From stat at atria.com Tue Dec 1 00:31:54 1998 From: stat at atria.com (Seiichi Tatsukawa) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass Message-ID: <032d01be1cc1$ff991180$c968f3ce@blueshark.atria.com> | There is also another way which you might be interested |in: ClearCase Doctor from Rational also seems to provoke it when it checks out |domain capabilities. You wouldn't expect ClearCase/NT works with Samba PDC, would you? ClearCase/NT calls quite a few Lsa*() APIs locally and remotely along with a lot of Net*() APIs. So, it requires Samba PDC to support quite a lot of Lsa and Samr RPCs. (Of course, NetLogon service (lsass) shouldn't die upon the receipt of a malformed reply. That can be used as a Denial-Of-Service attack.) --- Seiichi + Seiichi Tatsukawa + + Rational Software, Lexington, MA + From greg at discreet.com Tue Dec 1 01:35:04 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass In-Reply-To: <032d01be1cc1$ff991180$c968f3ce@blueshark.atria.com> Message-ID: Well, it doesn't quite, at least not yet. I'm using CC on NT with samba instead of NFS and it works very well. I'm just trying the PDC out with each each leap in implementation and my gut feeling is its pretty close... Greg PS: Nice to see you Rational guys follow samba development, this is IMHO excellent software. Does this mean that someday you will support it? ;-) On 01-Dec-98 Seiichi Tatsukawa wrote: >| There is also another way which you might be interested >|in: ClearCase Doctor from Rational also seems to provoke it when it > checks out >|domain capabilities. > > > You wouldn't expect ClearCase/NT works with Samba PDC, would you? > ClearCase/NT calls quite a few Lsa*() APIs locally and remotely along with > a lot of Net*() APIs. So, it requires Samba PDC to support quite a lot of > Lsa and Samr RPCs. > (Of course, NetLogon service (lsass) shouldn't die upon the receipt of a > malformed reply. That can be used as a Denial-Of-Service attack.) > > --- Seiichi > > + Seiichi Tatsukawa + > + Rational Software, Lexington, MA + ---------------------------------- Greg Dickie just a guy* *from Discreet Logic ---------------------------------- From bernie at ecr.mu.oz.au Tue Dec 1 05:03:33 1998 From: bernie at ecr.mu.oz.au (Bernie Kirby) Date: Tue Dec 2 02:24:45 2003 Subject: Um, is this right? Message-ID: <199812010503.QAA08699@fudpucker.ecr.mu.oz.au> domain_namemap.c: if (!split_domain_name(fullntname, nt_name, nt_domain)) sids.c: BOOL split_domain_name(char *fullname, char *domain, char *name) (ie the name and the domain are reversed). From jal at mcs.le.ac.uk Tue Dec 1 11:26:04 1998 From: jal at mcs.le.ac.uk (J. A. Landamore) Date: Tue Dec 2 02:24:45 2003 Subject: Does nisplus option work? Message-ID: <23374.9812011126@sun2.mcs.le.ac.uk> A non-text attachment was scrubbed... Name: not available Type: text Size: 1023 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981201/69804908/attachment.bat From lkcl at switchboard.net Tue Dec 1 15:33:48 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass In-Reply-To: Message-ID: > > You wouldn't expect ClearCase/NT works with Samba PDC, would you? well... if enough people were interested and someone posted me a network trace, then quite probably the answer would be yes! > > ClearCase/NT calls quite a few Lsa*() APIs locally and remotely along with > > a lot of Net*() APIs. So, it requires Samba PDC to support quite a lot of > > Lsa and Samr RPCs. we _have_ quite a lot of those: #define SAMR_CONNECT_ANON 0x00 #define SAMR_CLOSE_HND 0x01 #define SAMR_UNKNOWN_3 0x03 #define SAMR_OPEN_DOMAIN 0x07 #define SAMR_QUERY_DOMAIN_INFO 0x08 #define SAMR_CREATE_DOM_GROUP 0x0a #define SAMR_ENUM_DOM_USERS 0x0d #define SAMR_CREATE_DOM_ALIAS 0x0e #define SAMR_ENUM_DOM_ALIASES 0x0f #define SAMR_QUERY_USERALIASES 0x10 #define SAMR_LOOKUP_NAMES 0x11 #define SAMR_UNKNOWN_12 0x12 #define SAMR_OPEN_GROUP 0x13 #define SAMR_QUERY_GROUPINFO 0x14 #define SAMR_SET_GROUPINFO 0x15 #define SAMR_ADD_GROUPMEM 0x16 #define SAMR_QUERY_GROUPMEM 0x19 #define SAMR_OPEN_ALIAS 0x1b #define SAMR_QUERY_ALIASINFO 0x1c #define SAMR_SET_ALIASINFO 0x1d #define SAMR_DELETE_DOM_ALIAS 0x1e #define SAMR_UNK_ALIAS 0x1f #define SAMR_ADD_ALIASMEM 0x20 #define SAMR_QUERY_ALIASMEM 0x21 #define SAMR_UNKNOWN_21 0x21 #define SAMR_OPEN_USER 0x22 #define SAMR_QUERY_USERINFO 0x24 #define SAMR_QUERY_USERGROUPS 0x27 #define SAMR_QUERY_DISPINFO 0x28 #define SAMR_UNKNOWN_2C 0x2c #define SAMR_ENUM_DOM_GROUPS 0x30 #define SAMR_UNKNOWN_32 0x32 #define SAMR_UNKNOWN_34 0x34 #define SAMR_CHGPASSWD_USER 0x37 #define SAMR_UNKNOWN_38 0x38 #define SAMR_CONNECT 0x39 /* ntlsa pipe */ #define LSA_CLOSE 0x00 #define LSA_QUERYINFOPOLICY 0x07 #define LSA_ENUMTRUSTDOM 0x0d #define LSA_LOOKUPNAMES 0x0e #define LSA_LOOKUPSIDS 0x0f #define LSA_OPENPOLICY 0x06 #define LSA_OPENPOLICY2 0x2c #define LSA_OPENSECRET 0x1C From lkcl at switchboard.net Tue Dec 1 15:34:22 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: Um, is this right? In-Reply-To: <199812010503.QAA08699@fudpucker.ecr.mu.oz.au> Message-ID: On Tue, 1 Dec 1998, Bernie Kirby wrote: > > domain_namemap.c: if (!split_domain_name(fullntname, nt_name, nt_domain)) oops. thanks! > sids.c: BOOL split_domain_name(char *fullname, char *domain, char *name) > > (ie the name and the domain are reversed). > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From Herve.Cimadomo at imag.fr Tue Dec 1 16:11:50 1998 From: Herve.Cimadomo at imag.fr (cimadomo =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:24:45 2003 Subject: i want to be domain administrator ! Message-ID: <36641545.FF7C8C6F@imag.fr> conf=samba 2.0 beta2 , nt4sp4. hello, using samba 2.0 beta2 (no current cvs), i try to be a domain administrator. For that i put the following lines in my smb.conf (my login is "cimadomo") ... domain admin users = cimadomo dami amiour jacky gateau sanlavil fodil coupaye belkatir jmfavre morat cunin domain admin group = cimadomo dami amiour jacky gateau sanlavil fodil coupaye belkatir jmfavre morat cunin .... And i log in. When i want see in usrmgr.exe if i'am in "domain Admins", i have a "application error" when i clicked on "group" item in my login configuration. When i use showgrps (ressource kit3) i have : p:\>showgrps User: [ADELE\cimadomo], is a member of: ADELE\Everyone ADELE\dummy group p:> thank for any help. -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr LSR ACTIMART, bat 8, avenue de Vignate 38610 Gieres tel : 04.76.63.34.61 From lkcl at switchboard.net Tue Dec 1 16:26:49 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: MACHINE.SID and YOUR_SAM_NAME.SID Message-ID: ok, subject to jeremy's approval, there is code in the main branch (NOT, REPEAT NOT, SAMBA_2_0) that renames MACHINE.SID to YOUR_SAM_NAME.SID, which will be lp_workgroup().SID or global_sam_name.SID if you use as a PDC or security=server respecctively. those people who have been running main branch for the last two days will find that smbd exits with "both MACHINE.SID and YOUR_SAM_NAME.SID" exist. make a choice, keep the old one though :-) luke From heinig at hdz-ima.rwth-aachen.de Tue Dec 1 17:49:26 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:45 2003 Subject: Does nisplus option work? References: <23374.9812011126@sun2.mcs.le.ac.uk> Message-ID: <36642C26.7D39802B@hdz-ima.rwth-aachen.de> J. A. Landamore wrote: > I have tried to compile both the 2.0alpha and 2.0beta versions of Samba with the > --with-nisplus option to configure. In both cases I get > > Using LIBS = -lsocket -lnsl -ldl -lpam > Linking bin/smbd > Undefined first referenced > symbol in file > nisplus_initialize_password_db passdb/passdb.o > ld: fatal: Symbol referencing errors. No output written to bin/smbd > *** Error code 1 > make: Fatal error: Command failed for target `bin/smbd' > > So my question is, is this option implemented yet, and if so which library do I > need to link against? Without the nisplus option it compiles and works great. > Solaris 2.6 on Sparc > John, The nisplus stuff isn't done yet. I need it too and I'll have some time spare in a few days when I'll have a look at it. If you're interested in the NIS+ feature and can spare a bit of hacking time, that would be great. Gerald From caesmb at lab2.cc.wmich.edu Tue Dec 1 19:41:31 1998 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:24:45 2003 Subject: Packaging for RedHat broke in latest CVS? Message-ID: I get this when I execute makerpms.sh, anyone else having similiar trouble? + echo 'Patch #0:' Patch #0: + patch -p1 -s 1 out of 2 hunks FAILED -- saving rejects to source/Makefile.in.rej Bad exit status from /var/tmp/rpm-tmp.82990 (%prep) From lkcl at switchboard.net Tue Dec 1 23:55:26 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: [MAIN BRANCH NOT SAMBA_2_0beta2] - group members: USRMGR.EXE Message-ID: it's new, it's not necessarily improved, but it's cool. double-clock on a local group ("Administrators", "Account Operators", "some_local_nt_group") and you get the "Local Group Properties" dialog, hurrah. you will need to use "domain user map", "local group map" and "domain group map" options to get users and groups to appear correctly, see smb.conf this is getting pretty wild :-) domain groups are next... From borsenkow.msk at sni.de Wed Dec 2 10:24:19 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS does not start Message-ID: <002601be1ddd$ec0b8b30$21c9ca95@mowp.siemens.ru> Luke, this is fishy ... get_member_domain_sid(void): { ... return get_domain_sids(NULL, &global_member_sid, lp_passwordserver()); } BOOL get_domain_sids(DOM_SID *sid3, DOM_SID *sid5, char *servers) { ... if (sid3 != NULL) { /* send client info query, level 3. receive domain name and sid */ res = res ? do_lsa_query_info_pol(&cli, &pol, 3, dom3, sid3) : False; } ... if (!strequal(dom3, global_myworkgroup) || !strequal(dom5, global_myworkgroup)) { DEBUG(0,("get_member_domain_sid: %s is a DC for %s not %s\n", cli.desthost, dom5, global_myworkgroup)); res = False; } } Both nmbd and smbd: if (!get_member_domain_sid()) { DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", lp_passwordserver())); exit(1); } And here is what I get in log: [1998/12/02 13:10:08, 0] lib/sids.c:(266) get_member_domain_sid: is a DC for ITS not ITS :)) /andrej From borsenkow.msk at sni.de Wed Dec 2 10:34:25 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:45 2003 Subject: smbpasswd -r broken in latest CVS? Message-ID: <002901be1ddf$552ce270$21c9ca95@mowp.siemens.ru> bor@itsrm2:~smbsrc/source%> smbpasswd -r its_server get_member_domain_sid: is a DC for ITSRM2 not ITS Can't setup password database vectors. itsrm2 is memeber of its with its_server as PDC Actually, smbpasswd does not works as well bor@itsrm2:~smbsrc/source%> smbpasswd get_member_domain_sid: is a DC for ITSRM2 not ITS Can't setup password database vectors. /andrej From borsenkow.msk at sni.de Wed Dec 2 13:15:54 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:45 2003 Subject: NT user authentication Message-ID: <004201be1df5$e41b73f0$21c9ca95@mowp.siemens.ru> I got this from a book on NT networking. Can anybody please comment on this? This describes, how member of NT domain verifies remote logon request 1. check (domain,user) with DC. If O.K. log user on as (domain,user) 2. check user against local user database. If O.K., log on as local user 3. if guest is allowed, log on as guest 4. deny request I am somewhay uneasy about 2 ... thank you /andrej From neil at gatewaymedia.co.uk Wed Dec 2 13:36:42 1998 From: neil at gatewaymedia.co.uk (Neil Ballantyne) Date: Tue Dec 2 02:24:45 2003 Subject: CVS Makefile woes Message-ID: <002201be1df8$cbc91340$0606060a@sal.gatewaymedia.co.uk> I've just downloaded the latest cvs and when I run make I get: make: Fatal error in reader: Makefile, line 349: Macro assignment on dependancy line anyone know why it's doing this, what it means or how to fix? I'm hoping it's something really simple, but I'm not a Makefile person and I can't fix it... ;( tia, -- neil From cartegw at Eng.Auburn.EDU Wed Dec 2 14:23:32 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:45 2003 Subject: CVS Makefile woes References: <002201be1df8$cbc91340$0606060a@sal.gatewaymedia.co.uk> Message-ID: <36654D64.22EBF1AD@eng.auburn.edu> Neil Ballantyne wrote: > > I've just downloaded the latest cvs and when I run make I get: > > make: Fatal error in reader: Makefile, line 349: Macro assignment on > dependancy line > Let me guess...Solaris right? use gmake instead. I noticed this a few days ago and forgot to look into it more. I'm not much of a make wizard myself either though. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Wed Dec 2 14:32:22 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:45 2003 Subject: USE_SMBUNIX_DB Message-ID: Hi, I'm confused again (i hate it when that happens! ;-). Latest CVS code from this morning and I cannot log in. On the NT machine it says that the trust account does not exist or the password for the machine is incorrect. In the log file I see a bunch of group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) group name sys members: 4 [1998/12/02 08:28:24, 5] groupdb/groupdb.c:(239) like it gets stuck on the first line (group) forever so I'm trying to trace the code but it seems to me that USE_UNIXSMB_DB should be defined somewhere and is not. Should it? Gracias, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From amol at memcad.com Wed Dec 2 14:54:35 1998 From: amol at memcad.com (Amol Karnik) Date: Tue Dec 2 02:24:45 2003 Subject: upgrades never work Message-ID: <366554AB.C1D95FA7@memcad.com> hi all, i'm sure i'm doing something totally wrong here. i always get the latest cvs version after any major changes to the code, and compile it, and install it. Whenver i do this, all the NT workstations which used to be able to join my samba domain, are now unable to join it when they reboot, saying that the machines dont have an account. I then have to delete their entry from smbpasswd, get the machines into standalone (not part of a domain). then add the machine to the smbpasswd file using smbpasswd -a -m machinename. then change the workstations to log on to the samba domain, then reboot. is there any other way of doing this? every time the change the smbd and nmbd daemons, i have to do this all over again, for all wkstations! regards, and thanks in advance. - amol From gadosy at alcor.concordia.ca Wed Dec 2 10:49:18 1998 From: gadosy at alcor.concordia.ca (Dr. Timothy A. Gadosy) Date: Tue Dec 2 02:24:45 2003 Subject: Newbie question Message-ID: <01BE1DE1.69DC87A0.gadosy@alcor.concordia.ca> Hi Folks: I apologise ahead of time for the newbie questions. I have just installed samba and was wondering if there was any way of setting it up so that I could use it as a domain server for WinNT 4.0. According to the info files it states that the present version cannot do this but possibly future versions, and to watch this mailing list for information. Furthermore, is it possible to set it up so that both WinNT and Win98 PCs can log on? Thanks in advance. Cheers, Tim Dr. Timothy A. Gadosy Assistant Professor Department of Chemistry and Biochemistry Concordia University 1455 DeMaisonneuve Blvd. W. Montreal, QC CANADA H3G 1M8 Tel: (514) 848-3337 Fax: (514) 848-2867 WWW: http://132.205.57.9/facstaff/g-i/gadosy/gadosy.html From hulet at ittc.ukans.edu Wed Dec 2 16:20:49 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:45 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: The latest CVS code (12/2/98) does not allow me to login to the domain. PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND 17933 root 53 0 5784K 1638K run 2:19 99.00% smbd starts up another process until it brings my server to its knees. PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND 18191 root 53 0 5128K 786K run 0:23 49.70% 17933 root 53 0 5920K 1703K run 2:43 49.60% NT gives me The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on the account is incorrect after a couple of minutes. smbd continues to consume 99% of my cpu time until I kill it. Just started happening this week. The log file shows a continues loop of [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) lookupsmbpwnam: unix user name root [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) lookupsmbpwuid: unix uid 0 [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) lookupsmbpwnam: unix user name hulet [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) lookupsmbpwuid: unix uid 204 [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) line: 'system::1001:,hulet' [1998/12/02 10:05:02, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) group name system members: 2 [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) searching against user root... [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) searching against user hulet... [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) searching for user hulet: found [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) adding group system() [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) getgrpunixpwent: enum unix group entry system [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) lookupsmbgrpgid: unix gid 0 [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) map_unixid: enum entry unix group admin 68 nt Administrators S-1-5-32-544 [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) map_unixid: enum entry unix group ittc 29690 nt Domain Admins S-1-5-21-2223245607-1664418827-1016294829-512 ..........100's of times until [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) lp_file_list_changed() file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf last mo d_time: Wed Dec 2 09:28:29 1998 [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) Closing idle connection 2. [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) Closing connections [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) carmack (0.0.0.0) closed connection to service IPC$ [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) Yielding connection to IPC$ [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) Server exit (normal exit) [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) unbecome_user now uid=(0,0) gid=(0,0) [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) unbecome_user now uid=(0,0) gid=(0,0) [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) Closing connections [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) Closing connections [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) carmack (129.237.123.72) closed connection to service IPC$ [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) Yielding connection to IPC$ [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) Server exit (caught signal) [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) carmack (129.237.123.72) closed connection to service IPC$ [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) Yielding connection to IPC$ [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) Server exit (caught signal) HELP! From pcc at llnl.gov Wed Dec 2 16:26:56 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:45 2003 Subject: NT user authentication In-Reply-To: <004201be1df5$e41b73f0$21c9ca95@mowp.siemens.ru> Message-ID: <3.0.5.32.19981202082656.009a9a30@poptop.llnl.gov> At 12:18 AM 12/3/98 +1100, Andrej Borsenkow wrote: >I got this from a book on NT networking. Can anybody please comment on this? >This describes, how member of NT domain verifies remote logon request > >1. check (domain,user) with DC. If O.K. log user on as (domain,user) >2. check user against local user database. If O.K., log on as local user This would only happen if there was no domain associated with the user in the logon request. I.E. when the explorer pops up the username/password dialog box if I just enter a user name, then the server will check it's own SAM database, but if I put the username in the form of domain\user, then the server would do #1. It is my understanding that 1 & 2 are mutually exclusive (except when a the domain is NULL). NULL domains are usually seen in downlevel clients. Take a look at MS KB article Q103390. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From lkcl at switchboard.net Wed Dec 2 16:26:45 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS does not start In-Reply-To: <002601be1ddd$ec0b8b30$21c9ca95@mowp.siemens.ru> Message-ID: you know what? that check's a bit of overkill, and i'm feeling lazy today. i'm going to cut it. thanks. On Wed, 2 Dec 1998, Andrej Borsenkow wrote: > Luke, this is fishy ... > > get_member_domain_sid(void): > { > ... > return get_domain_sids(NULL, &global_member_sid, lp_passwordserver()); > } > > BOOL get_domain_sids(DOM_SID *sid3, DOM_SID *sid5, char *servers) > { > .. > if (sid3 != NULL) > { > /* send client info query, level 3. receive domain name and sid */ > res = res ? do_lsa_query_info_pol(&cli, &pol, 3, dom3, sid3) : False; > } > > ... > > if (!strequal(dom3, global_myworkgroup) || > !strequal(dom5, global_myworkgroup)) > { > DEBUG(0,("get_member_domain_sid: %s is a DC for %s not %s\n", > cli.desthost, dom5, global_myworkgroup)); > res = False; > } > > } > > Both nmbd and smbd: > > if (!get_member_domain_sid()) > { > DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", > lp_passwordserver())); > exit(1); > } > > > And here is what I get in log: > > [1998/12/02 13:10:08, 0] lib/sids.c:(266) > get_member_domain_sid: is a DC for ITS not ITS > > :)) > > > /andrej > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From greg at discreet.com Wed Dec 2 16:42:45 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:45 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: YUp, this is what I'm seeing to. It looks like getgrent is, in fact not cycling through the file but always returning the same entry. I'm trying to figure this out at the moment. You're not on IRIX by any chance, are you? Greg On 02-Dec-98 Michael S. Hulet wrote: > The latest CVS code (12/2/98) does not allow me to login to the domain. > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > 17933 root 53 0 5784K 1638K run 2:19 99.00% > > smbd starts up another process until it brings my server to its knees. > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > 18191 root 53 0 5128K 786K run 0:23 49.70% > 17933 root 53 0 5920K 1703K run 2:43 49.60% > > NT gives me The system cannot log you on to this domain because the > system's computer account in its primary domain is missing or the password > on the account is incorrect after a couple of minutes. smbd continues to > consume 99% of my cpu time until I kill it. > Just started happening this week. > > The log file shows a continues loop of > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > lookupsmbpwnam: unix user name root > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > lookupsmbpwuid: unix uid 0 > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > lookupsmbpwnam: unix user name hulet > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > lookupsmbpwuid: unix uid 204 > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) > line: 'system::1001:,hulet' > [1998/12/02 10:05:02, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) > group name system members: 2 > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > searching against user root... > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > searching against user hulet... > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) > searching for user hulet: found > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) > adding group system() > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) > getgrpunixpwent: enum unix group entry system > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) > lookupsmbgrpgid: unix gid 0 > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > sid_to_string returning S-1-5-32-544 > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > map_unixid: enum entry unix group admin 68 nt Administrators > S-1-5-32-544 > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > map_unixid: enum entry unix group ittc 29690 nt Domain Admins > S-1-5-21-2223245607-1664418827-1016294829-512 > > .........100's of times until > > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) > lp_file_list_changed() > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf > last mo > d_time: Wed Dec 2 09:28:29 1998 > > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) > Closing idle connection 2. > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) > Closing connections > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) > carmack (0.0.0.0) closed connection to service IPC$ > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) > Yielding connection to IPC$ > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) > Server exit (normal exit) > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > unbecome_user now uid=(0,0) gid=(0,0) > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > unbecome_user now uid=(0,0) gid=(0,0) > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > Closing connections > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > Closing connections > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > carmack (129.237.123.72) closed connection to service IPC$ > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > Yielding connection to IPC$ > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > Server exit (caught signal) > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > carmack (129.237.123.72) closed connection to service IPC$ > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > Yielding connection to IPC$ > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > Server exit (caught signal) > > > HELP! --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jallison at cthulhu.engr.sgi.com Wed Dec 2 16:56:20 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:45 2003 Subject: NT user authentication References: <004201be1df5$e41b73f0$21c9ca95@mowp.siemens.ru> Message-ID: <36657134.D15675DE@engr.sgi.com> Andrej Borsenkow wrote: > > I got this from a book on NT networking. Can anybody please comment on this? > This describes, how member of NT domain verifies remote logon request > > 1. check (domain,user) with DC. If O.K. log user on as (domain,user) > 2. check user against local user database. If O.K., log on as local user > 3. if guest is allowed, log on as guest > 4. deny request > > I am somewhay uneasy about 2 ... > Yes this is how it works. It is also how Samba 2.0 works also. Don't know about the HEAD branch as that has so widely diverged at the moment. