57 +0100, Josef Balom wrote: > confirm 427626 confirm X-MimeOLE *g* From samba at denverdata.com Thu Nov 8 11:46:03 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: <004001c16873$644bc6e0$b5203ace@greg> Message-ID: look at amanda (www.amanda.org). It's a great unix backup/restore application -- and, it does all the things you're asking for, plus a heck of a lot more. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Zartman > Sent: Thursday, November 08, 2001 9:36 AM > To: Jason Cook; Samba NTDOM > Subject: Re: share size > > > Jason, > > Thanks for the script. > > Actually, I'll give you a little background on what I'm doing. This > actually fits another active thread on this mailing list. I've put > together perl program that ties together three Samba programs to achived > data from all online windows clients, with a share named backup, back to > the server. The reason that I'm looking to find out share size > is so that I > can keep track of how much data that I'm trying to archive back to the > server hard drive so that I don't inadvertantly fill it up with client > backup data. ;o) > > Currently, I create a temporary mount point, mount the share > using smbmount, > then run a df on the share mount. When I'm finished, I unmount the share > and delete the mount point. Works fine, but seems a little > slopply. Maybe > it's the best way to perform this task, but not sure. > > Regards, > > Greg J. Zartman > > > > ----- Original Message ----- > From: Jason Cook > To: Samba NTDOM > Sent: Wednesday, November 07, 2001 7:31 PM > Subject: Re: share size > > > > From jasonc at reinit.org Thu Nov 8 12:16:12 2001 From: jasonc at reinit.org (Jason Cook) Date: Tue Dec 2 02:36:42 2003 Subject: share size In-Reply-To: ; from samba@denverdata.com on Thu, Nov 08, 2001 at 12:46:00PM -0700 References: <004001c16873$644bc6e0$b5203ace@greg> Message-ID: <20011108151627.F24706@panacea.canonical.org> * Doug Douglass (samba@denverdata.com) wrote: > look at amanda (www.amanda.org). It's a great unix backup/restore > application -- and, it does all the things you're asking for, plus a heck of > a lot more. > I looked at amanda a while back and really liked it except for one thing. They take most of the tape rotation out of your hands. You have to convert to their metodology. In some situations it works great, but not in mine. I ended up using bru with pre-exec and post-exec scripts to handle remote mounts. -- Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD evolServ Technology | Home page: http://reinit.org Um, it's like, uh ... did anyone see the movie ron'? -- Homer Simpson -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011108/4d2c9081/attachment.bin From webmaster at viitindia.org Thu Nov 8 21:50:03 2001 From: webmaster at viitindia.org (Shekhar) Date: Tue Dec 2 02:36:42 2003 Subject: Samba and nis question References: <3BEAD9BF.46676EF3@netman.dk> Message-ID: <005701c168dd$be6fe5b0$010010ac@iis> 1. passwd program = /usr/bin/yppasswd %u unix password sync = Yes passwd chat = *root*password* urpasswdhere\n \ *new*password* %n\n *new*password* %n\n *NIS* 2. My addmachine script. Usage addmachine machinename eg. addmahine comp1 __________________________________________ /usr/sbin/adduser $1$ -d /dev/null -s /bin/false smbpasswd -a -m $1$ echo "Added Machine Account $1 to SMB DataBase." __________________________________________ Shekhar System Administrator, VIIT Telefax: +91-2112-43476 to 79 Ext: 216 Email: webmaster@viitindia.org Web: www.viitindia.org ----------------------------------------- Check out viitindia.org for new Career services ----- Original Message ----- From: "Alaa Alamood" To: Sent: Friday, November 09, 2001 12:45 AM Subject: Samba and nis question > Hi > > Thanks for this nice product > > I have samba 2.2.2 running on alpha server (tru64 5.1), samba configured > to be PDC, and I have yppasswd on my server, my questions are > > 1- How is possible to sync. smbpasswd with yppasswd > when I enable sync passwd like the following > > passwd program = /usr/bin/yppasswd > unix password sync = yes > passwd chat = *New*SMB*password* %n\n *Retype*new*SMB*password:* > %n\n *Password*changed*for*user* > > and try to change the password from the user I got the following > error > > machine 127.0.0.1 rejected the password chang: Error was: the > specified password is ivalid > > > 2- I have made scripte to register the machines into yppasswd and > smbpasswd and I add the following in smb.conf file > > add user scripte /usr/local/bin/addmachine -a %m > > when I try to join the domain from win2k no thing happen > > any body know why > > > thanks in advanc > > Alaa > > > From virgo at azcher.kharkov.ua Fri Nov 9 01:17:19 2001 From: virgo at azcher.kharkov.ua (Virgo) Date: Tue Dec 2 02:36:42 2003 Subject: Again Samba uses 100 % of resources Message-ID: <3BEB9EC8.5020905@azcher.kharkov.ua> Hi! Again there was a problem with Samba # ps -aux | grep smbd root 1232 0.0 0.2 2964 580 ? S Oct29 0:00 smbd -D chirva 30010 66.3 1.3 5148 3564 ? R Nov08 957:50 smbd -D chirva 936 0.0 0.5 3592 1340 ? D Nov08 0:00 smbd -D root 2466 0.2 0.7 3780 1900 ? S 08:54 0:14 smbd -D alexeych 2514 0.0 0.6 3704 1784 ? S 09:12 0:01 smbd -D root 2674 0.2 0.7 3776 1868 ? S 09:24 0:11 smbd -D rudenko 2736 0.3 0.7 3848 1956 ? S 09:54 0:08 smbd -D root 2746 0.0 0.7 3664 1820 ? S 09:56 0:01 smbd -D root 2844 0.0 0.6 3652 1636 ? S 10:22 0:00 smbd -D root 2860 0.0 0.4 3588 1280 ? S 10:34 0:00 smbd -D chirva 2861 0.0 0.6 3772 1744 ? D 10:35 0:00 smbd -D nobody 2903 0.0 0.5 3636 1424 ? S 10:41 0:00 smbd -D # kill -9 30010 The process remains to the worker. Only restart Linux help me. My smb.conf global section: [global] netbios name = hydra workgroup = AZCHER server string = Hydra (Samba Server %v) client code page = 866 nt acl support = yes oplocks = no level2 oplocks = no domain admin group = @engineering add user script = /usr/sbin/adduser -n -g 65534 -c "Trust Account" -d /dev/null -s /bin/false %m$ hosts allow = 192.168.1. 127. log file = /var/log/samba/log.%m log level = 1 max log size = 1000 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 interfaces = 192.168.1.0/24 bind interfaces only = yes local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\Profiles\%U dns proxy = no HELP! P.S. Samba-2.2.2, kernel-2.2.19 with ACL-Patch. -- Registered Linux User #186627 ICQ UIN 50715669 E-Mail: mailto:virgo@azcher.kharkov.ua SMS: mailto:virgo@kyivstar.net Tel: +38(0572)194976 Fax: +38(0572)194905 From aaa at netman.dk Fri Nov 9 02:46:02 2001 From: aaa at netman.dk (Alaa Alamood) Date: Tue Dec 2 02:36:42 2003 Subject: Samba and nis question References: <3BEAD9BF.46676EF3@netman.dk> <005701c168dd$be6fe5b0$010010ac@iis> Message-ID: <3BEBC1B8.A43AF1DD@netman.dk> Hi I have tried the first par, I still have problem to sync. password. Is any way to aviod having root passwrod on the smb.conf file, there is some security issues here thanks in advance Alaa Shekhar wrote: > 1. > passwd program = /usr/bin/yppasswd %u > unix password sync = Yes > passwd chat = *root*password* urpasswdhere\n \ > *new*password* %n\n *new*password* %n\n *NIS* > > 2. My addmachine script. > > Usage addmachine machinename > eg. addmahine comp1 > __________________________________________ > /usr/sbin/adduser $1$ -d /dev/null -s /bin/false > smbpasswd -a -m $1$ > echo "Added Machine Account $1 to SMB DataBase." > __________________________________________ > > Shekhar > System Administrator, VIIT > Telefax: +91-2112-43476 to 79 Ext: 216 > Email: webmaster@viitindia.org > Web: www.viitindia.org > ----------------------------------------- > Check out viitindia.org > for new Career services > ----- Original Message ----- > From: "Alaa Alamood" > To: > Sent: Friday, November 09, 2001 12:45 AM > Subject: Samba and nis question > > > Hi > > > > Thanks for this nice product > > > > I have samba 2.2.2 running on alpha server (tru64 5.1), samba configured > > to be PDC, and I have yppasswd on my server, my questions are > > > > 1- How is possible to sync. smbpasswd with yppasswd > > when I enable sync passwd like the following > > > > passwd program = /usr/bin/yppasswd > > unix password sync = yes > > passwd chat = *New*SMB*password* %n\n *Retype*new*SMB*password:* > > %n\n *Password*changed*for*user* > > > > and try to change the password from the user I got the following > > error > > > > machine 127.0.0.1 rejected the password chang: Error was: the > > specified password is ivalid > > > > > > 2- I have made scripte to register the machines into yppasswd and > > smbpasswd and I add the following in smb.conf file > > > > add user scripte /usr/local/bin/addmachine -a %m > > > > when I try to join the domain from win2k no thing happen > > > > any body know why > > > > > > thanks in advanc > > > > Alaa > > > > > > From Brad.Wilson at equant.com Fri Nov 9 06:02:05 2001 From: Brad.Wilson at equant.com (Brad.Wilson@equant.com) Date: Tue Dec 2 02:36:42 2003 Subject: Samba passwds on Linux Message-ID: After someone changes their password from NT/W2K are the passwds on the linux encryped by NT or by the Samba/Linux? BW From jmcd at us.ibm.com Fri Nov 9 06:15:01 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:42 2003 Subject: Samba passwds on Linux Message-ID: Brad Wilson wrote: >After someone changes their password from NT/W2K are the passwds on the >linux encryped by NT or by the Samba/Linux? If you have "encrypt passwords = yes", then they are encrypted before they go across the wire. If you have "encrypt passwords = no", they are sent across in plain text. Does that answer your question? ---------------------------- Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com jmcd@samba.org Phone: (207) 885-5565 IBM tie-line: 776-9984 Brad.Wilson@equant.com@lists.samba.org on 11/09/2001 09:02:18 AM Sent by: samba-ntdom-admin@lists.samba.org To: samba-ntdom@lists.samba.org cc: Subject: Samba passwds on Linux After someone changes their password from NT/W2K are the passwds on the linux encryped by NT or by the Samba/Linux? BW From S.Scheufen at ebv.com Fri Nov 9 06:47:06 2001 From: S.Scheufen at ebv.com (Scheufen Stephan) Date: Tue Dec 2 02:36:42 2003 Subject: Joining A Linux Box Running Samba To Win2000 Running Active D irectory Message-ID: <2C573D5DEB7AEC4482D5512074A7023CD062BA@bdcexch2.ebv.com> Hi there, just do a "smbpasswd -j DOMAIN -r DOMAIN_PDC -U ntadmin&ntadminpassword" But what i found out was that my samba2.2.2 is not able to join my NT domain if there is a BDC in the domain!! After i?ve switched off the BDC everything was OK. good luck! Stephan > > Stephan Scheufen - IT Systems and Office Support Europe > EBV ELEKTRONIK > L?tscher Weg 66 - D-41334 Nettetal - Germany > Fon: +49-2153-733-315 - Fax: 310 - Mail: s.scheufen@ebv.com > -----Original Message----- > From: Gaurang Pandya [mailto:gaubrig@yahoo.com] > Sent: Mittwoch, 7. November 2001 17:16 > To: turner@uvs.is; samba-ntdom@lists.samba.org > Cc: turner@uvs.is > Subject: Re: Joining A Linux Box Running Samba To Win2000 > Running Active > Directory > > > I am also facing the same problem plesae help me too.. > Gaurang. > --- turner@uvs.is wrote: > > Hello, > > > > I have beat my head against the wall with this for > > some time now. I have > > had no luck searching the mailing list archives > > either. Sigh. > > > > My needs are very simple. I simply want to join a > > Linux box (RH 7.1) to a > > Win2000 network running active directory. Nothing > > fancy here. The Linux box > > should behave as any othe Win2K client. > > > > Could a kind soul please email me the recipe to make > > this happen for me? > > > > Thanks for your time. > > > > Cheers, > > Douglass Turner > > email: turner@uvs.is > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Find a job, post your resume. > http://careers.yahoo.com > From jcowgar at bhsys.com Fri Nov 9 07:25:49 2001 From: jcowgar at bhsys.com (Jeremy Cowgar) Date: Tue Dec 2 02:36:43 2003 Subject: W2k logging into 2.2.2 PDC - Very Stuck. Message-ID: Greetings, I have setup Samba 2.2.2 (compile from source on web site). I have configured it to be the PDC. I have inserted the add user script and that works great. I can join the domain with no problems at all, however I cannot log into the domain. (In /etc/passwd my computer name is added with a $ and also in /opt/samba/private/smbpasswd my computer name is there as well). The error I recieve when trying to log into the domain is: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I used the root account which does have a valid entry in smbpasswd, to join the domain. All works great up until this problem with the domain login. Can anyone help? Thanks, Jeremy Cowgar - jcowgar@bhsys.com From aoclarit at kiwi.dhs.org Fri Nov 9 13:20:03 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:43 2003 Subject: samba-wins and lmhost-file import Message-ID: <007301c16964$44177a80$8c4331a2@Alex2000> Hi all I have a samba wins-server to take care of all our netBIOS name queries. The dynamic entries work fine but I'd like to import an lmhosts file that we still use for some subnets. We don't have BDC's on those subnets and the clients still rely on the #DOM: entry in the lmhosts-file to log on to the domain. Could I import this lmhosts-file into the samba-wins database to make the use of lmhosts unnecessary and how would I do it ? thx ALEX From danws at terra.com.br Sat Nov 10 03:38:02 2001 From: danws at terra.com.br (Daniel William Schultz) Date: Tue Dec 2 02:36:43 2003 Subject: Samba PDC + Samba Server ( Urgent! ) Message-ID: <20011110093927.618fe042.danws@terra.com.br> Hi all again :) I have read the Samba PDC HOWTO and Samba PDC Faq, and search the mail archives as well, but I still have one doubt about one thing. Lets explain what I have done: Samba PDC ( 10.0.0.1 ) smb.conf for samba-pdc ------------------------------------------------------------- [global] workgroup = EDUTECJF server string = Servidor Edutec PDC hosts allow = 10. socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 log file = /var/log/samba/log.%I max log size = 50000 debug level = 1 security = user encrypt passwords = yes passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* smb passwd file = /etc/smbpasswd local master = yes domain master = yes preferred master = yes domain logons = yes logon script = %U_%I.bat ---------------------------------------------------- Samba PDC is working fine, no problems :) I have another samba server... ( 10.0.0.2 ) smb.conf for samba secondary server: ---------------------------------------------------- [global] workgroup = EDUTECJF server string = SERVIDOR SAMBA EXPERIMENTAL hosts allow = 10. log file = /var/log/samba/log.%m max log size = 50000 debug level = 1 security = domain password server = EDUTECLINUX encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = yes dns proxy = no --------------------------------------------------------------- I added the samba server on PDC as described below: adduser -g machines -c Secondary -d/dev/null -s/bin/false -n pinguim$ smbpasswd -a -m pinguim$ The entry on /etc/smbpasswd was added and everything looked ok Then on samba secondary server I follow the step: smbpasswd -j EDUTECJF -r EDUTECLINUX And joined the domain as expected :) I have one user called "dws" on the samba PDC and one called "koala" on samba secondary server. On PDC there is the creation of logonscripts "on the fly", but its not working with samba secondary server running. The user dws logs but do not execute the .bat The user koala logs but do no execute the .bat I think that I am almost there...can anyone help me ? PS: if I disable the domain logons = yes on samba secondary server, the user koala ( that is registered on secondary server ) do not logs, but the user "dws" ( that is registered on PDC ) logs and execute the logon script...annoying thing :( Thanks, Daniel William Schultz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba From jcowgar at bhsys.com Sat Nov 10 06:42:04 2001 From: jcowgar at bhsys.com (Jeremy Cowgar) Date: Tue Dec 2 02:36:43 2003 Subject: W2K, Samba PDC 2.2.2 - Computer Password Incorrect. References: <20011110093927.618fe042.danws@terra.com.br> Message-ID: <006701c169f5$ead8b820$0100a8c0@GOLLIE> Greetings, I have setup a Samba PDC, v2.2.2. I did everything according to the PDC FAQ, including setting up the add user script, setting up the root user in smbpasswd, etc.. My W2K system joins the domain just fine, an account is created in both /etc/passwd and /opt/samba/private/smbpasswd ... I restart the system, try to log into the domain and it complains that my computer's password is incorrect in the PDC. Does anyone know what's going on? Thanks! Jeremy Cowgar - jcowgar@bhsys.com From calvin18 at calvin18.dhs.org Sat Nov 10 08:56:03 2001 From: calvin18 at calvin18.dhs.org (Calvin18) Date: Tue Dec 2 02:36:43 2003 Subject: PDC on samba 2.2.2 for win2000 and xp Message-ID: <000101c16a08$e9f71010$0200a8c0@desktop> I keep getting the errors "the specified user does not exist" when I try to join the samba PDC using a window 2000 professional client.. anyone having this encounter? Or anyone successfully created a PDC with roaming profiles and is able to be logged on by a win2000 client? Mind sending my their smb.conf? thanx ! From danws at terra.com.br Sat Nov 10 09:19:01 2001 From: danws at terra.com.br (Daniel William Schultz) Date: Tue Dec 2 02:36:43 2003 Subject: Patch for events like "On Create", "On Modify"... Message-ID: <20011110152117.6e8b0aa8.danws@terra.com.br> Hi all :) I have spent my night thinking about one problem that my company asked me to solve, and I come to the conclusion that is a little bit easy to do ( I guess... ). The problem with the Recycle bin was solved with the patches that Brandon made ( http://www.amherst.edu/~bbstone/howto/samba.html )...the recycle bin is working fine :) Lets see: The files go to the bin on a kind of "On delete" event ? Why don't create one patch for "On Create/Modify" event ? We could use it for checking viruses "on the fly", dont you think ? I was looking in the subdirs of the samba source, and I found one audit.c , on examples/VFS...it looks like a kind of logging on create/modify/delete/chmod files and create/delete/rename directories. Looking by this side, we could change the audit.c, and instead of logging this actions, it could exec one command like: "/usr/local/av/uvscan --parameters... %var" I really don't know how to do this ( In fact I'm trying to find some docs about C to see if I find the parameter needed to change the audit.c to execute other command ), and I will try to learn a bit of C to change, but I don't know if I will make it... So, the idea is released...my boss is asking every day for this, and I don't know another way to make things easier to work with one antivirus :/ Thanks to Brandon for the Recycle Bin patches, thank you all for the attention. Daniel William Schultz. From jasonc at reinit.org Sat Nov 10 09:53:06 2001 From: jasonc at reinit.org (Jason Cook) Date: Tue Dec 2 02:36:43 2003 Subject: Patch for events like "On Create", "On Modify"... In-Reply-To: <20011110152117.6e8b0aa8.danws@terra.com.br>; from danws@terra.com.br on Sat, Nov 10, 2001 at 03:21:17PM -0200 References: <20011110152117.6e8b0aa8.danws@terra.com.br> Message-ID: <20011110125237.B18715@panacea.canonical.org> * Daniel William Schultz (danws@terra.com.br) wrote: > Hi all :) > > I have spent my night thinking about one problem that my company asked me to solve, and I come to the conclusion that is a little > bit easy to do ( I guess... ). > The problem with the Recycle bin was solved with the patches that Brandon made ( http://www.amherst.edu/~bbstone/howto/samba.html )...the recycle bin is working fine :) > Lets see: The files go to the bin on a kind of "On delete" event ? > Why don't create one patch for "On Create/Modify" event ? We could use it for checking viruses "on the fly", dont you think ? > > I was looking in the subdirs of the samba source, and I found one audit.c , on examples/VFS...it looks like a kind of > logging on create/modify/delete/chmod files and create/delete/rename directories. > > Looking by this side, we could change the audit.c, and instead of logging this actions, it could exec one command like: > > "/usr/local/av/uvscan --parameters... %var" > > I really don't know how to do this ( In fact I'm trying to find some docs about C to see if I find the parameter needed to change the audit.c to execute other command ), and I will try to learn a bit of C to change, but I don't know if I will make it... > > So, the idea is released...my boss is asking every day for this, and I don't know another way to make things easier to work > with one antivirus :/ > > Thanks to Brandon for the Recycle Bin patches, thank you all for the attention. > > > Daniel William Schultz. > This is being worked on as a VFS module be Rainer Link. See . -- Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD evolServ Technology | Home page: http://reinit.org I don't know whether it takes fifteen or twenty years to do Microsoft in - what difference does it make? They're going down. You can't make less good stuff and sell it at high prices indefinitely when the good stuff is free. -- Eben Moglen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011110/0aa3abaf/attachment.bin From danws at terra.com.br Sat Nov 10 10:06:05 2001 From: danws at terra.com.br (Daniel William Schultz) Date: Tue Dec 2 02:36:43 2003 Subject: openantivirus.org? Message-ID: Page not found :/ > ---------- Mensagem original ----------- > > De : samba-ntdom-admin@lists.samba.org > Para : samba-ntdom@lists.samba.org > Cc : > Data : Sat, 10 Nov 2001 12:52:37 -0500 > Assunto : Re: Patch for events like "On Create", "On Modify"... > > * Daniel William Schultz (danws@terra.com.br) wrote: > > Hi all :) > > > > I have spent my night thinking about one problem that my company asked me to solve, and I come to the conclusion that is a little > > bit easy to do ( I guess... ). > > The problem with the Recycle bin was solved with the patches that Brandon made ( http://www.amherst.edu/~bbstone/howto/samba.html )...the recycle bin is working fine :) > > Lets see: The files go to the bin on a kind of "On delete" event ? > > Why don't create one patch for "On Create/Modify" event ? We could use it for checking viruses "on the fly", dont you think ? > > > > I was looking in the subdirs of the samba source, and I found one audit.c , on examples/VFS...it looks like a kind of > > logging on create/modify/delete/chmod files and create/delete/rename directories. > > > > Looking by this side, we could change the audit.c, and instead of logging this actions, it could exec one command like: > > > > "/usr/local/av/uvscan --parameters... %var" > > > > I really don't know how to do this ( In fact I'm trying to find some docs about C to see if I find the parameter needed to change the audit.c to execute other command ), and I will try to learn a bit of C to change, but I don't know if I will make it... > > > > So, the idea is released...my boss is asking every day for this, and I don't know another way to make things easier to work > > with one antivirus :/ > > > > Thanks to Brandon for the Recycle Bin patches, thank you all for the attention. > > > > > > Daniel William Schultz. > > > > This is being worked on as a VFS module be Rainer Link. See . > > -- > Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D > GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD > evolServ Technology | Home page: http://reinit.org > > I don't know whether it takes fifteen or twenty years to do Microsoft in - > what difference does it make? They're going down. You can't make less good > stuff and sell it at high prices indefinitely when the good stuff is free. > -- Eben Moglen > > From danws at terra.com.br Sat Nov 10 10:11:06 2001 From: danws at terra.com.br (Daniel William Schultz) Date: Tue Dec 2 02:36:43 2003 Subject: openantivirus.org? (Part 2) Message-ID: http://sourceforge.net/projects/openantivirus/ openantivirus.org down... Cya Daniel > ---------- Mensagem original ----------- > > De : samba-ntdom-admin@lists.samba.org > Para : samba-ntdom@lists.samba.org > Cc : > Data : Sat, 10 Nov 2001 12:52:37 -0500 > Assunto : Re: Patch for events like "On Create", "On Modify"... > > * Daniel William Schultz (danws@terra.com.br) wrote: > > Hi all :) > > > > I have spent my night thinking about one problem that my company asked me to solve, and I come to the conclusion that is a little > > bit easy to do ( I guess... ). > > The problem with the Recycle bin was solved with the patches that Brandon made ( http://www.amherst.edu/~bbstone/howto/samba.html )...the recycle bin is working fine :) > > Lets see: The files go to the bin on a kind of "On delete" event ? > > Why don't create one patch for "On Create/Modify" event ? We could use it for checking viruses "on the fly", dont you think ? > > > > I was looking in the subdirs of the samba source, and I found one audit.c , on examples/VFS...it looks like a kind of > > logging on create/modify/delete/chmod files and create/delete/rename directories. > > > > Looking by this side, we could change the audit.c, and instead of logging this actions, it could exec one command like: > > > > "/usr/local/av/uvscan --parameters... %var" > > > > I really don't know how to do this ( In fact I'm trying to find some docs about C to see if I find the parameter needed to change the audit.c to execute other command ), and I will try to learn a bit of C to change, but I don't know if I will make it... > > > > So, the idea is released...my boss is asking every day for this, and I don't know another way to make things easier to work > > with one antivirus :/ > > > > Thanks to Brandon for the Recycle Bin patches, thank you all for the attention. > > > > > > Daniel William Schultz. > > > > This is being worked on as a VFS module be Rainer Link. See . > > -- > Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D > GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD > evolServ Technology | Home page: http://reinit.org > > I don't know whether it takes fifteen or twenty years to do Microsoft in - > what difference does it make? They're going down. You can't make less good > stuff and sell it at high prices indefinitely when the good stuff is free. > -- Eben Moglen > > From mkh01 at earthlink.net Sat Nov 10 11:17:08 2001 From: mkh01 at earthlink.net (Michael Heironimus) Date: Tue Dec 2 02:36:43 2003 Subject: Patch for events like "On Create", "On Modify"... In-Reply-To: <20011110152117.6e8b0aa8.danws@terra.com.br>; from danws@terra.com.br on Sat, Nov 10, 2001 at 03:21:17PM -0200 References: <20011110152117.6e8b0aa8.danws@terra.com.br> Message-ID: <20011110131641.A1315@demonspawn.loopback> On Sat, Nov 10, 2001 at 03:21:17PM -0200, Daniel William Schultz wrote: > Why don't create one patch for "On Create/Modify" event ? We could use it > for checking viruses "on the fly", dont you think ? I haven't tried this module so I can't personally vouch for its function (I can't even say if it compiles with the current release of samba), but if you do a web search on "samba-fu" you should find a few references to samba-fu 0.1. This is a VFS module that pretty much does what you're looking for - it allows you to specify an arbitrary command to be run on the successful completion of a number of actions. If you need a delaying action for your boss you might point out that on a busy server scanning every file will generate a great deal of overhead and may slow it down unacceptably. While I'm very much in favor of doing virus scans of Samba shares, an automatic nightly full scan plus the occasional manual scan if you have a virus outbreak might be a better policy. That combined with a well-thought-out antivirus policy on the desktop side should take care of most of your problems. -- Michael Heironimus From jkirby at storagecraft.com Sat Nov 10 13:53:02 2001 From: jkirby at storagecraft.com (Jamey Kirby) Date: Tue Dec 2 02:36:43 2003 Subject: Patch for events like "On Create", "On Modify"... In-Reply-To: <20011110131641.A1315@demonspawn.loopback> Message-ID: <004101c16a33$44630160$6601a8c0@micron> I am a windows guy, so tell me to shut up if you want. Under Windows, the recycle bin is driven by the shell (explorer.exe). This means that when you delete a file, explorer simply renames the file to the recycle bin location, updates an index and returns. No file system delete type calls are sent. From ssaitman at laschools.org Sat Nov 10 21:28:03 2001 From: ssaitman at laschools.org (ssaitman@laschools.org) Date: Tue Dec 2 02:36:43 2003 Subject: win2k profiles Message-ID: <1041.24.41.44.97.1005456282.squirrel@mail.laschools.org> Hello all, I am running samba 2.2.2 on a redhat 7.1 kernel 2.4.13 box with mostly win 98 clients. We have just added a citrix server running win2k to the domain. The samba server is running as a PDC so all of the citrix terminal clients will be authenticating through samba. Win2k terminal needs to use profiles, which I set up according to the docs, but when I try to log in with win2k client I get the error message "You do not have permission to access the profile located \\server\profile\username. The permissions on the profile dir are set to 777 and on user dir are set at 700 the dir is owned by the correct user and group. The logon path = \\%L\profile\%U. I have set up the profile share and am able to map a drive to it. Any help to get past this would be great. Thanks in advance. Steve Saitman Network Tech. Los Angeles Unified School District From R.J.Baart at Prompt.nl Sun Nov 11 06:57:03 2001 From: R.J.Baart at Prompt.nl (Ruud Baart) Date: Tue Dec 2 02:36:44 2003 Subject: Asking for example of "add printer command" script Message-ID: <3BEE9FE9.28633.2221E0@localhost> I suppose there are several samba administrators who have written a useful "add printer command"-script. Is there someone who wants to share it with me. I prefer shell and awk-scripts. I'm not familiair with Perl. We use Samba 2.2.3 (current CVS-version) on a Suse Linux 7.0 server. Met vriendelijke groet/Regards, Prompt R.J. Baart Marktveldpassage 35c 5261 ED Vught Netherlands Mailto:R.J.Baart@Prompt.NL Http://WWW.Prompt.NL Tel.: +31 73 6567041 Fax.: +31 73 6573513 From ssaitman at laschools.org Sun Nov 11 12:09:37 2001 From: ssaitman at laschools.org (ssaitman@laschools.org) Date: Tue Dec 2 02:36:44 2003 Subject: win2k profiles Message-ID: <34962.24.41.44.97.1005508683.squirrel@mail.laschools.org> Hello all, I am running samba 2.2.2 on a redhat 7.1 kernel 2.4.13 box with mostly win 98 clients. We have just added a citrix server running win2k to the domain. The samba server is running as a PDC so all of the citrix terminal clients will be authenticating through samba. Win2k terminal needs to use profiles, which I set up according to the docs, but when I try to log in with win2k client I get the error message "You do not have permission to access the profile located \\server\profile\username. The permissions on the profile dir are set to 777 and on user dir are set at 700 the dir is owned by the correct user and group. The logon path = \\%L\profile\%U. I have set up the profile share and am able to map a drive to it. Any help to get past this would be great. Thanks in advance. Steve Saitman Network Tech. Los Angeles Unified School District From eirvine at tpgi.com.au Sun Nov 11 12:54:03 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:36:44 2003 Subject: Again Samba uses 100 % of resources References: <3BEB9EC8.5020905@azcher.kharkov.ua> Message-ID: <3BEEE539.9284E38D@tpgi.com.au> Hi, As an experiment, try adding the option "follow symlinks = no" You may have some recursive symlinks around. Worth a try! You might also want to truss one of the samba processes to see what it's doing. Eddie Virgo wrote: > > Hi! > Again there was a problem with Samba > # ps -aux | grep smbd > root 1232 0.0 0.2 2964 580 ? S Oct29 0:00 smbd -D > chirva 30010 66.3 1.3 5148 3564 ? R Nov08 957:50 smbd -D > chirva 936 0.0 0.5 3592 1340 ? D Nov08 0:00 smbd -D > root 2466 0.2 0.7 3780 1900 ? S 08:54 0:14 smbd -D > alexeych 2514 0.0 0.6 3704 1784 ? S 09:12 0:01 smbd -D > root 2674 0.2 0.7 3776 1868 ? S 09:24 0:11 smbd -D > rudenko 2736 0.3 0.7 3848 1956 ? S 09:54 0:08 smbd -D > root 2746 0.0 0.7 3664 1820 ? S 09:56 0:01 smbd -D > root 2844 0.0 0.6 3652 1636 ? S 10:22 0:00 smbd -D > root 2860 0.0 0.4 3588 1280 ? S 10:34 0:00 smbd -D > chirva 2861 0.0 0.6 3772 1744 ? D 10:35 0:00 smbd -D > nobody 2903 0.0 0.5 3636 1424 ? S 10:41 0:00 smbd -D > > # kill -9 30010 > The process remains to the worker. > Only restart Linux help me. > > My smb.conf global section: > [global] > netbios name = hydra > workgroup = AZCHER > server string = Hydra (Samba Server %v) > client code page = 866 > nt acl support = yes > oplocks = no > level2 oplocks = no > domain admin group = @engineering > add user script = /usr/sbin/adduser -n -g 65534 -c "Trust Account" -d > /dev/null -s /bin/false %m$ > hosts allow = 192.168.1. 127. > log file = /var/log/samba/log.%m > log level = 1 > max log size = 1000 > security = user > encrypt passwords = yes > smb passwd file = /etc/smbpasswd > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > interfaces = 192.168.1.0/24 > bind interfaces only = yes > local master = yes > os level = 65 > domain master = yes > preferred master = yes > domain logons = yes > logon script = %U.bat > logon path = \\%L\Profiles\%U > dns proxy = no > > HELP! > P.S. Samba-2.2.2, kernel-2.2.19 with ACL-Patch. > > -- > Registered Linux User #186627 > ICQ UIN 50715669 > E-Mail: mailto:virgo@azcher.kharkov.ua > SMS: mailto:virgo@kyivstar.net > Tel: +38(0572)194976 > Fax: +38(0572)194905 From Joachim.Tork at gad.de Sun Nov 11 23:54:02 2001 From: Joachim.Tork at gad.de (Joachim.Tork@gad.de) Date: Tue Dec 2 02:36:44 2003 Subject: Samba as a PDC - User Profiles Message-ID: Hello everybody, I wonder if it is possible to tell samba that he denies to handle user profiles so that the profiles are only kept on the local windows machine. Can anybody help ? Best regards Joachim From RFrydl at agc.cz Mon Nov 12 00:35:10 2001 From: RFrydl at agc.cz (=?iso-8859-2?Q?Fr=FDdl_Richard?=) Date: Tue Dec 2 02:36:46 2003 Subject: subscribe Message-ID: <5B8002569C3CD411A7340060B06758CF2A67CB@HYDRA> --- Odchoz? zpr?va neobsahuje viry. Zkontrolov?no antivirov?m syst?mem AVG (http://www.grisoft.cz). Verze: 6.0.295 / Virov? b?ze: 159 - datum vyd?n?: 1.11.2001 -------------- next part -------------- HTML attachment scrubbed and removed From RFrydl at agc.cz Mon Nov 12 00:39:04 2001 From: RFrydl at agc.cz (=?iso-8859-2?Q?Fr=FDdl_Richard?=) Date: Tue Dec 2 02:36:46 2003 Subject: subscribe Message-ID: <5B8002569C3CD411A7340060B06758CF2A67CD@HYDRA> --- Odchoz? zpr?va neobsahuje viry. Zkontrolov?no antivirov?m syst?mem AVG (http://www.grisoft.cz). Verze: 6.0.295 / Virov? b?ze: 159 - datum vyd?n?: 1.11.2001 -------------- next part -------------- HTML attachment scrubbed and removed From jacek at mer.chemia.polsl.gliwice.pl Mon Nov 12 01:45:08 2001 From: jacek at mer.chemia.polsl.gliwice.pl (Jacek Stolarczyk) Date: Tue Dec 2 02:36:46 2003 Subject: Profile loaded as homedir on Win2000 SP2 Message-ID: Hi, When a user logs to the domain (PDC on samba-2.2.1a) from Win2000 he gets his $HOME/profile mounted as home directory (disk Z:) instead of just $HOME. Mounting $HOME works perfectly (and has been for the last year) when logging from WinNT 4.0 SP6a. Relevant part of smb.conf reads: logon script = scripts\%G.bat logon path = \\%L\%U\profile logon home = \\%L\%U\profile [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 On WinNT a user "joe" gets Z: called "joe" (which is /home/joe) while on Win2000 get Z: called "profile" (which is /home/joe/profile). I definitely prefer the behaviour of WinNT, so what should I change to get it for all machines? The user still can mount his/her homedir typing the path \\servername\joe. Regards, Jacek Stolarczyk -- PhD-student in physical chemistry Silesian University of Technology Gliwice, Poland From teilo at cdt.luth.se Mon Nov 12 02:40:02 2001 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:36:46 2003 Subject: Profile loaded as homedir on Win2000 SP2 References: Message-ID: <3BEFA6BB.7010106@cdt.luth.se> Jacek Stolarczyk wrote: >Hi, > >When a user logs to the domain (PDC on samba-2.2.1a) from Win2000 he gets >his $HOME/profile mounted as home directory (disk Z:) instead of just >$HOME. Mounting $HOME works perfectly (and has been for the last year) >when logging from WinNT 4.0 SP6a. Relevant part of smb.conf reads: > > > logon script = scripts\%G.bat > logon path = \\%L\%U\profile > logon home = \\%L\%U\profile > ^^^^^^^^^^^^^^^^^ logon home (G) This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do C:\> *NET USE H: /HOME* from a command prompt, for example. This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. >/James > -- Technology is a word that describes something that doesn't work yet. Douglas Adams From sharpe at ns.aus.com Mon Nov 12 03:03:02 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:36:46 2003 Subject: Profile loaded as homedir on Win2000 SP2 References: <3BEFA6BB.7010106@cdt.luth.se> Message-ID: <3BEFB2AE.4050307@ns.aus.com> James Nord wrote: > Jacek Stolarczyk wrote: > >> Hi, >> >> When a user logs to the domain (PDC on samba-2.2.1a) from Win2000 he gets >> his $HOME/profile mounted as home directory (disk Z:) instead of just >> $HOME. Mounting $HOME works perfectly (and has been for the last year) >> when logging from WinNT 4.0 SP6a. Relevant part of smb.conf reads: >> >> >> logon script = scripts\%G.bat >> logon path = \\%L\%U\profile >> logon home = \\%L\%U\profile >> > ^^^^^^^^^^^^^^^^^ > > logon home (G) > > This parameter specifies the home directory location when a Win95/98 or > NT Workstation logs into a Samba PDC. It allows you to do > > C:\> *NET USE H: /HOME* > > from a command prompt, for example. Hmmm, I think that the description is wrong. 'logon home' is used in the LanMan calls (NetWkstaLogon) made by Win9X and ME (probably) when it logs onto the network. 'logon path' is used in the RPCs used by Win NT and 2K when it does an appropriate logon (LsaLogonUser) to the domain. The two have very different uses, and NetWkstaLogon cannot return as much info as LsaLogonUser does, so the home path and profiles path are obtained from the same parameter. > This option takes the standard substitutions, allowing you to have > separate logon scripts for each user or machine. > >> /James >> > -- Richard Sharpe, rsharpe@ns.aus.com, LPIC-1 www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba in 24 Hours, Special Edition, Using Samba From jay at toltec.metran.cx Mon Nov 12 03:10:05 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:46 2003 Subject: Samba as a PDC - User Profiles In-Reply-To: from "Joachim.Tork@gad.de" at Nov 12, 2001 08:53:38 AM Message-ID: <200111121108.fACB8Lq05110@toltec.metran.cx> Joachim wrote: > I wonder if it is possible to tell samba that he denies to handle user > profiles > so that the profiles are only kept on the local windows machine. As far as I can tell, this must be done on the client. You can set the permissions on the directories on the server to be unwritable for everyone, but this will result in errors and you might get a default profile instead of the local one. Jay Ts From jcowgar at bhsys.com Mon Nov 12 07:56:02 2001 From: jcowgar at bhsys.com (Jeremy Cowgar) Date: Tue Dec 2 02:36:46 2003 Subject: PDC 2.2.2 - W2K - Computer Password Incorrect. Message-ID: Greetings! I am setting up a Samba PDC, v2.2.2. I followed the PDC HowTo and I am having a problem that is not listed in the HOWTO. My W2K computer can join the domain just fine. A computer account get's added to both /etc/passwd and the smbpasswd files. My problem comes in when I try to log into the domain. The message I recieve is: The system cannot log you on to this domain because the system's computer account in it's primary domain is missing or the password on that account is incorrect. Can anyone help me out? Here's my config.Top of Form 1 # Samba config file created using SWAT # from 192.168.0.40 (192.168.0.40) # Date: 2001/11/12 10:49:09 # Global parameters [global] workgroup = G netbios name = JOEL encrypt passwords = Yes update encrypted = Yes add user script = /opt/samba/bin/adduser %m %u logon script = logon.cmd logon path = \\%N\profiles\%u logon drive = H: logon home = \\joel\%u domain logons = Yes os level = 64 preferred master = True domain master = True [Information Technologies] path = /tmp [IT_4000] path = /tmp printable = Yes [netlogon] path = /opt/samba/lib/netlogon write list = ntadmin [profiles] path = /opt/samba/lib/ntprofile read only = No create mask = 0600 directory mask = 0700 Bottom of Form 1 the /opt/samba/adduser looks like: #!/bin/sh echo "$1 $2" > /opt/samba/bin/hi.txt useradd -g machines -d /dev/null -s /dev/null -c Computer $2 so effectively, the add user script commadn looks like: useradd -g machines -d /dev/null -s /dev/null -c Computer %u Can anyone help me out? Thanks! Jeremy Cowgar - jcowgar@bhsys.com From ariel at jusbaires.gov.ar Mon Nov 12 08:53:32 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:46 2003 Subject: Patch for events like "On Create", "On Modify"... References: <20011110152117.6e8b0aa8.danws@terra.com.br> Message-ID: <001e01c16b9a$5dcc72e0$1a3ca8ac@jusbaires.gov.ar> do you try with the samba-vscan provided from www.openantivirus.org?? i just trying with it.... any succes will be great! ----- Original Message ----- From: "Daniel William Schultz" To: Cc: ; Sent: Saturday, November 10, 2001 2:21 PM Subject: Patch for events like "On Create", "On Modify"... > Hi all :) > > I have spent my night thinking about one problem that my company asked me to solve, and I come to the conclusion that is a little > bit easy to do ( I guess... ). > The problem with the Recycle bin was solved with the patches that Brandon made ( http://www.amherst.edu/~bbstone/howto/samba.html )...the recycle bin is working fine :) > Lets see: The files go to the bin on a kind of "On delete" event ? > Why don't create one patch for "On Create/Modify" event ? We could use it for checking viruses "on the fly", dont you think ? > > I was looking in the subdirs of the samba source, and I found one audit.c , on examples/VFS...it looks like a kind of > logging on create/modify/delete/chmod files and create/delete/rename directories. > > Looking by this side, we could change the audit.c, and instead of logging this actions, it could exec one command like: > > "/usr/local/av/uvscan --parameters... %var" > > I really don't know how to do this ( In fact I'm trying to find some docs about C to see if I find the parameter needed to change the audit.c to execute other command ), and I will try to learn a bit of C to change, but I don't know if I will make it... > > So, the idea is released...my boss is asking every day for this, and I don't know another way to make things easier to work > with one antivirus :/ > > Thanks to Brandon for the Recycle Bin patches, thank you all for the attention. > > > Daniel William Schultz. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > From gwardawy at iddmedia.com Mon Nov 12 09:56:03 2001 From: gwardawy at iddmedia.com (Greg Wardawy) Date: Tue Dec 2 02:36:46 2003 Subject: PDC 2.2.2 - W2K - Computer Password Incorrect. Message-ID: >>> Jeremy Cowgar 11/12/01 09:46AM >>> Greetings! I am setting up a Samba PDC, v2.2.2. I followed the PDC HowTo and I am having a problem that is not listed in the HOWTO. My W2K computer can join the domain just fine. A computer account get's added to both /etc/passwd and the smbpasswd files. My problem comes in when I try to log into the domain. The message I recieve is: The system cannot log you on to this domain because the system's computer account in it's primary domain is missing or the password on that account is incorrect. Can anyone help me out? Here's my config.Top of Form 1 # Samba config file created using SWAT # from 192.168.0.40 (192.168.0.40) # Date: 2001/11/12 10:49:09 # Global parameters [global] workgroup = G netbios name = JOEL encrypt passwords = Yes update encrypted = Yes add user script = /opt/samba/bin/adduser %m %u logon script = logon.cmd logon path = \\%N\profiles\%u logon drive = H: logon home = \\joel\%u domain logons = Yes os level = 64 preferred master = True domain master = True [Information Technologies] path = /tmp [IT_4000] path = /tmp printable = Yes [netlogon] path = /opt/samba/lib/netlogon write list = ntadmin [profiles] path = /opt/samba/lib/ntprofile read only = No create mask = 0600 directory mask = 0700 Bottom of Form 1 the /opt/samba/adduser looks like: #!/bin/sh echo "$1 $2" > /opt/samba/bin/hi.txt useradd -g machines -d /dev/null -s /dev/null -c Computer $2 so effectively, the add user script commadn looks like: useradd -g machines -d /dev/null -s /dev/null -c Computer %u ######################################### Shouldn't it be: -s /bin/false ? i.e. add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u HTH Greg ######################################### Can anyone help me out? Thanks! Jeremy Cowgar - jcowgar@bhsys.com From jcowgar at bhsys.com Mon Nov 12 10:28:03 2001 From: jcowgar at bhsys.com (Jeremy Cowgar) Date: Tue Dec 2 02:36:46 2003 Subject: [2] PDC 2.2.2 - W2K - Computer Password Incorrect. Message-ID: Greg, Unfortunatly, it does not work either way. I had it that way originally, and on some other configs I have seen it /dev/null, so I gave it a try. To make sure, I removed my maching name gray$ from both /etc/passwd and my smbpasswd file, made it a -s /bin/false and still no go. Anyone? Thanks, Jeremy Cowgar - jcowgar@bhsys.com "Greg Wardawy" wrote on 11/12/2001 12:54:55 PM: > >>>> Jeremy Cowgar 11/12/01 09:46AM >>> >Greetings! > >I am setting up a Samba PDC, v2.2.2. I followed the PDC HowTo and I am having a problem that is not listed in >the HOWTO. > >My W2K computer can join the domain just fine. A computer account get's added to both /etc/passwd and the >smbpasswd files. My problem comes in when I try to log into the domain. > >The message I recieve is: > >The system cannot log you on to this domain because the system's computer account in it's primary domain is >missing or the password on that account is incorrect. > >Can anyone help me out? > >Here's my config.Top of Form 1 > > ># Samba config file created using SWAT ># from 192.168.0.40 (192.168.0.40) ># Date: 2001/11/12 10:49:09 > ># Global parameters >[global] > workgroup = G > netbios name = JOEL > encrypt passwords = Yes > update encrypted = Yes > add user script = /opt/samba/bin/adduser %m %u > logon script = logon.cmd > logon path = \\%N\profiles\%u > logon drive = H: > logon home = \\joel\%u > domain logons = Yes > os level = 64 > preferred master = True > domain master = True > >[Information Technologies] > path = /tmp > >[IT_4000] > path = /tmp > printable = Yes > >[netlogon] > path = /opt/samba/lib/netlogon > write list = ntadmin > >[profiles] > path = /opt/samba/lib/ntprofile > read only = No > create mask = 0600 > directory mask = 0700 >Bottom of Form 1 > >the /opt/samba/adduser looks like: > >#!/bin/sh >echo "$1 $2" > /opt/samba/bin/hi.txt >useradd -g machines -d /dev/null -s /dev/null -c Computer $2 > >so effectively, the add user script commadn looks like: > >useradd -g machines -d /dev/null -s /dev/null -c Computer %u > >######################################### >Shouldn't it be: >-s /bin/false ? >i.e. add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u > >HTH >Greg >######################################### > >Can anyone help me out? > >Thanks! > >Jeremy Cowgar - jcowgar@bhsys.com From gwardawy at iddmedia.com Mon Nov 12 10:46:27 2001 From: gwardawy at iddmedia.com (Greg Wardawy) Date: Tue Dec 2 02:36:46 2003 Subject: [2] PDC 2.2.2 - W2K - Computer Password Incorrect. Message-ID: Jeremy, Let me copy my post I sent to Calvin. I'm having a "situation" here and have no time to type it again. HTH and here it goes: ################################################################### I'm not a Samba expert and have just a trial and error experience. There are two things I can think about: 1. The add user script doesn't work from smb.conf - I switched my W2K from Domain to Workgroup and rebooted it,I deleted all Samba "regular" users from smbpasswd, recreated them (remember about root user with a different than system password) and created a trusted machine account from the shell. On the W2K machine I set the Domain Name via Network Identification->Properties (not via Network ID and this stupid wizard, I hate wizards) using root user with a different password to join the domain. And everything was just fine, root.domainname profile has been created under Documents and Settings 2.It can be a problem with your routes in the routing table. I have a dial-up internet connection, one NIC and wanted to set Internet connection for my w2k machine (just for one at this time, to make it more readable). I thought it's a good idea to make a static route between Linux and W2k boxes but I was wrong. I got an error saying something like this: "Domain server is down or your machine account was not found" . Everything is fine after removing the static route except reaching the Internet from W2k machine. I'll have to work on it. Do you know any good sources about setting routes under Linux? I've read a lot but can't figure it out. Greg ################################################################### >>> Jeremy Cowgar 11/12/01 12:24PM >>> Greg, Unfortunatly, it does not work either way. I had it that way originally, and on some other configs I have seen it /dev/null, so I gave it a try. To make sure, I removed my maching name gray$ from both /etc/passwd and my smbpasswd file, made it a -s /bin/false and still no go. Anyone? Thanks, Jeremy Cowgar - jcowgar@bhsys.com "Greg Wardawy" wrote on 11/12/2001 12:54:55 PM: > >>>> Jeremy Cowgar 11/12/01 09:46AM >>> >Greetings! > >I am setting up a Samba PDC, v2.2.2. I followed the PDC HowTo and I am having a problem that is not listed in >the HOWTO. > >My W2K computer can join the domain just fine. A computer account get's added to both /etc/passwd and the >smbpasswd files. My problem comes in when I try to log into the domain. > >The message I recieve is: > >The system cannot log you on to this domain because the system's computer account in it's primary domain is >missing or the password on that account is incorrect. > >Can anyone help me out? > >Here's my config.Top of Form 1 > > ># Samba config file created using SWAT ># from 192.168.0.40 (192.168.0.40) ># Date: 2001/11/12 10:49:09 > ># Global parameters >[global] > workgroup = G > netbios name = JOEL > encrypt passwords = Yes > update encrypted = Yes > add user script = /opt/samba/bin/adduser %m %u > logon script = logon.cmd > logon path = \\%N\profiles\%u > logon drive = H: > logon home = \\joel\%u > domain logons = Yes > os level = 64 > preferred master = True > domain master = True > >[Information Technologies] > path = /tmp > >[IT_4000] > path = /tmp > printable = Yes > >[netlogon] > path = /opt/samba/lib/netlogon > write list = ntadmin > >[profiles] > path = /opt/samba/lib/ntprofile > read only = No > create mask = 0600 > directory mask = 0700 >Bottom of Form 1 > >the /opt/samba/adduser looks like: > >#!/bin/sh >echo "$1 $2" > /opt/samba/bin/hi.txt >useradd -g machines -d /dev/null -s /dev/null -c Computer $2 > >so effectively, the add user script commadn looks like: > >useradd -g machines -d /dev/null -s /dev/null -c Computer %u > >######################################### >Shouldn't it be: >-s /bin/false ? >i.e. add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u > >HTH >Greg >######################################### > >Can anyone help me out? > >Thanks! > >Jeremy Cowgar - jcowgar@bhsys.com From aoclarit at kiwi.dhs.org Mon Nov 12 18:20:02 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:46 2003 Subject: Logon failure to samba PDC with w2k-clients Message-ID: <012001c16be9$9f281240$8c4331a2@Alex2000> Hi all I'm running RH7.2 and Samba 2.2.1a as a PDC. Win98 clients have no problem logging on but W2k machines do. I made sure I added the machinename with a $ at the end in /etc/password and then in smbpasswd but when I try to join the domain from the w2k-box it ask me for an account with admin rights which I supply but then gives me a Logon failure: unknown username or bad password I can use the same credentials to log on from a win98 box and I made sure the account has domain admin rights. Since I already created the machineaccount I'm not sure why the win2k-client still asks me for a domain-adm account to join the domain. Did I not add the machine account properly ? Can anyone who's successfully done this tell me what I'm missing. Alex From aoclarit at kiwi.dhs.org Mon Nov 12 18:29:02 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:46 2003 Subject: forgot one thing Message-ID: <016601c16bea$f57920c0$8c4331a2@Alex2000> sorry but I forgot this: I can browse the Network Places from the w2k-box and see the domain and all boxes that have something to share and I can EVEN connect to them as long as I identify myself as a valid domain user for each share but I cannot join the domain. thx Alex From aoclarit at kiwi.dhs.org Mon Nov 12 19:35:02 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:46 2003 Subject: I figured it out ! Message-ID: <018e01c16bf4$1eea7a40$8c4331a2@Alex2000> Hi For all you guys who might have had the same issue. I found the answer on some site after long searching. Just uncomment everything in /etc/samba/smbusers and add a samba user called root with smbpasswd -a root, give it a password and then use this account to join the domain - works great. But I swear my other account was also part of the adm group but it seems to have to be root and nothing else in order to join a domain. Alex From shanu at exocore.com Mon Nov 12 20:35:02 2001 From: shanu at exocore.com (Shanker Balan) Date: Tue Dec 2 02:36:46 2003 Subject: Samba as a PDC - User Profiles In-Reply-To: <200111121108.fACB8Lq05110@toltec.metran.cx>; from jay@metran.cx on Mon, Nov 12, 2001 at 04:08:19AM -0700 References: <200111121108.fACB8Lq05110@toltec.metran.cx> Message-ID: <20011113100429.B1676@exocore.com> Hello: Jay Ts wrote, > Joachim wrote: > > I wonder if it is possible to tell samba that he denies to handle > > user profiles so that the profiles are only kept on the local > > windows machine. > > As far as I can tell, this must be done on the client. You can set the > permissions on the directories on the server to be unwritable for > everyone, but this will result in errors and you might get a default > profile instead of the local one. Leaving the following two options undefined in smb.conf works for me. logon path = logon home = -- Shanu -- Han Solo: I think my eyes are getting better. Instead of a big dark blur I see a big light blur. Luke Skywalker: There's nothing to see. I used to live here you know. Han Solo: You're gonna die here you know. Convenient. From Arne at mediaventures.be Tue Nov 13 02:13:02 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:36:46 2003 Subject: W2K - WNT Profiles Message-ID: Hi, I 've been following the list for some time now and the question of the profiles has been put forward several times, but I havn't seen a valid answer so far. So here it is again. I'm running RH 7.0 + samba 2.2.2pre as PDC with ? 15 W2K SP2 and a few WinNT 4.0 SP6. The domain works fine, but the profiles don't. I always receive the error of unable the write to the profiles directory. Several others have had the same issue. Any solution found already ? Also the logon script is not being executed (or at least I don't see any sign of it) apart from one computer running W95 where it is actually giving a message box saying something like "executing logon script". Thx, Arne My smb.conf. [global] workgroup = MEDIAVENTURES domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successful* smb passwd file = /usr/local/samba/private/smbpasswd wins support = no ; name resolve order = wins lmhosts hosts bcast add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -$ domain admin group = @adm time server = yes logon script = startup.bat logon path = \\Linuxserver\profile\%U nt acl support = yes [profile] comment = User profiles path = /export/samba/profile create mode = 0600 directory mode = 0700 writable = yes browsable = no [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browsable = no [test] comment = For testing only, please path = /export/samba/test read only = no guest ok = yes [Data] comment = mediAVentures Data op Linuxserver path = /mnt/data read only = no guest ok = no [Dump] comment = mediAVentures Data op Linuxserver path = /mnt/dump read only = no guest ok = no From Arne at mediaventures.be Tue Nov 13 02:17:02 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:36:46 2003 Subject: Follow up on W2K - WNT Profiles Message-ID: Could the problem have something to do with the following smbstatus outprint: You will notice the "nobody" uid for each IPC$ connection ? Hope this adds th the solution, Arne Samba version 2.2.2-pre Service uid gid pid machine ---------------------------------------------- Dump root root 6172 marnix (194.78.67.29) Mon Nov 5 18:43: 43 2001 Data Arne adm 8860 arne (194.78.67.3) Fri Nov 9 16:26:3 7 2001 IPC$ nobody nobody 8860 arne (194.78.67.3) Tue Nov 13 12:02:5 1 2001 Data Wim adm 5995 wim (194.78.67.5) Mon Nov 5 21:37:3 7 2001 IPC$ Peter adm 8769 peter (194.78.67.28) Fri Nov 9 11:33: 26 2001 Data root root 6172 marnix (194.78.67.29) Tue Nov 13 01:38: 35 2001 IPC$ nobody nobody 5995 wim (194.78.67.5) Mon Nov 5 16:50:0 7 2001 IPC$ nobody nobody 14980 exchange (194.78.67.2) Tue Nov 13 11:47:2 4 2001 Data Marnix adm 8144 miro (194.78.67.11) Thu Nov 8 14:44: 21 2001 From minh.dang-recalt at akazi.com Tue Nov 13 02:51:03 2001 From: minh.dang-recalt at akazi.com (Minh Dang-Recalt) Date: Tue Dec 2 02:36:46 2003 Subject: Unsubscribe, please ! Message-ID: <002001c16c30$fef31ca0$1c01a8c0@akazi.com> From Georges.Rhein at acc-soft.ch Tue Nov 13 04:18:01 2001 From: Georges.Rhein at acc-soft.ch (Rhein Georges, acc-soft) Date: Tue Dec 2 02:36:46 2003 Subject: Unsubscribe please Message-ID: <81872A327DE8D4119A4700805F74EB570718C1@ACCSV11> From marksamba at btopenworld.com Tue Nov 13 04:22:03 2001 From: marksamba at btopenworld.com (marksamba@btopenworld.com) Date: Tue Dec 2 02:36:46 2003 Subject: Samba Version 1.9.18 Message-ID: <1233368.1005654047182.JavaMail.root@127.0.0.1> Hello all, We've been running samba version 1.9.18 quite happily on a Sequent S5000 box running dynix/ptx v4.2.3. We are now moving to a IBM P660 running AIX V4. I have reinstalled samba on the new box from a tar file and copied over the smb.conf file. When I expand Network Neighbourhood I can see the configured shares however whenever I click on any of them to expand further I get the following message: \\'ServerName'\'ShareName' is not accessible - The specified network name is no longer available. I've run testparm and smbclient and all looks ok. Does anyone have any suggestions as to where to look. Thanks in advance, Mark From sharpe at ns.aus.com Tue Nov 13 04:35:02 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:36:46 2003 Subject: Samba Version 1.9.18 References: <1233368.1005654047182.JavaMail.root@127.0.0.1> Message-ID: <3BF11C1B.7080203@ns.aus.com> marksamba@btopenworld.com wrote: > Hello all, > > We've been running samba version 1.9.18 quite happily > on a Sequent S5000 box running dynix/ptx v4.2.3. We are now > moving to a IBM P660 running AIX V4. I have reinstalled samba > on the new box from a tar file and copied over the smb.conf > file. When I expand Network Neighbourhood I can see the > configured shares however whenever I click on any of them > to expand further I get the following message: > \\'ServerName'\'ShareName' is not accessible - > The specified network name is no longer available. > I've run testparm and smbclient and all looks ok. > Does anyone have any suggestions as to where to look. Firstly, 1.9.18 is very old. Upgrade! Secondly, do your users have permission to read the directory that is being shared? This can cause similar problems. -- Richard Sharpe, rsharpe@ns.aus.com, LPIC-1 www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba in 24 Hours, Special Edition, Using Samba From derk at science.uva.nl Tue Nov 13 05:31:02 2001 From: derk at science.uva.nl (D.W. Bouhuijs) Date: Tue Dec 2 02:36:46 2003 Subject: BUG? Message-ID: <002101c16c47$14a4ff80$28043292@science.uva.nl> Samba team. Samba 2.2.2, Solaris 8, Windows 2000SP2, MS-Word '97/2000 both SR1a. If enabled in smb.conf: write cache size = 262144 (man page smb.conf) A document saved to a mounted drive will become corrupt. This occures using MS-Word 97/2000 with Windows 2000 only. It only happens if the file is saved normally (as '97 or 2K format). If compared, saved files shows blocks filled with zero's. If disabled or excluded (default) it seems to be OK. Derk. From antonio.morrocches at tiscalinet.it Tue Nov 13 06:07:02 2001 From: antonio.morrocches at tiscalinet.it (antonio.morrocches) Date: Tue Dec 2 02:36:46 2003 Subject: NETLOGON problem in WinNT domain Message-ID: <002c01c16c4b$df9c6440$4600a8c0@aquaba> Hi Samba list, I have a problem with Windows NT password authentication. I describe you my system. I have 3 PC on LAN network: - first with Windows NT, service pack 6a and PDC of NT domain FELIX (BIOS Name: Superserver) and with NT Domain Server I have configured a member domain server LINUXSRV (Netbios name of Linux Server) - second with Red Hat Linux 7.1 and installed Samba 2.2.2 (Name: Linuxsrv) - third with Win 98 (BIOS Name: Aquaba) I tell you my problem configuration. I have created the file smbpasswd with cat /etc/passwd | mksmbpasswd.sh > \ /usr/local/samba/private/smbpasswd and I set smbpasswd file with 600 permissions. Now, I stop two deamons smbd and nmbdon NT server and write on the consolle: smbpasswd -j FELIX -r superserver after, I have read this answer: cli_net_auth2: ERR_NT_STATUS_NO_TRUST_SAM_ACCOUNT clie_nt_setup_creds: auth2 challange failed modify_trust_password: Unable to setup PDC credentials to machine SUPERSERVER.Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT 200/11/09 15:24:46 change_trust_account_password: Failed to change password for domain FELIX Unable to join domain FELIX. On the NT Event Viewer I have read: Event ID:5723 Source:NETLOGON Description: The session setup from the computer LINUXSRV failed because there is no trust account in the security database for this computer.The name of the account referenced in the security database is LINUXSER$. Finally, I want that LINUXSRV begins a server member of NT FELIX Domain !!!!! Can you help me? Thanks Antonio Morrocchesi (Florence) Italy -------------- next part -------------- HTML attachment scrubbed and removed From pkoch at bgc-jena.mpg.de Tue Nov 13 07:19:17 2001 From: pkoch at bgc-jena.mpg.de (Peer-Joachim Koch) Date: Tue Dec 2 02:36:46 2003 Subject: ACL and other problem Message-ID: <9350000.1005664587@vibra> Hi, we are using the HP version of samba (ver.2.0.7) on our HP (L-class, HPUX 11). We run into two problems: 1) The HP version allows it to use ACL wwith HP, if you have installed jfs 3.3 (we have). So we are able to set permissions for every user, but even if the user has all rights, he is not able to replace or modify an existing file. 2) If a file is created with less then 8 characters it is always connverted into capital letters. So if one creates "Test.Txt" the system shows "TEST.TXT". We used the default and all other kind of settings. Only if case sensitive is "ON" everything works. But then we run into other problems. We just want samba to *show* all files case sensitive, but use the files windows like not casesensitive. Is it possible ? (The normal samba 2.0.7 bin for hp from samba.org worked well, for this problem, but bad with W2K) Thanks for your help, Peer-Joachim Koch _________________________________________________________ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Carl-Zeiss-Promenade 10 Telefon: ++49 3641 6437-52 D-07745 Jena Telefax: ++49 3641 6437-10 From Daniel.Moeller at de.bosch.com Tue Nov 13 07:36:09 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:46 2003 Subject: AW: NETLOGON problem in WinNT domain Message-ID: <1121C3ABCA53C945B821A821CDD67F62F68469@simail21.desi2.bosch.com> Hello, may be a typing error, see below: -----Urspr?ngliche Nachricht----- Von: antonio.morrocches [mailto:antonio.morrocches@tiscalinet.it] Gesendet: Dienstag, 13. November 2001 15:03 An: samba-ntdom@lists.samba.org Betreff: NETLOGON problem in WinNT domain Hi Samba list, I have a problem with Windows NT password authentication. I describe you my system. I have 3 PC on LAN network: - first with Windows NT, service pack 6a and PDC of NT domain FELIX (BIOS Name: Superserver) and with NT Domain Server I have configured a member domain server LINUXSRV (Netbios name of Linux Server) [Moeller Daniel (QI/CCE21) *] ^^^^^^^^^^^^ - second with Red Hat Linux 7.1 and installed Samba 2.2.2 (Name: Linuxsrv) - third with Win 98 (BIOS Name: Aquaba) I tell you my problem configuration. I have created the file smbpasswd with cat /etc/passwd | mksmbpasswd.sh > \ /usr/local/samba/private/smbpasswd and I set smbpasswd file with 600 permissions. Now, I stop two deamons smbd and nmbdon NT server and write on the consolle: smbpasswd -j FELIX -r superserver after, I have read this answer: cli_net_auth2: ERR_NT_STATUS_NO_TRUST_SAM_ACCOUNT clie_nt_setup_creds: auth2 challange failed modify_trust_password: Unable to setup PDC credentials to machine SUPERSERVER.Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT 200/11/09 15:24:46 change_trust_account_password: Failed to change password for domain FELIX Unable to join domain FELIX. On the NT Event Viewer I have read: Event ID:5723 Source:NETLOGON Description: The session setup from the computer LINUXSRV failed because there is no trust account in the security database for this computer.The name of the account referenced in the security database is LINUXSER$. ^^^^^^^^^^ Finally, I want that LINUXSRV begins a server member of NT FELIX Domain !!!!! Can you help me? Thanks Antonio Morrocchesi (Florence) Italy From Daniel.Moeller at de.bosch.com Tue Nov 13 07:41:54 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:47 2003 Subject: AW: Joining A Linux Box Running Samba To Win2000 Running Active D irectory Message-ID: <1121C3ABCA53C945B821A821CDD67F62F6846A@simail21.desi2.bosch.com> Hi, I have had no problem in joining a W2k controlled domain with Samba 2.2.2 with BDCs being present. Kind regards, Danny -----Urspr?ngliche Nachricht----- Von: Scheufen Stephan [mailto:S.Scheufen@ebv.com] Gesendet: Freitag, 9. November 2001 15:40 An: samba-ntdom@lists.samba.org Cc: Gaurang Pandya; turner@uvs.is Betreff: RE: Joining A Linux Box Running Samba To Win2000 Running Active D irectory Hi there, just do a "smbpasswd -j DOMAIN -r DOMAIN_PDC -U ntadmin&ntadminpassword" But what i found out was that my samba2.2.2 is not able to join my NT domain if there is a BDC in the domain!! After i?ve switched off the BDC everything was OK. From greg at kwikfind.com Tue Nov 13 08:44:07 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:47 2003 Subject: Samba Bug??? Message-ID: I, as well and anther Samba user, are getting the following in our nmbd logs at 4:02am. Does anyone know what this means? We are both using Samba 2.2.2 and have simular configurations. We are both running Samba 2.2.2 as a PDC. Snip from nmbd log: Got SIGHUP dumping debug info. [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0: LEIINC.COM(1) current master browser = SERVER SERVER 400c9b0b (Mitel Networks SME Server) BACKBONE 40011203 () RECEPTION 40011003 () ATHLON1 40011003 () GREG 40011203 (Windows 2000 Workstation) MIKE 40011003 () DALLAS 40011203 () [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.1: LEIINC.COM(1) current master browser = UNKNOWN SERVER 40099b0b (Mitel Networks SME Server) Thank you. Regards, Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From gabriel_orozco at mx.sumida.com Tue Nov 13 08:56:02 2001 From: gabriel_orozco at mx.sumida.com (gabriel_orozco@mx.sumida.com) Date: Tue Dec 2 02:36:47 2003 Subject: New NTLOGON Script & one question Message-ID: Hello All. I definitely liked the ntlogon.py script that can let you make a ntlogon.conf and then dinamically build the logon script that is sent to the windows machine. But it lack the ability to check all the groups a user belongs to, and also had some glitchs that I already fixed. now I have a better security with easier management using that script. I will be posting this as a maintainer to ntlogon in www.freshmeat.net as soon as I finish the docs :) On the other hand, sometimes my users or I cannot connect to the domain. it tells that there is no domain. if we click cancel, and try again, then it finds the domain and logon us. the domain server is the same wins server. what can I check to see wat happends? TIA From jra at samba.org Tue Nov 13 09:48:02 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:47 2003 Subject: BUG? In-Reply-To: <002101c16c47$14a4ff80$28043292@science.uva.nl>; from derk@science.uva.nl on Tue, Nov 13, 2001 at 02:28:28PM +0100 References: <002101c16c47$14a4ff80$28043292@science.uva.nl> Message-ID: <20011113094742.D1874@va.samba.org> On Tue, Nov 13, 2001 at 02:28:28PM +0100, D.W. Bouhuijs wrote: > Samba team. > > Samba 2.2.2, Solaris 8, Windows 2000SP2, MS-Word '97/2000 both SR1a. > > If enabled in smb.conf: > write cache size = 262144 (man page smb.conf) > > A document saved to a mounted drive will become corrupt. > This occures using MS-Word 97/2000 with Windows 2000 only. > It only happens if the file is saved normally (as '97 or 2K format). > If compared, saved files shows blocks filled with zero's. > > If disabled or excluded (default) it seems to be OK. This may be unrelated to write cache size. Can you try with the latest CVS as there is an issue I've just fixed that may be the real problem. Thanks, Jeremy. From gorv at myrealbox.com Tue Nov 13 09:56:02 2001 From: gorv at myrealbox.com (Gabriel Orozco) Date: Tue Dec 2 02:36:47 2003 Subject: New NTLOGON Script & one question Message-ID: <1005674139.53b11ffbgorv@myrealbox.com> Hello All. I definitely liked the ntlogon.py script that can let you make a ntlogon.conf and then dinamically build the logon script that is sent to the windows machine. But it lack the ability to check all the groups a user belongs to, and also had some glitchs that I already fixed. now I have a better security with easier management using that script. I will be posting this as a maintainer to ntlogon in www.freshmeat.net as soon as I finish the docs :) On the other hand, sometimes my users or I cannot connect to the domain. it tells that there is no domain. if we click cancel, and try again, then it finds the domain and logon us. the domain server is the same wins server. what can I check to see wat happends? TIA From kourosh at loop.com Tue Nov 13 10:50:02 2001 From: kourosh at loop.com (Kourosh Ghassemieh) Date: Tue Dec 2 02:36:47 2003 Subject: Unsubscribe, please ! In-Reply-To: <002001c16c30$fef31ca0$1c01a8c0@akazi.com> Message-ID: <5.1.0.14.0.20011113104856.00acddc8@pop.loop.com> To unsubscribe, please don't send mail to the list, it does no good. See http://lists.samba.org/listinfo/samba-ntdom or send mail to samba-ntdom-request@lists.samba.org?subject=unsubscribe This was mentioned in the welcome message you received when you signed up. It is also reachable from the samba home page. Regards. At 11:50 AM 11/13/2001 +0100, you wrote: -- ------------------------------------------------------------------------ Kourosh Ghassemieh MindWare Information Systems & Technologies 9255 Sunset Blvd, Penthouse West Hollywood CA 90069 (310) 729-1784 kourosh@loop.com ++++Networking Solutions for Your Business++++ From mark at houseoffish.org Tue Nov 13 10:51:03 2001 From: mark at houseoffish.org (Mark Westcott) Date: Tue Dec 2 02:36:47 2003 Subject: I figured it out ! In-Reply-To: <018e01c16bf4$1eea7a40$8c4331a2@Alex2000> References: <018e01c16bf4$1eea7a40$8c4331a2@Alex2000> Message-ID: <200111131850.fADIoah09144@d08f8a640c7.dsvr.co.uk> > Hi > For all you guys who might have had the same issue. I found the answer on > some site after long searching. > Just uncomment everything in /etc/samba/smbusers and add a samba user > called root with smbpasswd -a root, give it a password and then use this > account to join the domain - works great. But I swear my other account was > also part of the adm group but it seems to have to be root and nothing else > in order to join a domain. Yep, you are right. The reason for this is that the smbpasswd file needs modification when a system is joined to a domain, and therefore root permissions are needed. Mark From samba at denverdata.com Tue Nov 13 11:36:04 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:47 2003 Subject: Samba Bug??? In-Reply-To: Message-ID: Are you both on RedHat systems, using logrotate? Check the logrotate script in /etc/logrotate.d, I bet it sends a HUP to nmbd. Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Zartman > Sent: Tuesday, November 13, 2001 9:38 AM > To: Samba News > Subject: Samba Bug??? > > > I, as well and anther Samba user, are getting the following in > our nmbd logs > at 4:02am. Does anyone know what this means? We are both using > Samba 2.2.2 > and have simular configurations. > > We are both running Samba 2.2.2 as a PDC. > > Snip from nmbd log: > > Got SIGHUP dumping debug info. > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) > dump_workgroups() > dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0: > LEIINC.COM(1) current master browser = SERVER > SERVER 400c9b0b (Mitel Networks SME Server) > BACKBONE 40011203 () > RECEPTION 40011003 () > ATHLON1 40011003 () > GREG 40011203 (Windows 2000 Workstation) > MIKE 40011003 () > DALLAS 40011203 () > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.1: > LEIINC.COM(1) current master browser = UNKNOWN > SERVER 40099b0b (Mitel Networks SME Server) > > > > > Thank you. > > Regards, > > Greg J. Zartman, P.E. > Vice-President > Logging Engineering International, Inc. > (541)683-8383 fax (541)683-8144 > www.leiinc.com > > From greg at kwikfind.com Tue Nov 13 11:50:02 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:47 2003 Subject: Samba Bug??? In-Reply-To: Message-ID: > Are you both on RedHat systems, using logrotate? Check the > logrotate script > in /etc/logrotate.d, I bet it sends a HUP to nmbd. Doug, Thanks. That is exactly what's going on. Greg From samba at denverdata.com Tue Nov 13 14:30:07 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:47 2003 Subject: NETLOGON problem in WinNT domain In-Reply-To: <1121C3ABCA53C945B821A821CDD67F62F68469@simail21.desi2.bosch.com> Message-ID: Antonnio, You must add the samba machine (LINUXSRV) to the domain using Server Manager before you try and join the domain with smbpasswd -j HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Moeller Daniel > (QI/CCE2-SI) * > Sent: Tuesday, November 13, 2001 8:34 AM > To: 'antonio.morrocches'; samba-ntdom@lists.samba.org > Subject: AW: NETLOGON problem in WinNT domain > > > Hello, > > may be a typing error, see below: > -----Urspr?ngliche Nachricht----- > Von: antonio.morrocches [mailto:antonio.morrocches@tiscalinet.it] > Gesendet: Dienstag, 13. November 2001 15:03 > An: samba-ntdom@lists.samba.org > Betreff: NETLOGON problem in WinNT domain > > > Hi Samba list, > I have a problem with Windows NT password authentication. > I describe you my system. I have 3 PC on LAN network: > - first with Windows NT, service pack 6a and PDC of NT domain FELIX (BIOS > Name: Superserver) and with NT Domain Server I have configured a member > domain server LINUXSRV (Netbios name of Linux Server) > [Moeller Daniel (QI/CCE21) *] > ^^^^^^^^^^^^ > - second with Red Hat Linux 7.1 and installed Samba 2.2.2 > (Name: Linuxsrv) > - third with Win 98 (BIOS Name: Aquaba) > > I tell you my problem configuration. > I have created the file smbpasswd with > cat /etc/passwd | mksmbpasswd.sh > \ > /usr/local/samba/private/smbpasswd > and I set smbpasswd file with 600 permissions. > Now, I stop two deamons smbd and nmbdon NT server and write on the > consolle: > > smbpasswd -j FELIX -r superserver > > after, I have read this answer: > > cli_net_auth2: ERR_NT_STATUS_NO_TRUST_SAM_ACCOUNT > clie_nt_setup_creds: auth2 challange failed > modify_trust_password: Unable to setup PDC credentials to machine > SUPERSERVER.Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT > 200/11/09 15:24:46 change_trust_account_password: Failed to > change password > for domain FELIX > Unable to join domain FELIX. > > On the NT Event Viewer I have read: > > Event ID:5723 > Source:NETLOGON > Description: > The session setup from the computer LINUXSRV failed because there is no > trust account in the security database for this computer.The name of the > account referenced in the security database is LINUXSER$. > > ^^^^^^^^^^ > Finally, I want that LINUXSRV begins a server member of NT FELIX Domain > !!!!! > > Can you help me? > Thanks > > Antonio Morrocchesi > (Florence) Italy > From cannon at purdue.edu Tue Nov 13 14:44:02 2001 From: cannon at purdue.edu (Mike R. Cannon) Date: Tue Dec 2 02:36:47 2003 Subject: joining an NT Domain - failure Message-ID: <3BF1A21F.D74A0099@purdue.edu> I have read the SAMBA Project Documentation chapter 7, but I am having troubles joining an NT domain. I have used server manager on the PDC (testnt-06) to create the machine account for Linux samba server (testnt-20). I made sure that all smb and nmb process are not running. I get the following (ip address have been blocked): [root@testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4 added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name TESTNT-06<0x20> Connecting to xxx.xxx.xxx.196 at port 139 LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain sid:S-1-5-21-2055480918-203715125-740312968 LSA Close cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20: 4288719A774A6D81 cred_session_key cred_create cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal 9A97D44CBC600582 neg: 1ff cred_create cred_assert cred_create cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20 clnt 19DE054B4E419FB0 3bf1a09f cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine TESTNT-20 in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was NT_STATUS_WRONG_PASSWORD. 2001/11/13 17:37:19 : change_trust_account_password: Failed to change password for domain TEST_DOMAIN. Unable to join domain TEST_DOMAIN. Any help would be great. Thank you for your time. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu From Scott.Mann at lefthandnetworks.com Tue Nov 13 16:24:01 2001 From: Scott.Mann at lefthandnetworks.com (Scott Mann) Date: Tue Dec 2 02:36:47 2003 Subject: Samba, joining NT Domain, & NT Auth recipe Message-ID: <3BF1B976.C6D9B891@lefthandnetworks.com> -------------- next part -------------- Since I have had a good deal of trouble getting NT Domain Authentication to work reliably, I figured lots of other folks might benefit from my struggles. So, I've documented a method that works consistently. Please feel free to let me know if you have problems with what I've written here. Many thanks to Stephan Scheufen who's assistance was invaluable and who also has posted many useful tidbits here. Setting the Stage ----------------- Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as kernels up through 2.4.10). The Linux Samba server is NOT a PDC, but only an NT Domain client that serves up file and print resources and wants to authenticate NT Domain/Active Directory users and groups. My PDC is W2K. I haven't tested an NT PDC. Steps to Get Linux Authenticating Domain Users ---------------------------------------------- 1. Kill all running samba daemons on the Linux Samba system. This includes all instances of smbd, nmbd, and (if you're already running it) winbind. If you've got run control scripts (RedHat, Mandrake, and the like), then you can execute: # /etc/init.d/smb stop Also, and this is VERY important, remove the two files: # rm -f secrets.tdb # rm -f MACHINE.SID These files will be located in /etc or in the Samba config directory. If you don't know where that is, use find or slocate. Also, these two files MUST be removed before you rejoin a domain or a join a new domain. 2. On the W2K primary domain controller, add the Linux computer as a pre-Windows 2000 computer. You can accomplish this in the following way: Start->Settings A Window will pop-up from which you select "Administrative Tools." Another window pops-up from which you select "Active Directory Users and Computers." Yet another window pops-up. Select computers and then click on Action->New->Computer The "New Object - Computer" window pops-up. Type in the hostname of the Linux Samba system. Click on the "Change" button and select the "Pre-Windows 2000 Compatible Access" group. Check the box next to "Allow pre-Windows 2000 computers to access this account." Click OK. 3. On the Linux Samba system, build Samba: # cd /somedir # tar zxvf samba-2.2.2.tar.gz # cd samba-2.2.2/source # ./configure --with-pam --with-winbind --with-acl-support # make && make install # cd nsswitch # cp pam_winbind.so /lib/security # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1 # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support. You may want other -- options to configure, see ./configure --help. In particular, you will want to set the --prefix and other dir locations appropriately. IMPORTANT: Be sure to read through all of the documents in samba-2.2.2/docs. Especially read through samba-2.2.2/docs/htmldocs/winbind.html. There's some useful stuff in that latter document although I have never been able to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw" working. If I could, I would completetly avoid step #2 above. 3. Set up /etc/nsswitch.conf with the winbind stuff. Use something like: passwd: files winbind nis shadow: files winbind nis group: files winbind nis 4. Set up PAM. There are lots of good examples in the other docs about this (see the NB in step #3). I take advantage of the pam_stack.so module and simply modify /etc/pam.d/system-auth as shown below. I also am permitting NT Auth users full access to the system, so it makes sense to configure my PAM this way. You need to determine what your needs are, for example if you want to allow NT Domain users access only to file shares, then you would likely only modify /etc/pam.d/samba. Here's my /etc/pam.d/system-auth file: auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note that I've got "debug" after pam_winbind.so for the auth stack. This gives me some extra output in /var/log/auth.log. You may want to remove that argument and reduce the log entries. Note also that pam_windbind.so completely replaces pam_unix.so for the account stack and still functions properly for NIS and local unix users. 5. This step may not be necessary depending upon your environment, but it won't hurt and it makes name resolution simple. In /etc/lmhosts (or wherever you configured Samba to put it based on ./configure above), put for example: 172.16.0.1 NTDOMAIN.COM Note that you use the domainname, not a hostname! The IP address should match that of the PDC. In /etc/hosts, put for example: 172.16.0.1 my-pdc my-pdc.dns.domain.com Arguably, this entry could also be put in lmhosts, but I like having it available in /etc/hosts for resolution by other processes. It is also resolvable, in my environment, via DNS, but this is faster ;-) 6. Now configure smb.conf. You will likely have a bunch of other stuff in it, but this represents a minimal set for NT Auth support. [global] netbios name = workgroup = security = domain password server = encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash Be sure to replace the things inside <> appropriately. Also, be sure to read the docs about these and other entries before you go into production. 7. You should now be able to join the domain. # smbpasswd -j where is the name of your NT/W2K domain. 8. Start all of the samba daemons. This includes smbd, nmbd, and winbindd. Make sure that your startup script includes the winbindd invocation, if you are using one: # /etc/init.d/smb start 9. Now check the exchanged secret: # wbinfo -t Secret is good # If you get "Secret is good", you are ready to go! If you get "Error checking machine account", then winbindd is not running. If you get "Secret is bad", then you have a configuration error and you need to kill the Samba daemons, remove secrets.tdb and MACHINE.SID. Go to the W2K PDC, remove the entry from the Active Directory, reboot the PDC (or wait for the entry to flush out of the cache) and readd the machine entry to the Active Directory (see step #2). Then rejoin the domain (step #7), restart the daemons (step #8), and recheck the secret (step #9). 10. Try authenticating some NT users. # telnet linuxsamba login: Password: This should let you log in with a home directory of /home/DOMAIN/ntuser. 11. If you are having problems, try running winbindd -d 5. This sets the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd. If 5 is too much, try 3. I hope this is useful to someone...again, any and all feedback is welcome. Regards, Scott From Scott.Mann at lefthandnetworks.com Tue Nov 13 16:33:03 2001 From: Scott.Mann at lefthandnetworks.com (Scott Mann) Date: Tue Dec 2 02:36:47 2003 Subject: Samba, joining NT Domain, & NT Auth recipe References: <3BF1B976.C6D9B891@lefthandnetworks.com> Message-ID: <3BF1BBB1.5FA9C66B@lefthandnetworks.com> Sorry for the resend, but the first version I sent had typos and a numbering problem. -------------- next part -------------- Since I have had a good deal of trouble getting NT Domain Authentication to work reliably, I figured lots of other folks might benefit from my struggles. So, I've documented a method that works consistently. Please feel free to let me know if you have problems with what I've written here. Many thanks to Stephan Scheufen who's assistance was invaluable and who also has posted many useful tidbits here. Setting the Stage ----------------- Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as kernels up through 2.4.10). The Linux Samba server is NOT a PDC, but only an NT Domain client that serves up file and print resources and wants to authenticate NT Domain/Active Directory users and groups. My PDC is W2K. I haven't tested an NT PDC. Steps to Get Linux Authenticating Domain Users ---------------------------------------------- 1. Kill all running samba daemons on the Linux Samba system. This includes all instances of smbd, nmbd, and (if you're already running it) winbind. If you've got run control scripts (RedHat, Mandrake, and the like), then you can execute: # /etc/init.d/smb stop Also, and this is VERY important, remove the two files: # rm -f secrets.tdb # rm -f MACHINE.SID These files will be located in /etc or in the Samba config directory. If you don't know where that is, use find or slocate. Also, these two files MUST be removed before you rejoin a domain or a join a new domain. Note that MACHINE.SID may not exist (don't think it will if you've never attempted to join a domain), but if you've run smbd before, secrets.tdb will. In any event, if they exist, you must remove them both. 2. On the W2K primary domain controller, add the Linux computer as a pre-Windows 2000 computer. You can accomplish this in the following way: Start->Settings A Window will pop-up from which you select "Administrative Tools." Another window pops-up from which you select "Active Directory Users and Computers." Yet another window pops-up. Select computers and then click on Action->New->Computer The "New Object - Computer" window pops-up. Type in the hostname of the Linux Samba system. Click on the "Change" button and select the "Pre-Windows 2000 Compatible Access" group. Check the box next to "Allow pre-Windows 2000 computers to access this account." Click OK. 3. On the Linux Samba system, build Samba: # cd /somedir # tar zxvf samba-2.2.2.tar.gz # cd samba-2.2.2/source # ./configure --with-pam --with-winbind --with-acl-support # make && make install # cd nsswitch # cp pam_winbind.so /lib/security # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1 # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support. You may want other -- options to configure, see ./configure --help. In particular, you will want to set the --prefix and other dir locations appropriately. IMPORTANT: Be sure to read through all of the documents in samba-2.2.2/docs. Especially read through samba-2.2.2/docs/htmldocs/winbind.html. There's some useful stuff in that latter document although I have never been able to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw" working. If I could, I would completetly avoid step #2 above. 4. Set up /etc/nsswitch.conf with the winbind stuff. Use something like: passwd: files winbind nis shadow: files winbind nis group: files winbind nis 5. Set up PAM. There are lots of good examples in the other docs about this (see the NB in step #3). I take advantage of the pam_stack.so module and simply modify /etc/pam.d/system-auth as shown below. I also am permitting NT Auth users full access to the system, so it makes sense to configure my PAM this way. You need to determine what your needs are, for example if you want to allow NT Domain users access only to file shares, then you would likely only modify /etc/pam.d/samba. Here's my /etc/pam.d/system-auth file: auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note that I've got "debug" after pam_winbind.so for the auth stack. This gives me some extra output in /var/log/auth.log. You may want to remove that argument and reduce the log entries. Note also that pam_windbind.so completely replaces pam_unix.so for the account stack and still functions properly for NIS and local unix users. 6. This step may not be necessary depending upon your environment, but it won't hurt and it makes name resolution simple. In /etc/lmhosts (or wherever you configured Samba to put it based on ./configure above), put for example: 172.16.0.1 NTDOMAIN.COM Note that you use the domainname, not a hostname! The IP address should match that of the PDC. In /etc/hosts, put for example: 172.16.0.1 my-pdc my-pdc.dns.domain.com Arguably, this entry could also be put in lmhosts, but I like having it available in /etc/hosts for resolution by other processes. It is also resolvable, in my environment, via DNS, but this is faster ;-) 7. Now configure smb.conf. You will likely have a bunch of other stuff in it, but this represents a minimal set for NT Auth support. [global] netbios name = workgroup = security = domain password server = encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash Be sure to replace the things inside <> appropriately. Also, be sure to read the docs about these and other entries before you go into production. 8. You should now be able to join the domain. # smbpasswd -j where is the name of your NT/W2K domain. On success, you will see the message "Joined domain ." On failure, you will see the message "Unable to join domain ." On failure, you will likely need to repeat all of the above steps except for #3. 9. Start all of the samba daemons. This includes smbd, nmbd, and winbindd. Make sure that your startup script includes the winbindd invocation, if you are using one: # /etc/init.d/smb start 10. Now check the exchanged secret: # wbinfo -t Secret is good # If you get "Secret is good", you are ready to go! If you get "Error checking machine account", then winbindd is not running. If you get "Secret is bad", then you have a configuration error and you need to kill the Samba daemons, remove secrets.tdb and MACHINE.SID. Go to the W2K PDC, remove the entry from the Active Directory, reboot the PDC (or wait for the entry to flush out of the cache) and readd the machine entry to the Active Directory (see step #2). Then rejoin the domain (step #8), restart the daemons (step #9), and recheck the secret (step #10). 11. Try authenticating some NT users. # telnet linuxsamba login: Password: This should let you log in with a home directory of /home/DOMAIN/ntuser. 12. If you are having problems, try running winbindd -d 5. This sets the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd. If 5 is too much, try 3. I hope this is useful to someone...again, any and all feedback is welcome. Regards, Scott From lubo at ru.acad.bg Wed Nov 14 00:31:14 2001 From: lubo at ru.acad.bg (Lyubomir Velkov) Date: Tue Dec 2 02:36:47 2003 Subject: Samba Bug??? References: Message-ID: <3BF23AE1.2F4CD2C7@ru.acad.bg> Ahaa, that explain why every day when I got to work my NT WS-s can't find their domain server! BIG THANKS DOUG! But one question - what I am supposed to do now - disable samba log rotation or not allow logrotate to kill smbd & nmbd ? Doug Douglass wrote: > > Are you both on RedHat systems, using logrotate? Check the logrotate script > in /etc/logrotate.d, I bet it sends a HUP to nmbd. > > Doug > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Zartman > > Sent: Tuesday, November 13, 2001 9:38 AM > > To: Samba News > > Subject: Samba Bug??? > > > > > > I, as well and anther Samba user, are getting the following in > > our nmbd logs > > at 4:02am. Does anyone know what this means? We are both using > > Samba 2.2.2 > > and have simular configurations. > > > > We are both running Samba 2.2.2 as a PDC. > > > > Snip from nmbd log: > > > > Got SIGHUP dumping debug info. > > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) > > dump_workgroups() > > dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0: > > LEIINC.COM(1) current master browser = SERVER > > SERVER 400c9b0b (Mitel Networks SME Server) > > BACKBONE 40011203 () > > RECEPTION 40011003 () > > ATHLON1 40011003 () > > GREG 40011203 (Windows 2000 Workstation) > > MIKE 40011003 () > > DALLAS 40011203 () > > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) > > dump_workgroups() > > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.1: > > LEIINC.COM(1) current master browser = UNKNOWN > > SERVER 40099b0b (Mitel Networks SME Server) > > > > > > > > > > Thank you. > > > > Regards, > > > > Greg J. Zartman, P.E. > > Vice-President > > Logging Engineering International, Inc. > > (541)683-8383 fax (541)683-8144 > > www.leiinc.com > > > > ----------------------- Lyubomir Velkov University Of Rousse From Stephen.Hobday at factiva.com Wed Nov 14 01:42:03 2001 From: Stephen.Hobday at factiva.com (Hobday, Steve (Factiva)) Date: Tue Dec 2 02:36:47 2003 Subject: joining an NT Domain - failure Message-ID: <0F2D186F56F3D311880F00508B9589EC01681659@ldnmxsmb01.cor.uk.factiva.com> You need to specifiy the name of an NT account authorised to modify the machine account using the -U switch. e.g -UAdministrator%password S -----Original Message----- From: Mike R. Cannon [mailto:cannon@purdue.edu] Sent: 13 November 2001 22:44 To: samba-ntdom@lists.samba.org Subject: joining an NT Domain - failure I have read the SAMBA Project Documentation chapter 7, but I am having troubles joining an NT domain. I have used server manager on the PDC (testnt-06) to create the machine account for Linux samba server (testnt-20). I made sure that all smb and nmb process are not running. I get the following (ip address have been blocked): [root@testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4 added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name TESTNT-06<0x20> Connecting to xxx.xxx.xxx.196 at port 139 LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain sid:S-1-5-21-2055480918-203715125-740312968 LSA Close cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20: 4288719A774A6D81 cred_session_key cred_create cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal 9A97D44CBC600582 neg: 1ff cred_create cred_assert cred_create cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20 clnt 19DE054B4E419FB0 3bf1a09f cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine TESTNT-20 in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was NT_STATUS_WRONG_PASSWORD. 2001/11/13 17:37:19 : change_trust_account_password: Failed to change password for domain TEST_DOMAIN. Unable to join domain TEST_DOMAIN. Any help would be great. Thank you for your time. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu From samba at nebula-sa.com.ar Wed Nov 14 04:53:03 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:47 2003 Subject: configure problem in latest cvs ? References: <01Nov14.115829cet.117121@maastricht02.se-nord.provinz.bz.it> <20011114234542.E19920@wistful.humbug.org.au> Message-ID: <011301c16d0b$40e98c40$1a3ca8ac@jusbaires.gov.ar> it is posible now to retrieve the groups of the users correctly? i mean in a win9x client, sharing, Add, and when comes the users list to appear too the group list.. thx From christian at wallin.dk Wed Nov 14 07:16:04 2001 From: christian at wallin.dk (christian@wallin.dk) Date: Tue Dec 2 02:36:47 2003 Subject: 1.st login ask for password.. Message-ID: Hi Guys In Windows NT server there is an option for the PDC to ask the client for a new password/expired password when the user logs on for the first time... Is this posible in Samba?? If it is how do i configure / add the users in that way?? Christian Pedersen -=- Wallin Computer Ahlgade 3 -=- 4300 Holb?k -=- 59 44 14 90 From cannon at purdue.edu Wed Nov 14 08:23:03 2001 From: cannon at purdue.edu (Cannon, Mike R.) Date: Tue Dec 2 02:36:47 2003 Subject: joining an NT Domain - failure Message-ID: I tried this and it gives me the same error. Even went so far as to create a root account in the domain as a domain admin. Have the root account in Linux and Samba sync to the same password as the domain. Same error. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu -----Original Message----- From: Hobday, Steve (Factiva) [mailto:Stephen.Hobday@factiva.com] Sent: Wednesday, November 14, 2001 4:42 AM To: 'cannon@purdue.edu'; samba-ntdom@lists.samba.org Subject: RE: joining an NT Domain - failure You need to specifiy the name of an NT account authorised to modify the machine account using the -U switch. e.g -UAdministrator%password S -----Original Message----- From: Mike R. Cannon [mailto:cannon@purdue.edu] Sent: 13 November 2001 22:44 To: samba-ntdom@lists.samba.org Subject: joining an NT Domain - failure I have read the SAMBA Project Documentation chapter 7, but I am having troubles joining an NT domain. I have used server manager on the PDC (testnt-06) to create the machine account for Linux samba server (testnt-20). I made sure that all smb and nmb process are not running. I get the following (ip address have been blocked): [root@testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4 added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name TESTNT-06<0x20> Connecting to xxx.xxx.xxx.196 at port 139 LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain sid:S-1-5-21-2055480918-203715125-740312968 LSA Close cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20: 4288719A774A6D81 cred_session_key cred_create cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal 9A97D44CBC600582 neg: 1ff cred_create cred_assert cred_create cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20 clnt 19DE054B4E419FB0 3bf1a09f cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine TESTNT-20 in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was NT_STATUS_WRONG_PASSWORD. 2001/11/13 17:37:19 : change_trust_account_password: Failed to change password for domain TEST_DOMAIN. Unable to join domain TEST_DOMAIN. Any help would be great. Thank you for your time. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu -------------- next part -------------- HTML attachment scrubbed and removed From samba at denverdata.com Wed Nov 14 09:56:02 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:47 2003 Subject: Samba Bug??? In-Reply-To: <3BF23AE1.2F4CD2C7@ru.acad.bg> Message-ID: > Ahaa, that explain why every day when I got to work my NT WS-s can't > find their domain server! > BIG THANKS DOUG! > > But one question - what I am supposed to do now - disable samba log > rotation or not allow logrotate to kill smbd & nmbd ? > > Doug Douglass wrote: > > > > Are you both on RedHat systems, using logrotate? Check the > logrotate script > > in /etc/logrotate.d, I bet it sends a HUP to nmbd. > > > > Doug Well, I don't know if this is the root of your "can't find domain sever" problem. I use the default samba logrotate script (from RPM) on my Samba PDC, and several other Samba servers, and haven't had this problem. Note that all Samba servers are RedHat 7.1, Samba 2.2.1a+LDAP patch; clients are mostly Win2000 SP2, we have one Win2000 Server that is a member of the domain. From Eric.Wallace at nsc.com Wed Nov 14 13:05:06 2001 From: Eric.Wallace at nsc.com (Eric Wallace) Date: Tue Dec 2 02:36:47 2003 Subject: Unable to join domain Message-ID: < "083023BF2DC260DE*/c=US/admd= /prmd=National/o=notes/ou=Americas/s=Wallace/g=Eric/"@MHS> Thanks to Will Schmidt and Kenneth Hadley for their responses, Samba is now a somewhat happy member server in the NT4 domain... ### FYI: Getting Samba to join an NT Domain ### The trick was this: adding a Samba server to the domain works much like adding an NT box... You can either: (a) add the NetBIOS name to the domain in Server Mangler (as a domain admin), then the Samba server can configure itself _without_ the Administrator password using 'smbpasswd -j DOMAIN -r PDC' -OR- (b) just run 'smbpasswd -j DOMAIN -r PDC -UAdministrator%yourpasswordhere' with an NT domain admin password. (Neither the old O'Reilly "Using Samba" book nor the latest "security = domain ..." HOWTO make this distinction clear. If whomever wrote the docs would like assistance in adding some more detail here, I'd be happy to help--I'm getting quite intimate with Samba now!) If after Samba says it has become a happy domain member and it still won't authenticate (with Globals "security = domain" and "password server = *"), you'll see some tell-tale signs. 1.) The log entries show the following, one list for each domain controller, until it finally defaults to the local 'smbpasswd' file. [2001/11/06 12:43:06, 0] ././rpc_client/cli_netlogon.c:cli_net_auth2(160) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [2001/11/06 12:43:06, 0] ././rpc_client/cli_login.c:cli_nt_setup_creds(72) cli_nt_setup_creds: auth2 challenge failed [2001/11/06 12:43:06, 0] ././smbd/password.c:connect_to_domain_password_server(1372) connect_to_domain_password_server: unable to setup the PDC credentials to machine PDC. Error was : NT_STATUS_ACCESS_DENIED. ...and so on... 2.) The NT domain controllers are auditing (logging) security success/failure, so here's the message from Event Manager: The session setup from the computer SAMBA failed to authenticate. The name of the account referenced in the security database is SAMBA$. The following error occurred: Access is denied. Micro$oft comments on these errors in KB article Q175024 (http://support.microsoft.com/support/kb/articles/q175/0/24.asp?id=175024&SD=MSKB), but their suggestion doesn't work for Samba. Better just remove your Samba server from the domain with Server Manager, wait for it to flush, then delete or rename 'secret.tdb' and retry with step (a) above. Eric W. Wallace National Semiconductor/Maine I.S. Infrastructure Sr. System Engineer eric.wallace@nsc.com From samba at nebula-sa.com.ar Wed Nov 14 13:05:53 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:47 2003 Subject: anyone have tried policies?? References: Message-ID: <003f01c16d4f$eeaacee0$1a3ca8ac@jusbaires.gov.ar> anoyone have tried using policies and editting with poledit?? i have tried and the problem is the following: i open poledit.exe i select a template (blablabla.adm) i select "File"->"New File" "default user" change some things... when i go to "File" -> "Save as" i get an error message saying: Cannot save the registry any idea? From cannon at purdue.edu Wed Nov 14 13:08:03 2001 From: cannon at purdue.edu (Cannon, Mike R.) Date: Tue Dec 2 02:36:47 2003 Subject: Unable to join domain Message-ID: I still can't get either command to work for me. (a) add the NetBIOS name to the domain in Server Mangler (as a domain admin), then the Samba server can configure itself _without_ the Administrator password using 'smbpasswd -j DOMAIN -r PDC' -OR- (b) just run 'smbpasswd -j DOMAIN -r PDC -UAdministrator%yourpasswordhere' with an NT domain admin password. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu -----Original Message----- From: Eric Wallace [mailto:Eric.Wallace@nsc.com] Sent: Wednesday, November 14, 2001 4:04 PM To: samba; samba-ntdom Cc: wschmidt; khadley; cannon Subject: Re: Unable to join domain Thanks to Will Schmidt and Kenneth Hadley for their responses, Samba is now a somewhat happy member server in the NT4 domain... ### FYI: Getting Samba to join an NT Domain ### The trick was this: adding a Samba server to the domain works much like adding an NT box... You can either: (a) add the NetBIOS name to the domain in Server Mangler (as a domain admin), then the Samba server can configure itself _without_ the Administrator password using 'smbpasswd -j DOMAIN -r PDC' -OR- (b) just run 'smbpasswd -j DOMAIN -r PDC -UAdministrator%yourpasswordhere' with an NT domain admin password. (Neither the old O'Reilly "Using Samba" book nor the latest "security = domain ..." HOWTO make this distinction clear. If whomever wrote the docs would like assistance in adding some more detail here, I'd be happy to help--I'm getting quite intimate with Samba now!) If after Samba says it has become a happy domain member and it still won't authenticate (with Globals "security = domain" and "password server = *"), you'll see some tell-tale signs. 1.) The log entries show the following, one list for each domain controller, until it finally defaults to the local 'smbpasswd' file. [2001/11/06 12:43:06, 0] ././rpc_client/cli_netlogon.c:cli_net_auth2(160) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [2001/11/06 12:43:06, 0] ././rpc_client/cli_login.c:cli_nt_setup_creds(72) cli_nt_setup_creds: auth2 challenge failed [2001/11/06 12:43:06, 0] ././smbd/password.c:connect_to_domain_password_server(1372) connect_to_domain_password_server: unable to setup the PDC credentials to machine PDC. Error was : NT_STATUS_ACCESS_DENIED. ...and so on... 2.) The NT domain controllers are auditing (logging) security success/failure, so here's the message from Event Manager: The session setup from the computer SAMBA failed to authenticate. The name of the account referenced in the security database is SAMBA$. The following error occurred: Access is denied. Micro$oft comments on these errors in KB article Q175024 (http://support.microsoft.com/support/kb/articles/q175/0/24.asp?id=175024&SD =MSKB), but their suggestion doesn't work for Samba. Better just remove your Samba server from the domain with Server Manager, wait for it to flush, then delete or rename 'secret.tdb' and retry with step (a) above. Eric W. Wallace National Semiconductor/Maine I.S. Infrastructure Sr. System Engineer eric.wallace@nsc.com -------------- next part -------------- HTML attachment scrubbed and removed From peter.tunstall at ntlworld.com Wed Nov 14 13:30:09 2001 From: peter.tunstall at ntlworld.com (Peter Tunstall) Date: Tue Dec 2 02:36:47 2003 Subject: Samba 2.2.2. Home & Shared Directories Unable to access Sub-Directories Message-ID: <000001c16d53$879fe240$0200a8c0@mshome> I seem to have a problem (Samba 2.2.2 on Mandrake 8.1) when I create sub-directories in shared directories from windows explorer or on the SAMB box via webmin I find that when I then try to interrogate the new sub-directory via windows I get a message :- \\SERVER\xxxxxx\new refers to a location that is unavailable. It could be on a hard drive on this computer, on a network, or on a different computer on your home network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or home network, and then try again. If it still cannot be located, the information might have been moved to a different location. I have checked all the permissions and they all look ok they are inherited from above as rwx rwx r-- so that should be OK. Has anyone got any ideas as to what might be going on??? I don't know if it is related, but I am running system as a PDC and the users seem to log on OK as we see only the relevant users home directory, but again the .profile sub-directory in the users home also gives the same response as above and to date we have been unable to get the machine to store roaming profiles I guess because the directory is not accessible. HELP Peter From ofer at changind.com Wed Nov 14 13:36:03 2001 From: ofer at changind.com (Ofer Nave) Date: Tue Dec 2 02:36:47 2003 Subject: ACL half-working on win2k; can't add users Message-ID: <003601c16d54$63753270$1301a8c0@aries> Background: I have a Red Hat 7.2 linux server with an ext3 partition being used as an ext2 partition. I used the stock 2.4.14 kernel, applied the EA/ACL patches (acl.bestbits.at), and installed it. I can use getfacl and setfacl to get and set all the advanced features of ACL. I have the samba 2.2.1a package that came default with RH 7.2 modified to act as a PDC. I have a Windows 2000 workstation logging into the linux server with roaming profiles and mounting several shares, including the user's home share. Everything is working well so far. If you right-click on a file and choose the security tabs, you can see the permissions, and you can even modify the owner, group, and other permissions (the standard unix permissions) and save them. The Problem: Assume I'm logged in to the windows machine as Joe. Assume there's another user in the domain named Jane. If I right-click on a file I own and try to add Jane in the security tab so that I can grant her write privileges on the file, i get the error message 'Unable to save permission changes'. So, basically, I can modify standard unix permissions from Windows 2000, but I can't use the advanced ACL features. Any ideas? -Ofer Nave 310.721.2658 Chang Industry, Inc. http://www.changind.com/ From josephk at std.teradyne.com Wed Nov 14 13:38:34 2001 From: josephk at std.teradyne.com (Karyn Joseph) Date: Tue Dec 2 02:36:47 2003 Subject: issues with version 2.2.2 Message-ID: <3BF2E436.658521A3@std.teradyne.com> Hi -- Does anyone have any strong comments either positively or negatively about the new version 2.2.2 running on Solaris 2.7 or 2.6? I have been running version 2.2.1 since August and have been having some really unusual behavior with random denial for some users from some machines at random times. Is there any evidence that 2.2.2 might help with this? -- ________________________________________________ Karyn Joseph EIT - Agoura, CA UNIX Administrator 818/874-6116 ________________________________________________ From josephk at std.teradyne.com Wed Nov 14 14:40:31 2001 From: josephk at std.teradyne.com (Karyn Joseph) Date: Tue Dec 2 02:36:47 2003 Subject: compile errors on version 2.2.2 Message-ID: <3BF2F2A4.C54CF651@std.teradyne.com> Hi -- Compiling samba 2.2.2 on Solaris 2.7 server I get the following errors: (These are not in sequence.) Compiling lib/system.c lib/system.c: In function `sys_readdir': lib/system.c:234: warning: return from incompatible pointer type lib/util.c: In function `transfer_file': lib/util.c:559: `_write' undeclared (first use in this function) lib/util.c:559: (Each undeclared identifier is reported only once lib/util.c:559: for each function it appears in.) *** Error code 1 make: Fatal error: Command failed for target `lib/util.o' Any ideas? Thank you, -- ________________________________________________ Karyn Joseph EIT - Agoura, CA UNIX Administrator 818/874-6116 ________________________________________________ From garrett.ellis at analexphoenix.com Wed Nov 14 16:04:11 2001 From: garrett.ellis at analexphoenix.com (Garrett Ellis) Date: Tue Dec 2 02:36:47 2003 Subject: Win2000 SP2 & Samba 2.2.2 "There is no user session key for the specified logon session." Message-ID: <3BF306B8.CC94DB96@analexphoenix.com> Hello, everyone. I've been trying this for days now; and I am close to the point of giving up. Any help I can get would be greatly appreciated. Description of the problem follows: I am trying to configure Samba 2.2.2 (compiled from source) as a PDC for Win2000 clients. Here is my config file. It looks exactly like the example that comes with the tarball; this is because after rewriting smb.conf ~50 times I decided to use a clone of the example just in case I really am missing something. [global] workgroup=SAMBA domain logons=yes domain master=yes local master=yes preferred master=yes os level=65 encrypt passwords=yes security=user null passwords=yes logon drive = H: logon home = \\PDC\%u logon path = \\%N\profiles\%u log file=/usr/local/samba/var/%m.log log level=2 [netlogon] path=/usr/local/samba/lib/netlogon writeable=no write list=ntadmin [profiles] path=/usr/local/samba/lib/profiles writeable = yes create mask = 0600 directory mask = 0700 After compiling 2.2.2, (no special ./configure options, just stock default), I created the above conf file. /usr/local/samba/lib/smb.conf. Then I : * touch /usr/local/samba/private/smbpasswd * smbpasswd -a root (password given for root, root successfully added to smbpasswd) * groupadd machines useradd -g machines -d /dev/null -s /bin/false BOX$ * smbpasswd -a -m BOX (pressed enter twice for the machine password, successfully added) * smbpasswd -a gellis (entered a password for me, gellis is also my linux username when not root, successfully added to smbpasswd) I have two Windows 2000 workstations that I am trying to join to this new domain called "SAMBA". One is running SP-1, the other runs SP-2. When I attempt to add a computer to the domain "SAMBA", it immediately prompts me for a username and password, so I enter: root (root's password as given to smbpasswd) I then receive the error message: "There is no user session key for the specified logon session." I've been getting this error message for days now; and I've tried the following versions of Samba: 2.2.0 (There is no user session key for the specified logon session.) 2.2.1 (There is no user session key for the specified logon session.) 2.2.1a (There is no user session key for the specified logon session.) 2.2.2 (There is no user session key for the specified logon session.) 