From harmony at glink.net.hk Sat Aug 1 04:36:51 1998 From: harmony at glink.net.hk (Harmony) Date: Tue Dec 2 02:24:21 2003 Subject: * NT Authentication on Linux Machine Message-ID: Hi, this seems to be a question asked before, but there's never been an answer. My question is simple: * My company is currently using Windows System as working environment. (Server:WindowsNT4.0+SP3 Clients:Windows95) Now I'd like to build an Intranet over Linux+Apache. However, I'm required to use NT Authentication for all restricted pages. i.e. Users have to supply their NT network username+password in order to enter those restricted pages in Intranet. I need a program which inpects the correctness of the username/ passwords against NT pdc database. e.g. # checkntpwd pdc_name nt_name nt_password => output "fail" or "success" Any way to do that? Thank you very much... Regards, harmony From webadmin at engsoc.queensu.ca Sat Aug 1 04:44:01 1998 From: webadmin at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:24:21 2003 Subject: No subject Message-ID: <000001bdbd07$012080d0$40f60f82@dagobah.queensu.ca> subscribe From rcgraves at staff.feldberg.brandeis.edu Sat Aug 1 05:37:53 1998 From: rcgraves at staff.feldberg.brandeis.edu (Rich Graves) Date: Tue Dec 2 02:24:21 2003 Subject: * NT Authentication on Linux Machine In-Reply-To: Message-ID: On Sat, 1 Aug 1998, Harmony wrote: > Hi, this seems to be a question asked before, but there's never > been an answer. I know it's in some FAQ or other. > * My company is currently using Windows System as working environment. > (Server:WindowsNT4.0+SP3 Clients:Windows95) > Now I'd like to build an Intranet over Linux+Apache. However, I'm > required to use NT Authentication for all restricted pages. Build Apache with PAM_Auth and get pam_smb or pam_ntdom. http://modules.apache.org/search?search=PAM&query=true [any samba mirror] /pam_ntdom/ or /pam_smb/ If you want to use a form rather than Basic Auth, you could have a CGI script test the exit status of smbclient \\\\pdc\\netlogon cleartextpass -U user -c quit or something silly like that. -rich From benno at gardena.net Wed Aug 5 08:43:45 1998 From: benno at gardena.net (Benno Senoner) Date: Tue Dec 2 02:24:21 2003 Subject: LINUX: smbclient and smbfs CRASHES with binary files Message-ID: <35C81B40.894429A1@gardena.net> Hello to all, I connect from a Linux machine (als client) to an NT4 (service pack 3) server. On Linux side I use: kernel 2.0.34 samba 1.9.18p8 smbfs-2.0.2 I connect from the Linux PC via PPP ( with MS-CHAP) to the NT4 server. I tested first with smbclient: I can upload to the NT4 server text files of any dimension, but when I try to send binary files, (an ELF linux executable for example) IT DOES NOT WORK. smbclient , after a long timeout says me: Error writing remote file (2) and smbclient does not exits. putting short binary files ( < 512 bytes ) works. but even when sending text files, sometimes the smbclient dumps core !!!! you can find one of my core files at http://www.gardena.net/benno/smbclient_core.gz I made the same tests with smbfs 2.0.2 after callling smbmount , the directory is mounted, uploading text files works, and with binary the cp process hangs, and I must kill -9 the process. Are these problems perhaps caused from the win NT4 machine ? PLEASE REPLY BY E-MAIL TOO, BECAUSE I HAVEN'T SUBSCRIBED TO THE SAMBA MAILING-LISTS. thank you for all the help. best regards, Benno. From aperrin at demog.Berkeley.EDU Wed Aug 5 15:46:04 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:21 2003 Subject: Quick (hopefully) domain admin group question Message-ID: Will the domain admin group parameter map a unix group, or only a list of unix users? Thanks- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From jallison at cthulhu.engr.sgi.com Wed Aug 5 16:01:27 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:21 2003 Subject: Quick (hopefully) domain admin group question References: Message-ID: <35C881D7.259984C6@engr.sgi.com> Andrew Perrin - Demography wrote: > > Will the domain admin group parameter map a unix group, or only a list of > unix users? > Only a list of users so far. I'm sorry, I've got a bit distracted on the domain specific code at the moment as I'm adding core NT SMB functionality to the main tree for SGI (well they do pay my wages now :-). I've recently added NT SMB support, ChangeNotify, soon to be followed by blocking locks and 64 bit file access (for UNIXs that support it). Once I've got these things in place I'll get back to the groupname mapping and the NT password change code. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From aperrin at demog.Berkeley.EDU Wed Aug 5 16:31:32 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:21 2003 Subject: Quick (hopefully) domain admin group question In-Reply-To: <35C881D7.259984C6@engr.sgi.com> Message-ID: Don't apologize, you're doing great work.... ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 5 Aug 1998, Jeremy Allison wrote: > Andrew Perrin - Demography wrote: > > > > Will the domain admin group parameter map a unix group, or only a list of > > unix users? > > > > Only a list of users so far. I'm sorry, I've got a bit distracted > on the domain specific code at the moment as I'm adding core NT > SMB functionality to the main tree for SGI (well they do pay my > wages now :-). I've recently added NT SMB support, ChangeNotify, > soon to be followed by blocking locks and 64 bit file access (for > UNIXs that support it). > > Once I've got these things in place I'll get back to the > groupname mapping and the NT password change code. > > Cheers, > > Jeremy. > > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > From webber at sj.univali.rct-sc.br Thu Aug 6 02:59:50 1998 From: webber at sj.univali.rct-sc.br (Celso Kopp Webber) Date: Tue Dec 2 02:24:21 2003 Subject: GPF on logon to Samba domain References: <35C06460.3CFBF0FF@student.unsw.edu.au> Message-ID: <35C91C25.BDD4823D@sj.univali.rct-sc.br> Hi! I've updated from the CVS recently, and this happened exactly the same way for me! If I don't logon to the the samba PDC, all works fine, and still can access shares, printers, etc. This means authentication is working ok! Cheers, Celso. Matthew Chapman wrote: > Latest CVS update of Samba (after the autoconf merge) seems to have > broken a lot of things. > > For a start the NT logon process segfaults shortly after the "Logon in > progress" dialog disappears. This is bad for people logging in. > > >From a quick examination of the logs the only thing that seems abnormal > is that NT tries to access a pipe \browser, which fails since it's not > implemented. I don't remember this happening before when things were > working. > > Anyone else having similar problems? Any ideas what has happened or > where to look to fix it? > > Matt > > -- > Matt Chapman > mattyc@cyberdude.com From louis.botha at cs.up.ac.za Thu Aug 6 11:01:57 1998 From: louis.botha at cs.up.ac.za (louis.botha@cs.up.ac.za) Date: Tue Dec 2 02:24:21 2003 Subject: Novell IntraNetware Client & PDC crashes Message-ID: <199808061104.NAA12069@mail.cs.up.ac.za> Hello all, We are in the unfortunate position that we are forced to use the IntraNetware client from Novell. Don't ask why - it's a long story :) The client behaves rather strangely. From the samba logs it seems that when a user logs into the domain, the authentication works, the user registry is read and the files in the profile directories are read. The client then tries to execute an illegal instruction and the entire NT box crashes. Oh joy. The client does not crash when I connect to a real NT PDC. If I uninstall the Intranetware client, I can log in successfully using a Samba PDC. Does anyone have any idea why this might happen when I switch to a Samba PDC? Regards, Louis -- ----------------------------------------------------------------------- Louis Botha Computer Science Department louis.botha@cs.up.ac.za University of Pretoria Tel: +27-12-420-3617 Pretoria Cell: +27-82-924-4616 South Africa http://www.cs.up.ac.za/~lbotha ----------------------------------------------------------------------- From canfield at uindy.edu Thu Aug 6 15:21:09 1998 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:21 2003 Subject: Novell IntraNetware Client & PDC crashes References: <199808061104.NAA12069@mail.cs.up.ac.za> Message-ID: <35C9C9E5.E5F368E7@uindy.edu> I can't offer any help, but I can confirm that we have the same problem. It is important to note that the Intranetware client *did* work back in the May-ish CVS's, so something has changed in Samba. Jeremy has asked me for a packet trace, but I don't have the right tools to do this from a thrid machine, and I can't figure out how to do a packet trace from the client machine, since it is the one that will crash. Maybe if you have a way of doing this, you could send a trace to jeremy and they can fix it? Dana louis.botha@cs.up.ac.za wrote: > Hello all, > > We are in the unfortunate position that we are forced to use the > IntraNetware client from Novell. Don't ask why - it's a long story :) > > The client behaves rather strangely. From the samba logs it seems that > when a user logs into the domain, the authentication works, the user > registry is read and the files in the profile directories are read. > The client then tries to execute an illegal instruction and the entire > NT box crashes. Oh joy. > > The client does not crash when I connect to a real NT PDC. If I > uninstall the Intranetware client, I can log in successfully using a > Samba PDC. > > Does anyone have any idea why this might happen when I switch to a > Samba PDC? > > Regards, > Louis > -- > ----------------------------------------------------------------------- > Louis Botha Computer Science Department > louis.botha@cs.up.ac.za University of Pretoria > Tel: +27-12-420-3617 Pretoria > Cell: +27-82-924-4616 South Africa > http://www.cs.up.ac.za/~lbotha > ----------------------------------------------------------------------- > From Jean-Francois.Micouleau at utc.fr Thu Aug 6 17:29:07 1998 From: Jean-Francois.Micouleau at utc.fr (Jean-Francois Micouleau) Date: Tue Dec 2 02:24:21 2003 Subject: Novell IntraNetware Client & PDC crashes In-Reply-To: <35C9C9E5.E5F368E7@uindy.edu> Message-ID: On Fri, 7 Aug 1998, Dana Canfield wrote: > I can't offer any help, but I can confirm that we have the same problem. > It is important to note that the Intranetware client *did* work back in the > May-ish CVS's, so something has changed in Samba. Jeremy has asked me for > a packet trace, but I don't have the right tools to do this from a thrid > machine, and I can't figure out how to do a packet trace from the client > machine, since it is the one that will crash. Maybe if you have a way of > doing this, you could send a trace to jeremy and they can fix it? I suppose you're talking about Network Monitor SMS/BackOffice version ? You can also try to run tcpdump to do the capture and after convert it to netmon format with capconvert. Capconvert is available by ftp on samba.anu.edu.au. J.F. > > Dana > > louis.botha@cs.up.ac.za wrote: > > > Hello all, > > > > We are in the unfortunate position that we are forced to use the > > IntraNetware client from Novell. Don't ask why - it's a long story :) > > > > The client behaves rather strangely. From the samba logs it seems that > > when a user logs into the domain, the authentication works, the user > > registry is read and the files in the profile directories are read. > > The client then tries to execute an illegal instruction and the entire > > NT box crashes. Oh joy. > > > > The client does not crash when I connect to a real NT PDC. If I > > uninstall the Intranetware client, I can log in successfully using a > > Samba PDC. > > > > Does anyone have any idea why this might happen when I switch to a > > Samba PDC? > > > > Regards, > > Louis > > -- > > ----------------------------------------------------------------------- > > Louis Botha Computer Science Department > > louis.botha@cs.up.ac.za University of Pretoria > > Tel: +27-12-420-3617 Pretoria > > Cell: +27-82-924-4616 South Africa > > http://www.cs.up.ac.za/~lbotha > > ----------------------------------------------------------------------- > > > > ----------------------------------------------------------- Pinky: "What are we going to do tonight, Brain?" Brain: "The same thing we do every night, Pinky : try to install Windows NT !" ----------------------------------------------------------- From allan at power.aste.usu.edu Thu Aug 6 10:54:32 1998 From: allan at power.aste.usu.edu (Allan K. Neal) Date: Tue Dec 2 02:24:21 2003 Subject: security = server Message-ID: I can't seem to get security = server to work. I have security = server and password server = 129.123.56.41 in the smb.conf file. I don't want to maintain two passwords for each account so I am having the NT 4.0 (SP3) station loggin onto the domain controlled by the NT server and then the profiles and workspace will be mapped to the samba server. Any help would be much appreciated -Allan |--------------------------------------------------------------------| | Allan K. Neal | Electronics and Computer Technology | | neal@cache.net | Utah State University | | http://cc.usu.edu/~slvkd/ | ASTE Network Administrator | |--------------------------------------------------------------------| |"The mind is like a parachute; it works much better when it's open. | |--------------------------------------------------------------------| From jerry at Eng.Auburn.EDU Fri Aug 7 14:33:58 1998 From: jerry at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:21 2003 Subject: security = server In-Reply-To: Message-ID: <3.0.5.32.19980807093358.00916290@pophost.eng.auburn.edu> At 04:58 AM 8/7/98 +1000, Allan K. Neal wrote: >I can't seem to get security = server to work. I have security = server >and password server = 129.123.56.41 in the smb.conf file. Should be "password server = " See the man pages for more info. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From allan at power.aste.usu.edu Fri Aug 7 09:10:15 1998 From: allan at power.aste.usu.edu (Allan K. Neal) Date: Tue Dec 2 02:24:21 2003 Subject: Thanks Message-ID: Thanks to y'all's help and the man pages I got my samba server working perfectly. -Allan |--------------------------------------------------------------------| | Allan K. Neal | Electronics and Computer Technology | | neal@cache.net | Utah State University | | http://cc.usu.edu/~slvkd/ | ASTE Network Administrator | |--------------------------------------------------------------------| |"The mind is like a parachute; it works much better when it's open. | |--------------------------------------------------------------------| From tridge at samba.anu.edu.au Mon Aug 10 02:39:13 1998 From: tridge at samba.anu.edu.au (Andrew Tridgell) Date: Tue Dec 2 02:24:21 2003 Subject: Samba source code rearrangement Message-ID: <19980810023914Z12642282-10291+2574@samba.anu.edu.au> I've just completed a major rearrangement of the Samba source tree. The old "stick it all in one directory" layout had grown very unwieldy and was getting in the way of clean development. Anyone who has been fetching Samba via CVS (anonymous or authenticated) will need to do a clean checkout of the tree. Trying to just do a "cvs update" will fail because the rearrangement required direct CVS repository changes which the CVS update mechanism cannot handle. Also, anyone who has been working on branches off the main tree will now need to work in the head branch, or ask for a new branch to be created. All branches apart from the head branch will have been broken by the rearrangement. There are still some minor changes to be made in the tree layout, but they should be able to be handled with the normal CVS mechanisms. Note that the old tree is still available in CVS as "sambaold" but I don't expect that any more development will happen in that tree. Cheers, Tridge From twinders at SPC.cc.tx.us Mon Aug 10 04:04:47 1998 From: twinders at SPC.cc.tx.us (Tim Winders) Date: Tue Dec 2 02:24:21 2003 Subject: Compile warnings Message-ID: I just pulled down the latest CVS after the directory restructering (I did a complete download) and during the installation under Digital Unix 4.0D I get hundreds of warnings like this: struct rtentry struct mbuf declared inside parameter list which is probably not what you want I am guessing this is not a problem and I can ignore the warnings, but is there something that can be done to remove these warnings in the future? === Tim --------------------------------------------------------------------- | Tim Winders, CNE, MCSE | Email: TWinders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | --------------------------------------------------------------------- From icoupeau at unav.es Mon Aug 10 16:25:41 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:21 2003 Subject: NT login crash Message-ID: <35CF1F05.31668A02@unav.es> 1. I have tested the latest 1.9.19-prealpha version (Mon Aug 10 18:03:53 MET DST 1998) with i386 redhat linux 4.1. The NT4 SP3 crashes in the logon process with a blue screen (crash error 000021a) and the log stops when the profile tree is loaded from the NT. The log (-d 3) is like this: ------------------ [1998/08/10 17:25:40, 2] smbd/server.c:close_file(1456) alumno closed file nobody/Recent/bd1.mdb.lnk (numopen=4) [1998/08/10 17:25:40, 2] locking/locking_shm.c:shm_del_share_mode(349) del_share_modes Deleting share mode entry dev=2051 ino=378988 [1998/08/10 17:25:40, 2] locking/locking_shm.c:shm_del_share_mode(369) del_share_modes num entries = 0, deleting share_mode dev=2051 ino=378988 [1998/08/10 17:25:40, 2] smbd/server.c:close_file(1456) alumno closed file nobody/Men? Inicio/Programas/Utilidades/McAfee VirusScan NT/What's New in VirusScan NT.lnk (numopen=3) -------------------- Of course, the "/Men? Inicio" is the Spanish shape for "Init Menu" and a accent in "Men(u)". The "crash point" is variable, but always is in the profile directory. With great debug level, I can see "unbecome user". 2. I have the 98/07/22 version of the 1.19 pre alpha in the same machine and runs very fine as PDC for a 45 NT classroom. 3. The question is if the problem is know, and inherent to the Samba source code rearrangement process, or configuration has some incompatibility with the new code. I t this problem Thanks a lot, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From SmurfSoft at dauenhauer.de Tue Aug 11 15:11:08 1998 From: SmurfSoft at dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes Message-ID: <98081117261900.10141@SmurfIX.SmurfSoft.de> -----BEGIN PGP SIGNED MESSAGE----- Hello, does anybody have a cvs snapshot with the following things working: 1.) domain logins 2.) password changeable on the client side with the Ctl-Alt-Del-Dialog 3.) server based profiles 4.) file and printer sharing (of course :-) and optionally (minor importance) 5.) support for the domain user manager (it currently simply crashes) 6.) samba/unix password synchronization 7.) profile migration (i.e. the ability to move local profiles to the server) 8.) support for Novells Netware Shell, actually the attempt to do a domain login on a machine with the novell shell crashes the client. I'm currently using a cvs snapshot from Jul 22 20:03, I've tested some snapshots after that, but I didn't get one to work (locking + configure problems). I have NTDOMAIN and ALLOW_PASSWORD_CHANGE defined in the makefile and tried both unix password sync=yes/no in the config file. My setting is clients: NT 4.0 WS (german) + SP3 server: Linux 2.0.35 (Caldera Openlinux Lite 1.2.010) Thanks in advance, Christian - -- Christian Kumpf Marc Dauenhauer EDV Beratung System Developer Donnersbergring 15 Network Administrator 64295 Darmstadt Member of the EATCS Tel.: -49-6151-313 939 Smurf@Dauenhauer.DE Fax.: -49-6151-313 971 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: See http://www.dauenhauer.de/PGP for public keys iQCVAwUBNdBiohKRe/EEBKMBAQE+GQQAvfKhhrWG0Px+fuTej4k4k8QKzXGcL+RR cgaT6z5VjRrH8vhPnFpnHZRAahBce2PIRG5PN9akFwmbik4H8wpa9XvM1gHzHi3l mkNTss2rzFHpmdY8Vz4s57kCalz1Y6ZKOmLu3sVOQQTj/1CGEW5mjOX7Grrp7rGK rJwYMiaHKXY= =5KAo -----END PGP SIGNATURE----- From aperrin at demog.Berkeley.EDU Tue Aug 11 16:55:04 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes In-Reply-To: <98081117261900.10141@SmurfIX.SmurfSoft.de> Message-ID: Wow, you're asking for a lot. See below for what we've got: --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 12 Aug 1998, Christian Kumpf wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Hello, > > does anybody have a cvs snapshot with the following things > working: > 1.) domain logins Yes, very reliably in a domain of about 20 NT machines. > 2.) password changeable on the client side with the Ctl-Alt-Del-Dialog Nope - I don't think this is implemented yet. > 3.) server based profiles Yes, reliably except that NT has an irritating habit of asking users questions they can't possibly understand ("Your locally-stored profile is newer than your domain profile. Download or use local?" is a favorite). But that's not Samba's problem. > 4.) file and printer sharing (of course :-) Yes. > and optionally (minor importance) > 5.) support for the domain user manager (it currently simply crashes) Again, I believe this is not yet supported. > 6.) samba/unix password synchronization I have a hack I've developed that listens to a socket on the server then changes the smbpasswd file; the daemon handles both passwd and smbpasswd and the client sends it a string over the socket from other machines. This works, but: (1) it's not exactly elegant; and (2) there are some serious security concerns if you think your network might be sniffed. > 7.) profile migration (i.e. the ability to move local profiles to the server) Haven't tried it. > 8.) support for Novells Netware Shell, actually the attempt to do > a domain login on a machine with the novell shell crashes the client. Haven't tried it. > > I'm currently using a cvs snapshot from Jul 22 20:03, I've tested some > snapshots after that, but I didn't get one to work (locking + configure > problems). I have NTDOMAIN and ALLOW_PASSWORD_CHANGE > defined in the makefile and tried both unix password sync=yes/no > in the config file. > > My setting is > clients: NT 4.0 WS (german) + SP3 > server: Linux 2.0.35 (Caldera > Openlinux Lite 1.2.010) > > Thanks in advance, > Christian > - -- > Christian Kumpf Marc Dauenhauer EDV Beratung > System Developer Donnersbergring 15 > Network Administrator 64295 Darmstadt > Member of the EATCS Tel.: -49-6151-313 939 > Smurf@Dauenhauer.DE Fax.: -49-6151-313 971 > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: See http://www.dauenhauer.de/PGP for public keys > > iQCVAwUBNdBiohKRe/EEBKMBAQE+GQQAvfKhhrWG0Px+fuTej4k4k8QKzXGcL+RR > cgaT6z5VjRrH8vhPnFpnHZRAahBce2PIRG5PN9akFwmbik4H8wpa9XvM1gHzHi3l > mkNTss2rzFHpmdY8Vz4s57kCalz1Y6ZKOmLu3sVOQQTj/1CGEW5mjOX7Grrp7rGK > rJwYMiaHKXY= > =5KAo > -----END PGP SIGNATURE----- > From cartegw at Eng.Auburn.EDU Tue Aug 11 17:04:30 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes References: <98081117261900.10141@SmurfIX.SmurfSoft.de> Message-ID: <35D0799E.49A94FDD@eng.auburn.edu> Christian Kumpf wrote: > > does anybody have a cvs snapshot with the following things > working: > 1.) domain logins yes. > 2.) password changeable on the client side with the > Ctl-Alt-Del-Dialog not implemented (see the NTDOM FAQ) > 3.) server based profiles yes. > 4.) file and printer sharing (of course :-) yes. (see the NTDOM FAQ for printing notes) > and optionally (minor importance) > 5.) support for the domain user manager (it currently > simply crashes) not implemented (see the NTDOM FAQ) > 6.) samba/unix password synchronization not implemented (see the NTDOM FAQ) This support is for Win95 clients. NT users cannot change their password (except on the unix box of course suign smbpasswd ) > 7.) profile migration (i.e. the ability to move local profiles > to the server) Not sure what you mean. I know about moving profiles what what are you trying to do? > 8.) support for Novells Netware Shell, actually the attempt to do > a domain login on a machine with the novell shell crashes the > client. Known bug just not fixed yet. > ...I have NTDOMAIN Not neccessary > and ALLOW_PASSWORD_CHANGE Not implemented uncder NT clients ( see notes previously ) > defined in the makefile and tried both unix password sync=yes/no > in the config file. Are you reading NTDOMAIN.txt or the online NTDOM FAQ (linked off the main samba page)? The FAQ is more up to date at the moment. Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From SmurfSoft at Dauenhauer.de Tue Aug 11 16:57:59 1998 From: SmurfSoft at Dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes References: Message-ID: <98081119044500.10751@SmurfIX.SmurfSoft.de> -----BEGIN PGP SIGNED MESSAGE----- Am Tue, 11 Aug 1998 schrieb Andrew Perrin - Demography: >Wow, you're asking for a lot. See below for what we've got: > >--------------------------------------------------------------------- >> 6.) samba/unix password synchronization >I have a hack I've developed that listens to a socket on the server then >changes the smbpasswd file; the daemon handles both passwd and smbpasswd >and the client sends it a string over the socket from other machines. >This works, but: (1) it's not exactly elegant; and (2) there are some >serious security concerns if you think your network might be sniffed. Security issues are not important in this context (at least for me). Do you have a WinNT client program for this solution? In this project I don't want the users to log in on the linux server - the password is used for pop-3 authentication. So, if I had a program, that allows the password change from the NT box, this problem is solved. - -- Christian Kumpf Marc Dauenhauer EDV Beratung System Developer Donnersbergring 15 Network Administrator 64295 Darmstadt Member of the EATCS Tel.: -49-6151-313 939 Smurf@Dauenhauer.DE Fax.: -49-6151-313 971 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: See http://www.dauenhauer.de/PGP for public keys iQCVAwUBNdB5tBKRe/EEBKMBAQHE8gQArml2p3PLTeMq2nn6I1zkm6XHPZg22/Yb qyUCNYv8U/AOa4DC262RaHVWD/03mXDX2YpfvZ9tmfb3KeRnY+/qpvryn9BwZk+p DVOEslwMLvINbIIBaBUQzUxeLwy1+AdS7sfQX062xrbeAzeLijn7JsSs8QA3uRaz LZLFAk5t+/Y= =YmeX -----END PGP SIGNATURE----- From cartegw at Eng.Auburn.EDU Tue Aug 11 17:10:55 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes References: Message-ID: <35D07B1F.A6B90850@eng.auburn.edu> > > does anybody have a cvs snapshot with the following things > > working: Sorry. Forgot the URL. ftp://ftp.eng.auburn.edu/pub/cartegw/samba-1.9.19-prealpha.tar.gz >From July 10. This is prior the autoconf changes. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From SmurfSoft at Dauenhauer.de Tue Aug 11 17:12:47 1998 From: SmurfSoft at Dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes References: <35D0799E.49A94FDD@eng.auburn.edu> Message-ID: <98081119162304.10751@SmurfIX.SmurfSoft.de> -----BEGIN PGP SIGNED MESSAGE----- Am Tue, 11 Aug 1998 schrieb Gerald Carter: >> 7.) profile migration (i.e. the ability to move local profiles >> to the server) > >Not sure what you mean. I know about moving profiles what what >are you trying to do? I want to move a workgroup setup to a domain setup. My problem is to preserve the settings of the local accounts to the domain, i.e. I want to generate the domain profile of user X from his profile on machine A. Otherwise all users have to readjust ALL their settings in ALL their programs... - -- Christian Kumpf Marc Dauenhauer EDV Beratung System Developer Donnersbergring 15 Network Administrator 64295 Darmstadt Member of the EATCS Tel.: -49-6151-313 939 Smurf@Dauenhauer.DE Fax.: -49-6151-313 971 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: See http://www.dauenhauer.de/PGP for public keys iQCVAwUBNdB8eBKRe/EEBKMBAQHZXgP/bKOqkF7oqTfHtzWfsW2ZLScl0quYDbHO xvfGzgxww3rzMlS5BycE7PMZYXZS/mO7B2urzyxOP4QvqthS6T0YKFItq++WJKzL QXbbIJsCHP3egIWp+3p1E6c4+Z5EBfTIZZpXBwpuLP6lMESU3BORVzv1YL1DAR8m EvHl+/4fdfo= =DohB -----END PGP SIGNATURE----- From daniel at med.up.pt Tue Aug 11 18:03:19 1998 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes In-Reply-To: <98081119044500.10751@SmurfIX.SmurfSoft.de> Message-ID: On Wed, 12 Aug 1998, Christian Kumpf wrote: > >> 6.) samba/unix password synchronization > >I have a hack I've developed that listens to a socket on the server then > >changes the smbpasswd file; the daemon handles both passwd and smbpasswd > >and the client sends it a string over the socket from other machines. > >This works, but: (1) it's not exactly elegant; and (2) there are some > >serious security concerns if you think your network might be sniffed. > > Security issues are not important in this context (at least for me). Do > you have a WinNT client program for this solution? In this project I > don't want the users to log in on the linux server - the password is > used for pop-3 authentication. So, if I had a program, that allows > the password change from the NT box, this problem is solved. Similar to that way is the poppasswd protocol, with the advantage of possibly being already incorporated in any e-mail program that supports it (to my little knowledge of such programs for Micro$oft's platform only the Eudora family has it). I have all that is needed (slackware+shadow) in http://www.med.up.pt/samba The method is simple: just go directly into a Menu Option in Eudora (Tools - Change Password) and the passwd files will be automagically sync'ed for you. Hope to help, Daniel Fonseca From aperrin at demog.Berkeley.EDU Tue Aug 11 19:07:43 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:21 2003 Subject: PDC password changes In-Reply-To: <98081119044500.10751@SmurfIX.SmurfSoft.de> Message-ID: No, I don't have an NT client, but it shouldn't be too hard to hack one together; mine is actually in perl so it's a starting point. I've put it in http://demog.berkeley.edu/~aperrin/mchp.html . Beware -- I take no responsibility for bad things you do to your password files! --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 11 Aug 1998, Christian Kumpf wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Am Tue, 11 Aug 1998 schrieb Andrew Perrin - Demography: > >Wow, you're asking for a lot. See below for what we've got: > > > >--------------------------------------------------------------------- > > >> 6.) samba/unix password synchronization > >I have a hack I've developed that listens to a socket on the server then > >changes the smbpasswd file; the daemon handles both passwd and smbpasswd > >and the client sends it a string over the socket from other machines. > >This works, but: (1) it's not exactly elegant; and (2) there are some > >serious security concerns if you think your network might be sniffed. > > Security issues are not important in this context (at least for me). Do > you have a WinNT client program for this solution? In this project I > don't want the users to log in on the linux server - the password is > used for pop-3 authentication. So, if I had a program, that allows > the password change from the NT box, this problem is solved. > > - -- > Christian Kumpf Marc Dauenhauer EDV Beratung > System Developer Donnersbergring 15 > Network Administrator 64295 Darmstadt > Member of the EATCS Tel.: -49-6151-313 939 > Smurf@Dauenhauer.DE Fax.: -49-6151-313 971 > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: See http://www.dauenhauer.de/PGP for public keys > > iQCVAwUBNdB5tBKRe/EEBKMBAQHE8gQArml2p3PLTeMq2nn6I1zkm6XHPZg22/Yb > qyUCNYv8U/AOa4DC262RaHVWD/03mXDX2YpfvZ9tmfb3KeRnY+/qpvryn9BwZk+p > DVOEslwMLvINbIIBaBUQzUxeLwy1+AdS7sfQX062xrbeAzeLijn7JsSs8QA3uRaz > LZLFAk5t+/Y= > =YmeX > -----END PGP SIGNATURE----- > From aperrin at demog.Berkeley.EDU Tue Aug 11 19:24:39 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:21 2003 Subject: mchp.pl Message-ID: I've stuck versions of our password-synching scheme on the web in case people are interested. It's very poorly documented and I'm afraid I don't have time to document it more -- but you're welcome to play with it, and let me know if (1) you find it useful; or (2) you have suggestions. http://demog.berkeley.edu/~aperrin/mchp.html --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From alex at gsm.adelaide.edu.au Wed Aug 12 03:38:02 1998 From: alex at gsm.adelaide.edu.au (Alex Ardalich) Date: Tue Dec 2 02:24:21 2003 Subject: Server based profiles In-Reply-To: ; from Andrew Perrin - Demography on Wed, Aug 12, 1998 at 03:03:44AM +1000 References: <98081117261900.10141@SmurfIX.SmurfSoft.de> Message-ID: <19980812130802.B996@gsm.adelaide.edu.au> On Wed, Aug 12, 1998 at 03:03:44AM +1000, Andrew Perrin - Demography wrote: > > > 3.) server based profiles > Yes, reliably except that NT has an irritating habit of asking users > questions they can't possibly understand ("Your locally-stored profile is > newer than your domain profile. Download or use local?" is a favorite). > But that's not Samba's problem. What actually causes this? I have a NT acting as the PDC with the profiles on a samba share. I very rarely got the 'Download or use Local' in an older version but now it happens every time. Thanks, Alex From Bernd.Tonn at fresenius.de Wed Aug 12 08:46:25 1998 From: Bernd.Tonn at fresenius.de (Bernd.Tonn@fresenius.de) Date: Tue Dec 2 02:24:21 2003 Subject: Can NT4.0 join SAMBA 1.9.18p8 Domain ? Message-ID: <4125665E.002D4510.00@fre-de-rm-h01.hg.fresenius.de> Hello, you might find my question a bit silly, but I'm very new in the SAMBA, UNIX and NT business and perhaps I didn't understand everything ... We are using SAMBA in the 'main branch version' 1.9.18p8 as a domain controller. With WfG3.11, W95 and W98 everything is O.K., but we can't join the SAMBA domain with NT4.0SP3 workstations ("Can't locate domain controller for this domain" - in German; but to map ressources manually works fine). In our SAMBA version it is not possible to run "smbclient -a -m ". I didn't run any traces so far. Because our UNIX guru doesn't want to install any development versions in our production environment,, here's my simple question: Is it possible to join a domain controlled by an "Production-SAMBA-Version" with NT 4.0 ? With best regards Bernd Tonn (Bernd.Tonn@Fresenius.de) From z2232203 at student.unsw.edu.au Wed Aug 12 08:01:48 1998 From: z2232203 at student.unsw.edu.au (Matthew Chapman) Date: Tue Dec 2 02:24:21 2003 Subject: Can NT4.0 join SAMBA 1.9.18p8 Domain ? References: <4125665E.002D4510.00@fre-de-rm-h01.hg.fresenius.de> Message-ID: <35D14BEC.37125F0B@student.unsw.edu.au> In short, no. NT domain functionality is slowly being implemented in the current CVS head branch, and is not included in any production versions of Samba. Matt -- Matt Chapman E-mail: mattyc@cyberdude.com Bernd.Tonn@fresenius.de wrote: > Hello, > > you might find my question a bit silly, but I'm very new in the SAMBA, UNIX > and NT business and perhaps I didn't understand everything ... > > We are using SAMBA in the 'main branch version' 1.9.18p8 as a domain > controller. With WfG3.11, W95 and W98 everything is O.K., but we can't join > the SAMBA domain with NT4.0SP3 workstations ("Can't locate domain > controller for this domain" - in German; but to map ressources manually > works fine). In our SAMBA version it is not possible to run "smbclient -a > -m ". I didn't run any traces so far. Because our UNIX guru > doesn't want to install any development versions in our production > environment,, here's my simple question: > > Is it possible to join a domain controlled by an "Production-SAMBA-Version" > with NT 4.0 ? > > With best regards > > Bernd Tonn (Bernd.Tonn@Fresenius.de) From awilliam at whitemice.org Wed Aug 12 06:57:43 1998 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:24:22 2003 Subject: Samba PDC & Winframe Message-ID: <9808120657.ZM28439@estate1.whitemice.org> Just wondering if anyone has looked into the issue of using Samba with Citrix Winframe (a multi-user NT for thin client environments) or had any luck? From greg at discreet.com Wed Aug 12 12:34:03 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:22 2003 Subject: Samba PDC & Winframe In-Reply-To: <9808120657.ZM28439@estate1.whitemice.org> Message-ID: We are using it with no major problems although I have not actually checked if people are getting the proper privileges on the samba side. Greg On 12-Aug-98 Adam Williams wrote: > Just wondering if anyone has looked into the issue of using Samba with Citrix > Winframe (a multi-user NT for thin client environments) or had any luck? ---------------------------------- Greg Dickie just a guy* *from Discreet Logic ---------------------------------- From Bernd.Tonn at fresenius.de Wed Aug 12 13:54:05 1998 From: Bernd.Tonn at fresenius.de (Bernd.Tonn@fresenius.de) Date: Tue Dec 2 02:24:22 2003 Subject: silly user Message-ID: <4125665E.004A8AAD.00@fre-de-rm-h01.hg.fresenius.de> Hello, unfortunately we haven't found much documentation about CVS. We've no idea which files to use ! We don't want to develop SAMBA, but what we need is a version that supports domain logon for NT4.0 clients. Is there an easy way for an user without any expierence with CVS to get the few (hopefully !) files, that turn an main branch version 1.9.18.p8 into a stable (more or less) PDC for NT workstations ? With kind regards, Bernd Tonn (Bernd.Tonn@Fresenius.de) From cartegw at Eng.Auburn.EDU Wed Aug 12 13:09:21 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:22 2003 Subject: silly user References: <4125665E.004A8AAD.00@fre-de-rm-h01.hg.fresenius.de> Message-ID: <35D19401.3A5385AE@eng.auburn.edu> Bernd.Tonn@fresenius.de wrote: > .... Is there an easy way > for an user without any expierence with CVS to get the few > (hopefully !) files, that turn an main branch version 1.9.18.p8 > into a stable (more or less) PDC for NT workstations ? See the NTDOM FAQ linked off the main samba page. You can download a snapshot of the head branch dated July 10 from ftp://ftp.eng.auburn.edu/pub/cartegw/samba-1.9.19-prealpha.tar.gz j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Aug 12 13:18:55 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:22 2003 Subject: Samba PDC & Winframe References: Message-ID: <35D1963F.CD7BEA13@eng.auburn.edu> I walked with on of the guys about WinDD ( based on WinFrame code as well ). The problem seems to be that the WinFrame code changed the way validation was done. I'll have to get back up with him and get the details again. BTW...Usgin Samba is not a problem. Using Samba as a PDC causes problems. The WinFrame box can join the domain but users cannot not logon after the reboot. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Aug 12 14:11:26 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:22 2003 Subject: Server based profiles References: <98081117261900.10141@SmurfIX.SmurfSoft.de> <19980812130802.B996@gsm.adelaide.edu.au> Message-ID: <35D1A28E.E854D75F@eng.auburn.edu> Alex Ardalich wrote: > > I very rarely got the 'Download or use Local' in an older version > but now it happens every time. Just a hunch, but I would start verifying that the timestamps on files located on the Samba server are correct. NT uses timestamps to check and see which profile ( the network or chached copy ) is newer. Perhaps a timezone problem on the NT or Unix box? j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ink at inconnu.isu.edu Wed Aug 12 13:26:18 1998 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:24:22 2003 Subject: SAMBA-NTDOM digest 317 In-Reply-To: <19980812034522Z12616720-4703+3363@samba.anu.edu.au> Message-ID: > Date: Tue, 11 Aug 1998 18:57:59 +0200 > From: Christian Kumpf > To: Andrew Perrin - Demography > Cc: Multiple recipients of list > Subject: Re: PDC password changes > Message-ID: <98081119044500.10751@SmurfIX.SmurfSoft.de> > > >> 6.) samba/unix password synchronization > >I have a hack I've developed that listens to a socket on the server then > >changes the smbpasswd file; the daemon handles both passwd and smbpasswd > >and the client sends it a string over the socket from other machines. > >This works, but: (1) it's not exactly elegant; and (2) there are some > >serious security concerns if you think your network might be sniffed. > > Security issues are not important in this context (at least for me). Do > you have a WinNT client program for this solution? In this project I > don't want the users to log in on the linux server - the password is > used for pop-3 authentication. So, if I had a program, that allows > the password change from the NT box, this problem is solved. I wrote a web-based password changer that changes both /etc/shadow and the smbpasswd file -- it is all written in perl (plus a patch to smbpasswd.c to make it shut up when it does something successfully), so it should be easy to modify for your purposes. It is located at: ftp://inconnu.isu.edu/pub/SMBpasswd.tgz It works great for our purposes. From ankit at drillbit.tamu.edu Wed Aug 12 13:29:30 1998 From: ankit at drillbit.tamu.edu (Ankit Shah) Date: Tue Dec 2 02:24:22 2003 Subject: SAMBA-NTDOM digest 317 In-Reply-To: Message-ID: Is there a program written by somebody which changes NT password (on NT PDC) and linux password running samba ? I know it may not be appropriate for this group, but since i am a member, thought of getting some help. Thanks in advance. Ankit *-------------------------------------* | Ankit Shah | | Microcomputer Specialist | | Petroleum Engineering Dept. | | Texas A & M University | | (409) 845 2297--ankit@tamu.edu | *-------------------------------------* From doerbeck at dma.isg.mot.com Wed Aug 12 14:48:44 1998 From: doerbeck at dma.isg.mot.com (Christoph Doerbeck) Date: Tue Dec 2 02:24:22 2003 Subject: username map and security=server problems Message-ID: <199808121448.KAA14834@prospero.dma.isg.mot.com> Greeetings, When I upgraded from samba-1.9.17p4 to samba-1.9.18p8, a feature which I had implemented broke. In my smb.conf file, I defined security=server password server = bdc.foo.com. username map = /opt/samba/lib/users.map This worked great! My NT id is not like my Unix id, and this allowed me to connect to any service on the smb server with having to re-authenticate. Now, after the upgrade, this fails. From observation of the log output (debug=4), it appears that the username map translation is performed prior to NT server authentication. It looks like smb is passing my Unix Id to the NT server, instead of the smb connection id/password (my NT id). If you have any recommendations, suggestions, would like more detailed description of the problem... I would be very appreciative... Another observation, on 1.9.17p4 I toyed with using 'netbios name = smbgate'. This addition caused my "feature" to break and require authentication. Any ideas? ######################################## # Christoph Doerbeck # email: doerbeck@dma.isg.mot.com From z2232203 at student.unsw.edu.au Wed Aug 12 14:59:56 1998 From: z2232203 at student.unsw.edu.au (Matthew Chapman) Date: Tue Dec 2 02:24:22 2003 Subject: username map and security=server problems References: <199808121448.KAA14834@prospero.dma.isg.mot.com> Message-ID: <35D1ADEC.9681E7A3@student.unsw.edu.au> This is a known problem with samba-1.9.18p8, which Jeremy posted a patch for (attached). Matt -- Matt Chapman E-mail: mattyc@cyberdude.com Christoph Doerbeck wrote: > Greeetings, > > When I upgraded from samba-1.9.17p4 to samba-1.9.18p8, a feature > which I had implemented broke. In my smb.conf file, I defined > > security=server > password server = bdc.foo.com. > username map = /opt/samba/lib/users.map > > This worked great! My NT id is not like my Unix id, and this > allowed me to connect to any service on the smb server with having > to re-authenticate. > > Now, after the upgrade, this fails. From observation of the log > output (debug=4), it appears that the username map translation is > performed prior to NT server authentication. It looks like smb > is passing my Unix Id to the NT server, instead of the smb connection > id/password (my NT id). > > If you have any recommendations, suggestions, would like more detailed > description of the problem... I would be very appreciative... > > Another observation, on 1.9.17p4 I toyed with using 'netbios name = smbgate'. > This addition caused my "feature" to break and require authentication. > Any ideas? > > ######################################## > # Christoph Doerbeck > # email: doerbeck@dma.isg.mot.com -------------- next part -------------- --- username.orig Sun Aug 9 18:18:24 1998 +++ username.c Sun Aug 9 18:21:14 1998 @@ -46,7 +46,6 @@ ********************************************************************/ BOOL map_username(char *user) { - static int depth=0; static BOOL initialised=False; static fstring last_from,last_to; FILE *f; @@ -54,7 +53,7 @@ pstring buf; char *mapfile = lp_username_map(); - if (!*mapfile || depth) + if (!*mapfile) return False; if (!*user) @@ -82,8 +81,6 @@ DEBUG(4,("Scanning username map %s\n",mapfile)); - depth++; - while((s=fgets_slash(buf,sizeof(buf),f))!=NULL) { char *unixname = s; char *dosname = strchr(unixname,'='); @@ -132,8 +129,6 @@ */ fstrcpy(last_from,user); fstrcpy(last_to,user); - - depth--; return False; } From cartegw at Eng.Auburn.EDU Wed Aug 12 15:04:05 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:22 2003 Subject: username map and security=server problems References: <199808121448.KAA14834@prospero.dma.isg.mot.com> Message-ID: <35D1AEE4.5A5C11F0@eng.auburn.edu> Christoph Doerbeck wrote: > > When I upgraded from samba-1.9.17p4 to samba-1.9.18p8, a feature > which I had implemented broke. In my smb.conf file, I defined > > security=server > password server = bdc.foo.com. > username map = /opt/samba/lib/users.map > > This worked great! My NT id is not like my Unix id, and this > allowed me to connect to any service on the smb server with having > to re-authenticate. I think this is known. Jeremy posted a patch right adfter the release of 1.9.18p8. Check the main samba list archives under "map username" 1.9.18p9 will be out soon if you want wait. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From smurf at smurfsoft.dauenhauer.de Wed Aug 12 15:03:14 1998 From: smurf at smurfsoft.dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:22 2003 Subject: SAMBA-NTDOM digest 317 In-Reply-To: from "Ankit Shah" at Aug 13, 98 00:43:12 am Message-ID: <199808121503.RAA02318@smurfsoft.dauenhauer.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 388 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980812/b7734d29/attachment.bat From aperrin at demog.Berkeley.EDU Wed Aug 12 15:58:10 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:22 2003 Subject: username map and security=server problems In-Reply-To: <35D1AEE4.5A5C11F0@eng.auburn.edu> Message-ID: It's also not about NTDOM, and as such should really be discussed elsewhere. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 13 Aug 1998, Gerald Carter wrote: > Christoph Doerbeck wrote: > > > > When I upgraded from samba-1.9.17p4 to samba-1.9.18p8, a feature > > which I had implemented broke. In my smb.conf file, I defined > > > > security=server > > password server = bdc.foo.com. > > username map = /opt/samba/lib/users.map > > > > This worked great! My NT id is not like my Unix id, and this > > allowed me to connect to any service on the smb server with having > > to re-authenticate. > > I think this is known. Jeremy posted a patch right adfter the release > of 1.9.18p8. Check the main samba list archives under "map username" > > 1.9.18p9 will be out soon if you want wait. > > > j- > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From aperrin at demog.Berkeley.EDU Wed Aug 12 16:04:22 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:22 2003 Subject: Server based profiles In-Reply-To: <19980812130802.B996@gsm.adelaide.edu.au> Message-ID: Here are my observations, with no documentation whatsoever: - "Slow network connection: Download or Use Local" seems to be caused by network traffic and/or too high of a debug level on Samba. - "Locally stored profile is newer than your network profile: download or use local" is a very unfortunate result of users misunderstanding the previous one, or of the profile-not-available message (see below). If you accept Micro$haft's suggestion of using the local profile instead of the network one, then of course your local profile will be newer than the networked one (since you modify your profile by using it). So anytime you don't use your networked profile you get yourself this msg the next time. - "Your roaming profile is not available. Using cached local profile." Seems to happen if (1) user 2 logs in too soon after user 1 logs out (a result of the previously-reported problem with credentials lasting too long), or (2) there's a problem with the [netlogon] share. - "The machine account in the domain is incorrect." Seems to happen semi- randomly (though thankfully not very often). Have to un-join and re-join the domain. My main complaint about these is that they're so thoroughly incomprehensible to normal users, they're basically asking for administrative headaches! There's no information available for the user getting the message, only a pretty technical message. Sheesh. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 12 Aug 1998, Alex Ardalich wrote: > On Wed, Aug 12, 1998 at 03:03:44AM +1000, Andrew Perrin - Demography wrote: > > > > > 3.) server based profiles > > Yes, reliably except that NT has an irritating habit of asking users > > questions they can't possibly understand ("Your locally-stored profile is > > newer than your domain profile. Download or use local?" is a favorite). > > But that's not Samba's problem. > > What actually causes this? > > I have a NT acting as the PDC with the profiles on a samba share. > > I very rarely got the 'Download or use Local' in an older version > but now it happens every time. > > Thanks, Alex > From jallison at cthulhu.engr.sgi.com Wed Aug 12 16:13:50 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:22 2003 Subject: username map and security=server problems References: <199808121448.KAA14834@prospero.dma.isg.mot.com> Message-ID: <35D1BF3E.3F6C59E5@engr.sgi.com> Christoph Doerbeck wrote: > > Greeetings, > > When I upgraded from samba-1.9.17p4 to samba-1.9.18p8, a feature > which I had implemented broke. In my smb.conf file, I defined > > security=server > password server = bdc.foo.com. > username map = /opt/samba/lib/users.map > > This worked great! My NT id is not like my Unix id, and this > allowed me to connect to any service on the smb server with having > to re-authenticate. > > Now, after the upgrade, this fails. This is a known bug (and my fault to boot !) I'm afraid. It will be fixed in the 1.9.18p9 release which is due out this coming monday. If you desparately need the patch before then let me know and I'll mail it to you. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From sudarsan.varadan at wang.com Wed Aug 12 18:31:04 1998 From: sudarsan.varadan at wang.com (Sudarsan Varadan) Date: Tue Dec 2 02:24:22 2003 Subject: Problem copying files using xcopy Message-ID: <000301bdc61f$5d6025f0$b66ebd81@cbinfrasv.olsy-na.com> Hi I am having this wierld problem, where I am using an intel proclone disk using the tcp-ip stack, and trying to download files using xcopy from a unixware server running samba on it. The problem I have is when my directory structure goes more than 48 characters, xcopy fails with path not found. Is this a limitation with samba??? We have been downloading files without any problems using xcopy on a network using lanmanager / netbeui. Please advise. Thanks in advance Sudarsan Varadan ---------------------------------------------------------------------------- ------------------ Sudarsan Varadan Ph: (509) 927-5748 (W) (509) 891-1711 (H) (800) 516-3901 (Pager) sudarsan.varadan@wang.com svaradan@hotmail.com From aperrin at demog.Berkeley.EDU Wed Aug 12 18:48:01 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:22 2003 Subject: Problem copying files using xcopy In-Reply-To: <000301bdc61f$5d6025f0$b66ebd81@cbinfrasv.olsy-na.com> Message-ID: This is not an NT domain question -- suggest you ask it in the general samba newsgroup, comp.protocols.smb, or samba@samba.anu.edu.au. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 13 Aug 1998, Sudarsan Varadan wrote: > Hi > > I am having this wierld problem, where I am using an intel proclone disk > using the tcp-ip stack, and trying to download files using xcopy from a > unixware server running samba on it. The problem I have is when my > directory structure goes more than 48 characters, xcopy fails with path not > found. Is this a limitation with samba??? We have been downloading files > without any problems using xcopy on a network using lanmanager / netbeui. > Please advise. > > Thanks in advance > > Sudarsan Varadan > ---------------------------------------------------------------------------- > ------------------ > Sudarsan Varadan > Ph: (509) 927-5748 (W) > (509) 891-1711 (H) > (800) 516-3901 (Pager) > sudarsan.varadan@wang.com > svaradan@hotmail.com > > > From smurf at smurfsoft.dauenhauer.de Wed Aug 12 19:51:35 1998 From: smurf at smurfsoft.dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:22 2003 Subject: SAMBA-NTDOM digest 317 In-Reply-To: <199808121503.RAA02318@smurfsoft.dauenhauer.de> from "Christian Kumpf" at Aug 13, 98 01:10:23 am Message-ID: <199808121951.VAA01114@smurfsoft.dauenhauer.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 479 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980812/d586d342/attachment.bat From william at hae.com Wed Aug 12 20:30:08 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:22 2003 Subject: SAMBA-NTDOM digest 317 In-Reply-To: <199808121951.VAA01114@smurfsoft.dauenhauer.de> Message-ID: Links to the files to download return internal server errors. --- William Stuart (william@hae.com) "If Netscape is giving their software away, how do they make money?" "Volume." On Thu, 13 Aug 1998, Christian Kumpf wrote: > > I've put an alpha-test version on > http://www.dauenhauer.de/~smurf/smbpasswd.exe/ > > beware, the documentation is quickly hacked, ugly, and incomplete, but > at least the applications seem to work. > > Please give some feedback, > > Christian > > From smurf at smurfsoft.dauenhauer.de Wed Aug 12 20:39:13 1998 From: smurf at smurfsoft.dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:22 2003 Subject: SAMBA-NTDOM digest 317 In-Reply-To: from "William Stuart" at Aug 13, 98 06:37:45 am Message-ID: <199808122039.WAA01472@smurfsoft.dauenhauer.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 108 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980812/68fb92b0/attachment.bat From webber at sj.univali.rct-sc.br Thu Aug 13 00:08:18 1998 From: webber at sj.univali.rct-sc.br (Celso Kopp Webber) Date: Tue Dec 2 02:24:22 2003 Subject: pam_smb vs. pam_ntdom References: <4125665E.002D4510.00@fre-de-rm-h01.hg.fresenius.de> <35D14BEC.37125F0B@student.unsw.edu.au> Message-ID: <35D22E72.247C1774@sj.univali.rct-sc.br> Hi! I downloaded pam_smb and pam_ntdom from the main samba ftp site, with the intent of replacing my Unix passwords totally by NT passwords. In fact, both pam_smb and pam_ntdom work very well, so that now I can use NIS to share users information, such as home dirs, etc., without the fear of having my passwd or shadow files stolen by an evil user. (I know that the LANMAN passwords are VERY weak! Let's wait for MS LMFIX). I would like if is there any advantage of using pam_ntdom instead of pam_smb. If I use pam_ntdom, I must "join" my samba workstations to my PDC. This is a problem for me, since they dual boot WinNT Workstation and Linux. Once I make NT WKS join my Samba PDC domain, when I reboot the machine to Linux, samba can't join the domain, unless I go to the samba server and change the default password of the machine (to MACHINE). This time, NT WKS can't participate in the domain anymore, because when samba was the workstation, it changed the password to something different of that stored on the NT client. Sorry for this long message, but in short, what are the advantages I have if I use security=domain, instead of security=server (similar to choosing between pam_ntdom and pam_smb, respectively). Thanks in advance, Celso. From Ryan at US.Distribution.com Thu Aug 13 00:49:05 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain Message-ID: <773702019F1DD21196ED00A0C9D6526F4785@EXCHANGE.distribution.com> Hello... Forgive my naivete with the alpha development efforts of SAMBA, as I must ask a newbie question. I am running the bleeding edge code from CVS and the security = domain option. My understanding was that this setup should use get its auth info from our NT PDC. However, it appears as if SAMBA is still trying to look up users and groups via the passwd and group file on the Linux box. My goal: My RH5.1 box with the latest CVS code (daily updates and rebuilds) should join an existing domain controlled by an NT 4.0 Server. Being on this domain, it should serve requests from other NTWS & NTS boxes on its domain and the trusted domains without having to create those user accounts anywhere on the Linux box. What I have done so far: As mentioned above, daily code updates and rebuilds. I have set the following global parameters in my smb.conf: encrypt passwords = yes local master = no password server = SRV-DAIPDC SRV-DAIBDC security = domain workgroup = DAI Per the NTDOM FAQ, I created the machine account, and used smbpasswd -j DAI to join the domain, which smbpasswd reported as successful. I have the MACHINE.SID and the .mac file in the private directory. However, when I try to test this by browsing the available shares on the SAMBA server in Network Neighborhood from my NTWS, I get the Windows dialog box prompting me for a Connect As: username and password. These are the log entries I receive (My domain user account is "Ryan"): [1998/08/12 17:38:08, 3] smbd/reply.c:reply_sesssetup_and_X(594) Domain=[DAI] NativeOS=[Windows NT 1381] NativeLanMan=[] [1998/08/12 17:38:08, 3] smbd/reply.c:reply_sesssetup_and_X(598) sesssetupX:name=[Ryan] [1998/08/12 17:38:08, 3] libsmb/namequery.c:resolve_name(506) resolve_name: Attempting wins lookup for name SRV-DAIPDC<0x20> [1998/08/12 17:38:08, 3] lib/util.c:open_socket_in(3384) bind succeeded on port 0 [1998/08/12 17:38:08, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from (137) header: id=8530 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=SRV-DAIPDC<20> q_type=32 q_class=1 [1998/08/12 17:38:08, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from (137) header: id=8530 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=SRV-DAIPDC<20> rr_type=32 rr_class=1 ttl=0 answers 0 char `..... hex 6000C0BC1496 [1998/08/12 17:38:08, 2] libsmb/namequery.c:name_query(291) Got a positive name query response from ( ) [1998/08/12 17:38:11, 3] lib/util.c:open_socket_out(3416) Connecting to at port 139 [1998/08/12 17:38:11, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(208) cli_net_req_chal: LSA Request Challenge from SRV-DAIPDC to SRV-SMG: 1399EA5BEADCFC34 [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_session_key(64) cred_session_key [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_create(95) cred_create [1998/08/12 17:38:11, 4] rpc_client/cli_netlogon.c:cli_net_auth2(127) cli_net_auth2: srv:\\SRV-DAIPDC acct:SRV-SMG$ sc:2 mc: SRV-SMG chal 445BB52E96FB2B3B neg: 1ff [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_create(95) cred_create [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_assert(126) cred_assert [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_create(95) cred_create [1998/08/12 17:38:11, 4] rpc_client/cli_netlogon.c:cli_net_sam_logon(337) cli_net_sam_logon: srv:\\SRV-DAIPDC mc:SRV-SMG clnt F9BD26B822EE960E 35d23573 ll: 2 [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_create(95) cred_create [1998/08/12 17:38:11, 4] libsmb/credentials.c:cred_assert(126) cred_assert [1998/08/12 17:38:11, 3] smbd/password.c:setup_groups(187) ryan is in 4 groups [1998/08/12 17:38:11, 3] smbd/password.c:setup_groups(189) 500 0 4 501 [1998/08/12 17:38:11, 3] smbd/password.c:register_vuid(264) uid 500 registered to name ryan [1998/08/12 17:38:11, 3] smbd/password.c:register_vuid(266) Clearing default real name [1998/08/12 17:38:11, 3] smbd/server.c:chain_reply(4872) Chained message [1998/08/12 17:38:11, 3] smbd/server.c:switch_message(4687) switch message SMBtconX (pid 18860) [1998/08/12 17:38:11, 4] smbd/reply.c:reply_tcon_and_X(318) Got device type IPC [1998/08/12 17:38:11, 2] lib/access.c:check_access(232) Allowed connection from CANDIDATE.distribution.com () [1998/08/12 17:38:11, 3] smbd/password.c:authorise_login(700) ACCEPTED: validated uid ok as non-guest [1998/08/12 17:38:11, 3] smbd/server.c:find_free_connection(3887) found free connection number 42 [1998/08/12 17:38:11, 3] smbd/server.c:make_connection(3659) Connect path is /tmp [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136) Couldn't set gid 500 currently set to (0,0) [1998/08/12 17:38:11, 0] smbd/server.c:make_connection(3699) Can't become connected user! Note that there is a user account named "ryan" on the RH5.1 box. If I remove that account, the log is slightly different but ends in the same result: Can't become connected user! Can someone please point me in the right direction to get this working? Thanks much! Ryan Koski Management Information Systems Distribution Architects International From z2232203 at student.unsw.edu.au Thu Aug 13 01:12:59 1998 From: z2232203 at student.unsw.edu.au (Matthew Chapman) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain References: <773702019F1DD21196ED00A0C9D6526F4785@EXCHANGE.distribution.com> Message-ID: <35D23D9B.6026621E@student.unsw.edu.au> Ryan Koski wrote: > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136) > Couldn't set gid 500 currently set to (0,0) > [1998/08/12 17:38:11, 0] smbd/server.c:make_connection(3699) > Can't become connected user! This looks to me like another broken 'setresuid' call. Strange, I thought it had been fixed in Redhat 5.1 (maybe not). Try commenting out (enclose in /* ... */) the #define HAVE_SETRESUID 1 line in config.h and do a clean recompile ("make clean; make"). Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From akyel at man.metu.edu.tr Thu Aug 13 15:00:23 1998 From: akyel at man.metu.edu.tr (Cemal AKYEL) Date: Tue Dec 2 02:24:22 2003 Subject: UNIX/NT passwd sync: Confused Message-ID: <35D2FF87.63544167@man.metu.edu.tr> Hi everyone. I've got samba server running on Solaris 2.6 as PDC and everything runs ok. NT 4.0 (sp3) client can join to the domain. The password mode is "encryption allowed". Now, I've got ~2,500 users that i need to define on the server. Username/password information of these users are kept in a UNIX style passwd file. As i understand from the documentation i need to mksmbpasswd.sh first to create the smbpasswd file.But this file won't have any passwd information (32 X's rather). As i understand either * i need to initiate these accounts one by one by the command smbpasswd (so then the users will have different passwords than their originals) OR * set encrypt passwords=no and update encrypted=yes AND make use of the original passwords and as the users login to the domain smbpasswd file will updated. the point that i'm confused is if i follow the 2nd alternative will my client pc's (NT 4.0 sp3) be accepted to the domain (as indicated in the NTDOM faq encrypted passwds should be used for this purpose)? Is there any program that *fully* (including the original passwords) converts (translates) UNIX style passwd file into smbpasswd? i'm sure this was asked before. sorry for the duplication. i'll appreciate if someone could show me the way. thanks. -- Cemal AKYEL mailto:akyel@man.metu.edu.tr http://www.man.metu.edu.tr/~akyel phone: +90 (312) 210-2004 fax: +90 (312) 210-1243 From cartegw at Eng.Auburn.EDU Thu Aug 13 15:12:55 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:22 2003 Subject: UNIX/NT passwd sync: Confused In-Reply-To: <35D2FF87.63544167@man.metu.edu.tr> Message-ID: On Fri, 14 Aug 1998, Cemal AKYEL wrote: > * set encrypt passwords=no and update encrypted=yes AND make use of the > original passwords and as the users login to the domain smbpasswd file > will updated. You cannot run a Samba PDC using this option. You can have them connect to another samba server and use this option. Then the smbpasswd entries can be copied over to the PDC. Since the user password change stuff is not implemented yet, it would be impossible to implement the "change password on next logon" feature. > the point that i'm confused is if i follow the 2nd alternative will my > client pc's (NT 4.0 sp3) be accepted to the domain (as indicated in the > NTDOM faq encrypted passwds should be used for this purpose)? See notes above. There is really not a clean solution to this as of yet ( that I know of ). Anybody have any good ideas? Besides running 'Crack' as I mention below? > Is there > any program that *fully* (including the original passwords) converts > (translates) UNIX style passwd file into smbpasswd? There is no way to globally transfer the password in /etc/passwd to the smbpasswd file. You could try cracking the passwd file and then scripting these over to the smbpasswd file. However this will not work obviously all the time. Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From aperrin at demog.Berkeley.EDU Thu Aug 13 16:25:00 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:22 2003 Subject: UNIX/NT passwd sync: Confused In-Reply-To: <35D2FF87.63544167@man.metu.edu.tr> Message-ID: As the previous response said, there's no way to copy passwords directly from /etc/passwd to smbpasswd. However, there are several different hacks people have put together to try to simulate the process. Also, what we did was just create random passwords for users in smbpasswd, then e-mailed those passwords to the users and told them to change them if they found them hard to remember (most of them did). You might check the list archives at http://samba.anu.edu.au/listproc for the various ideas people have had. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 14 Aug 1998, Cemal AKYEL wrote: > Hi everyone. I've got samba server running on Solaris 2.6 as PDC and > everything runs ok. NT 4.0 (sp3) client can join to the domain. The > password mode is "encryption allowed". Now, I've got ~2,500 users that i > need to define on the server. Username/password information of these > users are kept in a UNIX style passwd file. As i understand from the > documentation i need to mksmbpasswd.sh first to create the smbpasswd > file.But this file won't have any passwd information (32 X's rather). As > i understand either > * i need to initiate these accounts one by one by the command smbpasswd > (so then the users will have different passwords than their originals) > OR > * set encrypt passwords=no and update encrypted=yes AND make use of the > original passwords and as the users login to the domain smbpasswd file > will updated. > > the point that i'm confused is if i follow the 2nd alternative will my > client pc's (NT 4.0 sp3) be accepted to the domain (as indicated in the > NTDOM faq encrypted passwds should be used for this purpose)? Is there > any program that *fully* (including the original passwords) converts > (translates) UNIX style passwd file into smbpasswd? > > i'm sure this was asked before. sorry for the duplication. i'll > appreciate if someone could show me the way. > > thanks. > > -- > Cemal AKYEL > > mailto:akyel@man.metu.edu.tr > http://www.man.metu.edu.tr/~akyel > phone: +90 (312) 210-2004 > fax: +90 (312) 210-1243 > > From Ryan at US.Distribution.com Thu Aug 13 17:38:53 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain Message-ID: <773702019F1DD21196ED00A0C9D6526F478D@EXCHANGE.distribution.com> Well, I commented out said line and rebuilt everything. I can now browse the shares on my SAMBA machine (the logs show it using the "nobody" account). Interestingly, all the shares appear in explorer with names in ALL CAPS. I can access those shares if there is a user account on the Linux box with the same name as my NT domain username. However, if I delete that user account from the Linux box, I cannot access those shares anymore. Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work. Is it supposed to be possible to get a SAMBA server to get ALL of it's auth info from an NT PDC without having to administer user accounts on the SAMBA server whatsoever? Or do I need to have user accounts on the SAMBA server for each of my NT domain users? Thanks! Ryan Koski Management Information Systems -----Original Message----- From: Matthew Chapman [mailto:z2232203@student.unsw.edu.au] Sent: Wednesday, August 12, 1998 6:21 PM To: Multiple recipients of list Subject: Re: security = domain Ryan Koski wrote: > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136) > Couldn't set gid 500 currently set to (0,0) > [1998/08/12 17:38:11, 0] smbd/server.c:make_connection(3699) > Can't become connected user! This looks to me like another broken 'setresuid' call. Strange, I thought it had been fixed in Redhat 5.1 (maybe not). Try commenting out (enclose in /* ... */) the #define HAVE_SETRESUID 1 line in config.h and do a clean recompile ("make clean; make"). Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From cartegw at Eng.Auburn.EDU Thu Aug 13 18:12:03 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain In-Reply-To: <773702019F1DD21196ED00A0C9D6526F478D@EXCHANGE.distribution.com> Message-ID: On Fri, 14 Aug 1998, Ryan Koski wrote: > Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work. Is it > supposed to be possible to get a SAMBA server to get ALL of it's auth > info from an NT PDC without having to administer user accounts on the > SAMBA server whatsoever? Or do I need to have user accounts on the > SAMBA server for each of my NT domain users? Sorry. I didn't catch this the first time around. Current you have to put user's in /etc/passwd on the unix box. You can set * for the password and give them and invalid shell as well. The entries in /etc/passwd are not for validation but rather obtaining a uid for the user. In the future, samba will be able to create these NT RID <-> Unix uid mapping automatically, but for the moment, the user **must** have any entry in /etc/passwd. Does that explain things? I will document this in the NTDOM FAQ in the next day or so. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Thu Aug 13 18:15:23 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain In-Reply-To: <773702019F1DD21196ED00A0C9D6526F478D@EXCHANGE.distribution.com> Message-ID: The functionality you are refering to is with security=server. The NTDOM stuff provides security=domain and lets your NT users actually athenticate to a Primary Domain Controller implemented in samba. The problem you are having is that your samba server may be asking the NT server to authenticate the username/password pair just fine but then it has no idea what to do with them. Remember samba just tries to map NT privileges to some local user. If I log on to an NT domain with username greg but there is no user greg on the samba machine then unless I map it to something else using username map, I will be nobody because UNIX does not know me. Does that make any sense? Greg On 13-Aug-98 Ryan Koski wrote: > Well, I commented out said line and rebuilt everything. I can now > browse the shares on my SAMBA machine (the logs show it using the > "nobody" account). Interestingly, all the shares appear in explorer > with names in ALL CAPS. I can access those shares if there is a user > account on the Linux box with the same name as my NT domain username. > However, if I delete that user account from the Linux box, I cannot > access those shares anymore. > > Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work. Is it > supposed to be possible to get a SAMBA server to get ALL of it's auth > info from an NT PDC without having to administer user accounts on the > SAMBA server whatsoever? Or do I need to have user accounts on the > SAMBA server for each of my NT domain users? > > Thanks! > > Ryan Koski > Management Information Systems > > > > -----Original Message----- > From: Matthew Chapman > [mailto:z2232203@student.unsw.edu.au] > Sent: Wednesday, August 12, 1998 6:21 PM > To: Multiple recipients of list > Subject: Re: security = domain > > Ryan Koski wrote: > > > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136) > > Couldn't set gid 500 currently set to (0,0) > > [1998/08/12 17:38:11, 0] > smbd/server.c:make_connection(3699) > > Can't become connected user! > > This looks to me like another broken 'setresuid' call. > Strange, I > thought it had been fixed in Redhat 5.1 (maybe not). > > Try commenting out (enclose in /* ... */) the #define > HAVE_SETRESUID 1 > line in config.h and do a clean recompile ("make clean; > make"). > > Matt > > > -- > Matt Chapman > E-mail: mattyc@cyberdude.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From Ryan at US.Distribution.com Thu Aug 13 18:32:11 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain Message-ID: <773702019F1DD21196ED00A0C9D6526F4791@EXCHANGE.distribution.com> Hmmm.... What you are saying does make sense. However, my understanding of the security = domain option as explained in the SAMBA/NTDOM FAQ is that it will allow a SAMBA server to "join" an existing domain, be it controlled by NT or another SAMBA server. I guess I assumed that "join" means that it becomes just like another NT box on the network in that it doesn't need users defined locally; it will authenticate users based on Domain (and trusted domain) user accounts. Of course, an NT machine would know what to do with this info, but UNIX won't... Our company is trying to move our developers away from working in UNIX shell accounts via terminal emulators to working in MS Dev Studio with SourceSafe. We've tried using NFS with commercial NFS clients for NT, and have a long list of reasons why we don't like doing this. I'm trying to sell SAMBA as an alternative solution, but it will be a hard sell if we have to maintain the users on each UNIX box as well as on NT. Has anyone figured out a way to "dump" the list of domain users from a PDC to a passwd file? Ryan Koski Management Information Systems -----Original Message----- From: Greg Dickie [mailto:greg@discreet.com] Sent: Thursday, August 13, 1998 11:22 AM To: Multiple recipients of list Subject: RE: security = domain The functionality you are refering to is with security=server. The NTDOM stuff provides security=domain and lets your NT users actually athenticate to a Primary Domain Controller implemented in samba. The problem you are having is that your samba server may be asking the NT server to authenticate the username/password pair just fine but then it has no idea what to do with them. Remember samba just tries to map NT privileges to some local user. If I log on to an NT domain with username greg but there is no user greg on the samba machine then unless I map it to something else using username map, I will be nobody because UNIX does not know me. Does that make any sense? Greg On 13-Aug-98 Ryan Koski wrote: > Well, I commented out said line and rebuilt everything. I can now > browse the shares on my SAMBA machine (the logs show it using the > "nobody" account). Interestingly, all the shares appear in explorer > with names in ALL CAPS. I can access those shares if there is a user > account on the Linux box with the same name as my NT domain username. > However, if I delete that user account from the Linux box, I cannot > access those shares anymore. > > Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work. Is it > supposed to be possible to get a SAMBA server to get ALL of it's auth > info from an NT PDC without having to administer user accounts on the > SAMBA server whatsoever? Or do I need to have user accounts on the > SAMBA server for each of my NT domain users? > > Thanks! > > Ryan Koski > Management Information Systems > > > > -----Original Message----- > From: Matthew Chapman > [mailto:z2232203@student.unsw.edu.au] > Sent: Wednesday, August 12, 1998 6:21 PM > To: Multiple recipients of list > Subject: Re: security = domain > > Ryan Koski wrote: > > > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136) > > Couldn't set gid 500 currently set to (0,0) > > [1998/08/12 17:38:11, 0] > smbd/server.c:make_connection(3699) > > Can't become connected user! > > This looks to me like another broken 'setresuid' call. > Strange, I > thought it had been fixed in Redhat 5.1 (maybe not). > > Try commenting out (enclose in /* ... */) the #define > HAVE_SETRESUID 1 > line in config.h and do a clean recompile ("make clean; > make"). > > Matt > > > -- > Matt Chapman > E-mail: mattyc@cyberdude.