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ken at sdd.hp.com Wed Dec 2 18:17:05 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:45 2003 Subject: Beta 2 on HPUX and other problems ... Message-ID: <199812021817.KAA02849@hpsdlz.sdd.hp.com> On HPUX 10.20, with the beta2 bits, PRINTCAP_NAME never gets defined so the compile bombs with ... [ROOT @ z] (25)-> make Using FLAGS = -Ae -Iinclude -I./include -I./ubiqx -I./smbwrapper -Ae -DSMBLOGFIL E="/local/var/log.smb" -DNMBLOGFILE="/local/var/log.nmb" -DCONFIGFILE="/local/li b/smb.conf" -DLMHOSTSFILE="/local/lib/lmhosts" -DSWATDIR="/local/swat" -DSBIND IR="/local/bin" -DLOCKDIR="/local/var/locks" -DSMBRUN="/local/bin/smbrun" -DCODE PAGEDIR="/local/lib/codepages" -DDRIVERFILE="/local/lib/printers.def" -DBINDIR=" /local/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE=" /local/private/smbpasswd" -DSMB_PASSWD_PROGRAM="/local/bin/smbpasswd" Using LIBS = -lsec Compiling param/loadparm.c cc: "param/loadparm.c", line 820: error 1588: "PRINTCAP_NAME" undefined. cc: "param/loadparm.c", line 820: warning 563: Argument #2 is not the correct ty pe. *** Error exit code 1 Stop. Looks like the issue is in how it is handled in include/includes.h First .... #ifdef AIX #define DEFAULT_PRINTING PRINT_AIX #define PRINTCAP_NAME "/etc/qconfig" #endif #ifdef HPUX #define DEFAULT_PRINTING PRINT_HPUX #endif Notice how it is defined for AIX but not HPUX and then farther down #ifndef DEFAULT_PRINTING #ifdef SYSV #define DEFAULT_PRINTING PRINT_SYSV #define PRINTCAP_NAME "lpstat" #else #define DEFAULT_PRINTING PRINT_BSD #define PRINTCAP_NAME "/etc/printcap" #endif #endif Looks like it just got dropped somewhere. Only places its found are [ROOT @ z] (26)-> find . -name '*.[ch]' | xargs grep PRINTCAP_NAME ./param/loadparm.c: string_set(&Globals.szPrintcapname, PRINTCAP_NAME); ./include/includes.h:#define PRINTCAP_NAME "/etc/qconfig" ./include/includes.h:#define PRINTCAP_NAME "lpstat" ./include/includes.h:#define PRINTCAP_NAME "/etc/printcap" ./utils/testprns.c: pszTemp = (argc < 3) ? PRINTCAP_NAME : argv[2]; [ROOT @ z] (27)-> And another problem I'm having on any/all of the 2.X stuff. This is only on win95, not NT, not win98. Scenario is Win95 client opens a file on samba server (our test case is a .txt file with notepad). Win95 client closes file (no mods to file needed). Checking status on swat after Win95 client closes file show that file is still locked. Now modify the .txt file on the samba server (ie vi it and make a change). Now on the Win95 client using explorer, you can refresh the samba server directory with F5 and see the mtime on the file has changed ... but ... if you edit the file again on the Win95 client with notepad, you get the old file, not the changed version. Odd thing here is that if you do one of the following * disconnect/reconnect the samba share * go to an NT or win98 client and edit the file with notepad (just open and close it, no mods) * kill the smbd running for the Win95 client (then let the client auto re-connect) and then try and edit the file on the Win95 client ... you get the right version, ie, the one modified on the UNIX side ? This is driving us nuts ... Thanks -- Ken From thwartedefforts at wonky.org Wed Dec 2 19:09:49 1998 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:45 2003 Subject: restrict anonymous patch against 2beta2 Message-ID: <19981202190949.10304.cpmta@fillmore.criticalpath.net> This patch adds a 'restrict anonymous' parameter to samba which forces samba to deny anonymous connections from clients. It supersedes my "null overrides valid username" patch (http://samba.anu.edu.au/listproc/samba-ntdom/2351.html). The patch can be downloaded from http://www.reac.com/samba/samba2b2-restanon.diff This has two effects: - The %U and %G macro expansions will work in a predictable manner, because a username is always needed. This gets rid of cases where the client refreshes the share listing and shares "disappear". - Killing an smbd process for a WinNT client can cause the client to assume it's still validated, and sometimes will attempt reconnection anonymously. This will force it to revalidate. It has one side effect (related to how NT behaves after logout): - If you are using samba as a PDC, the client machine will be unable to revalidate it's machine account after a user logs out because WinNT maintains a validated connection after logout, and it tries to access the machine account initially using an anonymous connection. The solution here is to "Shutdown and restart" between interactive logons, rather than "Close all programs and logon as a different user". The fact that NT maintains a connection after logout has been a long standing problem with using Samba as a PDC, for which there is currently no know solution or workaround. If having to restart between interactive logons bothers you, then do not set restrict anonymous to true. The restrict anonymous parameter is not designed for use in share level security. Do not use it if you have security=share. Restrict anonymous does effect browsing on mixed client networks, but I have attempted to compensate for that. What appears to be a bug in Win95 makes it difficult to browse non-anonymously. If restrict anonymous is turned on, a work around gets enabled for win95 clients to make browsing work. See http://samba.anu.edu.au/listproc/samba-technical/1856.html for a more detailed description of this Win95 problem. I would recommend that restrict anonymous only be used on homogenous NT networks, but I am successfully (that is, browsing works for all machines when restrict anonymous is on) using it in a mixed NT and 95 network. If a Win95 machine is on your network and the workaround gets enabled, a message is generated to the system logs. If restrict anonymous is turned off (the default), then the complete original behaviour is used. My environment: Samba2.0.0beta2 Primary Domain Controller (RH 5.1) Samba2.0.0beta2 domain member (RH 5.1) approx 3 dozen Windows NT4 Workstations (mixed SP3 and SP4) 2 Windows NT4 Server SP4 Files patched are: source/smbd/reply.c source/param/loadparam.c yodldocs/smb.conf.5.yo The other kinds of docs will have to be regenerated from the yodl format docs. To apply: $ cd to the directory that contains the samba-2.0.0beta2 directory $ ls (to verify you are in the right place) samba-2.0.0beta2 $ patch -p0 < samba2b2-restanon.diff patching file... I recommend GNU patch. The -p0 option is important so that it finds the files to patch in the subdirectories. >From the docs: restrict anonymous(G) This is a boolean parameter. If it is true, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, but it doesn't. Setting it to true will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter is only recommened for homogenous NT client environments. This parameter makes the use of macro expansions that rely on the username (%U, %G, etc) consistant. NT 4.0 likes to use anonymous connections when refreshing the share list, and this is a way to work around that. When restrict anonymous is true, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the samba Primary Domain Controller to revalidate it's machine account after someone else has logged on the client interactively. The NT client will display a message saying that the machine's account in the domain doesn't exist or the password is bad. The best way to deal with this is to reboot NT client machines between interactive logons, using "Shutdown and Restart", rather than "Close all programs and logon as a different user". From caesmb at lab2.cc.wmich.edu Wed Dec 2 20:19:55 1998 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:24:46 2003 Subject: Packaging for RedHat Message-ID: Attached is a new packaging/RedHat/makefile-path.patch file which will fix the scripts to automatically create a RPM from the CVS tree. This patch was make against CVS from about an hour ago. I kept all the directories the same as they were before. Could someone please check this into the tree? Thanks, Kevin Currie -------------- next part -------------- diff -uNr samba-PVERSION/source/Makefile.in samba-kgc/source/Makefile.in --- samba-PVERSION/source/Makefile.in Wed Dec 2 14:35:18 1998 +++ samba-kgc/source/Makefile.in Wed Dec 2 15:06:02 1998 @@ -27,7 +27,7 @@ # the previous releases of Samba SBINDIR = @bindir@ LIBDIR = @libdir@ -VARDIR = $(BASEDIR)/var +VARDIR = /var MANDIR = @mandir@ # The permissions to give the executables @@ -36,23 +36,23 @@ # set these to where to find various files # These can be overridden by command line switches (see smbd(8)) # or in smb.conf (see smb.conf(5)) -SMBLOGFILE = $(VARDIR)/log.smb -NMBLOGFILE = $(VARDIR)/log.nmb +SMBLOGFILE = $(VARDIR)/log/samba/log.smb +NMBLOGFILE = $(VARDIR)/log/samba/log.nmb CONFIGFILE = $(LIBDIR)/smb.conf LMHOSTSFILE = $(LIBDIR)/lmhosts DRIVERFILE = $(LIBDIR)/printers.def PASSWD_PROGRAM = /bin/passwd -SMB_PASSWD_FILE = $(BASEDIR)/private/smbpasswd -SMB_PASSGRP_FILE = $(BASEDIR)/private/smbpassgrp -SMB_GROUP_FILE = $(BASEDIR)/private/smbgroup -SMB_ALIAS_FILE = $(BASEDIR)/private/smbalias +SMB_PASSWD_FILE = $(LIBDIR)/smbpasswd +SMB_PASSGRP_FILE = $(LIBDIR)/smbpassgrp +SMB_GROUP_FILE = $(LIBDIR)/smbgroup +SMB_ALIAS_FILE = $(LIBDIR)/smbalias SMB_PASSWD_PROGRAM = $(BINDIR)/smbpasswd # This is where SWAT images and help files go -SWATDIR = $(BASEDIR)/swat +SWATDIR = $(BASEDIR)/share/swat # the directory where lock files go -LOCKDIR = $(VARDIR)/locks +LOCKDIR = $(VARDIR)/lock/samba # The directory where code page definition files go CODEPAGEDIR = $(LIBDIR)/codepages From greg at discreet.com Wed Dec 2 20:56:49 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain Message-ID: Sorry to be a pain but I cannot figure out what the problem is with the getgrent looping endlessly. I have tried it in a small test program and it appears to work ok so there must be something else happening in smbd that I do not know about. help me..... Luke, Jeremy,Gerald? please.... Argh Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jallison at cthulhu.engr.sgi.com Wed Dec 2 21:57:39 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:46 2003 Subject: Beta 2 on HPUX and other problems ... References: <199812021817.KAA02849@hpsdlz.sdd.hp.com> Message-ID: <3665B7D3.860CC9DD@engr.sgi.com> Ken Stone wrote: > > On HPUX 10.20, with the beta2 bits, PRINTCAP_NAME never gets defined so > the compile bombs with ... > .... > Looks like it just got dropped somewhere. > Fixed in the current 2.0 code stream. Will be fixed in 2.0Beta3. > > and then try and edit the file on the Win95 client ... you get the right > version, ie, the one modified on the UNIX side ? > > This is driving us nuts ... This *has* to be oplocks. Turn off oplocks on that share and the problem should go away. Note that IRIX has added a kernel fix for this oplock problem with 2.0 running on IRIX 6.5.2f and above - opens from UNIX clients or via nfs will break Samba oplocks. The interface is an fcntl one and is supported by Samba. Let me know if the HPUX kernel team are interested in supporting it in a future HPUX release. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ken at sdd.hp.com Wed Dec 2 22:15:51 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:46 2003 Subject: Beta 2 on HPUX and other problems ... In-Reply-To: Your message of Wed, 02 Dec 1998 13:57:39 -0800. <3665B7D3.860CC9DD@engr.sgi.com> Message-ID: <199812022215.OAA08402@hpsdlz.sdd.hp.com> > This *has* to be oplocks. Turn off oplocks on that > share and the problem should go away. Yes !!!! I had "fake oplocks = yes" & "oplocks on by default" I turned off fake oplocks ... problem still there, turned off oplocks all together ... problem gone !! Thanks a bunch. > Note that IRIX has added a kernel fix for this oplock > problem with 2.0 running on IRIX 6.5.2f and above - > opens from UNIX clients or via nfs will break Samba oplocks. > > The interface is an fcntl one and is supported by > Samba. Let me know if the HPUX kernel team are interested > in supporting it in a future HPUX release. I can only wish .... I haven't seen anything as useful as samba on anyone's priority list :-( .... they would tell me to use AS/U or more likely to switch everything to NT :-) Thanks again !! -- Ken From lkcl at switchboard.net Wed Dec 2 22:56:53 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0) Message-ID: usrmgr.exe now successfully shows: - users and what local and domain groups they are in - domain groups and what domain users are in them - local groups and what local groups, domain groups or domain users are in them. this is managed with three new options: "domain group map" "domain user map" "local group map" which are documented in smb.conf. they make unix "look" like NT, while still maintaining uid/gid and NT SID integrity on both sides. "add", "delete" and "change" are next on the list of things to do, as is inter-domain trust relationships. i have had unix groups explained to me by mike warfield: apparently the unix user primary group need _not_ appear in /etc/group, the user will _still_ be in that group: initgroup() takes the primary group as its second argument, it adds it to the list of groups returned. so, the users' primary group will be missing unless explicitly mentioned in /etc/group, until i fix this (two, three days?) other issues: NT groups can own files. why? because a SID is a SID. this implies that if we want the same functionality in Samba that a unix userid needs to be created with the same name as a unix group, with no unix shell or password. then this "user", which will represent an NT group, will be able to own a file / directory. samba does not break the unix security model, even when it breaks windows as a result: we're not about to start, now. will keep you all informed. luke From matthew at janus.law.usyd.edu.au Wed Dec 2 22:58:19 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot Login to Domain In-Reply-To: from "Michael S. Hulet" at Dec 3, 98 03:21:05 am Message-ID: <199812022258.JAA20411@janus.law.usyd.edu.au> I can login fine, but smbds are eating 100% CPU time on both processors... (RH Linux, 2.1.130) The latest CVS I downloaded doesnt complile. :-( Compiling rpc_client/cli_samr.c rpc_client/cli_samr.c: In function `do_samr_query_unknown_12': rpc_client/cli_samr.c:586: structure has no member named `ptr_aliases' rpc_client/cli_samr.c:586: structure has no member named `ptr_als_usrs' rpc_client/cli_samr.c:587: structure has no member named `num_als_usrs1' rpc_client/cli_samr.c:587: structure has no member named `num_aliases1' rpc_client/cli_samr.c:592: structure has no member named `num_aliases1' rpc_client/cli_samr.c:594: structure has no member named `num_aliases1' rpc_client/cli_samr.c:596: structure has no member named `uni_als_name' rpc_client/cli_samr.c:596: structure has no member named `uni_als_name' rpc_client/cli_samr.c:598: structure has no member named `num_als_usrs1' rpc_client/cli_samr.c:600: structure has no member named `num_als_usrs' rpc_client/cli_samr.c:603: structure has no member named `ptr_aliases' rpc_client/cli_samr.c:603: structure has no member named `ptr_als_usrs' make: *** [rpc_client/cli_samr.o] Error 1 From twinders at SPC.cc.tx.us Wed Dec 2 23:59:20 1998 From: twinders at SPC.cc.tx.us (Tim Winders) Date: Tue Dec 2 02:24:46 2003 Subject: USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0) In-Reply-To: Message-ID: Luke - I updated my CVS because of the smbpasswd problem and I get an error: domain user map unknown parameter. Perhaps there is something not right yet? the local group map and domain group map are OK. === Tim --------------------------------------------------------------------- | Tim Winders, CNE, MCSE | Email: Tim.Winders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | | Levelland, TX 79336 | | --------------------------------------------------------------------- On Thu, 3 Dec 1998, Luke Kenneth Casson Leighton wrote: > usrmgr.exe now successfully shows: > > - users and what local and domain groups they are in > > - domain groups and what domain users are in them > > - local groups and what local groups, domain groups or domain users are > in them. > > this is managed with three new options: > > "domain group map" > "domain user map" > "local group map" > > which are documented in smb.conf. they make unix "look" like NT, while > still maintaining uid/gid and NT SID integrity on both sides. > > "add", "delete" and "change" are next on the list of things to do, as is > inter-domain trust relationships. > > i have had unix groups explained to me by mike warfield: apparently the > unix user primary group need _not_ appear in /etc/group, the user will > _still_ be in that group: initgroup() takes the primary group as its > second argument, it adds it to the list of groups returned. > > so, the users' primary group will be missing unless explicitly mentioned > in /etc/group, until i fix this (two, three days?) > > other issues: NT groups can own files. why? because a SID is a SID. > > this implies that if we want the same functionality in Samba that a unix > userid needs to be created with the same name as a unix group, with no > unix shell or password. then this "user", which will represent an NT > group, will be able to own a file / directory. samba does not break the > unix security model, even when it breaks windows as a result: we're not > about to start, now. > > will keep you all informed. > > luke > > From ken at sdd.hp.com Thu Dec 3 02:42:30 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:46 2003 Subject: Current cvs bits and shadow.h ? Message-ID: <199812030242.SAA14067@hpsdlz.sdd.hp.com> Current cvs bits bomb on HPUX 10.20 due to configure not detecting the presence of shadow.h (but detecting the lib call that needs it :-) Danged if I can figure out what configure is doing to miss it. Its right in /usr/include/shadow.h and the test prog that configure uses seems to work right ? Any thoughts ? -- Ken From D.Bannon at latrobe.edu.au Thu Dec 3 05:20:48 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: Message-ID: <3.0.3.32.19981203162048.0073b4a4@bioserve.biochem.latrobe.edu.au> The current main branch CSV tells me that my passwd has expired today and offers to let me change it. Now, I think that would be a good feature but I don't think it is really implemented yet ?? Further, and unrelated (?), 'log on' is not permitted if the user is mentioned in a group that is mentioned in the local.map, fine for everyone else. David. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From matthew at janus.law.usyd.edu.au Thu Dec 3 06:01:17 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: <3.0.3.32.19981203162048.0073b4a4@bioserve.biochem.latrobe.edu.au> from "David Bannon" at Dec 3, 98 04:22:22 pm Message-ID: <199812030601.RAA07771@janus.law.usyd.edu.au> > The current main branch CSV tells me that my passwd has expired today and > offers to let me change it. Now, I think that would be a good feature but I > don't think it is really implemented yet ?? Ive been getting that to - and attempting to change the password doesnt work... (However the CTRL-ALT-DEL 'method' works fine...). Yet another way microsoft has to do the same thing.... Im having trouble working out the entire group mapping thing. Need a good site on what groups/accounts mean things to NT... And also how to 'secure' the machines against tampering - just removing write permission from every thing results in explorer then Dr Watson crashing. From cartegw at Eng.Auburn.EDU Thu Dec 3 13:16:55 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:46 2003 Subject: USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0) References: Message-ID: <36668F47.A964F4C0@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > other issues: NT groups can own files. why? because a SID is > a SID. > > this implies that if we want the same functionality in > Samba that a unix userid needs to be created with the same > name as a unix group, with no unix shell or password. > then this "user", which will represent an NT group, will be > able to own a file / directory. Luke, Since Unix has group ownership, why couldn't you use it and the group permission bits for this? Why need to create a bogus user? j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From borsenkow.msk at sni.de Thu Dec 3 13:42:42 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:46 2003 Subject: anybody got rpcclient ntpass working? Message-ID: <007101be1ec2$cd0220b0$21c9ca95@mowp.siemens.ru> It does not work for me with SP4 PDC. No clue - server simply rejects the RPC packet. It works for Luke, but he has no clue as well. I begin to suspect problems with our compiler ... smbpasswd works Can anybody test it with SP4 server? Better not Linux and not gcc ... Create a test account, make sure you can change password from NT workstation :) and try rpcclient -W domain -S server ntpass thank you /andrej From borsenkow.msk at sni.de Thu Dec 3 14:15:00 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:46 2003 Subject: NT user authentication In-Reply-To: <36657134.D15675DE@engr.sgi.com> Message-ID: <007801be1ec7$50076660$21c9ca95@mowp.siemens.ru> > > Yes this is how it works. It is also how Samba 2.0 works > also. Don't know about the HEAD branch as that has so > widely diverged at the moment. > Mostly the same ... There is one thing that nags me. The followin applies to 2.1 branch. The SAMBA as member of NT poses a problem, what to do if Unix user with the same name as domain user exists, but does not have explicit NT->Unix mapping. Luke writes, that any user not explicitly mapped is assumed to be local. This is _not_ as it currently works (and is a bit different anyway) The possible ways to deal with such users can be 1. automatically generate Unix account quite suitable for dedicated SAMBA server without interactive access. You simply plug it onto NT domain and let running. 