2.2.3-pre (cvs) (There is no user session key for the specified logon session.) Samba-tng 2.6 (Successfully joined a domain; but TNG has no support for domain admins according to the manpages, so it is entirely useless to me until it can support domain administrators.) So, I thought I would be smart and search support.microsoft.com for that error message. Well, not atypical of Microsoft, their support site is absolutely useless, so I've taken to searching google and samba web pages. It seems that nobody has had this error, and if they have, they haven't posted anything about it. I will now attempt to answer some base configuration questions that I will likely be receiving: My Linux (PDC to be) Machine Debian Linux 2.2r3 Static Kernel 2.4.12 Samba 2.2.2 (currently), installed in /usr/local/samba/. Samba was compiled from source with no special options. My two Windows boxes run SP1 on one and SP2 on the other. I have administrative accounts on the machines. One of these machines has just been reinstalled and still gives me the same error; so I am confident the error is not caused by a corrupt 2000 installation. Does anyone have any suggestions? I would really like to make this work. I see so many people on this list successfully joining W2K machines to domains and I know this can work; I just want to know how! :) Thanks, Garrett Ellis From tvilla at cyllene.uwa.edu.au Wed Nov 14 17:37:04 2001 From: tvilla at cyllene.uwa.edu.au (Tim Villa) Date: Tue Dec 2 02:36:48 2003 Subject: issues with version 2.2.2 In-Reply-To: <3BF2E436.658521A3@std.teradyne.com> Message-ID: <5.1.0.14.2.20011115093312.03b9b998@cyllene.uwa.edu.au> At 01:37 PM 14/11/2001 -0800, Karyn Joseph wrote: >Does anyone have any strong comments either >positively or negatively about the new version 2.2.2 >running on Solaris 2.7 or 2.6? On Solaris 2.8 I was having all sorts of problems with a number of versions prior to 2.2.2 (logins, runaway processes, corrupted connections table etc). Using 2.2.2 has solved ALL of them. Use it :-) Tim -- Tim Villa, Network / Systems Administrator Faculties of Economics & Commerce, Education and Law The University of Western Australia Phone: +61-8-9380-1796, Fax: +61-8-9380-1068 Mail WWW From tvilla at cyllene.uwa.edu.au Wed Nov 14 17:51:06 2001 From: tvilla at cyllene.uwa.edu.au (Tim Villa) Date: Tue Dec 2 02:36:48 2003 Subject: compile errors on version 2.2.2 In-Reply-To: <3BF2F2A4.C54CF651@std.teradyne.com> Message-ID: <5.1.0.14.2.20011115094631.0393a6d8@cyllene.uwa.edu.au> It compiled cleanly on 2.8 for me, however you can download the binaries (2.2.2 for 2.7) from http://www.sunfreeware.com/programlistsparc7.html#samba Tim At 02:39 PM 14/11/2001 -0800, Karyn Joseph wrote: >Compiling samba 2.2.2 on Solaris 2.7 server I >get the following errors: (These are not in >sequence.) -- Tim Villa, Network / Systems Administrator Faculties of Economics & Commerce, Education and Law The University of Western Australia Phone: +61-8-9380-1796, Fax: +61-8-9380-1068 Mail WWW From rodkey at westmont.edu Wed Nov 14 19:28:02 2001 From: rodkey at westmont.edu (John Rodkey) Date: Tue Dec 2 02:36:48 2003 Subject: issues with version 2.2.2 In-Reply-To: <3BF2E436.658521A3@std.teradyne.com> Message-ID: I, too, have been experiencing random denial of random machines, but I'm running samba 2.2.0 on this server. Linux coffee.westmont.edu 2.2.14 #5 SMP Tue Feb 8 18:57:15 PST 2000 i686 unknown Odd. John On Wed, 14 Nov 2001, Karyn Joseph wrote: > Hi -- > > Does anyone have any strong comments either > positively or negatively about the new version 2.2.2 > running on Solaris 2.7 or 2.6? > > I have been running version 2.2.1 since August and > have been having some really unusual behavior with > random denial for some users from some machines at > random times. Is there any evidence that 2.2.2 > might help with this? > > -- John Rodkey, Information Technology, Westmont College rodkey@westmont.edu From MarshallJ at switch.aust.com Wed Nov 14 20:39:03 2001 From: MarshallJ at switch.aust.com (MarshallJ@switch.aust.com) Date: Tue Dec 2 02:36:48 2003 Subject: LDAP backend Message-ID: I've managed to get an LDAP backend running with Samba 2.2.2 for user accounts, but whenever I try to add a machine account, I get: --8<-- marshallj@newpdc:~$ sudo smbpasswd -D 10 -a -m machine INFO: Debug class all level = 3 (pid 10834 from pid 10834) ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=machine $)(objectclass=sambaAccount))] We don't find this user [machine$] count=0 ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=machine $)(objectclass=sambaAccount))] ldap_search_one_user: searching for:[uid=machine$] More than one user with that uid exists: bailing out! Failed to add entry for user machine$. Failed to modify password entry for user machine$ --8<-- I have an entry for machine$ in the system password file. It almost amuses me that the ldap search reports at first to not have a machine$ in the database, then reports there is more than one... Can anyone help? I've tried updating just the pdb_ldap.c from the cvs branch SAMBA_2_2 as it has some fixes, but it gives exactly the same error. Regards, Josh Marshall. From KFuerstberger at haitec.de Thu Nov 15 00:11:04 2001 From: KFuerstberger at haitec.de (KFuerstberger@haitec.de) Date: Tue Dec 2 02:36:48 2003 Subject: LDAP backend Message-ID: Hai, You have to manually add the machine account in the LDAP Database with minimal Entries. Then, you can do an smbpasswd as done to set the missing Entries. With the latest cvs I think the rid is set right but the acctFlags are not set to "[W ]" Klaus > I've managed to get an LDAP backend running with Samba 2.2.2 for user > accounts, but whenever I try to add a machine account, I get: > > --8<-- > > marshallj@newpdc:~$ sudo smbpasswd -D 10 -a -m machine > INFO: Debug class all level = 3 (pid 10834 from pid 10834) > ldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > ldap_search_one_user: searching for:[(&(uid=machine > $)(objectclass=sambaAccount))] > We don't find this user [machine$] count=0 > ldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > ldap_search_one_user: searching for:[(&(uid=machine > $)(objectclass=sambaAccount))] > ldap_search_one_user: searching for:[uid=machine$] > More than one user with that uid exists: bailing out! > Failed to add entry for user machine$. > Failed to modify password entry for user machine$ > > --8<-- > > I have an entry for machine$ in the system password file. > > It almost amuses me that the ldap search reports at first to not have a > machine$ in the database, then reports there is more than one... Can anyone > help? > > I've tried updating just the pdb_ldap.c from the cvs branch SAMBA_2_2 as it > has some fixes, but it gives exactly the same error. > > Regards, > Josh Marshall. From bgmilne at cae.co.za Thu Nov 15 00:56:37 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:48 2003 Subject: Re Samba, joining NT Domain, & NT Auth recipe Message-ID: <3BF38201.8070609@cae.co.za> You will notice that I have already put documentation for this on Mandrakeuser.org (http://mandrakeuser.org/connect/csamba5.html), and there are accompanying RPMs of samba-2.2.2 with nss_wins and samba-winbind packages, which should get you working with virtually no effort. After installing the RPMs on Mandrake 8.1 or Mandrake 8.0, you will need to do: 1)Edit /etc/samba/smb.conf and enable the first two winbind entries (see /etc/samba/smb.conf.rpmnew if you previously had samba installed) 2)# chkconfig winbind on 3) smbpasswd -j -U 4)Copy the /etc/pam.d/systhem-auth-winbind to /etc/pam.d/system-auth (keep a backup please) or replace system-auth with system-auth-winbind in all the pam.d files you want to allow access to via winbind 5)# service winbind start I haven't yet got around to announcing this on samba-ntdom or samba-binaries yet because we are waiting to see if there will be official updates from samba-2.2.1a to samba-2.2.2 for Mandrake 8.1 (although they will not include winbind). There is also update docs on http://mandrakeuser.org/connect/csamba6.html for running a domain controller on Mandrake, with screenshots of joining a samba domain from winxp (my updated copy which hasn't been put onto Mandrakeuser .org has animated screenshots of Win2k and Winnt joining a samba domain also, see http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html). There is also a post on Mandrakeforum, http://mandrakeforum.com/article.php?sid=1376&lang=en, covering all the changes between 2.0.x as shipped with Mandrake 8.0 and the current samba-2.2.2. packages. Since I don't have a windows domain controller, I can't make screenshots of adding an account for a windows box in AD or server manager for domains, if you have time, I will add them to the MUO docs. Also, if you look in the packaging/Mandrake directory, you will see a start-up script for winbind, the system-auth-winbind file and all other associated packaging files, which would have made this easier. Regards, Buchan (as somene on Mandrakeforum noted, the best samba packages know to man ;-) File that was attached to your original post Since I have had a good deal of trouble getting NT Domain Authentication to work reliably, I figured lots of other folks might benefit from my struggles. So, I've documented a method that works consistently. Please feel free to let me know if you have problems with what I've written here. Many thanks to Stephan Scheufen who's assistance was invaluable and who also has posted many useful tidbits here. Setting the Stage ----------------- Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as kernels up through 2.4.10). The Linux Samba server is NOT a PDC, but only an NT Domain client that serves up file and print resources and wants to authenticate NT Domain/Active Directory users and groups. My PDC is W2K. I haven't tested an NT PDC. Steps to Get Linux Authenticating Domain Users ---------------------------------------------- 1. Kill all running samba daemons on the Linux Samba system. This includes all instances of smbd, nmbd, and (if you're already running it) winbind. If you've got run control scripts (RedHat, Mandrake, and the like), then you can execute: # /etc/init.d/smb stop Also, and this is VERY important, remove the two files: # rm -f secrets.tdb # rm -f MACHINE.SID These files will be located in /etc or in the Samba config directory. If you don't know where that is, use find or slocate. Also, these two files MUST be removed before you rejoin a domain or a join a new domain. Note that MACHINE.SID may not exist (don't think it will if you've never attempted to join a domain), but if you've run smbd before, secrets.tdb will. In any event, if they exist, you must remove them both. 2. On the W2K primary domain controller, add the Linux computer as a pre-Windows 2000 computer. You can accomplish this in the following way: Start->Settings A Window will pop-up from which you select "Administrative Tools." Another window pops-up from which you select "Active Directory Users and Computers." Yet another window pops-up. Select computers and then click on Action->New->Computer The "New Object - Computer" window pops-up. Type in the hostname of the Linux Samba system. Click on the "Change" button and select the "Pre-Windows 2000 Compatible Access" group. Check the box next to "Allow pre-Windows 2000 computers to access this account." Click OK. 3. On the Linux Samba system, build Samba: # cd /somedir # tar zxvf samba-2.2.2.tar.gz # cd samba-2.2.2/source # ./configure --with-pam --with-winbind --with-acl-support # make && make install # cd nsswitch # cp pam_winbind.so /lib/security # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1 # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support. You may want other -- options to configure, see ./configure --help. In particular, you will want to set the --prefix and other dir locations appropriately. IMPORTANT: Be sure to read through all of the documents in samba-2.2.2/docs. Especially read through samba-2.2.2/docs/htmldocs/winbind.html. There's some useful stuff in that latter document although I have never been able to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw" working. If I could, I would completetly avoid step #2 above. 4. Set up /etc/nsswitch.conf with the winbind stuff. Use something like: passwd: files winbind nis shadow: files winbind nis group: files winbind nis 5. Set up PAM. There are lots of good examples in the other docs about this (see the NB in step #3). I take advantage of the pam_stack.so module and simply modify /etc/pam.d/system-auth as shown below. I also am permitting NT Auth users full access to the system, so it makes sense to configure my PAM this way. You need to determine what your needs are, for example if you want to allow NT Domain users access only to file shares, then you would likely only modify /etc/pam.d/samba. Here's my /etc/pam.d/system-auth file: auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note that I've got "debug" after pam_winbind.so for the auth stack. This gives me some extra output in /var/log/auth.log. You may want to remove that argument and reduce the log entries. Note also that pam_windbind.so completely replaces pam_unix.so for the account stack and still functions properly for NIS and local unix users. 6. This step may not be necessary depending upon your environment, but it won't hurt and it makes name resolution simple. In /etc/lmhosts (or wherever you configured Samba to put it based on ./configure above), put for example: 172.16.0.1 NTDOMAIN.COM Note that you use the domainname, not a hostname! The IP address should match that of the PDC. In /etc/hosts, put for example: 172.16.0.1 my-pdc my-pdc.dns.domain.com Arguably, this entry could also be put in lmhosts, but I like having it available in /etc/hosts for resolution by other processes. It is also resolvable, in my environment, via DNS, but this is faster [;-)] 7. Now configure smb.conf. You will likely have a bunch of other stuff in it, but this represents a minimal set for NT Auth support. [global] netbios name = workgroup = security = domain password server = encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash Be sure to replace the things inside <> appropriately. Also, be sure to read the docs about these and other entries before you go into production. 8. You should now be able to join the domain. # smbpasswd -j where is the name of your NT/W2K domain. On success, you will see the message "Joined domain ." On failure, you will see the message "Unable to join domain ." On failure, you will likely need to repeat all of the above steps except for #3. 9. Start all of the samba daemons. This includes smbd, nmbd, and winbindd. Make sure that your startup script includes the winbindd invocation, if you are using one: # /etc/init.d/smb start 10. Now check the exchanged secret: # wbinfo -t Secret is good # If you get "Secret is good", you are ready to go! If you get "Error checking machine account", then winbindd is not running. If you get "Secret is bad", then you have a configuration error and you need to kill the Samba daemons, remove secrets.tdb and MACHINE.SID. Go to the W2K PDC, remove the entry from the Active Directory, reboot the PDC (or wait for the entry to flush out of the cache) and readd the machine entry to the Active Directory (see step #2). Then rejoin the domain (step #8), restart the daemons (step #9), and recheck the secret (step #10). 11. Try authenticating some NT users. # telnet linuxsamba login: Password: This should let you log in with a home directory of /home/DOMAIN/ntuser. 12. If you are having problems, try running winbindd -d 5. This sets the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd. If 5 is too much, try 3. I hope this is useful to someone...again, any and all feedback is welcome. Regards, Scott -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From maniacxs at web.de Thu Nov 15 02:48:02 2001 From: maniacxs at web.de (Lukas Kasprowicz) Date: Tue Dec 2 02:36:48 2003 Subject: unsubscribe Message-ID: <200111151047.fAFAlEu16235@mailgate5.cinetic.de> samba-ntdom@lists.samba.org schrieb am 14.11.01: Send samba-ntdom mailing list submissions to samba-ntdom@lists.samba.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.samba.org/listinfo/samba-ntdom or, via email, send a message with subject or body 'help' to samba-ntdom-request@lists.samba.org You can reach the person managing the list at samba-ntdom-admin@lists.samba.org When replying, please edit your Subject line so it is more specific than "Re: Contents of samba-ntdom digest..." Today's Topics: 1. RE: NETLOGON problem in WinNT domain (Doug Douglass) 2. joining an NT Domain - failure (Mike R. Cannon) 3. Samba, joining NT Domain, & NT Auth recipe (Scott Mann) 4. Samba, joining NT Domain, & NT Auth recipe (Scott Mann) 5. Re: Samba Bug??? (Lyubomir Velkov) 6. RE: joining an NT Domain - failure (Hobday, Steve (Factiva)) 7. Re: configure problem in latest cvs ? (Ariel Mella) 8. 1.st login ask for password.. (christian@wallin.dk) 9. RE: joining an NT Domain - failure (Cannon, Mike R.) 10. RE: Samba Bug??? (Doug Douglass) --__--__-- Message: 1 From: "Doug Douglass" To: "Moeller Daniel (QI/CCE2-SI) *" , "'antonio.morrocches'" , Subject: RE: NETLOGON problem in WinNT domain Date: Tue, 13 Nov 2001 15:29:46 -0700 Antonnio, You must add the samba machine (LINUXSRV) to the domain using Server Manager before you try and join the domain with smbpasswd -j HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Moeller Daniel > (QI/CCE2-SI) * > Sent: Tuesday, November 13, 2001 8:34 AM > To: 'antonio.morrocches'; samba-ntdom@lists.samba.org > Subject: AW: NETLOGON problem in WinNT domain > > > Hello, > > may be a typing error, see below: > -----Urspr?ngliche Nachricht----- > Von: antonio.morrocches [mailto:antonio.morrocches@tiscalinet.it] > Gesendet: Dienstag, 13. November 2001 15:03 > An: samba-ntdom@lists.samba.org > Betreff: NETLOGON problem in WinNT domain > > > Hi Samba list, > I have a problem with Windows NT password authentication. > I describe you my system. I have 3 PC on LAN network: > - first with Windows NT, service pack 6a and PDC of NT domain FELIX (BIOS > Name: Superserver) and with NT Domain Server I have configured a member > domain server LINUXSRV (Netbios name of Linux Server) > [Moeller Daniel (QI/CCE21) *] > ^^^^^^^^^^^^ > - second with Red Hat Linux 7.1 and installed Samba 2.2.2 > (Name: Linuxsrv) > - third with Win 98 (BIOS Name: Aquaba) > > I tell you my problem configuration. > I have created the file smbpasswd with > cat /etc/passwd | mksmbpasswd.sh > \ > /usr/local/samba/private/smbpasswd > and I set smbpasswd file with 600 permissions. > Now, I stop two deamons smbd and nmbdon NT server and write on the > consolle: > > smbpasswd -j FELIX -r superserver > > after, I have read this answer: > > cli_net_auth2: ERR_NT_STATUS_NO_TRUST_SAM_ACCOUNT > clie_nt_setup_creds: auth2 challange failed > modify_trust_password: Unable to setup PDC credentials to machine > SUPERSERVER.Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT > 200/11/09 15:24:46 change_trust_account_password: Failed to > change password > for domain FELIX > Unable to join domain FELIX. > > On the NT Event Viewer I have read: > > Event ID:5723 > Source:NETLOGON > Description: > The session setup from the computer LINUXSRV failed because there is no > trust account in the security database for this computer.The name of the > account referenced in the security database is LINUXSER$. > > ^^^^^^^^^^ > Finally, I want that LINUXSRV begins a server member of NT FELIX Domain > !!!!! > > Can you help me? > Thanks > > Antonio Morrocchesi > (Florence) Italy > --__--__-- Message: 2 Date: Tue, 13 Nov 2001 17:43:43 -0500 From: "Mike R. Cannon" Reply-To: cannon@purdue.edu Organization: Purdue University To: samba-ntdom@lists.samba.org Subject: joining an NT Domain - failure I have read the SAMBA Project Documentation chapter 7, but I am having troubles joining an NT domain. I have used server manager on the PDC (testnt-06) to create the machine account for Linux samba server (testnt-20). I made sure that all smb and nmb process are not running. I get the following (ip address have been blocked): [root@testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4 added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name TESTNT-06<0x20> Connecting to xxx.xxx.xxx.196 at port 139 LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain sid:S-1-5-21-2055480918-203715125-740312968 LSA Close cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20: 4288719A774A6D81 cred_session_key cred_create cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal 9A97D44CBC600582 neg: 1ff cred_create cred_assert cred_create cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20 clnt 19DE054B4E419FB0 3bf1a09f cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine TESTNT-20 in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was NT_STATUS_WRONG_PASSWORD. 2001/11/13 17:37:19 : change_trust_account_password: Failed to change password for domain TEST_DOMAIN. Unable to join domain TEST_DOMAIN. Any help would be great. Thank you for your time. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu --__--__-- Message: 3 Date: Tue, 13 Nov 2001 17:23:18 -0700 From: Scott Mann Organization: Left Hand Networks, Inc. To: samba-ntdom@lists.samba.org, cannon@purdue.edu, S.Scheufen@ebv.com, gaubrig@yahoo.com, turner@uvs.is Subject: Samba, joining NT Domain, & NT Auth recipe This is a multi-part message in MIME format. --------------D924448E1959F66566520667 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------D924448E1959F66566520667 Content-Type: text/plain; charset=us-ascii; name="mini-HOWTO" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="mini-HOWTO" Since I have had a good deal of trouble getting NT Domain Authentication to work reliably, I figured lots of other folks might benefit from my struggles. So, I've documented a method that works consistently. Please feel free to let me know if you have problems with what I've written here. Many thanks to Stephan Scheufen who's assistance was invaluable and who also has posted many useful tidbits here. Setting the Stage ----------------- Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as kernels up through 2.4.10). The Linux Samba server is NOT a PDC, but only an NT Domain client that serves up file and print resources and wants to authenticate NT Domain/Active Directory users and groups. My PDC is W2K. I haven't tested an NT PDC. Steps to Get Linux Authenticating Domain Users ---------------------------------------------- 1. Kill all running samba daemons on the Linux Samba system. This includes all instances of smbd, nmbd, and (if you're already running it) winbind. If you've got run control scripts (RedHat, Mandrake, and the like), then you can execute: # /etc/init.d/smb stop Also, and this is VERY important, remove the two files: # rm -f secrets.tdb # rm -f MACHINE.SID These files will be located in /etc or in the Samba config directory. If you don't know where that is, use find or slocate. Also, these two files MUST be removed before you rejoin a domain or a join a new domain. 2. On the W2K primary domain controller, add the Linux computer as a pre-Windows 2000 computer. You can accomplish this in the following way: Start->Settings A Window will pop-up from which you select "Administrative Tools." Another window pops-up from which you select "Active Directory Users and Computers." Yet another window pops-up. Select computers and then click on Action->New->Computer The "New Object - Computer" window pops-up. Type in the hostname of the Linux Samba system. Click on the "Change" button and select the "Pre-Windows 2000 Compatible Access" group. Check the box next to "Allow pre-Windows 2000 computers to access this account." Click OK. 3. On the Linux Samba system, build Samba: # cd /somedir # tar zxvf samba-2.2.2.tar.gz # cd samba-2.2.2/source # ./configure --with-pam --with-winbind --with-acl-support # make && make install # cd nsswitch # cp pam_winbind.so /lib/security # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1 # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support. You may want other -- options to configure, see ./configure --help. In particular, you will want to set the --prefix and other dir locations appropriately. IMPORTANT: Be sure to read through all of the documents in samba-2.2.2/docs. Especially read through samba-2.2.2/docs/htmldocs/winbind.html. There's some useful stuff in that latter document although I have never been able to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw" working. If I could, I would completetly avoid step #2 above. 3. Set up /etc/nsswitch.conf with the winbind stuff. Use something like: passwd: files winbind nis shadow: files winbind nis group: files winbind nis 4. Set up PAM. There are lots of good examples in the other docs about this (see the NB in step #3). I take advantage of the pam_stack.so module and simply modify /etc/pam.d/system-auth as shown below. I also am permitting NT Auth users full access to the system, so it makes sense to configure my PAM this way. You need to determine what your needs are, for example if you want to allow NT Domain users access only to file shares, then you would likely only modify /etc/pam.d/samba. Here's my /etc/pam.d/system-auth file: auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note that I've got "debug" after pam_winbind.so for the auth stack. This gives me some extra output in /var/log/auth.log. You may want to remove that argument and reduce the log entries. Note also that pam_windbind.so completely replaces pam_unix.so for the account stack and still functions properly for NIS and local unix users. 5. This step may not be necessary depending upon your environment, but it won't hurt and it makes name resolution simple. In /etc/lmhosts (or wherever you configured Samba to put it based on ./configure above), put for example: 172.16.0.1 NTDOMAIN.COM Note that you use the domainname, not a hostname! The IP address should match that of the PDC. In /etc/hosts, put for example: 172.16.0.1 my-pdc my-pdc.dns.domain.com Arguably, this entry could also be put in lmhosts, but I like having it available in /etc/hosts for resolution by other processes. It is also resolvable, in my environment, via DNS, but this is faster ;-) 6. Now configure smb.conf. You will likely have a bunch of other stuff in it, but this represents a minimal set for NT Auth support. [global] netbios name = workgroup = security = domain password server = encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash Be sure to replace the things inside <> appropriately. Also, be sure to read the docs about these and other entries before you go into production. 7. You should now be able to join the domain. # smbpasswd -j where is the name of your NT/W2K domain. 8. Start all of the samba daemons. This includes smbd, nmbd, and winbindd. Make sure that your startup script includes the winbindd invocation, if you are using one: # /etc/init.d/smb start 9. Now check the exchanged secret: # wbinfo -t Secret is good # If you get "Secret is good", you are ready to go! If you get "Error checking machine account", then winbindd is not running. If you get "Secret is bad", then you have a configuration error and you need to kill the Samba daemons, remove secrets.tdb and MACHINE.SID. Go to the W2K PDC, remove the entry from the Active Directory, reboot the PDC (or wait for the entry to flush out of the cache) and readd the machine entry to the Active Directory (see step #2). Then rejoin the domain (step #7), restart the daemons (step #8), and recheck the secret (step #9). 10. Try authenticating some NT users. # telnet linuxsamba login: Password: This should let you log in with a home directory of /home/DOMAIN/ntuser. 11. If you are having problems, try running winbindd -d 5. This sets the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd. If 5 is too much, try 3. I hope this is useful to someone...again, any and all feedback is welcome. Regards, Scott --------------D924448E1959F66566520667-- --__--__-- Message: 4 Date: Tue, 13 Nov 2001 17:32:49 -0700 From: Scott Mann Organization: Left Hand Networks, Inc. To: samba-ntdom@lists.samba.org, cannon@purdue.edu, S.Scheufen@ebv.com, gaubrig@yahoo.com, turner@uvs.is Subject: Samba, joining NT Domain, & NT Auth recipe This is a multi-part message in MIME format. --------------97EC3222AFAF1E15F7952E12 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sorry for the resend, but the first version I sent had typos and a numbering problem. --------------97EC3222AFAF1E15F7952E12 Content-Type: text/plain; charset=us-ascii; name="mini-HOWTO" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="mini-HOWTO" Since I have had a good deal of trouble getting NT Domain Authentication to work reliably, I figured lots of other folks might benefit from my struggles. So, I've documented a method that works consistently. Please feel free to let me know if you have problems with what I've written here. Many thanks to Stephan Scheufen who's assistance was invaluable and who also has posted many useful tidbits here. Setting the Stage ----------------- Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as kernels up through 2.4.10). The Linux Samba server is NOT a PDC, but only an NT Domain client that serves up file and print resources and wants to authenticate NT Domain/Active Directory users and groups. My PDC is W2K. I haven't tested an NT PDC. Steps to Get Linux Authenticating Domain Users ---------------------------------------------- 1. Kill all running samba daemons on the Linux Samba system. This includes all instances of smbd, nmbd, and (if you're already running it) winbind. If you've got run control scripts (RedHat, Mandrake, and the like), then you can execute: # /etc/init.d/smb stop Also, and this is VERY important, remove the two files: # rm -f secrets.tdb # rm -f MACHINE.SID These files will be located in /etc or in the Samba config directory. If you don't know where that is, use find or slocate. Also, these two files MUST be removed before you rejoin a domain or a join a new domain. Note that MACHINE.SID may not exist (don't think it will if you've never attempted to join a domain), but if you've run smbd before, secrets.tdb will. In any event, if they exist, you must remove them both. 2. On the W2K primary domain controller, add the Linux computer as a pre-Windows 2000 computer. You can accomplish this in the following way: Start->Settings A Window will pop-up from which you select "Administrative Tools." Another window pops-up from which you select "Active Directory Users and Computers." Yet another window pops-up. Select computers and then click on Action->New->Computer The "New Object - Computer" window pops-up. Type in the hostname of the Linux Samba system. Click on the "Change" button and select the "Pre-Windows 2000 Compatible Access" group. Check the box next to "Allow pre-Windows 2000 computers to access this account." Click OK. 3. On the Linux Samba system, build Samba: # cd /somedir # tar zxvf samba-2.2.2.tar.gz # cd samba-2.2.2/source # ./configure --with-pam --with-winbind --with-acl-support # make && make install # cd nsswitch # cp pam_winbind.so /lib/security # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1 # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support. You may want other -- options to configure, see ./configure --help. In particular, you will want to set the --prefix and other dir locations appropriately. IMPORTANT: Be sure to read through all of the documents in samba-2.2.2/docs. Especially read through samba-2.2.2/docs/htmldocs/winbind.html. There's some useful stuff in that latter document although I have never been able to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw" working. If I could, I would completetly avoid step #2 above. 4. Set up /etc/nsswitch.conf with the winbind stuff. Use something like: passwd: files winbind nis shadow: files winbind nis group: files winbind nis 5. Set up PAM. There are lots of good examples in the other docs about this (see the NB in step #3). I take advantage of the pam_stack.so module and simply modify /etc/pam.d/system-auth as shown below. I also am permitting NT Auth users full access to the system, so it makes sense to configure my PAM this way. You need to determine what your needs are, for example if you want to allow NT Domain users access only to file shares, then you would likely only modify /etc/pam.d/samba. Here's my /etc/pam.d/system-auth file: auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note that I've got "debug" after pam_winbind.so for the auth stack. This gives me some extra output in /var/log/auth.log. You may want to remove that argument and reduce the log entries. Note also that pam_windbind.so completely replaces pam_unix.so for the account stack and still functions properly for NIS and local unix users. 6. This step may not be necessary depending upon your environment, but it won't hurt and it makes name resolution simple. In /etc/lmhosts (or wherever you configured Samba to put it based on ./configure above), put for example: 172.16.0.1 NTDOMAIN.COM Note that you use the domainname, not a hostname! The IP address should match that of the PDC. In /etc/hosts, put for example: 172.16.0.1 my-pdc my-pdc.dns.domain.com Arguably, this entry could also be put in lmhosts, but I like having it available in /etc/hosts for resolution by other processes. It is also resolvable, in my environment, via DNS, but this is faster ;-) 7. Now configure smb.conf. You will likely have a bunch of other stuff in it, but this represents a minimal set for NT Auth support. [global] netbios name = workgroup = security = domain password server = encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash Be sure to replace the things inside <> appropriately. Also, be sure to read the docs about these and other entries before you go into production. 8. You should now be able to join the domain. # smbpasswd -j where is the name of your NT/W2K domain. On success, you will see the message "Joined domain ." On failure, you will see the message "Unable to join domain ." On failure, you will likely need to repeat all of the above steps except for #3. 9. Start all of the samba daemons. This includes smbd, nmbd, and winbindd. Make sure that your startup script includes the winbindd invocation, if you are using one: # /etc/init.d/smb start 10. Now check the exchanged secret: # wbinfo -t Secret is good # If you get "Secret is good", you are ready to go! If you get "Error checking machine account", then winbindd is not running. If you get "Secret is bad", then you have a configuration error and you need to kill the Samba daemons, remove secrets.tdb and MACHINE.SID. Go to the W2K PDC, remove the entry from the Active Directory, reboot the PDC (or wait for the entry to flush out of the cache) and readd the machine entry to the Active Directory (see step #2). Then rejoin the domain (step #8), restart the daemons (step #9), and recheck the secret (step #10). 11. Try authenticating some NT users. # telnet linuxsamba login: Password: This should let you log in with a home directory of /home/DOMAIN/ntuser. 12. If you are having problems, try running winbindd -d 5. This sets the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd. If 5 is too much, try 3. I hope this is useful to someone...again, any and all feedback is welcome. Regards, Scott --------------97EC3222AFAF1E15F7952E12-- --__--__-- Message: 5 Date: Wed, 14 Nov 2001 10:35:29 +0100 From: Lyubomir Velkov Organization: University Of Ruse To: samba-ntdom@samba.org Subject: Re: Samba Bug??? Ahaa, that explain why every day when I got to work my NT WS-s can't find their domain server! BIG THANKS DOUG! But one question - what I am supposed to do now - disable samba log rotation or not allow logrotate to kill smbd & nmbd ? Doug Douglass wrote: > > Are you both on RedHat systems, using logrotate? Check the logrotate script > in /etc/logrotate.d, I bet it sends a HUP to nmbd. > > Doug > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Zartman > > Sent: Tuesday, November 13, 2001 9:38 AM > > To: Samba News > > Subject: Samba Bug??? > > > > > > I, as well and anther Samba user, are getting the following in > > our nmbd logs > > at 4:02am. Does anyone know what this means? We are both using > > Samba 2.2.2 > > and have simular configurations. > > > > We are both running Samba 2.2.2 as a PDC. > > > > Snip from nmbd log: > > > > Got SIGHUP dumping debug info. > > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) > > dump_workgroups() > > dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0: > > LEIINC.COM(1) current master browser = SERVER > > SERVER 400c9b0b (Mitel Networks SME Server) > > BACKBONE 40011203 () > > RECEPTION 40011003 () > > ATHLON1 40011003 () > > GREG 40011203 (Windows 2000 Workstation) > > MIKE 40011003 () > > DALLAS 40011203 () > > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) > > dump_workgroups() > > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.1: > > LEIINC.COM(1) current master browser = UNKNOWN > > SERVER 40099b0b (Mitel Networks SME Server) > > > > > > > > > > Thank you. > > > > Regards, > > > > Greg J. Zartman, P.E. > > Vice-President > > Logging Engineering International, Inc. > > (541)683-8383 fax (541)683-8144 > > www.leiinc.com > > > > ----------------------- Lyubomir Velkov University Of Rousse --__--__-- Message: 6 From: "Hobday, Steve (Factiva)" To: "'cannon@purdue.edu'" , samba-ntdom@lists.samba.org Subject: RE: joining an NT Domain - failure Date: Wed, 14 Nov 2001 04:41:42 -0500 You need to specifiy the name of an NT account authorised to modify the machine account using the -U switch. e.g -UAdministrator%password S -----Original Message----- From: Mike R. Cannon [mailto:cannon@purdue.edu] Sent: 13 November 2001 22:44 To: samba-ntdom@lists.samba.org Subject: joining an NT Domain - failure I have read the SAMBA Project Documentation chapter 7, but I am having troubles joining an NT domain. I have used server manager on the PDC (testnt-06) to create the machine account for Linux samba server (testnt-20). I made sure that all smb and nmb process are not running. I get the following (ip address have been blocked): [root@testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4 added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name TESTNT-06<0x20> Connecting to xxx.xxx.xxx.196 at port 139 LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain sid:S-1-5-21-2055480918-203715125-740312968 LSA Close cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20: 4288719A774A6D81 cred_session_key cred_create cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal 9A97D44CBC600582 neg: 1ff cred_create cred_assert cred_create cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20 clnt 19DE054B4E419FB0 3bf1a09f cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine TESTNT-20 in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was NT_STATUS_WRONG_PASSWORD. 2001/11/13 17:37:19 : change_trust_account_password: Failed to change password for domain TEST_DOMAIN. Unable to join domain TEST_DOMAIN. Any help would be great. Thank you for your time. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu --__--__-- Message: 7 From: "Ariel Mella" To: Subject: Re: configure problem in latest cvs ? Date: Wed, 14 Nov 2001 09:52:35 -0300 it is posible now to retrieve the groups of the users correctly? i mean in a win9x client, sharing, Add, and when comes the users list to appear too the group list.. thx --__--__-- Message: 8 Subject: 1.st login ask for password.. To: samba-ntdom@lists.samba.org From: christian@wallin.dk Date: Wed, 14 Nov 2001 16:19:27 +0100 Hi Guys In Windows NT server there is an option for the PDC to ask the client f= or a new password/expired password when the user logs on for the first time.= .. Is this posible in Samba?? If it is how do i configure / add the users in that way?? Christian Pedersen -=3D- Wallin Computer Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90= --__--__-- Message: 9 From: "Cannon, Mike R." To: "'Hobday, Steve (Factiva)'" , samba-ntdom@lists.samba.org Subject: RE: joining an NT Domain - failure Date: Wed, 14 Nov 2001 11:22:48 -0500 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C16D28.99B9BAD0 Content-Type: text/plain; charset="iso-8859-1" I tried this and it gives me the same error. Even went so far as to create a root account in the domain as a domain admin. Have the root account in Linux and Samba sync to the same password as the domain. Same error. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu -----Original Message----- From: Hobday, Steve (Factiva) [mailto:Stephen.Hobday@factiva.com] Sent: Wednesday, November 14, 2001 4:42 AM To: 'cannon@purdue.edu'; samba-ntdom@lists.samba.org Subject: RE: joining an NT Domain - failure You need to specifiy the name of an NT account authorised to modify the machine account using the -U switch. e.g -UAdministrator%password S -----Original Message----- From: Mike R. Cannon [mailto:cannon@purdue.edu] Sent: 13 November 2001 22:44 To: samba-ntdom@lists.samba.org Subject: joining an NT Domain - failure I have read the SAMBA Project Documentation chapter 7, but I am having troubles joining an NT domain. I have used server manager on the PDC (testnt-06) to create the machine account for Linux samba server (testnt-20). I made sure that all smb and nmb process are not running. I get the following (ip address have been blocked): [root@testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4 added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name TESTNT-06<0x20> Connecting to xxx.xxx.xxx.196 at port 139 LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain sid:S-1-5-21-2055480918-203715125-740312968 LSA Close cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20: 4288719A774A6D81 cred_session_key cred_create cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal 9A97D44CBC600582 neg: 1ff cred_create cred_assert cred_create cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20 clnt 19DE054B4E419FB0 3bf1a09f cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD modify_trust_password: unable to change password for machine TESTNT-20 in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was NT_STATUS_WRONG_PASSWORD. 2001/11/13 17:37:19 : change_trust_account_password: Failed to change password for domain TEST_DOMAIN. Unable to join domain TEST_DOMAIN. Any help would be great. Thank you for your time. -- Mike Cannon Infrastructure Systems Admini ________________________________________________________________ Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13 From lubo at ru.acad.bg Thu Nov 15 05:38:01 2001 From: lubo at ru.acad.bg (Lyubomir Velkov) Date: Tue Dec 2 02:36:48 2003 Subject: Samba Bug??? References: Message-ID: <3BF3D45C.DEDD1011@ru.acad.bg> Probably it was because today all machines finds their domain without need to be restarted :-) May be you are not affected because of LDAP or 2k WS-s - I don't know I have RH7.1 machine in native samba mode - its my PDC, WINS and DNS server and workstations are NT 4 SP6 Recently I have posted mail about message appearing on the console from time to time saying: kernel: probable hardware bug: clock timer configuration lost - probably a VIA686a motherboard. kernel: probable hardware bug: restoring chip configuration. to samba-ntdom (which nobody answered unfortunately) so maybe my problem is kernel-chipset-bug related - I cannot say but today everything is fine. Doug Douglass wrote: > > > Ahaa, that explain why every day when I got to work my NT WS-s can't > > find their domain server! > > BIG THANKS DOUG! > > > > But one question - what I am supposed to do now - disable samba log > > rotation or not allow logrotate to kill smbd & nmbd ? > > > > Doug Douglass wrote: > > > > > > Are you both on RedHat systems, using logrotate? Check the > > logrotate script > > > in /etc/logrotate.d, I bet it sends a HUP to nmbd. > > > > > > Doug > > Well, I don't know if this is the root of your "can't find domain sever" > problem. I use the default samba logrotate script (from RPM) on my Samba > PDC, and several other Samba servers, and haven't had this problem. > > Note that all Samba servers are RedHat 7.1, Samba 2.2.1a+LDAP patch; clients > are mostly Win2000 SP2, we have one Win2000 Server that is a member of the > domain. ---------------------- Lyubomir Velkov University Of Rousse From Michael.Gerdts at usa.alcatel.com Thu Nov 15 06:02:26 2001 From: Michael.Gerdts at usa.alcatel.com (Mike Gerdts) Date: Tue Dec 2 02:36:48 2003 Subject: issues with version 2.2.2 In-Reply-To: <5.1.0.14.2.20011115093312.03b9b998@cyllene.uwa.edu.au> References: <5.1.0.14.2.20011115093312.03b9b998@cyllene.uwa.edu.au> Message-ID: <1005832862.3204.0.camel@aursea> On Wed, 2001-11-14 at 20:34, Tim Villa wrote: > At 01:37 PM 14/11/2001 -0800, Karyn Joseph wrote: > >Does anyone have any strong comments either > >positively or negatively about the new version 2.2.2 > >running on Solaris 2.7 or 2.6? > > On Solaris 2.8 I was having all sorts of problems with a number of versions > prior to 2.2.2 (logins, runaway processes, corrupted connections table > etc). Using 2.2.2 has solved ALL of them. Use it :-) > This is pretty consistent with what I am seeing. There is a potential locking problem with Office 97 on Win2k, but the user that complains has been somewhat unresponsive... Mike From retyler at raytheon.com Thu Nov 15 06:09:02 2001 From: retyler at raytheon.com (Tyler, Ross E) Date: Tue Dec 2 02:36:48 2003 Subject: NetUserModalsGet call to samba 2.2.2 fails Message-ID: <3BF3CBFD.D4D7782A@raytheon.com> the following code, in the context of an anonymous session with a samba 2.2.2 machine, fails. (actually the code has failed since samba ~1.19 - it used to give an access violation). static wchar_t sambaMachine[] = L"\\\\147.19.126.131"; // IP address of my samba machine USER_MODALS_INFO_2 * domainIdInfo = 0; long error = NetUserModalsGet(sambaMachine, 2, (BYTE **) &domainIdInfo); the error is 0x57: The parameter is incorrect i have traced the problem on the smbd side using gdb and have found that rpc_server/srv_samr_nt.c : _samr_query_dom_info returns NT_STATUS_INVALID_INFO_CLASS when q_u->switch_value == 5 any ideas? -------------- next part -------------- An embedded message was scrubbed... From: "Tyler, Ross E" Subject: NetUserModalsGet call to samba 2.2.2 fails Date: Wed, 14 Nov 2001 11:54:57 -0800 Size: 1244 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20011115/4cfc6f41/attachment.eml From lubo at ru.acad.bg Thu Nov 15 06:11:05 2001 From: lubo at ru.acad.bg (Lyubomir Velkov) Date: Tue Dec 2 02:36:48 2003 Subject: anyone have tried policies?? References: <003f01c16d4f$eeaacee0$1a3ca8ac@jusbaires.gov.ar> Message-ID: <3BF3DC17.221C111C@ru.acad.bg> I have had similar problems when tried to save the ntconfig.pol file. As far as I can remember I have copied in advance the old ntconfig.pol (for backup) some other place and then when edited I selected "save" not "save as" and it succeeded. Ariel Mella wrote: > > anoyone have tried using policies and editting with poledit?? i have tried > and the problem is the following: > i open poledit.exe > i select a template (blablabla.adm) > i select "File"->"New File" > "default user" change some things... > when i go to "File" -> "Save as" > i get an error message saying: > Cannot save the registry > > any idea? ----------------- Lyubomir Velkov University Of Rousse From MathiasWohlfarth at bwb.org Thu Nov 15 06:34:03 2001 From: MathiasWohlfarth at bwb.org (Mathias Wohlfarth) Date: Tue Dec 2 02:36:48 2003 Subject: Antwort: Re: HEAD: password expiry Message-ID: We are testing Samba PDC (2.2.2) for running in a production environment on AIX. We need a function to set a user password timeout. Is there something in the 2.2.2 Code (maybe hardcoded). From my W2K Client it looks like 42 days, but I don't have time to wait 6 weeks. I found a mail on samba-ntdom from simon@explodingsheep.org (June 13th 2001) with code for implementation of "user password time". Are there plans to implement it. This function is highly required! Gerald Carter @lists.samba.org on 12.12.2000 17:55:21 Gesendet von: samba-ntdom-admin@lists.samba.org An: Matthew Geddes , samba-ntdom@samba.org Kopie: Org.Element: Telefon: Thema: Re: HEAD: password expiry Gerald Carter wrote: > > Matthew Geddes wrote: > > > > I forgot to mention that it's today's CVS and I'm using the > > --with-tdbsam option. I have the same problem if I use > > today's CVS of the main branch. > > I'll fix it. Check out a new copy of head and see if it is fixed now. Currently password expiration is hacked in to never flag the user account as requiring a password change. May need to wait to the HEAD cvs tree to sync with the anonymous CVS tree. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jerry at samba.org Thu Nov 15 06:35:43 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:48 2003 Subject: NetUserModalsGet call to samba 2.2.2 fails In-Reply-To: <3BF3CBFD.D4D7782A@raytheon.com> Message-ID: On Thu, 15 Nov 2001, Tyler, Ross E wrote: > static wchar_t sambaMachine[] = L"\\\\147.19.126.131"; // IP > address of my samba machine > USER_MODALS_INFO_2 * domainIdInfo = 0; > long error = NetUserModalsGet(sambaMachine, 2, (BYTE **) > &domainIdInfo); > > the error is > > 0x57: The parameter is incorrect > > i have traced the problem on the smbd side using gdb and have found that > > rpc_server/srv_samr_nt.c : _samr_query_dom_info > > returns > > NT_STATUS_INVALID_INFO_CLASS > > when > > q_u->switch_value == 5 'cause we don't implement that level :-) From cr at neuro.ma.uni-heidelberg.de Thu Nov 15 07:36:04 2001 From: cr at neuro.ma.uni-heidelberg.de (Chr. Rossmanith) Date: Tue Dec 2 02:36:48 2003 Subject: Win2K client / Samba 2.2.2 server Message-ID: <3BF3F3B0.D3FE5F3D@neuro.ma.uni-heidelberg.de> Hi, I've installed samba-2.2.2 and configured the server to act as an PDC. All my Win NT workstations can log in and user profiles are stored on the server - every thing is fine.... Well, nearly every thing: I'd like a Windows 2000 Professional workstation (SP2) to join the domain as well. But if I configure the network setup and choose our domain instead of the default workgroup I get the error message: (translated from German) "Domain does not exist or no connection could be established." A ping to the PDC from the w2k workstation is successful. Any hints what could be wrong in my setup? Any additional information needed??? I've only used --with-smbmount as a configure switch and changed the prefix for installation... Thank you, Christina Rossmanith From retyler at raytheon.com Thu Nov 15 07:49:05 2001 From: retyler at raytheon.com (Tyler, Ross E) Date: Tue Dec 2 02:36:50 2003 Subject: NetUserModalsGet call to samba 2.2.2 fails References: Message-ID: <3BF3E362.729A26D0@raytheon.com> yes, i guess i understood that. my implied questions were "why not", "when" and "how can i help". this type of call is something that i commonly do in my windows networking code for various reasons. some of which are: programmatically joining an NT domain programmatically purging locally cached profiles from NT domain accounts that have been removed. thanks for you quick response and your support! "Gerald (Jerry) Carter" wrote: > On Thu, 15 Nov 2001, Tyler, Ross E wrote: > > > static wchar_t sambaMachine[] = L"\\\\147.19.126.131"; // IP > > address of my samba machine > > USER_MODALS_INFO_2 * domainIdInfo = 0; > > long error = NetUserModalsGet(sambaMachine, 2, (BYTE **) > > &domainIdInfo); > > > > the error is > > > > 0x57: The parameter is incorrect > > > > i have traced the problem on the smbd side using gdb and have found that > > > > rpc_server/srv_samr_nt.c : _samr_query_dom_info > > > > returns > > > > NT_STATUS_INVALID_INFO_CLASS > > > > when > > > > q_u->switch_value == 5 > > 'cause we don't implement that level :-) > > From _samr_query_dom_info()... > > switch (q_u->switch_value) { > case 0x01: > init_unk_info1(&ctr->info.inf1); > break; > case 0x02: > /* The time call below is to get a sequence number > for the sam. FIXME !!! JRA. */ > init_unk_info2(&ctr->info.inf2, global_myworkgroup, > global_myname, (uint32) time(NULL)); > break; > case 0x03: > init_unk_info3(&ctr->info.inf3); > break; > case 0x06: > init_unk_info6(&ctr->info.inf6); > break; > case 0x07: > init_unk_info7(&ctr->info.inf7); > break; > case 0x0c: > init_unk_info12(&ctr->info.inf12); > break; > default: > return NT_STATUS_INVALID_INFO_CLASS; > } > > > > > any ideas? > > > > jerry > -- > --------------------------------------------------------------------- > www.samba.org SAMBA Team jerry_at_samba.org > www.plainjoe.org jerry_at_plainjoe.org > http://www.hp.com Hewlett-Packard > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From jerry at samba.org Thu Nov 15 08:09:05 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:50 2003 Subject: NetUserModalsGet call to samba 2.2.2 fails In-Reply-To: <3BF3E362.729A26D0@raytheon.com> Message-ID: On Thu, 15 Nov 2001, Tyler, Ross E wrote: > yes, i guess i understood that. I figured :) > my implied questions were "why not", "when" and "how can i help". We just haven't needed it yet is the most likely answer. > this type of call is something that i commonly do in my windows > networking code for various reasons. some of which are: > > programmatically joining an NT domain > > programmatically purging locally cached profiles from NT domain > accounts that have been removed. > > thanks for you quick response and your support! It should be pretty easy to implement. Run you win32 client against smbd (set "log level = 10" and "debug timestamp = no") Then figure out the structure. Probably best grab a Netmon capture of this as well. Implemented support will probably be cut-n-paste stuff for the most part. If you need help, let me know. --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org http://www.hp.com Hewlett-Packard --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From olivier.lemaire at IDEALX.com Thu Nov 15 08:13:03 2001 From: olivier.lemaire at IDEALX.com (Olivier Lemaire) Date: Tue Dec 2 02:36:51 2003 Subject: Win2K client / Samba 2.2.2 server In-Reply-To: <3BF3F3B0.D3FE5F3D@neuro.ma.uni-heidelberg.de>; from cr@neuro.ma.uni-heidelberg.de on Thu, Nov 15, 2001 at 05:56:16PM +0100 References: <3BF3F3B0.D3FE5F3D@neuro.ma.uni-heidelberg.de> Message-ID: <20011115170907.A3771@gobey.ird.idealx.com> > I've installed samba-2.2.2 and configured the server to act as an PDC. > Well, nearly every thing: I'd like a Windows 2000 Professional > workstation (SP2) to join the domain as well. But if I configure the > network setup and choose our domain instead of the default workgroup I > get the error message: > "Domain does not exist or no connection could be established." > A ping to the PDC from the w2k workstation is successful. This registry key (gathered from the Samba-tng lists) is needed for Windows 2000 and XP clients to join and logon to a Samba domain : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters "RequireSignOrSeal"=dword:00000000 You can change this in the Local or Domain policy editor in Windows 2000. hope this'll help -- Olivier Lemaire aka lem http://IDEALX.org/ From gregory.aniorte at neurocom.com Thu Nov 15 08:58:12 2001 From: gregory.aniorte at neurocom.com (=?gb2312?B?R3KopmdvcnkgQU5JT1JURQ==?=) Date: Tue Dec 2 02:36:51 2003 Subject: Help! Problem to authenticate NT users connecting Samba shares Message-ID: Hie, I¡¯ve got samba¡¯s share on a Mandrake¡¯ server. This machine is already in my NT domain (the PDC is a win 2000 machine). I try to connect from a NT workstation using my NT account, it prompt me a logon window but I can¡¯t access the shares. Here is my smb.conf file # Samba config file created using SWAT # from npd.neurocom.com (127.0.0.1) # Date: 2001/11/14 11:01:45 # Global parameters [global] workgroup = NTDOMAIN netbios name = SAMBASERVER server string = security = share encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat dns proxy = No winbind gid = 10000-20000 template homedir = /home/%U winbind separator = + guest account = lrt printing = cups password server = PDC smb passwd file = /usr/bin/smbpasswd add user script = /usr/sbin/useradd %u -g smbusers delete user script = /usr/sbin/userdel %u ¡­ Here is my Log file. getsmbfilepwent: malformed password entry (uid not number) for user: ¨ˆ¨ˆ* ¨ˆ. [2001/11/15 16:53:49, 0] passdb/smbpass.c:getsmbfilepwent(280) getsmbfilepwent: malformed password entry (no :) [2001/11/15 16:53:57, 0] smbd/password.c:domain_client_validate(1563) domain_client_validate: could not fetch trust account password for domain ¡°NTDOMAIN¡± What¡¯s wrong with my config file. Help please. In advance thanks. Gr¨¦gory Aniorte Ing¨¦nieur Syst¨¨mes / r¨¦seaux Neurocom - Paris ??????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????? ???????????? ???????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????? ??????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? -------------- next part -------------- HTML attachment scrubbed and removed From aoclarit at kiwi.dhs.org Thu Nov 15 09:22:11 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:51 2003 Subject: script that sync's wins.dat files Message-ID: <00a501c16dfa$025dae30$8c4331a2@Alex2000> Hi there Since WINS-replication between samba-WINS-servers is not supported I thought maybe one could write a script that would do that cause basically it's just a sync'ing of 2 textfiles. Has any of you clever programmers possible written such a script already then I wouldn't have to bother. Thx Alex From ericb at maniasys.com Thu Nov 15 09:41:03 2001 From: ericb at maniasys.com (Brunet Eric) Date: Tue Dec 2 02:36:51 2003 Subject: problem to join PDC with 2 samba(PDC and member) Message-ID: <3BF3FE4C.9050406@maniasys.com> Actually, it runs a Samba PDC(2.2.0, called A) with MS client(W98,NT4,W2000), all works fine. But i want to join another samba(2.2.2, called B) in order to share a printer for clients. After read many many documents, i don't solve the problem: This is kernel logs (debug flag to 1) when i try to access an resource of B with an account of PDC: >[2001/11/15 18:47:28, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED >[2001/11/15 18:47:28, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) > cli_nt_setup_creds: auth2 challenge failed >[2001/11/15 18:47:28, 0] smbd/password.c:connect_to_domain_password_server(1371) > connect_to_domain_password_server: unable to setup the PDC credentials to machine MAISON. Error was : NT_STATUS_ACCESS_DENIED. >[2001/11/15 18:47:28, 0] smbd/password.c:domain_client_validate(1591) > domain_client_validate: Domain password server not available. >[2001/11/15 18:47:28, 1] smbd/password.c:pass_check_smb(546) > Couldn't find user 'ericb' in passdb. >[2001/11/15 18:47:28, 1] smbd/password.c:pass_check_smb(546) > Couldn't find user 'ericb' in passdb. >[2001/11/15 18:47:28, 1] smbd/reply.c:reply_sesssetup_and_X(995) > Rejecting user 'ericb': authentication failed i follow docs: - create machine account on PDC for B # uadduser -n -d /dev/null -s /bin/false B$ # smbpassword -a -m B - join B into PC # smbpasswd -J OFFICE -m A i had this message: >2001/11/15 15:42:09 : change_trust_account_password: Changed password for domain OFFICE. >Joined domain OFFICE. The first message is normal?? if yes: which password i must change?? machine account don't have password! ===================================== this a part of smb.conf of samba PDC: character set = ISO8859-1 smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u remote announce = 192.168.3.255 domain master = yes dns proxy = no encrypt passwords = yes logon path = \\%L\%U\profile name resolve order = wins lmhost bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap wins support = yes max log size = 0 hosts allow = 192.168.3. preferred master = yes logon script = %U_logon.bat announce version = 4.2 interfaces = 192.168.3.0/24 passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n \*passwd:*all*authentication*tokens*updated*successfully* security = user domain logons = yes unix password sync = Yes workgroup = OFFICE server string = OFFICE DOMAIN PRIMARY CONTROLLER local master = yes log file = /var/log/samba/%m.log wins proxy = no load printers = yes username map = /etc/samba/smbusers os level = 20 default = global mangled names = no ===================================== this a part of smb.conf of samba(member): client code page = 850 netbios name = BACKUP workgroup = OFFICE hosts allow = 192.168.3. security = domain """"""""""""""""" password server = MAISON """""""""""""""""""""""" socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 192.168.3.0/24 remote announce = 192.168.3.255 ; local master = no ; os level = 33 domain master = no preferred master = no ; domain logons = yes ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat ; logon path = \\%L\Profiles\%U ; name resolve order = wins lmhosts bcast ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes dns proxy = no ===================================== last question: is it possible: 2 samba: 1 PDC and 1 member ??? Because in docs, faqs archive list... i read NT for PDC and samba for member (vice versa) but never my situation. PLEASE help :~( From rickera2 at SLU.EDU Thu Nov 15 12:16:03 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:51 2003 Subject: browser issue? hacking issue? HHEELLPP!!! Message-ID: <3BF4227A.9D3B5014@slu.edu> All, I have a question that I think I narrowed down the the issue, but still have not seen the answer. In the logs, I see the following.... Snip..... Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid user nobody Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid user nobody Oct 29 18:44:59 sifl smbd[8814]: authorise_login: rejected invalid user nobody Oct 29 18:44:59 sifl smbd[8814]: authorise_login: rejected invalid user nobody Oct 29 18:56:59 sifl smbd[8817]: authorise_login: rejected invalid user nobody Oct 29 18:56:59 sifl smbd[8817]: authorise_login: rejected invalid user nobody .....End snip Know that this happens pretty much every hour of every day, with some thrown in at odd times. Notice that these are 12 minutes apart, which had me wondering. After looking into it, I found out that every 12 minutes a master browser will send a server announcement every 12 minutes for (3) 12 minute periods. Thinking harder... But I still have no ideas as to what the user nobody is trying to authenticate. In ny smb.conf (2.2.2 on Redhat 7.1) here is the relative info.... preferred master=yes master browser=yes local master=yes domain master=yes domain logons=yes Anyone have this issue before? If so, any ideas as to what is happening? I my research, I have found (correct if I am wrong) that the user nobody is used if a user does no authenticate correctly, and samba will try and use the nobody account, also if a share is double clicked in network 'hood, it will try and authenticate using the user nobody. I am at a lost as to what is happening and could use any and all help/damnations. If anyone needs more info, please let me know. Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From dlyness at parthus.com Thu Nov 15 12:28:02 2001 From: dlyness at parthus.com (Dennis Lyness) Date: Tue Dec 2 02:36:51 2003 Subject: how to integrate samba 2.2.2 into a 2000 active directory domain Message-ID: <3BF434D2.BD7C09C@belfast.parthus.com> Hi, I have compiled samba 2.2.2 and enable pam and winbind for solaris 2.8 and configured samba as a member sever, but I am still having problems authenticating windows users against the samba shares. It appears that if the user has a unix account they appear to be able to access the resources but otherwise authentication fails. I would prefer not to create unix accounts for the pc users as I thought would be the case if samba was authenticating against a domain controller. PS pwdump.exe does not work with active directory servers is there any other way of obtaining usernames and uid from a win2k active directory server. sample of the relevant settings below workgroup = domname security = domain encrypt passwords = yes domain master = false domain logons = No password server = DC1 DC2 wins server = dc1 wins support = false From samba at nebula-sa.com.ar Thu Nov 15 12:43:20 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:51 2003 Subject: browser issue? hacking issue? HHEELLPP!!! References: <3BF4227A.9D3B5014@slu.edu> Message-ID: <006201c16e15$fd729cc0$1a3ca8ac@jusbaires.gov.ar> Tony: maybe you can put a 3 or 4 log level.. and separate the logs by machine?? to identify wich IP and machine netbios name is triying to connect.. i honestly with a quick view say that maybe could be a virus like nimba to try to connect with nobody user... ----- Original Message ----- From: "Tony Ricker" To: "Samba NT-Dom" Sent: Thursday, November 15, 2001 5:15 PM Subject: browser issue? hacking issue? HHEELLPP!!! > > All, > I have a question that I think I narrowed down the the issue, but > still have not seen the answer. In the logs, I see the following.... > > Snip..... > Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid > user nobody > Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid > user nobody > Oct 29 18:44:59 sifl smbd[8814]: authorise_login: rejected invalid > user nobody > Oct 29 18:44:59 sifl smbd[8814]: authorise_login: rejected invalid > user nobody > Oct 29 18:56:59 sifl smbd[8817]: authorise_login: rejected invalid > user nobody > Oct 29 18:56:59 sifl smbd[8817]: authorise_login: rejected invalid > user nobody > .....End snip > > Know that this happens pretty much every hour of every day, with some > thrown in at odd times. Notice that these are 12 minutes apart, which > had me wondering. After looking > into it, I found out that every 12 minutes a master browser will send a > server announcement every 12 minutes for (3) 12 minute periods. Thinking > harder... But I still have no > ideas as to what the user nobody is trying to authenticate. In ny > smb.conf (2.2.2 on Redhat 7.1) here is the relative info.... > > preferred master=yes > master browser=yes > local master=yes > domain master=yes > domain logons=yes > > Anyone have this issue before? If so, any ideas as to what is happening? > I my research, I have found (correct if I am wrong) that the user nobody > is used if a user does no > authenticate correctly, and samba will try and use the nobody account, > also if a share is double clicked in network 'hood, it will try and > authenticate using the user nobody. I > am at a lost as to what is happening and could use any and all > help/damnations. If anyone needs more info, please let me know. > > Cheers, > > Tony > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > > > -- > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > > > > From cannon at purdue.edu Thu Nov 15 13:01:11 2001 From: cannon at purdue.edu (Mike R. Cannon) Date: Tue Dec 2 02:36:51 2003 Subject: smbtorture help needed - testing file servers Message-ID: <3BF42CFF.FD56A28E@purdue.edu> Any thoughts on a better way to do comparative file system test would be appreciated? Or a better place to post question with regards to that. I am trying to run smbtorture to compare: NT 4.0 2000 Linux SAMBA a propritary NAS device I run the following command: ./smbtorture //testnt-18/data2 -N 16 -U mrcannon%passwd NBWNT And I get results back against a NT 4 server. Aginst the NAS and a 2000 server I get the following error repeatedly: [2001/11/15 15:47:33, 0] lib/util_sock.c:read_socket_with_timeout(296) read_socket_with_timeout: timeout read. read error = Connection reset by peer. testnt-18 rejected the negprot (code 0) I can mount the file system and run dbench but the servers only see that as a single connection. Any thoughts on why I am seeing the error, and is there anything I can do? Also when I run smbtorture with the "default" all tests, it will die on the "MAXFID" test. Thank you for your time in advance. -- Mike Cannon Infrastructure Systems Administrator Management Information Purdue University 1061 Freehafer Hall (FREH) West Lafayette, IN 47907-1061 office phone: 765.494.6357 office fax: 765.496.1380 email: cannon@purdue.edu From josephk at std.teradyne.com Thu Nov 15 13:08:15 2001 From: josephk at std.teradyne.com (Karyn Joseph) Date: Tue Dec 2 02:36:51 2003 Subject: compile errors on version 2.2.2 References: <5.1.0.14.2.20011115094631.0393a6d8@cyllene.uwa.edu.au> Message-ID: <3BF42EA0.2EFA1A31@std.teradyne.com> Thanks for the help. It turned out I was using a gcc that was compiled under 2.6. I was able to run it fine after installing gcc locally. Thanks again, Karyn Tim Villa wrote: > > It compiled cleanly on 2.8 for me, however you can download the binaries > (2.2.2 for 2.7) from http://www.sunfreeware.com/programlistsparc7.html#samba > > Tim > > At 02:39 PM 14/11/2001 -0800, Karyn Joseph wrote: > >Compiling samba 2.2.2 on Solaris 2.7 server I > >get the following errors: (These are not in > >sequence.) > > -- > Tim Villa, Network / Systems Administrator > Faculties of Economics & Commerce, Education and Law > The University of Western Australia > Phone: +61-8-9380-1796, Fax: +61-8-9380-1068 > Mail WWW -- ________________________________________________ Karyn Joseph EIT - Agoura, CA UNIX Administrator 818/874-6116 ________________________________________________ From greg at kwikfind.com Thu Nov 15 13:27:02 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:51 2003 Subject: is it possible to map root to a different user using username map? Message-ID: I was told that it is possible to map the samba root user account to a different account name and then be able to use this new name to join machines to a domain. Is this true? Specifically, if I setup the username map parameter and point it to a file that has the line: root = admin Will I be able to use the account admin to join machines to a domain? Thank you. Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From Aaron.Meyer at BakerHughes.com Thu Nov 15 14:00:40 2001 From: Aaron.Meyer at BakerHughes.com (Meyer, Aaron) Date: Tue Dec 2 02:36:51 2003 Subject: browser issue? hacking issue? HHEELLPP!!! Message-ID: <1F77B6E019F9D211826700805F15B5E70716C5E9@CENCOKISS01.bakerhughes.com> I'm talking out my ass here, but here it goes anyway. As I understand it there are certain connections that are made between smb systems that use the guest account. Like listing machines in the workgroup ( domain listing I think uses a validated user id, as long as the client is Samba, WinNT, or Win2000.) You might check your smb.conf there may be a line called "guest = nobody" or similar. Check if your Linux/Unix account for nobody exists. When you do a `testparm` it should output the entire taken-for-granted smb.conf look at this for the guest = xxx line. Make sure that user exists. Ok, there was my tw0 cents worth. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: Tony Ricker [mailto:rickera2@SLU.EDU] Sent: Thursday, November 15, 2001 2:16 PM To: Samba NT-Dom Subject: browser issue? hacking issue? HHEELLPP!!! All, I have a question that I think I narrowed down the the issue, but still have not seen the answer. In the logs, I see the following.... Snip..... Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid user nobody Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid user nobody Oct 29 18:44:59 sifl smbd[8814]: authorise_login: rejected invalid user nobody Oct 29 18:44:59 sifl smbd[8814]: authorise_login: rejected invalid user nobody Oct 29 18:56:59 sifl smbd[8817]: authorise_login: rejected invalid user nobody Oct 29 18:56:59 sifl smbd[8817]: authorise_login: rejected invalid user nobody .....End snip Know that this happens pretty much every hour of every day, with some thrown in at odd times. Notice that these are 12 minutes apart, which had me wondering. After looking into it, I found out that every 12 minutes a master browser will send a server announcement every 12 minutes for (3) 12 minute periods. Thinking harder... But I still have no ideas as to what the user nobody is trying to authenticate. In ny smb.conf (2.2.2 on Redhat 7.1) here is the relative info.... preferred master=yes master browser=yes local master=yes domain master=yes domain logons=yes Anyone have this issue before? If so, any ideas as to what is happening? I my research, I have found (correct if I am wrong) that the user nobody is used if a user does no authenticate correctly, and samba will try and use the nobody account, also if a share is double clicked in network 'hood, it will try and authenticate using the user nobody. I am at a lost as to what is happening and could use any and all help/damnations. If anyone needs more info, please let me know. Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From aoclarit at kiwi.dhs.org Thu Nov 15 16:22:03 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:51 2003 Subject: ttl values in WINS Message-ID: <015c01c16e34$b3707150$8c4331a2@Alex2000> I was wondering if someone knew where the SAMBA wins-server keeps all the ttl-counters for each NetBIOS name registration it allows. I know how to set the max wins ttl time but there must be a database somewhere (I thought in /proc but I cannot find anything) that keeps track of all the different machines and their individual ttl's. any ideas ? Alex From xiaowen at comstocksys.com Thu Nov 15 18:27:02 2001 From: xiaowen at comstocksys.com (Xiaowen Wu) Date: Tue Dec 2 02:36:51 2003 Subject: Samba: list user and group in Samba's PDC References: <3BF1B976.C6D9B891@lefthandnetworks.com> <3BF1BBB1.5FA9C66B@lefthandnetworks.com> Message-ID: <3BF479AF.30B9E49@comstocksys.com> Hello all, I'm using Samba 2.2.1 as PDC on a linux Redhat 7.1 I have setup the the Window NT client to join the domain, and login successfully. Everything works fine. but when I used the UserManager and tried to browse the list of user and group in the PDC machine, the NT return the following error Unable to browse the selected domain. because the following error occurred. The tag is invalid I have no idea how to fix this problem, or anything wrong with my smb.conf file, any comments and suggestions are appreciated Thank you. Xiaowen From cr at neuro.ma.uni-heidelberg.de Fri Nov 16 01:11:15 2001 From: cr at neuro.ma.uni-heidelberg.de (Chr. Rossmanith) Date: Tue Dec 2 02:36:51 2003 Subject: Win2K client / Samba 2.2.2 server References: <3BF3F3B0.D3FE5F3D@neuro.ma.uni-heidelberg.de> <20011115170907.A3771@gobey.ird.idealx.com> Message-ID: <3BF4EABC.542311FA@neuro.ma.uni-heidelberg.de> Olivier Lemaire wrote: > > I've installed samba-2.2.2 and configured the server to act as an PDC. > > Well, nearly every thing: I'd like a Windows 2000 Professional > > workstation (SP2) to join the domain as well. But if I configure the > > network setup and choose our domain instead of the default workgroup I > > get the error message: > > "Domain does not exist or no connection could be established." > > A ping to the PDC from the w2k workstation is successful. > > This registry key (gathered from the Samba-tng lists) is needed for > Windows 2000 and XP clients to join and logon to a Samba domain : > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters > "RequireSignOrSeal"=dword:00000000 > > You can change this in the Local or Domain policy editor in Windows 2000. I'm not a Windows expert...are the policy editors and the registration editor the same thing? In the registry I find an entry like the one above - the only difference are some upper/lower case letters (Netlogon\Parameters\requiresignorseal). Does case matter??? Christina Rossmanith From npy at mailhost.net Fri Nov 16 03:42:50 2001 From: npy at mailhost.net (Ng Pek Yong) Date: Tue Dec 2 02:36:51 2003 Subject: Samba, Win2K, Network path not found Message-ID: Hi, I have tried to get my Win2K to access my Linux Samba server without success. The error message I am getting is "Network Path not found". Below are the details: 1. The Win2K is actually a guest OS running on VMWare-2.0.4. The host OS is a RedHat 7.2. VMware uses samba-2.0.6. 2. The config file was based on a working sample, off another VMWare machine. Its host OS was RedHat 7.2 again, but its Guest OS was Win98. The configuration allowed the Win98 to access Linux file system through network drives. The config file has been working for more than a year (under RH6.2, RH7.1) already. Some other things I have confirmed along the way: 3. the Win2K's network was fine. I was able to ping, do DNS query, do HTTP etc through the Win2K guest OS. 4. ipchains on RedHat is not the issue; turning off the FW doesn't make the problem go away. 5. testing the Linux Samba server using 'smbclient' shows that it is responding correctly, i.e. I am able to view, access the resources. It seems like the problem is on the Win2K end. On the Win2K end, this is what I have done: 6. I use static IP (not DHCP), DNS, gateway. It is working fine (see point 3) I did not configure WINS on Win2K though; I believe I do not need them as there are only 2 host involved and they are in the same subnet. I have also not configured LMhost etc. Is this a problem? 7. I have set up a workgroup (not domain) and have set up a user with the same passwd as on the Linux smaba end. Observations: 8. When I tried to discover the network resource made available to the Win2K (through GUI and command prompt), it gave me either of the following: 8.1 The Linux samba server appeared, after some considerable delays. But when I double clicked on the icon, it returned with a "Network path not found" errmsg. 8.2 The Linux samba server never appear at all. All I have is the local win2K icon. Any ideas what has gone wrong? Thanks, -PY Here's the config file smb.conf ------------------------------- ; ; Configuration file for Samba 2.0.6 vmware-[sn]mbd operating on vmnet1. ; ; This file was automatically generated by the VMware configuration program. ; If you modify it, it will be backed up the next time you run the ; configuration program. ; ; Global settings [global] ; ; Identity ; ; Allow several Samba servers on different subnet without conflicts socket address = 192.168.253.1 interfaces = 192.168.253.0/255.255.255.0 interfaces = 127.0.0.0/255.0.0.0 bind interfaces only = yes ;debug level = 3 ;log file = /var/log/vm-smb ; Workgroup the host belongs to workgroup = VM ; SMB name of the host (the hostname by default) ; netbios name = ; Description of the host server string = VMware host - RW ; ; Access ; ; Allow connections from ; Beware: if we use this directive, smbd will try to do a reverse resolution ; of the guest IP. If the host is disconnected from the network and uses ; named, that reverse resolution will take a long time, and the smb client ; (the guest) will give up waiting for a smb reply before the reverse ; resolution timeout occurs :( ; Because it doesn't add any real security, we don't use this --hpreg ; hosts allow = 192.168.255.0/255.255.255.0 ; Authentication scheme security = user encrypt passwords = yes ; ; Options ; ; Automatically load the printer list (from /etc/printcap by default) load printers = yes ; Gives better performance socket options = TCP_NODELAY ; VMware extension to use a different shared memory access key on each ; Samba server running on this host sysv shm key = /dev/vmnet1 ; ; Files and directories ; ; Debug log for _both_ daemons log file = /etc/vmware/vmnet1/smb/var/log.smb log level = 5 ; Max log size in KB ; max log size = 50 ; Locks lock directory = /etc/vmware/vmnet1/smb/var/locks ; SMB passwords smb passwd file = /etc/vmware/vmnet1/smb/private/smbpasswd ; VMware extension to use codepages in a different directory codepage dir = /usr/lib/vmware/smb/codepages ; ; Name browsing ; ; Allow the host to participate in master browser elections ; domain master = no local master = yes ; Force a local browser election upon startup ; We need that otherwise it takes a long time before the windows network is ; browsable preferred master = yes ; Do not try to resolve SMB names via DNS dns proxy = no ; ; Shared resources ; ; Home directories [homes] comment = Home directories browseable = yes writable = yes ; Printers ;[printers] ; comment = All printers ; path = /var/spool/lpd ; browseable = no ; guest ok = no ; writable = no ; printable = yes [HostFS] comment = VMware host filesystem path = / public = no writeable = yes printable = no [proxy] comment = Proxy printer path = /var/spool/lpd/proxy browseable = yes guest ok = no writable = no printable = yes -------------------------------------------------- From bgmilne at cae.co.za Fri Nov 16 03:44:58 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:51 2003 Subject: Samba 2.2.2. Home & Shared Directories Unable to access Sub-Directories Message-ID: <3BF4F3A9.6060003@cae.co.za> Have you checked the ownership of the sub directories. Note that to be able to access/read a directory, you need rx, and since yours are rwxrwxr--, if the user does not own the files, or is not a member of the group that owns the files, this is the message you should receive. To ensure that the correct group owns the files created in a shared share, you might want to chmod g+w the top directory, and chgrp all the files, or set "force group = +" and look at the create mask and related options. Buchan Running samba-2.2.2 on Mandrake 8.0 (PDC), 2* samba-2.2.2 on Mandrake 8.1 member server, samba-2.2.1a on Mandrake 8.0 member server. >I seem to have a problem (Samba 2.2.2 on Mandrake 8.1) when I create >sub-directories in shared directories from windows explorer or on the SAMB >box via webmin I find that when I then try to interrogate the new >sub-directory via windows I get a message :- >\\SERVER\xxxxxx\new refers to a location that >is unavailable. It could be >on a hard drive on this computer, on a network, or on a different computer >on your home network. Check to make sure that the disk is properly inserted, >or that you are connected to the internet or home network, and then try >again. If it still cannot be located, the information might have been moved >to a different location. > >I have checked all the permissions and they all look ok they are inherited >from above as rwx rwx r-- >so that should be OK. > >Has anyone got any ideas as to what might be going on??? > >I don't know if it is related, but I am running system as a PDC and the >users seem to log on OK as we see only the relevant users home directory, >but again the .profile sub-directory in the users home also gives the same >response as above and to date we have been unable to get the machine to >store roaming profiles I guess because the directory is not accessible. > >HELP > >Peter > -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From jacek at mer.chemia.polsl.gliwice.pl Fri Nov 16 06:25:01 2001 From: jacek at mer.chemia.polsl.gliwice.pl (Jacek Stolarczyk) Date: Tue Dec 2 02:36:51 2003 Subject: Setting default printer Message-ID: Hi, I have Samba-2.2.1a acting as a PDC and on WinNT 4.0 SP6a I cannot set the printer as default. This is a network printer hosted by the PDC server itself. It installed on client machine correclty ("Installation succesfully completed"), but I cannot set this printer (which is the only one installed on this client machine so far) as default. The Printers folder show the printer (HP LJ2100 TN) without small black mark and the check mark for "Default printer" in RMB menu is: - shown when I'm logged as local Administrator on the client machine - not shown when I'm logged as any domain user (even any user belonging to the Domain Admins group as written in smb.conf file) Such behaviour confuses many applications (like Adobe Acrobat Reader, but MSOffice works) which does not allow me to print anything advising to "Set the default printer in the Control Panel". How can I solve this? Manual settings in registry would be fine as well ;-) Best wishes, Jacek Stolarczyk -- PhD-student in physical chemistry Silesian University of Technology Gliwice, Poland From oenustech at oenus.com Fri Nov 16 11:53:03 2001 From: oenustech at oenus.com (oenustech@oenus.com) Date: Tue Dec 2 02:36:51 2003 Subject: ACL half-working on win2k; can't add users In-Reply-To: <003601c16d54$63753270$1301a8c0@aries> Message-ID: you probably need to remompile samba in order to support ACL. On Wed, 14 Nov 2001, Ofer Nave wrote: > Background: > > I have a Red Hat 7.2 linux server with an ext3 partition being used as an > ext2 partition. I used the stock 2.4.14 kernel, applied the EA/ACL patches > (acl.bestbits.at), and installed it. I can use getfacl and setfacl to get > and set all the advanced features of ACL. > > I have the samba 2.2.1a package that came default with RH 7.2 modified to > act as a PDC. > > I have a Windows 2000 workstation logging into the linux server with roaming > profiles and mounting several shares, including the user's home share. > Everything is working well so far. If you right-click on a file and choose > the security tabs, you can see the permissions, and you can even modify the > owner, group, and other permissions (the standard unix permissions) and save > them. > > The Problem: > > Assume I'm logged in to the windows machine as Joe. Assume there's another > user in the domain named Jane. If I right-click on a file I own and try to > add Jane in the security tab so that I can grant her write privileges on the > file, i get the error message 'Unable to save permission changes'. > > So, basically, I can modify standard unix permissions from Windows 2000, but > I can't use the advanced ACL features. Any ideas? > > -Ofer Nave > 310.721.2658 > Chang Industry, Inc. > http://www.changind.com/ > > > From ofer at changind.com Fri Nov 16 17:59:06 2001 From: ofer at changind.com (Ofer Nave) Date: Tue Dec 2 02:36:52 2003 Subject: Win2000 SP2 & Samba 2.2.2 "There is no user session key for the specified logon session." In-Reply-To: <3BF306B8.CC94DB96@analexphoenix.com> Message-ID: <006f01c16ef5$b9d52100$1301a8c0@aries> Well, I used Red Hat's samba 2.2.1a rpm, along with the included conf file, and it worked for me. It never hurts to use redhat's stuff (they have some useful patches), and you can compare conf files to see what might be wrong. Also, if you open up a samba distribution, look for the file: \samba-2.2.2\docs\htmldocs\Samba-PDC-HOWTO.html Read this carefully to understand how to setup accounts for users and machines. -Ofer -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Garrett Ellis Sent: Wednesday, November 14, 2001 4:05 PM To: Samba Domain Controller Subject: Win2000 SP2 & Samba 2.2.2 "There is no user session key for the specified logon session." Hello, everyone. I've been trying this for days now; and I am close to the point of giving up. Any help I can get would be greatly appreciated. Description of the problem follows: I am trying to configure Samba 2.2.2 (compiled from source) as a PDC for Win2000 clients. Here is my config file. It looks exactly like the example that comes with the tarball; this is because after rewriting smb.conf ~50 times I decided to use a clone of the example just in case I really am missing something. [global] workgroup=SAMBA domain logons=yes domain master=yes local master=yes preferred master=yes os level=65 encrypt passwords=yes security=user null passwords=yes logon drive = H: logon home = \\PDC\%u logon path = \\%N\profiles\%u log file=/usr/local/samba/var/%m.log log level=2 [netlogon] path=/usr/local/samba/lib/netlogon writeable=no write list=ntadmin [profiles] path=/usr/local/samba/lib/profiles writeable = yes create mask = 0600 directory mask = 0700 After compiling 2.2.2, (no special ./configure options, just stock default), I created the above conf file. /usr/local/samba/lib/smb.conf. Then I : * touch /usr/local/samba/private/smbpasswd * smbpasswd -a root (password given for root, root successfully added to smbpasswd) * groupadd machines useradd -g machines -d /dev/null -s /bin/false BOX$ * smbpasswd -a -m BOX (pressed enter twice for the machine password, successfully added) * smbpasswd -a gellis (entered a password for me, gellis is also my linux username when not root, successfully added to smbpasswd) I have two Windows 2000 workstations that I am trying to join to this new domain called "SAMBA". One is running SP-1, the other runs SP-2. When I attempt to add a computer to the domain "SAMBA", it immediately prompts me for a username and password, so I enter: root (root's password as given to smbpasswd) I then receive the error message: "There is no user session key for the specified logon session." I've been getting this error message for days now; and I've tried the following versions of Samba: 2.2.0 (There is no user session key for the specified logon session.) 2.2.1 (There is no user session key for the specified logon session.) 2.2.1a (There is no user session key for the specified logon session.) 2.2.2 (There is no user session key for the specified logon session.) 2.2.3-pre (cvs) (There is no user session key for the specified logon session.) Samba-tng 2.6 (Successfully joined a domain; but TNG has no support for domain admins according to the manpages, so it is entirely useless to me until it can support domain administrators.) So, I thought I would be smart and search support.microsoft.com for that error message. Well, not atypical of Microsoft, their support site is absolutely useless, so I've taken to searching google and samba web pages. It seems that nobody has had this error, and if they have, they haven't posted anything about it. I will now attempt to answer some base configuration questions that I will likely be receiving: My Linux (PDC to be) Machine Debian Linux 2.2r3 Static Kernel 2.4.12 Samba 2.2.2 (currently), installed in /usr/local/samba/. Samba was compiled from source with no special options. My two Windows boxes run SP1 on one and SP2 on the other. I have administrative accounts on the machines. One of these machines has just been reinstalled and still gives me the same error; so I am confident the error is not caused by a corrupt 2000 installation. Does anyone have any suggestions? I would really like to make this work. I see so many people on this list successfully joining W2K machines to domains and I know this can work; I just want to know how! :) Thanks, Garrett Ellis -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf.example Type: application/octet-stream Size: 1103 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011116/609ad06e/smb.conf.obj From ofer at changind.com Fri Nov 16 18:00:00 2001 From: ofer at changind.com (Ofer Nave) Date: Tue Dec 2 02:36:52 2003 Subject: ACL half-working on win2k; can't add users In-Reply-To: <003601c16d54$63753270$1301a8c0@aries> Message-ID: <007301c16ef7$484abe80$1301a8c0@aries> I managed to figure out the problem. In case anyone is interested, I had not noticed that samba must be configured with --with-acl-support before being built (don't forget to compile/install the ACL utilities and run ldconfig so the libacl is available). I would have noticed it quicker if I hadn't used the pre-built redhat rpm. So i got the source rpm instead, added the configure option, and rebuilt the rpm, installed, restarted smb, and it works now. -Ofer -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ofer Nave Sent: Wednesday, November 14, 2001 1:36 PM To: samba-ntdom@lists.samba.org Subject: ACL half-working on win2k; can't add users Background: I have a Red Hat 7.2 linux server with an ext3 partition being used as an ext2 partition. I used the stock 2.4.14 kernel, applied the EA/ACL patches (acl.bestbits.at), and installed it. I can use getfacl and setfacl to get and set all the advanced features of ACL. I have the samba 2.2.1a package that came default with RH 7.2 modified to act as a PDC. I have a Windows 2000 workstation logging into the linux server with roaming profiles and mounting several shares, including the user's home share. Everything is working well so far. If you right-click on a file and choose the security tabs, you can see the permissions, and you can even modify the owner, group, and other permissions (the standard unix permissions) and save them. The Problem: Assume I'm logged in to the windows machine as Joe. Assume there's another user in the domain named Jane. If I right-click on a file I own and try to add Jane in the security tab so that I can grant her write privileges on the file, i get the error message 'Unable to save permission changes'. So, basically, I can modify standard unix permissions from Windows 2000, but I can't use the advanced ACL features. Any ideas? -Ofer Nave 310.721.2658 Chang Industry, Inc. http://www.changind.com/ From jnaughto at ee.ryerson.ca Fri Nov 16 18:00:27 2001 From: jnaughto at ee.ryerson.ca (Jason Naughton) Date: Tue Dec 2 02:36:52 2003 Subject: Unix Passwords only... Message-ID: Hi all, I've setup samba on my unix server to be a PDC for an NT4 workstation. I've added the entries in /etc/passwd and /usr/local/samba/private/smbpasswd. I can now login fine under NT4. Only one problem though I don't want 2 seperate passwords Unix/windows. Is there any way of just using my unix passwords? I really don't care whether or not the NT users can change their passwords under NT. I can simply tell them to connect to a unix workstation to change their passwords. Cheers Jason -- | Jason Naughton, B. Eng, M.E. Sc., P.Eng | email: jnaughto@ee.ryerson.ca | | Lead Engineer, | Office: (416)-979-5000 x7168 | | Department of Electrical Engineering, | FAX: (416)-979-5280 | | Ryerson Polytechnic University | Home: (905)-839-8161 | From FreeEmailSoftware1 at yahoo.com Fri Nov 16 18:45:03 2001 From: FreeEmailSoftware1 at yahoo.com (FreeEmailSoftware1@yahoo.com) Date: Tue Dec 2 02:36:52 2003 Subject: >>>ADVERTISE TO 11,295,000 PEOPLE FREE! Message-ID: <3791856948.991306994491@m0.net Received: from dialup-62.215.274.4.dial1.stamford ([62.215.274.4] > Dear samba-ntdom@samba.org, Would you like to send an Email Advertisement to OVER 11 MILLION PEOPLE DAILY for FREE? 1) Let's say you... Sell a $24.95 PRODUCT or SERVICE. 2) Let's say you... Broadcast Email to only 500,000 PEOPLE. 3) Let's say you... Receive JUST 1 ORDER for EVERY 2,500 EMAILS. CALCULATION OF YOUR EARNINGS BASED ON THE ABOVE STATISTICS: [Day 1]: $4,990 [Week 1]: $34,930 [Month 1]: $139,720 NOTE: (If you do not already have a product or service to sell, we can supply you with one). ========================================================= To find out more information, Do not respond by email. Instead, please visit our web site at: http://www.bigcashtoday.com/package1.htm List Removal Instructions: We hope you enjoyed receiving this message. However, if you'd rather not receive future e-mails of this sort from Internet Specialists, send an email to freeemailsoftware3@yahoo.com and type "remove" in the "subject" line and you will be removed from any future mailings. We hope you have a great day! Internet Specialists From grobe at gmx.net Sat Nov 17 01:50:03 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:52 2003 Subject: Unix Passwords only... References: Message-ID: <3BF640F2.C9333E8A@gmx.net> Hi Jason! Jason Naughton wrote: > /usr/local/samba/private/smbpasswd. I can now login fine under NT4. Only > one problem though I don't want 2 seperate passwords Unix/windows. Is > there any way of just using my unix passwords? AFAIK you'd have to disable password encryption. That not the best solution... so what I do here is just the opposite: I use only the smbpasswd-database for passwords. While this FILE must be protected, I at least don't have clear-text passwords on the net. I do this with pam_smb, and everything our users need (e.g. netatalk) authenticates against pam_smb (so against our samba pdc). The bad thing is that at the moment I am not able to configure password changing via pam_smb (this only works from our Windows-clients so far which can "directly" use samba/smbpasswd without pam). CU, Lars. From awilliam at whitemice.org Sat Nov 17 05:55:02 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:52 2003 Subject: Unix Passwords only... In-Reply-To: References: Message-ID: <1006005252.5073.0.camel@estate1.whitemice.org> > I've setup samba on my unix server to be a PDC for an NT4 > workstation. I've added the entries in /etc/passwd and > /usr/local/samba/private/smbpasswd. I can now login fine under NT4. Only > one problem though I don't want 2 seperate passwords Unix/windows. Is > there any way of just using my unix passwords? I really don't care No, you must have NT passwords in order to be a PDC. This is very clearly documented. From awilliam at whitemice.org Sat Nov 17 06:44:04 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:52 2003 Subject: Setting default printer In-Reply-To: References: Message-ID: <1006008195.5121.4.camel@estate1.whitemice.org> >I have Samba-2.2.1a acting as a PDC and on WinNT 4.0 SP6a I cannot set the >printer as default. This is a network printer hosted by the PDC server >itself. It installed on client machine correclty ("Installation >succesfully completed"), but I cannot set this printer (which is the only >one installed on this client machine so far) as default. The Printers >folder show the printer (HP LJ2100 TN) without small black mark and the >check mark for "Default printer" in RMB menu is: >- shown when I'm logged as local Administrator on the client machine >- not shown when I'm logged as any domain user (even any user belonging to >the Domain Admins group as written in smb.conf file) >Such behaviour confuses many applications (like Adobe Acrobat Reader, but >MSOffice works) which does not allow me to print anything advising to "Set >the default printer in the Control Panel". We do the following in a users login script to select a default printer for them. rundll32 printui.dll,PrintUIEntry /y /n "\\barbel\actps" From bolke at xs4all.nl Sat Nov 17 08:19:02 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:52 2003 Subject: Unix Passwords only... In-Reply-To: Message-ID: use: unix passwd sync = yes passwd chat = XXXX (for XXXX see docs) if you change your pass from windows the unix account will be adjusted; not the other way around no PAM is necessary. Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Jason Naughton Verzonden: zaterdag 17 november 2001 0:41 Aan: samba-ntdom@lists.samba.org Onderwerp: Unix Passwords only... Hi all, I've setup samba on my unix server to be a PDC for an NT4 workstation. I've added the entries in /etc/passwd and /usr/local/samba/private/smbpasswd. I can now login fine under NT4. Only one problem though I don't want 2 seperate passwords Unix/windows. Is there any way of just using my unix passwords? I really don't care whether or not the NT users can change their passwords under NT. I can simply tell them to connect to a unix workstation to change their passwords. Cheers Jason -- | Jason Naughton, B. Eng, M.E. Sc., P.Eng | email: jnaughto@ee.ryerson.ca | | Lead Engineer, | Office: (416)-979-5000 x7168 | | Department of Electrical Engineering, | FAX: (416)-979-5280 | | Ryerson Polytechnic University | Home: (905)-839-8161 | From samba at denverdata.com Sun Nov 18 11:24:38 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:52 2003 Subject: Win2000 SP2 & Samba 2.2.2 "There is no user session key for the specified logon session." In-Reply-To: <006f01c16ef5$b9d52100$1301a8c0@aries> Message-ID: Hmmm, this is an interesting message...a couple of questions. First, on the client side: How do you logon to the Win2K client? As a local admin? Are you perhaps allowing the bypass of the Win2K logon window (there's a check box on one of the My Computer, Properties tabs to allow/disallow this)? Server side: What, if any, log messages is samba generating when you attempt to logon? What messages are showing up in log.nmbd? Is your samba machine actually winning the windows elections and acting as a PDC (try "smbclient -L ")? Also, in your smb.conf, I don't see a netbios name setting. I don't know if this is good or bad, I just expected to see it. Running testparm will tell you what the default name is. HTH, Doug From oliver at methfessel.net Sun Nov 18 11:48:03 2001 From: oliver at methfessel.net (Oliver Methfessel) Date: Tue Dec 2 02:36:52 2003 Subject: Printing from Linux-Box on Printer connected to WinNT4 Server Message-ID: <003101c17069$ff00bd00$6300a8c0@oliver> HI There, I have a small LAN here at home. As a server I have got a Windows NT4 Box, as Clients I have seom Win95 /98 Boxes and for some weeks now a Suse 7.0 Box. Everything is working fine. Except one thing: I can't print on my Printer (Hp DJ 820Cxi) which is connected at the server. With the Windows-Clients it is no problem, but with the linuxbox I am not able to print. I have joined succesfully the domain called "methfessel" and installed the printer like desribed in the docs from sdb.suse.de When I want to test the configuratoin by typing lpr -Premote test.txt he tells me bash-2.04# lpr -Premote test.txt lpr: connect: Verbindungsaufbau abgelehnt (: connection refused) jobs queued, but cannot start daemon For Information: I named the forwarding queue remote (in apsfilter, generated with lprsetup) I can access all the other shares on the server, also the printer named "hp" (with smbclient) Any Sugestions how to solve that problem??? Thx. Oliver From andrew at cpplating.com.au Sun Nov 18 16:07:02 2001 From: andrew at cpplating.com.au (Andrew R Reid) Date: Tue Dec 2 02:36:52 2003 Subject: problems logging into samba domain Message-ID: I was hoping someone might be a ble to help me with a small problem. One of my workstations will no longer log into my samba server. It was working fine until yesterday when some software was installed on it. The software has been removed. The problem hovever hasn't been fixed. My client is a windows ME machine. My server is Samba 2.0.6 running on a heavily modified Red Hat 6.2 (kernal version 2.2.14) I know I should update my Samba and Kernal versions, but why do it if it ain't broke (well it is now). The offending piece of software was the X10 webcam "X-Ray Vision client" software. I don't know what Gethostbyaddr function is, but I presume it has something to do with hostname resolution. (I have read the man page, but it is a little above me) I am assuming that the offending software has somehow modified the registry settings of the client so that it can no longer be looked up by my samba server. However, I can ping, nslookup and nmblookup chrome and it resolves o.k. (192.168.1.4) Any help would be very much appreciated. Well done to the Samba team for there excellent work. The accolades just keep rolling in! Regards, -- Andrew Reid C P Plating Pty Ltd Technical Sales Manager P O Box 1335 --------- /--- /---/ C P Plating Pty Ltd 222a Macathur Ave ------- / / / Mob: +61 4 1474 9943 EAGLE FARM 4009 ----- / /---/ Direct: +61 7 3260 3260 AUSTRALIA --- | / e-mail: sales@cpplating.com.au Phn: +61 7 3268 3044 -- \--- . / . andrew@cpplating.com.au Fax: +61 7 3268 3433 -------------- next part -------------- [2001/11/19 09:13:30, 1] lib/util_sock.c:client_name(997) Gethostbyaddr failed for 192.168.1.4 [2001/11/19 09:18:01, 1] lib/util_sock.c:client_name(997) Gethostbyaddr failed for 192.168.1.4 [2001/11/19 09:28:12, 1] lib/util_sock.c:client_name(997) Gethostbyaddr failed for 192.168.1.4 [2001/11/19 09:38:22, 1] lib/util_sock.c:client_name(997) Gethostbyaddr failed for 192.168.1.4 [2001/11/19 09:40:54, 1] lib/util_sock.c:client_name(997) Gethostbyaddr failed for 192.168.1.4 -------------- next part -------------- [2001/11/19 09:38:22, 0] lib/util_sock.c:write_socket(563) write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe [2001/11/19 09:38:22, 0] lib/util_sock.c:send_smb(751) Error writing 4 bytes to client. -1. Exiting [2001/11/19 09:40:54, 0] lib/util_sock.c:write_socket_data(537) write_socket_data: write failure. Error = Broken pipe [2001/11/19 09:40:54, 0] lib/util_sock.c:write_socket(563) write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe [2001/11/19 09:40:54, 0] lib/util_sock.c:send_smb(751) Error writing 4 bytes to client. -1. Exiting From jbeauchamp7 at mindspring.com Sun Nov 18 16:56:21 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:36:52 2003 Subject: problems logging into samba domain References: Message-ID: <000f01c17092$0624dda0$1401a8c0@easypea.com> Andrew: It may be as simple as the software having overwritten the DNS server information on the WIn ME client. If DNS info is provided by DHCP, then you might just try using ipconfig orwhatever on ME to renew the lease and see if that works. Or another possibility might be that somehow the host name has changed?? Just a thought. James > I was hoping someone might be a ble to help me with a small problem. > > One of my workstations will no longer log into my samba server. It was > working fine until yesterday when some software was installed on it. > > The software has been removed. The problem hovever hasn't been fixed. > > My client is a windows ME machine. > > My server is Samba 2.0.6 running on a heavily modified Red Hat 6.2 (kernal > version 2.2.14) > > I know I should update my Samba and Kernal versions, but why do it if it > ain't broke (well it is now). > > The offending piece of software was the X10 webcam "X-Ray Vision > client" software. > > I don't know what Gethostbyaddr function is, but I presume it has > something to do with hostname resolution. (I have read the man page, but > it is a little above me) > > I am assuming that the offending software has somehow modified the > registry settings of the client so that it can no longer be looked up by > my samba server. However, I can ping, nslookup and nmblookup chrome and > it resolves o.k. (192.168.1.4) > > Any help would be very much appreciated. > > Well done to the Samba team for there excellent work. The accolades just > keep rolling in! > > Regards, > > -- > Andrew Reid C P Plating Pty Ltd > Technical Sales Manager P O Box 1335 --------- /--- /---/ > C P Plating Pty Ltd 222a Macathur Ave ------- / / / > Mob: +61 4 1474 9943 EAGLE FARM 4009 ----- / /---/ > Direct: +61 7 3260 3260 AUSTRALIA --- | / > e-mail: sales@cpplating.com.au Phn: +61 7 3268 3044 -- \--- . / . > andrew@cpplating.com.au Fax: +61 7 3268 3433 > From pcaritj at riovia.net Sun Nov 18 17:28:02 2001 From: pcaritj at riovia.net (Paul J. Caritj) Date: Tue Dec 2 02:36:52 2003 Subject: System Specs Message-ID: Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2198 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011118/5ba30f8a/smime.bin From damed92 at hotmail.com Sun Nov 18 18:55:03 2001 From: damed92 at hotmail.com (Ed Dam) Date: Tue Dec 2 02:36:52 2003 Subject: SWAT Message-ID: Hello... I am a redhat 6.2 user. I have recently took the plunge to redhat 7.2. All is well.. EXCEPT I can't access swat from anywhere. The only management station I want to access it from is 192.168.0.1 so, my hosts.allow has: swat:192.168.0.1 in it. I changed disable = yes to disable = no in /etc/xinetd.d/swat But I still can't access it. HELP PLEASE!!! -------------- next part -------------- HTML attachment scrubbed and removed From mike at digitalpipe.net Sun Nov 18 19:37:14 2001 From: mike at digitalpipe.net (Mike Papper) Date: Tue Dec 2 02:36:52 2003 Subject: Making Winbind Efficient for 15,000 users Message-ID: <00e101c170aa$d6190640$0401a8c0@pacbell.net> I am using the following components to monitor the set or users and groups (and what users are in what groups) for a given NT PDC: linux with nsswitch set to use winbind samba with smbd, nmbd and winbind (samba 2.2.2) C library system calls "getpwent" and "getgrent" which are similar to the linux commands "getent passwd" and "getent group". This allows me to get a list of all users, all groups and for each group, the set of users int hat group as seen by the host linux machine. Since the linux box is running winbind etc. the list of users on the system mirrors those in a given NT PDC box (which in our case is a real NT box). The problem occurs when there are, say 15,000 users and 250 groups. Each call to these functions takes a long time. In many cases logging in as root takes so long that we cannot login. I am relying on winbind to provide a list of users and groups through the linux system calls getpwent and getgrent. I am simulating the PDCs list of users and groups in a SQL database. So I need to keep the DB consistent with the PDC. To do this I have a C program that calls getpwent and getgrent every time a root user logs in (because the root user requires consistent up-to-date user-group info). Each time I do this it takes quite a while to come back to me - and I think were hitting the PDC quite hard too. To solve this problem I thought I would build an in-memory cache of the user/group DB and periodically calling getgrent (for a specific group instead of all groups) - possibly every 30 seconds or so - rather than getting the list of all users and groups at one time, I periodically poll for a single group (and its users). Instead of polling the PDC continously, it would be much more efficient to get events from the PDC when any of the user/group info was updated.What I would then need is a way to get "events" from the PDC that tell me when there is any of the following: 1) a user was added or removed from the system 2) a group was added or removed from the system 3) the set of users in a group changed Anyone know of a way to do this? I think this requires some functions that notify on these changes from the PDC. Since I know not very much how samba really works, I am wondering if: 1) someone can explain how smbd et al communicates with the PDC - really, I see 0 documentation on any of this 2) if there are samba API calls that do some sort of notify 3) if I can add new functions to linux to augment the getpwent/getgrent calls for this kind of notify mechainsm 4) or if the NT PDC keeps a version number around and chnages this number when the user/group status chnages - therby replacing the polling of users and groups with polling of the version number. 5) what if the linux box was setup as a BDC, would it autmatically get user/group updates from the PDC - and so hitting this BDC from winbind would be more efficient than going over the wire to the real PDC? ---------------------- Also, barring any of the above, I have another, simple polling strategy to keep my local user DB in sync with the PDC, heres what I do - I would love to get any criticism etc. about this methodology: 1) 1 process that calls "get all groups" every 20 mins or so - this takes a while 2) a process that calls "get all users in a given group" every 18 seconds? (or slower or faster) for a single group. Cycle through all the groups over a period of time. By polling groups I can cover all users and avoid having to get a list of all users (since there are many more users than groups). This assumes that every user belongs to at least one group. Ideally this kind of caching would be built into winbind...although I have no idea of how to investigate this or to modify its code or to submit changes. Mike Papper mike@bodaro.com 415-584-8449 From eirvine at tpgi.com.au Mon Nov 19 00:59:17 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:36:52 2003 Subject: System Specs References: Message-ID: <3BF8C979.26340DD0@tpgi.com.au> Hi Paul, It is a little difficult to say since you haven't told us what the clients are doing. However, as a datapoint, I served 30 Windows PC's (part of the network) doing office things and ran a proxy server for 150 computers (all of the network) on a 400 Mhz PIII Dell 2450 with 128 Mb of RAM and FreeBSD 3.5. CPU time rarely climbed above 15% and most of that seemed to be around the print spooling. Spend your money on something else - like a good backup system (or a trip to the Bahamas). Eddie From Daniel.Moeller at de.bosch.com Mon Nov 19 02:04:04 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:52 2003 Subject: AW: Help! Problem to authenticate NT users connecting Samba shar es Message-ID: <1121C3ABCA53C945B821A821CDD67F62F684AC@simail21.desi2.bosch.com> Skipped content of type multipart/alternativeFrom H.Kreiser at gsi.de Mon Nov 19 02:26:03 2001 From: H.Kreiser at gsi.de (Kreiser Dr.Helmut) Date: Tue Dec 2 02:36:52 2003 Subject: Winbind and Login Path Message-ID: Hi, i have a short question concerning the Login path for Users using winbind: When i use winbind for the normal login in Linux, what is than the login path of the users ( domain_name/user ? ) ? Is it possible, to change it, let us say to ddd/username ?? Thanks in advance Helmut Kreiser From H.Kreiser at gsi.de Mon Nov 19 02:29:02 2001 From: H.Kreiser at gsi.de (Kreiser Dr.Helmut) Date: Tue Dec 2 02:36:52 2003 Subject: RID and GID/UIC Table using winbind Message-ID: Hi, is it possible to build an own RID - GID/UIC database for using existing Win-Users and their Linux account ? Regards Helmut Kreiser From david.degouilles at wokup.com Mon Nov 19 03:14:25 2001 From: david.degouilles at wokup.com (David Degouilles) Date: Tue Dec 2 02:36:52 2003 Subject: winbind and NT domain not allowinf authentication Message-ID: Bonjour I'm testing winbind to allow NT domain users (my domain is WOKUP) loging in a unix station (hostname : david). At the login prompt, I'm entering my windows users (WOKUP\toto) and my domain password. All I can see is "creating home directory ..." and i'm logged out. What is happening ? Thanks for all clues. Sorry for my bad english. David ddeg@wokup.com in my /var/log/messages : Nov 16 17:22:19 david pam_winbind[3498]: user 'wokup\toto' granted acces Nov 16 17:22:19 david pam_winbind[3498]: user 'wokup\toto' granted acces Nov 16 17:22:19 david login(pam_unix)[3498]: session opened for user wokup\toto by (uid=0) Nov 16 17:22:19 david login[3498]: Permission denied my /etc/pam.d/login file #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional /lib/security/pam_console.so my /etc/pam.d/system-auth file #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Software versions : PDC : Windows NT 4.0 SP6 samba v2.2.2 Mandrake 8.1 From sckeat21 at yahoo.com Mon Nov 19 05:02:03 2001 From: sckeat21 at yahoo.com (soo chun keat) Date: Tue Dec 2 02:36:52 2003 Subject: how to change samba password from windows client Message-ID: <20011119130141.9122.qmail@web11207.mail.yahoo.com> I am using samba 2.0.6 but i fail to configure it as a PDC so How can i change the samba password for my win98 client. cksoo __________________________________________________ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com From rasmus.wiman at sami.se Mon Nov 19 05:52:04 2001 From: rasmus.wiman at sami.se (Rasmus Wiman) Date: Tue Dec 2 02:36:52 2003 Subject: Why are my users desktops writeprotected? Message-ID: <20011119145115.75b25e85.rasmus.wiman@sami.se> Hi all, I run a small domain with a Slackware 8.0 box and Samba 2.2.1a PDC and a bunch of Win2000 clients. Most part of this works fine, but whenever a user saves a file on the desktop it loses all privileges. To delete, overwrite, move or do anything else with the file requires the user to change the file proerties to allow reading, writing, deleting and whatever other privilege he/she needs. This is rather annoying. What's wrong? I suppose this is the interesting part of the common section of smb.conf: logon script = Labs.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\Profiles\%U logon home = \\%L\%U\.profiles logon drive= u: And here is the Profiles share: [Profiles] path = /usr/local/samba/profiles browseable = no guest ok = yes writable = yes create mask = 0600 directory mask = 0700 --------------------- Rasmus Wiman SAMI Labs First, they ignore you. Then they laugh at you. Then they fight you. Then you win. - Mahatma Gandhi. From timo.westerberg at myy.helia.fi Mon Nov 19 06:49:06 2001 From: timo.westerberg at myy.helia.fi (Timo Westerberg) Date: Tue Dec 2 02:36:53 2003 Subject: Samba 2.2.2 and LDAP Message-ID: Hello all, Where could I find a reasonable documentation about setting up LDAP with Samba 2.2.2. I have read several documents about LDAP and Samba-TNG, but as I have understood, LDAP is functional with Samba 2.2.2 also? Thanks for any help! Timo From awilliam at whitemice.org Mon Nov 19 07:08:02 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:53 2003 Subject: Samba 2.2.2 and LDAP In-Reply-To: Message-ID: >Where could I find a reasonable documentation about setting up LDAP with >Samba 2.2.2. I have read several documents about LDAP and Samba-TNG, but as >I have understood, LDAP is functional with Samba 2.2.2 also? I give some examples in my LDAP presentation ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf It is really very simple. The hardest part is adding machine accounts, but I accomplish that with a PHP scripts. ldap root passwd = secret ldap root = cn=Manager,o=Morrison Industries,c=US ldap suffix = o=Morrison Industries, c=US ldap port = 389 ldap server = littleboy add user script = /usr/local/bin/php -f /etc/samba/add_machine_account.php %u $LDAPSERVER="littleboy"; $LDAPBASE="o=Morrison Industries,c=US"; $MACHINE=trim($argv[1]); $ds=ldap_connect($LDAPSERVER); $r=ldap_bind($ds, "cn=Manager, o=Morrison Industries, c=US", "{*password*}"); $dn = "uid=$MACHINE,ou=System Accounts,o=Morrison Industries,c=US"; $new_object["objectclass"][0] = "top"; $new_object["objectclass"][1] = "account"; $new_object["objectclass"][2] = "posixAccount"; $new_object["uidnumber"][0] = ldap_next_uid($ds, $r); $new_object["uid"][0] = $MACHINE; $new_object["cn"][0] = $MACHINE; $new_object["gidnumber"][0] = 99; $new_object["homeDirectory"][0] = "/dev/null"; $new_object["loginShell"][0] = "/bin/false"; $new_object["gecos"][0] = "Machine Account"; $new_object["description"][0] = "Machine Account"; ldap_add($ds, $dn, $new_object); ldap_close($ds); You have to create an ldap_next_uid for coming up with a unique uidnumber -- ----------------------------------------------------------- Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS ----------------------------------------------------------- From amoote at fpelectronics.com Mon Nov 19 07:26:35 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:53 2003 Subject: logon script stopped running - common problem? Message-ID: Until this morning I had logons scripts running fine on Win2K workstations. Luckily this server is not in full swing or I would have alot of angry users this morning. ;) As you will see, I am calling in separate confs based on the departments which are defined as aliases. Each department has it's own primary group which correspond to the netbios aliases. I know it sounds a tad confusing, and I'm open for suggestions in simplifying it. ;) Here are the systems specs and a clip from my confs: RedHat Linux 7.1 Samba 2.2.2 smb.conf [global] add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u netbios aliases = accounting infosys purchasing operations exec include = /etc/samba/smb.conf.%L max log size = 50 logon script = %G.bat encrypt passwords = yes local master = yes time server = yes domain logons = yes workgroup = ADMIN server string = Admin Server PDC (Samba %v) os level = 64 [netlogon] comment = The Domain Logon Service path = /samba/logon public = no browsable = no writable = no write list = @domadm smb.conf.purchasing [global] workgroup = ADMIN server string = Purchasing Group [homes] comment = Home Directories browsable = no writable = yes [data] comment = Shared Purchasing Data path = /samba/%L/data writable = yes valid users = @infosys @purchasing create mode = 0660 directory mode = 0770 Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From icoupeau at unav.es Mon Nov 19 08:40:04 2001 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:36:53 2003 Subject: Samba 2.2.2 and LDAP References: Message-ID: <3BF93207.9EF7F371@unav.es> Timo Westerberg wrote: > > Hello all, > > Where could I find a reasonable documentation about setting up LDAP with > Samba 2.2.2. I have read several documents about LDAP and Samba-TNG, but as > I have understood, LDAP is functional with Samba 2.2.2 also? > this may help... http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html some fixes are coming, Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From garrett.ellis at analexphoenix.com Mon Nov 19 09:46:02 2001 From: garrett.ellis at analexphoenix.com (Garrett Ellis) Date: Tue Dec 2 02:36:53 2003 Subject: Thanks was Re: "There is no user session key for the specified logon session." Message-ID: <3BF9454F.9D5C087F@analexphoenix.com> Thank you everybody who responded to my posts with your helpful advice. The problem is no longer occurring on my machine; but unfortunately I don't know what the original cause was. I just removed all the CVS builds of Samba, Samba-TNG, Head, etc; and reinstalled 2.2.2 release. The first time I tried joining the domain; it was successful. Thanks again; you were all extremely helpful! Garrett Ellis From josephk at std.teradyne.com Mon Nov 19 17:12:12 2001 From: josephk at std.teradyne.com (Karyn Joseph) Date: Tue Dec 2 02:36:53 2003 Subject: authentication errors Message-ID: <3BF9AD2B.3426FB06@std.teradyne.com> Hi -- I'm running samba 2.2.1 on two Solaris 2.6 servers. I changed the server authentication level to server the other day. This was very well received by most of my users. They are so happy to not have to type their password multiple times. The problem is I have some that are being completely or partially rejected. For instance, I have a couple of users, they can access the server, and their NIS home directory, but if they try to access a share they have group permissions to they are being rejected with the following error. I also have others that are being rejected with the same error, but just trying to access the server. BTW - their Unix and NT usernames do match. [2001/11/19 17:01:49, 1] smbd/password.c:pass_check_smb(554) Couldn't find user 'person' in smb_passwd file. [2001/11/19 17:01:49, 1] smbd/reply.c:reply_sesssetup_and_X(1005) Rejecting user 'person': authentication failed My globals section looks like: [global] security = server password server = GALA.STD workgroup = bigmagic netbios name = bigborg server string = Samba %v on (%L) log level = 1 log file = /net/adm/samba/samba-logs/samba.log.bigborg # log file = /usr/local/samba/log/samba.logs.%L name resolve order = hosts wins bcast # wins proxy = Yes wins server = 131.101.208.195 username map = /net/std/adm/samba/usermap.txt homedir map = u_auto.ah NIS homedir = Yes include = /net/std/adm/samba/smb.conf.editme Any ideas would be greatly appreciated. -- ________________________________________________ Karyn Joseph EIT - Agoura, CA UNIX Administrator 818/874-6116 ________________________________________________ From jkezar at doc.state.vt.us Mon Nov 19 18:37:02 2001 From: jkezar at doc.state.vt.us (Joseph Kezar) Date: Tue Dec 2 02:36:53 2003 Subject: Logon Scripts Message-ID: <000e01c1716d$27f92d60$0201a8c0@adelphia.net.adelphia.net> My WindowsME client is getting autheticated via my samba acting PDC. It says running logon scripts(and I see a black DOS looking window pop up. I think I can see it read: "Bad command or file name"). It never maps my homes directory. I created the batch file with a DOS editor. It runs fine after the WindowsME pc is booted up(I can double click on it). The file has one line in it: net use h: \\win\homes And the approriate DOS carraige return at the end. Why isn't my script running? There are no logs to give me any information either. Or is there? -------------- next part -------------- HTML attachment scrubbed and removed From samba at electromotor.com Mon Nov 19 20:46:02 2001 From: samba at electromotor.com (samba@electromotor.com) Date: Tue Dec 2 02:36:53 2003 Subject: Problem with profiles win98 Message-ID: <091201c1717e$aa5b1b40$2a6b3fd8@sbcglobal.net> I've been using Samba v2.0.6 no a RH Linux server for a couple of years as a PDC for Windows98 and Windows95 client machines connected on my LAN. No problems until a month ago one of my users complained that it took more that five minutes to login to the network. I started investigating and found that every time this user logs into the network, win98 sends a few thousand files to this user's profiles on the server. These files are located in: /home/$user/History/History.IE5 each directory is named: "MSHist" with long number strings in the sufix of the directory name. In each directory there is a file called: index.dat. I have cleaned up all the TEMP directories on the win98 machine and deleted these directories off the server. But when this machine logs into the network, it sends the directories to the server again and take a few minutes to log into the network. I cannot find where these files are comming from ? Does anyone know how I can remedy this ? Any help will be appreciated. Thanks, Mark W. -------------- next part -------------- HTML attachment scrubbed and removed From jay at toltec.metran.cx Mon Nov 19 23:06:02 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:53 2003 Subject: Problem with profiles win98 In-Reply-To: <091201c1717e$aa5b1b40$2a6b3fd8@sbcglobal.net> from "samba@electromotor.com" at Nov 19, 2001 10:48:23 PM Message-ID: <200111200705.fAK757U12051@toltec.metran.cx> > I've been using Samba v2.0.6 no a RH Linux server for a couple of years = > as a PDC for Windows98 and Windows95 client machines connected on my = > LAN. Just out of curiosity, do you allow the Win98 and Win95 profiles to be stored in the same directory? I've noticed very weird behavior sometimes when one Windows version's profile overwrites another version's. I'm not sure if Win98 profiles are totally compatible with Win95 profiles. But I don't think that's related to your problem. > No problems until a month ago one of my users complained that it = > took more that five minutes to login to the network. I started = > investigating and found that every time this user logs into the network, = > win98 sends a few thousand files to this user's profiles on the server. = > These files are located in: > > /home/$user/History/History.IE5 > > each directory is named: "MSHist" with long number strings in the sufix = > of the directory name. In each directory there is a file called: = > index.dat. I would guess that this is Internet Explorer's history list, which might be found somewhere like C:\Program Files\...