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jerry at Eng.Auburn.EDU Thu Aug 13 20:13:15 1998 From: jerry at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:22 2003 Subject: security = domain In-Reply-To: <773702019F1DD21196ED00A0C9D6526F4791@EXCHANGE.distribution .com> Message-ID: <3.0.3.32.19980813151315.0069c5e8@pophost.eng.auburn.edu> At 04:40 AM 8/14/98 +1000, Ryan Koski wrote: >Hmmm.... What you are saying does make sense. However, my >understanding of the security = domain option as explained in the >SAMBA/NTDOM FAQ is that it will allow a SAMBA server to "join" an >existing domain, be it controlled by NT or another SAMBA server. I >guess I assumed that "join" means that it becomes just like another NT >box on the network in that it doesn't need users defined locally; it >will authenticate users based on Domain (and trusted domain) user >accounts. Of course, an NT machine would know what to do with this >info, but UNIX won't... Eventually the samba box will run in "Appliance" mode where you can plug a box into the network and it will generate the neccessary unix uid's to do the mapping. However, it is just not completed yet. One of the woes when using experimental code :) >Our company is trying to move our developers away from working in UNIX >shell accounts via terminal emulators to working in MS Dev Studio with >SourceSafe. We've tried using NFS with commercial NFS clients for NT, >and have a long list of reasons why we don't like doing this. I'm >trying to sell SAMBA as an alternative solution, but it will be a hard >sell if we have to maintain the users on each UNIX box as well as on NT. >Has anyone figured out a way to "dump" the list of domain users from a >PDC to a passwd file? Capture the output from 'net users /domain' and perform some perl or awk magic and you could get the job done. I'll do that tonight if I get a chance. Should be fairly easy. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From icoupeau at unav.es Fri Aug 14 09:15:57 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:22 2003 Subject: Samba NT Domain - NT login crash References: <35D32C7C.5DC6@amandy.redealuno.usp.br> Message-ID: <35D4004D.AE9788F9@unav.es> Hello, I'm testing the latest CVS I have (980810). I'm very confused because I can log at first time __if and only if__ the netlogon and profile directories are empty; the second time the logon becomes in a pretty blue screen. After the first logon, the profile is created by the WS, and the NTuser.DAT too, but the follows logons becomes in a crash. If I make a copy of the policy and/or profiles, smb.conf, smbpasswd, etc. that runs in an other PDC (980722) in the new PDC, the logon also crashes. Between this summer and the sunday I going to test carefully the problem, but is very odd. The problem is similar with the 4.2. Does the RedHat 5.1 solve the problem? Some one obtains similar results? Andre Gerhard wrote: > > Hello Ignacio, > > I have read your posting in the Samba NT Domain List about > 'NT login crash' and I would like to know if you have found > a solution to this problem ... > > After I upgraded my system yesterday (12/08), I started to get > exactly the same errors as you ... My system is a Pentium > running Linux RedHat 5.0. The O.S. of the clients is Windows NT > Workstation 4.0 (USA Version) with SP3. > > Thank you for any help, > > Andre Gerhard > > Systems/Network Administrator > Universidade de Sao Paulo - SP - Brazil -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From cartegw at Eng.Auburn.EDU Fri Aug 14 13:02:10 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:22 2003 Subject: Samba NT Domain - NT login crash In-Reply-To: <35D4004D.AE9788F9@unav.es> Message-ID: There is **a lot** of restructuring going on in the head branch at the moment. autoconf support, new directory structure for the source, variable flow changes, etc... If I remember correctly, the Blue Screens started appearing after the autoconf stuff. Keeping reporting the problems though. Just have to be patient. Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From michael at cs.vu.nl Fri Aug 14 13:52:02 1998 From: michael at cs.vu.nl (Mike Klinkert) Date: Tue Dec 2 02:24:22 2003 Subject: Changing WS password every new installation Message-ID: Hi all, Let me start with boosting the ego of everyone involved with the development of Samba. Great work, thanx. Anyway, this is why I'm posting a message: The last few days I've been experimenting with the unattend installation method of NT (in this case the WS). Ergo, I try to make an installation with the right (OEM) drivers in place, etc and because of this I've to install NT many times. After the right network drivers were installed automatically, I noticed that NT could not login on the Samba domain (configured as a PDC). However, it did do that before my experiments. What I did was I set the password of the WS again by typing: "smbpasswd MACHINE$" and used "machine" as the password (my WS's name is not MACHINE ofcourse, it's just an example). This worked perfectly. However, I have to do this everytime before I install NT, or else joining the domain will fail (I noticed a "password fail" in the log.smb file, prefixed with a "Trust relationship" something). Am I missing something here? Is the password changed by the WS after the domain joining? Setting the password of the WS everytime you (re)install NT is somewhat annoying (especially if you forget to do it, since the unattend installation will fail. Well it doesn't exactly, it just needs user input, so the installation is no longer unattended). Mike Klinkert. From m.chapman at student.unsw.edu.au Fri Aug 14 13:57:17 1998 From: m.chapman at student.unsw.edu.au (Matthew Chapman) Date: Tue Dec 2 02:24:22 2003 Subject: Changing WS password every new installation References: Message-ID: <35D4423C.E20C75CE@student.unsw.edu.au> Mike Klinkert wrote: > Is the password changed by the WS after the domain > joining? Precisely. Otherwise anyone could join your domain by setting their machine name to that of one of your workstations... Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From anders.blomdell at control.lth.se Fri Aug 14 14:22:44 1998 From: anders.blomdell at control.lth.se (Anders Blomdell) Date: Tue Dec 2 02:24:22 2003 Subject: Changing WS password every new installation In-Reply-To: Message-ID: >> Is the password changed by the WS after the domain >> joining? > >Precisely. Otherwise anyone could join your domain by setting their >machine name to that of one of your workstations... >Setting the password of the WS everytime you (re)install NT is >somewhat annoying (especially if you forget to do it, since the unattend >installation will fail. Well it doesn't exactly, it just needs user input, so >the installation is no longer unattended). In some bright future Samba will be able to let unattended setups join domains by specifying [Network] CreateComputerAccount = USERNAME, PASSWORD in the unattend file (where USERNAME and PASSWORD belongs to somebody with sufficient privileges to add machines to the domain). But there is one caveat, the unattend file is saved as %SYSTEMROOT%\\system32\$winnt$.inf on the newly installed machine, with a USERNAME and PASSWORD for everyone to read. So be very careful when doing unattended installs in public labs, and remember to remove at least that file... Regards Anders Blomdell ------------------------------------------------------------------------------ Anders Blomdell Department of Automatic Control Email: anders.blomdell@control.lth.se Lund Institute of Technology Phone: +46 46 222 4625 Box 118, S-221 00 Lund, Sweden Fax: +46 46 138118 From william at hae.com Fri Aug 14 14:54:48 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:22 2003 Subject: Changing WS password every new installation In-Reply-To: Message-ID: The answer is yes. The password is changed, if not instantly, then soon after joining the domain. This is not a SAMBA issue but part of the protocol. I work on an engineering network, and do not have admin privledges on the domain, so I have to put in a request for a new trust account for every installation or reinstallation of NT. --- William Stuart (william@hae.com) "If Netscape is giving their software away, how do they make money?" "Volume." On Fri, 14 Aug 1998, Mike Klinkert wrote: > Date: Fri, 14 Aug 1998 23:54:46 +1000 > From: Mike Klinkert > To: Multiple recipients of list > Subject: Changing WS password every new installation > > Hi all, > > Let me start with boosting the ego of everyone involved with the development of > Samba. Great work, thanx. > > Anyway, this is why I'm posting a message: > The last few days I've been experimenting with the unattend installation method > of NT (in this case the WS). Ergo, I try to make an installation with the right > (OEM) drivers in place, etc and because of this I've to install NT many times. > After the right network drivers were installed automatically, I noticed that NT > could not login on the Samba domain (configured as a PDC). However, it did do > that before my experiments. What I did was I set the password of the WS again > by typing: "smbpasswd MACHINE$" and used "machine" as the password (my WS's > name is not MACHINE ofcourse, it's just an example). This worked perfectly. > However, I have to do this everytime before I install NT, or else joining the > domain will fail (I noticed a "password fail" in the log.smb file, prefixed > with a "Trust relationship" something). > Am I missing something here? Is the password changed by the WS after the domain > joining? Setting the password of the WS everytime you (re)install NT is > somewhat annoying (especially if you forget to do it, since the unattend > installation will fail. Well it doesn't exactly, it just needs user input, so > the installation is no longer unattended). > > Mike Klinkert. > > From cartegw at Eng.Auburn.EDU Fri Aug 14 18:30:54 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:22 2003 Subject: Script to generate /etc/passwd entries for security = domain Message-ID: <35D4825E.12C069AB@eng.auburn.edu> As promised, here is a perl script to generate /etc/passwd entries from the output of 'net user /domain' when run on you NT PDC. Altrenately you could use the 'username map' in smb.conf Probably has bugs. Things I know work... - Creates the new entries in a ./paswd.new file so you can check them prior to catenating them onto /etc/passwd - Will not duplicate existing uids - Will not duplicate an existing username. Here's an example session.... C:\> net user > users.txt C:\> type uses.txt User accounts for \\SQUIRT ----------------------------------------------------------------------- Administrator alemke anderson breese carlisle cartegw chapman cross dbeale debbieh dmckwski doug gbailey Guest guest1 guven gvdozier hendrix hugjen jaull jbryant jowens jtolbert kchang kprice kyongm larrybar lim llpitch marghitu mathiks mccreary moore nblount phillips roland roundup rstamper sadanur seabner sheriev simonton stephenh teatejc wbarnes jerry carter The command completed successfully. C:\> ...now copy users.txt to the Samba server... [cartegw@orwell nt2passwd]6$ ./nt2passwd users.txt Enter the uid to start with : 1000 Enter the gid to use : 100 [cartegw@orwell nt2passwd]7$ cat passwd.new Administrator:*:1000:100:NT Dummy account:/dev/null:/bin/False Guest:*:1092:100:NT Dummy account:/dev/null:/bin/False roundup:*:1115:100:NT Dummy account:/dev/null:/bin/False jerry:*:1124:100:NT Dummy account:/dev/null:/bin/False carter:*:1125:100:NT Dummy account:/dev/null:/bin/False ........ Notice that not all users were generated a new paswd entry. This is because they already existed. Since the user does not need a passwd, it is bisabled and I believe that you do not need and entry in /etc/shadow as well. Some lines may have wrapped. The actual source can be downloaded if necessary from ftp://ftp.eng.auburn.edu/pub/cartegw/samba/nt2passwd Have fun. Send comments / bugs / etc... to me. Not tested really well but simple enough. j- -- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) ------- cut here -------------------------------------------- #!/usr/local/bin/perl5 # # Author : Gerald (Jerry) Carter # E-mail : jerry@eng.auburn.edu # Filename : nt2passwd # Date Created : August 13, 1998 # Last Update : # # Simple perl script to accept the input from the # 'net user /domain > users.txt' on an NT domain member # and place the users in an /etc/passwd formatted file # in the current directory # # The program will prompt for a starting uid and a gid. # It will not allow starting at uid 0 nor will it allow # assigning gid 0 to generated entries. # # The generated file may be catenated to /etc/passwd at # your descretion. I make no claims about the script. # **Use it at your own risk** No warrenty expressed or # implied. # # DO NOT RUN THE SCRIPT WHEN THE CWD IS /etc. You will lose # your /etc/passwd # # open the input file open ( USER_LIST, "$ARGV[0]" ) || die $!; # get the starting uid print "Enter the uid to start with : "; $start_uid = ; $start_uid = int ( $start_uid ); if ( $start_uid eq 0 ) { printf STDERR "Cannot start with uid 0!\nProgram exiting...\n"; exit (-1); } $current_uid = $start_uid; print "Enter the gid to use : "; $gid = ; $gid = int ( $gid ); if ( $gid eq 0 ) { printf STDERR "Cannot use gid 0 as the group ID!\n"; printf STDERR "Program exiting...\n"; exit (-1); } $comment = 'NT Dummy account'; $shell = '/bin/False'; $homedir = '/dev/null'; # open the output file open ( PASSWD, "> passwd.new" ) || die $!; # loop through the input file while ( $string = ) { chop ( $string ); # weed out the command output and keep the list of users $string = &checkInput ( $string ); # break up the input if ( "$string" ne "" ) { ( $user1, $user2, $user3 ) = split (/\ +/, $string ); # $user1... ($name) = getpwuid ( $current_uid ); while ( "$name" ne "" ) { $current_uid++; ($name) = getpwuid ( $current_uid ); } ( $username ) = getpwnam ( $user1 ); if ( "$username" eq "" ) { printf PASSWD "$user1:*:$current_uid:$gid:$comment:$homedir:$shell\n"; } $current_uid++; # $user2... if ( "$user2" ne "" ) { ($name) = getpwuid ( $current_uid ); while ( "$name" ne "" ) { $current_uid++; ($name) = getpwuid ( $current_uid ); } ( $username ) = getpwnam ( $user2 ); if ( "$username" eq "" ) { printf PASSWD "$user2:*:$current_uid:$gid:$comment:$homedir:$shell\n"; } $current_uid++; if ( "$user3" ne "" ) { ($name) = getpwuid ( $current_uid ); while ( "$name" ne "" ) { $current_uid++; ($name) = getpwuid ( $current_uid ); } ( $username ) = getpwnam ( $user3 ); if ( "$username" eq "" ) { printf PASSWD "$user3:*:$current_uid:$gid:$comment:$homedir:$shell\n"; } $current_uid++; } } } } # close the files close ( USER_LIST ); close ( PASSWD ); # successful completion exit (0); ################################################################# sub checkInput { local ( $input ) = @_; if ( $input =~ '\\\\' ) { $input = ''; } elsif ( $input =~ "command completed" ) { $input = ''; } elsif ( $input =~ '---------' ) { $input = ''; } $input; } ------ cut here --------------------------------------------- From akyel at man.metu.edu.tr Mon Aug 17 08:19:30 1998 From: akyel at man.metu.edu.tr (Cemal AKYEL) Date: Tue Dec 2 02:24:22 2003 Subject: UNIX/NT passwd sync: Confused References: Message-ID: <35D7E791.6FFBBB4E@man.metu.edu.tr> Gerald W. Carter wrote: > On Fri, 14 Aug 1998, Cemal AKYEL wrote: > > > * set encrypt passwords=no and update encrypted=yes AND make use of the > > original passwords and as the users login to the domain smbpasswd file > > will updated. > > You cannot run a Samba PDC using this option. You can have them connect > to another samba server and use this option. Then the smbpasswd entries > can be copied over to the PDC. Now I've got another samba server (pwdserver). All of my users are defined in the /etc/passwd of the pwdserver. Below are from the related smb.conf files: Original PDC: security=server password server=pwdserver encrypt passwords=yes pwdserver: security=user encrypt passwords=no >From an NT WS 4.0 (sp3) client if i login as a local user, i can get connected to the original PDC with the usernames/passwords defined on the pwdserver. However the original PDC does not accept the membership requests from an NT WS 4.0 client. I assume the smbpasswd will placed on the PDC but not the pwdserver (since encryption is set to no on the pwdserver) > > > Since the user password change stuff is not implemented yet, it would be > impossible to implement the "change password on next logon" feature. > > > the point that i'm confused is if i follow the 2nd alternative will my > > client pc's (NT 4.0 sp3) be accepted to the domain (as indicated in the > > NTDOM faq encrypted passwds should be used for this purpose)? > > See notes above. There is really not a clean solution to this as of yet ( > that I know of ). Anybody have any good ideas? Besides running 'Crack' > as I mention below? > > > Is there > > any program that *fully* (including the original passwords) converts > > (translates) UNIX style passwd file into smbpasswd? > > There is no way to globally transfer the password in /etc/passwd to the > smbpasswd file. You could try cracking the passwd file and then scripting > these over to the smbpasswd file. However this will not work obviously > all the time. > > Hope this helps, > j- > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) -- Cemal AKYEL mailto:akyel@man.metu.edu.tr http://www.man.metu.edu.tr/~akyel phone: +90 (312) 210-2004 fax: +90 (312) 210-1243 From matsaki at statcan.ca Mon Aug 17 20:12:49 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:22 2003 Subject: NT4.0 PDC and Samba help Message-ID: <35D88EC1.4DCE@statcan.ca> After reading the documentation and faq regarding ntdomain, I'm still lost and don't know where to turn. I wanted to do the following: 1. Install Samba on my unix box, and let it join my NT Domain as a file server. 2. Allow my NT 4.0 Workstation clients connect to private shares created on the Samba server. - I was able to install Samba with no problems. - I was able to join the Samba server into my NT Domain with no problems (I see DOMAIN.SERVERNAME.mac file in the private directory). - I run testparm to check for errors , and it tests fine. - I can connect public shares with no problems... this works fine. - I cannot however get my private shares connected with valid NT domain accounts. (akirasvr is a valid domain account) NT comes back and says "Incorrect password or unknown username for \\imaps1\matsaki" I read somewhere in the archive that I don't need to create accounts on the unix side of things... Is this true? Has anyone got this to work without creating the accounts on the unix side? If anyone can help me out here, I'd greatly appreciate it.. I'm new to both Unix and Samba, but am very familiar with NT...Thanx Btw..My smb.conf file looks like this: workgroup = IMAD guest account = nobody security = domain password server = imad1 encrypt passwords = yes domain master = no wins server = 142.205.52.11 interfaces = 142.205.218.13/255.255.254.0 dns proxy = no [matsaki] comment = Akira's Private Directory path = /usr/users/matsaki writable = yes valid users = akirasvr public = no guest ok = no [public] comment = IMAPS1 Apps Share path = /usr/samba/samba1/apps public = yes read only = no From Ryan at US.Distribution.com Mon Aug 17 20:16:33 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:22 2003 Subject: NT4.0 PDC and Samba help Message-ID: <773702019F1DD21196ED00A0C9D6526F47A6@EXCHANGE.distribution.com> Hello... I beat you to this point. :-) See the copied message from Mr. Carter below: ------------------------------------------------------------------------ ------------------------------------------------------ On Fri, 14 Aug 1998, Ryan Koski wrote: > Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work. Is it > supposed to be possible to get a SAMBA server to get ALL of it's auth > info from an NT PDC without having to administer user accounts on the > SAMBA server whatsoever? Or do I need to have user accounts on the > SAMBA server for each of my NT domain users? Sorry. I didn't catch this the first time around. Current you have to put user's in /etc/passwd on the unix box. You can set * for the password and give them and invalid shell as well. The entries in /etc/passwd are not for validation but rather obtaining a uid for the user. In the future, samba will be able to create these NT RID <-> Unix uid mapping automatically, but for the moment, the user **must** have any entry in /etc/passwd. Does that explain things? I will document this in the NTDOM FAQ in the next day or so. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) Ryan Koski Management Information Systems -----Original Message----- From: Akira Matsuno [mailto:matsaki@statcan.ca] Sent: Monday, August 17, 1998 1:15 PM To: Multiple recipients of list Subject: NT4.0 PDC and Samba help After reading the documentation and faq regarding ntdomain, I'm still lost and don't know where to turn. I wanted to do the following: 1. Install Samba on my unix box, and let it join my NT Domain as a file server. 2. Allow my NT 4.0 Workstation clients connect to private shares created on the Samba server. - I was able to install Samba with no problems. - I was able to join the Samba server into my NT Domain with no problems (I see DOMAIN.SERVERNAME.mac file in the private directory). - I run testparm to check for errors , and it tests fine. - I can connect public shares with no problems... this works fine. - I cannot however get my private shares connected with valid NT domain accounts. (akirasvr is a valid domain account) NT comes back and says "Incorrect password or unknown username for \\imaps1\matsaki" I read somewhere in the archive that I don't need to create accounts on the unix side of things... Is this true? Has anyone got this to work without creating the accounts on the unix side? If anyone can help me out here, I'd greatly appreciate it.. I'm new to both Unix and Samba, but am very familiar with NT...Thanx Btw..My smb.conf file looks like this: workgroup = IMAD guest account = nobody security = domain password server = imad1 encrypt passwords = yes domain master = no wins server = 142.205.52.11 interfaces = 142.205.218.13/255.255.254.0 dns proxy = no [matsaki] comment = Akira's Private Directory path = /usr/users/matsaki writable = yes valid users = akirasvr public = no guest ok = no [public] comment = IMAPS1 Apps Share path = /usr/samba/samba1/apps public = yes read only = no From ankit at drillbit.tamu.edu Mon Aug 17 19:32:27 1998 From: ankit at drillbit.tamu.edu (Ankit Shah) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help In-Reply-To: <35D88EC1.4DCE@statcan.ca> Message-ID: It looks like you may not need to make Samba as PDC ... Do you have a NT server already ? If yes, just make samba join the domain controlled by NT server, and you will be able to do all you want except authenticating NT logins from samba...I think this is not what you want, you just need a file server. In my view, you should be more than fine with samba joining Nt controlled domain. If you want specifics, let me know. I have done this recently. Hope this helps. Ankit shah :-)workgroup = IMAD :-)guest account = nobody :-)security = domain this will change to security=server or security = user :-)password server = imad1 :-)encrypt passwords = yes :-)domain master = no :-)wins server = 142.205.52.11 :-)interfaces = 142.205.218.13/255.255.254.0 :-)dns proxy = no :-) :-)[matsaki] :-)comment = Akira's Private Directory :-)path = /usr/users/matsaki :-)writable = yes :-)valid users = akirasvr :-)public = no :-)guest ok = no :-) :-)[public] :-)comment = IMAPS1 Apps Share :-)path = /usr/samba/samba1/apps :-)public = yes :-)read only = no :-) Everything else looks fine. *-------------------------------------* | Ankit Shah | | Microcomputer Specialist | | Petroleum Engineering Dept. | | Texas A & M University | | (409) 845 2297--ankit@tamu.edu | *-------------------------------------* From louis.botha at cs.up.ac.za Tue Aug 18 09:10:15 1998 From: louis.botha at cs.up.ac.za (louis.botha@cs.up.ac.za) Date: Tue Dec 2 02:24:23 2003 Subject: Samba NT Domain - NT login crash In-Reply-To: <35D4004D.AE9788F9@unav.es> Message-ID: <199808180910.LAA11830@mail.cs.up.ac.za> Hi Ignacio, Just to confuse matters a bit more... :-) I experienced exactly the same behaviour on my Slackware 3.4 server, but *not* on a Red Hat 5.1 server. I subsequently tested it on various hardware & software combinations and concluded that the only platform that does not crash the Windows clients is RH 5.1 -- I still have to test Solaris though. Regards, Louis ----------------------------------------------------------------------- Louis Botha Computer Science Department louis.botha@cs.up.ac.za University of Pretoria Tel: +27-12-420-3617 Pretoria Cell: +27-82-924-4616 South Africa http://www.cs.up.ac.za/~lbotha ----------------------------------------------------------------------- On 14 Aug, Ignacio Coupeau wrote: > Hello, > > I'm testing the latest CVS I have (980810). I'm very confused because I > can log at first time __if and only if__ the netlogon and profile > directories are empty; the second time the logon becomes in a pretty > blue screen. After the first logon, the profile is created by the WS, > and the NTuser.DAT too, but the follows logons becomes in a crash. > > If I make a copy of the policy and/or profiles, smb.conf, smbpasswd, > etc. that runs in an other PDC (980722) in the new PDC, the logon also > crashes. > > Between this summer and the sunday I going to test carefully the > problem, but is very odd. The problem is similar with the 4.2. Does the > RedHat 5.1 solve the problem? > Some one obtains similar results? > > > Andre Gerhard wrote: >> >> Hello Ignacio, >> >> I have read your posting in the Samba NT Domain List about >> 'NT login crash' and I would like to know if you have found >> a solution