2. reject these users (remember, they _are_ authenticated from PDC already) it may be quite reasonable for Unix admins wishing full control over who can connect to there box. Anything not allowed is prohibited ... The user may be presented with something like "local policy not allows you to connect" (if at all possible) To connect, such users would need to specify SAMBA domain and be authenticated with local password database - again completely under control of local admin 3. connect with guest (or any fallback account) mild version of 2, that provides for anonymous file server for large amount of users, while giving Unix admin the same level of control. The only problem is, it may be a bit unexpected for users ... 4. connect with matching Unix user rights the worst case. It means, that it is possible to simply create matching NT account and access SAMBA server as Unix user. What is even worse, if there are trusted domains, then such user can be created in _any_ trusted domain - it is a bit too much for me For any server that is not used exclusively for SAMBA I favour the 2 and 3 with smb.conf option to control behaviour. Current SAMBA implements 4 - sigh. /andrej From lkcl at switchboard.net Thu Dec 3 15:41:31 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: smbpasswd -r broken in latest CVS? In-Reply-To: <002901be1ddf$552ce270$21c9ca95@mowp.siemens.ru> Message-ID: i took that check out!!! On Wed, 2 Dec 1998, Andrej Borsenkow wrote: > bor@itsrm2:~smbsrc/source%> smbpasswd -r its_server > get_member_domain_sid: is a DC for ITSRM2 not ITS > Can't setup password database vectors. > > itsrm2 is memeber of its with its_server as PDC > > Actually, smbpasswd does not works as well > > bor@itsrm2:~smbsrc/source%> smbpasswd > get_member_domain_sid: is a DC for ITSRM2 not ITS > Can't setup password database vectors. > > /andrej > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Thu Dec 3 15:42:10 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot Login to Domain In-Reply-To: <199812022258.JAA20411@janus.law.usyd.edu.au> Message-ID: On Thu, 3 Dec 1998, Matthew Geier wrote: > > I can login fine, but smbds are eating 100% CPU time on both processors... > (RH Linux, 2.1.130) oops. > The latest CVS I downloaded doesnt complile. :-( sorted alread, matthew. > Compiling rpc_client/cli_samr.c > rpc_client/cli_samr.c: In function `do_samr_query_unknown_12': > rpc_client/cli_samr.c:586: structure has no member named `ptr_aliases' > rpc_client/cli_samr.c:586: structure has no member named `ptr_als_usrs' > rpc_client/cli_samr.c:587: structure has no member named `num_als_usrs1' > rpc_client/cli_samr.c:587: structure has no member named `num_aliases1' > rpc_client/cli_samr.c:592: structure has no member named `num_aliases1' > rpc_client/cli_samr.c:594: structure has no member named `num_aliases1' > rpc_client/cli_samr.c:596: structure has no member named `uni_als_name' > rpc_client/cli_samr.c:596: structure has no member named `uni_als_name' > rpc_client/cli_samr.c:598: structure has no member named `num_als_usrs1' > rpc_client/cli_samr.c:600: structure has no member named `num_als_usrs' > rpc_client/cli_samr.c:603: structure has no member named `ptr_aliases' > rpc_client/cli_samr.c:603: structure has no member named `ptr_als_usrs' > make: *** [rpc_client/cli_samr.o] Error 1 > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Thu Dec 3 15:43:04 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain In-Reply-To: Message-ID: do you call setgrent() in your test program first? what system you using? what os? On Thu, 3 Dec 1998, Greg Dickie wrote: > > Sorry to be a pain but I cannot figure out what the problem is with the > getgrent looping endlessly. I have tried it in a small test program and it > appears to work ok so there must be something else happening in smbd that I do > not know about. > > help me..... Luke, Jeremy,Gerald? > > please.... > > > Argh > > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Thu Dec 3 15:46:28 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: NT user authentication In-Reply-To: <004201be1df5$e41b73f0$21c9ca95@mowp.siemens.ru> Message-ID: On Thu, 3 Dec 1998, Andrej Borsenkow wrote: > I got this from a book on NT networking. Can anybody please comment on this? > This describes, how member of NT domain verifies remote logon request > > 1. check (domain,user) with DC. If O.K. log user on as (domain,user) > 2. check user against local user database. If O.K., log on as local user > 3. if guest is allowed, log on as guest > 4. deny request > > I am somewhay uneasy about 2 ... it's how their stuff works. when you type in "suser/pass" on the access dialog for a remote share, this is what happens, as that dialog doesn't allow you to specify the domain name. From lkcl at switchboard.net Thu Dec 3 15:51:15 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0) In-Reply-To: Message-ID: On Wed, 2 Dec 1998, Tim Winders wrote: > Luke - > > I updated my CVS because of the smbpasswd problem and I get an error: > > domain user map unknown parameter. Perhaps there is something not right it's definitely in there: check http://samba.org/cgi-bin/cvsweb/samba/source/param/loadparam.c From lkcl at switchboard.net Thu Dec 3 15:54:31 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: NT user authentication In-Reply-To: <36657134.D15675DE@engr.sgi.com> Message-ID: On Thu, 3 Dec 1998, Jeremy Allison wrote: > Andrej Borsenkow wrote: > > > > I got this from a book on NT networking. Can anybody please comment on this? > > This describes, how member of NT domain verifies remote logon request > > > > 1. check (domain,user) with DC. If O.K. log user on as (domain,user) > > 2. check user against local user database. If O.K., log on as local user > > 3. if guest is allowed, log on as guest > > 4. deny request > > > > I am somewhay uneasy about 2 ... > > > > Yes this is how it works. It is also how Samba 2.0 works > also. it's how samba (all versions) have worked, up to the main branch, by ignoring the domain parameter altogether. except in "security = server or domain" where it checks the user/pass against the "password server" parameter, which need not be _your_ pdc, just an SMB server (for security = server) and which needs to be your pdc (for security = domain). > Don't know about the HEAD branch as that has so > widely diverged at the moment. neither do i, exactly: the intention is to take user/pass/domain into account not just user/pass. luke From lkcl at switchboard.net Thu Dec 3 16:03:29 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: <3.0.3.32.19981203162048.0073b4a4@bioserve.biochem.latrobe.edu.au> Message-ID: On Thu, 3 Dec 1998, David Bannon wrote: > The current main branch CSV tells me that my passwd has expired today and > offers to let me change it. Now, I think that would be a good feature but I > don't think it is really implemented yet ?? he he. you know, i don't know! password change _should_ work but yes, i know: it would be... oh _i_ know where that comes from, oops: sorry. > Further, and unrelated (?), 'log on' is not permitted if the user is > mentioned in a group that is mentioned in the local.map, fine for everyone > else. oh?? just "in a group", or if the group is the users' _primary_ group? From twinders at SPC.cc.tx.us Thu Dec 3 16:03:11 1998 From: twinders at SPC.cc.tx.us (Tim Winders) Date: Tue Dec 2 02:24:46 2003 Subject: USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0) In-Reply-To: Message-ID: Bizarre. I checked my loacal source/param/loadparm.c file and I see the domain user map option. The date on the file is 12/2/98 17:28 CT which is when I updated my CVS last. I did a make distclean before I started, so I don't know what has happened... Maybe I will do a make distclean THEN update my CVS and try again... === Tim --------------------------------------------------------------------- | Tim Winders, CNE, MCSE | Email: Tim.Winders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | | Levelland, TX 79336 | | --------------------------------------------------------------------- On Thu, 3 Dec 1998, Luke Kenneth Casson Leighton wrote: > On Wed, 2 Dec 1998, Tim Winders wrote: > > > Luke - > > > > I updated my CVS because of the smbpasswd problem and I get an error: > > > > domain user map unknown parameter. Perhaps there is something not right > > it's definitely in there: check > http://samba.org/cgi-bin/cvsweb/samba/source/param/loadparam.c > > > From lkcl at switchboard.net Thu Dec 3 16:04:28 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: <199812030601.RAA07771@janus.law.usyd.edu.au> Message-ID: On Thu, 3 Dec 1998, Matthew Geier wrote: > > The current main branch CSV tells me that my passwd has expired today and > > offers to let me change it. Now, I think that would be a good feature but I > > don't think it is really implemented yet ?? > > Ive been getting that to - and attempting to change the password > doesnt work... (However the CTRL-ALT-DEL 'method' works fine...). > Yet another way microsoft has to do the same thing.... argh. From lkcl at switchboard.net Thu Dec 3 16:12:44 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0) In-Reply-To: <36668F47.A964F4C0@eng.auburn.edu> Message-ID: On Thu, 3 Dec 1998, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > other issues: NT groups can own files. why? because a SID is > > a SID. > > > > this implies that if we want the same functionality in > > Samba that a unix userid needs to be created with the same > > name as a unix group, with no unix shell or password. > > then this "user", which will represent an NT group, will be > > able to own a file / directory. > > Luke, > > Since Unix has group ownership, why couldn't you use it and the > group permission bits for this? Why need to create a bogus > user? how do you get a unix group to own a file? no, i don't mean a unix user, i really really mean a unix _group_ to be the "creator / owner" of a file, so that you can set "user" permissions not "group" or "other" for that unix group. as far as i know, you can't. not on any version of unix. From greg at discreet.com Thu Dec 3 16:06:42 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain In-Reply-To: Message-ID: Hi Luke, yes, it's probably too simple so it works #include "stdio.h" #include "grp.h" struct group *fred; void main() { setgrent(); while ( 1 ) { fred=getgrent(); printf("Group name is: %s\n",fred->gr_name); /* apparently the end condition is not handled very gracefully! */ } } This is an SGI Indigo 2 running IRIX 6.2 & the same machine as samba. Greg On 03-Dec-98 Luke Kenneth Casson Leighton wrote: > do you call setgrent() in your test program first? what system you using? > what os? > > On Thu, 3 Dec 1998, Greg Dickie wrote: > >> >> Sorry to be a pain but I cannot figure out what the problem is with the >> getgrent looping endlessly. I have tried it in a small test program and it >> appears to work ok so there must be something else happening in smbd that I >> do >> not know about. >> >> help me..... Luke, Jeremy,Gerald? >> >> please.... >> >> >> Argh >> >> Greg >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet logic >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Thu Dec 3 16:18:15 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: NT user authentication In-Reply-To: <007801be1ec7$50076660$21c9ca95@mowp.siemens.ru> Message-ID: On Fri, 4 Dec 1998, Andrej Borsenkow wrote: > > > > Yes this is how it works. It is also how Samba 2.0 works > > also. Don't know about the HEAD branch as that has so > > widely diverged at the moment. > > > > > Mostly the same ... There is one thing that nags me. The followin applies to > 2.1 branch. > > The SAMBA as member of NT poses a problem, what to do if Unix user with the > same name as domain user exists, but does not have explicit NT->Unix > mapping. Luke writes, that any user not explicitly mapped is assumed to be > local. This is _not_ as it currently works (and is a bit different anyway) not quite: any user not explicitly mapped in by "domain user map" is checked against the PDC. if the account does not exist on the PDC, _then_ it is treated as a local user. _regardless_ of whether it is a local or a domain user, there must still exist a UNIX account with the same name. From lkcl at switchboard.net Thu Dec 3 16:33:13 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain In-Reply-To: Message-ID: hmph. ok, i'm going to try using the initgroups() function where possible in lib/replace.c. and other code. On Thu, 3 Dec 1998, Greg Dickie wrote: > Hi Luke, > > yes, it's probably too simple so it works > > #include "stdio.h" > #include "grp.h" > > struct group *fred; > > void main() { > > setgrent(); > > while ( 1 ) { > > fred=getgrent(); > printf("Group name is: %s\n",fred->gr_name); > > /* apparently the end condition is not handled very gracefully! */ > } > } > > This is an SGI Indigo 2 running IRIX 6.2 & the same machine as samba. > > Greg > > > > On 03-Dec-98 Luke Kenneth Casson Leighton wrote: > > do you call setgrent() in your test program first? what system you using? > > what os? > > > > On Thu, 3 Dec 1998, Greg Dickie wrote: > > > >> > >> Sorry to be a pain but I cannot figure out what the problem is with the > >> getgrent looping endlessly. I have tried it in a small test program and it > >> appears to work ok so there must be something else happening in smbd that I > >> do > >> not know about. > >> > >> help me..... Luke, Jeremy,Gerald? > >> > >> please.... > >> > >> > >> Argh > >> > >> Greg > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet logic > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > >> > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba and Network Consultancy > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From borsenkow.msk at sni.de Thu Dec 3 18:14:49 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:46 2003 Subject: NT user authentication In-Reply-To: Message-ID: <008a01be1ee8$d0a039c0$21c9ca95@mowp.siemens.ru> > > any user not explicitly mapped in by "domain user map" is checked against > the PDC. if the account does not exist on the PDC, _then_ it is treated > as a local user. > 1. NT WS user != NT Domian user even if the name is the same. Why you deny it to SAMBA? 2. If NT domain has trusted domains and any user from these domains tries to connect, he will be accepted by PDC. And if his name happens to exist in Unix, he will be given _this_unix_user_rights_ Even if you can control local domains, you probably cannot control remote. I don't expect remote admin to consult me before creating new user. And just hope, that he will never select "root" ... > _regardless_ of whether it is a local or a domain user, there must still > exist a UNIX account with the same name. > Sure. I have spoken about the case when Unix account exist. I understand your point - please, understand mine. I don't say "do it this way only" - I ask for a possibility to do it both ways if needed. /andrej From jallison at cthulhu.engr.sgi.com Thu Dec 3 18:31:07 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain References: Message-ID: <3666D8EB.1BFCBC83@engr.sgi.com> Luke Kenneth Casson Leighton wrote: > > hmph. ok, i'm going to try using the initgroups() function where possible > in lib/replace.c. and other code. FYI: initgroups is already replaced in lib/replace.c if the underlying UNIX system does not have it. So it's always safe to use initgroups() in Samba code. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Thu Dec 3 18:46:34 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: NT user authentication In-Reply-To: <008a01be1ee8$d0a039c0$21c9ca95@mowp.siemens.ru> Message-ID: On Thu, 3 Dec 1998, Andrej Borsenkow wrote: > > > > any user not explicitly mapped in by "domain user map" is checked against > > the PDC. if the account does not exist on the PDC, _then_ it is treated > > as a local user. > > > > 1. NT WS user != NT Domian user even if the name is the same. true, they are in different SAM databases. > Why you deny it to SAMBA? deny what? sorry, your question is ambiguous. > 2. If NT domain has trusted domains and any user from these domains tries to > connect, > he will be accepted by PDC. And if his name happens to exist in Unix, he > will be not on the main branch, he darn well won't. in the future, a trusted domain user will *have* to have an entry in "domain user map" of the format unique_unix_name=DOMAIN_NAME\domain_user. From lkcl at switchboard.net Thu Dec 3 18:48:25 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain In-Reply-To: <3666D8EB.1BFCBC83@engr.sgi.com> Message-ID: On Thu, 3 Dec 1998, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > hmph. ok, i'm going to try using the initgroups() function where possible > > in lib/replace.c. and other code. > > FYI: initgroups is already replaced in lib/replace.c if > the underlying UNIX system does not have it. So it's > always safe to use initgroups() in Samba code. ok. i already _use_ get_unixgroups() which calls initgroups() etc. the problem is that if i know the gid and i want to know what users are in that group, not just what groups are in /etc/group, you have to enumerate the password database to find out. this is horrible. From jallison at cthulhu.engr.sgi.com Thu Dec 3 18:53:01 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain References: Message-ID: <3666DE0D.B42B4263@engr.sgi.com> Luke Kenneth Casson Leighton wrote: > > the problem is that if i know the gid and i want to know what users are > in that group, not just what groups are in /etc/group, you have to > enumerate the password database to find out. > > this is horrible. It may be horrible, but it's POSIX, so at least it's a *standard* horrible interface. Think happy thoughts, you could be doing this in Win32 with the "API of the month" club :-) :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ken at sdd.hp.com Thu Dec 3 18:54:54 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:46 2003 Subject: Beta 2 on HPUX and other problems ... In-Reply-To: Your message of Wed, 02 Dec 1998 13:57:39 -0800. <3665B7D3.860CC9DD@engr.sgi.com> Message-ID: <199812031854.KAA02790@hpsdlz.sdd.hp.com> > This *has* to be oplocks. Turn off oplocks on that > share and the problem should go away. Ok ... so now the problem has changed. Turning oplocks off fixed our win95 problems but busted our WinNT clients ? This morning I'm being blasted by WinNT people saying that they can't open files at all :-( -- Ken From jallison at cthulhu.engr.sgi.com Thu Dec 3 18:59:34 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:46 2003 Subject: Beta 2 on HPUX and other problems ... References: <199812031854.KAA02790@hpsdlz.sdd.hp.com> Message-ID: <3666DF96.CE48319@engr.sgi.com> Ken Stone wrote: > > > This *has* to be oplocks. Turn off oplocks on that > > share and the problem should go away. > > Ok ... so now the problem has changed. Turning oplocks off fixed our win95 > problems but busted our WinNT clients ? This morning I'm being blasted by > WinNT people saying that they can't open files at all :-( > That shouldn't be the case. Get a debug level 10 log of an NT user trying to open a non-oplocked file and check what's happening. I'll also try and reproduce it here. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Thu Dec 3 19:33:01 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Cannot log onto domain In-Reply-To: <3666DE0D.B42B4263@engr.sgi.com> Message-ID: On Thu, 3 Dec 1998, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > > the problem is that if i know the gid and i want to know what users are > > in that group, not just what groups are in /etc/group, you have to > > enumerate the password database to find out. > > > > this is horrible. > > It may be horrible, but it's POSIX, so at least it's > a *standard* horrible interface. Think happy thoughts, > you could be doing this in Win32 with the "API of the > month" club :-) :-). jeremy, i hate to remind you but i am implementing part of the win32 api. worse than that, we have to keep both camps happy... From green at UMDNJ.EDU Thu Dec 3 22:55:02 1998 From: green at UMDNJ.EDU (Cliff Green) Date: Tue Dec 2 02:24:46 2003 Subject: Current cvs bits and shadow.h ? Message-ID: <2174635658.912707702@grindstone.UMDNJ.EDU> --On Thursday, December 03, 1998, 1:44 PM +1100 Ken Stone wrote: > > Current cvs bits bomb on HPUX 10.20 due to configure not detecting the > presence of shadow.h (but detecting the lib call that needs it :-) Yeah - we noticed this too. It's in both CVS branches, but not in the 2.0beta tarballs, so it's been introduced pretty recently. After much rummaging about in the three sets of configure/configure.in/config.h/Makefile/config.cache files (from the beta2 tar, the SAMBA_2_0 branch, and the HEAD branch), my vote goes to the tests in configure for the checks for putprpwnam, set_auth_parameters, getspnam, bigcrypt, and getprpwnam. Checking the cvs log for aclocal.m4, I read: > > 1.3.2.1 Wed Nov 25 20:14:58 :Australia/NSW 1998 by jra > Branch: SAMBA_2_0 > Diffs to 1.3 > > Makefile.in: Added 'maintainer mode' fixes. > aclocal.m4: Added new function - AC_LIBTESTFUNC. > configure.in: Fixes for the messy -lsec, -lsecurity code. > include/includes.h: Added a default printcap define. > Jeremy. Now I'm no initiate into the ways of autoconfig, but when reading the definition of AC_LIBTESTFUNC, I couldn't find a corresponding definition of AC_CHECK_FUNC, which is only called there. Could this be part of the problem? > Danged if I can figure out what configure is doing to miss it. Its right > in /usr/include/shadow.h and the test prog that configure uses seems to > work right ? A diff of config.cache for beta2 and the current cvs branches shows that there's a few defines that have been reversed from the earlier (makeable) set : diff of config.cache for SAMBA_2_0 and beta2.tar.gz, in that order: 4c4 < ac_cv_func_set_auth_parameters=${ac_cv_func_set_auth_parameters=yes} --- > ac_cv_func_set_auth_parameters=${ac_cv_func_set_auth_parameters=no} 6c6 < ac_cv_func_getspnam=${ac_cv_func_getspnam=yes} --- > ac_cv_func_getspnam=${ac_cv_func_getspnam=no} 8c8 < ac_cv_func_bigcrypt=${ac_cv_func_bigcrypt=yes} --- > ac_cv_func_bigcrypt=${ac_cv_func_bigcrypt=no} 10c10 < ac_cv_func_getprpwnam=${ac_cv_func_getprpwnam=yes} --- > ac_cv_func_getprpwnam=${ac_cv_func_getprpwnam=no} > Any thoughts ? I wish I knew more about setting up autoconfig. c -- Cliff Green green@umdnj.edu Academic Computing Service, UMDNJ From D.Bannon at latrobe.edu.au Thu Dec 3 23:09:49 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: References: <3.0.3.32.19981203162048.0073b4a4@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19981204100949.0074e358@bioserve.biochem.latrobe.edu.au> At 04:03 PM 03/12/1998 +0000, Luke Kenneth Casson Leighton wrote: >> Further, and unrelated (?), 'log on' is not permitted if the user is >> mentioned in a group that is mentioned in the local.map, fine for everyone >> else. > >oh?? just "in a group", or if the group is the users' _primary_ group? OK, bit more carefull testing. If user is a member of a group (say adm) that is mapped to "Administrators", "System Operators" or even "Users", cannot logon. It does not matter if the (unix)group is the user's primary group or only mentioned in /etc/group. However, if I map adm=BUILTIN\BlarBlar ie, a non existing NT Group, then logins occur without problems. Now, _not_ using the map file but using a technique suggested by someone a week or so ago, add an entry to the /etc/group file thus : Domain Admins:*:2000:dbannon,tony Works fine ! I can logon with full admin rights. This is not a bad way to work, but I assume not the way you want to do it. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From twinders at SPC.cc.tx.us Thu Dec 3 23:18:25 1998 From: twinders at SPC.cc.tx.us (Tim Winders) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: <3.0.3.32.19981204100949.0074e358@bioserve.biochem.latrobe.edu.au> Message-ID: On Fri, 4 Dec 1998, David Bannon wrote: > At 04:03 PM 03/12/1998 +0000, Luke Kenneth Casson Leighton wrote: > > >> Further, and unrelated (?), 'log on' is not permitted if the user is > >> mentioned in a group that is mentioned in the local.map, fine for everyone > >> else. > > > >oh?? just "in a group", or if the group is the users' _primary_ group? > > OK, bit more carefull testing. > If user is a member of a group (say adm) that is mapped to > "Administrators", "System Operators" or even "Users", cannot logon. It > does not matter if the (unix)group is the user's primary group or only > mentioned in /etc/group. > > However, if I map adm=BUILTIN\BlarBlar ie, a non existing NT Group, then > logins occur without problems. > > Now, _not_ using the map file but using a technique suggested by someone a > week or so ago, add an entry to the /etc/group file thus : > > Domain Admins:*:2000:dbannon,tony > > Works fine ! I can logon with full admin rights. This is not a bad way to > work, but I assume not the way you want to do it. David - On my system (Digital Unix 4.0D) I cannot have a group name or user name longer than 8 characters. At least in the default configuration... so the above would not work for me... === Tim --------------------------------------------------------------------- | Tim Winders, CNE, MCSE | Email: Tim.Winders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | | Levelland, TX 79336 | | --------------------------------------------------------------------- From is04797 at salleURL.edu Fri Dec 4 11:20:18 1998 From: is04797 at salleURL.edu (=?iso-8859-1?Q?V=EDctor_Pons_Colomer?=) Date: Tue Dec 2 02:24:46 2003 Subject: smbd/reply.c Bug? Message-ID: Hi all. I have a problem with both the main branch and the beta2 branch with home directories user validations. In smb.conf I have homes setup as follows: [homes] comment = Home Directories user only = yes browseable = yes It used to work two weeks ago. But when you put the user database it stopped working. The problem is that when i try to enter the home directory it says Error bad user/password in the logs, and Win (both NT and 98) insists in asking for user and pwd. Debugging it I found in smbd/reply.c function reply_tcon_and_X that if the packet sent by Win doesn't contain a '%' character it doesn't fit the user parameter, so validation doesn't work I don't know if is a bug or a bad configuration. I tried setting in [homes] path = /%H but it still doesn't work TIA! ----------------------------------------------------------------------------- Viktu Pons Colomer Col.laborador del Centre de Serveis Inform?tics CSI Department of Computer Science Escola d'Enginyeria la Salle Telf: 07 972026 Universitat Ramon Llull E-mail: viktu@salleURL.edu C/ Balmes 1 viktu@grn.es 17144- Colomers Girona - Europe ----------------------------------------------------------------------------- From is04797 at salleURL.edu Fri Dec 4 15:36:05 1998 From: is04797 at salleURL.edu (=?iso-8859-1?Q?V=EDctor_Pons_Colomer?=) Date: Tue Dec 2 02:24:46 2003 Subject: More with sbmd/reply.c Message-ID: I forgot to say that when I use the command smbclient -L SERVER as root it asks for a pwd and after entering it it says something like ERRBmsg wrong user/pwd (don't remember the correct syntax) But if I use smbclient -L SERVER -U root it works TIA! ----------------------------------------------------------------------------- Viktu Pons Colomer Col.laborador del Centre de Serveis Inform?tics CSI Department of Computer Science Escola d'Enginyeria la Salle Telf: 07 972026 Universitat Ramon Llull E-mail: viktu@salleURL.edu C/ Balmes 1 viktu@grn.es 17144- Colomers Girona - Europe ----------------------------------------------------------------------------- From lkcl at switchboard.net Fri Dec 4 16:07:09 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: Message-ID: On Fri, 4 Dec 1998, Tim Winders wrote: > On Fri, 4 Dec 1998, David Bannon wrote: > > > At 04:03 PM 03/12/1998 +0000, Luke Kenneth Casson Leighton wrote: > > > > >> Further, and unrelated (?), 'log on' is not permitted if the user is > > >> mentioned in a group that is mentioned in the local.map, fine for everyone > > >> else. > > > > > >oh?? just "in a group", or if the group is the users' _primary_ group? > > > > OK, bit more carefull testing. > > If user is a member of a group (say adm) that is mapped to > > "Administrators", "System Operators" or even "Users", cannot logon. It > > does not matter if the (unix)group is the user's primary group or only > > mentioned in /etc/group. > > > > However, if I map adm=BUILTIN\BlarBlar ie, a non existing NT Group, then > > logins occur without problems. > > > > Now, _not_ using the map file but using a technique suggested by someone a > > week or so ago, add an entry to the /etc/group file thus : > > > > Domain Admins:*:2000:dbannon,tony > > > > Works fine ! I can logon with full admin rights. This is not a bad way to > > work, but I assume not the way you want to do it. > > David - > > On my system (Digital Unix 4.0D) I cannot have a group name or user name > longer than 8 characters. At least in the default configuration... so > the above would not work for me... > but: /etc/group - dadmn::20001:root,... and group.map: dadmn="DOmain Admins" _would_ work. From borsenkow.msk at sni.de Fri Dec 4 16:14:28 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:46 2003 Subject: usrmgr.exe does not work with SAMBA as domain member Message-ID: <001401be1fa1$2ad41390$21c9ca95@mowp.siemens.ru> The last CVS from today, usrmgr.exe, select domain, \\samba -> either I get "SAMBA is part of domain DOMAIN - setting focus to DOMAIN" or "device attached to system not functioning" Looking at code - currently samba always reports srv_type as domain controller :)) Changed to report either controller or member depending on lp_server_role() Now constantly get "device not functioning" ... Looking through log, the last action seems to be the request for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions, ProductType. SAMBA returns "LanmanNT" - on my NT4 WS it is set to "WinNT". Tried to set it to "WinNT" as well - and now get the "LAN Manager error 3276800" occured :-) It does not even get as far as requesting user info ... /andrej From twinders at SPC.cc.tx.us Fri Dec 4 16:25:02 1998 From: twinders at SPC.cc.tx.us (Tim Winders) Date: Tue Dec 2 02:24:46 2003 Subject: Your Passwd has expired ..... In-Reply-To: Message-ID: On Fri, 4 Dec 1998, Luke Kenneth Casson Leighton wrote: > On Fri, 4 Dec 1998, Tim Winders wrote: > > > On Fri, 4 Dec 1998, David Bannon wrote: > > > > > At 04:03 PM 03/12/1998 +0000, Luke Kenneth Casson Leighton wrote: > > > > > > >> Further, and unrelated (?), 'log on' is not permitted if the user is > > > >> mentioned in a group that is mentioned in the local.map, fine for everyone > > > >> else. > > > > > > > >oh?? just "in a group", or if the group is the users' _primary_ group? > > > > > > OK, bit more carefull testing. > > > If user is a member of a group (say adm) that is mapped to > > > "Administrators", "System Operators" or even "Users", cannot logon. It > > > does not matter if the (unix)group is the user's primary group or only > > > mentioned in /etc/group. > > > > > > However, if I map adm=BUILTIN\BlarBlar ie, a non existing NT Group, then > > > logins occur without problems. > > > > > > Now, _not_ using the map file but using a technique suggested by someone a > > > week or so ago, add an entry to the /etc/group file thus : > > > > > > Domain Admins:*:2000:dbannon,tony > > > > > > Works fine ! I can logon with full admin rights. This is not a bad way to > > > work, but I assume not the way you want to do it. > > > > David - > > > > On my system (Digital Unix 4.0D) I cannot have a group name or user name > > longer than 8 characters. At least in the default configuration... so > > the above would not work for me... > > > > but: > > /etc/group - > > dadmn::20001:root,... > > > and group.map: > > dadmn="DOmain Admins" > > _would_ work. > > I would guess so. I have done just that, but haven't tried it out yet... === Tim --------------------------------------------------------------------- | Tim Winders, CNE, MCSE | Email: Tim.Winders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | | Levelland, TX 79336 | | --------------------------------------------------------------------- From lkcl at switchboard.net Fri Dec 4 17:56:27 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:46 2003 Subject: usrmgr.exe does not work with SAMBA as domain member In-Reply-To: <001401be1fa1$2ad41390$21c9ca95@mowp.siemens.ru> Message-ID: usrmgr.exe running on a domain member, hm, i've never done that. ok, i'll have to try it. network-reverse-engineering is *fun*, guys. On Sat, 5 Dec 1998, Andrej Borsenkow wrote: > The last CVS from today, usrmgr.exe, select domain, \\samba -> From nescau at akira.ucpel.tche.br Fri Dec 4 13:04:02 1998 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:24:47 2003 Subject: Thinking about disk-quotas... In-Reply-To: Message-ID: Hi! Mr. Dejan Ilic sent recently an email talking about the hole-filesystem (I think this the name of that feature). We're looking to use samba as the PDC of our network but that quota "problem" (file creation with *virtually* the right size but zero filled after the quota roof) may be a problem... I'm looking for a way to stop copying a file and even deleting it if the quota limit is hitted. Maybe it could be a good thing in the main branch. Could anyone please give me some help? Looking in the source code I couldn't figure the right place to start my journey... Thanks in advance! Under Lord's Grace, and rather in a hurry, Luis [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- Gospel User -- NetAdmin -- Linuxer -- Musician? ] [ RHuser - DRWATSON.EXE user - http://akira.ucpel.tche.br/~nescau - IS 40:31 ] [______________________________ Yeshua Hamashia _____________________________] From borsenkow.msk at sni.de Fri Dec 4 18:10:53 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:47 2003 Subject: usrmgr.exe does not work with SAMBA as domain member In-Reply-To: Message-ID: <001901be1fb1$6e6c5b20$21c9ca95@mowp.siemens.ru> > > usrmgr.exe running on a domain member, hm, i've never done that. ok, i'll > have to try it. network-reverse-engineering is *fun*, guys. > It does work for NT WS or Server (not DC). If you try it on DC (BDC or PDC) it moves onto domain. It means srv_type should not be hardcoded ... which implies interaction bewteen smbd and nmbd on correct values. The domain role is static? but current browser status not /andrej From lkcl at switchboard.net Fri Dec 4 18:20:18 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: usrmgr.exe does not work with SAMBA as domain member In-Reply-To: <001901be1fb1$6e6c5b20$21c9ca95@mowp.siemens.ru> Message-ID: > It does work for NT WS or Server (not DC). If you try it on DC (BDC or PDC) > it moves onto domain. It means srv_type should not be hardcoded ... which > implies interaction bewteen smbd and nmbd on correct values. The domain role > is static? but current browser status not i know. thee's code in ipc.c but it's a bit of a mess, so i hard-coded it. From lkcl at switchboard.net Fri Dec 4 18:21:22 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: nmbd does not start without smbd (fwd) Message-ID: Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy ---------- Forwarded message ---------- Date: Fri, 4 Dec 1998 21:18:13 +0300 From: Andrej Borsenkow To: "Leighton, Luke Kenneth Casson" Subject: nmbd does not start without smbd If it is unavoidable, it should at least be documented :)) Dec 4 21:11:39 itsrm2 unix: sudo: bor : TTY=pts/10 ; PWD=/tools/src/samba-cvs/source ; USER=root ; COMMAND=/tools/bin/nmbd -D Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: [1998/12/04 21:11:39, 1] lib/util_sock.c:(735) Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: error connecting to 149.202.201.17:139 (Connection refused) Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: [1998/12/04 21:11:39, 1] libsmb/clientgen.c:(2607) Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: cli_establish_connection: failed to connect to ITSRM2<00> (149.202.201.17) Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: [1998/12/04 21:11:39, 0] libsmb/clientgen.c:(2796) Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: cli_connect_serverlist: Domain password server not available. Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: [1998/12/04 21:11:39, 0] lib/sids.c:(198) Dec 4 21:11:39 itsrm2 unix: nmbd[20165]: get_member_domain_sid: unable to initialise client connection. From lkcl at switchboard.net Fri Dec 4 21:24:49 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: nmbd does not start without smbd (fwd) In-Reply-To: <000301be1fcb$67be4ee0$850eed84@omnibook.wyse.com> Message-ID: On Sat, 5 Dec 1998, William Stuart wrote: > > -----Original Message----- > From: samba-technical@samba.org [mailto:samba-technical@samba.org]On > Behalf Of Andrej Borsenkow > Sent: Friday, December 04, 1998 12:11 PM > To: Multiple recipients of list > Subject: RE: nmbd does not start without smbd (fwd) > > > > > > > > Ehem ... Which reminds me - why do I need to set it at all? Is it not > > > supposed to be dynamically resolved? > > > > no, for security reasons. > > > > > > > Do you mean, that all NT workstations are insecure? > > I'd have to agree with Andrej here... > > It should resolve the PDC or BDC if the PDC is temporarily (or permanently) > unavailble, just like NT does. yep, we know. anyone want to write a UDP-request function (QUERYFORPDC)? it's the reverse of nmbd/nmbd_processlogon.c:process_logon(), case QUERYFORPDC? From pgmtekn at algonet.se Fri Dec 4 21:35:58 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:47 2003 Subject: Issues in head branch Message-ID: <010501be1fce$17ddf9e0$0300a8c0@pippi.emil.pgmt> Hello, I've got a CVS image tonight (1998-12-04) and had some problems with it: I could not start nmbd. Checking the logs led me to believe that get_member_domain_sid could have something to do with it, which seems to be wrong. This is due to an error in the DEBUG statements in lib/sids.c, function get_domain_sids: if( !cli_connect_serverlist(&cli,servers) ) { DEBUG(0,("get_member_domain_sid: unable to initialize client connection.\n")); ... The message should probably be: DEBUG(0,("get_domain_sids: unable to initialize client connection.\n")); When I had found this I was able to trace the call back to pwdb_initialize (lib/util_pwdb.c), which will **ALWAYS** call it as it is called with is_server = False from main (nmbd/nmbd.c). As my server isn't supposed to use another password server (I've got noone) this call fails, which in turn terminates nmbd. After having started nmbd, I'm sorry to report that user lists in USRMGR and today also serverlist in SRVMGR doesn't work under W95. I can however connect USRMGR in low-speed and see the properties of users and groups. I have got no further details at this moment, but SRVMGR fails with an "Internal NT error occured" and USRMGR with a "RPC call failed". Best regards, Michael Stockman pgmtekn-micke@algonet.se From lkcl at switchboard.net Fri Dec 4 23:13:54 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: [CVS MAIN BRANCH] laborious task, any volunteers? Message-ID: there are 43 calls to cli_nt_session_open() and 43 calls to cli_nt_close(). as r.s.i is beginning to hit badly, does anyone want the simple but laborious task of: - checking out the latest cvs MAIN branch in a completely new directory, DO NOT specify a tag, NOT EVEN any tag, NOT EVEN SAMBA_2_0. - removing nt_pipe_fnum from struct cli_state - adding a uint16* fnum to cli_nt_session_open() as a 3rd argument - adding a uint16 fnum to cli_nt_session_close() as a 3rd argument - adding a uint16 nt_fnum as a local stack variable to all the places where cli_nt_session_open() and cli_nt_session_close() are called. - use cvs diff -u source/ > foo or diff -r -u source-old/ source/ > foo and send me the output as a patch file. if you are happy to do this, and there are more than one of you, please decide amongst yourselves on the samba-technical list, i will be back on monday. thank you! From amol at memcad.com Fri Dec 4 23:17:30 1998 From: amol at memcad.com (Amol Karnik) Date: Tue Dec 2 02:24:47 2003 Subject: REPOST : Re: upgrades never work References: <366554AB.C1D95FA7@memcad.com> Message-ID: <36686D8A.CDC8C87B@memcad.com> hi all, didnt receive a single reply to this. This is really important to me...i have a few machine out on my network , (NT,98 and 95) which log on to my samba domain. How can i ever upgrade, without having to redo every machine every time? - amol Amol Karnik wrote: > > hi all, > > i'm sure i'm doing something totally wrong here. > > i always get the latest cvs version after any major changes to the code, > and compile it, and install it. Whenver i do this, all the NT > workstations which used to be able to join my samba domain, are now > unable to join it when they reboot, saying that the machines dont have > an account. I then have to delete their entry from smbpasswd, get the > machines into standalone (not part of a domain). then add the machine to > the smbpasswd file using smbpasswd -a -m machinename. then change the > workstations to log on to the samba domain, then reboot. > > is there any other way of doing this? every time the change the smbd and > nmbd daemons, i have to do this all over again, for all wkstations! > > regards, and thanks in advance. > > - amol -- ----------------------------------------------------- Amol Karnik Senior Development Engineer amol@memcad.com Microcosm Technologies, Inc. (617) 225-0094 x248 215 First St., Suite #2D (617) 621-7838 FAX Cambridge MA, 02142 http://www.memcad.com ----------------------------------------------------- From kevinsd at cfnnet.com Sat Dec 5 01:52:01 1998 From: kevinsd at cfnnet.com (Kevin S.D.) Date: Tue Dec 2 02:24:47 2003 Subject: Strange HP3000 and HPUX 10.x problems connecting to NT4 member server Message-ID: <000801be1ff1$da0a4c80$67c99fce@yoda.oly.com> Here goes: How the heck can you get a Samba server to access NT4 (SP3) shares on an NT member server (ie. non-PDC/BDC)??? This setup works fine when accessing shares on an NT PDC or BDC, presumably because they have the ability to do password authentication. As soon as I try, I always get the following error: $ smbclient -L xcellenetfsrv -n cfnauth -U myuser%mypass -d 10 This was the tail end of the return error: got smb length of 35 size=35 smb_com=0x73 smb_rcls=1 smb_reh=0 smb_err=5 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=6930 smb_uid=24 smb_mid=7030 smt_wct=0 smb_bcc=0 Session setup failed for username=myuser myname=CFNAUTH destname=XCELLENETFSRV ERRDOS - ERRnoaccess (Access denied.) You might find the -U, -W or -n options useful Sometimes you have to use `-n USERNAME' (particularly with OS/2) Some servers also insist on uppercase-only passwords $ I have the follwoing two versions of Samba running on HPUX and HP/iX: hpux: Version 1.9.18p4 mpe: Version 1.9.16p9 Both return a similar error "ERRnoaccess" I somehow believe that these problems stem from the fact that the machines aren't members of the NT domain, but for the life of me, I can't get them to add properly. HELP!!! Thanks... Kevin kevinsd@cfnnet.com From m_gueterman at editcorp.com Sat Dec 5 18:32:09 1998 From: m_gueterman at editcorp.com (Michael L Gueterman) Date: Tue Dec 2 02:24:47 2003 Subject: Strange HP3000 and HPUX 10.x problems connecting to NT4 member server In-Reply-To: <000801be1ff1$da0a4c80$67c99fce@yoda.oly.com> Message-ID: <19981205183311Z12607913-5124+402@samba.anu.edu.au> Kevin, The version of Samba you're using for the HP3000 does not accept encrypted passwords so until 1.9.18p10 is available (any day now!), you'll need to apply the Plain Text registry hack to your WINNT sp3, Win95 OSR2, and later PCs. If you don't have those instructions, you can find them in the Documentation Area of http://www.sambaix.com which is a site devoted mainly to Samba on MPE/iX. This is also the site where we will place the 1.9.18p10 package shortly. Regards, Michael L Gueterman Easy Does It Technologies Allaire Alliance Partner email: M_Gueterman@editcorp.com http://www.editcorp.com voice: (888) 858-EDIT -or- (509) 943-5108 fax: (509) 946-1170 -- > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Kevin S.D. > Sent: Friday, December 04, 1998 5:59 PM > To: Multiple recipients of list > Subject: Strange HP3000 and HPUX 10.x problems connecting to > NT4 member > server > > > Here goes: > > How the heck can you get a Samba server to access NT4 (SP3) > shares on an NT > member server (ie. non-PDC/BDC)??? This setup works fine > when accessing > shares on an NT PDC or BDC, presumably because they have the > ability to do > password authentication. As soon as I try, I always get the following > error: > > $ smbclient -L xcellenetfsrv -n cfnauth -U myuser%mypass -d 10 > From cartegw at Eng.Auburn.EDU Sun Dec 6 03:03:00 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:47 2003 Subject: REPOST : Re: upgrades never work References: <366554AB.C1D95FA7@memcad.com> <36686D8A.CDC8C87B@memcad.com> Message-ID: <3669F3E4.85CCD94A@eng.auburn.edu> Amol Karnik wrote: > > didnt receive a single reply to this. This is really > important to me...i have a few machine out on my network > , (NT,98 and 95) which log on to my samba domain. How can > i ever upgrade, without having to redo every machine > every time? > > i always get the latest cvs version after any major changes > > to the code, and compile it, and install it. Major code changes can often break your current setup. For example, the fix with the internal reading of the domain SID on a Samba PDC should have broken some sites depending on the PDC' SID. I don't think it can be stressed enough that the PDC support is experiemental, not complete and changes often. That's just the price we pay for being able to run without an NT Server. However, given that nothing in the update changes the relationship between the PDC and it's sam database (private/smbpasswd) or it's SID, upgrading should not break you domain. Could you specify the exact steps when you upgrade? Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dae at ludd.luth.se Sun Dec 6 13:42:52 1998 From: dae at ludd.luth.se (Daniel Nilsson) Date: Tue Dec 2 02:24:47 2003 Subject: smbpasswd problem ? Message-ID: <366A89DC.4DC88463@ludd.luth.se> Hi I'm trying out to latest CVS source 981204 but I'm getting some trouble with the encryption. Tested on Debian Linux 2.0 and FreeBSD 2.2.6: ./configure; make ; make install copied exapmles/smb.conf.default to /usr/local/samba/lib and commented out the line with encrypt passwords = yes. ran cat /etc/passwd | mksmbpasswd > /usr/local/samba/private/smbpasswd and changed permission according to encryption.txt. executed as root : omega:/usr/local/samba/bin# ./smbpasswd -D 10 daniel result: New SMB password: (entered a simple passwd) Retype new SMB password: (entered same simple passwd) startfilepwent: opening file /usr/local/samba/private/smbpasswd search by name: daniel startfilepwent: opening file /usr/local/samba/private/smbpasswd getfileline: skipping comment or blank line getfileline: skipping comment or blank line getfileline: skipping comment or blank line getsmbfilepwent: entry invalidated for unix user root pwdb_smb_map_names lookupsmbpwnam: unix user name root lookupsmbpwuid: unix uid 0 initialising map lookupsmbpwuid: unix uid 0 endfilepwent: closed file. pwdb_smb_map_names endfilepwent: closed file. Failed to find entry for user daniel. Failed to change password entry for daniel Same result for ./smbpasswd -D 10 syd The last lines in smbpasswd reads: (complete smbpasswd file supplied as attachment) syd:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Martin Sydstrand,,, daniel:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Daniel Nilsson,,, This used to work perfectly with samba 1.9.18. What am I doing wrong ? I have also tried the smbadduser script but is gives the same result, a smbpasswd file in which that smbpasswd cannot find the specified user. Regards -- Daniel Nilsson (dae@ludd.luth.se) D. Nilsson Elektronik & Data ?gonm?ttsgatan 3 S-421 36 V?stra Fr?lunda, Sweden Tel : +46 (0)31-7099970 Fax : +46 (0)31-7099980 Cellular : +46 (0)70 630 67 35 -------------- next part -------------- # # SMB password file. # root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:root daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:daemon bin:2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:bin sys:3:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:sys sync:4:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:sync games:5:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:games man:6:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:man lp:7:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:lp mail:8:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:mail news:9:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:news uucp:10:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:uucp proxy:13:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:proxy majordom:30:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Majordomo postgres:31:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:postgres www-data:33:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:www-data backup:34:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:backup msql:36:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Mini SQL Database Manager operator:37:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Operator list:38:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:SmartList irc:39:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:ircd gnats:41:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Gnats Bug-Reporting System (admin) alias:70:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail alias qmaild:71:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail daemon qmails:72:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail send qmailr:73:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail remote qmailq:74:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail queue qmaill:75:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail log qmailp:76:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:qmail pw nobody:65534:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:nobody syd:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Martin Sydstrand,,, daniel:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Daniel Nilsson,,, From svedja at lysator.liu.se Sun Dec 6 22:42:10 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:47 2003 Subject: What did go wrong ? Message-ID: i updated the binaries to tonights cvs-release and poof it didn't work. Nothing else was changed. What did I miss ? [1998/12/06 23:33:25, 1] nmbd/nmbd.c:main(661) NetBIOS nameserver version 2.1.0-prealpha started. Copyright Andrew Tridgell 1994-1998 [1998/12/06 23:33:25, 1] lib/util_sock.c:open_socket_out(736) error connecting to 130.236.240.2:139 (Connection refused) [1998/12/06 23:33:25, 1] libsmb/clientgen.c:cli_establish_connection(2608) cli_establish_connection: failed to connect to KNUTEN<00> (130.236.240.2) [1998/12/06 23:33:25, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/06 23:33:25, 0] lib/sids.c:get_domain_sids(198) get_member_domain_sid: unable to initialise client connection. ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From D.Bannon at latrobe.edu.au Mon Dec 7 01:22:43 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:47 2003 Subject: Your Passwd has expired ..... In-Reply-To: References: Message-ID: <3.0.3.32.19981207122243.00756304@bioserve.biochem.latrobe.edu.au> At 03:19 AM 05/12/1998 +1100, Luke Kenneth Casson Leighton wrote: >but: > >/etc/group - > >dadmn::20001:root,... > > >and group.map: > >dadmn="DOmain Admins" > >_would_ work. > Now, just what is 'group.map' ? Do you mean one of the new group api files you have defined, you suggested names [domain.map, domainuser.map, local.map]. If you mean one of those, then no, it does not work. That is what the origional post was about, if a person is in a unix group that is mapped to a NT group in one of those files, they are not logged on as an administrator. Note ! that is not what I said origionally !, I said they could not log on at all. That only happens if the unix group you choose is 'adm'. Seems it cannot allow any logon of a user who is a member of 'adm' if 'adm' is mapped in 'local.map' to a valid NT User. Any other group and you can login, but not with any special group privileges. David. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pgmtekn at algonet.se Mon Dec 7 06:35:15 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:47 2003 Subject: What did go wrong ? Message-ID: <001f01be21ab$c036e5a0$0300a8c0@pippi.emil.pgmt> Hello, >i updated the binaries to tonights cvs-release and poof it didn't >work. Nothing else was changed. What did I miss ? Looking at your log it seems to be the problem that I my letter on december 4th, "Issues in head branch". This is an error in the code that prevents nmbd from starting unless it is supposed to use another password server. You can hack this easily, through locating pwdb_initialize in lib/util_pwdb.c. In this function you comment the return False statement after the if clause where get_domain_sids is called. This may be horrible(?) but it will get nmbd running. I'm 99% sure. Best regards Michael Stockman pgmtekn-micke@algonte.se From borsenkow.msk at sni.de Mon Dec 7 11:37:02 1998 From: borsenkow.msk at sni.de (Andrej Borsenkow) Date: Tue Dec 2 02:24:47 2003 Subject: NT user authentication In-Reply-To: Message-ID: <000401be21d5$e8bb6b20$21c9ca95@mowp.siemens.ru> > > > > 1. NT WS user != NT Domian user even if the name is the same. > > true, they are in different SAM databases. > > > Why you deny it to SAMBA? > > deny what? sorry, your question is ambiguous. > I am sorry, my english sometimes slips me ... Adding _existing_ NT workstation to _exisiting_ NT domain does not automagically promote _exisiting_ NT workstation users to NT domain users. Not even if no user with the same name exists in NT domain. And this (promoting) is exactly what current SAMBA does. And think about pure technical difficulties. Domain user belongs to some domain group(s). And if user names are the same in NT domain and on Unix, and even if they mean the same user (mostly they do) I bet there is no group "Domain users" on any other NT group on Unix. You have to setup them first ... that is, you need setup quite a bit anyway ... then why not setup users at the same time? Adding Unix to NT domain may require quite complex setup. And it is my firm feeling, that everything should be done explicitly. There is no place for defaults. If you cannot decide what credentials a given user gets on Unix - be on safe side and deny any connection. In other words - either Domain (_any_ Domain) user is explicitly mapped to Unix - or it is denied access. /andrej From samba at aquasoft.com.au Mon Dec 7 12:12:20 1998 From: samba at aquasoft.com.au (Samba-Support) Date: Tue Dec 2 02:24:47 2003 Subject: NT user authentication In-Reply-To: <000401be21d5$e8bb6b20$21c9ca95@mowp.siemens.ru> Message-ID: I agree with Andrej's assertion. Any other method will buy us potential compromise of NT Domain security. Please consider his point carefully. Cheers, John H Terpstra On Mon, 7 Dec 1998, Andrej Borsenkow wrote: > > > > > > 1. NT WS user != NT Domian user even if the name is the same. > > > > true, they are in different SAM databases. > > > > > Why you deny it to SAMBA? > > > > deny what? sorry, your question is ambiguous. > > > > > I am sorry, my english sometimes slips me ... > > Adding _existing_ NT workstation to _exisiting_ NT domain does not > automagically promote _exisiting_ NT workstation users to NT domain users. > Not even if no user with the same name exists in NT domain. And this > (promoting) is exactly what current SAMBA does. > > And think about pure technical difficulties. Domain user belongs to some > domain group(s). And if user names are the same in NT domain and on Unix, > and even if they mean the same user (mostly they do) I bet there is no group > "Domain users" on any other NT group on Unix. You have to setup them first > .. that is, you need setup quite a bit anyway ... then why not setup users > at the same time? > > Adding Unix to NT domain may require quite complex setup. And it is my firm > feeling, that everything should be done explicitly. There is no place for > defaults. If you cannot decide what credentials a given user gets on Unix - > be on safe side and deny any connection. > > In other words - either Domain (_any_ Domain) user is explicitly mapped to > Unix - or it is denied access. > > /andrej > From lkcl at switchboard.net Mon Dec 7 17:34:07 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: [CVS MAIN BRANCH] laborious task, any volunteers? In-Reply-To: <009a01be2055$7e094bc0$0101a8c0@csihq.com> Message-ID: mike, thanks very much. From lkcl at switchboard.net Mon Dec 7 18:43:00 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: NT user authentication In-Reply-To: <000401be21d5$e8bb6b20$21c9ca95@mowp.siemens.ru> Message-ID: > Adding Unix to NT domain may require quite complex setup. And it is my firm > feeling, that everything should be done explicitly. There is no place for > defaults. If you cannot decide what credentials a given user gets on Unix - > be on safe side and deny any connection. > > In other words - either Domain (_any_ Domain) user is explicitly mapped to > Unix - or it is denied access. oh dear, what do yother people think about this? would you agree that any user not explicitly mapped to a domain user (through, say, "domain user map", should be denied acess)? luke From svedja at lysator.liu.se Mon Dec 7 19:12:14 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:47 2003 Subject: NT user authentication In-Reply-To: Message-ID: On Tue, 8 Dec 1998, Luke Kenneth Casson Leighton wrote: > > Adding Unix to NT domain may require quite complex setup. And it is my firm > > feeling, that everything should be done explicitly. There is no place for > > defaults. If you cannot decide what credentials a given user gets on Unix - > > be on safe side and deny any connection. > > > > In other words - either Domain (_any_ Domain) user is explicitly mapped to > > Unix - or it is denied access. > > oh dear, what do yother people think about this? would you agree that any > user not explicitly mapped to a domain user (through, say, "domain user > map", should be denied acess)? > > luke I think this should be configurable, and that the default behaviour should be as MS does it, but also leave a possibiity to keep it simple for those who doesn't wan't the administrative overhead. Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From joseph.dries at lmco.com Mon Dec 7 21:18:49 1998 From: joseph.dries at lmco.com (Dries, Joseph) Date: Tue Dec 2 02:24:47 2003 Subject: NT user authentication Message-ID: The way that Network Appliance handles this situation is as follows: You can define users, either local, or in DOMAIN\user format. Then at the end you can specify a * "" Type entry. That matches everything else, and prevents access. That way you can have anonymous access without that map entry, or with it you can explicitly define the users that have access to the box. Thanks, -j -- Joseph F. Dries III Lockheed Martin / EIS Government Electronic Systems / IT&P Advanced Technology/OS Group mailto:joseph.dries@lmco.com > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@switchboard.net] > Sent: Monday, December 07, 1998 1:44 PM > To: Multiple recipients of list > Subject: RE: NT user authentication > > > Adding Unix to NT domain may require quite complex setup. And it is my > firm > > feeling, that everything should be done explicitly. There is no place > for > > defaults. If you cannot decide what credentials a given user gets on > Unix - > > be on safe side and deny any connection. > > > > In other words - either Domain (_any_ Domain) user is explicitly mapped > to > > Unix - or it is denied access. > > oh dear, what do yother people think about this? would you agree that any > user not explicitly mapped to a domain user (through, say, "domain user > map", should be denied acess)? > > luke From lkcl at switchboard.net Mon Dec 7 21:34:20 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: ldap code Message-ID: mark, looks good. i'm extracting the fnum code from the patch: just to advise all people sending contributions with two or more sets of functionality, please keep them in _separate_ patches not one. an entire contribution will be given less priority if it contains modifications that are either not needed or, say, for security reasons, cannot be added. comments: - the #ifdef WITH_LDAP should read #ifdef USE_LDAPUNIX_DB in groupdb/*.c and should be switched _off_ by default. the default should be to use USE_SMBUNIX_DB unless, and probably even if they are not, users are using ldap rfc2037 for users/groups. - be careful about only having one static domgrp entry: sometimes the lookups get recursive, particularly on groups and then members of groups, you may get data overwritten like i did with the unix lookup code. - over the weekend i added a couple more functions, sorry. the public interface to "add_aliasmem(rid, SID)" and "add_groupmem(rid, rid)" may remain the same: the private one may change to "add_aliasmem(rid, LOCAL_GRP_MEMBER*)" and "add_groupmem(rid, DOMAIN_GRP_MEMBER*)" we'll see. - please can you put this: if (BOOL) instead of if(BOOL) if (BOOL) { single statement; } instead of if (BOOL) single statement; and instead of if (BOOL) single_statement; if (BOOL) { statements or statement; } instead of if (BOOL) { statements; } also for prefernce but not a priority, from my former company's coding standards, try not to use if() statements tha have side-effects, e.g if ((memb_list[i].sid_use = atoi(value)) >= SID_NAME_UNKNOWN), split this into two lines, it's not obvious what's going on. about the only ones i still use are the ones where an assignment is done and then a check for a NULL pointer, inside a while() loop and sometimes an if(). what i will do, matthew, is let yoube responsible for this code, it's your style. however, in a couple of months (whatever) if for whatever reason i have to make any mods to it and my r.s.i isn't too bad, you might notice that the code style changes... :-) From jallison at cthulhu.engr.sgi.com Tue Dec 8 00:41:09 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:47 2003 Subject: Samba 2.0 Beta23 released ! Message-ID: <366C75A5.205448F6@engr.sgi.com> The Samba Team are pleased to announce Samba 2.0 Beta3 This is the third of (hopefully) a short series of Beta releases of the 2.0 code and incorporates bug fixes and changes from feedback gained from the first two betas. We are relasing these Betas to enable the Samba Team to gain wider testing of the new autoconf mechanism and fix any bugs before the first ship of the new stable version of Samba - Samba 2.0. Samba 2.0 Beta3 is available in source form from samba.org and all of our mirror sites. Please go to your nearest mirror site from samba.org and click on the link under the "Samba News" announcement to download this code. Please try this code and give us feedback. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org The WHATSNEW.txt file follows. As always, any bugs are our responsibility, Regards, The Samba Team. ----------------------------------------------------------- Issues fixed between Beta2 and Beta3 ------------------------------------ 1). New parameters added : "add user script" "delete user script" Designed to allow Samba servers to be set up with no UNIX users and to allow them to create the needed UNIX users on the fly. See the smb.conf documentation for more details. 2). Autoconf issues including fixes for large file support for Solaris and SINIX, and stat64 tests on SVR4 systems. 3). Code dealing with dos pathnames and native pathnames split to be explicit about when Samba is accessing which type of name. 4). Fix for missing PRINTCAP define under HPUX. 5). Added Samba specific strtoul(). 6). Fix for reverse filename mapping with ISO8859-5 filenames. 7). Fix for nmbd not starting correctly sometimes due to pid locking file. 8). Check for error returns in file descriptor limit checking code. 9). Kernel oplock code bugfix. 10). Restored client retarget code. 11). Fix for potential stack overflow in Digital UNIX crypt check. 12). Explicitly test for negative uids in smbpasswd file. 13). Fix for NT username in Domain logon code. 14). Patch from Scott Moomaw to correctly return "Invalid Info level" to Win95 printer clients. 15). Fix to allow NT printer clients to add printers (as 1.9.18 code would allow). 16). Fix to prevent ".." being used in servicename. 17). New SWAT icons. ----------------------------------------------------------- Issues fixed between Beta1 and Beta2 ------------------------------------ 1). Many autoconf issues (too many to list here). 2). Correctly set default printing for AIX. 3). Attempt to fix struct rtentry not being defined problem. 4). Convert all open() style calls to wrappers for 64 bit systems. 5). Get more 'const' correct. 6). Fix bug with O_EXCL not being set on exlusive open requests. 7). Fix string_sub() problem with LinPopup. 8). Fix lmhosts bug causing only 3 character names to be looked up. 9). Fixed bug with NetBIOS pointers in scope names. 10). Removed code that was preventing NT3.51 PDC logons from working. 11). Fixed crash bug when processing DELETE_ON_CLOSE directive from MS Office. 12). Fixed NT4.x problems adding printer. 13). Stop multiple logs of NT ACL's not supported messages. 14). Changed 'security=server' mode to use *SMBSERVER name if initial connect refused. 15). Fixed NT4.x problem with modify times not being preserved on explorer file copy. 16). 'Silent' switch for testparm. 17). Added 'hosts allow/deny' checks to SWAT. ----------------------------------------------------------- WHATS NEW IN Samba 2.0.0 beta3 ============================== This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. Major changes in Samba 2.0 -------------------------- There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addion, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From rd at typhoon.spb.ru Tue Dec 8 12:11:56 1998 From: rd at typhoon.spb.ru (Roman A. Dorokhin) Date: Tue Dec 2 02:24:47 2003 Subject: HOW TO join to NT domain Message-ID: <000d01be22a3$f388e040$95010a0a@eugene> How it is possible to join to NT domain? smbpasswd -j domain receives the following message: "NT_STATUS_ACCESS_DENIED" Ii is written in your help that it is possible for machine to join the domain when write access is installed in NT on SAM database. How can I install write access on NT server? --------------------------------------------------------------------- Roman Dorokhin /Network Administrator/ Typhoon Software, Inc. From Herve.Cimadomo at imag.fr Tue Dec 8 12:27:54 1998 From: Herve.Cimadomo at imag.fr (cimadomo =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:24:47 2003 Subject: .SID Message-ID: <366D1B4A.1A2EF2A0@imag.fr> hello, using samba2.0beta2, i try to use current branch but my "MACHINE.SID" is renamed in ".SID". I presume (my domaine is ADELE) i would have ADELE.SID. I remarqued too that (i compile whith default ) when i specify -s /u/share/samba/lib/smb.conf in inetd.conf or inline, the private directory is /u/share/samba/private (this directory never apair in smb.conf)!! This bug is already in samba2.0beta2. thank for response and "bravo" for your work. -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr LSR ACTIMART, bat 8, avenue de Vignate 38610 Gieres tel : 04.76.63.34.61 From alamar at partners-intl.net Tue Dec 8 12:29:07 1998 From: alamar at partners-intl.net (Aaron La Mar) Date: Tue Dec 2 02:24:47 2003 Subject: Samba as NT print server Message-ID: Has anyone heard about using Samba with HP JetDirect boxes? I've got several of these HP boxes that connect three parallel ports to one Ethernet-connected print server device. I know it's possible to use these with NT, but haven't run across any info on usage with Samba print service. Any ideas? Thanks, Aaron From cartegw at Eng.Auburn.EDU Tue Dec 8 14:05:52 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:47 2003 Subject: HOW TO join to NT domain References: <000d01be22a3$f388e040$95010a0a@eugene> Message-ID: <366D3240.136C0703@eng.auburn.edu> Roman A. Dorokhin wrote: > > How it is possible to join to NT domain? > smbpasswd -j domain > receives the following message: > "NT_STATUS_ACCESS_DENIED" - Did you create a machine account on the PDC for the Samba box? - Did you set the workgroup = security = domain password server = in smb.conf? - What version (date of CVS code or Beta release of 2.0) are you using? > Ii is written in your help that it is possible for machine to join the > domain when write access is installed in NT on SAM database. How can I > install write access on NT server? Did you follow the instructions in docs/textdocs/DOMAIN_MEMBER.txt? In order for a Samba-2 server to join an NT domain, you must first add the NetBIOS name of the Samba server to the NT domain on the PDC using Server Manager for Domains. This creates the machine account in the domain (PDC) SAM. Assume you have a Samba-2 server with a NetBIOS name of SERV1 and are joining an NT domain called DOM, which has a PDC with a NetBIOS name of DOMPDC and two backup domain controllers with NetBIOS names DOMBDC1 and DOMBDC2. In order to join the domain, first stop all Samba daemons and run the command smbpasswd -j DOM -r DOMPDC as we are joining the domain DOM and the PDC for that domain (the only machine that has write access to the domain SAM database). If this is successful you will see the message: smbpasswd: Joined domain DOM. in your terminal window. See the smbpasswd man page for more details. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue Dec 8 14:11:55 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:47 2003 Subject: Samba as NT print server References: Message-ID: <366D33AB.2A6BBE5D@eng.auburn.edu> Aaron La Mar wrote: > > Has anyone heard about using Samba with HP JetDirect boxes? I've got > several of these HP boxes that connect three parallel ports to one > Ethernet-connected print server device. I know it's possible to use > these with NT, but haven't run across any info on usage with Samba > print service. Any ideas? For future reference, this question is better suited for the main samba list (samba@samba.org) as it is not directly related to NT Domain support in Samba, but since I am here.... As long as you can print from the unix box, PC client can print through samba. See the man pages on the "print command", "lpq command", etc... Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Tue Dec 8 15:20:13 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: .SID In-Reply-To: <366D1B4A.1A2EF2A0@imag.fr> Message-ID: On Tue, 8 Dec 1998, cimadomo [iso-8859-1] hervé wrote: > hello, > using samba2.0beta2, i try to use current branch but my "MACHINE.SID" > is renamed in ".SID". I presume (my domaine is ADELE) i would have > ADELE.SID. or if you use security = server it will be .SID From greg at discreet.com Tue Dec 8 16:33:28 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:47 2003 Subject: stay away from HEAD branch? Message-ID: Hi, Please do not take the following as any kind of criticism. I realize you are working very hard on getting the domain stuff working and that this is bound to have an impact on the code; however, I have been cvs'ing the latest version every morning for the last few months and building it and trying it out , it's quite interesting to see the progression of features. What I'm wundering now is whether we mere mortals should stay away from the cvs tree until things stabilise a bit? The domain group mapping completely broke my experimental setup and it seems to be getting worse so should we consider it "closed until further notice"? Any guidance appreciated, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From reiffert at iphcip1.physik.uni-mainz.de Tue Dec 8 18:15:09 1998 From: reiffert at iphcip1.