\Internet Explorer\... whatever. Or maybe some odd directory under C:\Windows. Did you look there? That is, to find Internet Explorer's data files? Try using Windows Explorer (the one found in the Start Menu->Programs). Oh wait ... try here: C:\Windows\History. > I have cleaned up all the TEMP directories on the win98 machine and = > deleted these directories off the server. But when this machine logs = > into the network, it sends the directories to the server again and take = > a few minutes to log into the network. Whoa ... don't you mean when the machine logs off the network, it uploads the files and takes a long time? Roaming profiles are written to the server when the user logs off, and downloaded to the client when the user logs in. Jay Ts From jay at toltec.metran.cx Mon Nov 19 23:29:02 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:53 2003 Subject: Logon Scripts In-Reply-To: <000e01c1716d$27f92d60$0201a8c0@adelphia.net.adelphia.net> from "Joseph Kezar" at Nov 19, 2001 09:43:32 PM Message-ID: <200111200653.fAK6rEU11747@toltec.metran.cx> > My WindowsME client is getting autheticated via my samba acting PDC. It = > says running logon scripts(and I see a black DOS looking window pop up. = > I think I can see it read: "Bad command or file name"). Uh huh. Very helpful, isn't it? An error message that appears for 0.2 seconds and doesn't say anything specific! :-) > It never maps my homes directory. I assume you mean the home directory of the user on the Windows client. > I created the batch file with a DOS editor. It runs fine after the = > WindowsME pc is booted up(I can double click on it). =20 > The file has one line in it: > net use h: \\win\homes > And the approriate DOS carraige return at the end. Another way to check it on the Samba server is with the command od -c You should see each line ending in a \r \n (which is carriage return, linefeed). > Why isn't my script running? 1. Make sure the file ends in .bat. If you use .cmd, it will run on NT/2000/XP, but fail on 95/98/Me. (Oh, but it looks like you already got that part right...) 2. To map your home directories, first put a [homes] share into your smb.conf, restart the server and reboot your Windows box to check that the share appears in Explorer. Then use this command in your logon script: net use H: /home 3. In your command, 'net use h: \\win\homes', it is saying your Samba PDC's NetBIOS name is "win" ??? Even if so, I'm not sure it's possible to mount a [homes] share this way. I've never tried it, and wouldn't expect it to work. > There are no logs to give me any information either. Or is there? No, I don't think so. Jay Ts From kourosh at loop.com Mon Nov 19 23:32:06 2001 From: kourosh at loop.com (Kourosh Ghassemieh) Date: Tue Dec 2 02:36:53 2003 Subject: Problem with profiles win98 In-Reply-To: <091201c1717e$aa5b1b40$2a6b3fd8@sbcglobal.net> Message-ID: <5.1.0.14.0.20011119231906.00adaa10@pop.loop.com> Those files are the files cached by Internet Explorer. Each time you use IE to visit a web page IE caches that page so it loads faster next time. Over time the cache can grow quite large. This causes slow logons and logoffs as the info is copied to/from the server. To disable the cache check out these Microsoft Knowledge Base articles: How Not to Save Cached Internet Files with Roaming User Profiles (ID: Q185255) and How to Prevent Certain Folders from Uploading to Central Profile (ID: Q188692) I hope this helps. At 10:48 PM 11/19/2001 -0600, you wrote: >I've been using Samba v2.0.6 no a RH Linux server for a couple of years as >a PDC for Windows98 and Windows95 client machines connected on my LAN. No >problems until a month ago one of my users complained that it took more >that five minutes to login to the network. I started investigating and >found that every time this user logs into the network, win98 sends a few >thousand files to this user's profiles on the server. These files are >located in: > >/home/$user/History/History.IE5 > >each directory is named: "MSHist" with long number strings in the sufix >of the directory name. In each directory there is a file called: index.dat. > >I have cleaned up all the TEMP directories on the win98 machine and >deleted these directories off the server. But when this machine logs into >the network, it sends the directories to the server again and take a few >minutes to log into the network. I cannot find where these files are >comming from ? Does anyone know how I can remedy this ? > >Any help will be appreciated. Thanks, > >Mark W. -- ________________________________________________ Kourosh Ghassemieh MindWare Information Systems & Technologies 9255 Sunset Blvd, Penthouse West Hollywood CA 90069 (310) 729-1784 kourosh@loop.com +++Networking your business+++ From mjs at blitz-technology.net Tue Nov 20 00:40:34 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:36:53 2003 Subject: Configuring samba as a PDC for our lan Message-ID: <20011120185006.A10368@blitz-technology.net> Hi list. I am trying to configure Samba to act as a PDC for our LAN. Server is a Debian Linux system running Samba 2.2.2 Workstations are running Windows 2k Pro SP2. I want the Samba server to handle authentication for all the clients as well as manage there user profiles etc. My main question is what do I have to set the OS level too, so as to have the Samba server recognised as the highest priority server on the lan, and what should the options Domain Master, Local Master, etc be set to? Attached below is my smb.conf file. # Global parameters [global] workgroup = BLITZ netbios name = JOLT encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . max log size = 1000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 dns proxy = No wins support = Yes invalid users = root [profile] path = /home/profile read only = No create mask = 0600 directory mask = 0700 nt acl support = No browseable = no [homes] read only = No create mask = 0700 directory mask = 0700 browseable = No From bgmilne at cae.co.za Tue Nov 20 01:09:45 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:53 2003 Subject: winbind and NT domain not allowinf authentication Message-ID: <3BFA1C68.9040903@cae.co.za> What is the value for "template shell" ? The default is set to /bin/false. Also, your "template homedir", which defaults to /home/%D/%U where %D is the domain name and %U is the username. Is your home directory created? For more info on winbind on Mandrake (with sample pam config files), see http://mandrakeuser.org/connect/csamba5.html#windbind Buchan >Bonjour >I'm testing winbind to allow NT domain users (my domain is WOKUP) loging in >a unix station (hostname : david). > >At the login prompt, I'm entering my windows users (WOKUP\toto) and my >domain password. >All I can see is "creating home directory ..." and i'm logged out. >What is happening ? >Thanks for all clues. > >Sorry for my bad english. > >David >ddeg@wokup.com > > >in my /var/log/messages : > >Nov 16 17:22:19 david pam_winbind[3498]: user 'wokup\toto' granted acces >Nov 16 17:22:19 david pam_winbind[3498]: user 'wokup\toto' granted acces >Nov 16 17:22:19 david login(pam_unix)[3498]: session opened for user >wokup\toto by (uid=0) >Nov 16 17:22:19 david login[3498]: Permission denied > >my /etc/pam.d/login file >#%PAM-1.0 >auth required /lib/security/pam_securetty.so >auth required /lib/security/pam_stack.so service=system-auth >auth required /lib/security/pam_nologin.so >account sufficient /lib/security/pam_winbind.so >account required /lib/security/pam_stack.so service=system-auth >password required /lib/security/pam_stack.so service=system-auth >session required /lib/security/pam_stack.so service=system-auth >session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ >umask=0022 >session optional /lib/security/pam_console.so > >my /etc/pam.d/system-auth file >#%PAM-1.0 >auth required /lib/security/pam_env.so >auth sufficient /lib/security/pam_winbind.so >auth sufficient /lib/security/pam_unix.so likeauth nullok >use_first_pass >auth required /lib/security/pam_deny.so >account sufficient /lib/security/pam_winbind.so >account required /lib/security/pam_unix.so >password required /lib/security/pam_cracklib.so retry=3 >password sufficient /lib/security/pam_unix.so nullok use_authtok md5 >shadow >password required /lib/security/pam_deny.so >session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ >umask=0022 >session required /lib/security/pam_limits.so >session required /lib/security/pam_unix.so > >Software versions : >PDC : Windows NT 4.0 SP6 >samba v2.2.2 >Mandrake 8.1 > -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From david.degouilles at wokup.com Tue Nov 20 01:35:04 2001 From: david.degouilles at wokup.com (David Degouilles) Date: Tue Dec 2 02:36:53 2003 Subject: winbind and NT domain not allowinf authentication In-Reply-To: <3BFA1C68.9040903@cae.co.za> Message-ID: Well Done, that's it : I needed to uncomment the line for the template shell. By default it's /bin/bash but commented. removed the ";" : all went well at the first time. Thanks a lot. david > -----Message d'origine----- > De : Buchan Milne [mailto:bgmilne@cae.co.za] > What is the value for "template shell" ? The default is set to > /bin/false. Also, your "template homedir", which defaults to /home/%D/%U > where %D is the domain name and %U is the username. Is your home > directory created? > > For more info on winbind on Mandrake (with sample pam config files), see > http://mandrakeuser.org/connect/csamba5.html#windbind > > Buchan > >I'm testing winbind to allow NT domain users (my domain is > WOKUP) loging in > >a unix station (hostname : david). > > > >At the login prompt, I'm entering my windows users (WOKUP\toto) and my > >domain password. > >All I can see is "creating home directory ..." and i'm logged out. From RalfBecker at outdoor-training.de Tue Nov 20 03:58:03 2001 From: RalfBecker at outdoor-training.de (Ralf Becker) Date: Tue Dec 2 02:36:53 2003 Subject: Samba 2.2.2 as PDC: Client (NT+2000) NTLM crashes while login in Message-ID: <3BFA465E.C6A00EA@outdoor-training.de> got samba 2.2.2 from CVS, compiled it (Runing under Linux 2.2.18, SuSE 7.1) smb.conf (parts): [global] workgroup = OUT netbios name = POLE server string = %h Samba %v encrypt passwords = Yes username map = /usr/local/samba/lib/user.map # maps root admin password level = 2 log level = 20 log file = /var/log/samba-2.2.log domain admin group = root admin add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u logon path = \\%N\profiles\%U\profile logon drive = H: logon home = \\%L\%U\.profiles domain logons = Yes os level = 64 preferred master = True domain master = True [netlogon] comment = necesary share for domain controller path = /usr/local/samba/lib/netlogon write list = admin root [profiles] comment = share for storing user profiles path = /var/samba/profiles read only = No create mask = 0600 directory mask = 0700 machine accounts got created on the fly (verified in /etc/passwd and smbpasswd), Win2000 say something like 'Successfuly joined the domain, need to reboot' After the reboot, when i try to log into the domain, i got the Message (translated for german): You could not loged in: Segment fault "Unzul?ssiger Zugriff auf einen Speicherbereich" I cant do any further logins without rebooting, the eventlog states (after the reboot) that the NTLM crashed. I tried it serveral times from different machines with Win2000 Sp1+2 and NT 4 Sp6, always with the same result (one was a frech Win2000 install) Here you can find the logfile (of that and the next timestamp): http://www.outdoor-training.de/samba.log Many thanks in advance Ralf -- Ralf Becker Outdoor Unlimited Training GmbH [http://www.outdoor-training.de] D-67663 Kaiserslautern, Leibnizstr. 17 Telefon +49 (631) 31657-0, Fax -26 -------------- next part -------------- A non-text attachment was scrubbed... Name: RalfBecker.vcf Type: text/x-vcard Size: 386 bytes Desc: Karte f?r Ralf Becker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011120/c08614e7/RalfBecker.vcf From ofer at changind.com Tue Nov 20 08:29:04 2001 From: ofer at changind.com (Ofer Nave) Date: Tue Dec 2 02:36:53 2003 Subject: Configuring samba as a PDC for our lan In-Reply-To: <20011120185006.A10368@blitz-technology.net> Message-ID: <00aa01c171e0$6a074980$1301a8c0@aries> Well, to tell you the truth, I know very little about OS levels, and have never seen a map of Windows version => OS Level (though I've never looked...), but I successfully configured my samba server as a PDC for Win2k machines using the OS Level 64. Also, don't forget 'security = user'. -ofer -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Mitchell Sent: Monday, November 19, 2001 11:50 PM To: samba-ntdom@lists.samba.org Subject: Configuring samba as a PDC for our lan Hi list. I am trying to configure Samba to act as a PDC for our LAN. Server is a Debian Linux system running Samba 2.2.2 Workstations are running Windows 2k Pro SP2. I want the Samba server to handle authentication for all the clients as well as manage there user profiles etc. My main question is what do I have to set the OS level too, so as to have the Samba server recognised as the highest priority server on the lan, and what should the options Domain Master, Local Master, etc be set to? Attached below is my smb.conf file. # Global parameters [global] workgroup = BLITZ netbios name = JOLT encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . max log size = 1000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 dns proxy = No wins support = Yes invalid users = root [profile] path = /home/profile read only = No create mask = 0600 directory mask = 0700 nt acl support = No browseable = no [homes] read only = No create mask = 0700 directory mask = 0700 browseable = No From virgo at azcher.kharkov.ua Tue Nov 20 08:49:03 2001 From: virgo at azcher.kharkov.ua (Virgo) Date: Tue Dec 2 02:36:53 2003 Subject: Problem downloading driver from Samba. Message-ID: <3BFA8945.9010008@azcher.kharkov.ua> Hi! Has made as is said in Printing Support in Samba 2.2.x #rpcclient hydra -U root%******** -c "enumprinters" Domain = [AZCHER] OS = [Unix] Server = [Samba 2.2.2] flags: [0x800000] name: [\\ HYDRA\fax] description: [HYDRA \\ HYDRA\fax,] comment: [] flags: [0x800000] name: [\\ HYDRA\PrintServer] description: [HYDRA \\ HYDRA\PrintServer,] comment: [] flags: [0x800000] name: [\\ HYDRA\hp2200] description: [HYDRA \\ HYDRA\hp2200, HP LaserJet 2200 Series PCL 6,] comment: [] #rpcclient hydra -U root%******** -c "enumdrivers" Domain = [AZCHER] OS = [Unix] Server = [Samba 2.2.2] Why it does not see the drivers? In smb.conf: [print$] path = /samba/printers guest ok = yes browseable = yes read only = yes write list = @engineering [root@hydra printers]# pwd /samba/printers [root@hydra printers]# ls -al total 28 drwxr-xr-x 7 root root 4096 Nov 20 17:02 ./ drwxr-xr-x 8 root root 4096 Nov 20 16:51 ../ drwxr-xr-x 2 root root 4096 Nov 20 17:01 W32ALPHA/ drwxr-xr-x 2 root root 4096 Nov 20 17:01 W32MIPS/ drwxr-xr-x 2 root root 4096 Nov 20 17:02 W32PPC/ drwxr-xr-x 4 root root 4096 Nov 20 17:41 W32X86/ drwxr-xr-x 5 root root 4096 Nov 20 18:36 WIN40/ [root@hydra printers]# cd W32X86/ [root@hydra W32X86]# ls hpbafd32.dl_ hpbf3222.dl_ hpbf3224.hl_ hpbf3225.dl_ hpdcmon.dl_ hpbf3220.dl_ hpbf3223.dl_ hpbf3224.inf hpbf3226.dl_ hpbf3221.dl_ hpbf3224.dl_ hpbf3224.pm_ hpbftm32.dl_ Where the mistake? Please help! Thanks. -- Sergey Dolgopolov Registered Linux User #186627 ICQ UIN 50715669 E-Mail: mailto:virgo@azcher.kharkov.ua SMS: mailto:virgo@kyivstar.net Tel: +38(0572)194976 Fax: +38(0572)194905 From josephk at std.teradyne.com Tue Nov 20 09:45:09 2001 From: josephk at std.teradyne.com (Karyn Joseph) Date: Tue Dec 2 02:36:53 2003 Subject: authentication errors References: <3BF9AD2B.3426FB06@std.teradyne.com> Message-ID: <3BFA9334.DE99C1B9@std.teradyne.com> Some additional information. I realized that the people who are being denied access have primary gid's which aren't part of the allowed groups, but are part of the group in the group file that does have permission. It seems like samba is not reading the group file anymore. Any ideas? Please. Karyn Karyn Joseph wrote: > > Hi -- > > I'm running samba 2.2.1 on two Solaris 2.6 servers. I changed the > server authentication level to server the other day. This was > very well received by most of my users. They are so happy to > not have to type their password multiple times. > > The problem is I have some that are being completely or partially > rejected. For instance, I have a couple of users, they can access > the server, and their NIS home directory, but if they try to access > a share they have group permissions to they are being rejected with > the following error. I also have others that are being rejected > with the same error, but just trying to access the server. BTW - > their Unix and NT usernames do match. > > [2001/11/19 17:01:49, 1] smbd/password.c:pass_check_smb(554) > Couldn't find user 'person' in smb_passwd file. > [2001/11/19 17:01:49, 1] smbd/reply.c:reply_sesssetup_and_X(1005) > Rejecting user 'person': authentication failed > > My globals section looks like: > > [global] > security = server > password server = GALA.STD > workgroup = bigmagic > netbios name = bigborg > server string = Samba %v on (%L) > log level = 1 > log file = /net/adm/samba/samba-logs/samba.log.bigborg > # log file = /usr/local/samba/log/samba.logs.%L > name resolve order = hosts wins bcast > # wins proxy = Yes > wins server = 131.101.208.195 > username map = /net/std/adm/samba/usermap.txt > homedir map = u_auto.ah > NIS homedir = Yes > include = /net/std/adm/samba/smb.conf.editme > > Any ideas would be greatly appreciated. > -- > ________________________________________________ > Karyn Joseph EIT - Agoura, CA > UNIX Administrator 818/874-6116 > ________________________________________________ -- ________________________________________________ Karyn Joseph EIT - Agoura, CA UNIX Administrator 818/874-6116 ________________________________________________ From Martin.Doule at czech.sun.com Tue Nov 20 09:46:05 2001 From: Martin.Doule at czech.sun.com (Martin.Doule) Date: Tue Dec 2 02:36:53 2003 Subject: (no subject) Message-ID: Hello. We are planning migrate from our old NT server to samba server. I'd like to did it as much transparent as possible. Did anyone has experience with that? Do you know how easily move user, domain and machines security infos from NT to samba? Thanks Martin Doule System Administrator, Forte Tools Sun Microsystems Czech, s.r.o. Software System Group Evropska 33e 160 00 Prague 6 Tel: +420-2-33009193 Internal: x49193 Fax: +420-2-33009299 Mobile: +420-606-625752 From michael.auleta at boeing.com Tue Nov 20 11:07:23 2001 From: michael.auleta at boeing.com (Auleta, Michael) Date: Tue Dec 2 02:36:53 2003 Subject: Problems joining a Windows 2000 domain Message-ID: <3770A45DCD946A459AADDDDA5606F7C201CA847D@xch-phl-01.ne.nos.boeing.com> I'm having a problem getting a Samba server to join a Windows 2000 domain. Because of the way our system is architected, I'm unable to join the top level "Computers" OU (we don't have any nodes in that OU). I've had my Samba server added to a lower level OU and I've been added as someone who is able to add nodes. When I run "smbpasswd -j DOMAIN -r PDC -U myname%passwd", I see the traditional errors that everyone else is reporting. My question is can I join a Windows 2000 domain in any OU other than "Computers", and if so, how? Mike From samba at nebula-sa.com.ar Tue Nov 20 11:22:04 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:53 2003 Subject: chars problem References: Message-ID: <099001c171f6$bc0ac340$1a3ca8ac@jusbaires.gov.ar> I have a samba PDC that is running ok... all is working fine except acentuation... i cannot wirte files or directories with ????? in the shares of samba... any idea? From joshuam at gravityedge.com Tue Nov 20 11:33:09 2001 From: joshuam at gravityedge.com (Joshua McClintock) Date: Tue Dec 2 02:36:53 2003 Subject: LookupAccountName (\\LINUXPDC, Domain Admins) failed with error 1332 Message-ID: <009101c171f8$eb32fd20$21d8fdce@internap.com> During nt group enumeration useing mkgroup -d on cygwin I get the following errors. LookupAccountName (\\LINUXPDC, Domain Admins) failed with error 1332 LookupAccountName (\\LINUXPDC, Domain Users) failed with error 1332 I know what the win32 error means, but it still doesn't tell me anymore than what I already know (Win32 Error 1332 - No mapping between account names and security IDs was done). Does anyone know if my client isn't providing Samba with enough information or if Samba just doesn't understand how to respond. From jay at toltec.metran.cx Tue Nov 20 13:33:04 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:53 2003 Subject: Configuring samba as a PDC for our lan In-Reply-To: <00aa01c171e0$6a074980$1301a8c0@aries> from "Ofer Nave" at Nov 20, 2001 08:28:39 AM Message-ID: <200111202131.fAKLVpQ14360@toltec.metran.cx> > > Well, to tell you the truth, I know very little about OS levels, and have > never seen a map of Windows version => OS Level (though I've never > looked...), but I successfully configured my samba server as a PDC for Win2k > machines using the OS Level 64. Here is a partial map: A computer gets a value by its OS: Windows 3.1 1 Windows 95 1 Windows 98 2 Win NT Workst. 3.51 16 Win NT Workst. 4.0 17 Win NT Server 3.51 32 WIn NT Server 4 33 And a computer gets a value by its role: active backup browser 1 standby browser 2 active master browser 4 preferred master browser 8 WINS client 32 PDC 128 I am using an os level of 65, which I assume is higher than Windows Me and Windows XP Pro. But I haven't actually checked, so don't take this as reference info. Jay Ts From AEsh at tricord.com Tue Nov 20 13:46:59 2001 From: AEsh at tricord.com (Esh, Andrew) Date: Tue Dec 2 02:36:53 2003 Subject: authentication errors Message-ID: <6DEE94132593D41182D200508BDCA590011810ED@mail.tricord.com> Try "getent group" and see if the name system has the group in question listed. -----Original Message----- From: Karyn Joseph [mailto:josephk@std.teradyne.com] Sent: Tuesday, November 20, 2001 11:30 AM To: samba-ntdom@lists.samba.org; samba-technical@lists.samba.org Subject: Re: authentication errors Some additional information. I realized that the people who are being denied access have primary gid's which aren't part of the allowed groups, but are part of the group in the group file that does have permission. It seems like samba is not reading the group file anymore. Any ideas? Please. Karyn Karyn Joseph wrote: > > Hi -- > > I'm running samba 2.2.1 on two Solaris 2.6 servers. I changed the > server authentication level to server the other day. This was > very well received by most of my users. They are so happy to > not have to type their password multiple times. > > The problem is I have some that are being completely or partially > rejected. For instance, I have a couple of users, they can access > the server, and their NIS home directory, but if they try to access > a share they have group permissions to they are being rejected with > the following error. I also have others that are being rejected > with the same error, but just trying to access the server. BTW - > their Unix and NT usernames do match. > > [2001/11/19 17:01:49, 1] smbd/password.c:pass_check_smb(554) > Couldn't find user 'person' in smb_passwd file. > [2001/11/19 17:01:49, 1] smbd/reply.c:reply_sesssetup_and_X(1005) > Rejecting user 'person': authentication failed > > My globals section looks like: > > [global] > security = server > password server = GALA.STD > workgroup = bigmagic > netbios name = bigborg > server string = Samba %v on (%L) > log level = 1 > log file = /net/adm/samba/samba-logs/samba.log.bigborg > # log file = /usr/local/samba/log/samba.logs.%L > name resolve order = hosts wins bcast > # wins proxy = Yes > wins server = 131.101.208.195 > username map = /net/std/adm/samba/usermap.txt > homedir map = u_auto.ah > NIS homedir = Yes > include = /net/std/adm/samba/smb.conf.editme > > Any ideas would be greatly appreciated. > -- > ________________________________________________ > Karyn Joseph EIT - Agoura, CA > UNIX Administrator 818/874-6116 > ________________________________________________ -- ________________________________________________ Karyn Joseph EIT - Agoura, CA UNIX Administrator 818/874-6116 ________________________________________________ -------------- next part -------------- HTML attachment scrubbed and removed From mjs at blitz-technology.net Tue Nov 20 14:01:06 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:36:53 2003 Subject: Almost got it Message-ID: <20011121081056.A15166@blitz-technology.net> Hmm, I think I've almost got it. When I log in to windows though it keeps giving me the error "no domain server found, some network resources may not be available" however, following the documentation that I was refered to in a previous email this is the smb.conf file I am now using. Can anyone spot anything obvious that I'm doing wrong? [global] workgroup = BLITZ netbios name = JOLT encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . unix password sync = Yes time server = Yes #logon script = logon.bat logon path = \\jolt\profiles\%U domain logons = Yes os level = 65 preferred master = True domain master = True wins support = Yes invalid users = root [netlogon] path = /home/logon browseable = No [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 nt acl support = No browseable = No [homes] read only = No create mask = 0600 directory mask = 0700 browseable = No From sharpe at ns.aus.com Tue Nov 20 14:39:43 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:36:53 2003 Subject: Configuring samba as a PDC for our lan References: <200111202131.fAKLVpQ14360@toltec.metran.cx> Message-ID: <3BFADD2E.8050008@ns.aus.com> Jay Ts wrote: >>Well, to tell you the truth, I know very little about OS levels, and have >>never seen a map of Windows version => OS Level (though I've never >>looked...), but I successfully configured my samba server as a PDC for Win2k >>machines using the OS Level 64. >> > > Here is a partial map: > > A computer gets a value by its OS: > > Windows 3.1 1 > Windows 95 1 > Windows 98 2 > Win NT Workst. 3.51 16 > Win NT Workst. 4.0 17 > Win NT Server 3.51 32 > WIn NT Server 4 33 This is just NOT TRUE! This is a damn lie uttered by someone once, and propogated by people ever since. The field is a bit-field! Windows NT Wks has a value of 16 and NT Server has a value of 32! Have you checked the actual packets? Ethereal decodes these things well (Election packets that is). -- Richard Sharpe, rsharpe@ns.aus.com, LPIC-1 www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba in 24 Hours, Special Edition, Using Samba From jay at toltec.metran.cx Tue Nov 20 15:11:08 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:53 2003 Subject: Configuring samba as a PDC for our lan In-Reply-To: <3BFADD2E.8050008@ns.aus.com> from "Richard Sharpe" at Nov 21, 2001 09:16:06 AM Message-ID: <200111202251.fAKMp7414895@toltec.metran.cx> Richard Sharpe wrote: > > Jay Ts wrote: > > A computer gets a value by its OS: > > > > Windows 3.1 1 > > Windows 95 1 > > Windows 98 2 > > Win NT Workst. 3.51 16 > > Win NT Workst. 4.0 17 > > Win NT Server 3.51 32 > > WIn NT Server 4 33 > > This is just NOT TRUE! This is a damn lie uttered by someone once, > and propogated by people ever since. > > The field is a bit-field! Windows NT Wks has a value of 16 and NT Server > has a value of 32! Richard, thanks for your quick and very pointful correction. I copied the info verbatim out of the first edition of Using Samba. I'm the lead author of the _2nd_ edition, and am very carefully weeding out misinformation as I rewrite a lot of it... but I hadn't gotten to the part on browsing elections yet! Jay Ts From mjs at blitz-technology.net Tue Nov 20 15:49:02 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:36:54 2003 Subject: grrrr Message-ID: <20011121095916.A990@blitz-technology.net> so close and yet so far. Atleast it can see samba as the authentication server now but windows is giving me the following error Do not recognise your domain / password and this is what is coming up in my smb.log Denied connection from (192.168.1.2) [2001/11/21 09:51:56, 0] smbd/connection.c:yield_connection(63) yield_connection: tdb_delete for name failed with error Record does not exist. And yes that IP *should* be in my subnet, here is my smb.conf file now. # Samba config file created using SWAT # from 203-109-247-33.ihug.net (203.109.247.33) # Date: 2001/11/21 09:40:20 # Global parameters [global] workgroup = BLITZ netbios name = JOLT interfaces = eth0 encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . unix password sync = Yes time server = Yes logon script = logon.bat logon path = \\jolt\profiles\%u domain logons = Yes os level = 65 preferred master = True domain master = True wins support = Yes remote announce = 192.168.1.255 invalid users = root hosts allow = 192.168.1, 127.0.0.1 [netlogon] path = /home/logon browseable = No [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 nt acl support = No browseable = No [homes] read only = No create mask = 0600 directory mask = 0700 browseable = No I got to get it right eventually :). From grobe at gmx.net Tue Nov 20 16:46:05 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:54 2003 Subject: migration nt -> samba pdc References: Message-ID: <3BFB0766.A30E94FE@gmx.net> Hi! We did the migration about 18 months ago. We have a heterogenous network here, so as you just need samba, you are quite lucky ;-) You will have to get ("export") the nt-encrypted passwords. They can't be decrypted, but this shouldn't be necessary. I used a utility called pwdump2 (take a look at google). This writes a smbpasswd-like file, so it's quite close to what you will need in samba. Now, I parsed this file with the utility pdadduser. This will allow you to create unix accounts based on the output of pwdump2. You need an account for every user and every machine! I usually set both's shells to /bin/false... If you have the unix-users, you can create the samba-users. The only problem is that the output of pwdump2 doesn't contain the valid uids, if you correct this (maybe with the help of pdadduser, again, maybe with some script), you can use this as your smbpasswd-file. So, you should be able to check that all your users arrived on samba. Simply try smbclient -U -L , you should have to enter the password, and see the shares of your samba server. Now, go from machine to machine and put them into your domain.... I don't think that there is a way to avoid this... (maybe with samba-tng, which has some backup-dc-features). Good luck, and have fun, you should get a fast and reliable server.... CU, Lars. www.rechnerpool.com From dingdong at ncop.nec.co.jp Tue Nov 20 23:19:02 2001 From: dingdong at ncop.nec.co.jp (dingdong) Date: Tue Dec 2 02:36:54 2003 Subject: samba for Windows 2000 Message-ID: <20011121151008.94A9.DINGDONG@ncop.nec.co.jp> good day.! i am new to samba and was wondering, how can the shares in the samba server we be visible or even accessible to a Windows 2000 advance server? I refer to the samba book included in the download suite, but it discusses only the configuration for an NT 4 machines. is there anything else i can configure so that it would work. at first i thought it was the workstation service in NT that is causing the problem, but i learned that client for windows in the win2k is the same as workstation service. From olli.fink at ak-vorarlberg.at Wed Nov 21 01:17:17 2001 From: olli.fink at ak-vorarlberg.at (Olli Fink) Date: Tue Dec 2 02:36:54 2003 Subject: Windows XP and Samba Message-ID: <001801c1726c$0dd03d70$6401000a@olli> I tried to logon to a SAMBA-PDC with Windows XP: I did : Create a machine-account with windowsXP - worked (my logon is: R3_04 - the machine is called: R3_04) it created a R3_04$ user in passwd and smbpasswd !! But then winXP tells me to restart - I tried to logon but it tells me it can't logon because either there is no DOMAINCONTROLLER or no machine acout for this machine. In samba.log I see "get_md4pw: Workstation r3_04$: no account in domain " What is the problem ??? Thanks in advance !! Greetings Olli ----------------------------------------------------- BildungsCenter der Arbeiterkammer Vorarlberg Fink Olli Schiesst?tte 16 6800 Feldkirch Tel.: 05522/3551-16 Fax: 05522/3551-17 e-mail: mailto:olli.fink@ak-vorarlberg.at ----------------------------------------------------- From edv at wkf.at Wed Nov 21 02:22:02 2001 From: edv at wkf.at (M.Eidher (IT/IS-Wr.Kuehlhaus-Frigoscandia GmbH)) Date: Tue Dec 2 02:36:54 2003 Subject: Problem setting NTFS-Permissions Message-ID: HI, to all I`ve got a linux-Box with a 2.4.14-Kernel in a W2k-Domain working as a Fileserver (not as Domaincontroller). I use Samba 2.2.2. Everything works fine, but when I try to add/or change Users-NTFS-Permissions of a Directory or a file in a share, using the Advanced-settings on a W2k-Box, I get the messages Access denied. I guess that when using the standard sources of samba the --with-nt-acl-support option is enabled. Or not? Here are a few lines of my smb.conf [global] workgroup = DOM02 netbios name = DATEI server string = Datei Samba Server interfaces = 10.10.10.29/255.255.255.0 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = * log file = /usr/local/samba/var/log.%m max log size = 50 preferred master = False local master = No domain master = False dns proxy = No wins server = dc winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /dateien/DOM02/%U winbind separator = + admin users = Administrator hosts allow = 10.10.10. 127. veto files = /*.eml/*.nws/riched20.dll/ [BH] comment = Fileserver der Buchhaltung path = /dateien/BH valid users = @BH, @Domain-Admins write list = @BH, @Domain-Admins force create mode = 0777 force directory mode = 0777 browseable = No Thanks for any rapid answer CU, Martin From jay at toltec.metran.cx Wed Nov 21 03:50:02 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:54 2003 Subject: Windows XP and Samba In-Reply-To: <001801c1726c$0dd03d70$6401000a@olli> from "Olli Fink" at Nov 21, 2001 10:08:15 AM Message-ID: <200111211148.fALBmtn02135@toltec.metran.cx> Did you try setting RequireSignOrSeal to zero? See the file in the docs/Registry directory of the Samba 2.2.2 source distribution. The file name is WinXP_SignOrSeal.reg. Jay Ts > I tried to logon to a SAMBA-PDC with Windows XP: > > I did : > > Create a machine-account with windowsXP - worked > (my logon is: R3_04 - the machine is called: R3_04) > it created a R3_04$ user in passwd and smbpasswd !! > > But then winXP tells me to restart - > I tried to logon but it tells me it can't logon > because either there is no DOMAINCONTROLLER or no > machine acout for this machine. > > In samba.log I see "get_md4pw: Workstation r3_04$: no account in domain " > > What is the problem ??? > > > Thanks in advance !! > > Greetings Olli > ----------------------------------------------------- > BildungsCenter der Arbeiterkammer Vorarlberg > Fink Olli > Schiesst?tte 16 > 6800 Feldkirch > > Tel.: 05522/3551-16 > Fax: 05522/3551-17 > e-mail: mailto:olli.fink@ak-vorarlberg.at > ----------------------------------------------------- > > From jay at toltec.metran.cx Wed Nov 21 03:56:04 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:54 2003 Subject: samba for Windows 2000 In-Reply-To: <20011121151008.94A9.DINGDONG@ncop.nec.co.jp> from "dingdong" at Nov 21, 2001 03:18:11 PM Message-ID: <200111211154.fALBsUZ02144@toltec.metran.cx> > > i am new to samba and was wondering, how can the shares in the samba > server we be visible or even accessible to a Windows 2000 advance server? To set up Win 2000 as a client in a workgroup, it is basically the same as for Windows NT, except that Windows 2000 is different in look and feel. Some things are in different places, and go by different names, in the control panels. Check your network settings (computer name, workgroup name, IP address, netmask, WINS and DNS server, etc.) These are in the Network... and System control panels. Jay Ts From tmeinke at macnews.de Wed Nov 21 04:57:31 2001 From: tmeinke at macnews.de (Thomas Meinke) Date: Tue Dec 2 02:36:54 2003 Subject: Samba 2.2.2 Winbind and pam_mkhomedir Message-ID: Hello! I`m running Samba 2.2.2 with Winbind on a SuSE Linux 7.3 System. Everything still works fine. The only problem I have is that the Domain Users don?t have a home directory on the Linux Server. I thought the use of pam_mkhomedir.so would be a great idea to create the homedirectories at login. But how can I manage it, that samba uses the pam_mkhomedir.so module. The pam_mkhomedir.so works still fine at the console login. But I didn`t manage it to work with samba. Where I have to put the call of the pam_mkhomedir.so? In the /etc/pam.d/samba file or anywhere else? And then which line must I add to the /etc/pam.d/samba file. For the console login I only needed to add the line: session required /lib/security/mk_homedir.so skel=/etc/skel/ And it works. I tried the same line in the /etc/pam.d/samba file, but it do not work. Cu Thomas Meinke From bon at teamlog.fr Wed Nov 21 06:59:03 2001 From: bon at teamlog.fr (JM Bonnefond) Date: Tue Dec 2 02:36:54 2003 Subject: smbpasswd error with permission denied. Message-ID: <20011121155840.70EDC68B@hal.ionix-services.com> Hi, I'm using Samba to replace an old Novell Server and I have about 30 clients which are under Win2K. I've the following problem with the authentication of the 2k stations, the user and the machine account are well declared, but when a 2k station try to log to the domain, I've this logs in my /var/log/log.server : [2001/11/21 15:39:17, 0] passdb/smbpass.c:startsmbfilepwent_internal(87) startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd. Error was Permission denied [2001/11/21 15:39:17, 0] passdb/smbpass.c:iterate_getsmbpwuid(1240) unable to open smb password database. the smbpasswd have the following right : -rw------- 1 root root 949 Nov 21 15:37 smbpasswd I try this : chmod +r /etc/samba/smbpasswd -rw-r--r-- 1 root root 949 Nov 21 15:37 smbpasswd then I try to log I've got the same error in the logs and my smbpasswd is set back to : -rw------- 1 root root 949 Nov 21 15:37 smbpasswd Any idea? Jean-Michel. From j.schmidt at extracom.de Wed Nov 21 07:19:07 2001 From: j.schmidt at extracom.de (Jens Uwe Schmidt) Date: Tue Dec 2 02:36:54 2003 Subject: AW: smbpasswd error with permission denied. In-Reply-To: <20011121155840.70EDC68B@hal.ionix-services.com> Message-ID: Hi, are you shure, that this is the right one? Maybe it's in /usr/local/samba/private/ or wherever you told your samba source to settle..... (Just a tip, I spent hours in searching for my mistakes like this - no offence!) Cheers Jens > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von JM Bonnefond > Gesendet: Mittwoch, 21. November 2001 17:03 > An: samba-ntdom@lists.samba.org > Betreff: smbpasswd error with permission denied. > > > > Hi, > > I'm using Samba to replace an old Novell Server and I have about > 30 clients > which are under Win2K. > > I've the following problem with the authentication of the 2k > stations, the > user and the machine account are well declared, but when a 2k > station try to > log to the domain, I've this logs in my /var/log/log.server : > > [2001/11/21 15:39:17, 0] passdb/smbpass.c:startsmbfilepwent_internal(87) > startsmbfilepwent_internal: unable to open file > /etc/samba/smbpasswd. Error > was Permission > denied > [2001/11/21 15:39:17, 0] passdb/smbpass.c:iterate_getsmbpwuid(1240) > unable to open smb password database. > > the smbpasswd have the following right : > -rw------- 1 root root 949 Nov 21 15:37 smbpasswd > > I try this : > chmod +r /etc/samba/smbpasswd > > -rw-r--r-- 1 root root 949 Nov 21 15:37 smbpasswd > > then I try to log I've got the same error in the logs and my > smbpasswd is set > back to : > -rw------- 1 root root 949 Nov 21 15:37 smbpasswd > > Any idea? > Jean-Michel. > From danws at terra.com.br Wed Nov 21 07:30:06 2001 From: danws at terra.com.br (Daniel William Schultz) Date: Tue Dec 2 02:36:54 2003 Subject: Spool filename. ( What is the problem? ) Message-ID: Here is my printer config: printing = lprng load printers = yes use client driver = yes printer admin = @edutec, root printcap name = /etc/printcap print command = lpr -U%U@%M -r -P%p -J'%J' %s lpq command = lpq -P%p lprm command = lprm -U%U@%M -P%p %j lppause command = /usr/sbin/lpc -U%U@%M hold %p %j lpresume command =/usr/sbin/lpc -U%U@%M release %p %j queuepause command = /usr/sbin/lpc -U%U@%M -P%p stop queueresume command = /usr/sbin/lpc -U%U@%M -P%p start On the print command I have put the variable %J , to get the original filename, but it's empty... On samba 2.2.1a it worked, but now in 2.2.2 seems to not work. This variable get deprecated ? Please, any help is welcome, my boss is asking me all the time about this, and I don't want to downgrade to 2.2.1a to have oplock problems again :) Thanks in advance, Daniel. From dwcjr at inethouston.net Wed Nov 21 07:47:03 2001 From: dwcjr at inethouston.net (David W. Chapman Jr.) Date: Tue Dec 2 02:36:54 2003 Subject: Windows XP and Samba In-Reply-To: <001801c1726c$0dd03d70$6401000a@olli> References: <001801c1726c$0dd03d70$6401000a@olli> Message-ID: <20011121153343.GA91521@leviathan.inethouston.net> On Wed, Nov 21, 2001 at 10:08:15AM +0100, Olli Fink wrote: > I tried to logon to a SAMBA-PDC with Windows XP: > > I did : > > Create a machine-account with windowsXP - worked > (my logon is: R3_04 - the machine is called: R3_04) > it created a R3_04$ user in passwd and smbpasswd !! > > But then winXP tells me to restart - > I tried to logon but it tells me it can't logon > because either there is no DOMAINCONTROLLER or no > machine acout for this machine. > > In samba.log I see "get_md4pw: Workstation r3_04$: no account in domain " > > What is the problem ??? > > > Thanks in advance !! > Try changing the computer name to something other than the username. I know for local XP user accounts it won't let you have them the same. -- David W. Chapman Jr. dwcjr@inethouston.net Raintree Network Services, Inc. dwcjr@freebsd.org FreeBSD Committer From bon at teamlog.fr Wed Nov 21 07:59:16 2001 From: bon at teamlog.fr (JM Bonnefond) Date: Tue Dec 2 02:36:54 2003 Subject: AW: smbpasswd error with permission denied. In-Reply-To: References: Message-ID: <20011121164248.80D9968B@hal.ionix-services.com> I work on a SuSE 7.3 which implements samba 2.2.1a and the config files are all located in /etc/samba. Btw, I've one more error whith W2k SP2 that I d'ont have with a W2k not patched : [2001/11/21 16:30:32, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. I've done the same tests with 2.2.2 manually installed and I've got the same errors with a permission denied access to smbpasswd. Thanks, Jean-Michel. Le Mercredi 21 Novembre 2001 16:22, Jens Uwe Schmidt a ?crit : > Hi, > > are you shure, that this is the right one? > Maybe it's in /usr/local/samba/private/ or wherever you told your samba > source to settle..... > > (Just a tip, I spent hours in searching for my mistakes like this - no > offence!) > > Cheers > > Jens From samba at denverdata.com Wed Nov 21 08:48:46 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:54 2003 Subject: samba for Windows 2000 In-Reply-To: <200111211154.fALBsUZ02144@toltec.metran.cx> Message-ID: We have a Win2K Server that is a member of our Samba PDC domain. The typical steps were required for adding a machine account to the PDC (see samba docs). The only other issues I've come across were the typical "MS is thinking for you" kinda stuff...by default DHCP, DNS, WINS services were all installed and set to start automatically, which caused a few headaches at first but were quickly fixed. Assuming Win2K Advanced Server isn't that much different the regular Win2K Server, I don't think you should have any problems. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Jay Ts > Sent: Wednesday, November 21, 2001 4:55 AM > To: dingdong > Cc: samba-ntdom@lists.samba.org > Subject: Re: samba for Windows 2000 > > > > > > i am new to samba and was wondering, how can the shares in the samba > > server we be visible or even accessible to a Windows 2000 > advance server? > > To set up Win 2000 as a client in a workgroup, it is basically the same > as for Windows NT, except that Windows 2000 is different in look > and feel. Some things are in different places, and go by different > names, in the control panels. > > Check your network settings (computer name, workgroup name, IP address, > netmask, WINS and DNS server, etc.) These are in the Network... > and System > control panels. > > Jay Ts > From MathiasWohlfarth at bwb.org Wed Nov 21 09:22:03 2001 From: MathiasWohlfarth at bwb.org (Mathias Wohlfarth) Date: Tue Dec 2 02:36:54 2003 Subject: AIX and passwd chat Message-ID: I have problems to get the password chat running. I tried with also with a script, that does nothing more than writing something to a file. But nothing happens. It seems that the program fails to start. Can anyone help? This is the output from log.smbd: [2001/11/21 17:35:36, 3] smbd/chgpasswd.c:chat_with_program(425) Dochild for user s01user (uid=0,gid=0) [2001/11/21 17:35:38, 100] smbd/chgpasswd.c:expect(266) expect: expected [*fertig*] received [] match no [2001/11/21 17:35:40, 100] smbd/chgpasswd.c:expect(266) expect: expected [*fertig*] received [] match no [2001/11/21 17:35:40, 10] smbd/chgpasswd.c:expect(277) expect: returning False [2001/11/21 17:35:40, 3] smbd/chgpasswd.c:talktochild(303) Response 1 incorrect [2001/11/21 17:35:40, 3] smbd/chgpasswd.c:chat_with_program(358) Child failed to change password: s01user [2001/11/21 17:35:40, 3] smbd/chgpasswd.c:chat_with_program(396) The process exited while we were waiting From olli.fink at ak-vorarlberg.at Wed Nov 21 09:32:03 2001 From: olli.fink at ak-vorarlberg.at (Olli Fink) Date: Tue Dec 2 02:36:54 2003 Subject: Windows XP+Samba as PDC - succeeded!!!!! In-Reply-To: <20011121153343.GA91521@leviathan.inethouston.net> Message-ID: <000c01c172ad$1e16e490$6401000a@olli> Thanks a lot to all who helped me out !!! The problem was solved by: in the docs/Registry directory of the Samba 2.2.2 source distribution there is file called WinXP_SignOrSeal.reg. Thanks Olli ----------------------------------------------------- BildungsCenter der Arbeiterkammer Vorarlberg Fink Olli Schiesst?tte 16 6800 Feldkirch Tel.: 05522/3551-16 Fax: 05522/3551-17 e-mail: mailto:olli.fink@ak-vorarlberg.at ----------------------------------------------------- From tom at picard.ee.ucl.ac.uk Wed Nov 21 09:49:21 2001 From: tom at picard.ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:36:54 2003 Subject: Problems with NT systems on Samba-2.2.2 domain Message-ID: <200111211736.fALHaaf13272@lister.ee.ucl.ac.uk> Hello, Having taken the plunge and replaced our samba-TNG server with a samba-2.2.2 one, we have run into some problems: Windows 2000 systems seem to carry on working as they did before, logging into the domain etc etc. NT systems did not aloow anyone to log in on the domain. We therefore had to re-add the systems to the domain. In doing that we found that the option to create the computer account automatically didn't work. The debug level 10 logs said: Doing \PIPE\samr [2001/11/21 12:20:53, 4] rpc_server/srv_pipe.c:api_rpcTNP(1177) api_rpcTNP: api_samr_rpc op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_debug(63) 000000 samr_io_q_set_userinfo [2001/11/21 12:20:53, 6] rpc_parse/parse_prs.c:prs_debug(63) 000000 smb_io_pol_hnd pol [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint32(547) 0000 data1: 00000000 [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint32(547) 0004 data2: 0b000000 [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint16(518) 0008 data3: 0000 [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint16(518) 000a data4: 0000 [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint8s(573) 000c data5: 24 9c fb 3b 8d 12 00 00 [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint16(518) 0014 switch_value: 001a [2001/11/21 12:20:53, 6] rpc_parse/parse_prs.c:prs_debug(63) 000016 samr_io_userinfo_ctr ctr [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_uint16(518) 0016 switch_value: 001a [2001/11/21 12:20:53, 2] rpc_parse/parse_samr.c:samr_io_userinfo_ctr(6135) samr_io_userinfo_ctr: unknown switch level 0x1a [2001/11/21 12:20:53, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2001/11/21 12:20:53, 5] rpc_parse/parse_prs.c:prs_debug(63) We are also getting this while trying to set up the AntiVirus services on these systems. We don't get any of these problems on Windows 2000. Has anyone any ideas on how to fix this? Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From neofolk at yahoo.de Wed Nov 21 09:54:10 2001 From: neofolk at yahoo.de (Oliver Kroll :ALT EUROPA: - Magazin) Date: Tue Dec 2 02:36:54 2003 Subject: Win2000 shows Linux Client, but cant explore it Message-ID: <001601c172aa$6ed823b0$6600a8c0@p3desktop> hi, i try to connect my linux-laptop to my win2000-desktop. the win2000 shows my linux client by browsing network neighbourhood, but when i try to browse my linux-laptop, windows throws an error: cant find networkpath. when i try to mount a drive from the win2000 desktop on my linux-laptop, first i get the password-prompt, and after it, samba throws following error: .... ERRSRV - 2242 but if i start my desktop with win98 everything is ok, and i could browse the win98 pc with my linux. if somebody got an idea, would be greate. oliver k. sorry for my bad english... -------------- next part -------------- HTML attachment scrubbed and removed From cradomski at incat.com Wed Nov 21 11:09:04 2001 From: cradomski at incat.com (Craig Radomski) Date: Tue Dec 2 02:36:54 2003 Subject: NTdom Message-ID: <3B23CF49E988D411BCBA0004AC4CC122012CF1F8@ATLANTIC> Have a samba domain server on Sun server. All users work great except 1 ! The userid 36414 all ways maps to nobody on the unix system. I delete and recreated the user many time. Can not change the user id because it is mapped to admintrator of my CAD system. Any one have a clue? Craig Radomski INCAT Systems 41370 Bridge Street, Novi MI 48375-1302 * cradomski@incat.com * 248.426.1748 * 208.275.0917 * www.incat.com * Helpdesk: 1.888.746.6478 From mjs at blitz-technology.net Wed Nov 21 12:51:31 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:36:54 2003 Subject: Profiles Message-ID: <20011122065346.A7325@blitz-technology.net> woohoo, I have authentication working, and the login script executes. Now I hit my second problem. Windows isn't using the [profiles] share to store user profiles on. Having gone over the samba documentation I am more inclined to believe it's a problem on the windows client not the samba config, as everything in the samba config looks right. The windows client in question is Windows 2k Pro SP2. I don't have to spacifically tell it to use \\jolt\profiles\%u instead of c:\winnt\profiles\%u in a system policy or anything do I? attached below is my smb.conf file, jsut incase I've missed something obvious. [global] workgroup = BLITZ netbios name = JOLT interfaces = eth0 encrypt passwords = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . unix password sync = Yes time server = Yes logon script = logon.bat logon path = \\jolt\profiles\%u logon home = \\jolt\profiles\%u domain logons = Yes os level = 65 preferred master = True domain master = True wins support = Yes remote announce = 192.168.1.255 invalid users = root hosts allow = 192.168.1., 127.0.0.1 [netlogon] path = /home/logon browseable = No [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [homes] read only = No create mask = 0600 directory mask = 0700 browseable = No [installs] path = /home/installs/%m read only = No create mask = 0600 directory mask = 0700 From bolke at xs4all.nl Wed Nov 21 14:47:04 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:54 2003 Subject: samba for Windows 2000 In-Reply-To: Message-ID: I'm running W2K Advanced Server here; No problems at all. Do indeed turn off all standard services (which is a good start from a security point anyway as you system is vulnerable to every virus that uses IIS 5.0, so you should apply SP2 right away!) Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Doug Douglass Verzonden: woensdag 21 november 2001 17:19 Aan: jayts@iname.com; dingdong CC: samba-ntdom@lists.samba.org Onderwerp: RE: samba for Windows 2000 We have a Win2K Server that is a member of our Samba PDC domain. The typical steps were required for adding a machine account to the PDC (see samba docs). The only other issues I've come across were the typical "MS is thinking for you" kinda stuff...by default DHCP, DNS, WINS services were all installed and set to start automatically, which caused a few headaches at first but were quickly fixed. Assuming Win2K Advanced Server isn't that much different the regular Win2K Server, I don't think you should have any problems. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Jay Ts > Sent: Wednesday, November 21, 2001 4:55 AM > To: dingdong > Cc: samba-ntdom@lists.samba.org > Subject: Re: samba for Windows 2000 > > > > > > i am new to samba and was wondering, how can the shares in the samba > > server we be visible or even accessible to a Windows 2000 > advance server? > > To set up Win 2000 as a client in a workgroup, it is basically the same > as for Windows NT, except that Windows 2000 is different in look > and feel. Some things are in different places, and go by different > names, in the control panels. > > Check your network settings (computer name, workgroup name, IP address, > netmask, WINS and DNS server, etc.) These are in the Network... > and System > control panels. > > Jay Ts > From robg at uws.edu.au Wed Nov 21 14:49:01 2001 From: robg at uws.edu.au (robg@uws.edu.au) Date: Tue Dec 2 02:36:54 2003 Subject: security = domain, doesn't want to work Message-ID: I am setting up samba to authenticate to a PDC. With "security = server" this works just fine. But It won't work when I try domain level security. I have successfully joined the domain, and changed the workgoup parameter to the domains netbios name. But users can nolonger authenticate. The log files give the following error message [2001/11/21 15:34:20, 0] smbd/password.c:domain_client_validate(1554) domain_client_validate: could not fetch trust account password for domain W2K-BLK-LAB Any advice? Thanks, Rob. From mjs at blitz-technology.net Wed Nov 21 17:40:02 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:36:54 2003 Subject: Configuring Windows Client Message-ID: <20011122115031.A1761@blitz-technology.net> Hi list, I am trying to configure my Windows 2k Pro client to connect to the new Samba PDC. I go in to control pannel, system, network intification, and join myself to the BLITZ workgroup. It then asks me for a user/pass to join this domain, I enter mjs/xxxxxx to join the domain and get the following error. This is a computer account, use a global user or local user account to join this domain. What does this mean? Thanks From 320078990805-0001 at t-online.de Wed Nov 21 21:59:29 2001 From: 320078990805-0001 at t-online.de (Oliver Kroll) Date: Tue Dec 2 02:36:54 2003 Subject: Win2000 shows Linux Client, but cant explore it Message-ID: <002901c17310$c207b300$6600a8c0@p3desktop> hi, i try to connect my linux-laptop to my win2000-desktop. the win2000 shows my linux client by browsing network neighbourhood, but when i try to browse my linux-laptop, windows throws an error: cant find networkpath. when i try to mount a drive from the win2000 desktop on my linux-laptop, first i get the password-prompt, and after it, samba throws following error: .... ERRSRV - 2242 i also changed the decrypted - password flag by win2000. but if i start my desktop with win98 everything is ok, and i could browse the win98 pc with my linux. if somebody got an idea, would be greate. oliver k. sorry for my bad english... From MathiasWohlfarth at bwb.org Thu Nov 22 01:59:03 2001 From: MathiasWohlfarth at bwb.org (Mathias Wohlfarth) Date: Tue Dec 2 02:36:55 2003 Subject: Antwort: 1.st login ask for password.. Message-ID: I have a patch on Samba 2.2.2, that introduces a new parameter "user password timeout". If set to zero passwords will never expire. If set to any num, passwords will expire after this timeperiode. Samba keeps the time of last password change and the patch calculates from this time. For a new user the "last password changed time" is zero, so the new user is forced to change his password. If the admin changes a user password, may be because the user has forgotten it, he also can change the LCT- field in smbpasswd again to 00000000 and the user has a new password and is force to change it at next login. You can create a script to do that. I will submit the patch to samba-patches in the next days. It is now availabe on http://www.m-wohlfarth.de/Downloads/Samba (the patch and a complete Samba 2.2.2 source code distribution with the applied patch). Test with Samba on Linux and AIX with W2K and NT4 were successfull. please give feedbach if you try it regards Mathias >Hi Guys > >In Windows NT server there is an option for the PDC to ask the client f= >or a >new password/expired password when the user logs on for the first time.