to this problem ... >> >> After I upgraded my system yesterday (12/08), I started to get >> exactly the same errors as you ... My system is a Pentium >> running Linux RedHat 5.0. The O.S. of the clients is Windows NT >> Workstation 4.0 (USA Version) with SP3. >> >> Thank you for any help, >> >> Andre Gerhard >> >> Systems/Network Administrator >> Universidade de Sao Paulo - SP - Brazil > > -- > ____________________________________________________ > Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es > CTI, Director fax: +48 425619 > University of Navarra voice: +48 425600 > Pamplona, SPAIN http://www.unav.es/cti/ From matsaki at statcan.ca Tue Aug 18 13:53:34 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help References: Message-ID: <35D9875E.4EA@statcan.ca> Ankit Shah wrote: > > It looks like you may not need to make Samba as PDC ... Do you have a NT > server already ? If yes, just make samba join the domain controlled by NT > server, and you will be able to do all you want except authenticating NT > logins from samba...I think this is not what you want, you just need a > file server. In my view, you should be more than fine with samba joining > Nt controlled domain. You are correct. I'm *not* trying to get Samba setup as a PDC. I already have a NT Server PDC, and I have let my Samba server "join" the domain. And with this setup, I wanted to use my NT domain accounts to be used to authenticate connecting to shares I created on the Samba server (ie. the matsaki share in my smb.conf file)... But I have been told that I need to create user accounts on the Samba server as well.. I was trying to avoid that.. Hmmm. but I also wanted to verify: If I set security = server , the password needed to connect will be the NT Domain account password? or will it get mixed up with the unix password in /etc/passwd? > :-)workgroup = IMAD > :-)guest account = nobody > :-)security = domain > > this will change to security=server or security = user So, basically the only benefit of using Security = Domain is when I need to use Samba as the Domain Controller of an NT network? Is there any other reason for setting it = Domain? The FAQ says it makes the Samba server a full member of the Domain.. I guess like an NT Workstation.. but a workstation gets to use the domain user and groups database at least.. (I know groups are not supported as of yet...) maybe its not a full member? anyone care to elaborate? Thanx for all the responses from everyone ... I wish I knew about this mailing list sooner :) -- * Akira Matsuno * Network Administrator / Oracle DBA * Statistics Canada * Ottawa Ontario From ankit at drillbit.tamu.edu Tue Aug 18 13:32:20 1998 From: ankit at drillbit.tamu.edu (Ankit Shah) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help In-Reply-To: <35D9875E.4EA@statcan.ca> Message-ID: :-)But I have been told that I need to create user accounts on the Samba :-)server as well.. I was trying to avoid that.. Hmmm. but I also wanted :-)to verify: If I set security = server , the password needed to connect :-)will be the NT Domain account password? or will it get mixed up with :-)the unix password in /etc/passwd? You do need user accounts on samba server but not with password. Password field can be locked. Samba only uses /etc/passwd to get user ids, when you set security = server and provide NT server as the password server, it gets user authenticate from NT server rather than /etc/passwd. In our setup we do have passwords in /etc/passwd because we use the same passwd file for authenticating on mail and web server. But if you are _only_ using it as file server, and do not want people to access through telnet or ftp, no passwd is fine. :-)So, basically the only benefit of using Security = Domain is when I need :-)to use Samba as the Domain Controller of an NT network? Is there any :-)other reason for setting it = Domain? Not really. For your purpose security = server is okay. Plus, the domain code for samba is still under development, and you can expect some things to break. In short, if you dont need it dont use it. Hope this helps. -Ankit *-------------------------------------* | Ankit Shah | | Microcomputer Specialist | | Petroleum Engineering Dept. | | Texas A & M University | | (409) 845 2297--ankit@tamu.edu | *-------------------------------------* From Ryan at US.Distribution.com Tue Aug 18 14:55:03 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:23 2003 Subject: Clarification please... Message-ID: <773702019F1DD21196ED00A0C9D6526F47AE@EXCHANGE.distribution.com> Hello... I think it might help to provide some clarification as to what "security = domain" really means. Based on the language of the NTDOM FAQ, myself and others have ass'u'me'd that "join the domain" means exactly that: a SAMBA server will join an existing domain just like another NT box. However, this is not entirely the case, as the users must exist in /etc/passwd in order to establish the UID's. As such, I am not clear on the difference between "security = domain" and "security = server". Would it be possible to get a clearer description of this and an updated FAQ? It will probably save the SAMBA team a lot of repetitive questions in the future... Thanks! Ryan Koski Management Information Systems Distribution Architects International Inc. From cartegw at Eng.Auburn.EDU Tue Aug 18 15:09:23 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: Clarification please... References: <773702019F1DD21196ED00A0C9D6526F47AE@EXCHANGE.distribution.com> Message-ID: <35D99923.50AECC8F@eng.auburn.edu> Ryan Koski wrote: > > Would it be possible to get a clearer description of this and an > updated FAQ? It will probably save the SAMBA team a lot of > repetitive questions in the future... That's the plan. However, deadlines at work have prevented me from getting it done just yet. Althought one thing I have found is that **no one** seems to read the notice at the beginning of the Table of Contents :) j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From trep at dem.qc.ca Tue Aug 18 14:41:21 1998 From: trep at dem.qc.ca (Pierre-Jules Tremblay) Date: Tue Dec 2 02:24:23 2003 Subject: problem authenticating user with current CVS Message-ID: <199808181441.KAA12163@ursula.dem.qc.ca> A non-text attachment was scrubbed... Name: not available Type: text Size: 23991 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980818/c90f22bf/attachment.bat From trep at dem.qc.ca Tue Aug 18 15:27:51 1998 From: trep at dem.qc.ca (Pierre-Jules Tremblay) Date: Tue Dec 2 02:24:23 2003 Subject: problem authenticating user with current CVS In-Reply-To: <199808181441.KAA12163@ursula.dem.qc.ca> from "Pierre-Jules Tremblay" at Aug 19, 98 01:17:00 am Message-ID: <199808181527.LAA13337@ursula.dem.qc.ca> A non-text attachment was scrubbed... Name: not available Type: text Size: 25618 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980818/7dc6dd5f/attachment.bat From doerbeck at dma.isg.mot.com Tue Aug 18 15:43:10 1998 From: doerbeck at dma.isg.mot.com (Christoph Doerbeck) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help In-Reply-To: Your message of "Tue, 18 Aug 1998 06:14:55 +1000." <35D88EC1.4DCE@statcan.ca> Message-ID: <199808181543.LAA20128@prospero.dma.isg.mot.com> I read that someone stated that you NEED local accounts in /etc/passwd. I don't believe this to be the case. In fact, I thought that if you were to create a "username map" with an entry like "safeshare = *" then all NTDOM connections authenticated through the NT server would work, and have local userid "safeshare" on the samba server. This would imply you need one entry in /etc/passwd for a unique share userid. I suppose you could use something like "nobody" or "bin" if you wanted to avoid creating special userids. Am I way off on this? Or does this sound like a solution to the stated problem? > After reading the documentation and faq regarding ntdomain, I'm still > lost and don't know where to turn. > > I wanted to do the following: > > 1. Install Samba on my unix box, and let it join my NT Domain as a > file server. > 2. Allow my NT 4.0 Workstation clients connect to private shares created > on the Samba server. > > - I was able to install Samba with no problems. > - I was able to join the Samba server into my NT Domain with no problems > (I see DOMAIN.SERVERNAME.mac file in the private directory). > - I run testparm to check for errors , and it tests fine. > - I can connect public shares with no problems... this works fine. > > - I cannot however get my private shares connected with valid NT domain > accounts. (akirasvr is a valid domain account) NT comes back and says > "Incorrect password or unknown username for \\imaps1\matsaki" > > I read somewhere in the archive that I don't need to create accounts on > the unix side of things... Is this true? Has anyone got this to work > without creating the accounts on the unix side? > > If anyone can help me out here, I'd greatly appreciate it.. I'm new to > both Unix and Samba, but am very familiar with NT...Thanx > > > > Btw..My smb.conf file looks like this: > workgroup = IMAD > guest account = nobody > security = domain > password server = imad1 > encrypt passwords = yes > domain master = no > wins server = 142.205.52.11 > interfaces = 142.205.218.13/255.255.254.0 > dns proxy = no > > [matsaki] > comment = Akira's Private Directory > path = /usr/users/matsaki > writable = yes > valid users = akirasvr > public = no > guest ok = no > > [public] > comment = IMAPS1 Apps Share > path = /usr/samba/samba1/apps > public = yes > read only = no > From cartegw at Eng.Auburn.EDU Tue Aug 18 16:02:28 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help References: <199808181543.LAA20128@prospero.dma.isg.mot.com> Message-ID: <35D9A594.1D4202CC@eng.auburn.edu> Christoph Doerbeck wrote: > > I read that someone stated that you NEED local accounts in > /etc/passwd. > I don't believe this to be the case. In fact, I thought that if you > were to create a "username map" with an entry like "safeshare = *" > then all NTDOM connections authenticated through the NT server > would work, and have local userid "safeshare" on the samba server. > Am I way off on this? Or does this sound like a solution to the > stated problem? That's what I said. :) However you allow Samba to get a valid Unix uid will work. Either /etc/passwd entries or "username map =" j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sm at sys.uea.ac.uk Tue Aug 18 16:55:32 1998 From: sm at sys.uea.ac.uk (Shaun McCullagh) Date: Tue Dec 2 02:24:23 2003 Subject: Any possibilty of SAMBA using NIS to authenticate NT Workstations? Message-ID: Hi, Is there any possibility of SAMBA using NIS to authenticate NT Workstations rather than the smbpasswd file in the future. Or is this impossible? It would be really useful to have one password file authenticating everything. Cheers Shaun McCullagh, IT Support Officer, School of Information Systems., University of East Anglia., Norwich England NR4 7TJ Office: E02.102 http://www.sys.uea.ac.uk/~sm Tel +44 1603 592307 mailto:sm@sys.uea.ac.uk FAX +44 1603 593344 From andrew.seabolt at prudential.com Tue Aug 18 20:14:51 1998 From: andrew.seabolt at prudential.com (Andrew Seabolt) Date: Tue Dec 2 02:24:23 2003 Subject: WINS problem and NT Domain authentication Message-ID: <85256664.006F7ED1.00@njros1ngw09.metro.prudential.com> My user authentication through our PDC was working great until two weeks ago. At this time, we weren't doing WINS replication and our PDC was our WINS server. All I did was use these values in the smb.conf file: WORKGROUP = PRUDENTIAL_BANK # Authentication Options # Security mode. Most people will want user level security. See # security_level.txt for details. security = server # Use password server option only with security = server password server = WARLORD # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 158.221.111.199 # WARLORD is IP address 158.221.111.199 The password authentication was passed off to WARLORD and once authenticated (provided the user had an account on the UNIX SAMBA server (not in smbpasswd file), the shares were doled out based on that user's user and group permissions. Now, suddenly, this doesn't work unless a SMB (few others deleted) Nothing else changed in the UNIX environment until our NT administrators wanted to create a PUSH-PULL relationship between the PDC and a BDC (don't ask me why -- they just decided to and it didn't break any NT stuff apparantly). Now, this is what I'm getting in the logs: (log level 10) resolve_name: Attempting broadcast lookup for name WARLORD<0x20> bind succeeded on port 0 nmb packet from 158.221.111.255(137) header: id=11884 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=No trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=WARLORD<20> q_type=32 q_class=1 1998/08/18 14:06:10 sending a packet of len 50 to (158.221.111.255) on port 137 nmb packet from 158.221.111.255(137) header: id=11884 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=No trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=WARLORD<20> q_type=32 q_class=1 1998/08/18 14:06:11 sending a packet of len 50 to (158.221.111.255) on port 137 nmb packet from 158.221.111.255(137) header: id=11884 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=No trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=WARLORD<20> q_type=32 q_class=1 1998/08/18 14:06:11 sending a packet of len 50 to (158.221.111.255) on port 137 server_cryptkey: Can't resolve address for WARLORD password server not available Selected protocol NT LM 0.12 ...... Domain=[SPUNKY] NativeOS=[Windows NT 1381] NativeLanMan=[] sesssetupX:name=[aseabolt] lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Tue Aug 18 14:00:06 1998 password server is not connected SMB Password - pwlen = 24, challenge_done = 1 Checking SMB password for user aseabolt (l=24) get_smbpwd_entry: opening file /usr/local/samba/private/smbpasswd get_smbpwd_entry: search by name: aseabolt get_smbpwd_entry: skipping comment or blank line get_smbpwd_entry: skipping comment or blank line get_smbpwd_entry: skipping comment or blank line get_smbpwd_entry: found by name: aseabolt get_smbpwd_entry: returning passwd entry for user aseabolt, uid 8626 Checking NT MD4 password Updated database with aseabolt Yes lp_servicenumber: couldn't find aseabolt adding home directory aseabolt at /export/home/sysadmin/aseabolt So I decided to try to do an nmblookup WARLORD at the UNIX box and got that it couldn't resolve the name. Can someone help? Thanks! Andy Seabolt UNIX Systems Administrator The Prudential Bank and Trust Company andrew.seabolt@prudential.com From andrew.seabolt at prudential.com Tue Aug 18 20:40:39 1998 From: andrew.seabolt at prudential.com (Andrew Seabolt) Date: Tue Dec 2 02:24:23 2003 Subject: WINS problem and DNS revisited ... (okay, this might help) Message-ID: <85256664.0071DAC2.00@njros1ngw09.metro.prudential.com> Found this in one of the other logs .. Perhaps this might help, too .. resolve_name: Attempting lmhosts lookup for name WARLORD getlmhostsent: lmhost entry: 127.0.0.1 localhost getlmhostsent: too many columns in lmhosts file (obsolete syntax) getlmhostsent: lmhost entry: 158.221.115.29 pbolsun1 getlmhostsent: lmhost entry: 158.221.111.199 warlord Connecting to 158.221.111.199 at port 139 connected to password server WARLORD write_socket(7,76) write_socket(7,76) wrote 76 Sent session request got smb length of 1 WARLORD rejected the session Selected protocol NT LM 0.12 1998/08/10 11:58:16 negprot index=7 size=93 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=51966 What could cause their PDC to suddenly reject me? Andy From ink at inconnu.isu.edu Wed Aug 19 03:28:05 1998 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:24:23 2003 Subject: WINS problem and NT Domain authentication In-Reply-To: <19980819034750Z12610913-20449+52@samba.anu.edu.au> Message-ID: From: "Andrew Seabolt" >My user authentication through our PDC was working great until two weeks >ago. At this time, we weren't doing WINS replication and our PDC was our >WINS server. All I did was use these values in the smb.conf file: [snip] We had this strange problem as well; we simply added the samba machine (which was the PDC for another domain apart from the NT domain) as a STATIC machine into the NT WINS server. From louis.botha at cs.up.ac.za Wed Aug 19 12:25:26 1998 From: louis.botha at cs.up.ac.za (louis.botha@cs.up.ac.za) Date: Tue Dec 2 02:24:23 2003 Subject: problem authenticating user with current CVS In-Reply-To: <199808181527.LAA13337@ursula.dem.qc.ca> Message-ID: <199808191225.OAA21347@mail.cs.up.ac.za> Hi Pierre, The same "feature" had me confused for a few hours too... :-) setresuid() and setresgid() are only introduced in Linux kernels 2.1.44 and up. The autoconf script isn't clever enough to figure out which kernel you're running. Regards, Louis ----------------------------------------------------------------------- Louis Botha Computer Science Department louis.botha@cs.up.ac.za University of Pretoria Tel: +27-12-420-3617 Pretoria Cell: +27-82-924-4616 South Africa http://www.cs.up.ac.za/~lbotha ----------------------------------------------------------------------- On 19 Aug, Pierre-Jules Tremblay wrote: > > I was able to solve my problem by removing the line > > #define HAVE_SETRESUID 1 > > from include/config.h. I don't know why setresgid() fails in uid.c. > I am currently using glibc-2.0.6 with a Linux 2.0.35 kernel. > > Is this a known bug? Maybe change the autoconf stuff to unset that > #define for this particular configuration? > > Pierre > >> >> >> I just updated my samba binaries to the latest (as of a half-hour ago) >> CVS tree. Unfortunately, users are no longer authenticated properly, >> i.e. I get a "bad password" message. Using samba binaries from three >> weeks ago, everything is fine. >> >> Below is a level-10 log of the transaction. I think the section of >> interest is where it says "Cannot become connected user". I also >> include my smb.conf at the end. >> >> Thanks for your help, >> >> Pierre Tremblay >> >> - snip - >> >> [1998/08/18 10:33:35, 0] smbd/uid.c:become_gid(136) >> Couldn't set gid 500 currently set to (0,0) >> [1998/08/18 10:33:35, 0] smbd/service.c:make_connection(419) >> Can't become connected user! >> [1998/08/18 10:33:35, 3] smbd/connection.c:yield_connection(40) >> Yielding connection to public From akyel at man.metu.edu.tr Wed Aug 19 15:18:55 1998 From: akyel at man.metu.edu.tr (Cemal AKYEL) Date: Tue Dec 2 02:24:23 2003 Subject: Profiles: Need help References: <199808181543.LAA20128@prospero.dma.isg.mot.com> <35D9A594.1D4202CC@eng.auburn.edu> Message-ID: <35DAECDF.51654F1D@man.metu.edu.tr> Hi. I think i really need some help. A login attempt from an NT WS 4.0 (sp3) client to a SMB PDC crashes the client. When I take a look at the log file (obtained by -d 4) it seems that the client recieves the profile (that are common for all the users) entries (including the *ntuser.man*). After the crash I reboot the client and check the %SystemRoot%\Profiles directory. Except the ntuser.man, the other directories were copied from the PDC. However the permissions of the related files were like \Unknown Account --- Full Control. The directory name under the %SystemRoot%\Profiles was correct however (being my login username) The cvs version that i use 2.0.0-prealpha that i updated on Aug 19. Anybody came across with such a problem? Thanks. The below lines are excerpted from the smb.conf file. [global] logon path = \\%L\Profiles\Common [netlogon] comment = Network Logon Service path = /opt/samba/netlogon guest ok = no writable = no share modes = no locking = no public = no [Profiles] path = /opt/samba/profiles browseable = no guest ok = no writable = no -- Cemal AKYEL mailto:akyel@man.metu.edu.tr http://www.man.metu.edu.tr/~akyel phone: +90 (312) 210-2004 fax: +90 (312) 210-1243 From matsaki at statcan.ca Wed Aug 19 17:11:44 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help References: <199808181543.LAA20128@prospero.dma.isg.mot.com> <35D9A594.1D4202CC@eng.auburn.edu> Message-ID: <35DB0750.4572@statcan.ca> Gerald Carter wrote: > > Christoph Doerbeck wrote: > > > > I read that someone stated that you NEED local accounts in > > /etc/passwd. > > I don't believe this to be the case. In fact, I thought that if you > > were to create a "username map" with an entry like "safeshare = *" > > then all NTDOM connections authenticated through the NT server > > would work, and have local userid "safeshare" on the samba server. > > > Am I way off on this? Or does this sound like a solution to the > > stated problem? > > That's what I said. :) However you allow Samba to get a valid > Unix uid will work. Either /etc/passwd entries or "username map =" > Regarding entering /etc/passwd users...Are there any ramifications if you are using C2 security (shadow passwords)? Or is this not a problem? I'm not a unix expert so, I thought I'd ask before I did anything. -- * Akira Matsuno * Network Administrator / Oracle DBA * Statistics Canada * Ottawa Ontario From cartegw at Eng.Auburn.EDU Wed Aug 19 17:25:03 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: NT4.0 PDC and Samba help References: <199808181543.LAA20128@prospero.dma.isg.mot.com> <35D9A594.1D4202CC@eng.auburn.edu> <35DB0750.4572@statcan.ca> Message-ID: <35DB0A6F.A220000A@eng.auburn.edu> Akira Matsuno wrote: > > Regarding entering /etc/passwd users...Are there any ramifications if > you are using C2 security (shadow passwords)? Or is this not a > problem? I'm not a unix expert so, I thought I'd ask before I did > anything. If you set the passwd field to * then your are effective locking the account. Samba just needs a a standard place to look up unix uids. No validation is performed on the unix box. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Aug 19 17:57:59 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: SAMBA & domain References: Message-ID: <35DB1227.CBF45770@eng.auburn.edu> Vsevolod Melnikov wrote: > > Hello! > > Please answer a question. > I just downloaded latest samba src and compiled it. > In the FAQ there is request to use > smbpasswd -j > > My smbpasswd complains that there is no -j option. > What can be done? > I've finally updated Q6.1 regarding the "security = domain" option. Hopefully it will explain things a little better for you. Cheers, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From thwartedefforts at wonky.org Wed Aug 19 18:37:02 1998 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:23 2003 Subject: auth via security = server and "Domain Users" group Message-ID: <19980819183702.16515.cpmta@fillmore.criticalpath.net> I just ran into a strange problem (not with samba though) when using security = server, and it may be helpful to those people who are also having problems with it. I don't remember seeing anything about this mentioned anywhere in the documentation. I'm in the middle of converting this entire NTS/NTW network over to being samba served and samba PDC'd. In the interum, I've got samba running on RH5.1 with security = server and the password server pointed at our current NTS4 PDC. I created a few accounts on linux, setup the usermap files and all worked well (people were able to get to the samba shares with their NTS PDC auth stuff), that is, until I added the remainder of the accounts and a few other people tried to access the samba machine. It was constantly prompting for passwords, and nothing worked, unless you gave samba a username and password (from the original set of users) that previously worked. The samba log said things like: trying NetWkstaUserLogon with password server MERCURY NetWkstaUserLogon success password server MERCURY gave guest privilages Anyway, I tracked this down to the fact that some of the users were not in the NT Group named "Domain users". After putting the users, on the PDC, into the "Domain users" group, then the NTS PDC, as samba puts it "accepted the password", and they were able to access samba okay. I don't remember seeing anything about this in the docs, and of course, the help files on NT didn't give me any hint about this either. I suspect that NT DC's won't perform auth for users for other machines if the user is not in the "Domain Users" group. Does anyone know if this is true for other NT (server and workstation) machines that have auth defered to the PDC? I don't think this would normally be a problem unless someone decided that the default groups that exist on NT (power users, domain users, etc) are not a good idea and go and remove them or remove users from those groups (such was the case at my site). As you can tell, I'm not much of an NT guy. Andy Bakun From cly at sunshine.bke.hu Wed Aug 19 18:41:50 1998 From: cly at sunshine.bke.hu (Dobos Sanyi) Date: Tue Dec 2 02:24:23 2003 Subject: NT login crash in an other way... Message-ID: <35DB1C6D.518FBE77@sunshine.bke.hu> Hi! I have working netlogon and profiles share. Netlogon has a ntconfig.pol which is working fine. I wanted NT4WSSP3 roaming profiles place to the profiles share. A) In smb.conf I set the logon path = \\server\profiles\%U and domain logons = yes. 1. If I left Default User on NT, the user could log in and work, but the profile wont be saved 2. If I delete the Default User on NT, the user couldnt log in. 3. If I place the Default User on netlogon share, NT crashes after login After restart I saw, that NT has a Default User (network) directory, but there isnt any ntuser.dat file B) I simple copied the users profile directory to the profiles share. The NT crashes after login. The effect: on NT I can saw the users profile directory copied from server, but there isnt any ntuser.dat file again! If I left the profiles share empty (no 'username' directory), NT