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:24:47 2003 Subject: stay away from HEAD branch? References: Message-ID: <366D6CAD.CEF3F665@student.physik.uni-mainz.de> Good morning people, the last view weeks many things have changed and i have a running PDC under linux and i'm very happy with that !! many thx to developers and all bugreporters Today i decided to tryout the cvs-branch, but the connection i got to samba.anu.edu.au was very very slow. i would appreciate to find a fast cvs-mirror for the samba and smb-domain branch located in .de (Germany). I've looked around for a german cvsbranch, but there was none. If there is one, please answer me, if not i offer to make a cvsbranch for samba and sambadomain in germany in the german scientific net (DFN).(Uni-bonn which hosts de.samba.org seems to have no cvs-branch and is in the DFN, too) Where can i get further advisery how to install a cvs-tree and where (and when) to get the files for offering ? and greg: better backup your files before playing ;-)) Greg Dickie wrote: > every morning for the last few months and building it and trying it out , it's > quite interesting to see the progression of features. What I'm wundering now is > whether we mere mortals should stay away from the cvs tree until things > stabilise a bit? The domain group mapping completely broke my experimental > setup and it seems to be getting worse so should we consider it "closed until > further notice"? -- Thomas Reifferscheid http://www.inter-i.uni-mainz.de ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From jmeff at engsoc.QueensU.CA Tue Dec 8 18:44:19 1998 From: jmeff at engsoc.QueensU.CA (Jamie ffolliott) Date: Tue Dec 2 02:24:47 2003 Subject: roaming profiles reset Message-ID: Hi all, I'm having problems with roaming profiles being reset due to something which seems to be in Samba. The machine didn't experience this kind of thing at least before switching from NT. Using an older Samba release samba-1.9.19a1pre10 on RedHat 5.1 x86, although i've been following this list daily and haven't heard about this problem, so I'm assuming it's still there in 2.0beta3. Won't be able to check that until January, however, in here's the info in hopes that it may be fixed by then. Here's what I see in the Event Log - Event #1000, Source: UserEnv, User: N/A, in Application Event log - "RegLoadKey failed with error 1009 for C:\WINNT\Profiles\USER\ntuser.dat" About four seconds later, Event #1000, Source: UserEnv, User: N/A, in the Application Event Log - "The operating system was unable to load the locally stored profile. A new local profile will be created. (1009)" Then the user's local copy of the roaming profile in the winnt\profiles directory is renamed to USER.bak, and a new profile is created based on the "Default User (Network)" profile (ie. it's reset). The user loses a lot of information, including what's on their desktop, all their email, application settings, etc. Jamie ffolliott Engineering Society, Queen's U http://engsoc.queensu.ca From lkcl at switchboard.net Tue Dec 8 18:56:47 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: stay away from HEAD branch? In-Reply-To: Message-ID: > quite interesting to see the progression of features. What I'm wundering now is > whether we mere mortals should stay away from the cvs tree until things > stabilise a bit? The domain group mapping completely broke my experimental > setup and it seems to be getting worse so should we consider it "closed until > further notice"? putting this in a negative context rather than a positive one: it doesn't work that way. no feedback, no fixes. putting a positive context spin on it: if you want to use samba as a PDC then any assistance you can give will result in the main cvs tree stabilising faster. the SAMBA_2_0_0 beta branch *may* have to use this code in order to provide "ACL" support. the development of the "group database API" finished last week. the last week has been spent fixing bugs and developing rpcclient. luke From agavnian at cegelec-red.fr Tue Dec 8 19:06:41 1998 From: agavnian at cegelec-red.fr (Maurice AGAVNIAN) Date: Tue Dec 2 02:24:47 2003 Subject: Changing password from WinNT Message-ID: <366D78C1.30252B3A@cegelec-red.fr> Configuration: Solaris 2.5.1 with a samba cvs (04 dec 98). My smb.conf file: ... encrypt passwords = Yes passwd program = /bin/passwd %u passwd chat = *login*password* %o\n *New*password* %n\n *new*password* %n\n *changed* unix password sync = Yes ... Hello, I finally succeed to change a user password from a WinNT4 workstation on both smbpasswd file and passwd NIS map. From my samba box, the smbpasswd command (in user mode) also changes these 2 files. But to do this, I need 2 hacks in smbd/chgpasswd.c. 1/ The first change was suggested by Bernie Kirby in the samba-ntdom mailing list: + It would seem to be byte order problem + maybe unique to Solaris2.x In any case, the 'new' password ends + up being null at approx line 700+ in chpasswd.c, where it calls + + char *pw; + new_pw_len /= 2; + pw = unistrn2((uint16*)(&lmdata[512-uni_pw_len]), new_pw_len); + + pw is always a null string. + + As an experiment, I replaced this call with: + + { + char buf[100]; + int i; + memset(buf, 0, sizeof(buf)); + for (i = 0; i < new_pw_len*2 && i < 100; i += 2) + buf[i/2] = (char)lmdata[512-uni_pw_len + i]; + + memcpy(new_passwd, buf, new_pw_len+1); + + DEBUG(0, ("new passwd = '%s'\n", new_passwd)); + } Here, unicode conversion is not correct because of byte order problem. My question: is there a problem with unistrn2() on solaris ? 2/ Then I had to commented out 4 return(False) near line 320 in the same file. + /* we now have a pty */ + if (pid > 0){ /* This is the parent process */ + if ((chstat = talktochild(master, chatsequence)) == False) { + DEBUG(3,("Child failed to change password: %s\n",name)); + kill(pid, SIGKILL); /* be sure to end this process */ + } + + if ((wpid = sys_waitpid(pid, &wstat, 0)) < 0) { + DEBUG(3,("The process is no longer waiting!\n\n")); + /*close(master); + return(False);*/ + } + + close(master); + + if (pid != wpid) { + DEBUG(3,("We were waiting for the wrong process ID\n")); + /*return(False);*/ + } + if (WIFEXITED(wstat) == 0) { + DEBUG(3,("The process exited while we were waiting\n")); + /*return(False);*/ + } + if (WEXITSTATUS(wstat) != 0) { + DEBUG(3,("The status of the process exiting was %d\n", wstat)); + /*return(False);*/ + } The password chat with the child is good: talktochild() returns ok. But, I don't why, the waitpid() call returns -1. Someone has any idea ? Maurice. Oh ! another wonderful thing: with the NISkit1.2 patch for solaris, on the NIS master, root can change a user password without knowing the old one. From hulet at ittc.ukans.edu Tue Dec 8 19:17:55 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:47 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I cannot login and smbd eats up 98% of my cpu time. I don't know if anyone on the samba team is looking into this anomaly. We are running samba on a DEC Alpha 4.0d and it looks like Irix is experiencing the same problem. Michael Hulet On Wed, 2 Dec 1998, Greg Dickie wrote: > > YUp, this is what I'm seeing to. It looks like getgrent is, in fact not cycling > through the file but always returning the same entry. I'm trying to figure this > out at the moment. You're not on IRIX by any chance, are you? > > Greg > > On 02-Dec-98 Michael S. Hulet wrote: > > The latest CVS code (12/2/98) does not allow me to login to the domain. > > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > > 17933 root 53 0 5784K 1638K run 2:19 99.00% > > > > smbd starts up another process until it brings my server to its knees. > > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > > 18191 root 53 0 5128K 786K run 0:23 49.70% > > 17933 root 53 0 5920K 1703K run 2:43 49.60% > > > > NT gives me The system cannot log you on to this domain because the > > system's computer account in its primary domain is missing or the password > > on the account is incorrect after a couple of minutes. smbd continues to > > consume 99% of my cpu time until I kill it. > > Just started happening this week. > > > > The log file shows a continues loop of > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > > lookupsmbpwnam: unix user name root > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > > lookupsmbpwuid: unix uid 0 > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > > lookupsmbpwnam: unix user name hulet > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > > lookupsmbpwuid: unix uid 204 > > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) > > line: 'system::1001:,hulet' > > [1998/12/02 10:05:02, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) > > group name system members: 2 > > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > > searching against user root... > > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > > searching against user hulet... > > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) > > searching for user hulet: found > > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) > > adding group system() > > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) > > getgrpunixpwent: enum unix group entry system > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) > > lookupsmbgrpgid: unix gid 0 > > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > > sid_to_string returning S-1-5-32-544 > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > > map_unixid: enum entry unix group admin 68 nt Administrators > > S-1-5-32-544 > > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 > > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > > map_unixid: enum entry unix group ittc 29690 nt Domain Admins > > S-1-5-21-2223245607-1664418827-1016294829-512 > > > > .........100's of times until > > > > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) > > lp_file_list_changed() > > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf > > last mo > > d_time: Wed Dec 2 09:28:29 1998 > > > > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) > > Closing idle connection 2. > > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) > > Closing connections > > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) > > carmack (0.0.0.0) closed connection to service IPC$ > > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) > > Yielding connection to IPC$ > > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) > > Server exit (normal exit) > > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > > unbecome_user now uid=(0,0) gid=(0,0) > > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > > unbecome_user now uid=(0,0) gid=(0,0) > > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > > Closing connections > > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > > Closing connections > > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > > carmack (129.237.123.72) closed connection to service IPC$ > > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > > Yielding connection to IPC$ > > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > > Server exit (caught signal) > > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > > carmack (129.237.123.72) closed connection to service IPC$ > > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > > Yielding connection to IPC$ > > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > > Server exit (caught signal) > > > > > > HELP! > From greg at discreet.com Tue Dec 8 19:18:41 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:47 2003 Subject: stay away from HEAD branch? In-Reply-To: Message-ID: Understood, What can I do to help? Greg On 08-Dec-98 Luke Kenneth Casson Leighton wrote: >> quite interesting to see the progression of features. What I'm wundering now >> is >> whether we mere mortals should stay away from the cvs tree until things >> stabilise a bit? The domain group mapping completely broke my experimental >> setup and it seems to be getting worse so should we consider it "closed >> until >> further notice"? > > putting this in a negative context rather than a positive one: it doesn't > work that way. no feedback, no fixes. > > putting a positive context spin on it: if you want to use samba as a PDC > then any assistance you can give will result in the main cvs tree > stabilising faster. the SAMBA_2_0_0 beta branch *may* have to use this > code in order to provide "ACL" support. > > > the development of the "group database API" finished last week. the last > week has been spent fixing bugs and developing rpcclient. > > luke --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Tue Dec 8 19:23:03 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: stay away from HEAD branch? In-Reply-To: Message-ID: On Tue, 8 Dec 1998, Greg Dickie wrote: > Understood, > > What can I do to help? well, simply try it out in your environment, tell me what problems you run into, what you understand and what you don't: what is difficult and what isn't, any suggestions on making life easier for you or anyone else. not that this is going to be easy, anyway! From greg at discreet.com Tue Dec 8 19:32:43 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:47 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: I believe this is the problem with getgrpunixpwent always returning the same group. Can you push debug level to 10 and look for lines like "getgrpunixpwent: enum unix group entry" in the log file? It seems to me that it gets stuck in an infinite loop enumerating groups, thus eating all the CPU and never logging you in. Greg On 08-Dec-98 Michael S. Hulet wrote: > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I cannot > login and smbd eats up 98% of my cpu time. I don't know if anyone on the > samba team is looking into this anomaly. We are running samba on a DEC > Alpha 4.0d and it looks like Irix is experiencing the same problem. > Michael Hulet > > > On Wed, 2 Dec 1998, Greg Dickie wrote: > >> >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact not >> cycling >> through the file but always returning the same entry. I'm trying to figure >> this >> out at the moment. You're not on IRIX by any chance, are you? >> >> Greg >> >> On 02-Dec-98 Michael S. Hulet wrote: >> > The latest CVS code (12/2/98) does not allow me to login to the domain. >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% >> > >> > smbd starts up another process until it brings my server to its knees. >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> > 18191 root 53 0 5128K 786K run 0:23 49.70% >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% >> > >> > NT gives me The system cannot log you on to this domain because the >> > system's computer account in its primary domain is missing or the password >> > on the account is incorrect after a couple of minutes. smbd continues to >> > consume 99% of my cpu time until I kill it. >> > Just started happening this week. >> > >> > The log file shows a continues loop of >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> > lookupsmbpwnam: unix user name root >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> > lookupsmbpwuid: unix uid 0 >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> > lookupsmbpwnam: unix user name hulet >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> > lookupsmbpwuid: unix uid 204 >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) >> > line: 'system::1001:,hulet' >> > [1998/12/02 10:05:02, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) >> > group name system members: 2 >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> > searching against user root... >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> > searching against user hulet... >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) >> > searching for user hulet: found >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) >> > adding group system() >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) >> > getgrpunixpwent: enum unix group entry system >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) >> > lookupsmbgrpgid: unix gid 0 >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> > sid_to_string returning S-1-5-32-544 >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> > map_unixid: enum entry unix group admin 68 nt Administrators >> > S-1-5-32-544 >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> > >> > .........100's of times until >> > >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) >> > lp_file_list_changed() >> > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf >> > last mo >> > d_time: Wed Dec 2 09:28:29 1998 >> > >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) >> > Closing idle connection 2. >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) >> > Closing connections >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) >> > carmack (0.0.0.0) closed connection to service IPC$ >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) >> > Yielding connection to IPC$ >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) >> > Server exit (normal exit) >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> > unbecome_user now uid=(0,0) gid=(0,0) >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> > unbecome_user now uid=(0,0) gid=(0,0) >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> > Closing connections >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> > Closing connections >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> > carmack (129.237.123.72) closed connection to service IPC$ >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> > Yielding connection to IPC$ >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> > Server exit (caught signal) >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> > carmack (129.237.123.72) closed connection to service IPC$ >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> > Yielding connection to IPC$ >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> > Server exit (caught signal) >> > >> > >> > HELP! >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Tue Dec 8 19:38:05 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:47 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: Also I forgot to mention that today I had a new problem. It looks like samba does not realize that it is the PDC anymore: here is the log excerpt: [1998/12/08 08:47:12, 1] libsmb/clientgen.c:(2608) cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) [1998/12/08 08:47:12, 0] libsmb/clientgen.c:(2796) cli_connect_serverlist: Domain password server not available. [1998/12/08 08:47:12, 0] lib/sids.c:(199) get_member_domain_sid: unable to initialise client connection. error connecting to 192.168.60.54:139 (Invalid argument) [1998/12/08 08:48:26, 1] libsmb/clientgen.c:(2608) cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) [1998/12/08 08:48:26, 0] libsmb/clientgen.c:(2796) cli_connect_serverlist: Domain password server not available. [1998/12/08 08:48:26, 0] lib/sids.c:(199) get_member_domain_sid: unable to initialise client connection. started asyncdns process 19021 Greg On 08-Dec-98 Michael S. Hulet wrote: > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I cannot > login and smbd eats up 98% of my cpu time. I don't know if anyone on the > samba team is looking into this anomaly. We are running samba on a DEC > Alpha 4.0d and it looks like Irix is experiencing the same problem. > Michael Hulet > > > On Wed, 2 Dec 1998, Greg Dickie wrote: > >> >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact not >> cycling >> through the file but always returning the same entry. I'm trying to figure >> this >> out at the moment. You're not on IRIX by any chance, are you? >> >> Greg >> >> On 02-Dec-98 Michael S. Hulet wrote: >> > The latest CVS code (12/2/98) does not allow me to login to the domain. >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% >> > >> > smbd starts up another process until it brings my server to its knees. >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> > 18191 root 53 0 5128K 786K run 0:23 49.70% >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% >> > >> > NT gives me The system cannot log you on to this domain because the >> > system's computer account in its primary domain is missing or the password >> > on the account is incorrect after a couple of minutes. smbd continues to >> > consume 99% of my cpu time until I kill it. >> > Just started happening this week. >> > >> > The log file shows a continues loop of >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> > lookupsmbpwnam: unix user name root >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> > lookupsmbpwuid: unix uid 0 >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> > lookupsmbpwnam: unix user name hulet >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> > lookupsmbpwuid: unix uid 204 >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) >> > line: 'system::1001:,hulet' >> > [1998/12/02 10:05:02, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) >> > group name system members: 2 >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> > searching against user root... >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> > searching against user hulet... >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) >> > searching for user hulet: found >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) >> > adding group system() >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) >> > getgrpunixpwent: enum unix group entry system >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) >> > lookupsmbgrpgid: unix gid 0 >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> > sid_to_string returning S-1-5-32-544 >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> > map_unixid: enum entry unix group admin 68 nt Administrators >> > S-1-5-32-544 >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> > >> > .........100's of times until >> > >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) >> > lp_file_list_changed() >> > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf >> > last mo >> > d_time: Wed Dec 2 09:28:29 1998 >> > >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) >> > Closing idle connection 2. >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) >> > Closing connections >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) >> > carmack (0.0.0.0) closed connection to service IPC$ >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) >> > Yielding connection to IPC$ >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) >> > Server exit (normal exit) >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> > unbecome_user now uid=(0,0) gid=(0,0) >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> > unbecome_user now uid=(0,0) gid=(0,0) >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> > Closing connections >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> > Closing connections >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> > carmack (129.237.123.72) closed connection to service IPC$ >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> > Yielding connection to IPC$ >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> > Server exit (caught signal) >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> > carmack (129.237.123.72) closed connection to service IPC$ >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> > Yielding connection to IPC$ >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> > Server exit (caught signal) >> > >> > >> > HELP! >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jamest at math.ksu.edu Tue Dec 8 19:40:15 1998 From: jamest at math.ksu.edu (James Thompson) Date: Tue Dec 2 02:24:47 2003 Subject: Please clarify cvs vs head vs beta In-Reply-To: Message-ID: I've managed to confuse myself. I'm running an older (October 2x) copy of the cvs code from the cvs site mentioned in the NT-DOM FAQ. After a few weeks of cvs updates, configuring, and testing it does exactly what I need of it as far as acting as a PDC for a small number of NT4.0 boxes so I wasn't planning on updating until 2.0.0 (which I thought was the cvs code in alpha state). All the talk of the cvs code, betas, and HEAD have me confused. Is 2.0 the code that will have PDC support? What are the differences between the HEAD branch (whateven that is), the cvs code with PDC support and the soon to be released :-) 2.0 code? ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 Kansas State University Department of Mathematics ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< From matthew at janus.law.usyd.edu.au Tue Dec 8 19:49:41 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:47 2003 Subject: Samba as NT print server In-Reply-To: from "Aaron La Mar" at Dec 8, 98 11:32:03 pm Message-ID: <199812081949.GAA08336@janus.law.usyd.edu.au> > Has anyone heard about using Samba with HP JetDirect boxes? I've got > several of these HP boxes that connect three parallel ports to one > Ethernet-connected print server device. I know it's possible to use these > with NT, but haven't run across any info on usage with Samba print service. I run 5 JetDirect card equiped printers and one with a JetDirect box. Its not a samba problem - its a Unix printer queue problem. The simplest method is define remote (lpd) printer queues for each JetDirect box and export the queues with Samba. The HP LPD implementation sux, but does work. Ive actually installed JetPrint for Solaris on my machine, and samba sends jobs to the JetDirect queues. Ive heard that some people have written lpng scripts that talk directly to the JetDirects to get around their rotten lpd implementation and not use JetPrint for Unix, but again this is a Unix problem not samba.... From lkcl at switchboard.net Tue Dec 8 20:02:23 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:47 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: On Wed, 9 Dec 1998, Greg Dickie wrote: > > I believe this is the problem with getgrpunixpwent always returning the same > group. Can you push debug level to 10 and look for lines like > "getgrpunixpwent: enum unix group entry" > > in the log file? > > It seems to me that it gets stuck in an infinite loop enumerating groups, thus > eating all the CPU and never logging you in. why it should do this when a simple program which does getgrent() loop is beyond me... From cartegw at Eng.Auburn.EDU Tue Dec 8 20:02:46 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:47 2003 Subject: Please clarify cvs vs head vs beta References: Message-ID: <366D85E6.B3A0F488@eng.auburn.edu> James Thompson wrote: > > All the talk of the cvs code, betas, and HEAD have me > confused. Is 2.0 the code that will have PDC support? > What are the differences between the HEAD branch (whateven > that is), the cvs code with PDC support and the soon > to be released :-) 2.0 code? The 2.0 alpha was the CVS HEAD branch. Once 2.0Beta1 was released 2.0 and the CVS Head branch split so as to continue development without jepodizing the stability of a soon to be released 2.0. Make sense? At this point the HEAD branch is continuing to evolve and the 2.0 is frozen for the moment except for bug fixes. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Tue Dec 8 20:03:11 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: is TAHITI your PDC? On Wed, 9 Dec 1998, Greg Dickie wrote: > > Also I forgot to mention that today I had a new problem. It looks like samba > does not realize that it is the PDC anymore: > > here is the log excerpt: > > [1998/12/08 08:47:12, 1] libsmb/clientgen.c:(2608) > cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) > [1998/12/08 08:47:12, 0] libsmb/clientgen.c:(2796) > cli_connect_serverlist: Domain password server not available. > [1998/12/08 08:47:12, 0] lib/sids.c:(199) > get_member_domain_sid: unable to initialise client connection. > error connecting to 192.168.60.54:139 (Invalid argument) > [1998/12/08 08:48:26, 1] libsmb/clientgen.c:(2608) > cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) > [1998/12/08 08:48:26, 0] libsmb/clientgen.c:(2796) > cli_connect_serverlist: Domain password server not available. > [1998/12/08 08:48:26, 0] lib/sids.c:(199) > get_member_domain_sid: unable to initialise client connection. > started asyncdns process 19021 > > Greg > > > On 08-Dec-98 Michael S. Hulet wrote: > > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I cannot > > login and smbd eats up 98% of my cpu time. I don't know if anyone on the > > samba team is looking into this anomaly. We are running samba on a DEC > > Alpha 4.0d and it looks like Irix is experiencing the same problem. > > Michael Hulet > > > > > > On Wed, 2 Dec 1998, Greg Dickie wrote: > > > >> > >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact not > >> cycling > >> through the file but always returning the same entry. I'm trying to figure > >> this > >> out at the moment. You're not on IRIX by any chance, are you? > >> > >> Greg > >> > >> On 02-Dec-98 Michael S. Hulet wrote: > >> > The latest CVS code (12/2/98) does not allow me to login to the domain. > >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% > >> > > >> > smbd starts up another process until it brings my server to its knees. > >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > >> > 18191 root 53 0 5128K 786K run 0:23 49.70% > >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% > >> > > >> > NT gives me The system cannot log you on to this domain because the > >> > system's computer account in its primary domain is missing or the password > >> > on the account is incorrect after a couple of minutes. smbd continues to > >> > consume 99% of my cpu time until I kill it. > >> > Just started happening this week. > >> > > >> > The log file shows a continues loop of > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > >> > lookupsmbpwnam: unix user name root > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > >> > lookupsmbpwuid: unix uid 0 > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > >> > lookupsmbpwnam: unix user name hulet > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > >> > lookupsmbpwuid: unix uid 204 > >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) > >> > line: 'system::1001:,hulet' > >> > [1998/12/02 10:05:02, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) > >> > group name system members: 2 > >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > >> > searching against user root... > >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > >> > searching against user hulet... > >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) > >> > searching for user hulet: found > >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) > >> > adding group system() > >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) > >> > getgrpunixpwent: enum unix group entry system > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) > >> > lookupsmbgrpgid: unix gid 0 > >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > >> > sid_to_string returning S-1-5-32-544 > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > >> > map_unixid: enum entry unix group admin 68 nt Administrators > >> > S-1-5-32-544 > >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > >> > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 > >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins > >> > S-1-5-21-2223245607-1664418827-1016294829-512 > >> > > >> > .........100's of times until > >> > > >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) > >> > lp_file_list_changed() > >> > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf > >> > last mo > >> > d_time: Wed Dec 2 09:28:29 1998 > >> > > >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) > >> > Closing idle connection 2. > >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) > >> > Closing connections > >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) > >> > carmack (0.0.0.0) closed connection to service IPC$ > >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) > >> > Yielding connection to IPC$ > >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) > >> > Server exit (normal exit) > >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > >> > unbecome_user now uid=(0,0) gid=(0,0) > >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > >> > unbecome_user now uid=(0,0) gid=(0,0) > >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > >> > Closing connections > >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > >> > Closing connections > >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > >> > carmack (129.237.123.72) closed connection to service IPC$ > >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > >> > Yielding connection to IPC$ > >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > >> > Server exit (caught signal) > >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > >> > carmack (129.237.123.72) closed connection to service IPC$ > >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > >> > Yielding connection to IPC$ > >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > >> > Server exit (caught signal) > >> > > >> > > >> > HELP! > >> > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From greg at discreet.com Tue Dec 8 20:19:10 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: tahiti is this machine (ie: the samba PDC from which the log has been extracted. Greg On 08-Dec-98 Luke Kenneth Casson Leighton wrote: > is TAHITI your PDC? > > On Wed, 9 Dec 1998, Greg Dickie wrote: > >> >> Also I forgot to mention that today I had a new problem. It looks like samba >> does not realize that it is the PDC anymore: >> >> here is the log excerpt: >> >> [1998/12/08 08:47:12, 1] libsmb/clientgen.c:(2608) >> cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) >> [1998/12/08 08:47:12, 0] libsmb/clientgen.c:(2796) >> cli_connect_serverlist: Domain password server not available. >> [1998/12/08 08:47:12, 0] lib/sids.c:(199) >> get_member_domain_sid: unable to initialise client connection. >> error connecting to 192.168.60.54:139 (Invalid argument) >> [1998/12/08 08:48:26, 1] libsmb/clientgen.c:(2608) >> cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) >> [1998/12/08 08:48:26, 0] libsmb/clientgen.c:(2796) >> cli_connect_serverlist: Domain password server not available. >> [1998/12/08 08:48:26, 0] lib/sids.c:(199) >> get_member_domain_sid: unable to initialise client connection. >> started asyncdns process 19021 >> >> Greg >> >> >> On 08-Dec-98 Michael S. Hulet wrote: >> > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I cannot >> > login and smbd eats up 98% of my cpu time. I don't know if anyone on the >> > samba team is looking into this anomaly. We are running samba on a DEC >> > Alpha 4.0d and it looks like Irix is experiencing the same problem. >> > Michael Hulet >> > >> > >> > On Wed, 2 Dec 1998, Greg Dickie wrote: >> > >> >> >> >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact not >> >> cycling >> >> through the file but always returning the same entry. I'm trying to >> >> figure >> >> this >> >> out at the moment. You're not on IRIX by any chance, are you? >> >> >> >> Greg >> >> >> >> On 02-Dec-98 Michael S. Hulet wrote: >> >> > The latest CVS code (12/2/98) does not allow me to login to the domain. >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% >> >> > >> >> > smbd starts up another process until it brings my server to its knees. >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> >> > 18191 root 53 0 5128K 786K run 0:23 49.70% >> >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% >> >> > >> >> > NT gives me The system cannot log you on to this domain because the >> >> > system's computer account in its primary domain is missing or the >> >> > password >> >> > on the account is incorrect after a couple of minutes. smbd continues >> >> > to >> >> > consume 99% of my cpu time until I kill it. >> >> > Just started happening this week. >> >> > >> >> > The log file shows a continues loop of >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> >> > lookupsmbpwnam: unix user name root >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> >> > lookupsmbpwuid: unix uid 0 >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> >> > lookupsmbpwnam: unix user name hulet >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> >> > lookupsmbpwuid: unix uid 204 >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) >> >> > line: 'system::1001:,hulet' >> >> > [1998/12/02 10:05:02, 5] >> >> > groupdb/groupdb.c:iterate_getusergroupsnam(239) >> >> > group name system members: 2 >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> >> > searching against user root... >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> >> > searching against user hulet... >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) >> >> > searching for user hulet: found >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) >> >> > adding group system() >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) >> >> > getgrpunixpwent: enum unix group entry system >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) >> >> > lookupsmbgrpgid: unix gid 0 >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> >> > sid_to_string returning S-1-5-32-544 >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> >> > map_unixid: enum entry unix group admin 68 nt Administrators >> >> > S-1-5-32-544 >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> >> > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins >> >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> >> > >> >> > .........100's of times until >> >> > >> >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) >> >> > lp_file_list_changed() >> >> > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf >> >> > last mo >> >> > d_time: Wed Dec 2 09:28:29 1998 >> >> > >> >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) >> >> > Closing idle connection 2. >> >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) >> >> > Closing connections >> >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) >> >> > carmack (0.0.0.0) closed connection to service IPC$ >> >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) >> >> > Yielding connection to IPC$ >> >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) >> >> > Server exit (normal exit) >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> >> > unbecome_user now uid=(0,0) gid=(0,0) >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> >> > unbecome_user now uid=(0,0) gid=(0,0) >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> >> > Closing connections >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> >> > Closing connections >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> >> > carmack (129.237.123.72) closed connection to service IPC$ >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> >> > Yielding connection to IPC$ >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> >> > Server exit (caught signal) >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> >> > carmack (129.237.123.72) closed connection to service IPC$ >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> >> > Yielding connection to IPC$ >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> >> > Server exit (caught signal) >> >> > >> >> > >> >> > HELP! >> >> >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet logic >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Tue Dec 8 21:10:29 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: On Tue, 8 Dec 1998, Greg Dickie wrote: > tahiti is this machine (ie: the samba PDC from which the log has been > extracted. um... so why is it therefore attempting to connect to itself? can you send your smb.conf file? > Greg > > > On 08-Dec-98 Luke Kenneth Casson Leighton wrote: > > is TAHITI your PDC? > > > > On Wed, 9 Dec 1998, Greg Dickie wrote: > > > >> > >> Also I forgot to mention that today I had a new problem. It looks like samba > >> does not realize that it is the PDC anymore: > >> > >> here is the log excerpt: > >> > >> [1998/12/08 08:47:12, 1] libsmb/clientgen.c:(2608) > >> cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) > >> [1998/12/08 08:47:12, 0] libsmb/clientgen.c:(2796) > >> cli_connect_serverlist: Domain password server not available. > >> [1998/12/08 08:47:12, 0] lib/sids.c:(199) > >> get_member_domain_sid: unable to initialise client connection. > >> error connecting to 192.168.60.54:139 (Invalid argument) > >> [1998/12/08 08:48:26, 1] libsmb/clientgen.c:(2608) > >> cli_establish_connection: failed to connect to TAHITI<00> (192.168.60.54) > >> [1998/12/08 08:48:26, 0] libsmb/clientgen.c:(2796) > >> cli_connect_serverlist: Domain password server not available. > >> [1998/12/08 08:48:26, 0] lib/sids.c:(199) > >> get_member_domain_sid: unable to initialise client connection. > >> started asyncdns process 19021 > >> > >> Greg > >> > >> > >> On 08-Dec-98 Michael S. Hulet wrote: > >> > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I cannot > >> > login and smbd eats up 98% of my cpu time. I don't know if anyone on the > >> > samba team is looking into this anomaly. We are running samba on a DEC > >> > Alpha 4.0d and it looks like Irix is experiencing the same problem. > >> > Michael Hulet > >> > > >> > > >> > On Wed, 2 Dec 1998, Greg Dickie wrote: > >> > > >> >> > >> >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact not > >> >> cycling > >> >> through the file but always returning the same entry. I'm trying to > >> >> figure > >> >> this > >> >> out at the moment. You're not on IRIX by any chance, are you? > >> >> > >> >> Greg > >> >> > >> >> On 02-Dec-98 Michael S. Hulet wrote: > >> >> > The latest CVS code (12/2/98) does not allow me to login to the domain. > >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > >> >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% > >> >> > > >> >> > smbd starts up another process until it brings my server to its knees. > >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND > >> >> > 18191 root 53 0 5128K 786K run 0:23 49.70% > >> >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% > >> >> > > >> >> > NT gives me The system cannot log you on to this domain because the > >> >> > system's computer account in its primary domain is missing or the > >> >> > password > >> >> > on the account is incorrect after a couple of minutes. smbd continues > >> >> > to > >> >> > consume 99% of my cpu time until I kill it. > >> >> > Just started happening this week. > >> >> > > >> >> > The log file shows a continues loop of > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > >> >> > lookupsmbpwnam: unix user name root > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > >> >> > lookupsmbpwuid: unix uid 0 > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > >> >> > lookupsmbpwnam: unix user name hulet > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > >> >> > lookupsmbpwuid: unix uid 204 > >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) > >> >> > line: 'system::1001:,hulet' > >> >> > [1998/12/02 10:05:02, 5] > >> >> > groupdb/groupdb.c:iterate_getusergroupsnam(239) > >> >> > group name system members: 2 > >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > >> >> > searching against user root... > >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) > >> >> > searching against user hulet... > >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) > >> >> > searching for user hulet: found > >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) > >> >> > adding group system() > >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) > >> >> > getgrpunixpwent: enum unix group entry system > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) > >> >> > lookupsmbgrpgid: unix gid 0 > >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > >> >> > sid_to_string returning S-1-5-32-544 > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > >> >> > map_unixid: enum entry unix group admin 68 nt Administrators > >> >> > S-1-5-32-544 > >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) > >> >> > sid_to_string returning S-1-5-21-2223245607-1664418827-1016294829-512 > >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) > >> >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins > >> >> > S-1-5-21-2223245607-1664418827-1016294829-512 > >> >> > > >> >> > .........100's of times until > >> >> > > >> >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) > >> >> > lp_file_list_changed() > >> >> > file /usr/system/samba/lib/smb.conf -> /usr/system/samba/lib/smb.conf > >> >> > last mo > >> >> > d_time: Wed Dec 2 09:28:29 1998 > >> >> > > >> >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) > >> >> > Closing idle connection 2. > >> >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) > >> >> > Closing connections > >> >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) > >> >> > carmack (0.0.0.0) closed connection to service IPC$ > >> >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) > >> >> > Yielding connection to IPC$ > >> >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) > >> >> > Server exit (normal exit) > >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > >> >> > unbecome_user now uid=(0,0) gid=(0,0) > >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) > >> >> > unbecome_user now uid=(0,0) gid=(0,0) > >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > >> >> > Closing connections > >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) > >> >> > Closing connections > >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > >> >> > carmack (129.237.123.72) closed connection to service IPC$ > >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > >> >> > Yielding connection to IPC$ > >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > >> >> > Server exit (caught signal) > >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) > >> >> > carmack (129.237.123.72) closed connection to service IPC$ > >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) > >> >> > Yielding connection to IPC$ > >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) > >> >> > Server exit (caught signal) > >> >> > > >> >> > > >> >> > HELP! > >> >> > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet logic > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > >> > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba and Network Consultancy > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From greg at discreet.com Tue Dec 8 21:22:31 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: Okey Dokey: # Samba config file created using SWAT # from tahiti.rd.discreet.qc.ca (192.168.60.54) # Date: 1998/12/01 18:15:46 # Global parameters workgroup = DL_RDMTL server string = RD Test NT PDC (%v) encrypt passwords = Yes use rhosts = Yes log level = 10 log file = /var/samba/log.%m.%U name resolve order = host wins bcast time server = Yes deadtime = 60 socket options = TCP_NODELAY load printers = No printcap name = /usr/local/samba/lib/printcap logon script = logon.bat logon path = \\tahiti\profiles\%U logon drive = H: logon home = \\dublin\%U domain logons = Yes os level = 100 preferred master = Yes domain master = Yes wins support = Yes remote announce = 172.16.50.103 unix realname = Yes admin users = greg hosts allow = 192.168. 