= >.. > >Is this posible in Samba?? > >If it is how do i configure / add the users in that way?? > >Christian Pedersen -=3D- Wallin Computer >Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90= > From samba-ntdom at myrealbox.com Thu Nov 22 02:33:04 2001 From: samba-ntdom at myrealbox.com (Kristoffer Egefelt) Date: Tue Dec 2 02:36:55 2003 Subject: browsing mystery.... Message-ID: <1006425157.4c755ff4samba-ntdom@myrealbox.com> Making Samba browsemaster, leaves the windowsnetwork not browsable... No problems with win95,98 or 2000 as browsemaster... Any ideas...? specs: Intel, samba 2.2.2, Freebsd 4.4 release From palle74 at home.se Thu Nov 22 02:58:02 2001 From: palle74 at home.se (Paul Johansson) Date: Tue Dec 2 02:36:55 2003 Subject: Problems logging in to Samba from NT4... Message-ID: <5.1.0.14.2.20011122114252.00b19550@pop.home.se> Hi! I have installed Samba following the instructions very precise, but I can't log in to the Samba server from NT4 Workstation. I think I have made everything correct and Samba seems to have been installed properly. For example, I tested the command 'smbclient -L ' and it listed the shares etc. Can somebody please help! My smb.conf looks like this: ---------------------------------------------- [global] # Text som st?r j?mte maskinnamnet n?r du browsar n?tet server string = Samba comment = Samba # Dom?nen som servern tillh?r workgroup = DEEPCORE # Performans parameter max xmit = 32767 # Till?t l?nga namn mangled names = no # Om inte resursen anv?ns, koppla ner den efter 30 minuter. dead time = 30 # Debugniv? debug level = 0 # Skall den vara domain logon server? domain logons = yes # S?kerhetniv? security = USER # F?r att f? svenska tecken character set = iso8859-1 valid chars = 206:217 204:216 224:231 32 # Skript som k?rs n?r man loggar in, skall finnas i NETLOGON resursen logon script = logon.bat [homes] # Hemkataloger # Skall inte kunna browsas browseable = no # Ingen "guest" anv?ndare guest ok = no # Skall kunna b?de l?sa och skriva read only = no # Beh?ll stora och sm? bokst?ver i filnamn preserve case = yes short preserve case = yes # Skilj inte mellan stora och sm? bokst?ver i filnamn case sensitive = no [netlogon] # Resurse f?r att kunna k?ra logon skript comment = Netlogon # Var ligger logon skripten path = /usr/local/samba/netlogon # Alla skall kunna mappa denna resurs public = yes # Endast l?sbar writable = no [tmp] # Resurs f?r att kunna l?gga tempor?ra filer, alla kan l?sa och skriva hit comment = temp area path = /tmp public = yes writable = yes printable = no ---------------------------------------- /Paul From samba at nebula-sa.com.ar Thu Nov 22 04:02:07 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:55 2003 Subject: Antwort: 1.st login ask for password.. References: Message-ID: <005701c1734d$4d50c6e0$1a3ca8ac@jusbaires.gov.ar> Mathias: i heard that in HEAD is posible to do that, but only when the client is NT4_WORKSTATION or superior (XP, Win2k).. with your pacht, this is posible with Win9x/Me?? thx. ----- Original Message ----- From: "Mathias Wohlfarth" To: "samba-ntdom" Cc: "christian" Sent: Thursday, November 22, 2001 6:52 AM Subject: Antwort: 1.st login ask for password.. > I have a patch on Samba 2.2.2, that introduces a new parameter "user > password timeout". If set to zero passwords will never expire. If set to > any num, passwords will expire after this timeperiode. > Samba keeps the time of last password change and the patch calculates from this time. For a new user the "last password changed time" is zero, so the > new user is forced to change his password. > If the admin changes a user password, may be because the user has forgotten it, he also can change the LCT- field in smbpasswd again to 00000000 and > the user has a new password and is force to change it at next login. You can create a script to do that. > I will submit the patch to samba-patches in the next days. It is now availabe on http://www.m-wohlfarth.de/Downloads/Samba (the patch and a complete > Samba 2.2.2 source code distribution with the applied patch). > Test with Samba on Linux and AIX with W2K and NT4 were successfull. > please give feedbach if you try it > regards Mathias > > >Hi Guys > > > >In Windows NT server there is an option for the PDC to ask the client f= > >or a > >new password/expired password when the user logs on for the first time.= > >.. > > > >Is this posible in Samba?? > > > >If it is how do i configure / add the users in that way?? > > > >Christian Pedersen -=3D- Wallin Computer > >Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90= > > > > > > From olli.fink at ak-vorarlberg.at Thu Nov 22 04:16:02 2001 From: olli.fink at ak-vorarlberg.at (Olli Fink) Date: Tue Dec 2 02:36:55 2003 Subject: AW: Problems logging in to Samba from NT4... In-Reply-To: <5.1.0.14.2.20011122114252.00b19550@pop.home.se> Message-ID: <000c01c1734f$147a3b10$6401000a@olli> I think you have to create a machine account for your nt4-machine -> that is: an count with the netbios-name and a $ for example: your machine is called NT4 -> create a user-account in your passwd-file : user-name : NT4$ and a machine account in your smbpasswd: with smbpasswd -a -m NT4 Hope this helps Olli > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Paul Johansson > Gesendet am: Donnerstag, 22. November 2001 11:57 > An: samba-ntdom@lists.samba.org > Betreff: Problems logging in to Samba from NT4... > > Hi! > > I have installed Samba following the instructions very precise, > but I can't > log in to the Samba server from NT4 Workstation. I think I have made > everything correct and Samba seems to have been installed properly. For > example, I tested the command 'smbclient -L ' and it listed the > shares etc. Can somebody please help! > > My smb.conf looks like this: > ---------------------------------------------- > [global] > # Text som st?r j?mte maskinnamnet n?r du browsar n?tet > server string = Samba > comment = Samba > # Dom?nen som servern tillh?r > workgroup = DEEPCORE > # Performans parameter > max xmit = 32767 > # Till?t l?nga namn > mangled names = no > # Om inte resursen anv?ns, koppla ner den efter 30 minuter. > dead time = 30 > # Debugniv? > debug level = 0 > # Skall den vara domain logon server? > domain logons = yes > # S?kerhetniv? > security = USER > # F?r att f? svenska tecken > character set = iso8859-1 > valid chars = 206:217 204:216 224:231 32 > # Skript som k?rs n?r man loggar in, skall finnas i NETLOGON resursen > logon script = logon.bat > > [homes] > # Hemkataloger > # Skall inte kunna browsas > browseable = no > # Ingen "guest" anv?ndare > guest ok = no > # Skall kunna b?de l?sa och skriva > read only = no > # Beh?ll stora och sm? bokst?ver i filnamn > preserve case = yes > short preserve case = yes > # Skilj inte mellan stora och sm? bokst?ver i filnamn > case sensitive = no > > [netlogon] > # Resurse f?r att kunna k?ra logon skript > comment = Netlogon > # Var ligger logon skripten > path = /usr/local/samba/netlogon > # Alla skall kunna mappa denna resurs > public = yes > # Endast l?sbar > writable = no > > [tmp] > # Resurs f?r att kunna l?gga tempor?ra filer, alla kan l?sa och skriva hit > comment = temp area > path = /tmp > public = yes > writable = yes > printable = no > ---------------------------------------- > > /Paul > > From derk at science.uva.nl Thu Nov 22 04:49:01 2001 From: derk at science.uva.nl (D.W. Bouhuijs) Date: Tue Dec 2 02:36:55 2003 Subject: printer browsing Message-ID: <00f901c17353$a4bb9080$28043292@science.uva.nl> Samba 2.2.2 on Solaris 8, Windows 2000. To test, I have installed about 50 network printers, printing via samba. It works fine and users can control there own printjobs, however...... Whenever I open e.g. Start>settings>printers or try to print using an application, the machine asks (samba uses lpstat %p) the status of all these printers. The machine also does this frequently to refresh its cache. This causes my server to generate numerous of in.lpd processes. If more than 400 machines do that, it would be deadly. Is there a way to disable this behavior. Regards, Derk. From werner at gs-software.de Thu Nov 22 05:15:02 2001 From: werner at gs-software.de (Sven Werner) Date: Tue Dec 2 02:36:55 2003 Subject: WIN 2K Question. Message-ID: Hi! We have a problem integrating our Win2K (SP2) Computers into our (Win)domain which is defined by a Samba 2.2.2 Server (Linux Kernel 2.2.14). If we try to connect the Win2K Computers to the Domain we gain the Answer that the authentification has failed. With Win NT or Win 98 in the same net the mentioned problem doesn't occur. Samba was configured as explained in the samba-howto-collection. Thanks for your efforts. From Daniel.Moeller at de.bosch.com Thu Nov 22 05:47:01 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:55 2003 Subject: AW: Configuring Windows Client Message-ID: <1121C3ABCA53C945B821A821CDD67F62F684D0@simail21.desi2.bosch.com> Hi, this is an FAQ, you have to use root and its pw as in smbpasswd or similar. Regards, Danny -----Urspr?ngliche Nachricht----- Von: mjs@blitz-technology.net [mailto:mjs@blitz-technology.net] Gesendet: Donnerstag, 22. November 2001 01:51 An: samba-ntdom@lists.samba.org Betreff: Configuring Windows Client I go in to control pannel, system, network intification, and join myself to the BLITZ workgroup. It then asks me for a user/pass to join this domain, I enter mjs/xxxxxx to join the domain and get the following error. This is a computer account, use a global user or local user account to join this domain. From Sebastian.Trahm at alcatel.de Thu Nov 22 08:33:03 2001 From: Sebastian.Trahm at alcatel.de (Sebastian Trahm) Date: Tue Dec 2 02:36:55 2003 Subject: browsing mystery.... Message-ID: <01C1737B.997751F0.Sebastian.Trahm@alcatel.de> Hello, i had the same problems with Samba 2.2.1 running on a FreeBSD 4.2 Box, the Sambamachine was local masterbrowser, but trying to connect from a WinX-machine was never successfull. take care, Sebastian From mjs at blitz-technology.net Thu Nov 22 10:44:02 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:36:55 2003 Subject: Configuring Windows Client In-Reply-To: <1121C3ABCA53C945B821A821CDD67F62F684D0@simail21.desi2.bosch.com> References: <1121C3ABCA53C945B821A821CDD67F62F684D0@simail21.desi2.bosch.com> Message-ID: <20011123045437.A6911@blitz-technology.net> umm so I have to add "root" to my /etc/samba/smbpasswd file? On Thu, Nov 22, 2001 at 02:45:05PM +0100, Moeller Daniel (QI/CCE2-SI) * wrote: > Hi, > > this is an FAQ, you have to use root and its pw as in smbpasswd or similar. > > Regards, > Danny > > -----Urspr?ngliche Nachricht----- > Von: mjs@blitz-technology.net [mailto:mjs@blitz-technology.net] > Gesendet: Donnerstag, 22. November 2001 01:51 > An: samba-ntdom@lists.samba.org > Betreff: Configuring Windows Client > > > I go in to control pannel, system, network intification, and join myself > to the BLITZ workgroup. > > It then asks me for a user/pass to join this domain, I enter mjs/xxxxxx > to join the domain and get the following error. > > This is a computer account, use a global user or local user account to > join this domain. > > From MathiasWohlfarth at bwb.org Fri Nov 23 02:43:02 2001 From: MathiasWohlfarth at bwb.org (Mathias Wohlfarth) Date: Tue Dec 2 02:36:55 2003 Subject: Antwort: Re: Antwort: 1.st login ask for password.. Message-ID: I have just tested with the PCL (Primary Login Client) for WinNT and Win2000 from IBM. The password change works. The PCL is also available for Win95. Maybe this is a solution if Win95 doesn't work from itself. You can download form http://techsupport.services.ibm.com/asd-bin/doc/en_us/win95cl/f-feat.htm. Although they say it's build for OS/2 you can do login to DCE and Domaincontroler as well (we use it for DCE login today - the NT version!) Please give feedback if it works. regards Mathias "Ariel Mella" @lists.samba.org on 22.11.2001 13:30:37 Gesendet von: samba-ntdom-admin@lists.samba.org An: "samba-ntdom" , "Mathias Wohlfarth" Kopie: "christian" Org.Element: Telefon: Thema: Re: Antwort: 1.st login ask for password.. Mathias: i heard that in HEAD is posible to do that, but only when the client is NT4_WORKSTATION or superior (XP, Win2k).. with your pacht, this is posible with Win9x/Me?? thx. ----- Original Message ----- From: "Mathias Wohlfarth" To: "samba-ntdom" Cc: "christian" Sent: Thursday, November 22, 2001 6:52 AM Subject: Antwort: 1.st login ask for password.. > I have a patch on Samba 2.2.2, that introduces a new parameter "user > password timeout". If set to zero passwords will never expire. If set to > any num, passwords will expire after this timeperiode. > Samba keeps the time of last password change and the patch calculates from this time. For a new user the "last password changed time" is zero, so the > new user is forced to change his password. > If the admin changes a user password, may be because the user has forgotten it, he also can change the LCT- field in smbpasswd again to 00000000 and > the user has a new password and is force to change it at next login. You can create a script to do that. > I will submit the patch to samba-patches in the next days. It is now availabe on http://www.m-wohlfarth.de/Downloads/Samba (the patch and a complete > Samba 2.2.2 source code distribution with the applied patch). > Test with Samba on Linux and AIX with W2K and NT4 were successfull. > please give feedbach if you try it > regards Mathias > > >Hi Guys > > > >In Windows NT server there is an option for the PDC to ask the client f= > >or a > >new password/expired password when the user logs on for the first time.= > >.. > > > >Is this posible in Samba?? > > > >If it is how do i configure / add the users in that way?? > > > >Christian Pedersen -=3D- Wallin Computer > >Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90= > > > > > > From trobison at meadows.net Fri Nov 23 04:16:02 2001 From: trobison at meadows.net (Tim Robison) Date: Tue Dec 2 02:36:55 2003 Subject: Problem Message-ID: <001a01c17418$89f42300$02f99dce@ibm23ar813> I have an NT server, I want to set up a samba box as a bdc over a WAN link.....how can this be done? Contact Information: RCS 10431 Bachelor Sq Meadowlands MN 55765 218-390-4434 -------------- next part -------------- HTML attachment scrubbed and removed From samba at nebula-sa.com.ar Fri Nov 23 04:35:05 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:55 2003 Subject: Antwort: Re: Antwort: 1.st login ask for password.. References: Message-ID: <007101c1741b$15488de0$1a3ca8ac@jusbaires.gov.ar> Mathias: i was talking about the function that NT SERVER+ are ready capable like saying "User must change password in the first logon" and "password expiry in xx days"... and that is posible an already running with win9x.. that you are representing here are a client for win9x?? > > I have just tested with the PCL (Primary Login Client) for WinNT and > Win2000 from IBM. The password change works. The PCL is also available for > Win95. > Maybe this is a solution if Win95 doesn't work from itself. > You can download form > http://techsupport.services.ibm.com/asd-bin/doc/en_us/win95cl/f-feat.htm. > Although they say it's build for OS/2 you can do login to DCE and > Domaincontroler as well (we use it for DCE login today - the NT version!) > Please give feedback if it works. > regards Mathias > > > > > "Ariel Mella" @lists.samba.org on 22.11.2001 > 13:30:37 > > Gesendet von: samba-ntdom-admin@lists.samba.org > > > An: "samba-ntdom" , "Mathias Wohlfarth" > > Kopie: "christian" > Org.Element: > Telefon: > Thema: Re: Antwort: 1.st login ask for password.. > > > Mathias: > i heard that in HEAD is posible to do that, but only when the client is > NT4_WORKSTATION or superior (XP, Win2k).. with your pacht, this is posible > with Win9x/Me?? > thx. > > > ----- Original Message ----- > From: "Mathias Wohlfarth" > To: "samba-ntdom" > Cc: "christian" > Sent: Thursday, November 22, 2001 6:52 AM > Subject: Antwort: 1.st login ask for password.. > > > > I have a patch on Samba 2.2.2, that introduces a new parameter "user > > password timeout". If set to zero passwords will never expire. If set to > > any num, passwords will expire after this timeperiode. > > Samba keeps the time of last password change and the patch calculates > from > this time. For a new user the "last password changed time" is zero, so the > > new user is forced to change his password. > > If the admin changes a user password, may be because the user has > forgotten it, he also can change the LCT- field in smbpasswd again to > 00000000 and > > the user has a new password and is force to change it at next login. You > can create a script to do that. > > I will submit the patch to samba-patches in the next days. It is now > availabe on http://www.m-wohlfarth.de/Downloads/Samba (the patch and a > complete > > Samba 2.2.2 source code distribution with the applied patch). > > Test with Samba on Linux and AIX with W2K and NT4 were successfull. > > please give feedbach if you try it > > regards Mathias > > > > >Hi Guys > > > > > >In Windows NT server there is an option for the PDC to ask the client f= > > >or a > > >new password/expired password when the user logs on for the first time.= > > >.. > > > > > >Is this posible in Samba?? > > > > > >If it is how do i configure / add the users in that way?? > > > > > >Christian Pedersen -=3D- Wallin Computer > > >Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90= > > > > > > > > > > > > > > > > > > From j.schmidt at extracom.de Fri Nov 23 05:07:01 2001 From: j.schmidt at extracom.de (Jens Uwe Schmidt) Date: Tue Dec 2 02:36:55 2003 Subject: AW: Problem In-Reply-To: <001a01c17418$89f42300$02f99dce@ibm23ar813> Message-ID: Hi, won't work. There's no functionality to emulate a BDC for an existing PDC. cheers jus -----Urspr?ngliche Nachricht----- Von: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Tim Robison Gesendet: Freitag, 23. November 2001 13:15 An: samba list Betreff: Problem I have an NT server, I want to set up a samba box as a bdc over a WAN link.....how can this be done? Contact Information: RCS 10431 Bachelor Sq Meadowlands MN 55765 218-390-4434 -------------- next part -------------- HTML attachment scrubbed and removed From stephen at ribblesdale.org Fri Nov 23 06:31:03 2001 From: stephen at ribblesdale.org (Stephen Taylforth) Date: Tue Dec 2 02:36:55 2003 Subject: NT Printer drivers in 2.2.1a Message-ID: Hello, I'm a relative newcomer to Linux and am evaluating the possiblity of moving Our wholly NT4 network to Windows 2000 Clients talking to Samba Servers. I have a couple of old machines set up with stock Mandrake 8.1 and Samba 2.2.1a and working through what we need to do to achieve our aims. I have met a problem I can't resolve. I want to use the samba as a print server but I can't Make samba accept the NT drivers with the 'New Driver' method in the howto. The drivers are uploaded to the server, but it falls at the final hurdle and Windows gives the 'Unable to change to the specified driver,original settings will be restored' Message. I've scoured the internet and this problem seems to be common, I've tried all the 'fixes' I've found all to no avail. I cannot get The APW method to work either. I'm using CUPS and I've added the printer from the CUPS web interface with no problems. I can get the printer to work from windows using a local driver but not to get the drivers to work from the server. From samba at nebula-sa.com.ar Fri Nov 23 08:18:33 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:56 2003 Subject: suddenly users cant log on from certain PCs.... Message-ID: <000501c1743a$2abf7480$1a3ca8ac@jusbaires.gov.ar> i getting desesperate... all is working fine.. problem: about 6 of 600 PC?s suddenly with no appear rason, cant log on to my samba PDC. i probed with users that can log on onto the rest of the machines but in these 6 is imposible to log. this 6 renegades PCs were working ok until 2 or 3 days.. when the first of the 6 renegades comes with the problem i think that could be a problem of Win9x networking.. but the number increases from 1 to 6 in one day... and i want to know why this is happened because i have afraid that the others PCs come renegades too.. Scenario: PCs win9x/Me client loguin to samba PDC. the samba have the users and password.. i check the users password expirry and try to log with users that can log on to another workstation. ideas???? From jacek at mer.chemia.polsl.gliwice.pl Fri Nov 23 08:29:34 2001 From: jacek at mer.chemia.polsl.gliwice.pl (Jacek Stolarczyk) Date: Tue Dec 2 02:36:56 2003 Subject: Logging from W2K SP2 Message-ID: Hi, When logging from Win2000 SP2, I get a message box saying (backtranslation from Polish, so it may not be accurate): "The system could not use your profile, but it logs you using default profile. DETAIL: There is no storage (***) space left" There is ~1GB of free space on disk so that should not pose a problem. Logging from WinNT 4.0 SP6a works without problems. Samba-2.2.1a works as PDC, "logon path" in smb.conf is set to /home/%U/profile, "logon home" to /home/%U Regards and thanks for your help so far Jacek Stolarczyk -- PhD student in physical chemistry Silesian University of Technology Gliwice, Poland From mtp at blaby.gov.uk Fri Nov 23 09:15:03 2001 From: mtp at blaby.gov.uk (Mike Pain) Date: Tue Dec 2 02:36:56 2003 Subject: Winbind issues Message-ID: <04a201c17442$4ca17dc0$d60115ac@blabydc.gov.uk> (Crossposted from samba list as it may be more relevant here). Several questions really (all on the stable 2.2.2 samba compiled with winbind and acls (and Brandon Stone's recycle bin), with a 2.4.14 kernel along with acls from acl.bestbits.at on a RedHat 7.2 box)... 1) Does anyone know how to stop the security event log on an NT PDC filling up with lots of ANONYMOUS accesses to the Security Account Manager eg: Object Open: Object Server: Security Account Manager Object Type: SAM_GROUP Object Name: DOMAINS\Account\Groups\0000045E New Handle ID: 1841992 Operation ID: {0,70068560} Process ID: 2161235584 Primary User Name: SYSTEM Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E7) Client User Name: Client Domain: Client Logon ID: (0x0,0x2DD7) Accesses READ_CONTROL ReadInformation ListMembers Privileges - I suspect it is winbind that is causing this as I have just started using it and I have never seen this before. The last part of the object name changes every time, and there is then a corresponding Handle Closed entry. 2) If I change the default winbind separator from \ to + as suggested (I agree that at the unix level the backslash is problematic with a shell) then the Permissions tab on a file shows either a)No user/groupnames at all from an NT4sp6a box or b)User/groupnames like domain+user or domain+group from a Win9x box using the nexus sysadmin tools. When using the \ the names appear correctly on both boxes. My C isn't up to changing this but surely regardless of the separator used on the samba box, it should return a backslash to the external client such that user/groupnames are displayed correctly. 3) Also, is there an easy way of interrogating the winbind table that stores the NT->UID lookup to get a complete list rather than a one by one "getent passwd user"? Thanks for any help to a winbind newcomer. Mike ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message has been scanned for viruses. Blaby District Council - 0116 275 0555 ********************************************************************** From stoffer at billen.dk Fri Nov 23 10:57:48 2001 From: stoffer at billen.dk (samba-ntdom) Date: Tue Dec 2 02:36:56 2003 Subject: browsing mystery.... References: <01C1737B.997751F0.Sebastian.Trahm@alcatel.de> Message-ID: <005d01c17459$068f71e0$0200000a@w2k> Hi, did you solve the problem? ----- Original Message ----- From: "Sebastian Trahm" To: ; Sent: Thursday, November 22, 2001 4:29 PM Subject: browsing mystery.... > Hello, > > i had the same problems with Samba 2.2.1 running on a FreeBSD 4.2 Box, > the Sambamachine was local masterbrowser, but trying to connect from a > WinX-machine was never successfull. > > > > take care, > > Sebastian > > > From joseroberto at pwr.com.br Fri Nov 23 12:05:05 2001 From: joseroberto at pwr.com.br (José Roberto Kerne) Date: Tue Dec 2 02:36:58 2003 Subject: Problem with Samba + NT4 StandAlne + W95/98 Message-ID: <20011123180337.121b4958.joseroberto@pwr.com.br> Hello, I have a problem... Showing my structure Samba Server (2.2.0) - Domain Controller - Logon Server - File server (master server...) - Use Encryptation Yes (using smbpasswd) NT4 - Database Server (Standalone) Service Pack 6 - Permissions for shares configured getting user with Linux (Samba 2.2.0) - This server, before, is logon and domain server... but now, only Database Server. - File server (secondary, only for files from systems to Database) WorkStations Windows NT4 - ok 100% - Access 2 server, no problema WorkStagions W95/98 - Access to Domain with Samba server ok! - Access to NT4 (only Workstations before logged in NT4, older Domain Controller). New workstations W95/98 dont access this computer! Please, i need help! Thanks! ______________________________ Jos? Roberto Kerne Network Services Power Consultoria e Informatica Ltda Fones: (47) 433-7595 / 9107-6073 E-Mail: joseroberto@pwr.com.br www.pwr.com.br Oracle Alliances Centro Certificado GNU/LINUX Rede Conectiva de Servi?os From esavage at digitalrage.org Fri Nov 23 14:35:03 2001 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:36:58 2003 Subject: Problem with samba 2.2.1a and win2k professional Please Read! Message-ID: Please help this is driving me craz I have samba acting as a file server in a win2k server active directory site, it is soley just a file server. Anytime I stop and start samba services all of my win2k professional clients have to reboot, if not when they try to access the new shares or their home directories it says path not found. But after I have them reboot the win2k client everything works. Now for the win9x clients they always work stopping and starting of samba has no effect on them. Has anyone seen this please help. It would be greatly appreciated. From jay at toltec.metran.cx Fri Nov 23 16:36:04 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:58 2003 Subject: Logging from W2K SP2 In-Reply-To: from "Jacek Stolarczyk" at Nov 23, 2001 04:35:59 PM Message-ID: <200111240024.fAO0OJA09824@toltec.metran.cx> > When logging from Win2000 SP2, I get a message box saying (backtranslation > from Polish, so it may not be accurate): > "The system could not use your profile, but it logs you using default > profile. DETAIL: There is no storage (***) space left" > There is ~1GB of free space on disk so that should not pose a problem. > Logging from WinNT 4.0 SP6a works without problems. I have been seeing this too - is it perhaps related to another Subject: (see message from Andreas Moroder) in which a solution is presented using "oplocks = true"? My system here is Samba 2.2.2 PDC and Win2K SP2. I only see the message occasionally. - Jay Ts From gottfrid at mail.ru Fri Nov 23 16:36:50 2001 From: gottfrid at mail.ru (Andrew Golubev) Date: Tue Dec 2 02:36:58 2003 Subject: Can't change password from Windows Message-ID: Hello :) Samba 2.2 as PDC smb.conf ..... unix password sync =yes encrypt passwords = yes passwd program = /usr/bin/passwd %u passwd chat = "New UNIX password:" %n\n "Retype new UNIX password:" %n\n "passwd: all authentication tokens updated successfully" .... Ofcourse passwd chat string look like passwd dialog. When I try to change mu password from nt dos session by "net user username newpassword /domain" I got an error - "System error 5"\n "Access failed" What wrong? Thank You for help, Andrew From Sebastian.Trahm at alcatel.de Sat Nov 24 03:16:02 2001 From: Sebastian.Trahm at alcatel.de (Sebastian Trahm) Date: Tue Dec 2 02:36:58 2003 Subject: AW: browsing mystery.... Message-ID: <01C174E1.9EEB7820.Sebastian.Trahm@alcatel.de> Hi, no, we couldn't solve the problem 'til today. Our workgroup was build up on three subnetworks, for every subnetwork we configured a local-master-browser and one subnetwork had the domain-master-browser. After a time we were able to see all the host from the "other side" within our "whole" workgroup, but trying to connect to them failed with an error message, that the requested host couldn't be found. We paused the trial & error method; now going to test only with two subnets, simple routing between, trying another OS; If i get any further results on it, you will here from me, the only problem is the effort of time. take care, Sebastian inthisdefiance@gmx.net sebastian.trahm@alcatel.de From antonio.morrocches at tiscalinet.it Sat Nov 24 08:11:05 2001 From: antonio.morrocches at tiscalinet.it (antonio.morrocches) Date: Tue Dec 2 02:36:58 2003 Subject: Problems with Samba vs. NT Message-ID: <000e01c17501$e0a7e080$4600a8c0@aquaba> Hi Samba list, I have a problem with Samba configuration. I have a PDC Windows NT4 with SP6a and a PC with Samba 2.2.1a. Whit ping I see those PC on network, when I digit on Samba Server: smbclient -L superserver (superserver is the NetBios name of PDC), I see the PDC share resources. With NT Server Manager I have authenticated linuxsrv (name of samba server) in domain, after, digiting on Samba server smbpasswd -j FELIX -r SUPERSERVER (FELIX is domain name) I have joined domain FELIX. Now, if I click whit NT Server Manager Linuxsrv Icon I see the follow failure message: "Network path was not found" If I click on NT Network Neighborhood I see two icons in FELIX domain resource: superserver linuxsrv But, if I click on linuxsrv I see this failure message: \\linuxsrv is not accessible smb.conf file on the samba server is cofigured as follow: workgroup = felix security = domain password server = superserver encrypt password = yes smb passwd file = /etc/samba/smbpasswd local master = no os level = 2 preferred master = no I don't understand NT behiavour, can you help me to resolve this problem? Antonio Morrocchesi Firenze Italy -------------- next part -------------- HTML attachment scrubbed and removed From antonio.morrocches at tiscalinet.it Sat Nov 24 08:22:03 2001 From: antonio.morrocches at tiscalinet.it (antonio.morrocches) Date: Tue Dec 2 02:36:58 2003 Subject: Navigation problems in NT domain Message-ID: <003c01c17503$696a2440$4600a8c0@aquaba> Hi Samba list, I have a problem with Samba configuration. I have a PDC Windows NT4 with SP6a and a PC with Samba 2.2.1a. Whit ping I see those PC on network, when I digit on Samba Server: smbclient -L superserver (superserver is the NetBios name of PDC), I see the PDC share resources. With NT Server Manager I have authenticated linuxsrv (name of samba server) in domain, after, digiting on Samba server smbpasswd -j FELIX -r SUPERSERVER (FELIX is domain name) I have joined domain FELIX. Now, if I click whit NT Server Manager Linuxsrv Icon I see the follow failure message: "Network path was not found" If I click on NT Network Neighborhood I see two icons in FELIX domain resource: superserver linuxsrv But, if I click on linuxsrv I see this failure message: \\linuxsrv is not accessible smb.conf file on the samba server is cofigured as follow: workgroup = felix security = domain password server = superserver encrypt password = yes smb passwd file = /etc/samba/smbpasswd local master = no os level = 2 preferred master = no I don't understand NT behiavour, can you help me to resolve this problem? Antonio Morrocchesi Firenze Italy -------------- next part -------------- HTML attachment scrubbed and removed From antonio.morrocches at tiscalinet.it Sat Nov 24 08:35:04 2001 From: antonio.morrocches at tiscalinet.it (antonio.morrocches) Date: Tue Dec 2 02:36:58 2003 Subject: Navigation problems in NT domain Message-ID: <005f01c17505$3ce966e0$4600a8c0@aquaba> Hi Samba list, I have a problem with Samba configuration. I have a PDC Windows NT4 with SP6a and a PC with Samba 2.2.1a. Whit ping I see those PC on network, when I digit on Samba Server: smbclient -L superserver (superserver is the NetBios name of PDC), I see the PDC share resources. With NT Server Manager I have authenticated linuxsrv (name of samba server) in domain, after, digiting on Samba server smbpasswd -j FELIX -r SUPERSERVER (FELIX is domain name) I have joined domain FELIX. Now, if I click whit NT Server Manager Linuxsrv Icon I see the follow failure message: "Network path was not found" If I click on NT Network Neighborhood I see two icons in FELIX domain resource: superserver linuxsrv But, if I click on linuxsrv I see this failure message: \\linuxsrv is not accessible smb.conf file on the samba server is cofigured as follow: workgroup = felix security = domain password server = superserver encrypt password = yes smb passwd file = /etc/samba/smbpasswd local master = no os level = 2 preferred master = no I don't understand NT behiavour, can you help me to resolve this problem? Antonio Morrocchesi Firenze Italy -------------- next part -------------- HTML attachment scrubbed and removed From mrfusion at gmx.net Sat Nov 24 14:15:02 2001 From: mrfusion at gmx.net (S. Zwedler) Date: Tue Dec 2 02:36:58 2003 Subject: Password expiration after joining Domain References: <20011123200229.40FED45B3@lists.samba.org> Message-ID: <3BF71713.619F3660@gmx.net> Hi, after installing Samba 2.2.2 and successfully joining the domain, users are now prompted to change their passwords. I believe this is triggered by Samba, and while it makes sense security-wise, it's not needed in the trusted environment here so I'd like to set the password expiration time to infinite (never expires). I haven't yet found the right option in Samba yet, so i'd be more than grateful if someone could tell me where I can find the proper option. (i'm aware that there is a last-time-changed field in smbpasswd file but I do not want to change that manually for all users every month...) Thanks all, Steffen Zwedler From ed at node1379.a2000.nl Sun Nov 25 03:43:03 2001 From: ed at node1379.a2000.nl (Ed van der Salm) Date: Tue Dec 2 02:36:58 2003 Subject: Problem with samba 2.2.1a and win2k professional Please Read! In-Reply-To: <20011124200223.D8C084865@lists.samba.org> Message-ID: Hi, I don't have a solution, but i think i have got the same problem. My setup: Win2K server, Samba 2.2.1a, Laptop using Win2K Pro. It is possible to start the laptop and login (the domain) without a physical network connection. If you connect to the network it is able to access the shares on the W2K server but it is not possible to access the Samba server. If i tell the user to logoff and logon again it is working like it should. Everything else is working like it should and there is only one laptop so i don't rely want to upgrade the samba server. (got enough work already...) But is this something that would be solved by using 2.2.2? Thanks! Ed. > Message: 2 > Subject: Problem with samba 2.2.1a and win2k professional Please Read! > Date: Fri, 23 Nov 2001 17:34:28 -0500 > From: "Elijah Savage" > To: "Samba-Ntdom (E-mail) (E-mail)" > > Please help this is driving me craz > > I have samba acting as a file server in a win2k server active directory > site, it is soley just a file server. Anytime I stop and start samba > services all of my win2k professional clients have to reboot, if not > when they try to access the new shares or their home directories it says > path not found. But after I have them reboot the win2k client everything > works.=20 > Now for the win9x clients they always work stopping and starting of > samba has no effect on them. > > Has anyone seen this please help. > > It would be greatly appreciated. > > From phil.burrow at blueyonder.co.uk Sun Nov 25 07:43:02 2001 From: phil.burrow at blueyonder.co.uk (Philip Burrow) Date: Tue Dec 2 02:36:58 2003 Subject: Only root can log on to domain? Message-ID: <001701c175c7$84aa0080$0200000a@Haxed> Hi, I'm trying to get Samba 2.2.2 working as a domain controller with Windows XP Pro. I seem to have it working, but it will only let root log on to the domain. I have created some users with; smbpasswd -a Yet it will not authenticate them. But if I use root with the root password, it logs on. Any ideas? Phil. From MarshallJ at switch.aust.com Sun Nov 25 19:56:02 2001 From: MarshallJ at switch.aust.com (MarshallJ@switch.aust.com) Date: Tue Dec 2 02:36:58 2003 Subject: File sharing across slow WAN links Message-ID: Hi All, I know that it's the protocol that make file sharing across slow links painful (when compared to ftp etc) but I was wondering if there are any settings (socket options?) in the smb.conf file that would make the protocol work best over a slow link (e.g. modem dialup, 64k ISDN), and what are the best values I can put in there? Regards, Josh From dan_perik-work at ntm.org.pg Mon Nov 26 02:27:12 2001 From: dan_perik-work at ntm.org.pg (Dan Perik) Date: Tue Dec 2 02:36:58 2003 Subject: WinXP - RequireSignOrSeal question Message-ID: <1006740148.19715.9.camel@latitude.perik> Hello, As the administrator of a few networks in different places, and some of them successfully using Samba as PDC's, I am thankful that none of the clients in my domain(s) are WinXP (yet). But I'm sure someday there will be WinXP clients. And when that day comes, I know I'll have to use that RequireSignOrSeal registry hack. Since some of the domains I oversee have been setup by me, but are sort of administered (due to location) by... well, clueless people, using the registry hack will be a bit kludgy and difficult for some. I'm wondering what WinXP uses or does that Samba doesn't support yet. And when will Samba support it so that we don't have to use the registry hack? Thanks for all the good work on making Samba the incredible software it is. - Dan Perik From a.morrocchesi at tiscalinet.it Mon Nov 26 02:32:40 2001 From: a.morrocchesi at tiscalinet.it (a.morrocchesi) Date: Tue Dec 2 02:36:58 2003 Subject: Samba configuration problem Message-ID: <003801c17663$45a3ff20$4600a8c0@aquaba> Hi Samba list, I have a problem with Samba configuration. I have a PDC Windows NT4 with SP6a and a PC with Samba 2.2.1a. I want to do Samba Sever a NT domain server member. I have configured Samba Server as follow: workgroup = felix security = domain password server = superserver encrypt password = yes smb passwd file = /etc/samba/smbpasswd local master = no os level = 2 preferred master = no I write smbclient -L superserver, I see share resources in superserver NT PDC domain, If I write on Samba server: smbstatus I read: Samba version 2.2.1a Service uid guid pid machine --------------------------------------------------------------------- Failed to open byte range locking database ERROR: Failed to initialize loking database Can't initialise locking module-exiting Why this error? Regards -------------- next part -------------- HTML attachment scrubbed and removed From kaneda at dedaletechnology.com Mon Nov 26 02:56:03 2001 From: kaneda at dedaletechnology.com (kaneda K) Date: Tue Dec 2 02:36:58 2003 Subject: Hello Message-ID: <20011126105424.9D381498C@lists.samba.org> Hello everyone I try to use winbind.so in order to use W2000 server has indentification server. so I try to modify /etc/pam.d/login and to have : auth sufficient pam_unix.so auth required pam_winbind.so debug In order to have an authentification using winbind to any user. the Error message is the following : connect_to_domain_password_server: unable to setup the PDC credentials to machine AUTH2000. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT smbd/password.c:domain_client_validate domain_client_validate: Domain password server not available I suppose that there must a someting either on the smb.cof or in the Win200 server that I forgot but could any one help me I check the web site for the NT_STATUS_NO_TRUST_SAM_ACCOUNT but it did not retrieve anything. BTW I did not find the archive for that Mailling list. sincerely yours, Kaneda K From bgmilne at cae.co.za Mon Nov 26 03:28:01 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:58 2003 Subject: NT Printer drivers in 2.2.1a Message-ID: <3C02269B.7080101@cae.co.za> > > >Message: 5 >From: Stephen Taylforth >Subject: NT Printer drivers in 2.2.1a >To: samba-ntdom@lists.samba.org >Date: Fri, 23 Nov 2001 13:13:08 GMT >Organization: Ribblesdale School >Reply-To: stephen@ribblesdale.org > >Hello, I'm a relative newcomer to Linux and am evaluating the possiblity of moving Our wholly NT4 >network to Windows 2000 Clients talking to Samba Servers. I have a couple of old machines set up >with stock Mandrake 8.1 and Samba 2.2.1a and working through what we need to do to achieve our >aims. > Before you start, I would suggest you update to samba-2.2.2-1mdk available at http://ranger.dnsalias.com/mandrake/samba. If you haven't invested too much effort in your current smb.conf file, please copy your share definitions into /etc/samba/smb.conf.rpmnew, and then copy /etc/samba/smb.conf.rpmnew to /etc/samba/smb.conf. I will tell you why below. Also, please take a look at the documentation at http://mandrakeuser.org/connect/csamba.html, there are updated versions of some of those pages at: http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html > >I have met a problem I can't resolve. I want to use the samba as a print server but I can't Make samba >accept the NT drivers with the 'New Driver' method in the howto. The drivers are uploaded to the >server, but it falls at the final hurdle and Windows gives the 'Unable to change to the specified >driver,original settings will be restored' Message. > We have fixed one or two packaging issues and entries in the default smb.conf file that relate specifically to this issue in samba-2.2.2-1mdk. It can be made to work in the default package, but you should probably update to 2.2.2 anyway. If you want to stick with 2.2.1a, mail be back and I will tell you what must be done. > >I've scoured the internet and this problem seems to be common, I've tried all the 'fixes' I've found all to >no avail. I cannot get The APW method to work either. I'm using CUPS and I've added the printer from >the CUPS web interface with no problems. I can get the printer to work from windows using a local >driver but not to get the drivers to work from the server. > >>From my poking around I believe it may be something to do with compile time options but compiling >doesn't sound like something I should be getting involved in if I can avoid it. > > >Heres smb.conf . There is probably a whole lot of rubbish in here through playing with options etc > I would suggest you avoid SWAT until you have read through the whole of the provided smb.conf file, as almost all the configuration you will ever want to do has got working and tested examples commented out in the file. SWAT deletes comments, so if you want a web-based config tool, rather use webmin (which is ssl encrypted also) at https://:10000 (if the webmin service is running). > > ># Samba config file created using SWAT > ># from 1.1.100.69 (1.1.100.69) > ># Date: 2001/11/23 12:30:41 > > > ># Global parameters > >[global] > > workgroup = CURRICULUM > > netbios name = LINUX2 > > server string = Samba Server %v > > encrypt passwords = Yes > > map to guest = Bad User > > password server = curric_one > > log file = /var/log/samba/log.%m > > max log size = 50 > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > printcap name = lpstat > > addprinter command = /usr/bin/addprinter > > dns proxy = No > > admin users = sv > > printer admin = sv > > printing = cups > > lpq command = /usr/bin/lpstat -o%p > should be lpq -P %p, otherwise the job entries shown in the queue are incorrect and you can't delete jobs. fixes in the smb.conf from 2.2.2-1mdk You can actually delete all your lp* commands, since the samba-defaults when printing=cups are usually correct (unless you are using client-side drivers, not postscript) in which case print command = lpr-cups -P %p -r -l %s (see the default smb.conf file provided with 2.2.2-1mdk, probably /etc/samba/smb.conf.pmnew). > > > lprm command = /usr/bin/cancel %p-%j > > queuepause command = /usr/bin/disable %p > > queueresume command = /usr/bin/enable %p > > printer driver location = /frogburgers/print > this is deprecated, and does not apply to the new (since 2.2.0) nt-style print driver downloading. > > > > >[homes] > > comment = Home Directories > > read only = No > > browseable = No > > > >[frogburgers] > > path = /frogburgers > > read list = sv > > write list = sv > > read only = No > > > >[print$] > comment = Printer Drivers > path = /frogburgers/print > guest account = everybody > write list = sv,root > guest ok = Yes > browseable = No > Please use the share definition provided (but commented out) in the default smb.conf. The path should be /var/lib/samba/printers, which contains the correct subdirectories for storing the print drivers. If the directories are missing (or not writeable by the user trying to install the drivers) the driver upload will fail. > > > >[share] > > path = /Shared > > read only = No > > > >[root] > > path = / > > read list = sv > > write list = sv > > browseable = No > > > >[kyocera] > You should not need share definitions for any of your printers, unless you want to seperate options per printer. > > > path = /tmp > > guest account = everybody > > printer admin = sv,root,staff,guest,everybody > > guest ok = Yes > > hosts allow = 1.1.*.* > > printable = Yes > > printing = nt > > lpq command = lpq -P%p > > lprm command = lprm -P%p %j > > queuepause command = > > queueresume command = > > printer driver location = > > >Thanks for taking the time to read this. > > >Stephen Taylforth > >IT Technician (Ribblesdale Technology College) [;-)] > -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From MathiasWohlfarth at bwb.org Mon Nov 26 03:29:02 2001 From: MathiasWohlfarth at bwb.org (Mathias Wohlfarth) Date: Tue Dec 2 02:36:58 2003 Subject: Antwort: Re: Antwort: Re: Antwort: 1.st login ask for password.. Message-ID: I have tested with win98: it does not care, when the password expires. I have installed the Win95 Login Client from IBM Version 4.1 (which is the latest free version - 4.3 seems to cost money): same result. Sorry, but I have no more ideas. "Ariel Mella" @lists.samba.org on 23.11.2001 14:03:39 Gesendet von: samba-ntdom-admin@lists.samba.org An: "Mathias Wohlfarth" Kopie: Org.Element: Telefon: Thema: Re: Antwort: Re: Antwort: 1.st login ask for password.. Mathias: i was talking about the function that NT SERVER+ are ready capable like saying "User must change password in the first logon" and "password expiry in xx days"... and that is posible an already running with win9x.. that you are representing here are a client for win9x?? > > I have just tested with the PCL (Primary Login Client) for WinNT and > Win2000 from IBM. The password change works. The PCL is also available for > Win95. > Maybe this is a solution if Win95 doesn't work from itself. > You can download form > http://techsupport.services.ibm.com/asd-bin/doc/en_us/win95cl/f-feat.htm. > Although they say it's build for OS/2 you can do login to DCE and > Domaincontroler as well (we use it for DCE login today - the NT version!) > Please give feedback if it works. > regards Mathias > > > > > "Ariel Mella" @lists.samba.org on 22.11.2001 > 13:30:37 > > Gesendet von: samba-ntdom-admin@lists.samba.org > > > An: "samba-ntdom" , "Mathias Wohlfarth" > > Kopie: "christian" > Org.Element: > Telefon: > Thema: Re: Antwort: 1.st login ask for password.. > > > Mathias: > i heard that in HEAD is posible to do that, but only when the client is > NT4_WORKSTATION or superior (XP, Win2k).. with your pacht, this is posible > with Win9x/Me?? > thx. > > > ----- Original Message ----- > From: "Mathias Wohlfarth" > To: "samba-ntdom" > Cc: "christian" > Sent: Thursday, November 22, 2001 6:52 AM > Subject: Antwort: 1.st login ask for password.. > > > > I have a patch on Samba 2.2.2, that introduces a new parameter "user > > password timeout". If set to zero passwords will never expire. If set to > > any num, passwords will expire after this timeperiode. > > Samba keeps the time of last password change and the patch calculates > from > this time. For a new user the "last password changed time" is zero, so the > > new user is forced to change his password. > > If the admin changes a user password, may be because the user has > forgotten it, he also can change the LCT- field in smbpasswd again to > 00000000 and > > the user has a new password and is force to change it at next login. You > can create a script to do that. > > I will submit the patch to samba-patches in the next days. It is now > availabe on http://www.m-wohlfarth.de/Downloads/Samba (the patch and a > complete > > Samba 2.2.2 source code distribution with the applied patch). > > Test with Samba on Linux and AIX with W2K and NT4 were successfull. > > please give feedbach if you try it > > regards Mathias > > > > >Hi Guys > > > > > >In Windows NT server there is an option for the PDC to ask the client f= > > >or a > > >new password/expired password when the user logs on for the first time.= > > >.. > > > > > >Is this posible in Samba?? > > > > > >If it is how do i configure / add the users in that way?? > > > > > >Christian Pedersen -=3D- Wallin Computer > > >Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90= > > > > > > > > > > > > > > > > > > From derk at science.uva.nl Mon Nov 26 04:37:02 2001 From: derk at science.uva.nl (D.W. Bouhuijs) Date: Tue Dec 2 02:36:58 2003 Subject: printer browsing (solution) References: <00f901c17353$a4bb9080$28043292@science.uva.nl> Message-ID: <001e01c17676$a7973e50$28043292@science.uva.nl> I found a solution to this problem. It's a bit nasty but it works. The samba server must be configured with printer support enabled. Install the printers, but use a local LPR port. lpd server: "samba print server". queue: "queue name". Install the printer drivers. Open the registry with regedit. Go to: HKLM\System\CurrentControlSet\Control\Print\Printers\printername Open the key: "Port". Change: server:queue into \\server\queue This will prevent the system to overload the server with printer status requests of all installed printers, because for that it now looks on the local machine. This saves a lot of waiting time when users want print from applications. When printing, users can still ask for individual queue status' and cancel their own printjobs. If users double-click an installed printer (start > settings > printers). The queue status of that printer will then be shown. This solution created a workable situation in my organisation, using more than 100 printers installed on just two print servers. Derk. > Samba 2.2.2 on Solaris 8, Windows 2000. > > To test, I have installed about 50 network printers, printing via samba. > It works fine and users can control there own printjobs, however...... > Whenever I open e.g. Start>settings>printers or try to print using an > application, > the machine asks (samba uses lpstat %p) the status of all these printers. > The machine also does this frequently to refresh its cache. > This causes my server to generate numerous of in.lpd processes. > If more than 400 machines do that, it would be deadly. > > Is there a way to disable this behavior. > > Regards, Derk. From hans at sbsfor.com Mon Nov 26 07:30:11 2001 From: hans at sbsfor.com (Hans Rasmussen) Date: Tue Dec 2 02:36:58 2003 Subject: NT4.0sp6a PDC, Samba 2.2.2, and winbindd troubles. Message-ID: <003a01c1768f$2582bb10$fb00a8c0@fraggle> Hi All OK, I've followed the instructions to the letter. I cannot get winbindd to work. Here is the output from winbindd -i -d 5 load_client_codepage: loading codepage 850. load_unicode_map: loading unicode map for codepage 850. added interface ip=192.168.0.253 bcast=192.168.0.255 nmask=255.255.255.0 establishing connections server: dc=, pwdb_init=0, lsa_hnd=0 resolve_lmhosts: Attempting lmhosts lookup for name SBSFOR<0x1c> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_wins: Attempting wins lookup for name SBSFOR<0x1c> resolve_wins: WINS server resolution selected and no WINS servers listed. name_resolve_bcast: Attempting broadcast lookup for name SBSFOR<0x1c> bind succeeded on port 0 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 65535 socket option SO_RCVBUF = 65535 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 Sending a packet of len 50 to (192.168.0.255) on port 137 Received a packet of len 62 from (192.168.0.10) port 137 nmb packet from 192.168.0.10(137) header: id=5433 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=SBSFOR<1c> rr_type=32 rr_class=1 ttl=300000 answers 0 char ...... hex E000C0A8000A Got a positive name query response from 192.168.0.10 ( 192.168.0.10 ) bind succeeded on port 0 Sending a packet of len 50 to (192.168.0.10) on port 137 Sending a packet of len 50 to (192.168.0.10) on port 137 could not find any domain controllers for domain SBSFOR OK, so this is what I've tried so far. I've put my PDC in the LMHOSTS file on the samba server. I've made the samba server a wins server. These all work, I get a positive name query for each. Joining the domain works fine. However, I cannot set 'password = *' in my smb.conf file, I have to explicitly tell samba which server is the password server. I cannot connect to samba shares otherwise. wbinfo -t says ... "Could not check secret" wbinfo -u say "Error looking up domain users" So, if I read this right, winbind is finding my PDC through name resolution, bind in this case, but when it tries to check it, it get's no response. Assuming that I've set winbind up properly, would this indicate a fault in my NT box. All my M$ clients see the box as the PDC. The only thing that might be weird with the PDC is taht it was promoted from a BDC when I upgraded our network and got rid of our old PDC. I'd really like to get this to work, it sounds like a great idea from the samba people. Please excuse the cross post of this to samba and samba domain. If any more info is needed by all the gurus, don't hesitate to ask. Thanks Hans From PNIXON at ci.somerville.ma.us Mon Nov 26 09:56:02 2001 From: PNIXON at ci.somerville.ma.us (PNIXON@ci.somerville.ma.us) Date: Tue Dec 2 02:36:58 2003 Subject: Auto-Create Home Directories for users? Message-ID: <313EB7592143D411AF5800B0D03D04D44B6094@geezil.somerville.ma.us> Hello All, I just got Samba-2.2.2, WinBind, and an NT4 Domain all working happy together. However, I noticed that when I browse or telnet to the server, it doesn't create a home directory for the user. Is there a way to automate this process? --Pat From cristian at cristianleiva.com.ar Mon Nov 26 10:14:10 2001 From: cristian at cristianleiva.com.ar (Cristian Luis Leiva Yahoo) Date: Tue Dec 2 02:36:58 2003 Subject: Auto-Create Home Directories for users? References: <313EB7592143D411AF5800B0D03D04D44B6094@geezil.somerville.ma.us> Message-ID: <00ad01c176a5$80a28320$a04ca8c0@cristian> yes Im create a directory call /home/ and I m add this line in my system-auth (pam.d) session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 Regards Cristian ----- Original Message ----- From: To: Sent: Monday, November 26, 2001 2:53 PM Subject: Auto-Create Home Directories for users? > Hello All, > I just got Samba-2.2.2, WinBind, and an NT4 Domain all working happy > together. However, I noticed that when I browse or telnet to the server, it > doesn't create a home directory for the user. Is there a way to automate > this process? > > --Pat From rickera2 at SLU.EDU Mon Nov 26 10:49:01 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:58 2003 Subject: printing error Message-ID: <3C028E89.5534A452@slu.edu> All, I have the following in my smb.comf for printing commands... # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no print ok = yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc -P%p stop queueresume command = /usr/sbin/lpc -P%p start I got this from a tech guy from Red Hat. When I try to pause a print job, it says "You do not have sufficient privaliges to modify this job." I did a chmod 777 on /usr/bin and /usr/sbin to no avail. Red Hat support (oxymoron) says that they have no idea as to what would be causing this (windoze or linux). Any ideas? Has anyone ran into this? System config is Red Hat 7.1 with samba 2.2.2 Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From Paul.Siebers at blueprintautomation.com Mon Nov 26 11:05:28 2001 From: Paul.Siebers at blueprintautomation.com (Paul Siebers) Date: Tue Dec 2 02:36:58 2003 Subject: SAMBA set up.... NMDB won't run Message-ID: <9947D216926FD411AEE200B0D021AB3D2FD905@SERVER4> Question from a newbie here. I am building my first Red Hat Linux 7.1 server which I am trying to get to play nicely with the other NT servers in my network. I am setting up SAMBA by the book (Red Hat Linux 7.1 Bible), but I am stuck at a point now where the book doesn't offer suggestions. I can configure SAMBA all I want, but I can't get NMBD to run. If I check the status I get this reply: "could not access xxx..lck file" When I try to start NMBD manually I get a a nice prompt as a reply, but when I check the status again, it is still not running. Can anyone point me in the right direction??? Thanks! Paul Siebers From hans at sbsfor.com Mon Nov 26 11:13:03 2001 From: hans at sbsfor.com (Hans Rasmussen) Date: Tue Dec 2 02:36:58 2003 Subject: printing error References: <3C028E89.5534A452@slu.edu> Message-ID: <010701c176ae$05d66bd0$fb00a8c0@fraggle> what's your admin users set to?? ----- Original Message ----- From: "Tony Ricker" To: "Samba NT-Dom" ; "Samba" Sent: November 26, 2001 10:48 AM Subject: printing error All, I have the following in my smb.comf for printing commands... # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no print ok = yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc -P%p stop queueresume command = /usr/sbin/lpc -P%p start I got this from a tech guy from Red Hat. When I try to pause a print job, it says "You do not have sufficient privaliges to modify this job." I did a chmod 777 on /usr/bin and /usr/sbin to no avail. Red Hat support (oxymoron) says that they have no idea as to what would be causing this (windoze or linux). Any ideas? Has anyone ran into this? System config is Red Hat 7.1 with samba 2.2.2 Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba From Errol.Fouquet at mms.gov Mon Nov 26 11:24:05 2001 From: Errol.Fouquet at mms.gov (Fouquet, Errol) Date: Tue Dec 2 02:36:58 2003 Subject: printing error Message-ID: <379313C94B76D2119AB60008C7A402E40344C522@imsnolaa.nola.omm.mms.gov> What permissions do you have on /var/spool/samba? -----Original Message----- From: Tony Ricker [mailto:rickera2@SLU.EDU] Sent: Monday, November 26, 2001 12:49 PM To: Samba NT-Dom; Samba Subject: printing error All, I have the following in my smb.comf for printing commands... # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no print ok = yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc -P%p stop queueresume command = /usr/sbin/lpc -P%p start I got this from a tech guy from Red Hat. When I try to pause a print job, it says "You do not have sufficient privaliges to modify this job." I did a chmod 777 on /usr/bin and /usr/sbin to no avail. Red Hat support (oxymoron) says that they have no idea as to what would be causing this (windoze or linux). Any ideas? Has anyone ran into this? System config is Red Hat 7.1 with samba 2.2.2 Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba From stoffer at billen.dk Mon Nov 26 14:47:02 2001 From: stoffer at billen.dk (samba-ntdom) Date: Tue Dec 2 02:36:58 2003 Subject: browsing mystery.... References: <01C174E1.9EEB7820.Sebastian.Trahm@alcatel.de> Message-ID: <004401c176d4$96eec7e0$0200000a@w2k> Hi, Sebastian Thanks for your response, I'm also trying to solve the problem... Anyway, it's nice to hear I'm not alone.....hehe I just can't understand why this problem apparently is so rare.... ----- Original Message ----- From: "Sebastian Trahm" To: Cc: Sent: Saturday, November 24, 2001 11:14 AM Subject: AW: browsing mystery.... > Hi, > > no, we couldn't solve the problem 'til today. Our workgroup was build up on > three subnetworks, for every subnetwork we configured a local-master-browser > and one subnetwork had the domain-master-browser. After a time we were > able to see all the host from the "other side" within our "whole" workgroup, but trying > to connect to them failed with an error message, that the requested host couldn't > be found. We paused the trial & error method; now going to test only with two > subnets, simple routing between, trying another OS; > > If i get any further results on it, you will here from