said no profile on server, and logs in, creating profile from Default User. But it created in profile share a 'username' file. The second login it creates a 'username.pds' file and crashes. Please help me, I working on this problem for a week! Thank You. Cly From Ryan at US.Distribution.com Wed Aug 19 20:19:01 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:23 2003 Subject: SAMBA & domain Message-ID: <773702019F1DD21196ED00A0C9D6526F47B5@EXCHANGE.distribution.com> Hmmm... I haven't tried it yet, but what do you suppose will happen if a user with one of the NT Dummy accounts accesses a SAMBA server with a "homes" section? Ryan Koski Management Information Systems Distribution Architects International Inc. -----Original Message----- From: Gerald Carter [mailto:cartegw@Eng.Auburn.EDU] Sent: Wednesday, August 19, 1998 11:02 AM To: Multiple recipients of list Subject: Re: SAMBA & domain Vsevolod Melnikov wrote: > > Hello! > > Please answer a question. > I just downloaded latest samba src and compiled it. > In the FAQ there is request to use > smbpasswd -j > > My smbpasswd complains that there is no -j option. > What can be done? > I've finally updated Q6.1 regarding the "security = domain" option. Hopefully it will explain things a little better for you. Cheers, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From joseph.dries at lmco.com Wed Aug 19 21:14:44 1998 From: joseph.dries at lmco.com (Dries, Joseph) Date: Tue Dec 2 02:24:23 2003 Subject: Samba 1.9.19pre-alpha as NT domain Client Message-ID: All- I have a situation where I need to share out UNIX user's home directories (and other shares). I'd prefer to run Samba rather than have to purchase, install, and support a usable NFS client on our NT workstations. Our NT environment is configured in a multiple-master domain model. There are several Account domains that are trusted by the various resource domains. The samba servers are part of the resource domain. I was able to cvs checkout the HEAD branch, compile and install. I was able to issue a smbpasswd -j RESDOM. I can see and browse to the samba server, however it's not authenticating any users. I have the following relevant settings in my smb.conf file: workgroup = RESDOM password server = RESDOM-PDC security = domain encrypt passwords = yes There are specific reasons why I do not want to manage a separate smbpasswd file. (Besides the fact that our Unix passwd file has over 5400 entries, and that number changes +/- daily.) What I was going to implement was a perl script that creates a UNIX account to NT account mapping (for smbusers) via LDAP. I have a reconciliation script that keeps my Unix passwd database reconciled with the NT accounts in the Account domain. Since there is password aging on both the UNIX side and the NT side, it's important that I try to keep the number of entered passwords to a minimum, thus the authentication by NT PDC for the samba server. My problem is however, that I'm not able to authenticate any users to the samba process. I tried user names in the form of ACCT\uname, uname, RESDOM\uname, etc. with passwords for each user account. As a side note, if there is a user account in the resource domain, and a user account in the ACCT domain, (and the user is logged into the NTworkstation as ACCT\uname), which account does the samba server try to authenticate? Any suggestions would be greatly appreciated. Even if it's just "We are aware of the issue, it's not functional yet, but will be by the time 1.9.19 goes into full alpha." Or Even "Do it this way idiot." Thanks, -j -- Joseph F. Dries III Lockheed Martin / EIS Government Electronic Systems / IT&P Advanced Technology/OS Group mailto:joseph.dries@lmco.com From cartegw at Eng.Auburn.EDU Wed Aug 19 21:33:49 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: SAMBA & domain References: <773702019F1DD21196ED00A0C9D6526F47B5@EXCHANGE.distribution.com> Message-ID: <35DB44BD.2B457392@eng.auburn.edu> Ryan Koski wrote: > > Hmmm... I haven't tried it yet, but what do you suppose will > happen if a user with one of the NT Dummy accounts accesses a > SAMBA server with a "homes" section? Good point. Maybe the same thign if everybody in the entire world flushed their toilets at the same time.... :) In reality if you need to serve home directories then define the path to be something like... [homes] path = /home/%U or if neccessary [homes] path =%H and set the appropriate field in /etc/passwd j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Thu Aug 20 13:14:31 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: Samba 1.9.19pre-alpha as NT domain Client References: Message-ID: <35DC2137.EA75F48@eng.auburn.edu> Dries, Joseph wrote: > > I have a situation where I need to share out UNIX user's home > directories (and other shares). I'd prefer to run Samba rather than > have to purchase, install, and support a usable NFS client on our NT > workstations. Good choice. Been there done that :) > My problem is however, that I'm not able to authenticate any > users to the samba process. I tried user names in the form of > ACCT\uname, uname, RESDOM\uname, etc. with passwords for each > user account. Set the debug level in Samba to about 20 and check for errors during the login attempt. Can you get it to work with smbclient? I assumed you were trying to map a drive from the samba share onto an NT box. > As a side note, if there is a user account in the resource domain, > and a user account in the ACCT domain, (and the user is logged into > the NTworkstation as ACCT\uname), which account does the samba server > try to authenticate? Good question? Jeremy? Luke? j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From matsaki at statcan.ca Thu Aug 20 14:15:44 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:23 2003 Subject: Bind failure in smblog and nmblog References: <35DC2137.EA75F48@eng.auburn.edu> Message-ID: <35DC2F90.2C9F@statcan.ca> I'm running Samba 1.9.19pre-alpha on an Alpha 4000 with Digital Unix 4.0D... I run Samba as a daemon (smbd -D and nmbd -D ) I'm not going through Inetd... But I keep getting bind failures in my nmblog and smblog: bind failed on port 137 socket_addr=0.0.0.0 (Address already in use) bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) When I check my /etc/services file, 137 and 139 are not being used... There are no entries for these ports... My inetd.conf has no references either... Has anyone encountered this before? Here are my smb and nmblogs: NMB log: 1998/07/29 15:04:33 netbios nameserver version 1.9.19-prealpha started Copyright Andrew Tridgell 1994-1997 Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/local/bin/samba//lib/smb.conf" doing parameter workgroup = IMAD doing parameter guest account = nobody doing parameter security = domain doing parameter password server = imad1 doing parameter encrypt passwords = yes doing parameter domain master = no doing parameter wins server = 142.205.52.11 doing parameter interfaces = 142.205.218.13/255.255.254.0 doing parameter dns proxy = no pm_process() returned Yes lp_servicenumber: couldn't find homes lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers services not loaded lp_file_list_changed() file /usr/local/bin/samba//lib/smb.conf -> /usr/local/bin/samba//lib/smb.conf last mod_time: Wed Jul 29 14:22:26 1998 codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Netbios name list:- my_netbios_names[0]="IMAPS1" lp_file_list_changed() file /usr/local/bin/samba//lib/smb.conf -> /usr/local/bin/samba//lib/smb.conf last mod_time: Wed Jul 29 14:22:26 1998 1998/07/29 15:04:33 becoming a daemon fcntl_lock 4 8 0 1 2 Lock call successful Opening sockets 137 bind failed on port 137 socket_addr=0.0.0.0 (Address already in use) bind succeeded on port 8000 SMB log: 1998/07/29 15:04:33 smbd version 1.9.19-prealpha started Copyright Andrew Tridgell 1992-1997 Maximum number of open files per session is 110 uid=0 gid=0 euid=0 egid=0 Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/local/bin/samba//lib/smb.conf" doing parameter workgroup = IMAD doing parameter guest account = nobody doing parameter security = domain doing parameter password server = imad1 doing parameter encrypt passwords = yes doing parameter domain master = no doing parameter wins server = 142.205.52.11 doing parameter interfaces = 142.205.218.13/255.255.254.0 doing parameter dns proxy = no Processing section "[matsaki]" doing parameter comment = Akira's Private Directory doing parameter path = /usr/users/matsaki doing parameter writable = yes doing parameter valid users = akirasvr doing parameter public = no doing parameter guest ok = no Processing section "[public]" doing parameter comment = IMAPS1 Apps Share doing parameter path = /usr/samba/samba1/apps doing parameter public = yes doing parameter read only = no Processing section "[tmp]" doing parameter comment = temporary files doing parameter path = /tmp doing parameter read only = yes pm_process() returned Yes lp_servicenumber: couldn't find homes lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers adding IPC service lp_file_list_changed() file /usr/local/bin/samba//lib/smb.conf -> /usr/local/bin/samba//lib/smb.conf last mod_time: Wed Jul 29 14:22:26 1998 Added interface ip=142.205.218.13 bcast=142.205.219.255 nmask=255.255.254.0 codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) string_to_sid: converted SID S-1-5-21-1570863275-431035415-1027189057 ok 1998/07/29 15:04:33 loaded services 1998/07/29 15:04:33 becoming a daemon fcntl_lock 4 8 0 1 2 Lock call successful bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) Closing connections 1998/07/29 15:04:33 Server exit (caught signal) -- * Akira Matsuno * Network Administrator / Oracle DBA * Statistics Canada * Ottawa Ontario From David.Woodhouse at mvhi.com Thu Aug 20 15:13:05 1998 From: David.Woodhouse at mvhi.com (David Woodhouse) Date: Tue Dec 2 02:24:23 2003 Subject: domain groups = "Power Users" Message-ID: I've tried the subject line on my smb.conf (with a recent CVS copy of Samba) to get the network users from the Samba PDC to be members of the "Power Users" group. With the above line in smb.conf, smbd was complaining the "Power" was not a well-known RID alias. So I ran smbd through sed "s/Power Users/Power_Users/" and edited smb.conf accordingly. Now it thinks it's telling the NT box (NT4 SP3) that I'm in the group Power Users (547 = 0x223), as far as I can tell, but said NT box still doesn't register me as being in any group but "\Everyone" Here's an extract from the debug output of smbd at level 9... getsmbfilepwent: returning passwd entry for user devel1$, uid 600 getsmbfilepwent: returning passwd entry for user devel2$, uid 601 getsmbfilepwent: returning passwd entry for user devel3$, uid 602 getsmbfilepwent: returning passwd entry for user devel4$, uid 603 getsmbfilepwent: returning passwd entry for user server$, uid 605 getsmbfilepwent: returning passwd entry for user gaet1$, uid 606 getsmbfilepwent: returning passwd entry for user angelo, uid 2000 getsmbfilepwent: returning passwd entry for user marg, uid 2001 getsmbfilepwent: returning passwd entry for user david, uid 2002 getsmbfilepwent: returning passwd entry for user marom, uid 2003 getsmbfilepwent: returning passwd entry for user gaet, uid 2004 getsmbfilepwent: returning passwd entry for user dwmw2, uid 2005 endsmbfilepwent: closed password file. Home server: server Home server: server domain group access 513/7 granted make_dom_gids: Power_Users 513/7 group id: 547 attr: 7 group id: 513 attr: 7 make_dom_sid2s: 000000 net_io_r_sam_logon 811a620 buffer_creds: 00000001 000004 smb_io_cred 000004 smb_io_chal 811a620 data: 4d df 2c 9e 80 7e 22 2c 00000c smb_io_utime 811a620 time: 00000000 811a620 switch_value: 0003 000014 lsa_io_lsa_user_info 811a620 ptr_user_info : 00000001 000018 smb_io_time time 811a620 low : ffffffff 811a620 high: 7fffffff 000020 smb_io_time time 811a620 low : ffffffff 811a620 high: 7fffffff 000028 smb_io_time time 811a620 low : ffffffff 811a620 high: 7fffffff 000030 smb_io_time time 811a620 low : ffffffff 811a620 high: 7fffffff 000038 smb_io_time time 811a620 low : ffffffff 811a620 high: 7fffffff 000040 smb_io_time time 811a620 low : ffffffff 811a620 high: 7fffffff 000048 smb_io_unihdr unihdr 811a620 uni_str_len: 000a 811a620 uni_max_len: 000a 811a620 buffer : 00000004 000050 smb_io_unihdr unihdr 811a620 uni_str_len: 000c 811a620 uni_max_len: 000c 811a620 buffer : 00000004 000058 smb_io_unihdr unihdr 811a620 uni_str_len: 0014 811a620 uni_max_len: 0014 811a620 buffer : 00000004 000060 smb_io_unihdr unihdr 811a620 uni_str_len: 002c 811a620 uni_max_len: 002c 811a620 buffer : 00000004 000068 smb_io_unihdr unihdr 811a620 uni_str_len: 001c 811a620 uni_max_len: 001c 811a620 buffer : 00000004 000070 smb_io_unihdr unihdr 811a620 uni_str_len: 0000 811a620 uni_max_len: 0000 811a620 buffer : 00000004 811a620 logon_count : 0000 811a620 bad_pw_count : 0000 811a620 user_id : 00001392 811a620 group_id : 00001393 811a620 num_groups : 00000002 811a620 buffer_groups : 00000001 811a620 user_flgs : 00000020 811a620 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000a0 smb_io_unihdr unihdr 811a620 uni_str_len: 000c 811a620 uni_max_len: 000c 811a620 buffer : 00000004 0000a8 smb_io_unihdr unihdr 811a620 uni_str_len: 000a 811a620 uni_max_len: 000a 811a620 buffer : 00000004 811a620 buffer_dom_id : 00000001 811a620 padding : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 811a620 num_other_sids: 00000000 811a620 buffer_other_sids: 00000000 0000e4 smb_io_unistr2 unistr2 811a620 uni_max_len: 00000006 811a620 undoc : 00000000 811a620 uni_str_len: 00000006 811a620 buffer : d.w.m.w.2... 0000fc smb_io_unistr2 unistr2 811a620 uni_max_len: 00000007 811a620 undoc : 00000000 811a620 uni_str_len: 00000007 811a620 buffer : N.o.b.o.d.y... 000116 smb_io_unistr2 unistr2 811a620 uni_max_len: 0000000b 811a620 undoc : 00000000 811a620 uni_str_len: 0000000b 811a620 buffer : d.e.v.e.l.8...b.a.t... 00013a smb_io_unistr2 unistr2 811a620 uni_max_len: 00000017 811a620 undoc : 00000000 811a620 uni_str_len: 00000017 811a620 buffer : \.\.s.e.r.v.e.r.\.d.w.m.w.2.\.p.r.o.f.i.l.e... 000176 smb_io_unistr2 unistr2 811a620 uni_max_len: 0000000f 811a620 undoc : 00000000 811a620 uni_str_len: 0000000f 811a620 buffer : \.\.s.e.r.v.e.r.\.d.w.m.w.2... 0001a2 smb_io_unistr2 unistr2 811a620 uni_max_len: 00000001 811a620 undoc : 00000000 811a620 uni_str_len: 00000001 811a620 buffer : .. 811a620 num_groups2 : 00000002 0001b8 smb_io_gid 811a620 g_rid: 00000223 811a620 attr : 00000007 0001c0 smb_io_gid 811a620 g_rid: 00000201 811a620 attr : 00000007 0001c8 smb_io_unistr2 unistr2 811a620 uni_max_len: 00000007 811a620 undoc : 00000000 811a620 uni_str_len: 00000007 811a620 buffer : S.E.R.V.E.R... 0001e2 smb_io_unistr2 unistr2 811a620 uni_max_len: 00000006 811a620 undoc : 00000000 811a620 uni_str_len: 00000006 811a620 buffer : A.X.I.O.M... 0001fc smb_io_dom_sid2 811a620 num_auths: 00000004 000200 smb_io_dom_sid sid 811a620 sid_rev_num: 01 811a620 num_auths : 04 811a620 id_auth[0] : 00 811a620 id_auth[1] : 00 811a620 id_auth[2] : 00 811a620 id_auth[3] : 00 811a620 id_auth[4] : 00 811a620 id_auth[5] : 05 811a620 sub_auths : 00000015 34a3888e 2915f681 0afc61bf 811a620 auth_resp : 00000001 811a620 status : 00000000 create_rpc_reply: data_start: 0 data_end: 544 max_tsize: 5680 000000 smb_io_rpc_hdr hdr 8119a40 major : 05 8119a40 minor : 00 8119a40 pkt_type : 02 8119a40 flags : 03 8119a40 pack_type : 00000010 8119a40 frag_len : 0238 8119a40 auth_len : 0000 8119a40 call_id : 00000004 000010 smb_io_rpc_hdr_resp resp 8119a40 alloc_hint: 00000220 8119a40 context_id: 0000 8119a40 cancel_ct : 00 8119a40 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..568] size=623 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=12 smb_pid=51966 smb_uid=101 smb_mid=15360 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=568 (0x238) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=568 (0x238) smb_vwv[7]=55 (0x37) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=568 write_socket(7,627) write_socket(7,627) wrote 627 got message type 0x0 of len 0x9a 1998/08/20 15:57:57 Transaction 243 of length 158 size=154 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=15424 smt_wct=13 smb_vwv[0]=255 (0xFF) smb_vwv[1]=154 (0x9A) smb_vwv[2]=61440 (0xF000) smb_vwv[3]=50 (0x32) smb_vwv[4]=1 (0x1) smb_vwv[5]=4241 (0x1091) smb_vwv[6]=0 (0x0) smb_vwv[7]=24 (0x18) smb_vwv[8]=24 (0x18) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=212 (0xD4) smb_vwv[12]=0 (0x0) smb_bcc=93 switch message SMBsesssetupX (pid 4241) chdir to /var/log unbecome_user now uid=(0,0) gid=(0,0) ---- ---- ---- David Woodhouse David.Woodhouse@mvhi.com Office: (+44) 1223 812896 Project Leader, Process Information Systems Mobile: (+44) 976 658355 Axiom (Cambridge) Ltd., Swaffham Bulbeck, Cambridge, CB5 0NA, UK. finger dwmw2@ferret.lmh.ox.ac.uk for PGP key. From cartegw at Eng.Auburn.EDU Thu Aug 20 15:24:29 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: Bind failure in smblog and nmblog References: <35DC2137.EA75F48@eng.auburn.edu> <35DC2F90.2C9F@statcan.ca> Message-ID: <35DC3FAD.B91240C3@eng.auburn.edu> Akira Matsuno wrote: > > bind failed on port 137 socket_addr=0.0.0.0 (Address already in use) > bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) > doing parameter interfaces = 142.205.218.13/255.255.254.0 ^^^ This is a strange network mask. Is that what you meant? So you would be using 9 bits for the address? j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From trep at dem.qc.ca Thu Aug 20 15:05:05 1998 From: trep at dem.qc.ca (Pierre-Jules Tremblay) Date: Tue Dec 2 02:24:23 2003 Subject: Problem saving files with recent CVS code Message-ID: <199808201505.LAA20250@ursula.dem.qc.ca> A non-text attachment was scrubbed... Name: not available Type: text Size: 619 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980820/400b7d39/attachment.bat From jallison at cthulhu.engr.sgi.com Thu Aug 20 16:48:43 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:23 2003 Subject: Samba 1.9.19pre-alpha as NT domain Client References: <35DC2137.EA75F48@eng.auburn.edu> Message-ID: <35DC536B.767F54D@engr.sgi.com> (sorry about that last truncated message - finger trouble on the send key :-). Gerald Carter wrote: > > > > As a side note, if there is a user account in the resource domain, > > and a user account in the ACCT domain, (and the user is logged into > > the NTworkstation as ACCT\uname), which account does the samba server > > try to authenticate? > > Good question? Jeremy? Luke? > The CVS code forwards both the Domain and the user name to the remote PDC/BDC - exactly as NT does. So if the Samba server is in the resource domain, and the resource PDC trusts the account PDC then the authentication should be done in the account domain. I haven't got a complex domain setup here at SGI (but the IS people are building one) so I can't test it at present - but be sure that SGI will be eating my dogfood (to use a Microsoft phrase) once we have it set up :-). Having said that, the name still (at present) has to map to a UNIX username on the local Samba server. 'Applience' mode should fix this though. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From matsaki at statcan.ca Thu Aug 20 16:55:22 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:23 2003 Subject: Bind failure in smblog and nmblog References: <35DC2137.EA75F48@eng.auburn.edu> <35DC2F90.2C9F@statcan.ca> <35DC3FAD.B91240C3@eng.auburn.edu> Message-ID: <35DC54FA.3ADA@statcan.ca> Gerald Carter wrote: > > Akira Matsuno wrote: > > > > bind failed on port 137 socket_addr=0.0.0.0 (Address already in use) > > bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) > > > > doing parameter interfaces = 142.205.218.13/255.255.254.0 > ^^^ > This is a strange network mask. Is that what you meant? So you would > be using 9 bits for the address? > Yes.. Our network is divided into many different subnets.. The network infrastructure group decided on it.. gives us more subnets.. and the number of hosts is acceptable with room for growth... You think it may be a problem with the IP config? -- * Akira Matsuno * Network Administrator / Oracle DBA * Statistics Canada * Ottawa Ontario From bpolster at gmx.de Thu Aug 20 20:05:46 1998 From: bpolster at gmx.de (Bernd Polster) Date: Tue Dec 2 02:24:23 2003 Subject: NT4SP3 german @ samba 2.0.0 prealpha Message-ID: <000101bdcc75$eae10fa0$eeb3e7c2@obelix> I installed the samba 2.0.0 prealpha from the cvs server. Now I have the problem, that office 97 programs like word and excel 97 can't store files on samba shares (message: disk full). Bernd From mhaigh at village.vut.edu.au Fri Aug 21 01:19:18 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:23 2003 Subject: Login process fails Message-ID: <35DCCB16.FB7680AE@village.vut.edu.au> Hi All. I'm trying to use the latest CVS source (downloaded 9.30am Friday, August 21 EST) with Win NT4.0 build 1381 SP3. When logging in to the Samba server I get the following on the NT box. STOP: c000021a {Fatal System Error} The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000) The system has been shutdown. This occurs whenever the NT box tries to download files from the server as part of the logon (user profile or system policy). The samba logs (set to 10) don't show anything obviously wrong, but I'm not really familiar enough with Samba to recognise a problem. I've seen a couple of other messages of this sort posted to samba and samba-ntdom, but I haven't seen any such discussion on samba-technical. Could someone let me know if they have found a way around the problem, or if this is known to be broken as part of the implementation of the ntrpc calls. Thanks. Mick -------------- next part -------------- A non-text attachment was scrubbed... Name: rooter.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Mick Haigh Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980821/400daf37/rooter.vcf From joseph.dries at lmco.com Fri Aug 21 01:30:49 1998 From: joseph.dries at lmco.com (Dries, Joseph) Date: Tue Dec 2 02:24:23 2003 Subject: Samba 1.9.19pre-alpha as NT domain Client Message-ID: Sorry in advance for being verbose... > -----Original Message----- > From: Jeremy Allison [SMTP:jallison@cthulhu.engr.sgi.com] > Sent: Thursday, August 20, 1998 12:49 PM > To: Multiple recipients of list > Subject: Re: Samba 1.9.19pre-alpha as NT domain Client > > Gerald Carter wrote: > > > > > > > As a side note, if there is a user account in the resource domain, > > > and a user account in the ACCT domain, (and the user is logged into > > > the NTworkstation as ACCT\uname), which account does the samba server > > > try to authenticate? > > > > Good question? Jeremy? Luke? > > The CVS code forwards both the Domain and the user name > to the remote PDC/BDC - exactly as NT does. So if the Samba > server is in the resource domain, and the resource PDC trusts > the account PDC then the authentication should be done in > the account domain. I haven't got a complex domain setup > here at SGI (but the IS people are building one) so I can't > test it at present - but be sure that SGI will be eating > my dogfood (to use a Microsoft phrase) once we have it set > up :-). > Hmmm. I managed to get everything working today. What ended up happening, and why the last question I asked, and you answered above, was important is this: I had an account in both the ACCT domain, and the RESOURCE domains. The accounts had the same NT account name. But they had different passwords. This normally wasn't an issue, I can normally log into RES domain resources w/o problems using my ACCT\uname account. Naturally I could access RES resources with my RES\uname account. I could NOT access any Samba shared resources with my account however, neither the RES\uname nor the ACCT\uname. When I was prompted for an account and logon, when I entered RES\uname it gave me an error about Credentials being different. When I entered just my account name, it just gave me access denied. When I entered ACCT\uname (which I was logged in as on the NTW) it also gave me access denied. I then logged into RES\uname and changed the password to match that of my ACCT\uname. From then on the Samba share worked. It also works for ACCT\uname accounts that don't have a matching RES\uname account, or ACCT\uname accounts that had a matching RES\uname and synchronized passwords. Therefore it sounds as if something isn't being done quite right. Normal NTS and NTW machines could differentiate between my ACCT\uname and RES\uname accounts, but the Samba CVS code didn't seem to. I have my work around right now. Have accounts exist in EITHER RES\uname, or ACCT\uname form. Or if it exists in both, make sure the passwords are synchronized. However that's not the correct behavior. I did notice on our Network Appliance Filer (OS ver 5.1R1) that in the /etc/usermap.cfg file you can specify DOM\uname in the Unix<->NT name mapping. Is that something that can be done in the smbusers file, or rather something that _should_ be done? I do the DOM\uname mapping on my NetApp, but in the Samba smbusers files I just list the NT account names in uname form, not DOM\uname form. > Having said that, the name still (at present) has to map > to a UNIX username on the local Samba server. 