me, the only problem is the effort of time. > > > > take care, > > Sebastian > inthisdefiance@gmx.net > sebastian.trahm@alcatel.de > > > From abrock at georgefox.edu Mon Nov 26 15:07:02 2001 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:36:59 2003 Subject: browsing mystery.... In-Reply-To: Message-ID: <5.1.0.14.2.20011126145406.02b4ad90@mail.georgefox.edu> I don't know if it's actually rare, or if most people rely of Windows OS for WINS when Samba fails. We have been attempting to use Samba with WINS for several years, and have encountered erratic/difficult to diagnose problems the entire time it has been installed. Perhaps 40% of our networks don't have a problem, about 10% of our networks function properly "occasionally", and the remainder have NEVER worked. This has been persistent from version 2.0.0 through 2.2.2. Unfortunately, there is almost no assistance available to help with: 1) properly diagnosing if a machine is properly registered, 2) diagnosing how to determine WHAT information it is registering, 3) diagnosing how to pull the information from the WINS server using Samba's utilities, 4) a step-by-step guide for what SHOULD be seen and how to fix common problems, 5) and what to do when nothing else seems to be working (i.e., a step-by-step guide to using tcpdump, etc). In my case, I have given up (after about 10 posts over 3 years asking for help and no responses which actually help, other than "read diagnose.txt" which has NOTHING that helps with this problem). I live with hard-coding IP addresses as they seem to function when WINS fails. Other than WINS, Samba seems to work great. However, I don't believe they have ever actually gotten this properly functioning. Good luck! Tony At 03:45 PM 11/26/2001 -0800, stoffer@billen.dk wrote: >Hi, Sebastian >Thanks for your response, I'm also trying to solve the problem... >Anyway, it's nice to hear I'm not alone.....hehe >I just can't understand why this problem apparently is so rare.... > > >----- Original Message ----- >From: "Sebastian Trahm" >To: >Cc: >Sent: Saturday, November 24, 2001 11:14 AM >Subject: AW: browsing mystery.... > > > >> Hi, > >> > >> no, we couldn't solve the problem 'til today. Our workgroup was build up >on > >> three subnetworks, for every subnetwork we configured a >local-master-browser > >> and one subnetwork had the domain-master-browser. After a time we were > >> able to see all the host from the "other side" within our "whole" >workgroup, but trying > >> to connect to them failed with an error message, that the requested host >couldn't > >> be found. We paused the trial & error method; now going to test only > >with >two > >> subnets, simple routing between, trying another OS; > >> > >> If i get any further results on it, you will here from me, the only >problem is the effort of time. > >> > >> > >> > >> take care, > >> > >> Sebastian > >> inthisdefiance@gmx.net > >> sebastian.trahm@alcatel.de > >> > >> > >> ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From vorlon at netexpress.net Mon Nov 26 15:57:31 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:36:59 2003 Subject: browsing mystery.... In-Reply-To: <5.1.0.14.2.20011126145406.02b4ad90@mail.georgefox.edu> References: Message-ID: <20011126175629.R13016@netexpress.net> Anthony, On Mon, Nov 26, 2001 at 03:03:17PM -0800, Anthony Brock wrote: > I don't know if it's actually rare, or if most people rely of Windows OS > for WINS when Samba fails. We have been attempting to use Samba with WINS > for several years, and have encountered erratic/difficult to diagnose > problems the entire time it has been installed. Perhaps 40% of our networks > don't have a problem, about 10% of our networks function properly > "occasionally", and the remainder have NEVER worked. > This has been persistent from version 2.0.0 through 2.2.2. Unfortunately, > there is almost no assistance available to help with: > 1) properly diagnosing if a machine is properly registered, FWIW, up to and including Samba 2.2.1a (the most recent Samba I've had running as a WINS server), all WINS registrations are stored on-disk in a file called `wins.dat' in a directory that's configured at compile time (on my Linux systems, it's /var/state/samba/). Checking whether a machine is registered with the WINS server is relatively simple: either the machine name appears in this file, or it doesn't. > 2) diagnosing how to determine WHAT information it is registering, For this, it's important to understand netbios type codes (the last byte of the 16-byte netbios name). I don't have a complete list of these, nor a pointer to such a list -- but I believe these are documented on the web in some fashion. Cheers, Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011126/dc5e01fb/attachment.bin From dhighley at highley-recommended.com Mon Nov 26 16:13:36 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:36:59 2003 Subject: browsing mystery.... In-Reply-To: <5.1.0.14.2.20011126145406.02b4ad90@mail.georgefox.edu> from "Anthony Brock" at Nov 26, 2001 03:03:17 PM Message-ID: <200111270009.fAR09grA025986@hemlock.highley-recommended.com> "Anthony Brock wrote:" > > I don't know if it's actually rare, or if most people rely of Windows OS > for WINS when Samba fails. We have been attempting to use Samba with WINS > for several years, and have encountered erratic/difficult to diagnose > problems the entire time it has been installed. Perhaps 40% of our networks > don't have a problem, about 10% of our networks function properly > "occasionally", and the remainder have NEVER worked. Here are a few things that may help you. In the smb.conf file define the wins server: wins server = 10.2.2.3 Then in the dhcp server file, /etc/dhcpd.conf, in the subnet section: option netbios-dd-server 10.2.2.3; option netbios-node-type 8; We are using Samba as the wins server and PDC server. The above settings will stop the Windows boxes from broadcasting. One reason you maybe having problems is networking administrators commonly block the Windows broadcasts at the routers. If they did not do this and there were very many Windows systems they would swamp the network with broadcasts, ask Microsoft, their networks used to go down quite regularly. > > This has been persistent from version 2.0.0 through 2.2.2. Unfortunately, > there is almost no assistance available to help with: > > 1) properly diagnosing if a machine is properly registered, > 2) diagnosing how to determine WHAT information it is registering, > 3) diagnosing how to pull the information from the WINS server using > Samba's utilities, > 4) a step-by-step guide for what SHOULD be seen and how to fix common problems, > 5) and what to do when nothing else seems to be working (i.e., a > step-by-step guide to using tcpdump, etc). > > In my case, I have given up (after about 10 posts over 3 years asking for > help and no responses which actually help, other than "read diagnose.txt" > which has NOTHING that helps with this problem). I live with hard-coding IP > addresses as they seem to function when WINS fails. Other than WINS, Samba > seems to work great. However, I don't believe they have ever actually > gotten this properly functioning. > > Good luck! > > Tony > > At 03:45 PM 11/26/2001 -0800, stoffer@billen.dk wrote: > >Hi, Sebastian > >Thanks for your response, I'm also trying to solve the problem... > >Anyway, it's nice to hear I'm not alone.....hehe > >I just can't understand why this problem apparently is so rare.... > > > > > >----- Original Message ----- > >From: "Sebastian Trahm" > >To: > >Cc: > >Sent: Saturday, November 24, 2001 11:14 AM > >Subject: AW: browsing mystery.... > > > > > > >> Hi, > > >> > > >> no, we couldn't solve the problem 'til today. Our workgroup was build up > >on > > >> three subnetworks, for every subnetwork we configured a > >local-master-browser > > >> and one subnetwork had the domain-master-browser. After a time we were > > >> able to see all the host from the "other side" within our "whole" > >workgroup, but trying > > >> to connect to them failed with an error message, that the requested host > >couldn't > > >> be found. We paused the trial & error method; now going to test only > > >with > >two > > >> subnets, simple routing between, trying another OS; > > >> > > >> If i get any further results on it, you will here from me, the only > >problem is the effort of time. > > >> > > >> > > >> > > >> take care, > > >> > > >> Sebastian > > >> inthisdefiance@gmx.net > > >> sebastian.trahm@alcatel.de > > >> > > >> > > >> > > ****************************************************************************** > * Anthony Brock abrock@georgefox.edu * > * Director of Network Services George Fox University * > ****************************************************************************** > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From abrock at georgefox.edu Mon Nov 26 16:58:07 2001 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:36:59 2003 Subject: browsing mystery.... In-Reply-To: Message-ID: <5.1.0.14.2.20011126164842.02b53100@mail.georgefox.edu> Thank you for the information. I was aware of the WINS file, and the servers have always appeared to be correctly entered (with IP address, etc). However, the clients can never find the machines (Win95, Win98, WinME, WinNT, and Win2000) on certain subnets even though their network configurations confirm WINS servers located at the correct IP address. It is simply baffling. What is even more strange is the effect of a reboot on the WINS server. Even though the cache is intact and (at least to my understanding) appears to be correct, NOTHING can be found for 1 to 4 hours after a reboot! Needless to say, I try hard to never reboot the server *sigh*. Thanks for the information! Tony At 03:56 PM 11/26/2001 -0800, vorlon@netexpress.net wrote: >Anthony, > >FWIW, up to and including Samba 2.2.1a (the most recent Samba I've had >running as a WINS server), all WINS registrations are stored on-disk in >a file called `wins.dat' in a directory that's configured at compile >time (on my Linux systems, it's /var/state/samba/). Checking whether a >machine is registered with the WINS server is relatively simple: either >the machine name appears in this file, or it doesn't. > > >> 2) diagnosing how to determine WHAT information it is registering, > >For this, it's important to understand netbios type codes (the last byte >of the 16-byte netbios name). I don't have a complete list of these, >nor a pointer to such a list -- but I believe these are documented on >the web in some fashion. > >Cheers, >Steve Langasek >postmodern programmer ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From R.J.Baart at Prompt.NL Mon Nov 26 17:17:02 2001 From: R.J.Baart at Prompt.NL (R.J. Baart) Date: Tue Dec 2 02:36:59 2003 Subject: Error logging into domain (c0000252) Message-ID: <3C02F76C.5040.176ADE@localhost> We use several Samba servers. On one system we try things out. That system is a Suse Linux 7.2 system. We have used it for a long time. It always worked ok. It is configured as PDC and the current CVS version of Samba is installed. Until yesterday we were able to logon to the domain withe a w98, nt4(sp6) and a w2k (sp2) client. We use roaming profiles, smb printservices, etc.But today we can't logon to the domain. Why? We don't know. In our opinion we have not changed relevant options. The error on a NT4 (sp6) workstation is : "The system cannot log you in (c00000253). Please try again ....". Trying another logon: error c0000037. Sometimes we get an error with lsass.exe 0xc0000005. After trying a domain logon we have to reset the workstation, a local login is not possible. It is obvious it has something to do with the workstation, because we can access the domain as workgroup. So usernames and passwords are correct.We have deleted the workstations UID from smbpasswd and passwd. We have added the machines to the domain with useradd, smbpasswd and on the NT workstation. All without any problem. We have concentrated on an NT4(SP6) workstation. No success But what is the problem? I think we miss something very simple, but what. The global portion of our smb.conf: [global] workgroup = PROMPT netbios name = AYLER server string = Ayler Taalstraat file- en printserver interfaces = 192.168.100.254/255.255.255.0 127.0.0.1/255.0.0.0 bind interfaces only = Yes encrypt passwords = Yes smb passwd file = /etc/smbpasswd passwd program = /usr/bin/passwd log file = /var/log/%m.log time server = Yes logon script = profile.bat logon path = \\%N\profiles\%U logon drive = h: domain logons = Yes os level = 64 admin users = root printer admin = root printing = lprng Met vriendelijke groet/Regards Prompt R.J. Baart Marktveldpassage 35c 5261ED Vught tel: +31 73 6567041 mailto:R.J.Baart@Prompt.NL From aoclarit at kiwi.dhs.org Mon Nov 26 17:37:02 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:59 2003 Subject: 4R vs 46R in wins.dat Message-ID: <00b501c176e3$eef67eb0$8c4331a2@Alex2000> Hi all can anyone tell me the purpose of the "R" records in the wins.dat file like 46R vs 4R. Is is OS or something? Thanks Alex From jeffdl at mn.mediaone.net Mon Nov 26 23:27:02 2001 From: jeffdl at mn.mediaone.net (Jeff Lacy) Date: Tue Dec 2 02:36:59 2003 Subject: Logon Script Problems Message-ID: <003f01c17714$c0ed1a20$0400a8c0@Gateway> Hello Everyone, I am having some trouble with logon scripts! They were working perfectly once but I must have changed something... I would really appreciate any advice you could give me about how to fix it. My user name is 'jeff'. My logon script should be '\\server\netlogon\jeff.bat'. When I log on, windows briefly says it can't find the logon script. After I have logged in, I can run \\sever\netlogon\jeff.bat and it works perfectly. I have included my smb.conf file below. I could include a log file, if that would be helpful? smb.conf --------------------------------------- # Global parameters [global] workgroup = HOME netbios name = SERVER server string = Samba Server %v security = domain encrypt passwords = Yes update encrypted = Yes unix password sync = Yes time server = Yes logon script = %U.bat logon home = \\%L\%U logon drive = U: domain logons = Yes os level = 255 preferred master = True domain master = True log file = /usr/local/samba/var/log.%m [HOMES] volume = Home Directory comment = %U's Home Directory path = %H read only = No browseable = No [netlogon] comment = Network Logon Directory path = /samba/netlogon read only = No browseable = No --------------------------------------- Thanks in advance, Jeff P.S. Sorry for the cross post, I wasn't sure where to post it! From m94510 at dreamwiz.com Tue Nov 27 03:07:10 2001 From: m94510 at dreamwiz.com (=?ks_c_5601-1987?B?wKW5zLXwvu69usTw?=) Date: Tue Dec 2 02:36:59 2003 Subject: =?ks_c_5601-1987?B?W7GksO1dIMCvv+vH0SDBpLq4wNS0z7TZISEh?= Message-ID: <20011127110648.F3F98418A@lists.samba.org> -------------- next part -------------- 3 j?Zr??? ???y??v????? From Martin.Doule at czech.sun.com Tue Nov 27 05:27:04 2001 From: Martin.Doule at czech.sun.com (Martin.Doule) Date: Tue Dec 2 02:36:59 2003 Subject: Migrating from NT PDC to Samba PDC again :) Message-ID: Hello. I allready send e-mail about it once but because I really need it works and my time is short I try it again in hope that someone will know answer :). For some reason we are migrating from NT-like server to Samba. As we have a lot of computer and our users are developers we want to make it as less painfull as possible. In normal Windows NT domain migrating from one server to another is easy task thanks to PDC-BDC function. But how to replace PDC with Samba? Create user accounts with their current password is easy task thanks to pwdump2 utility. Same for password for machines accounts. But to "convice" NT clients that Samba server is really PDC of original domain instead the old computer I need to have specify also next things: Domain SID: I think i can obtain it by (for example) psgetsid.exe utility from Sysinternals but where it is stored on Samba? In private/WORKGROUP.SID? Machines SID: I'm not sure if machines SID is really stored on server or not. If yes, where it must be specify? In private/MACHINE.SID? Users RID: Each user SID is made from Domain SID and users Relative ID (RID). How can I obtain RID and where I must put it? Well that's a lot of question, isn't it? :) I'll be gratefull for any ideas or links how to do this. I tried to found these info by google.com, but it looks like everybody migrate to Samba by rejoining to machines to domain and migrating user profiles to new users, which is not good option to me. Thanks in advance Martin Doule System Administrator, Forte Tools Sun Microsystems Czech, s.r.o. Software System Group Evropska 33e 160 00 Prague 6 Tel: +420-2-33009193 Internal: x49193 Fax: +420-2-33009299 Mobile: +420-606-625752 From phil.burrow at blueyonder.co.uk Tue Nov 27 05:48:03 2001 From: phil.burrow at blueyonder.co.uk (Philip Burrow) Date: Tue Dec 2 02:36:59 2003 Subject: Error logging into domain (c0000252) References: <3C02F76C.5040.176ADE@localhost> Message-ID: <001501c1774a$02d567f0$0200000a@Haxed> > We use several Samba servers. On one system we try things out. That system is a > > Until yesterday we were able to logon to the domain withe a w98, nt4(sp6) and a w2k > (sp2) client. We use roaming profiles, smb printservices, etc.But today we can't logon > to the domain. Why? We don't know. In our opinion we have not changed relevant > options. > > It is obvious it has something to do with the workstation, because we can access the > domain as workgroup. So usernames and passwords are correct.We have deleted > the workstations UID from smbpasswd and passwd. We have added the machines > to the domain with useradd, smbpasswd and on the NT workstation. All without any > problem. We have concentrated on an NT4(SP6) workstation. No success > > But what is the problem? I think we miss something very simple, but what. This sounds exactly like the problem I am getting when using WinXP Pro as client. I believe it is something trivial I may have changed with the workstation but like yourself I cannot get it to log on to the domain, but can get it to join the workgroup, and I have had it working prior to this. If you find the solution would you please post it here as well! Thanks Phil From con at gfm.co.uk Tue Nov 27 05:49:06 2001 From: con at gfm.co.uk (Con Harte) Date: Tue Dec 2 02:36:59 2003 Subject: user/group verification Message-ID: <5.0.2.1.0.20011127131721.00a9ca40@voodoo> Hi. I have been running a Samba server as PDC for sometime now, and recently upgraded from 2.2.1a to 2.2.2 (on a RedHat Linux 7.1 system) I had a share which had permissions allowing group "telecoms" read and write access, owned by "root", and denying access to anyone (other than root) not in the "telecoms" group. There are no users whose primary group is "telecoms", but there are three users that have this group set as a secondary group. This setup used to allow anyone that was a member of the telecoms group to read the contents of this share/directory and its files, as well as write to them. Now they can only read -- All write permission is revoked, I am not certain whether it worked after upgrading, but since that is just about the only change I am sure that it has not worked since the upgrade. Can anyone tell me how I might achieve my goal? (of allowing write permission for a group when the relevant user is a member of that group, but it isn't their primary group) The pertinent data follows:- --- /etc/group file contains: pcusers:x:1000: telecoms:x:1002:conh,rob,sam,ccm --- /etc/passwd file contains: rob:x:1003:1000:rob (PC User):/home/samba/pcusers/rob:/bin/false sam:x:1006:1000:sam (PC User):/home/samba/pcusers/sam:/bin/false --- directory permissions: drwxrwx--- 3 root telecoms 4096 Nov 1 14:39 Call Reports/ --- smb.conf contains: [global] workgroup = GFMNET netbios name = GFMNET01 server string = Primary Domain Controller encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = %u.bat logon path = \\GFMNET01\profiles\%U logon drive = M: logon home = \\GFMNET01\%U domain logons = Yes os level = 64 preferred master = True domain master = True dns proxy = No wins support = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [homes] comment = Home Directory guest ok = no valid users = @pcusers read only = No browseable = No [NETLOGON] path = /home/samba/netlogon [profiles] path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 [Call Reports] comment = Telephone Stats Call Reports create mask = 0660 path = /home/samba/Call Reports [Call Centre] comment = Call Centre Management create mask = 0660 path = /home/samba/Call Centre --- Thanks, Con. From grobe at gmx.net Tue Nov 27 05:49:24 2001 From: grobe at gmx.net (grobe@gmx.net) Date: Tue Dec 2 02:36:59 2003 Subject: Migrating from NT PDC to Samba PDC again :) References: Message-ID: <5591.1006868865@www11.gmx.net> Hi! > easy task thanks to PDC-BDC function. But how to replace PDC with Samba? Maybe this way is possible with samba-tng, which has some bdc-funcionality. Maybe you should ask this on their mailinglist (www.samba-tng.org). > Domain SID: I think i can obtain it by (for example) psgetsid.exe utility > from > Sysinternals but where it is stored on Samba? In private/WORKGROUP.SID? If you can get it, cool.. store it in (yourprivatedir)/(YOURDOMAINNAME.SID) > Machines SID: I'm not sure if machines SID is really stored on server or > not. If > yes, where it must be specify? In private/MACHINE.SID? AFAIK you need this if you are a member of a domain, if both exist, you will get trouble. > How can I obtain RID and where I must put it? Samba calculates RIDs from UIDs. CU, Lars. -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From cristian at cristianleiva.com.ar Tue Nov 27 07:23:06 2001 From: cristian at cristianleiva.com.ar (Cristian Luis Leiva) Date: Tue Dec 2 02:36:59 2003 Subject: Logon Script Problems References: <003f01c17714$c0ed1a20$0400a8c0@Gateway> Message-ID: <008701c1773f$c5c74360$a04ca8c0@cristian> file or directory permisions? the file exist in /samba/netlogon ? Cristian (Sorry for my english but i speak spanish) ----- Original Message ----- From: "Jeff Lacy" To: ; Sent: Tuesday, November 27, 2001 4:25 AM Subject: Logon Script Problems > Hello Everyone, > > I am having some trouble with logon scripts! They were working perfectly > once but I must have changed something... I would really > appreciate any advice you could give me about how to fix it. > > My user name is 'jeff'. My logon script should be > '\\server\netlogon\jeff.bat'. When I log on, windows briefly says it can't > find the logon script. After I have logged in, I can run > \\sever\netlogon\jeff.bat and it works perfectly. I have included my > smb.conf file below. I could include a log file, if that would be helpful? > > smb.conf > --------------------------------------- > # Global parameters > [global] > workgroup = HOME > netbios name = SERVER > server string = Samba Server %v > security = domain > encrypt passwords = Yes > update encrypted = Yes > unix password sync = Yes > time server = Yes > logon script = %U.bat > logon home = \\%L\%U > logon drive = U: > domain logons = Yes > os level = 255 > preferred master = True > domain master = True > log file = /usr/local/samba/var/log.%m > > [HOMES] > volume = Home Directory > comment = %U's Home Directory > path = %H > read only = No > browseable = No > > [netlogon] > comment = Network Logon Directory > path = /samba/netlogon > read only = No > browseable = No > --------------------------------------- > > Thanks in advance, > > Jeff > > P.S. Sorry for the cross post, I wasn't sure where to post it! > > From Sebastian.Trahm at alcatel.de Tue Nov 27 08:57:04 2001 From: Sebastian.Trahm at alcatel.de (Sebastian Trahm) Date: Tue Dec 2 02:36:59 2003 Subject: AW: browsing mystery.... Message-ID: <01C1776B.045F1230.Sebastian.Trahm@alcatel.de> Hi, ok, i have a partial function so far, the browsing list contents both network clients, but only one-way working, i think this is due to the fact of our "NAT-Gateway" - only allowing connections incoming which have a corresponding outgoing connection first, so we have to test a port forwarding to the internal Local Master Browser. So, when I try to connect a host from the list from the inside network, i can connect (wins server & routing must be set), but if i try to connect from the outside (172.16.14.0), i got an error message - means my "NAT-GW" don't let the connection on port "139" in, "smbclient -L 192.168.108.10" works; But for a not "masquerading/natting" network this should work; most of the information i used can be found in the text-documentation, named "browsing.txt", etc. !!! guest account = xxx !!! very important to set hope this helps anyway, i'll try the complete solution with nat; take care, Sebastian -------------- next part -------------- +-------+ [172.16.14.149/24] |WINS | [global] |SERVER/| workgroup = samba |DOMAIN | domain master = yes |MASTER | local master = yes +---|---+ preferred master = yes | os level = 65 | wins support = yes | guest account = nmcadm | remote browse sync = 192.168.108.10 | | +----------------------------------|---------------| | +---|---+ | | |SLMUG4 |[172.16.14.1/24] | | | |[192.168.108.1/24 ] +---|---+[DHCPD/NATD-GW ] | ~~~ |------------|------------|-------------| | | | | +---|---+ +---|---+ +---|---+ +---|---+ | | | | | | | | [192.168.108.10/24] |Cl. A | | Cl. B | | Cl. C | | Local | [global] | dhcp | | dhcp | | dhcp | |Master | workgroup = samba | | | | | | |Browser| domain master = no +-------+ +-------+ +-------+ +-------+ local master = yes [192.168.108.0/24 ] preferred master = yes [GW: 192.168.108.1 ] os level = yes [.200 ~ 254 -> DHCP] wins server = 172.16.14.149 guest account = nmcadm From mstevens at initialsecurity.com Tue Nov 27 10:19:08 2001 From: mstevens at initialsecurity.com (Morris Stevens) Date: Tue Dec 2 02:36:59 2003 Subject: changing passwords from windows98 passwords util Message-ID: <008901c17770$67142320$6865a8c0@initialsecurity.com> I have a samba 2.2.1a on linux 7.2 machine that I am having great success with, except for one small thing. I cannot get the passwords utility in Windows 98 to change the domain password for the user account. As far as I know, this should be an inclusive process. I get domain logins okay, as well as automatic creation of accounts on member servers upon which resources reside. Everything else is working great. I have considered writing a util to go and change passwords from a DOS prompt, but don't want to if I don't have to...security issues and all. I have looked everywhere for an answer, but have run out of steam, temporarily, and I dont wish to waste any more development time on this issue. If anyone knows a quicky here, I would be most appreciative. Please let me know. --Morris -------------- next part -------------- HTML attachment scrubbed and removed From mstevens at initialsecurity.com Tue Nov 27 11:28:02 2001 From: mstevens at initialsecurity.com (Morris Stevens) Date: Tue Dec 2 02:36:59 2003 Subject: Can not change domain password from Windows XX Message-ID: <009d01c1777a$44e41bc0$6865a8c0@initialsecurity.com> I have had great success with SAMBA so far, and love it to death. What I have here is a minor setback, but it is proving to be a time consuming one. I have a samba server (samba v. 2.2.1a) on Red Hat Linux v. 7.2 with several member samba servers out serving files over a VPN. It is working great thus far, and I could not be more happy with it. My Problem is that I can't use the standard password utility in windows to change my domain password. I get an hourglass at the workstation (tried at several workstations with several different versions of windows...same thing) for a few moments, then a response back that my password is bad. If I use a known bad password, I get an immediate return back that I have a bad password--no hourglass. My current smb.conf: [global] netbios name = IS_MASTER workgroup = CORP_DOM wins server=192.168.101.10 time server=yes log level=3 passwd chat debug=yes os level = 64 preferred master = no domain master = yes local master = no security = user encrypt passwords = yes domain logons = yes #logon script logon script = "%U.bat" unix password sync = yes passwd program = /usr/bin/passwd [netlogon] path=/usr/corporate_shares/netlogon writeable = no write list = @adm [sysvol] path=/usr/corporate_shares/sysvol read only=no browseable=no write list = @corpgroup this is the log.smbd file output for an unsuccessful login with above paramaters (increased debug info) [2001/11/27 13:25:05, 3] smbd/oplock.c:init_oplocks(1200) open_oplock_ipc: opening loopback UDP socket. [2001/11/27 13:25:05, 3] lib/util_sock.c:open_socket_in(837) bind succeeded on port 0 [2001/11/27 13:25:05, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(293) Linux kernel oplocks enabled [2001/11/27 13:25:05, 3] smbd/oplock.c:init_oplocks(1230) open_oplock ipc: pid = 4718, global_oplock_port = 33318 [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 0 of length 72 [2001/11/27 13:25:05, 2] smbd/reply.c:reply_special(92) netbios connect: name1=IS_MASTER name2=MSTEVENS [2001/11/27 13:25:05, 2] smbd/reply.c:reply_special(111) netbios connect: local=is_master remote=mstevens [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 1 of length 158 [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBnegprot (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [PC NETWORK PROGRAM 1.0] [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [MICROSOFT NETWORKS 3.0] [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [DOS LM1.2X002] [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [DOS LANMAN2.1] [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [Windows for Workgroups 3.1a] [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [NT LM 0.12] [2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(433) Selected protocol NT LM 0.12 [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 2 of length 162 [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBsesssetupX (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(865) Domain=[CORP_DOM] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(876) sesssetupX:name=[MIS906] [2001/11/27 13:25:05, 2] smbd/reply.c:reply_sesssetup_and_X(990) Defaulting to Lanman password for mis906 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 2 groups: 513, 501 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 2 groups: 513, 501 [2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(322) uid 513 registered to name mis906 [2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(324) Clearing default real name [2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(326) User name: mis906 Real name: Morris Stevens [2001/11/27 13:25:05, 1] lib/util_sock.c:get_socket_name(1001) Gethostbyaddr failed for 192.168.101.104 [2001/11/27 13:25:05, 3] smbd/process.c:chain_reply(982) Chained message [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBtconX (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/password.c:authorise_login(787) authorise_login: ACCEPTED: validated uid ok as non-guest (user=mis906) [2001/11/27 13:25:05, 3] smbd/service.c:make_connection(477) Connect path is /tmp [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 2 groups: 513, 501 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 2 groups: 513, 501 [2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(239) se_access_check: user sid is S-1-5-21-2876717569-4028184876-3063061709-2026 [2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-21-2876717569-4028184876-3063061709-2027 [2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-21-2876717569-4028184876-3063061709-2003 [2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-1-0 [2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-2 [2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-11 [2001/11/27 13:25:05, 3] smbd/vfs.c:vfs_init_default(98) Initialising default vfs hooks [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (513, 513) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(322) 2 user groups: 513 501 [2001/11/27 13:25:05, 3] smbd/vfs.c:vfs_ChDir(643) vfs_ChDir to /tmp [2001/11/27 13:25:05, 3] smbd/service.c:make_connection(606) mstevens (192.168.101.104) connect to service IPC$ as user mis906 (uid=513, gid=513) (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/reply.c:reply_tcon_and_X(387) tconX service=ipc$ user=mis906 [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 3 of length 99 [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBtrans (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (513, 513) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(322) 2 user groups: 513 501 [2001/11/27 13:25:05, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/11/27 13:25:05, 3] smbd/ipc.c:named_pipe(336) named pipe command on name [2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3327) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=427,mprcnt=6) [2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3335) Doing RNetServerGetInfo [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 4 of length 99 [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBtrans (pid 4718) [2001/11/27 13:25:05, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/11/27 13:25:05, 3] smbd/ipc.c:named_pipe(336) named pipe command on name [2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3327) Got API command 63 of form (tdscnt=0,tpscnt=19,mdrcnt=427,mprcnt=6) [2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3335) Doing NetWkstaGetInfo [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 5 of length 100 [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBsesssetupX (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(865) Domain=[] NativeOS=[CORP_DOM] NativeLanMan=[Windows 4.0] [2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(876) sesssetupX:name=[] [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 1 groups: 99 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 1 groups: 99 [2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(322) uid 99 registered to name nobody [2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(324) Clearing default real name [2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(326) User name: nobody Real name: Nobody [2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837) Transaction 6 of length 636 [2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650) switch message SMBtrans (pid 4718) [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (513, 513) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(322) 2 user groups: 513 501 [2001/11/27 13:25:05, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=532 params=21 setup=0 [2001/11/27 13:25:05, 3] smbd/ipc.c:named_pipe(336) named pipe command on name [2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3327) Got API command 214 of form (tdscnt=532,tpscnt=21,mdrcnt=0,mprcnt=4) [2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3335) Doing SamOEMChangePassword [2001/11/27 13:25:05, 3] smbd/lanman.c:api_SamOEMChangePassword(1880) api_SamOEMChangePassword: Change password for [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(513, 513) : sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (513, 513) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:05, 3] smbd/chgpasswd.c:chgpasswd(451) Password change for user: mis906 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(513, 513) : sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/11/27 13:25:05, 3] smbd/chgpasswd.c:chat_with_program(415) Dochild for user mis906 (uid=0,gid=0) [2001/11/27 13:25:09, 3] smbd/chgpasswd.c:talktochild(295) Response 1 incorrect [2001/11/27 13:25:09, 3] smbd/chgpasswd.c:chat_with_program(348) Child failed to change password: mis906 [2001/11/27 13:25:09, 3] smbd/chgpasswd.c:chat_with_program(387) The process exited while we were waiting [2001/11/27 13:25:12, 3] smbd/process.c:process_smb(837) Transaction 7 of length 39 [2001/11/27 13:25:12, 3] smbd/process.c:switch_message(650) switch message SMBtdis (pid 4718) [2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:12, 3] smbd/service.c:close_cnum(644) mstevens (192.168.101.104) closed connection to service IPC$ [2001/11/27 13:25:12, 3] smbd/connection.c:yield_connection(50) Yielding connection to IPC$ [2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:12, 3] smbd/process.c:timeout_processing(1062) end of file from client [2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/11/27 13:25:12, 2] smbd/server.c:exit_server(448) Closing connections [2001/11/27 13:25:12, 3] smbd/connection.c:yield_connection(50) Yielding connection to [2001/11/27 13:25:12, 3] smbd/server.c:exit_server(483) Server exit (normal exit) If anybody has seen this and can give me a clue, I would appreciate it muchly. Thanks, Morris From herz at et-inf.fho-emden.de Tue Nov 27 12:44:03 2001 From: herz at et-inf.fho-emden.de (Ingo Herz) Date: Tue Dec 2 02:36:59 2003 Subject: W2K/SP2, samba 2.2.2, "encrypt password = NO" -> no profiles Message-ID: <5.1.0.14.2.20011127212825.00aab910@mail.et-inf.fho-emden.de> Hi, I'm testing a setup of W2K/SP2 (german) with roaming profiles to be stored on a linux system with samba 2.2.2. We set the new "allow sending plain passwords ..." and would like to update smbpasswd from NIS to make life easyer. So I set "encrypt passwords = No" in smb.conf. But now there is no more access to the profiles share, which works as expected if "encrypt passwords = Yes". All other shares (home etc.) and user authentication are running OK with both settings. Any hints or tips for easy integration of Unix/NIS and Win2K? Now we are using NCD WinCenter NIS, but it is designed for NT4 and has some bad effects with W2K DCs. Thanks, Ingo PGP fingerprint: 859C E367 FF87 CFF0 C637 467E D659 5B15 92E2 C583 From mike at jurney.org Tue Nov 27 12:51:04 2001 From: mike at jurney.org (mike@jurney.org) Date: Tue Dec 2 02:36:59 2003 Subject: domain SID Message-ID: It was mentioned earlier on the list that someone was looking for a way to get the domain SID from a running NT domain so as to make the move to a samba PDC smoother. Can anyone tell me how to get this SID? I've been unable to find any information on how to get it from a windows PDC. Thanks. -- Michael D. Jurney mike@jurney.org From rickera2 at SLU.EDU Tue Nov 27 14:41:04 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:59 2003 Subject: log in script question Message-ID: <3C041655.89028155@slu.edu> All, I was hoping someone could point me in the right direction in obtaining a solution to the the following; I want to have the log in script map not only their home directory, but also the group folders as well. For instance, I would have a share with valid users=@usergroup and would want the script to map the directory based on this criteria. Would I have to have a log on script for each group? I hope I have been clear on what functionality I am seeking. If anyone needs anymore info, please let me know. I appreciate any and all help. Cheers, Tony -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From gboug at unico.com.au Tue Nov 27 15:12:28 2001 From: gboug at unico.com.au (Greg Boug) Date: Tue Dec 2 02:36:59 2003 Subject: Samba domain logins in security=server mode Message-ID: <005d01c17798$bde1a2e0$7a64a8c0@pc.unico.com.au> Hi all, I have a samba server handling domain logins which proxies its authentication requests to a Windows NT PDC and I'm having trouble attaching a Windows NT workstation to the network. Basically, config relating to domain logins is as follows: [global] security=server password server = MRWHIPPYVAN local master = yes preferred master = yes domain master = no domain logins = yes where MRWHIPPYVAN (not real hostname... ;-) is the PDC for the domain. The machine has a machine account on the PDC, tho that did not seem to be used. (NT logging leaves a _lot_ to be desired, but I digress) So I have created a machine account for the NT workstation as described in the FAQ, which now gives the following line several times in the log file: [2001/11/27 16:02:56, 0] lib/util_sock.c:read_socket_data(477) read_socket_data: recv failure for 4. Error = No route to host First off, any idea which host its trying to communicate with? I've tested communications with the NT PDC, NT workstation, WINS, DNS and any other server I thought it _might_ have been trying to talk with, with no problems at all... On the NT workstation, I get the following error message: "The system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect." I'm running Samba 2.0.7 at present... Windows 9x machines have no problems logging in (no machine account required) so the problem most likely appears in the machine account authentication. I guess the main question is whether I can actually do what it is that I'm attempting to do. I can fairly easily upgrade to Samba 2.2 if required, but I'd only want to do it if its going to work (Samba 2.0.7 is sufficiently stable and I haven't had a chance to play with 2.2 yet, so am unsure of its performance, etc.) Any help would be appreciated... :-) Greg From olli.fink at ak-vorarlberg.at Wed Nov 28 00:14:08 2001 From: olli.fink at ak-vorarlberg.at (Olli Fink) Date: Tue Dec 2 02:37:00 2003 Subject: AW: log in script question In-Reply-To: <3C041655.89028155@slu.edu> Message-ID: <000c01c177e3$ac956d00$6401000a@olli> If I understand you right you want to make logon-script like you could years ago - by using NovellNetware-> Try the utility kixtart : http://kixtart.org Greetings Olli > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Tony Ricker > Gesendet am: Dienstag, 27. November 2001 23:40 > An: Samba; Samba NT-Dom > Betreff: log in script question > > All, > I was hoping someone could point me in the right direction > in obtaining > a solution to the the following; I want to have the log in script map > not only their home directory, but also the group folders as well. For > instance, I would have a share with valid users=@usergroup and would > want the script to map the directory based on this criteria. Would I > have to have a log on script for each group? I hope I have been clear on > what functionality I am seeking. If anyone needs anymore info, please > let me know. I appreciate any and all help. > > Cheers, > > Tony > -- > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > From con at gfm.co.uk Wed Nov 28 02:10:03 2001 From: con at gfm.co.uk (Con Harte) Date: Tue Dec 2 02:37:00 2003 Subject: user/group verification Message-ID: <5.0.2.1.0.20011128100617.00a97ec0@voodoo> Hi All. I've managed to fix the problem mentioned in my post of yesterday. It turns out that it was defaulting all shares to read only. Con. From Daniel.Moeller at de.bosch.com Wed Nov 28 04:31:02 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:37:00 2003 Subject: AW: browsing mystery.... Message-ID: <1121C3ABCA53C945B821A821CDD67F62F68509@simail21.desi2.bosch.com> Hi Steve, http://support.microsoft.com/support/kb/articles/Q163/4/09.asp has this information. Kind regards, Danny -----Urspr?ngliche Nachricht----- Von: Steve Langasek [mailto:vorlon@netexpress.net] Gesendet: Dienstag, 27. November 2001 00:56 An: Anthony Brock Cc: samba-ntdom@lists.samba.org Betreff: Re: browsing mystery.... > 2) diagnosing how to determine WHAT information it is registering, For this, it's important to understand netbios type codes (the last byte of the 16-byte netbios name). I don't have a complete list of these, nor a pointer to such a list -- but I believe these are documented on the web in some fashion. From Martin.Doule at czech.sun.com Wed Nov 28 04:38:03 2001 From: Martin.Doule at czech.sun.com (Martin.Doule) Date: Tue Dec 2 02:37:00 2003 Subject: domain SID In-Reply-To: Message-ID: You can get your domain SID by utility psgetsid.exe from www.sysinternals.com. It's one of the PSTOOLS 1.5 and it's freeware. To get domain SID just run command 'psgetsid.exe my_domain_name'. To ensure that you got right SID try to ask for few domain users accounts by 'psgetsid.exe user_domain_account'. You'll have to get same numbers as domain SID except last four digits which are users RID. I also suggest to not run this tool from PDC and also do not ask for users SID if you'll have same account names on your local computer that you are running this utility. CU Martin Doule System Administrator, Forte Tools Sun Microsystems Czech, s.r.o. Software System Group Evropska 33e 160 00 Prague 6 Tel: +420-2-33009193 Internal: x49193 Fax: +420-2-33009299 Mobile: +420-606-625752 On Tue, 27 Nov 2001 mike@jurney.org wrote: > Date: Tue, 27 Nov 2001 15:50:07 -0500 (EST) > From: mike@jurney.org > To: samba-ntdom@lists.samba.org > Subject: domain SID > > > It was mentioned earlier on the list that someone was looking for a way to > get the domain SID from a running NT domain so as to make the move to a > samba PDC smoother. Can anyone tell me how to get this SID? I've been > unable to find any information on how to get it from a windows PDC. > Thanks. > > -- > Michael D. Jurney > mike@jurney.org > > > From BRENTNORRIS at afninet.com Wed Nov 28 06:03:02 2001 From: BRENTNORRIS at afninet.com (BRENTNORRIS@afninet.com) Date: Tue Dec 2 02:37:00 2003 Subject: Couple Questions about Winbindd Message-ID: <7893741E70F6D6459F79C93E90B8E05F2B0738@afnbgxmal1.afni.net> Samba List, Recently I moved a samba server that I had into production with 2.2.2+Winbind+ACL and I was wondering about a couple of things that I saw while it was being used. First, on my domain there are a lot of users, but the groups that they are in and the accounts are pretty static once they are made. They rarely ever get moved or changed in their group. Now when I am running Winbind there are a lot of people connected to the same share and I would like to be able to list those people very quickly, very often. I have having trouble with that though because when I do a smbstatus it has to go out to the Domain Controller everytime and get all of the users and their names. This causes some extra stress on the domain controller and extra network traffic that I would like to avoid. I thought that setting the cache time option to something higher might help this out, but how high is too high. I mean seconds seems to short for a static domain like the one here, minutes or even hours seems like a better solution, but if I set it that high is it going to cause samba (or winbind) issues? Second, now that I have put Winbind into use I am noticing that there are people that are connecting to the shares still as user nobody. These people all have active domain accounts and there are other people that are connecting as their usernames, but not everyone is. This leads me to believe that Winbind is working correctly, but that sometimes it doesn't try to auth this people. Any ideas on how that works? Third and final question. As I am using winbind I have noticed that is seems to start out as having you in the lowest of the the groups that you are in. Take this as an example: BrentNorris -> Domain Users, Domain Admins, ITS_GROUP and three shares one with permissions for Domain Users, one for ITS_GROUP and one for Domain Admins. If I first connect to the share for Domain Users and run a smbstatus it shows that I am in the Domain Users Group, if next I go to the ITS_GROUP share it shows me as being in that, and then finally if I go to the Domain Admins share it shows me as being in that. The question I have about it revolves around this though. I have some people that would only be in say the Domain Users and ITS_GROUP and when they try to connect to the ITS_GROUP share it say that they do not have permission to do so. It is like winbind never moves them up to the next group. instead they are stuck as Domain Users. Anyone have any ideas as to why that might be? Thanks and sorry for the long-ish email, Brent From Eric.Wallace at nsc.com Wed Nov 28 13:40:03 2001 From: Eric.Wallace at nsc.com (Eric Wallace) Date: Tue Dec 2 02:37:00 2003 Subject: Samba domain logins in security=server mode Message-ID: < "09BB43C05591C327*/c=US/admd= /prmd=National/o=notes/ou=Americas/s=Wallace/g=Eric/"@MHS> > (NT logging leaves a _lot_ to be desired, but I digress) Try turning on auditing for "Logon/Logoff" and "User and Group Management" under NT's "User Mangler for Domains" ("Policies" menu, "Audit..."). You'll get plenty of events logged this way. However, if you're using "security=server" your Samba server doesn't need an NT domain machine account, so you're right in saying that it didn't use it. > read_socket_data: recv failure for 4. Error = No route to host This is a guess, but it looks like a network connectivity problem... Can you find the server with 'nmblookup PDCNAME'? You should get an IP address back. If you don't, maybe try the option '-d 3' to get debugging output on the steps it took to look for the NetBIOS name. Can you ping that IP address? Consistently? If not, you've got routing problems. Please check out the DIAGNOSIS.txt file in the 'textdocs' directory (and maybe ftp://ftp.stratus.com/pub/vos/customers/samba/SAMBA_Troubleshooting.rtf) for more troubleshooting tips. Eric W. Wallace National Semiconductor/Maine I.S. Infrastructure Sr. System Engineer eric.wallace@nsc.com From gboug at unico.com.au Wed Nov 28 17:23:05 2001 From: gboug at unico.com.au (Greg Boug) Date: Tue Dec 2 02:37:00 2003 Subject: Samba domain logins in security=server mode In-Reply-To: < "09BB43C05591C327*/c=US/admd= /prmd=National/o=notes/ou=Americas/s=Wallace/g=Eric/"@MHS> Message-ID: <000b01c17873$8d91cf80$6564a8c0@pc.unico.com.au> > > (NT logging leaves a _lot_ to be desired, but I digress) > Try turning on auditing for "Logon/Logoff" and "User and Group > Management" under NT's "User Mangler for Domains" ("Policies" menu, "Audit..."). > You'll get plenty of events logged this way. > However, if you're using "security=server" your Samba server > doesn't need an NT > domain machine account, so you're right in saying that it didn't use it. Yes, but the NT workstation requires a valid computer account. I have created one on both the NT server and on the Samba "proxy" and that is when I get the above error. Interestingly, if the computer account doesn't exist on the Samba proxy, the error doesn't occur. I assume that the error occurs further down the login process... > > read_socket_data: recv failure for 4. Error = No route to host > This is a guess, but it looks like a network connectivity problem... That's what I thought, but connectivity seems to be OK... Any way of figuring out _which_ host its trying to connect to? Ie. which debugging options should I try setting? > Can you find the server with 'nmblookup PDCNAME'? You should get > an IP address back. If you don't, maybe try the option '-d 3' > to get debugging output on the steps it took to look for the NetBIOS name. > Can you ping that IP address? Consistently? If not, you've got > routing problems. This isn't a problem... > Please check out the DIAGNOSIS.txt file in the 'textdocs' > directory (and maybe > ftp://ftp.stratus.com/pub/vos/customers/samba/SAMBA_Troubleshootin > g.rtf) for > more troubleshooting tips. Shall do... Thanks for the pointers :) Greg From Martin.Doule at czech.sun.com Thu Nov 29 05:00:05 2001 From: Martin.Doule at czech.sun.com (Martin.Doule) Date: Tue Dec 2 02:37:00 2003 Subject: Users RID in Samba Message-ID: Hi again. I succesfully migrated few machines from current domain PDC to Samba PDC (same domain name and SID). But I still have problems with Users RID. I can logon to domain but the users has deferent RID so they are taken as different users and has no access to previous profiles or directories with limited security. I was told that samba calculates RID from UID but it looks like my Samba PDC gives RANDOM RID when is first asked for user SID. And another problem which is probably close to previous is, that on machines that I moved from NT PDC to SAMBA PDC I'm unable to list domain users. It tolds me that domain either don't exist or cannot be contacted. If I migrate computer by creating new computer account then this works fine. And last thins is that suddenly machines are unable to write profiles. It worked before, on Unix side I tried to give on that dirs full rights for everyone(!) but with no success. Bellow is my test smb.conf. Please have a patience with me and help me to resolve this as I'm unable to resolve it by myself. I was unable to find any related info on NET and I really don't wat to migrate more than 200 computers and users one week before chrismas ;(. smb.conf: [global] log level = 3 workgroup = PRAGUE netbios name = SUPERSAMBA server string = PDC samba 2.2.2. encrypt passwords = Yes large readwrite = Yes domain admin group = @ntadm logon path = \\supersamba\profile\%U domain logons = Yes local master = yes os level = 34 domain master = yes ;wins server = 129.156.76.6 wins support = yes preferred master = yes [netlogon] path = /samba/netlogon write list = root, @ntadm [profiles] path = /samba/profile read only = No create mask = 0600 directory mask = 0700 Martin Doule System Administrator, Forte Tools Sun Microsystems Czech, s.r.o. Software System Group Evropska 33e 160 00 Prague 6 Tel: +420-2-33009193 Internal: x49193 Fax: +420-2-33009299 Mobile: +420-606-625752 From mike at jurney.org Thu Nov 29 05:11:04 2001 From: mike at jurney.org (mike@jurney.org) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange Message-ID: Hello, I'm in the process of migrating an NT domain to a samba 2.2.2 PDC, and the only lingering problem I'm having is with Exchange. The impression I get from various list archives is that samba 2.2.2 won't be an exchange PDC, though TNG will. I'd prefer to use the 2.2.2 tree if at all possible, but I'd like to know if I'm just spinning my wheels. If anyone has information about whether 2.2.2 will or will not be a PDC for MS Exchange, I would very much appreciate hearing it. Thanks. -- Michael D. Jurney mike@jurney.org From Arne at mediaventures.be Thu Nov 29 05:47:02 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange Message-ID: Hello Mike, I'm using a MS Exchange 5.5 exchange on a NT Server SP 6 as stand-alone server and member of the domain and Samba 2.2.2 cvs as PDC. I did not have to change or add a lot of mailbox-accounts since then. But it shure works OK as such. So, partially it is possible. Arne -----Oorspronkelijk bericht----- Van: mike@jurney.org [mailto:mike@jurney.org] Verzonden: Thursday, November 29, 2001 2:11 PM Aan: samba-ntdom@lists.samba.org Onderwerp: Samba 2.2.2 PDC and MS Exchange Hello, I'm in the process of migrating an NT domain to a samba 2.2.2 PDC, and the only lingering problem I'm having is with Exchange. The impression I get from various list archives is that samba 2.2.2 won't be an exchange PDC, though TNG will. I'd prefer to use the 2.2.2 tree if at all possible, but I'd like to know if I'm just spinning my wheels. If anyone has information about whether 2.2.2 will or will not be a PDC for MS Exchange, I would very much appreciate hearing it. Thanks. -- Michael D. Jurney mike@jurney.org From mike at jurney.org Thu Nov 29 06:17:02 2001 From: mike at jurney.org (mike@jurney.org) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange In-Reply-To: Message-ID: On Thu, 29 Nov 2001, Arne Van Renterghem wrote: > Hello Mike, > > I'm using a MS Exchange 5.5 exchange on a NT Server SP 6 as stand-alone > server and member of the domain and Samba 2.2.2 cvs as PDC. I did not have > to change or add a lot of mailbox-accounts since then. But it shure works OK > as such. So, partially it is possible. Thanks for the reply. One question: Did you migrate an existing NT-controlled domain and Exchange system to the samba PDC, or did you start with samba? The Exchange conversion is the last part of this migration that's giving me problems at this point, and I'm wondering if I'm missing something conceptually. -- Michael D. Jurney mike@jurney.org From Arne at mediaventures.be Thu Nov 29 06:26:03 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange Message-ID: I migrated because of a big crash on my exchange server that was also PDC. So there eisted a domain, but since I lost my PDC, i had to migrate everything to a new PDC. So I started the PDC (Samba) first (version 2.1a) first and then reinstalled the exchange server on the new domain (there is no other way, exchange server requires a domainserver). I did have some problems with the accounts in relation to their respective mailboxes, which I solved using some of the commandline commands of exchange (or was it exmerge ?). Is you problem also related to this ? Arne -----Oorspronkelijk bericht----- Van: mike@jurney.org [mailto:mike@jurney.org] Verzonden: Thursday, November 29, 2001 3:17 PM Aan: Arne Van Renterghem CC: SAMBA LIST (E-mail) Onderwerp: RE: Samba 2.2.2 PDC and MS Exchange On Thu, 29 Nov 2001, Arne Van Renterghem wrote: > Hello Mike, > > I'm using a MS Exchange 5.5 exchange on a NT Server SP 6 as stand-alone > server and member of the domain and Samba 2.2.2 cvs as PDC. I did not have > to change or add a lot of mailbox-accounts since then. But it shure works OK > as such. So, partially it is possible. Thanks for the reply. One question: Did you migrate an existing NT-controlled domain and Exchange system to the samba PDC, or did you start with samba? The Exchange conversion is the last part of this migration that's giving me problems at this point, and I'm wondering if I'm missing something conceptually. -- Michael D. Jurney mike@jurney.org From mike at jurney.org Thu Nov 29 06:42:19 2001 From: mike at jurney.org (mike@jurney.org) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange In-Reply-To: Message-ID: On Thu, 29 Nov 2001, Arne Van Renterghem wrote: > I migrated because of a big crash on my exchange server that was also PDC. > So there eisted a domain, but since I lost my PDC, i had to migrate > everything to a new PDC. So I started the PDC (Samba) first (version 2.1a) > first and then reinstalled the exchange server on the new domain (there is > no other way, exchange server requires a domainserver). I did have some > problems with the accounts in relation to their respective mailboxes, which > I solved using some of the commandline commands of exchange (or was it > exmerge ?). Is you problem also related to this ? Eerie, we're migrating off of a single exchange/pdc machine right now because the thought of a big crash is so scary :) Thus far we've been trying to move Exchange to a new system, then bring the old PDC down, the samba PDC up, and log in with the Exchange system. It looks like I need to try bringing the old PDC down, bringing the new PDC up, then doing the Exchange install/move. Thanks very much for the help, this is definitely something new to try. Do you remember anything about the commandline commands you used or anything specific about the mailbox problems you ran into? -- Michael D. Jurney mike@jurney.org From Arne at mediaventures.be Thu Nov 29 07:00:05 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange Message-ID: This is out of memory so beware and doublecheck: I think the most important command was "isinteg -patch", which is something like converting/patching the mailboxes to the new usernames/domain (I believe the names need to be the same, but the domain can be different). Another way is to use the exmerge utility which extracts the mailboxes from the current exchange server and can add the to the new server (usernames have to exist again). There seems to be a possibility using move mailboxes, but perhaps you have to create a trust domain account there, which Samba cannot do. I also found some article on www.windows2000faq.com/Articles/Index.cfm "How do I move Exchange server to a new server?" In the microsoft knowledge base there are several articles outlining more or less similar things. ********** The problem I found was that most solutions only worked if the exchange server was also running. But that was just my problem, the information store did not want to start because it was not consistent with the domain I was trying to start it in. That's where this isinteg -patch came in (the store does not need to be started. I do remember making first a blank install, then creating the users (?), stopping the services and then replacing the information stores and then running isinteg -patch and at last trying to start the store service. It was done in one night (but I did have some experience from a previous crash ...) ********* Arne -----Oorspronkelijk bericht----- Van: mike@jurney.org [mailto:mike@jurney.org] Verzonden: Thursday, November 29, 2001 3:41 PM Aan: Arne Van Renterghem CC: SAMBA LIST (E-mail) Onderwerp: RE: Samba 2.2.2 PDC and MS Exchange On Thu, 29 Nov 2001, Arne Van Renterghem wrote: > I migrated because of a big crash on my exchange server that was also PDC. > So there eisted a domain, but since I lost my PDC, i had to migrate > everything to a new PDC. So I started the PDC (Samba) first (version 2.1a) > first and then reinstalled the exchange server on the new domain (there is > no other way, exchange server requires a domainserver). I did have some > problems with the accounts in relation to their respective mailboxes, which > I solved using some of the commandline commands of exchange (or was it > exmerge ?). Is you problem also related to this ? Eerie, we're migrating off of a single exchange/pdc machine right now because the thought of a big crash is so scary :) Thus far we've been trying to move Exchange to a new system, then bring the old PDC down, the samba PDC up, and log in with the Exchange system. It looks like I need to try bringing the old PDC down, bringing the new PDC up, then doing the Exchange install/move. Thanks very much for the help, this is definitely something new to try. Do you remember anything about the commandline commands you used or anything specific about the mailbox problems you ran into? -- Michael D. Jurney mike@jurney.org From Arne at mediaventures.be Thu Nov 29 07:01:04 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:37:00 2003 Subject: Samba 2.2.2 PDC and MS Exchange Message-ID: I just found also: Isinteg - patch should be run if you get a -1011 error message (eventviewer) Arne -----Oorspronkelijk bericht----- Van: mike@jurney.org [mailto:mike@jurney.org] Verzonden: Thursday, November 29, 2001 3:41 PM Aan: Arne Van Renterghem CC: SAMBA LIST (E-mail) Onderwerp: RE: Samba 2.2.2 PDC and MS Exchange On Thu, 29 Nov 2001, Arne Van Renterghem wrote: > I migrated because of a big crash on my exchange server that was also PDC. > So there eisted a domain, but since I lost my PDC, i had to migrate > everything to a new PDC. So I started the PDC (Samba) first (version 2.1a) > first and then reinstalled the exchange server on the new domain (there is > no other way, exchange server requires a domainserver). I did have some > problems with the accounts in relation to their respective mailboxes, which > I solved using some of the commandline commands of exchange (or was it > exmerge ?). Is you problem also related to this ? Eerie, we're migrating off of a single exchange/pdc machine right now because the thought of a big crash is so scary :) Thus far we've been trying to move Exchange to a new system, then bring the old PDC down, the samba PDC up, and log in with the Exchange system. It looks like I need to try bringing the old PDC down, bringing the new PDC up, then doing the Exchange install/move. Thanks very much for the help, this is definitely something new to try. Do you remember anything about the commandline commands you used or anything specific about the mailbox problems you ran into? -- Michael D. Jurney mike@jurney.org From daniel at systemexploit.org Thu Nov 29 07:22:03 2001 From: daniel at systemexploit.org (Daniel Frencham) Date: Tue Dec 2 02:37:00 2003 Subject: browsing mystery.... References: <01C174E1.9EEB7820.Sebastian.Trahm@alcatel.de> <004401c176d4$96eec7e0$0200000a@w2k> Message-ID: <003a01c178e9$a01b6eb0$c954000a@ocean> I have the exact same problem. It's been driving me insane. I'm using a 3 router setup, with multiple subnets. The core router is the DHCP server and PDC. Dan ----- Original Message ----- From: "samba-ntdom" To: Sent: Tuesday, November 27, 2001 9:45 AM Subject: Re: browsing mystery.... > Hi, Sebastian > Thanks for your response, I'm also trying to solve the problem... > Anyway, it's nice to hear I'm not alone.....hehe > I just can't understand why this problem apparently is so rare.... > > > ----- Original Message ----- > From: "Sebastian Trahm" > To: > Cc: > Sent: Saturday, November 24, 2001 11:14 AM > Subject: AW: browsing mystery.... > > > > Hi, > > > > no, we couldn't solve the problem 'til today. Our workgroup was build up > on > > three subnetworks, for every subnetwork we configured a > local-master-browser > > and one subnetwork had the domain-master-browser. After a time we were > > able to see all the host from the "other side" within our "whole" > workgroup, but trying > > to connect to them failed with an error message, that the requested host > couldn't > > be found. We paused the trial & error method; now going to test only with > two > > subnets, simple routing between, trying another OS; > > > > If i get any further results on it, you will here from me, the only > problem is the effort of time. > > > > > > > > take care, > > > > Sebastian > > inthisdefiance@gmx.net > > sebastian.trahm@alcatel.de > > > > > > > > > > From mess at iht-ii.rwth-aachen.de Thu Nov 29 07:22:34 2001 From: mess at iht-ii.rwth-aachen.de (Michael =?iso-8859-1?Q?Me=DF?=) Date: Tue Dec 2 02:37:00 2003 Subject: Machine Accounts References: <1005219308.29315.39.camel@sprocket> Message-ID: <3C065249.4BFC1D20@iht-ii.rwth-aachen.de> I have a similar problem. I want to exchange a samba PDC server (samba 2.2.1a and too small harddisk) with a new one with a bigger harddisk and samba 2.2.2 installed. When I try to login to the Domain using the new PDC server from an NT-machine which has been installed with the old server, I get the message: "Sie k?nnen nicht angemeldet werden (C000019B) Versuchen Sie es erneut oder wenden Sie sich an einen Systemadministrator." (Translation: You cannot login (C000019B). Try again or ask your System administrator). This happens, when I try to login with correct user and password. If I mistype the password, then I get another error message (the one which always comes with wrong password). What can I do, so that all Windows machines (more than 100 Workstations) will accept the new server like if it was the old one? Otherwise I have to login as Administrator to more than 100 Workstations for putting each one in the domain again with the new PDC server. Is it enough to take the old MACHINE.SID and DOMAIN.SID, or do I have to change something else? Greetings, Michael Ron McKeating wrote: > > Hi all, I was wondering if any of you could offer me some advice. I > want to use samba for our file store for about 600 student lab seats. I > cannot seem to make the automatic adding of the machine account work. I > can do it manually, but I do not want to have to visit 600 pc's and log > in manually as root. We create one image of the lab pc's and then > distribute it to the labs using multicast ghost. Basically I want to > create the ghost image so that all the machines log into our samba pdc > on boot up. We can create all our student user accounts in advance, no > problem there, but I need all the machine accounts to be automatically > created as soon as to machine tries to log in. > > Is this possible, or do I need to take a different approach? > > Ron > -- > Ron McKeating > Computing Officer > Computing Services > Loughborough University > http://www.ronmac.lboro.ac.uk/~ccrjm/ > Tel: 01509 222329 > Fax: 01509 223989 From archive at xpedite.com Thu Nov 29 08:17:02 2001 From: archive at xpedite.com (Michael Cunningham) Date: Tue Dec 2 02:37:00 2003 Subject: Samba/Samba-TNG and LDAP/PDC State? Message-ID: Hiya, I am working on converting my entire company over to using LDAP for all system authentication and information storage such as address info..etc. The unix portion of the new system is working well. I now need to figure out what is the best solution for our windows community. It consists of 400+ win95/98/ME/NT 4.0 and most likely soon.. Windows XP. Their are many domains throughout the company and no real standards. We plan on putting all systems in one or two main domains and implementing many corporate standards. In order to accomplish this.. I would like to use Samba/Samba-TNG to authenticate everything off our LDAP system and have the capability to do the following.. (according to my PC guys... I am a Unix guy) - PDC functionality - Replication of SAM database/SID from PDC to BDC - login script support/replication - Supports trust relationships between domains (NT or samba) - Supports global and local groups - Ability to add and remove machine from the domain - Store SAM database/SID in LDAP? - Wins server capability - Able to to support roaming profiles - Will allow all avaliable versions of windows to join/access the domain. What is my best choice.. Samba or Samba-TNG? I have done a ton of reading about both products but nothing seems to compare and contrast them. Any infomation you can offer will help make this critical crossroad decision. Thanks.. Mike From bgmilne at cae.co.za Thu Nov 29 08:42:10 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:37:00 2003 Subject: Samba uid to RID mapping [was Re: domain SID] Message-ID: <3C06647E.80708@cae.co.za> For fun I decided to run this util on our Samba PDC. I note that the last four digits (RID?) are for users are =1000+2*uid For example, my uid on the PDC is 501, and my full SID is: X:\win32\Utilities\Sysinternals\Pstools>psgetsid bgmilne PsGetSid v1.1 - local and remote account/machine SID displayer Copyright (C) 2000 Mark Russinovich http://www.sysinternals.com SID for \\bgmilne: -2002 Where the DOMAIN_SID is the same as that samba has in MACHINE.SID, and that retreived by X:\win32\Utilities\Sysinternals\Pstools>psgetsid Note, I have only tested this on one domain with a samba PDC and about 10 users to validate this. It would be better to look in the code ..... Buchan >Date: Wed, 28 Nov 2001 13:37:17 +0100 (Central Europe Standard Time) >From: "Martin.Doule" >To: >Cc: >Subject: Re: domain SID > > >You can get your domain SID by utility psgetsid.exe from www.sysinternals.com. >It's one of the PSTOOLS 1.5 and it's freeware. > >To get domain SID just run command 'psgetsid.exe my_domain_name'. To ensure that >you got right SID try to ask for few domain users accounts by 'psgetsid.exe >user_domain_account'. You'll have to get same numbers as domain SID except last >four digits which are users RID. > >I also suggest to not run this tool from PDC and also do not ask for users SID >if you'll have same account names on your local computer that you are running >this utility. > >CU > >Martin Doule > >System Administrator, Forte Tools Sun Microsystems Czech, s.r.o. >Software System Group Evropska 33e > 160 00 Prague 6 > >Tel: +420-2-33009193 Internal: x49193 >Fax: +420-2-33009299 Mobile: +420-606-625752 > -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From samba at nebula-sa.com.ar Thu Nov 29 09:33:07 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:37:00 2003 Subject: Usermgr for domains.... References: <022701c178fb$0c3e04c0$1a3ca8ac@jusbaires.gov.ar> Message-ID: <023c01c178fb$987df300$1a3ca8ac@jusbaires.gov.ar> im using samba2_2 CVS version dated 29/11/01 . when i use the usermanager for domains i see the users list plus a lot of garbage users without name... nothing strange appear in my log. i have 800 users.. and in group i can only see domain admins and domain users group.. but the REAL groups of my users not shown.. this is correct? will be fixed to see the groups??? the same happened with groups froma Win9x client box triying to do an ACL to a local share.. > From samba at denverdata.com Thu Nov 29 09:44:02 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:37:00 2003 Subject: Samba/Samba-TNG and LDAP/PDC State? In-Reply-To: Message-ID: Michael, I'll take a first stab at answering some of your questions. As a frame of reference, we maintain all unix user/group, and samba domain info in OpenLDAP 2.x on RH 7.1, using Samba 2.2.1a + LDAP support as PDC. All Windows clients are domain members and are some version of 2000 (SP2, Server). Plus we have a couple samba domain members. All authentication is done against ldap. We are a smal network. > > - PDC functionality Samba works great. Samba-TNG works, but I believe the intent with TNG was to prove the technology not produce a production system. > - Replication of SAM database/SID from PDC to BDC Based on comments from this list, Samba does not properly act as a BDC. > - login script support/replication Samba and TNG should both work fine > - Supports trust relationships between domains (NT or samba) Based on comments from this list, Samba does support domain trusts > - Supports global and local groups Samba supports two domain groups: Domain Admins, and Domain Users. From having read the TNG docs over time, I believe it supports the full set of domain groups. > - Ability to add and remove machine from the domain Samba and TNG both do this (must do this for PDC support) > - Store SAM database/SID in LDAP? Samba 2.2.2 has broken LDAP support. We use Samba 2.2.1a from http://sking.mesd.k12.or.us/ at our site with good results. Note that this implementation only looks to LDAP for sambaAccount objects. TNG provides broader LDAP support for domain accounts, domain groups (more?) > - Wins server capability Samba works well. Don't know about TNG. > - Able to to support roaming profiles Samba works well. Don't know about TNG. > - Will allow all avaliable versions of windows to join/access the > domain. Read the list. It seems many people have many problems with adding machines with various Windows OS to a Samba domain. I have not had any difficulty with 2K, so I leave it to yourself and others to judge. > > What is my best choice.. Samba or Samba-TNG? > One alternative I have heard suggested is combining the two, leveraging the strengths of each: TNG for PDC (account and group management, authentication) and Samba for file/print sharing. HTH, Doug From mark at bowmansystems.com Thu Nov 29 11:25:03 2001 From: mark at bowmansystems.com (Mark Rinaudo) Date: Tue Dec 2 02:37:00 2003 Subject: Permission denied problem Message-ID: <3C0638B9.7090708@bowmansystems.com> I'm currently trying to setup a PDC for a mixture of WIN 2K servers,clients Win 98/95 machines. Currently i'm using samba 2.2.2-9 on a Debian Sid box. Samba works great for shares. I'v followed the PDC how to and manually added a machine with the following $ appended and added the machine to the smbpasswd file with the -m option. When trying to join a Win 2k SP1 server to the domain I get a Error Permission Denied on opening the /etc/samba/smbpasswd file. This seems to be some sort of generic error message which isn't too helpful to me. I've been trying to find someone else with the same problem but all i found was "check the directory permissions" which on my box the root is the owner(of smbpasswd) and can read it. Samba runs as root. This is my last resort Any help would be great. I would like to end this with a thanks to the developers for samba keep up the good work! Mark Rinaudo P.S. Kernel 2.4.6 Samba 2.2.2-2 Samba-common 2.2.2-2 From samba at denverdata.com Thu Nov 29 11:39:02 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:37:00 2003 Subject: Permission denied problem In-Reply-To: <3C0638B9.7090708@bowmansystems.com> Message-ID: Mark, Did you add the root account to smbpasswd? You must add root to smbpasswd (and it must have the same password as unix account)?. Then you must use the root account and password when adding machine to domain. Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Mark Rinaudo > Sent: Thursday, November 29, 2001 6:32 AM > To: samba-ntdom@lists.samba.org > Subject: Permission denied problem > > > I'm currently trying to setup a PDC for a mixture of WIN 2K > servers,clients Win 98/95 machines. Currently i'm using > samba 2.2.2-9 on a Debian Sid box. Samba works great for shares. I'v > followed the PDC how to and manually added a machine with the following > $ appended and added the machine to the smbpasswd file with the -m > option. When trying to join a Win 2k SP1 server to the domain I get a > Error Permission Denied on opening the /etc/samba/smbpasswd file. This > seems to be some sort of generic error message which isn't too helpful > to me. I've been trying to find someone else with the same problem but > all i found was "check the directory permissions" which on my box the > root is the owner(of smbpasswd) and can read it. Samba runs as root. > This is my last resort Any help would be great. I would like to end > this with a thanks to the developers for samba keep up the good work! > > > > Mark Rinaudo > P.S. Kernel 2.4.6 > Samba 2.2.2-2 > Samba-common 2.2.2-2 > > > From amoote at fpelectronics.com Thu Nov 29 11:52:04 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:37:00 2003 Subject: Multiple Domains and WINS Message-ID: Here's the lowdown folks: I have a bunch of servers running Samba with NTDOM emulation. I have 3 offices all connected through an IP VPN and each office's Samba Domain points to one central WINS server. I am wondering if there is a more efficient manner where I can use 3 WINS servers and have them see one another? I want Network Neighbourhood to report all of the domains (worksgroups) regardless of geographical location. I was playing around with the wins proxy parameter but I think I have confused myself. I was thinking the best way to configure it would be to have each of the remote networks reference their local system as PRIMARY WINS and have those WINS servers reference one another. Is this possible? If you've stayed with me through this, you'll clearly see why I am getting mixed up. Sorry if I did the same to you. Thanks in advance. Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From r.garth at uws.edu.au Thu Nov 29 13:20:16 2001 From: r.garth at uws.edu.au (Rob Garth) Date: Tue Dec 2 02:37:00 2003 Subject: Joining a windows 2000 PDC Message-ID: I am having a problem beocming a domain member with samba 2.2.2 on solaris 8. I have 2 samba severs - one on redhat7.1, the other on solaris. The smb.conf file, is identical on both, and I followed the domumented procedure for becoming a domain member and completed each step on both machines the same. I also have an lmhosts file, again identical on each server Both respond to joining the domain. However, the samba server on redhat allows doman level authentication. The solaris server does not. The error message is as follows: [2001/11/29 13:42:51, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [2001/11/29 13:42:51, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) cli_nt_setup_creds: auth2 challenge failed [2001/11/29 13:42:51, 0] smbd/password.c:connect_to_domain_password_server(1371) connect_to_domain_password_server: unable to setup the PDC credentials to machine W2K-BLK-LABS.UWS.EDU.AU. Error was : NT_STATUS_ACCESS_DENIED. [2001/11/29 13:42:51, 0] smbd/password.c:domain_client_validate(1591) domain_client_validate: Domain password server not available. One thing I noticed - The win2k PDC shows the redhat machine as a NT4.0 server, it doesn't report the Os of the solaris server. From dhighley at highley-recommended.com Thu Nov 29 13:54:03 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:00 2003 Subject: Joining a windows 2000 PDC In-Reply-To: from "Rob Garth" at Nov 30, 2001 08:16:52 AM Message-ID: <200111292151.fATLpw1U028826@hemlock.highley-recommended.com> "Rob Garth wrote:" > > I am having a problem beocming a domain member with samba 2.2.2 on solaris > 8. > > I have 2 samba severs - one on redhat7.1, the other on solaris. The > smb.conf file, is identical on both, and I followed the domumented > procedure for becoming a domain member and completed each step on both > machines the same. I also have an lmhosts file, again identical on each > server You can't have two PDCs for the same domain. Samba does not support a BDC yet, so the second Samba server up should fail. > > Both respond to joining the domain. However, the samba server on redhat > allows doman level authentication. The solaris server does not. The error > message is as follows: > > [2001/11/29 13:42:51, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > [2001/11/29 13:42:51, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) > cli_nt_setup_creds: auth2 challenge failed > [2001/11/29 13:42:51, 0] > smbd/password.c:connect_to_domain_password_server(1371) > connect_to_domain_password_server: unable to setup the PDC credentials to > machine W2K-BLK-LABS.UWS.EDU.AU. Error was : NT_STATUS_ACCESS_DENIED. > [2001/11/29 13:42:51, 0] smbd/password.c:domain_client_validate(1591) > domain_client_validate: Domain password server not available. > > One thing I noticed - The win2k PDC shows the redhat machine as a NT4.0 > server, it doesn't report the Os of the solaris server. > > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From r.garth at uws.edu.au Thu Nov 29 14:50:04 2001 From: r.garth at uws.edu.au (Rob Garth) Date: Tue Dec 2 02:37:00 2003 Subject: Joining a windows 2000 PDC In-Reply-To: <200111292151.fATLpw1U028826@hemlock.highley-recommended.com> References: <200111292151.fATLpw1U028826@hemlock.highley-recommended.com> Message-ID: <200111292248.fATMmNj18012@cooper.uws.edu.au> Neither are PDCs Our PDC is a windows2000 box - with Novell e-directory. I am simply trying to join as a member of the domain and authenticate to the win2k box using domain level authentication. The red-hat box joins and authenticates. The solaris box will join but cannot use security = domain. And as already said - smb.conf, and lmhosts are identical on both. And both are on the same subnet as each other and the PDC. Cheers, Rob. On Fri, 30 Nov 2001 08:51, you wrote: > "Rob Garth wrote:" > > > I am having a problem beocming a domain member with samba 2.2.2 on > > solaris 8. > > > > I have 2 samba severs - one on redhat7.1, the other on solaris. The > > smb.conf file, is identical on both, and I followed the domumented > > procedure for becoming a domain member and completed each step on both > > machines the same. I also have an lmhosts file, again identical on each > > server > > You can't have two PDCs for the same domain. Samba does not support a > BDC yet, so the second Samba server up should fail. > > > Both respond to joining the domain. However, the samba server on redhat > > allows doman level authentication. The solaris server does not. The error > > message is as follows: > > > > [2001/11/29 13:42:51, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) > > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > > [2001/11/29 13:42:51, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) > > cli_nt_setup_creds: auth2 challenge failed > > [2001/11/29 13:42:51, 0] > > smbd/password.c:connect_to_domain_password_server(1371) > > connect_to_domain_password_server: unable to setup the PDC credentials to > > machine W2K-BLK-LABS.UWS.EDU.AU. Error was : NT_STATUS_ACCESS_DENIED. > > [2001/11/29 13:42:51, 0] smbd/password.c:domain_client_validate(1591) > > domain_client_validate: Domain password server not available. > > > > One thing I noticed - The win2k PDC shows the redhat machine as a NT4.0 > > server, it doesn't report the Os of the solaris server. From tclin at iis.sinica.edu.tw Thu Nov 29 20:04:05 2001 From: tclin at iis.sinica.edu.tw (Tsung Ching) Date: Tue Dec 2 02:37:00 2003 Subject: samba pdc Message-ID: <000501c17953$d6ba61f0$8e146d8c@TCLIN> i had set up a samba pdc under FreeBSD, and used /usr/ports to install samba. i can join my windows xp client into the domain, but i can't logon the domain by samba users. smb.conf as followed ================================ [global] client code page = 950 workgroup = TCLINDOMAIN netbios name = VMWARE server string = encrypt passwords = Yes update encrypted = Yes passwd program = /usr/bin/passwd %u log level = 3 syslog = 3 log file = /var/log/log.%m domain admin group = root, @wheel add user script = /home/netlogon/scripts/smbaddmachine %u delete user script = /usr/sbin/rmuser -y %u logon script = scripts\default.bat domain logons = Yes os level = 65 valid users = root, @wheel, @smbusers admin users = root, tclin, @wheel [homes] read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /home/netlogon ================================== i had set the registry key 'RequireSignOrSeal' with value 0 when i was trying to logon, it showed a messagebox to inform me that it can't connect to domain controller or machine account doesn't exist.... by the way, smbaddmachine is a program i wrote using C language, it can add a user account or machine account into /etc/master.passwd. thank for you help... :) tsung ching From kpierre at fit.edu Thu Nov 29 20:05:02 2001 From: kpierre at fit.edu (Kervin Pierre) Date: Tue Dec 2 02:37:00 2003 Subject: Samba/Samba-TNG and LDAP/PDC State? References: Message-ID: <3C07064B.40400@fit.edu> Hi, Are you using Win2K in "native mode" or the NT4 compartible "mixed mode"? Can Samba serve as a PDC in a Win2K "native mode" domain? I am not very familar with Win2K, but I was told that Win2K "native mode" does not have a PDC perse but may have multiple PDCs, can Samba act has one of those? I'm trying to integrate Win2K into our ldap/UNIX network. I'm hoping that Samba can be used as a sought of "gateway" or "bridge" by using LDAP as it's back-end while supplying authenication services to the Win2K domain. --Kervin Doug Douglass wrote: > Michael, > > I'll take a first stab at answering some of your questions. > > As a frame of reference, we maintain all unix user/group, and samba domain > info in OpenLDAP 2.x on RH 7.1, using Samba 2.2.1a + LDAP support as PDC. > All Windows clients are domain members and are some version of 2000 (SP2, > Server). Plus we have a couple samba domain members. All authentication is > done against ldap. We are a smal network. > > >> - PDC functionality >> > > Samba works great. Samba-TNG works, but I believe the intent with TNG was to > prove the technology not produce a production system. > > >> - Replication of SAM database/SID from PDC to BDC >> > > Based on comments from this list, Samba does not properly act as a BDC. > > >> - login script support/replication >> > > Samba and TNG should both work fine > > >> - Supports trust relationships between domains (NT or samba) >> > > Based on comments from this list, Samba does support domain trusts > > >> - Supports global and local groups >> > > Samba supports two domain groups: Domain Admins, and Domain Users. From > having read the TNG docs over time, I believe it supports the full set of > domain groups. > > >> - Ability to add and remove machine from the domain >> > > Samba and TNG both do this (must do this for PDC support) > > >> - Store SAM database/SID in LDAP? >> > > Samba 2.2.2 has broken LDAP support. We use Samba 2.2.1a from > http://sking.mesd.k12.or.us/ at our site with good results. Note that this > implementation only looks to LDAP for sambaAccount objects. > > TNG provides broader LDAP support for domain accounts, domain groups (more?) > > >> - Wins server capability >> > > Samba works well. Don't know about TNG. > > >> - Able to to support roaming profiles >> > > Samba works well. Don't know about TNG. > > >> - Will allow all avaliable versions of windows to join/access the >> domain. >> > > Read the list. It seems many people have many problems with adding machines > with various Windows OS to a Samba domain. I have not had any difficulty > with 2K, so I leave it to yourself and others to judge. > > >>What is my best choice.. Samba or Samba-TNG? >> >> > > One alternative I have heard suggested is combining the two, leveraging the > strengths of each: TNG for PDC (account and group management, > authentication) and Samba for file/print sharing. > > HTH, > Doug > > > > From tarjei at nu.no Fri Nov 30 01:09:08 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:37:01 2003 Subject: Samba/Samba-TNG and LDAP/PDC State? In-Reply-To: <3C07064B.40400@fit.edu> References: <3C07064B.40400@fit.edu> Message-ID: <15514.213.145.182.56.1007111218.squirrel@mail.nu.no> > Are you using Win2K in "native mode" or the NT4 compartible "mixed > mode"? Isn't W2K native mode Kerberos? If so, none of the sambas can do it(native mode) today (AFAIK), but there's an effort to develop one going on. > Can Samba serve as a PDC in a Win2K "native mode" domain? Not yet. > I'm trying to integrate Win2K into our ldap/UNIX network. I'm hoping > that Samba can be used as a sought of "gateway" or "bridge" by using > LDAP as it's back-end while supplying authenication services to the > Win2K domain. Remember that you'll need to store the NT/LM passwords i the ldap entry. Else from that, Samba will do the job :) Tarjie > > --Kervin > > > Doug Douglass wrote: > >> Michael, >> >> I'll take a first stab at answering some of your questions. >> >> As a frame of reference, we maintain all unix user/group, and samba >> domain info in OpenLDAP 2.x on RH 7.1, using Samba 2.2.1a + LDAP >> support as PDC. All Windows clients are domain members and are some >> version of 2000 (SP2, Server). Plus we have a couple samba domain >> members. All authentication is done against ldap. We are a smal >> network. >> >> >>> - PDC functionality >>> >> >> Samba works great. Samba-TNG works, but I believe the intent with TNG >> was to prove the technology not produce a production system. >> >> >>> - Replication of SAM database/SID from PDC to BDC >>> >> >> Based on comments from this list, Samba does not properly act as a >> BDC. >> >> >>> - login script support/replication >>> >> >> Samba and TNG should both work fine >> >> >>> - Supports trust relationships between domains (NT or samba) >>> >> >> Based on comments from this list, Samba does support domain trusts >> >> >>> - Supports global and local groups >>> >> >> Samba supports two domain groups: Domain Admins, and Domain Users. >> From having read the TNG docs over time, I believe it supports the >> full set of domain groups. >> >> >>> - Ability to add and remove machine from the domain >>> >> >> Samba and TNG both do this (must do this for PDC support) >> >> >>> - Store SAM database/SID in LDAP? >>> >> >> Samba 2.2.2 has broken LDAP support. We use Samba 2.2.1a from >> http://sking.mesd.k12.or.us/ at our site with good results. Note that >> this implementation only looks to LDAP for sambaAccount objects. >> >> TNG provides broader LDAP support for domain accounts, domain groups >> (more?) >> >> >>> - Wins server capability >>> >> >> Samba works well. Don't know about TNG. >> >> >>> - Able to to support roaming profiles >>> >> >> Samba works well. Don't know about TNG. >> >> >>> - Will allow all avaliable versions of windows to join/access the >>> domain. >>> >> >> Read the list. It seems many people have many problems with adding >> machines with various Windows OS to a Samba domain. I have not had any >> difficulty with 2K, so I leave it to yourself and others to judge. >> >> >>>What is my best choice.. Samba or Samba-TNG? >>> >>> >> >> One alternative I have heard suggested is combining the two, >> leveraging the strengths of each: TNG for PDC (account and group >> management, >> authentication) and Samba for file/print sharing. >> >> HTH, >> Doug >> >> >> >> ____________________ Tarjei Huse 920 63 413 From bgmilne at cae.co.za Fri Nov 30 02:11:13 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:37:01 2003 Subject: Samba/Samba-TNG and LDAP/PDC State? Message-ID: <3C075A53.7050902@cae.co.za> Most of your questions have been answered, I just have one or two comments: >Message: 13 >Date: Thu, 29 Nov 2001 10:34:23 -0500 (EST) >From: Michael Cunningham >To: samba-ntdom@lists.samba.org >Subject: Samba/Samba-TNG and LDAP/PDC State? > >Hiya, > >I am working on converting my entire company over >to using LDAP for all system authentication and information >storage such as address info..etc. The unix portion >of the new system is working well. I now need to figure >out what is the best solution for our windows community. > >It consists of 400+ win95/98/ME/NT 4.0 and most likely soon.. >Windows XP. Their are many domains throughout the company >and no real standards. We plan on putting all systems in >one or two main domains and implementing many corporate standards. >In order to accomplish this.. I would like to use Samba/Samba-TNG >to authenticate everything off our LDAP system and have the capability to >do the following.. (according to my PC guys... I am a Unix guy) > > - PDC functionality > - Replication of SAM database/SID from PDC to BDC > Why do you need a BDC? BDC's are only required for systems where you expect the PDC to go down. There are also other means of accomplishing failover PDC functionality. > > - login script support/replication > - Supports trust relationships between domains (NT or samba) > Samba does not support trust relationships yet. But if you keep smbpasswd's in LDAP, you can have trust-relationship-like functionality between samba servers. > - Supports global and local groups > Not for clients, but if you can store all files on samba servers, unix groups are available. > > - Ability to add and remove machine from the domain > samba-2.2.2 supports WinXP. Not sure about TNG > > - Store SAM database/SID in LDAP? > There are patches for samba-2.2.2 that do this, don't have a link hany now, but it should be in the archives. > > - Wins server capability > - Able to to support roaming profiles > - Will allow all avaliable versions of windows to join/access the > domain. > >What is my best choice.. Samba or Samba-TNG? > >I have done a ton of reading about both products but nothing seems to >compare and contrast them. Any infomation you can offer will help >make this critical crossroad decision. > The other thing is that samba suports ACLs on ACL capable filesystems (notably XFS, or ext with patches), which TNG does not. This should be a further concern or your pc guys. -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From udippel at yahoo.com Fri Nov 30 02:12:04 2001 From: udippel at yahoo.com (Uwe Dippel) Date: Tue Dec 2 02:37:01 2003 Subject: Samba and iptables Message-ID: <20011130101031.65453.qmail@web14003.mail.yahoo.com> Slightly off the track: I have a packet filter running on iptables to keep intruders out. My *outside* network is a private network (University) in the 172.20 range and my inside network on 192.168.0. Everything is fine, except that Samba (running on the inside network) is not accessable from 172 (I cannot share files to my students). I cannot log on to the Domain (PDC) through the filter neither. Did anyone ever come across such a setup? Is it possible at all and how would I have to configure Samba in case it is possible? (So far I opened all ports, cleared all tables, MASQUERADE, without success) Curious, Uwe __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 From venkat at manakkal.com Fri Nov 30 08:23:01 2001 From: venkat at manakkal.com (Venkat Manakkal) Date: Tue Dec 2 02:37:01 2003 Subject: Win2KSP2 + hotfixes (pre SP3) - Joining Samba domain RH7.2 Message-ID: <5.1.0.14.0.20011130110128.00ada3e8@mail.manakkal.com> Hello Folks, I am not a list member, but I thought that this will be useful information to those running Samba PDCs. I just got a new Dell Win2K box with SP2 installed, I ran all the critical updates from windowsupdate and tried to add the computer: I got this error "The following error occurred when joining domain DOMAINNAME: The account used is a computer account, Use your global user account or local user account to access this server". When I checked the PDC, the Linux machine user existed, as well as the smbpasswd user - with one difference - the SMB user password was set to "NO PASSWORD". Manually ading the machine did not help. Puzzled, since I had Win2K SP2 adding to the domain, I messed around with settings on the Samba server to no avail. Then I tested adding an NT machine with my original settings on the Samba PDC and it worked smoothly. I then checked adding another machine which had been running stand alone with all the critical updates - this machine would not add also. Checking the added pre-SP3 hotfixes on the new Dell box - I removed the one and only hotfix (and darn, I did not write down the Q number). The machine added smoothly after that. So I went back to the other stand alone box (which had a ton of hot fixes since it was patched via windows update from the base Win2K), I selected the hotfix that looked closest to the number I thought I remembered: Q 285851. Reboot, and then the machine added fine. I re-updated the machines via critical update, and they run fine. Remember that you need to remove both the Linux machine user "userdel machine$" and the corresponding line in smbpasswd before re-trying the machine add. Reading through the list, it looks like we have some more Windoze incompatibilities as microsoft continues to fix and break things. I suspect some of the other errors reported on the list are due to having too up-to-date a Win2K distro. Hope someone finds this useful. Best regards, ---Venkat. Venkat Manakkal President, Manakkal & Associates, Inc. http://www.manakkal.com/ Tel: 607-546-7300 Fax: 509-471-5693 Cell: 603-321-9870 From elric at elric.net Fri Nov 30 08:53:04 2001 From: elric at elric.net (Whitewolf) Date: Tue Dec 2 02:37:01 2003 Subject: HELP. 2.2.2 PDC with NIS Message-ID: <002101c179bf$4375e9c0$ee76a8c0@cicadasemi.com> Ok, I have searched the archives and done numerous trials to get this working and it isn't. Situation: Linux running NIS (for other Unix systems info, users, automounts etc) which works just fine. Samba running in Share access mode, using users and unix permissions with plain text passwords. Needed: What I need is to have a samba PDC which will use the NIS information for usernames and passwords for domain authentication. If I use smbpasswd then this will no longer allow the NIS information to be used. Has anyone gotten a NIS server to act as the PDC and use the Unix NIS to authenticate users on the domain? I would like to keep the NIS as it is.. and just add the PDC functions to samba. I have searched through web pages and archives to no avail. If anyone has an NIS master server acting as a PDC and using the NIS to authenticate users on the domain please let me know. If this is NOT possible please let me know. Thanks for any help... Brent -------------- next part -------------- HTML attachment scrubbed and removed From dhighley at highley-recommended.com Fri Nov 30 09:08:04 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:01 2003 Subject: HELP. 2.2.2 PDC with NIS In-Reply-To: <002101c179bf$4375e9c0$ee76a8c0@cicadasemi.com> from "Whitewolf" at Nov 30, 2001 10:51:25 AM Message-ID: <200111301706.fAUH6uJc012910@hemlock.highley-recommended.com> "Whitewolf wrote:" Modify your e-mail settings to send plain text and not duplicates of html. > Ok, I have searched the archives and done numerous trials to get this = > working and it isn't. > > Situation: Linux running NIS (for other Unix systems info, users, = > automounts etc) which works > just fine. Samba running in Share access mode, using users and unix = > permissions with plain > text passwords.=20 Should be using encrypted passwords. > > Needed: What I need is to have a samba PDC which will use the NIS = > information for usernames > and passwords for domain authentication. If I use smbpasswd then this = > will no longer allow the=20 > NIS information to be used.=20 From dhighley at highley-recommended.com Fri Nov 30 09:23:02 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:01 2003 Subject: Samba and iptables In-Reply-To: <20011130101031.65453.qmail@web14003.mail.yahoo.com> from "Uwe Dippel" at Nov 30, 2001 02:10:31 AM Message-ID: <200111301721.fAUHLLrW013028@hemlock.highley-recommended.com> "Uwe Dippel wrote:" > > Slightly off the track: > I have a packet filter running on iptables to keep intruders out. My > *outside* network is a private network (University) in the 172.20 range > and my inside network on 192.168.0. > Everything is fine, except that Samba (running on the inside network) > is not accessable from 172 (I cannot share files to my students). I > cannot log on to the Domain (PDC) through the filter neither. > Did anyone ever come across such a setup? Is it possible at all and how > would I have to configure Samba in case it is possible? > (So far I opened all ports, cleared all tables, MASQUERADE, without > success) If memory serves me, the 192.168.0 network addresses like the 10.xxx address are not routed by default. They are expected to be a private not routed network. So unless you are using a NAT router or modify the router setting to pass those IP addresses it should not work. This is covered in one of the network RFCs. > > Curious, > > Uwe > > __________________________________________________ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From Gary at edisoninfo.com Fri Nov 30 14:06:44 2001 From: Gary at edisoninfo.com (Gary MacKay) Date: Tue Dec 2 02:37:01 2003 Subject: Directory perms Message-ID: <3C0801BF.419EEF61@edisoninfo.com> OK, I've never had a problem with this before, and now three of my clients are complaining. I can't seem to get the directory/file perms right. I have a "public" share that everyone is allowed to use however they wish. Beneath that there is a set of "nickname" directorys that only certain users can have access to. They should be able to read, but not write. //server/public (0777) chowned root:root //server/public/nickname1 (0744) chowned: root:nickname1 //server/public/nickname2 (0744) chowned: root:nickname2 //server/public/nickname3 (0744) chowned: root:nickname3 ....etc.... Same basic problem elsewhere also. I can set the share permissions in the actual directory that is shared. Works fine. I just can not figure out how to set different perms on any of the subdirectories of a share. I'd rather not share each one seperately. One some of my bigger systems, there aren't enough letters in the alphabet!! I've played around with the smb.conf settings such as "force user/group", "valid user/group", etc. but they only apply to the actual "shared" directory, not the sub's under it. - Gary From ajudge at telocity.com Fri Nov 30 14:56:02 2001 From: ajudge at telocity.com (Andrew Judge) Date: Tue Dec 2 02:37:01 2003 Subject: Red crosses on Mapped drives Message-ID: <002501c179f2$108d8080$0200a8c0@aerobuilders.com> I am getting red crosses on the mapped drives of some win2k pro machines connecting to a samba pdc. I don't have them logging into the domain and the drives are disconnecting (it happens on win2k server too). There is a parameter for win2k server to autodisconnect the drive after 15 minutes which can be changed with: net config server /autodisconnect:TIME and there is a registry key in win2k for autodisconnect set for 15 minutes. Is there something on samba that autodisconnects clients? Just wondering since I am getting autodisconnect quite a bit only by some machines. Andy Judge From erik at roxen.com Fri Nov 30 15:16:01 2001 From: erik at roxen.com (Erik Persson) Date: Tue Dec 2 02:37:01 2003 Subject: LDAP-SAM and Samba 2.2 Message-ID: Hi! I am experimenting with the PDC features of Samba 2.2 with the LDAP SAM backend. This is going fairly well, except eny attempt to join the domain fails due to some confusion within smbd concerning what the RID for the workstation account should be. To add user I use "add user script" parameter to call a homecooked Pike script that creates an entry for the account in the LDAP server. The script sets all relevant parameters, including lmPassword, ntPassword, rid and primaryGroupID. The latter two attributes are calculated from uidNumber and gidNumber as in the smbpasswd code: #define RID_MULTIPLIER 2 #define USER_RID_TYPE 0 #define GROUP_RID_TYPE 1 string rid = sprintf("%d", (((int)args["uidNumber"])*RID_MULTIPLIER + 1000) | USER_RID_TYPE ); string primaryGroupID = sprintf("%d", (((int)args["gidNumber"])*RID_MULTIPLIER + 1000) | GROUP_RID_TYPE ); What seems to happen is that smbd seems to interpret the integer values in "rid" and "primaryGroupID" as hexadecimal values and then convert them to decimal. As you can see from the excerpts from the log file below, the adduser scripts completes successfully whereafter an LDAP search for "roadrunner$" returns the correct rid and primaryGroupID values (15000 and 15001 calculated from uidNumber/gidNumber 7000/7000). Now the LDAP records are modified from init_ldap_from_sam() and pdb_update_sam_account() and the values printed in the debug log are 86016/86017. Being happy with this (I don't really care if smbd feels that my calculated values were unsatisfactory as long as it works) the process goes in querying the LDAP server for a rid of "548886" [2001/11/30 23:45:24, 3] smbd/reply.c:smb_create_user(538) smb_create_user: Running the command `/home/erik/src/pike/ldaptools/adduser.pike \ -t W -L ldaps://127.0.0.1 -D "cn=root,dc=roxen,dc=com" \ -b "dc=roxen, dc=com" -uo "ou=People" -go "ou=Group" -l 7000 -h 8000 \ -c "NT Domain account for roadrunner" -s /bin/false -d /dev/null \ -g ntws -p roadrunner roadrunner$' gave 0 [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_open_connection(130) ldap_open_connection: connection opened [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_connect_system(160) ldap_connect_system: succesful connection to the LDAP server [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_search_one_user(172) ldap_search_one_user: searching for:[(&(uid=roadrunner$)(objectclass=sambaAccount))] [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256) get_single_attribute: [uid] = [roadrunner$] [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(374) Entry found for user: roadrunner$ [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256) get_single_attribute: [rid] = [15000] [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256) get_single_attribute: [primaryGroupID] = [15001] [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:init_ldap_from_sam(543) Setting entry for user: roadrunner$ [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:pdb_update_sam_account(931) successfully modified uid = roadrunner$ in the LDAP database [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:ldap_search_one_user(172) ldap_search_one_user: searching for:[(&(uid=roadrunner$)(objectclass=sambaAccount))] [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:get_single_attribute(256) get_single_attribute: [uid] = [roadrunner$] [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(374) Entry found for user: roadrunner$ get_single_attribute: [rid] = [86016] [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:get_single_attribute(256) get_single_attribute: [primaryGroupID] = [86017] ldap_search_one_user: searching for:[rid=548886] [2001/11/30 23:45:25, 0] passdb/pdb_ldap.c:pdb_getsampwrid(755) We don't find this rid [548886] count=0 Right... 0x15000 -> 86016, 0x86016 -> 548886. Pretty obvious I'd say. Is this a known problem for which there might be a patch available? Thanks, /Erik -- Erik Persson, System Manager Roxen Internet Software Voice: +46 13 376817 From dhighley at highley-recommended.com Fri Nov 30 15:28:02 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 In-Reply-To: from "Erik Persson" at Dec 01, 2001 12:14:49 AM Message-ID: <200111302326.fAUNQc3e014513@hemlock.highley-recommended.com> "Erik Persson wrote:" > > Hi! > > I am experimenting with the PDC features of Samba 2.2 with the LDAP SAM > backend. This is going fairly well, except eny attempt to join the domain > fails due to some confusion within smbd concerning what the RID for the > workstation account should be. There was a posting in the last couple of days that indicated that cvs patches were needed to get Samba 2.2.2 to operate with LDAP. > > To add user I use "add user script" parameter to call a homecooked Pike > script that creates an entry for the account in the LDAP server. > The script sets all relevant parameters, including lmPassword, ntPassword, > rid and primaryGroupID. The latter two attributes are calculated from > uidNumber and gidNumber as in the smbpasswd code: > > #define RID_MULTIPLIER 2 > #define USER_RID_TYPE 0 > #define GROUP_RID_TYPE 1 > > string rid = sprintf("%d", > (((int)args["uidNumber"])*RID_MULTIPLIER + 1000) | USER_RID_TYPE ); > string primaryGroupID = sprintf("%d", > (((int)args["gidNumber"])*RID_MULTIPLIER + 1000) | GROUP_RID_TYPE ); > > > What seems to happen is that smbd seems to interpret the integer values in > "rid" and "primaryGroupID" as hexadecimal values and then convert them to > decimal. > > As you can see from the excerpts from the log file below, the adduser > scripts completes successfully whereafter an LDAP search for "roadrunner$" > returns the correct rid and primaryGroupID values (15000 and 15001 > calculated from uidNumber/gidNumber 7000/7000). > > Now the LDAP records are modified from init_ldap_from_sam() and > pdb_update_sam_account() and the values printed in the debug log are > 86016/86017. > > Being happy with this (I don't really care if smbd feels that my > calculated values were unsatisfactory as long as it works) the process > goes in querying the LDAP server for a rid of "548886" > > > [2001/11/30 23:45:24, 3] smbd/reply.c:smb_create_user(538) > smb_create_user: Running the command > `/home/erik/src/pike/ldaptools/adduser.pike \ > -t W -L ldaps://127.0.0.1 -D "cn=root,dc=roxen,dc=com" \ > -b "dc=roxen, dc=com" -uo "ou=People" -go "ou=Group" -l 7000 -h > 8000 \ > -c "NT Domain account for roadrunner" -s /bin/false -d /dev/null \ > -g ntws -p roadrunner roadrunner$' gave 0 > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_open_connection(130) > ldap_open_connection: connection opened > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_connect_system(160) > ldap_connect_system: succesful connection to the LDAP server > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_search_one_user(172) > ldap_search_one_user: searching > for:[(&(uid=roadrunner$)(objectclass=sambaAccount))] > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256) > get_single_attribute: [uid] = [roadrunner$] > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(374) > Entry found for user: roadrunner$ > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256) > get_single_attribute: [rid] = [15000] > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256) > get_single_attribute: [primaryGroupID] = [15001] > > [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:init_ldap_from_sam(543) > Setting entry for user: roadrunner$ > [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:pdb_update_sam_account(931) > successfully modified uid = roadrunner$ in the LDAP database > > [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:ldap_search_one_user(172) > ldap_search_one_user: searching > for:[(&(uid=roadrunner$)(objectclass=sambaAccount))] > [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:get_single_attribute(256) > get_single_attribute: [uid] = [roadrunner$] > [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(374) > Entry found for user: roadrunner$ > get_single_attribute: [rid] = [86016] > [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:get_single_attribute(256) > get_single_attribute: [primaryGroupID] = [86017] > > ldap_search_one_user: searching for:[rid=548886] > [2001/11/30 23:45:25, 0] passdb/pdb_ldap.c:pdb_getsampwrid(755) > We don't find this rid [548886] count=0 > > > Right... 0x15000 -> 86016, 0x86016 -> 548886. Pretty obvious I'd say. Is > this a known problem for which there might be a patch available? > > Thanks, > /Erik > > -- > Erik Persson, System Manager > Roxen Internet Software Voice: +46 13 376817 > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From josephk at std.teradyne.com Fri Nov 30 15:46:03 2001 From: josephk at std.teradyne.com (Karyn Joseph) Date: Tue Dec 2 02:37:02 2003 Subject: Group authentication errors References: <3BF9AD2B.3426FB06@std.teradyne.com> Message-ID: <3C0819DC.D5A3FA2B@std.teradyne.com> Hi -- I'm running samba 2.2.1 on two Solaris 2.6 servers. I changed the server authentication level to server the other day. This was very well received by most of my users. They are so happy to not have to type their password multiple times. The problem is I have some that are being partially rejected. For instance, I have a couple of users, they can access the server, and their NIS home directory, but if they try to access a share they are being rejected with the following error. The valid users line includes a group they are a member of, but still denies them until I add their username to the valid users list. The group, however, is not the primary gid. Any thoughts would be greatly appreciated. [2001/11/19 17:01:49, 1] smbd/password.c:pass_check_smb(554) Couldn't find user 'person' in smb_passwd file. [2001/11/19 17:01:49, 1] smbd/reply.c:reply_sesssetup_and_X(1005) Rejecting user 'person': authentication failed My globals section looks like: [global] security = server password server = SERVER.STD workgroup = domain netbios name = sambaserver server string = Samba %v on (%L) log level = 1 log file = /net/adm/samba/samba-logs/samba.log.sambaserver # log file = /usr/local/samba/log/samba.logs.%L name resolve order = hosts wins bcast # wins proxy = Yes wins server = 131.101.XXX.XXX username map = /net/std/adm/samba/usermap.txt homedir map = u_auto.ah NIS homedir = Yes include = /net/std/adm/samba/smb.conf.editme [share] path = /net/projects/share valid users = @all-eng-users, @431, @projects-1, @projects,\ @projects-3, @projects-4, @projects-2, @projects-mtest,\ username,username1,username2,username3,username4,username5,username6 force group = projects read only = No create mask = 0775 directory mask = 0775 And yes, the group is a recognized group in the NIS domain. -- ________________________________________________ Karyn Joseph UNIX Administrator ________________________________________________ From udippel at yahoo.com Fri Nov 30 21:33:03 2001 From: udippel at yahoo.com (Uwe Dippel) Date: Tue Dec 2 02:37:02 2003 Subject: Samba and iptables In-Reply-To: Message-ID: <20011201053208.19566.qmail@web14003.mail.yahoo.com> Dear Mark, not far off the track. But my router is running a 2.4. kernel off a floppy on a 486. No SAMBA there! Maybe I ought to have the whole thing formulated differently: Since I have two different, private, subnets connected by that MASQUERADing router, which are the SAMBA-settings to service another network and which are the router settings to let SAMBA pass? And - most of all - has anyone experience with MASQUERADE between Samba server and Windows clients ? Uwe --- Mark Cave-Ayland wrote: > On Fri, 30 Nov 2001, Uwe Dippel wrote: > > > Slightly off the track: > > I have a packet filter running on iptables to keep intruders out. > My > > *outside* network is a private network (University) in the 172.20 > range > > and my inside network on 192.168.0. > > Everything is fine, except that Samba (running on the inside > network) > > is not accessable from 172 (I cannot share files to my students). I > > cannot log on to the Domain (PDC) through the filter neither. > > Did anyone ever come across such a setup? Is it possible at all and > how > > would I have to configure Samba in case it is possible? > > (So far I opened all ports, cleared all tables, MASQUERADE, without > > success) > > > > Curious, > > > > Uwe > > Hi Uwe, > > It sounds as if the problem is the gateway between your network and > the > uni network. Is one of the machines on your network the gateway (ie > it has > two ip addresses, one 172.20. and another 192.168.0.) ? If so, make > sure > Samba is running on the gateway machine and check the smb.conf to > make > sure there are no 'bind interfaces' settings to prevent Samba from > listening on the 172.20. side. > > > Cheers, > > Mark. > > __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com From jprovan at jp20001.jp2web.com Fri Nov 30 22:25:02 2001 From: jprovan at jp20001.jp2web.com (Jim Provan) Date: Tue Dec 2 02:37:02 2003 Subject: Red crosses on Mapped drives In-Reply-To: <002501c179f2$108d8080$0200a8c0@aerobuilders.com> Message-ID: I had the same issue. I assume that you are using Samba 2.2.1a. smbd -V (this command will tell you) I upgraded to Samba 2.2.2 and it went away. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Judge Sent: Friday, November 30, 2001 4:55 PM To: Samba-Ntdom (E-mail); Samba (E-mail) Subject: Red crosses on Mapped drives I am getting red crosses on the mapped drives of some win2k pro machines connecting to a samba pdc. I don't have them logging into the domain and the drives are disconnecting (it happens on win2k server too). There is a parameter for win2k server to autodisconnect the drive after 15 minutes which can be changed with: net config server /autodisconnect:TIME and there is a registry key in win2k for autodisconnect set for 15 minutes. Is there something on samba that autodisconnects clients? Just wondering since I am getting autodisconnect quite a bit only by some machines. Andy Judge From jprovan at jp20001.jp2web.com Fri Nov 30 22:34:03 2001 From: jprovan at jp20001.jp2web.com (Jim Provan) Date: Tue Dec 2 02:37:02 2003 Subject: samba pdc In-Reply-To: <000501c17953$d6ba61f0$8e146d8c@TCLIN> Message-ID: Your issue is the line: update encrypted = yes Get rid of it. Stop smbd /etc/init.d/smb stop Delete the user from the smbpasswd file: smbpasswd -x userid Re-add the user and enter the password smbpasswd -a userid restart smbd /etc/init.d/smb restart I had this same issue. It seems that it is re-encrypting the encrypted password. This option was intended as a one time login conversion routine. Don't use it. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Tsung Ching Sent: Thursday, November 29, 2001 10:03 PM To: samba-ntdom@lists.samba.org Subject: samba pdc i had set up a samba pdc under FreeBSD, and used /usr/ports to install samba. i can join my windows xp client into the domain, but i can't logon the domain by samba users. smb.conf as followed ================================ [global] client code page = 950 workgroup = TCLINDOMAIN netbios name = VMWARE server string = encrypt passwords = Yes update encrypted = Yes passwd program = /usr/bin/passwd %u log level = 3 syslog = 3 log file = /var/log/log.%m domain admin group = root, @wheel add user script = /home/netlogon/scripts/smbaddmachine %u delete user script = /usr/sbin/rmuser -y %u logon script = scripts\default.bat domain logons = Yes os level = 65 valid users = root, @wheel, @smbusers admin users = root, tclin, @wheel [homes] read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /home/netlogon ================================== i had set the registry key 'RequireSignOrSeal' with value 0 when i was trying to logon, it showed a messagebox to inform me that it can't connect to domain controller or machine account doesn't exist.... by the way, smbaddmachine is a program i wrote using C language, it can add a user account or machine account into /etc/master.passwd. thank for you help... :) tsung ching -------------- next part -------------- HTML attachment scrubbed and removed