'Applience' > mode should fix this though. > Username mapping is not an issue for me, I have a process to take care of that. What is "Applience" mode, however? I'm not familiar with that terminology. From jallison at cthulhu.engr.sgi.com Fri Aug 21 01:51:51 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:23 2003 Subject: Samba 1.9.19pre-alpha as NT domain Client References: Message-ID: <35DCD2B7.A8836903@engr.sgi.com> Dries, Joseph wrote: > > I then logged into RES\uname and changed the password to match that > of my ACCT\uname. From then on the Samba share worked. It also works for > ACCT\uname accounts that don't have a matching RES\uname account, or > ACCT\uname accounts that had a matching RES\uname and synchronized > passwords. > > Therefore it sounds as if something isn't being done quite right. > Normal NTS and NTW machines could differentiate between my ACCT\uname and > RES\uname accounts, but the Samba CVS code didn't seem to. I have my work > around right now. Have accounts exist in EITHER RES\uname, or ACCT\uname > form. Or if it exists in both, make sure the passwords are synchronized. > However that's not the correct behavior. > That's an interesting observation. It works in the case where the username doesn't exist in the resource domain. Hmmmmmm. The CVS code just passes the given domain (ACCT in this case) to the RES domain PDC for authenticaiton, as a network login. We don't do anything special. > I did notice on our Network Appliance Filer (OS ver 5.1R1) that in > the /etc/usermap.cfg file you can specify DOM\uname in the Unix<->NT name > mapping. Is that something that can be done in the smbusers file, or rather > something that _should_ be done? I do the DOM\uname mapping on my NetApp, > but in the Samba smbusers files I just list the NT account names in uname > form, not DOM\uname form. > That's something we may want to look at later, but for now the server code is doing the correct thing, that is to pass on the given domain to the PDC. The issue is why the PDC thinks it's a RES account when the ACCT username matches one in the RES domain. I'll have to look at the network login packets an NT server generates in the same scenario - could you capture them for me with netmon or tcpdump and send them to me at jallison@engr.sgi.com, that would help greatly. Remember it's the packets between the server in the RES domain you're accessing (for the first time since you logged onto your workstation) and the RES domain PDC I need to see, not the packets between your workstation and the RES server your're accessing. > > > Username mapping is not an issue for me, I have a process to take > care of that. What is "Applience" mode, however? I'm not familiar with that > terminology. A mode where Samba doesn't need local unix users. Not coded up yet but planned soon. Vendors of Samba 'Appliences' love this idea :-). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From thwartedefforts at wonky.org Fri Aug 21 14:54:32 1998 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:23 2003 Subject: auth via security = server and "Domain Users" group Message-ID: <19980821145432.8367.cpmta@fillmore.criticalpath.net> On Thu, 20 August 1998, Adrian Hungate wrote: > This is correct and expected operation AFAIK, if you are not in "Domain > Users" you are not a valid user of the domain, and an attempt to log in > from the domain is therefore invalid. > > Hope this is clearer to you than it is to me... Actually, it's not, since those users were able to login to the domain from their workstations, which is why it was so goofy that the server wouldn't auth for samba for users it would auth otherwise. Andy. From mk at quadstone.com Fri Aug 21 17:24:42 1998 From: mk at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:24:23 2003 Subject: problems accessing other samba machine Message-ID: <12725.199808211724@subnode.quadstone.com> Hi, Our PDC (Solaris 2.6) is running Samba v19-prealpha. All users can access this machine from the browse list. We also have another Solaris 2.6 machine running samba v18p8. This is the print server. Users who are domain administrators can access this machine from the browse list, if you're not an administrator and double click on the machine (wallace) it gives the error: \\wallace is not accessible Access is denied. Is this a feature, or is there a problem with by Samba setup? Micjhael _________ Michael Keightley Email: mk@quadstone.com Systems Manager Tel: +44 131 220 4491 Quadstone Ltd Fax: +44 131 220 4492 16 Chester Street Edinburgh EH3 7RA, Scotland From cly at sunshine.bke.hu Sun Aug 23 20:07:50 1998 From: cly at sunshine.bke.hu (Dobos Sanyi) Date: Tue Dec 2 02:24:23 2003 Subject: profiles problem References: <19980820080940Z12663733-7009+443@samba.anu.edu.au> Message-ID: <35E07696.80A2CCC1@sunshine.bke.hu> I wrote some NT login crash methods before, lets look at some plus info on NTs login with profiles. logon path set to \\servername\profile\%U\profile where the first 'profile' is a share 1. If there isnt any 'username'directory in share, NT creates one, putting into it a 'profile' file with zero length. At second login he creates a 'profile.pds' file again with zero length Both times and further NT creates a local profile, and uses it (I turned out the local profile cacheing in policies (they work!)) 2. If I create the 'username' directory, NT does the same thing, exept the creating the 'username' directory 3. If I create the 'profile' or profile.pds' files or directories (all variant tried I think...) in the 'username directory, NT uses (and creates ever again) the local profiles; nothing will be copied to server. 4. !!!!!!!!BUT!!!!!!!!!! If there is a 'username/profile' path (all directories) while NT logs in, and I rename the 'profile' directory to 'profile.pds' before NT logs out, NT creates again the 'profile' directory and copies the user's profile to it while logs out!!! After that, the 'profile.pds' directory could be removed, and NT uses the 'profile' directory! Why is this????? HELPHELPHELPHELP!!!! AND if somebody can tell me, how to automatise this (at least: renaming a directory on server AFTER the user logged into NT, but BEFORE he logs out) PLEASE do it! TELL ME! Thanx Cly (I use the 23th Aug CVS 2.0.0prealpha code of samba) From Ryan at US.Distribution.com Mon Aug 24 14:32:38 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:23 2003 Subject: Office97 & CVS code Message-ID: <773702019F1DD21196ED00A0C9D6526F47BF@EXCHANGE.distribution.com> Hello... I have noticed a couple reports of users not being able to save Office97 files (or, at least, Word & Excel) to a SAMBA share. Add my name to the list. I'm running the pre-alpha code current as of this morning (8/24/98). I've also noticed that no one on the SAMBA team has responded to any of these reports yet. Any ideas guys? Thanks! Ryan Koski Management Information Systems Distribution Architects International From cartegw at Eng.Auburn.EDU Mon Aug 24 15:04:15 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:23 2003 Subject: Office97 & CVS code References: <773702019F1DD21196ED00A0C9D6526F47BF@EXCHANGE.distribution.com> Message-ID: <35E180EF.47E96B7B@eng.auburn.edu> Ryan Koski wrote: > I have noticed a couple reports of users not being able to save > Office97 files (or, at least, Word & Excel) to a SAMBA share. Add my > name to the list. I'm running the pre-alpha code current as of this > morning (8/24/98). > > I've also noticed that no one on the SAMBA team has responded to any > of these reports yet. Any ideas guys? I'll get a netmon trace of it today. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dave at www.buffalostate.edu Mon Aug 24 15:34:39 1998 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:24:23 2003 Subject: Office97 & CVS code In-Reply-To: <773702019F1DD21196ED00A0C9D6526F47BF@EXCHANGE.distribution.com> Message-ID: > > I have noticed a couple reports of users not being able to save Office97 > files (or, at least, Word & Excel) to a SAMBA share. Add my name to the > list. I'm running the pre-alpha code current as of this morning (8/24/98). > > I've also noticed that no one on the SAMBA team has responded to any of > these reports yet. Any ideas guys? I'm getting a few complaints like this on Samba 1.9.18p8 from Windows NT 4.0 with SP3 users ONLY. (windows NT says their Home dir is "read-only", while win95 or NT 3.51 work perfectl;y fine..) any ideas?? dave From andrew.seabolt at prudential.com Mon Aug 24 15:55:24 1998 From: andrew.seabolt at prudential.com (Andrew Seabolt) Date: Tue Dec 2 02:24:23 2003 Subject: Weird behavior with WINS replication Message-ID: <8525666A.0057B925.00@njros1ngw09.metro.prudential.com> Okay, you remember my strange problems with WINS and domain authentication? Well, I've fixed it. How? On the PDC, I went into the WINS manager and actually deleted the second WINS server entry. Suddenly the PDC will accept the login and the logs now show a successful lookup for WARLORD the PDC on all SAMBA servers. Can someone tell me what this is all about? Andy From harper at banks.scar.utoronto.ca Mon Aug 24 16:23:52 1998 From: harper at banks.scar.utoronto.ca (John Harper) Date: Tue Dec 2 02:24:23 2003 Subject: (no)logon when PDC down Message-ID: <35E19398.6F7@lake.scar.utoronto.ca> When a recent CVS version of the pre-alpha code failed to work as a PDC I found to my surprise that my domain logon proceeded anyway. The client kindly told me it couldn't find a PDC, and used a local profile instead. While I'm sure this is very helpful, the whole point of authenticating (for me) is to ensure only authorized users get access to the machines, and that logs are kept of those who do logon. If you really want to play games, all you have to do is pull out the network cable, logon unauthenticated, plug it back and away you go... I've checked around, and I can't seem to discover if there is a registry hack to disable this "feature". Does anyone know how to disable domain logins when the PDC is down? Thanks John Harper ------------------------------------ Academic Computing Coordinator University of Toronto at Scarborough harper@scar.utoronto.ca From icoupeau at unav.es Mon Aug 24 16:32:23 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:24 2003 Subject: Bug? Message-ID: <35E19597.2E1FF1B5@unav.es> Hello, I'm testing the latest CVS I have (980824,17:30 WET) in a pentium with RedHat 5.1 (kernel 2.0.34). I found the login now runs well, but in some situations a message appears in the NT WS 4.0 (SP3) sounds like: can't write in C:\Winnt\profiles\default user\ or can't load your profile... I found with several users the following piece of log: ------- [1998/08/24 18:21:31, 3] smbd/process.c:switch_message(370) switch message SMBtrans2 (pid 3179) [1998/08/24 18:21:31, 5] smbd/uid.c:become_user(293) become_user uid=(0,505) gid=(99,99) [1998/08/24 18:21:31, 3] lib/util.c:ChDir(1204) chdir to /home/www [1998/08/24 18:21:31, 3] lib/util.c:unix_clean_name(1163) unix_clean_name [./??/C:/WINNT40/system32/userinit.exe] [1998/08/24 18:21:31, 5] smbd/mangle.c:is_8_3(334) Checking userinit.exe for 8.3 [1998/08/24 18:21:31, 5] smbd/filename.c:unix_convert(178) unix_convert(??/C:/WINNT40/system32/userinit.exe) [1998/08/24 18:21:31, 5] smbd/filename.c:unix_convert(256) Intermediate not found ?? [1998/08/24 18:21:31, 3] lib/util.c:unix_clean_name(1163) unix_clean_name [??/C:/WINNT40/system32/userinit.exe] [1998/08/24 18:21:31, 3] smbd/trans2.c:call_trans2qfilepathinfo(1230) fileinfo of ??/C:/WINNT40/system32/userinit.exe failed (No such file or directory) [1998/08/24 18:21:31, 3] smbd/error.c:error_packet(138) error packet at line 1236 cmd=50 (SMBtrans2) eclass=1 ecode=3 [1998/08/24 18:21:31, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1998/08/24 18:21:31, 5] lib/util.c:show_msg(975) size=35 smb_com=0x32 smb_rcls=1 ------- thx. Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From jallison at cthulhu.engr.sgi.com Mon Aug 24 19:06:48 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:24 2003 Subject: Office97 & CVS code References: Message-ID: <35E1B9C8.84D7C57B@engr.sgi.com> Dave J. Andruczyk wrote: > > > > > I have noticed a couple reports of users not being able to save Office97 > > files (or, at least, Word & Excel) to a SAMBA share. Add my name to the > > list. I'm running the pre-alpha code current as of this morning (8/24/98). > > > > I've also noticed that no one on the SAMBA team has responded to any of > > these reports yet. Any ideas guys? > > I'm getting a few complaints like this on Samba 1.9.18p8 from Windows NT > 4.0 with SP3 users ONLY. (windows NT says their Home dir is "read-only", > while win95 or NT 3.51 work perfectl;y fine..) > None - but I'd love to see a netmon trace of it working correctly, and also of it being reported 'read only'. This sounds similar to the "AutoCAD 14" problem, which still elludes me..... Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Ryan at US.Distribution.com Mon Aug 24 19:53:26 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:24 2003 Subject: Office97 & CVS code Message-ID: <773702019F1DD21196ED00A0C9D6526F47C4@EXCHANGE.distribution.com> As a test, I tried setting all my masks (including the forced ones) to 777, and restarting samba. This didn't fix the problem. :-( Ryan Koski Management Information Systems Distribution Architects International -----Original Message----- From: John Harper [mailto:harper@banks.scar.utoronto.ca] Sent: Monday, August 24, 1998 9:37 AM To: Ryan Koski Subject: Re: Office97 & CVS code > I have noticed a couple reports of users not being able to save > Office97 files (or, at least, Word & Excel) to a SAMBA share. Add my > name to the list. I'm running the pre-alpha code current as of this > morning (8/24/98). > > I've also noticed that no one on the SAMBA team has responded to any > of these reports yet. Any ideas guys? I'm wondering if you changed the value of the create mask parameter? I found if you take out the user-execute bits, then Word cannot set the archive bit which it seems to want to do on some files, it then complains a lot. John Harper ------------------------------------ Academic Computing Coordinator University of Toronto at Scarborough harper@scar.utoronto.ca From jallison at cthulhu.engr.sgi.com Mon Aug 24 20:27:43 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:24 2003 Subject: Office97 & CVS code References: <773702019F1DD21196ED00A0C9D6526F47BF@EXCHANGE.distribution.com> Message-ID: <35E1CCBF.66F1C7D8@engr.sgi.com> Ryan Koski wrote: > > Hello... > > I have noticed a couple reports of users not being able to save Office97 > files (or, at least, Word & Excel) to a SAMBA share. Add my name to the > list. I'm running the pre-alpha code current as of this morning (8/24/98). > > I've also noticed that no one on the SAMBA team has responded to any of > these reports yet. Any ideas guys? > Can you send in a netmon capture (or failing that a debug level 10) of it succeeding and then failing. It'd be nice to compate the two. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From smurf at smurfsoft.dauenhauer.de Mon Aug 24 22:12:57 1998 From: smurf at smurfsoft.dauenhauer.de (Christian Kumpf) Date: Tue Dec 2 02:24:24 2003 Subject: (no)logon when PDC down In-Reply-To: <35E19398.6F7@lake.scar.utoronto.ca> from "John Harper" at Aug 25, 98 02:39:45 am Message-ID: <199808242212.AAA18233@smurfsoft.dauenhauer.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 909 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980825/9df86c99/attachment.bat From paul at argo.demon.co.uk Mon Aug 24 22:13:04 1998 From: paul at argo.demon.co.uk (Paul Ashton) Date: Tue Dec 2 02:24:24 2003 Subject: (no)logon when PDC down In-Reply-To: Your message of "Tue, 25 Aug 1998 02:39:52 +1000." <35E19398.6F7@lake.scar.utoronto.ca> Message-ID: <199808242313.AAA06208@argo.demon.co.uk> > When a recent CVS version of the pre-alpha code failed to work as a PDC > I found to my surprise that my domain logon proceeded anyway > I've checked around, and I can't seem to discover if there is a > registry hack to disable this "feature". Does anyone know how to > disable domain logins when the PDC is down? Something like: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=0 Paul From mhaigh at village.vut.edu.au Tue Aug 25 00:15:51 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:24 2003 Subject: (no)logon when PDC down References: <35E19398.6F7@lake.scar.utoronto.ca> Message-ID: <35E20237.8357A2B2@village.vut.edu.au> John Harper wrote: > When a recent CVS version of the pre-alpha code failed to work as a PDC > I found to my surprise that my domain logon proceeded anyway. The > client kindly told me it couldn't find a PDC, and used a local profile > instead. While I'm sure this is very helpful, the whole point of > authenticating (for me) is to ensure only authorized users get access > to the machines, and that logs are kept of those who do logon. > If you really want to play games, all you have to do is pull out the > network cable, logon unauthenticated, plug it back and away you go... > > I've checked around, and I can't seem to discover if there is a > registry hack to disable this "feature". Does anyone know how to > disable domain logins when the PDC is down? Use system policies. Fire up poledit and create a new policy, save it to ///netlogon/NTconfig.POL. Somewhere in the policy settings there is an option not to allow logons without authentication. Same applies for Win95 except the file is called config.POL Mail me if you need more details. Mick From jallison at cthulhu.engr.sgi.com Tue Aug 25 02:48:30 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:24 2003 Subject: Office97 file/save problem References: <773702019F1DD21196ED00A0C9D6526F47C7@EXCHANGE.distribution.com> Message-ID: <35E225FE.BC1AA83E@engr.sgi.com> Ryan, Do a CVS update and re-make. It should work now (it does here and I was able to reproduce your bug). The problem was once you start telling NT you do NT SMB calls it expects to be able to send a trans2::SMB_SET_FILE_ALLOCATION_INFO (and also a set delete attribute) successfully - we were returning "not implemented". Thanks for the logfile - I couldn't have fixed it without it. I will do the delete attribute code soon (not a problem for MS Office though). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From daniel at med.up.pt Tue Aug 25 10:19:17 1998 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:24:24 2003 Subject: (no)logon when PDC down In-Reply-To: <35E20237.8357A2B2@village.vut.edu.au> Message-ID: On Tue, 25 Aug 1998, Mick Haigh wrote: > > I've checked around, and I can't seem to discover if there is a > > registry hack to disable this "feature". Does anyone know how to > > disable domain logins when the PDC is down? > > Use system policies. Fire up poledit and create a new policy, save it to > ///netlogon/NTconfig.POL. Somewhere in the policy settings there > is an option not to allow logons without authentication. Same applies for > Win95 except the file is called config.POL As to what concerns Windows 95 (don't know about 98 but it should be the same) there's a hack (surprised?) that can bypass that registry entry. Some 2 years ago I tried to make Windows 95 login as full bullet proof as I could, in the Oporto Cibercafe (http://www.cibercafe.pt) Here's the gory detail: While at the logon prompt in 95 if you press that wonderful little Window key (for those with a 95 Keyboard), it brings up TaskManager and you can Run any application you like, via the "Run" command. If you choose to Run Explorer.exe it will start up the desktop for you (surprise!) and everything except the network shares will be available. Here's what I did: Deleted/Renamed TASKMAN.EXE (anything goes) and as far as I can tell (for 2 years now) everything works; even the taskmanager itself after the login (suppose it must be within explorer, at that time). The only thing I couldn't secure was if you changed the Domain to some unexistent one, Windows 95 would complaint it didn't exist and *voila'* here's a desktop for you... :( (fortunately, nobody remembered to do this) Is there another registry entry for not allowing in when there's no PDC (like this last mail on the list - "CachedLogonsCount" for NT), for windows 95/98? Cheers, Daniel Fonseca BTW, don't you think that samba is getting just *too* much options? :) (started to implement a samba server from scratch, in a company yesterday, and had to go through a very big smb.conf man page!) My question is: Has anyone started an interface to help configure samba, or can I be the one? (All help apreciated, of course - I'm thinking of Tcl/Tk for wider platforms). From umbertog at usp.br Tue Aug 25 12:22:16 1998 From: umbertog at usp.br (Umberto) Date: Tue Dec 2 02:24:24 2003 Subject: NT4.0W + Samba Authentication Message-ID: <35E2AC77.DF68AFE5@usp.br> I have NT 4.0 Workstation client of the SAMBA series 19-alpha (last version on site) on Linux RED HAT 5.0 and get failures : 1- Driver's mapping shown 2 or more drivers and the correct is only one. 2- Error's profiles . I need of new patch or version (release) or solution . Thanks! From icoupeau at unav.es Tue Aug 25 11:40:03 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:24 2003 Subject: NT4.0W + Samba Authentication References: <35E2AC77.DF68AFE5@usp.br> Message-ID: <35E2A293.BA6684B@unav.es> Umberto wrote: > > I have NT 4.0 Workstation client of the SAMBA series 19-alpha (last > version on site) on Linux > RED HAT 5.0 and get failures : 1- Driver's mapping shown 2 or more > drivers and the correct > is only one. 2- Error's profiles . I need of new patch or version > (release) or solution . > Thanks! Please, look at: http://samba.anu.edu.au/cvs.html for the latest code or try this: ftp:/ftp.eng.auburn.edu/pub/cartegw/samba-1.9.19-prealpha.tar.gz I have the 1.19.9 in a classroom and runs fine, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From Jean-Francois.Micouleau at utc.fr Tue Aug 25 12:10:33 1998 From: Jean-Francois.Micouleau at utc.fr (Jean-Francois Micouleau) Date: Tue Dec 2 02:24:24 2003 Subject: (no)logon when PDC down In-Reply-To: Message-ID: On Tue, 25 Aug 1998, Daniel Fonseca wrote: > BTW, don't you think that samba is getting just *too* much options? :) > (started to implement a samba server from scratch, in a company yesterday, > and had to go through a very big smb.conf man page!) My question is: Has > anyone started an interface to help configure samba, or can I be the one? > (All help apreciated, of course - I'm thinking of Tcl/Tk for wider > platforms). Look at swat, included with samba. It includes its own http server. J.F. ----------------------------------------------------------- Pinky: "What are we going to do tonight, Brain?" Brain: "The same thing we do every night, Pinky : try to install Windows NT !" ----------------------------------------------------------- From agerhard at amandy.redealuno.usp.br Tue Aug 25 14:04:42 1998 From: agerhard at amandy.redealuno.usp.br (Andre Gerhard) Date: Tue Dec 2 02:24:24 2003 Subject: pidfile_create error in nmbd Message-ID: <35E2C47A.1A1@amandy.redealuno.usp.br> Hello ... I am using the latest samba NTDOMAIN release, source code obtained by cvs. My server runs the Linux Redhat 5.0 O.S., with kernel 2.0.35. When starting the nmbd daemon (via inetd), I am getting the following error message in syslog: [1998/08/25 10:38:46, 0] lib/pidfile.c:pidfile_create(83) ERROR: nmbd : fcntl lock of file /usr/local/samba/var/locks/nmbd.pid failed. Error was No such file or directory The result is that nmbd is not started, so no Samba ... But the file nmbd.pid is being created, it appears in the /usr/local/samba/var/locks directory, with a size of 0. Does anyone have a solution to this problem ? Thanks in advance, Andre Gerhard Systems/Network Administrator Universidade de Sao Paulo - SP - Brazil From Ryan at US.Distribution.com Tue Aug 25 14:45:51 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:24 2003 Subject: Office97 file/save problem Message-ID: <773702019F1DD21196ED00A0C9D6526F47C8@EXCHANGE.distribution.com> You folks do awesome work! :-) Thanks a lot for the fix. "I have a dream... I have a dream where one day, even the largest of software companies will be able to provide same-day turnaround on bug fixes. I have a dream where someday, all applications will be judged not on the persuasiveness of a marketing machine, but on the content of their code..." ;-) Ryan Koski Management Information Systems Distribution Architects International -----Original Message----- From: Jeremy Allison [mailto:jallison@cthulhu.engr.sgi.com] Sent: Monday, August 24, 1998 7:56 PM To: Multiple recipients of list Subject: Re: Office97 file/save problem Ryan, Do a CVS update and re-make. It should work now (it does here and I was able to reproduce your bug). The problem was once you start telling NT you do NT SMB calls it expects to be able to send a trans2::SMB_SET_FILE_ALLOCATION_INFO (and also a set delete attribute) successfully - we were returning "not implemented". Thanks for the logfile - I couldn't have fixed it without it. I will do the delete attribute code soon (not a problem for MS Office though). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Ryan at US.Distribution.com Tue Aug 25 22:55:41 1998 From: Ryan at US.Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:24 2003 Subject: DG/UX 5.4R3.10 Message-ID: <773702019F1DD21196ED00A0C9D6526F47D4@EXCHANGE.distribution.com> Hello... I sent a message to the list earlier about this OS, but haven't seen it show up yet. At any rate, I have more information now anyway: I did a complete get of the CVS code this morning to an older Data General AviiON 88k processor based box running DG/UX 5.4R3.10. If I simply run ./configure and make, then the following compile warnings appear: Compiling smbd/server.c Compiling smbd/files.c Compiling smbd/chgpasswd.c smbd/chgpasswd.c: In function `findpty': smbd/chgpasswd.c:71: warning: assignment makes pointer from integer without a cast Compiling smbd/connection.c Compiling smbd/dfree.c smbd/dfree.c: In function `fsusage': smbd/dfree.c:165: warning: passing arg 1 of `statvfs' discards `const' from pointer target type Compiling smbd/dir.c By inspecting the code around those line numbers, I determined that the HAVE_GRANTPT and STAT_STATVFS flags were causing the problems. I commented out those defines in config.h, did a make clean and a make. This resulted in a completely clean build. I bring the daemons up and try to connect to the only service I have defined. The following shows up in my smb.log: [1998/08/25 14:38:26, 1] smbd/server.c:main(630) smbd version 2.0.0-prealpha started. Copyright Andrew Tridgell 1992-1997 [1998/08/25 14:38:31, 1] smbd/service.c:make_connection(482) rkoski (hidden) connect to service U1 as user ryan (uid=477, gid=200) (pid 16589) [1998/08/25 14:38:31, 0] smbd/dfree.c:disk_free(204) WARNING: dfree is broken on this system Obviously, this is somehow related to the dfree.c problem above. If I leave the define for STAT_STATVFS in config.h, do a make clean and a make (and live with the compile time warning), the resulting smbd appears to work normally (no dfree error in the log and the disk free space is correctly reported in Explorer). Still, warnings make me nervous and I'd prefer a completely clean build. The fact that dfree works properly despite the compile warning (and gives erroneous reports of disk free space on a "clean" build) makes me wonder about the chgpasswd.c warning. Perhaps I should leave HAVE_GRANTPT defined? Ryan Koski Management Information Systems Distribution Architects International From ccalculo at aero.upm.es Wed Aug 26 12:05:05 1998 From: ccalculo at aero.upm.es (Centro de Calculo) Date: Tue Dec 2 02:24:24 2003 Subject: Roaming Profiles Message-ID: <35E3F9F1.FF853F6@aero.upm.es> As this is my first posting, I would like to thank to all the Samba team for the great job. I am Working with the CVS Code from 25 august 1998. 1) When a new user logs to NT Wks 4, SAMBA creates a FILE (not a directory), with the name of the user and 0 lenght, owned by the user with perms 0744. NT says more or less (translated from spanish) "Your profile is not available. You will start with a local one" 2) When this same user logs again, then another file is created on SAMBA named .pds again owned by him and with perms. 0744. Win NT displays the same message, but remains waiting for 30 second unless you press the OK button. 3) If I delete the username file from SAMBA and create instead a Directory with the same name and perms 0755 then everything works. Couldn't Samba create a Directory instead of a file? Is this a bug or am I wrong? Thank you very much, Marcos --------------------- Centro de Calculo ETSI Aeronauticos U.P.M. E-mail: ccalculo@aero.upm.es Tfno: 91-336.62.87 From cartegw at Eng.Auburn.EDU Wed Aug 26 13:13:36 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:24 2003 Subject: Roaming Profiles In-Reply-To: <35E3F9F1.FF853F6@aero.upm.es> Message-ID: On Wed, 26 Aug 1998, Centro de Calculo wrote: > Couldn't Samba create a Directory instead of a file? Is this a bug or am > I wrong? Although I have never had a problem with roaming profiles under NT / Samba PDC setup, many people have posted about this. What I have done is to specify a "root preexec" script that runs once access to a [profile] share The script creates a \\server\profile\ directory if it does not exist. This is fully automatic on the back end so you don't need to worry about individual users. Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dave at www.buffalostate.edu Wed Aug 26 16:23:10 1998 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:24:24 2003 Subject: Problems with NT4.0 and samab 1.9.18p8 Message-ID: Here's an excerpt from one of our users who has been having a hell of a time with Windows NT 4.0 (SP3, Office97 patched), with access to his home directory on our main server. It appears when he connects from NT, the dir is "read-only", and he can't rename files, or create anything, but under Windoze 95 everything works normally.. I have a a log file of it, but I don't think you want a 200K log file sent to the list.. When I looked thru the log for some reason I see a lot of "chdir /home/dave" lines. (my username on the system is dave), I donno why those are in there, when I wasn't even connecting. Can this be fixed, by changing the "announce version" parameter in smb.conf to say that the server is "win95" ?? Excerpt from the disgruntled user: >Then I tried \\butler\wertzcj and filled wertzcj in on the "connect as" box >of the map network drive dialogue. In this case, it then asked for my >password. I filled it in and connected fine. >I am, however, still connected read only. If I try to alter the directory >or file attributes from NT, it say "unable to ...." Dave J. Andruczyk Linux Systems Admin Buffalo State College From svedja at lysator.liu.se Thu Aug 27 10:02:58 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:24 2003 Subject: NTDOM: api_fd_reply: INVALID PIPE HANDLE: Message-ID: What: Samba Domain login problem: [1998/08/26 16:07:23, 1] smbd/server.c:main(630) smbd version 2.0.0-prealpha started. Copyright Andrew Tridgell 1992-1997 Server is running on solaris_x86 2.6 with all patches in. Login in to server from Windows 95 is OK. Joining Domain on WindowsNT4 (sp3) is OK. The problem is when I try to login as domain-user from NT4. The login fail with error nonexisting systems computer account or incorrects password password. The error log in log.machine-name is: [1998/08/26 16:10:31, 1] smbd/ipc.c:api_fd_reply(3424) api_fd_reply: INVALID PIPE HANDLE: 702e more exactly: [1998/08/27 09:48:43, 3] smbd/ipc.c:named_pipe(3593) named pipe command on <> name [1998/08/27 09:48:43, 5] smbd/ipc.c:api_fd_reply(3370) api_fd_reply [1998/08/27 09:48:43, 1] smbd/ipc.c:api_fd_reply(3424) api_fd_reply: INVALID PIPE HANDLE: 7004 [1998/08/27 09:48:43, 3] smbd/ipc.c:api_no_reply(3345) Unsupported API fd command [1998/08/27 09:48:43, 5] smbd/ipc.c:copy_trans_params_and_data(151) copy_trans_params_and_data: params[0..4] data[0..0] connecting to the server and user on server is OK if logged in localy on NT4 but domain login doesn't work. from smbpasswd: vallaw95$:999:119663F2DA3A90559C5014AE4718A7EE:E31E085C17C648319F10F9CAAD32940F:[W]:LCT-35E3DDA0: vallan00$:900:AC3B74B0941B4DA8F36355E5D9711AF1:AC3B74B0941B4DA8F36355E5D9711AF1:[W]:LCT-35E3DDA8: h first is win95 and I successfully use domains there. The other is NT4 and on that domain-login doesn't work. Dejan From j.c.burton at gats.hampton.va.us Fri Aug 28 19:42:24 1998 From: j.c.burton at gats.hampton.va.us (John Burton) Date: Tue Dec 2 02:24:24 2003 Subject: SUBSCRIBE Message-ID: <35E70820.98AA6F1B@gats.hampton.va.us> SUBSCRIBE -- John Burton GATS, Inc. j.c.burton@gats.hampton.va.us 28 Research Drive jcb@visi.net (home) Hampton, VA 23666 (757) 865-7491 (voice) (757) 865-1021 (fax) From matsaki at statcan.ca Fri Aug 28 20:11:52 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:24 2003 Subject: NT Authentication not working? References: Message-ID: <35E70F08.413A@statcan.ca> I am getting an error when I try to connect to a Samba share from my NT workstation.. It comes up with Network Error 2108 occurred... This happens when I'm logged into the NT Workstation with one account, and try to connect to a private Samba share using a different account. (I have created the unix accounts from Jerry's NT2PASSWD perl script with no problems.. thanx Jerry :) Eg. NT Logon Userid: matsaki and in File Manager, I map drive F: Path: \\IMAPS1\villenh Connnect as: villenh I supply the correct password for villenh , but I get the Network Error 2108... If I cancel out of the map network drive, I find that it did actually do the mapping, because I can see the shared F directory... I looked in the smb log file, but am not sure what is going on here, and would appreciate if someone could maybe explain to me what is happening? I have no idea what Network Error 2108 is, and have checked the Technet, but found nothing... Looking at the log, I can only guess that I have a problem with my smbpasswd file??? If I login to the NT box with villenh, I don't have any problems mapping to the share....ie . no errors with this method.. Here is my smb log: 1998/08/28 15:50:00 Transaction 39 of length 191 switch message SMBsesssetupX (pid 2872) Domain=[IMAD] NativeOS=[Windows NT 1381] NativeLanMan=[] sesssetupX:name=[villenh] password server IMAD1 rejected the password startsmbfilepwent: unable to open file /usr/local/bin/samba//private/smbpasswd iterate_getsmbpwnam: unable to open smb password database. Couldn't find user villenh in smb_passwd file. NT Password did not match ! Defaulting to Lanman startsmbfilepwent: unable to open file /usr/local/bin/samba//private/smbpasswd iterate_getsmbpwnam: unable to open smb password database. Couldn't find user villenh in smb_passwd file. 1998/08/28 15:50:06 error packet at line 685 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 error string = No such file or directory 1998/08/28 15:50:10 Transaction 40 of length 191 switch message SMBsesssetupX (pid 2872) Domain=[IMAD] NativeOS=[Windows NT 1381] NativeLanMan=[] sesssetupX:name=[villenh] skipping NetWkstaUserLogon with password server IMAD1 password server IMAD1 accepted the password villenh is in 1 groups 100 uid 1072 registered to name villenh Clearing default real name Chained message switch message SMBtconX (pid 2872) ACCEPTED: validated uid ok as non-guest found free connection number 61 Connect path is /usr/samba/samba1/villenh villenh is in 1 groups 100 chdir to /usr/samba/samba1/villenh chdir to /sbin/init.d 1998/08/28 15:50:13 c110255 (142.205.219.223) connect to service villenh as user villenh (uid=1072,gid=100) (pid 2 872) 1998/08/28 15:50:13 tconX service=villenh user=villenh cnum=61 ~ -- * Akira Matsuno * Network Administrator / Oracle DBA * Statistics Canada * Ottawa Ontario From j.c.burton at gats.hampton.va.us Fri Aug 28 20:39:34 1998 From: j.c.burton at gats.hampton.va.us (John Burton) Date: Tue Dec 2 02:24:24 2003 Subject: RPC Server not available... Message-ID: <35E71586.FBCDA474@gats.hampton.va.us> Hi, I just snarfed a copy of the 8/28/98 cvs version of samba which had the NTDOM code included. I compiled and started it, and was able to have an NT workstation join the domain servered by the Samba PDC (got the little box saying "Welcome to..."). Next I tried running the srvtools for Windows95 from a Windows95 laptop. As soon as I started either the Server Manager or the User Manager, I get "The RPC Server is not available". I also get the same message when I select the domain shown in the list. Can the Server tools for windows95 be used with a Samba PDC? if so, how? wht am I doing wrong? John -- John Burton GATS, Inc. j.c.burton@gats.hampton.va.us 28 Research Drive jcb@visi.net (home) Hampton, VA 23666 (757) 865-7491 (voice) (757) 865-1021 (fax) From aperrin at demog.Berkeley.EDU Fri Aug 28 21:01:21 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:24 2003 Subject: NT Authentication not working? In-Reply-To: <35E70F08.413A@statcan.ca> Message-ID: Looks like you don't have a smbpasswd file, or it's in the wrong place. Samba looks like it's looking for it in /usr/local/bin/samba//private/smbpasswd and not finding it. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Sat, 29 Aug 1998, Akira Matsuno wrote: > I am getting an error when I try to connect to a Samba share from my NT > workstation.. It comes up with Network Error 2108 occurred... > This happens when I'm logged into the NT Workstation with one account, > and try to connect to a private Samba share using a different account. > (I have created the unix accounts from Jerry's NT2PASSWD perl script > with no problems.. thanx Jerry :) > > Eg. NT Logon Userid: matsaki > and in File Manager, I map drive F: > Path: \\IMAPS1\villenh > Connnect as: villenh > > I supply the correct password for villenh , but I get the Network Error > 2108... If I cancel out of the map network drive, I find that it did > actually do the mapping, because I can see the shared F directory... > > I looked in the smb log file, but am not sure what is going on here, and > would appreciate if someone could maybe explain to me what is > happening? I have no idea what Network Error 2108 is, and have checked > the Technet, but found nothing... Looking at the log, I can only guess > that I have a problem with my smbpasswd file??? > > If I login to the NT box with villenh, I don't have any problems mapping > to the share....ie . no errors with this method.. > > Here is my smb log: > 1998/08/28 15:50:00 Transaction 39 of length 191 > switch message SMBsesssetupX (pid 2872) > Domain=[IMAD] NativeOS=[Windows NT 1381] NativeLanMan=[] > sesssetupX:name=[villenh] > password server IMAD1 rejected the password > startsmbfilepwent: unable to open file > /usr/local/bin/samba//private/smbpasswd > iterate_getsmbpwnam: unable to open smb password database. > Couldn't find user villenh in smb_passwd file. > NT Password did not match ! Defaulting to Lanman > startsmbfilepwent: unable to open file > /usr/local/bin/samba//private/smbpasswd > iterate_getsmbpwnam: unable to open smb password database. > Couldn't find user villenh in smb_passwd file. > 1998/08/28 15:50:06 error packet at line 685 cmd=115 (SMBsesssetupX) > eclass=2 ecode=2 > error string = No such file or directory > 1998/08/28 15:50:10 Transaction 40 of length 191 > switch message SMBsesssetupX (pid 2872) > Domain=[IMAD] NativeOS=[Windows NT 1381] NativeLanMan=[] > sesssetupX:name=[villenh] > skipping NetWkstaUserLogon with password server IMAD1 > password server IMAD1 accepted the password > villenh is in 1 groups > 100 > uid 1072 registered to name villenh > Clearing default real name > Chained message > switch message SMBtconX (pid 2872) > ACCEPTED: validated uid ok as non-guest > found free connection number 61 > Connect path is /usr/samba/samba1/villenh > villenh is in 1 groups > 100 > chdir to /usr/samba/samba1/villenh > chdir to /sbin/init.d > 1998/08/28 15:50:13 c110255 (142.205.219.223) connect to service villenh > as user villenh (uid=1072,gid=100) (pid 2 > 872) > 1998/08/28 15:50:13 tconX service=villenh user=villenh cnum=61 > ~ > > > -- > * Akira Matsuno > * Network Administrator / Oracle DBA > * Statistics Canada > * Ottawa Ontario > From jerry at Eng.Auburn.EDU Fri Aug 28 21:06:29 1998 From: jerry at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:24 2003 Subject: RPC Server not available... In-Reply-To: <35E71586.FBCDA474@gats.hampton.va.us> Message-ID: <3.0.5.32.19980828160629.0092f2a0@pophost.eng.auburn.edu> At 06:41 AM 8/29/98 +1000, John Burton wrote: >Hi, > I just snarfed a copy of the 8/28/98 cvs version of samba which had >the NTDOM code included. I compiled and started it, and was able to have >an NT workstation join the domain servered by the Samba PDC (got the >little box saying "Welcome to..."). Next I tried running the srvtools >for Windows95 from a Windows95 laptop. As soon as I started either the >Server Manager or the User Manager, I get "The RPC Server is not >available". I also get the same message when I select the domain shown >in the list. Can the Server tools for windows95 be used with a Samba >PDC? if so, how? wht am I doing wrong? > >John >-- >John Burton GATS, Inc. >j.c.burton@gats.hampton.va.us 28 Research Drive >jcb@visi.net (home) Hampton, VA 23666 >(757) 865-7491 (voice) (757) 865-1021 (fax) > Check out the User administiation seciotn of the NTDOM FAQ linked off the main samba page. Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From matthew at janus.law.usyd.edu.au Fri Aug 28 22:47:13 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:24 2003 Subject: Linking problem on Linux/AXP Message-ID: <199808282247.IAA22146@janus.law.usyd.edu.au> I got this - on my Linux/AXP/Redhat system .. (Well mostly redhat, it has most of the latest RedHat RPMs but Kernel 2.1.111 Linking bin/smbd smbd/chgpasswd.o: In function `dochild': /u/users/matthew/samba/source/smbd/chgpasswd.c:185: undefined reference to `setresgid' /u/users/matthew/samba/source/smbd/chgpasswd.c:185: undefined reference to `setresgid' /u/users/matthew/samba/source/smbd/chgpasswd.c:187: undefined reference to `setresgid' /u/users/matthew/samba/source/smbd/chgpasswd.c:187: undefined reference to `setresgid' smbd/uid.o: In function `init_uid': /u/users/matthew/samba/source/smbd/uid.c:44: undefined reference to `setresgid' smbd/uid.o:/u/users/matthew/samba/source/smbd/uid.c:44: more undefined references to `setresgid' follow make: *** [bin/smbd] Error 1 Im about to go an look through the makefile and see what happens if I turn off setresgid From jgstroud at eos.ncsu.edu Sat Aug 29 05:48:12 1998 From: jgstroud at eos.ncsu.edu (Jonathan Stroud) Date: Tue Dec 2 02:24:24 2003 Subject: SWAT Message-ID: I have the cvs source from 8/27. Every time I try to use swat I get an authentication failure. I can't seem to find much of any documentation for this. Can anyone tell me why I might be having this problem? Also, how do I know if my cvs source needs to be updated, and how can I check to see what release it is? From cartegw at Eng.Auburn.EDU Sat Aug 29 13:26:17 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:24 2003 Subject: RPC Server not available... References: <3.0.5.32.19980828160629.0092f2a0@pophost.eng.auburn.edu> <35E720A4.20DAD420@gats.hampton.va.us> Message-ID: <35E80179.777E6ECB@eng.auburn.edu> John Burton wrote: > > Jerry, > Thanks for the response...the FAQ I found said it only worked for a > small number of accounts...I have 3 entries in the ../private/smbpasswd > file, 1 user and 2 machines...figured this would be a small enough > number...is this too many? Nope. You're right John. Under the BRANCH_NTDOM tree, this would work for a small number of accounts. Apparently source for this did not make it into the merge yet ( along with the DCE/RPC code in smbclient. So the official answer is that it does not work for the moment. Luke, feel free to correct me if I am wrong. :-) j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pcc at llnl.gov Mon Aug 31 02:57:16 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:24 2003 Subject: questions about cifsntdomain.txt Message-ID: <3.0.5.32.19980830195716.009a6560@poptop.llnl.gov> In the cifsntdomain.txt portion of the samaba docs, there is a description of the SAM logon information. I have a couple of questions. Here is the first structure in question: - ID_INFO_1 (id info structure, auth level 1) : VOID* ptr_id_info_1 UNIHDR domain name unicode header UINT32 param control UINT64 logon ID UNIHDR user name unicode header UNIHDR workgroup name unicode header char[16] arc4 LM OWF Password char[16] arc4 NT OWF Password UNISTR2 domain name unicode string UNISTR2 user name unicode string UNISTR2 workstation name unicode string Now the question: 1. Are the OWF only "encrypted" with arc4? Or is there actually a stronger encryption before the arc4'ing them? What I am trying to find out, is whether it is just as easy to capture and crack the domain logon (dce/rpc) based packets, as it is the SMB/CIFS challenge-response authentication packets? The Next structure is the - CLNT_INFO2 (server, client structure, client credentials) : CLNT_SRV client and server names UINT8[] ???? padding, for 4-byte alignment with SMB header. VOID* pointer to client credentials. CREDS client-calculated credentials + client time Question: Where do I findout how the client calculated the credential? Your input is much appreciated. Phil Cox - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From pcc at llnl.gov Mon Aug 31 11:31:25 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:24 2003 Subject: questions about cifsntdomain.txt In-Reply-To: <3.0.5.32.19980830195716.009a6560@poptop.llnl.gov> Message-ID: <3.0.5.32.19980831043125.00984a30@poptop.llnl.gov> All, Please disregard my "stupid" question about arc4. I did some searching and found out that it was refering to Alleged RC4. At 08:27 PM 8/31/98 +1000, Phil Cox wrote: >Now the question: > >1. Are the OWF only "encrypted" with arc4? Or is there actually a stronger >encryption before the arc4'ing them? Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From matsaki at statcan.ca Mon Aug 31 18:01:57 1998 From: matsaki at statcan.ca (Akira Matsuno) Date: Tue Dec 2 02:24:24 2003 Subject: NT Authentication not working? References: Message-ID: <35EAE515.412D@statcan.ca> Andrew Perrin - Demography wrote: > > Looks like you don't have a smbpasswd file, or it's in the wrong place. > Samba looks like it's looking for it in > > /usr/local/bin/samba//private/smbpasswd > > and not finding it. > I have security = server set in my smb.conf... Do I still need to create an smbpasswd file? I guess so eh? cuz if it fails to find the password server, which in my log, it seems to fail, it reverts to security = user.. then back to security = server.... My log shows it initially rejecting the password, then errors on the smbpasswd file, then it accepts the password.... I'm confused why the password server rejected the initial password .. I supplied the correct password.. If I logon to the machine with the NT Account the same as the account who has access to the Samba share, then there are no problems... ie. it accepts the password right away... It seems that only when I am logged on to the NT box with a different account, that the password server will reject the initial password... Is this common behaviour? > > On Sat, 29 Aug 1998, Akira Matsuno wrote: > > > I am getting an error when I try to connect to a Samba share from my NT > > workstation.. It comes up with Network Error 2108 occurred... > > This happens when I'm logged into the NT Workstation with one account, > > and try to connect to a private Samba share using a different account. > > (I have created the unix accounts from Jerry's NT2PASSWD perl script > > with no problems.. thanx Jerry :) > > > > Eg. NT Logon Userid: matsaki > > and in File Manager, I map drive F: > > Path: \\IMAPS1\villenh > > Connnect as: villenh > > > > I supply the correct password for villenh , but I get the Network Error > > 2108... If I cancel out of the map network drive, I find that it did > > actually do the mapping, because I can see the shared F directory... > > > > Here is my smb log: > > 1998/08/28 15:50:00 Transaction 39 of length 191 > > switch message SMBsesssetupX (pid 2872) > > Domain=[IMAD] NativeOS=[Windows NT 1381] NativeLanMan=[] > > sesssetupX:name=[villenh] > > password server IMAD1 rejected the password > > startsmbfilepwent: unable to open file > > /usr/local/bin/samba//private/smbpasswd > > iterate_getsmbpwnam: unable to open smb password database. > > Couldn't find user villenh in smb_passwd file. > > NT Password did not match ! Defaulting to Lanman > > startsmbfilepwent: unable to open file > > /usr/local/bin/samba//private/smbpasswd > > iterate_getsmbpwnam: unable to open smb password database. > > Couldn't find user villenh in smb_passwd file. > > 1998/08/28 15:50:06 error packet at line 685 cmd=115 (SMBsesssetupX) > > eclass=2 ecode=2 > > error string = No such file or directory > > 1998/08/28 15:50:10 Transaction 40 of length 191 > > switch message SMBsesssetupX (pid 2872) > > Domain=[IMAD] NativeOS=[Windows NT 1381] NativeLanMan=[] > > sesssetupX:name=[villenh] > > skipping NetWkstaUserLogon with password server IMAD1 > > password server IMAD1 accepted the password > > villenh is in 1 groups > > 100 > > uid 1072 registered to name villenh > > Clearing default real name > > Chained message > > switch message SMBtconX (pid 2872) > > ACCEPTED: validated uid ok as non-guest > > found free connection number 61 > > Connect path is /usr/samba/samba1/villenh > > villenh is in 1 groups > > 100 > > chdir to /usr/samba/samba1/villenh > > chdir to /sbin/init.d > > 1998/08/28 15:50:13 c110255 (142.205.219.223) connect to service villenh > > as user villenh (uid=1072,gid=100) (pid 2 > > 872) > > 1998/08/28 15:50:13 tconX service=villenh user=villenh cnum=61 > > ~ > > > > > > -- > > * Akira Matsuno > > * Network Administrator / Oracle DBA > > * Statistics Canada > > * Ottawa Ontario > > -- * Akira Matsuno * Network Administrator / Oracle DBA * Statistics Canada * Ottawa Ontario From doerbeck at dma.isg.mot.com Mon Aug 31 18:58:43 1998 From: doerbeck at dma.isg.mot.com (Christoph Doerbeck) Date: Tue Dec 2 02:24:24 2003 Subject: valid-users not working in samba-1.9.18p10 Message-ID: <199808311858.OAA21515@prospero.dma.isg.mot.com> I have the following snippets in my smaba.conf : netbios name = velours server string = PDS Samba %v security = server password server = bdcfoo.bar.com null passwords = no username map = /opt/samba/lib/users.map hosts allow = @dis_nt @dialin hosts deny = ALL [homes] . . . . [y2k] comment = share for year 2000 testing path = / hosts allow = @dis_nt valid users = johndoe,janedoe writable = no browseable = yes In a previous life, running samba-1.9.17p4, a user in our NTdomain could seemlessly connect to any share (@netgroup, and "valid users ="). Since I've upgraded to p10, the y2k share requires a reauthenticated login unless I remove the "vaild users" line. Once it is commented out, everything works seemlessly again, but now everyone on a machine in NTdomain & Netgroup can get access. This setup worked properly with samba-1.9.17p4. Any comments, suggestiong, or bugs I should be aware of? ######################################## # Christoph Doerbeck From trep at dem.qc.ca Mon Aug 31 19:59:02 1998 From: trep at dem.qc.ca (Pierre-Jules Tremblay) Date: Tue Dec 2 02:24:24 2003 Subject: samba-2.0.0alpha1 In-Reply-To: <35EADF1B.BCF55549@engr.sgi.com> from "Jeremy Allison" at Sep 1, 98 03:42:19 am Message-ID: <199808311959.PAA18625@ursula.dem.qc.ca> A non-text attachment was scrubbed... Name: not available Type: text Size: 2516 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19980831/e6d3fc58/attachment.bat