172.16.100.121 printing = lprng print command = lp -d %p %s lpq command = rsh guest@prnsrv lpq -P%p case sensitive = Yes [profiles] path = /usr/local/samba/profiles valid users = @develop read only = No browseable = No [netlogon] comment = NetLogon Share path = /usr/local/samba/netlogon On 08-Dec-98 Luke Kenneth Casson Leighton wrote: > On Tue, 8 Dec 1998, Greg Dickie wrote: > >> tahiti is this machine (ie: the samba PDC from which the log has been >> extracted. > > um... so why is it therefore attempting to connect to itself? > > can you send your smb.conf file? > >> Greg >> >> >> On 08-Dec-98 Luke Kenneth Casson Leighton wrote: >> > is TAHITI your PDC? >> > >> > On Wed, 9 Dec 1998, Greg Dickie wrote: >> > >> >> >> >> Also I forgot to mention that today I had a new problem. It looks like >> >> samba >> >> does not realize that it is the PDC anymore: >> >> >> >> here is the log excerpt: >> >> >> >> [1998/12/08 08:47:12, 1] libsmb/clientgen.c:(2608) >> >> cli_establish_connection: failed to connect to TAHITI<00> >> >> (192.168.60.54) >> >> [1998/12/08 08:47:12, 0] libsmb/clientgen.c:(2796) >> >> cli_connect_serverlist: Domain password server not available. >> >> [1998/12/08 08:47:12, 0] lib/sids.c:(199) >> >> get_member_domain_sid: unable to initialise client connection. >> >> error connecting to 192.168.60.54:139 (Invalid argument) >> >> [1998/12/08 08:48:26, 1] libsmb/clientgen.c:(2608) >> >> cli_establish_connection: failed to connect to TAHITI<00> >> >> (192.168.60.54) >> >> [1998/12/08 08:48:26, 0] libsmb/clientgen.c:(2796) >> >> cli_connect_serverlist: Domain password server not available. >> >> [1998/12/08 08:48:26, 0] lib/sids.c:(199) >> >> get_member_domain_sid: unable to initialise client connection. >> >> started asyncdns process 19021 >> >> >> >> Greg >> >> >> >> >> >> On 08-Dec-98 Michael S. Hulet wrote: >> >> > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I >> >> > cannot >> >> > login and smbd eats up 98% of my cpu time. I don't know if anyone on >> >> > the >> >> > samba team is looking into this anomaly. We are running samba on a DEC >> >> > Alpha 4.0d and it looks like Irix is experiencing the same problem. >> >> > Michael Hulet >> >> > >> >> > >> >> > On Wed, 2 Dec 1998, Greg Dickie wrote: >> >> > >> >> >> >> >> >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact >> >> >> not >> >> >> cycling >> >> >> through the file but always returning the same entry. I'm trying to >> >> >> figure >> >> >> this >> >> >> out at the moment. You're not on IRIX by any chance, are you? >> >> >> >> >> >> Greg >> >> >> >> >> >> On 02-Dec-98 Michael S. Hulet wrote: >> >> >> > The latest CVS code (12/2/98) does not allow me to login to the >> >> >> > domain. >> >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> >> >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% >> >> >> > >> >> >> > smbd starts up another process until it brings my server to its >> >> >> > knees. >> >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> >> >> > 18191 root 53 0 5128K 786K run 0:23 49.70% >> >> >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% >> >> >> > >> >> >> > NT gives me The system cannot log you on to this domain because the >> >> >> > system's computer account in its primary domain is missing or the >> >> >> > password >> >> >> > on the account is incorrect after a couple of minutes. smbd >> >> >> > continues >> >> >> > to >> >> >> > consume 99% of my cpu time until I kill it. >> >> >> > Just started happening this week. >> >> >> > >> >> >> > The log file shows a continues loop of >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> >> >> > lookupsmbpwnam: unix user name root >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> >> >> > lookupsmbpwuid: unix uid 0 >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> >> >> > lookupsmbpwnam: unix user name hulet >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> >> >> > lookupsmbpwuid: unix uid 204 >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) >> >> >> > line: 'system::1001:,hulet' >> >> >> > [1998/12/02 10:05:02, 5] >> >> >> > groupdb/groupdb.c:iterate_getusergroupsnam(239) >> >> >> > group name system members: 2 >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> >> >> > searching against user root... >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> >> >> > searching against user hulet... >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) >> >> >> > searching for user hulet: found >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) >> >> >> > adding group system() >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) >> >> >> > getgrpunixpwent: enum unix group entry system >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) >> >> >> > lookupsmbgrpgid: unix gid 0 >> >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> >> >> > sid_to_string returning S-1-5-32-544 >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> >> >> > map_unixid: enum entry unix group admin 68 nt Administrators >> >> >> > S-1-5-32-544 >> >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> >> >> > sid_to_string returning >> >> >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> >> >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins >> >> >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> >> >> > >> >> >> > .........100's of times until >> >> >> > >> >> >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) >> >> >> > lp_file_list_changed() >> >> >> > file /usr/system/samba/lib/smb.conf -> >> >> >> > /usr/system/samba/lib/smb.conf >> >> >> > last mo >> >> >> > d_time: Wed Dec 2 09:28:29 1998 >> >> >> > >> >> >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) >> >> >> > Closing idle connection 2. >> >> >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) >> >> >> > Closing connections >> >> >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) >> >> >> > carmack (0.0.0.0) closed connection to service IPC$ >> >> >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) >> >> >> > Yielding connection to IPC$ >> >> >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) >> >> >> > Server exit (normal exit) >> >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> >> >> > unbecome_user now uid=(0,0) gid=(0,0) >> >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> >> >> > unbecome_user now uid=(0,0) gid=(0,0) >> >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> >> >> > Closing connections >> >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> >> >> > Closing connections >> >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> >> >> > carmack (129.237.123.72) closed connection to service IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> >> >> > Yielding connection to IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> >> >> > Server exit (caught signal) >> >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> >> >> > carmack (129.237.123.72) closed connection to service IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> >> >> > Yielding connection to IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> >> >> > Server exit (caught signal) >> >> >> > >> >> >> > >> >> >> > HELP! >> >> >> >> >> >> >> --------------------------------------------------------------------- >> >> Greg Dickie >> >> Just A Guy* >> >> *from discreet logic >> >> Montreal >> >> (514) 954-7171 >> >> greg@discreet.com >> >> >> >> >> > >> > Luke Kenneth Casson Leighton >> > >> > Samba and Network Development >> > >> > Samba and Network Consultancy >> > >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet logic >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Tue Dec 8 21:28:25 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: And here's another mystery, I kicked nmbd a second time but this time it actually started, worse than that it connected to itself. Could be initialisation timing? Note that I still can't do anything, but at least nmbd is running. Curiouser and curiouser, Greg On 08-Dec-98 Luke Kenneth Casson Leighton wrote: > On Tue, 8 Dec 1998, Greg Dickie wrote: > >> tahiti is this machine (ie: the samba PDC from which the log has been >> extracted. > > um... so why is it therefore attempting to connect to itself? > > can you send your smb.conf file? > >> Greg >> >> >> On 08-Dec-98 Luke Kenneth Casson Leighton wrote: >> > is TAHITI your PDC? >> > >> > On Wed, 9 Dec 1998, Greg Dickie wrote: >> > >> >> >> >> Also I forgot to mention that today I had a new problem. It looks like >> >> samba >> >> does not realize that it is the PDC anymore: >> >> >> >> here is the log excerpt: >> >> >> >> [1998/12/08 08:47:12, 1] libsmb/clientgen.c:(2608) >> >> cli_establish_connection: failed to connect to TAHITI<00> >> >> (192.168.60.54) >> >> [1998/12/08 08:47:12, 0] libsmb/clientgen.c:(2796) >> >> cli_connect_serverlist: Domain password server not available. >> >> [1998/12/08 08:47:12, 0] lib/sids.c:(199) >> >> get_member_domain_sid: unable to initialise client connection. >> >> error connecting to 192.168.60.54:139 (Invalid argument) >> >> [1998/12/08 08:48:26, 1] libsmb/clientgen.c:(2608) >> >> cli_establish_connection: failed to connect to TAHITI<00> >> >> (192.168.60.54) >> >> [1998/12/08 08:48:26, 0] libsmb/clientgen.c:(2796) >> >> cli_connect_serverlist: Domain password server not available. >> >> [1998/12/08 08:48:26, 0] lib/sids.c:(199) >> >> get_member_domain_sid: unable to initialise client connection. >> >> started asyncdns process 19021 >> >> >> >> Greg >> >> >> >> >> >> On 08-Dec-98 Michael S. Hulet wrote: >> >> > I downloaded a fresh cvs Monday morning 12/8/98. Same problems. I >> >> > cannot >> >> > login and smbd eats up 98% of my cpu time. I don't know if anyone on >> >> > the >> >> > samba team is looking into this anomaly. We are running samba on a DEC >> >> > Alpha 4.0d and it looks like Irix is experiencing the same problem. >> >> > Michael Hulet >> >> > >> >> > >> >> > On Wed, 2 Dec 1998, Greg Dickie wrote: >> >> > >> >> >> >> >> >> YUp, this is what I'm seeing to. It looks like getgrent is, in fact >> >> >> not >> >> >> cycling >> >> >> through the file but always returning the same entry. I'm trying to >> >> >> figure >> >> >> this >> >> >> out at the moment. You're not on IRIX by any chance, are you? >> >> >> >> >> >> Greg >> >> >> >> >> >> On 02-Dec-98 Michael S. Hulet wrote: >> >> >> > The latest CVS code (12/2/98) does not allow me to login to the >> >> >> > domain. >> >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> >> >> > 17933 root 53 0 5784K 1638K run 2:19 99.00% >> >> >> > >> >> >> > smbd starts up another process until it brings my server to its >> >> >> > knees. >> >> >> > PID USERNAME PRI NICE SIZE RES STATE TIME CPU COMMAND >> >> >> > 18191 root 53 0 5128K 786K run 0:23 49.70% >> >> >> > 17933 root 53 0 5920K 1703K run 2:43 49.60% >> >> >> > >> >> >> > NT gives me The system cannot log you on to this domain because the >> >> >> > system's computer account in its primary domain is missing or the >> >> >> > password >> >> >> > on the account is incorrect after a couple of minutes. smbd >> >> >> > continues >> >> >> > to >> >> >> > consume 99% of my cpu time until I kill it. >> >> >> > Just started happening this week. >> >> >> > >> >> >> > The log file shows a continues loop of >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> >> >> > lookupsmbpwnam: unix user name root >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> >> >> > lookupsmbpwuid: unix uid 0 >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwnam(884) >> >> >> > lookupsmbpwnam: unix user name hulet >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbpwuid(908) >> >> >> > lookupsmbpwuid: unix uid 204 >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(203) >> >> >> > line: 'system::1001:,hulet' >> >> >> > [1998/12/02 10:05:02, 5] >> >> >> > groupdb/groupdb.c:iterate_getusergroupsnam(239) >> >> >> > group name system members: 2 >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> >> >> > searching against user root... >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(195) >> >> >> > searching against user hulet... >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:user_is_member(198) >> >> >> > searching for user hulet: found >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupdb.c:add_domain_group(175) >> >> >> > adding group system() >> >> >> > [1998/12/02 10:05:02, 10] groupdb/groupunix.c:getgrpunixpwent(162) >> >> >> > getgrpunixpwent: enum unix group entry system >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) >> >> >> > lookupsmbgrpgid: unix gid 0 >> >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> >> >> > sid_to_string returning S-1-5-32-544 >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> >> >> > map_unixid: enum entry unix group admin 68 nt Administrators >> >> >> > S-1-5-32-544 >> >> >> > [1998/12/02 10:05:02, 7] lib/util_sid.c:sid_to_string(50) >> >> >> > sid_to_string returning >> >> >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> >> >> > [1998/12/02 10:05:02, 10] lib/domain_namemap.c:map_unixid(759) >> >> >> > map_unixid: enum entry unix group ittc 29690 nt Domain Admins >> >> >> > S-1-5-21-2223245607-1664418827-1016294829-512 >> >> >> > >> >> >> > .........100's of times until >> >> >> > >> >> >> > [1998/12/02 10:06:00, 6] param/loadparm.c:lp_file_list_changed(1783) >> >> >> > lp_file_list_changed() >> >> >> > file /usr/system/samba/lib/smb.conf -> >> >> >> > /usr/system/samba/lib/smb.conf >> >> >> > last mo >> >> >> > d_time: Wed Dec 2 09:28:29 1998 >> >> >> > >> >> >> > [1998/12/02 10:06:00, 2] smbd/process.c:smbd_process(872) >> >> >> > Closing idle connection 2. >> >> >> > [1998/12/02 10:06:00, 2] smbd/server.c:exit_server(406) >> >> >> > Closing connections >> >> >> > [1998/12/02 10:06:00, 3] smbd/service.c:close_cnum(510) >> >> >> > carmack (0.0.0.0) closed connection to service IPC$ >> >> >> > [1998/12/02 10:06:00, 3] smbd/connection.c:yield_connection(40) >> >> >> > Yielding connection to IPC$ >> >> >> > [1998/12/02 10:06:00, 3] smbd/server.c:exit_server(431) >> >> >> > Server exit (normal exit) >> >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> >> >> > unbecome_user now uid=(0,0) gid=(0,0) >> >> >> > [1998/12/02 10:08:59, 5] smbd/uid.c:unbecome_user(343) >> >> >> > unbecome_user now uid=(0,0) gid=(0,0) >> >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> >> >> > Closing connections >> >> >> > [1998/12/02 10:08:59, 2] smbd/server.c:exit_server(406) >> >> >> > Closing connections >> >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> >> >> > carmack (129.237.123.72) closed connection to service IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> >> >> > Yielding connection to IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> >> >> > Server exit (caught signal) >> >> >> > [1998/12/02 10:08:59, 3] smbd/service.c:close_cnum(510) >> >> >> > carmack (129.237.123.72) closed connection to service IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/connection.c:yield_connection(40) >> >> >> > Yielding connection to IPC$ >> >> >> > [1998/12/02 10:08:59, 3] smbd/server.c:exit_server(431) >> >> >> > Server exit (caught signal) >> >> >> > >> >> >> > >> >> >> > HELP! >> >> >> >> >> >> >> --------------------------------------------------------------------- >> >> Greg Dickie >> >> Just A Guy* >> >> *from discreet logic >> >> Montreal >> >> (514) 954-7171 >> >> greg@discreet.com >> >> >> >> >> > >> > Luke Kenneth Casson Leighton >> > >> > Samba and Network Development >> > >> > Samba and Network Consultancy >> > >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet logic >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Tue Dec 8 21:51:53 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: On Tue, 8 Dec 1998, Greg Dickie wrote: > Okey Dokey: > > # Samba config file created using SWAT > # from tahiti.rd.discreet.qc.ca (192.168.60.54) > # Date: 1998/12/01 18:15:46 > > # Global parameters > workgroup = DL_RDMTL > server string = RD Test NT PDC (%v) > encrypt passwords = Yes > use rhosts = Yes > log level = 10 > log file = /var/samba/log.%m.%U > name resolve order = host wins bcast > time server = Yes > deadtime = 60 > socket options = TCP_NODELAY > load printers = No > printcap name = /usr/local/samba/lib/printcap > logon script = logon.bat > logon path = \\tahiti\profiles\%U > logon drive = H: > logon home = \\dublin\%U > domain logons = Yes > os level = 100 > preferred master = Yes > domain master = Yes > wins support = Yes > remote announce = 172.16.50.103 never use remote announce unlesss you absolutely have to. this is the only (irrelevant) thing i can see. ok, try me with a debug log level 100, ok? From lkcl at switchboard.net Tue Dec 8 21:53:04 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: On Tue, 8 Dec 1998, Greg Dickie wrote: > > And here's another mystery, I kicked nmbd a second time but this time it > actually started, worse than that it connected to itself. Could be > initialisation timing? Note that I still can't do anything, but at least nmbd > is running. start smbd first. From greg at discreet.com Tue Dec 8 22:03:32 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: er... I did. Greg On 08-Dec-98 Luke Kenneth Casson Leighton wrote: > On Tue, 8 Dec 1998, Greg Dickie wrote: > >> >> And here's another mystery, I kicked nmbd a second time but this time it >> actually started, worse than that it connected to itself. Could be >> initialisation timing? Note that I still can't do anything, but at least >> nmbd >> is running. > > start smbd first. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Tue Dec 8 22:08:23 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: On Tue, 8 Dec 1998, Greg Dickie wrote: > er... I did. oh dear :) ok, try me with some (uncompressed, text-in-message) level 100 logs, direct (not to the list) > > start smbd first. From D.Bannon at latrobe.edu.au Tue Dec 8 23:03:37 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: References: Message-ID: <3.0.3.32.19981209100337.0075d048@bioserve.biochem.latrobe.edu.au> At 08:56 AM 09/12/1998 +1100, Luke Kenneth Casson Leighton wrote: >On Tue, 8 Dec 1998, Greg Dickie wrote: > >> >> And here's another mystery, I kicked nmbd a second time but this time it >> actually started, worse than that it connected to itself. Could be >> initialisation timing? Note that I still can't do anything, but at least nmbd >> is running. > Probably no help, but I experienced the same thing yesterday. A new csv and it would not start, nmbd would die. So I upped the log levels and, would'nt you know it, it worked. I dropped the log levels back again and it continued to start OK. Mine works normally (apart from the message "Your Password has expired etc"). If I get time to do a few restarts I'll look for a pattern. David. Hmm..... ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From aperrin at demog.Berkeley.EDU Tue Dec 8 22:50:07 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:48 2003 Subject: compile problem head branch Message-ID: Hi folks- Just got back from a vacation and tried to compile the latest CVS code; since I've been away I can't tell you when it broke, but here's the symptom: Compiling smbd/predict.c gmake: *** No rule to make target `smbd/noquotas.o', needed by `bin/smbd'. Stop. Using Solaris 2.6, gnu make, gcc 2.8.1. Thanks, Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From johnb at ee.duke.edu Tue Dec 8 23:54:22 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:48 2003 Subject: NT user authentication References: Message-ID: <366DBC2E.7BEA705E@ee.duke.edu> I just downloaded the latest CVS source a half-hour ago, and suddenly I can't connect anymore! It tells me 'the local policy of this system does not allow you to logon interactively' ! I didn't change anything except my samba version. any known breaks here? I am running a Samba PDC with a WinNT4 client. -------------- next part -------------- A non-text attachment was scrubbed... Name: vcard.vcf Type: text/x-vcard Size: 414 bytes Desc: Card for John Burchett Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981208/8ca382d5/vcard.vcf From eparis at ven.ra.rockwell.com Tue Dec 8 23:14:17 1998 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:24:48 2003 Subject: Please clarify cvs vs head vs beta References: <366D85E6.B3A0F488@eng.auburn.edu> Message-ID: <74kbs9$nfu$1@zeus.ven.ra.rockwell.com> Gerald Carter wrote: > The 2.0 alpha was the CVS HEAD branch. Once 2.0Beta1 was > released 2.0 and the CVS Head branch split so as to > continue development without jepodizing the stability of a > soon to be released 2.0. Make sense? > > At this point the HEAD branch is continuing to evolve and > the 2.0 is frozen for the moment except for bug fixes. Furthermore, the HEAD branch has now a version identifier of 2.1alpha. peloy.- From lkcl at switchboard.net Tue Dec 8 23:55:06 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:48 2003 Subject: compile problem head branch In-Reply-To: Message-ID: remove config.cache do ./configure make clean make. this is standard procedure. luke On Wed, 9 Dec 1998, Andrew Perrin - Demography wrote: > Hi folks- > > Just got back from a vacation and tried to compile the latest CVS code; > since I've been away I can't tell you when it broke, but here's the > symptom: > > Compiling smbd/predict.c > gmake: *** No rule to make target `smbd/noquotas.o', needed by `bin/smbd'. > Stop. > > Using Solaris 2.6, gnu make, gcc 2.8.1. > > Thanks, > Andy > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From jamest at math.ksu.edu Tue Dec 8 23:58:01 1998 From: jamest at math.ksu.edu (James Thompson) Date: Tue Dec 2 02:24:48 2003 Subject: What have I done! In-Reply-To: <3.0.3.32.19981209100337.0075d048@bioserve.biochem.latrobe.edu.au> Message-ID: Please forgive the long post. I have a Solaris 2.6 box running the cvs samba code (domain1) from late october serving 6 nt4.0 boxes (mine, and 5 student offices) Everything was running quite nicely until today. My network has a Solaris 2.5.1 box that acts as a DNS server, tape backup, Samba 1.x (workgroup2), etc. etc. I was adding the 2.6 box to the list of clients that could perform backups when I made a typo in the hosts file on the 2.5.1 machine. I mistyped the ip address for my nt samba server so that it pointed to a differnt machine being used as a web server. Now the DNS named records were correct but the NT boxes started using the invalid entry I had placed in the hosts file :-( This broke every machine but my own. It took me a while to find the error as the problem didn't show up until hours after I made the changes. So my machine still saw the correct cvs samba server, the student office computers started sending logon queries to the web server. I fixed the host file on the DNS server and rebooted the NT machines. The student pcs now correctly resolve the ip address for the nt server but still won't work. They are unable to find the PDC. My machine works without any trouble. I've tried both restoring the samba dir tree from backup with no effect. Since nothing works I went ahead a tried the beta3 code just to see what would happen(works on my machine, but not on the others) I'm going nuts here. I'm sure I'm overlooking the obvious, any suggestions? ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 Kansas State University Department of Mathematics ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< From aperrin at demog.Berkeley.EDU Wed Dec 9 01:01:49 1998 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:48 2003 Subject: compile problem head branch In-Reply-To: Message-ID: Did it -- still getting the same error message. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 8 Dec 1998, Luke Kenneth Casson Leighton wrote: > remove config.cache do ./configure make clean make. this is standard > procedure. > > luke > > On Wed, 9 Dec 1998, Andrew Perrin - Demography wrote: > > > Hi folks- > > > > Just got back from a vacation and tried to compile the latest CVS code; > > since I've been away I can't tell you when it broke, but here's the > > symptom: > > > > Compiling smbd/predict.c > > gmake: *** No rule to make target `smbd/noquotas.o', needed by `bin/smbd'. > > Stop. > > > > Using Solaris 2.6, gnu make, gcc 2.8.1. > > > > Thanks, > > Andy > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy > From william at hae.com Wed Dec 9 05:52:30 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: Message-ID: <000301be2338$1bc6b2a0$02010aac@omnibook.wyse.com> How about this... If nmbd requires smbd, it launches smbd if it not already running. --- William Stuart (william@hae.com) Si hoc legere scis nimium eruditionis habes -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Luke Kenneth Casson Leighton Sent: Tuesday, December 08, 1998 1:56 PM To: Multiple recipients of list Subject: RE: Cannot Login to Domain On Tue, 8 Dec 1998, Greg Dickie wrote: > > And here's another mystery, I kicked nmbd a second time but this time it > actually started, worse than that it connected to itself. Could be > initialisation timing? Note that I still can't do anything, but at least nmbd > is running. start smbd first. From tridge at samba.org Wed Dec 9 06:13:09 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:48 2003 Subject: Cannot Login to Domain In-Reply-To: <000301be2338$1bc6b2a0$02010aac@omnibook.wyse.com> (william@hae.com) References: <000301be2338$1bc6b2a0$02010aac@omnibook.wyse.com> Message-ID: <19981209061311Z12614814-16420+135@samba.anu.edu.au> > If nmbd requires smbd, it launches smbd if it not already running. no way, that would be terrible. Luke has yet to name a packet that nmbd needs to respond to that actually needs the SID! From brian at bstc.net Wed Dec 9 07:34:51 1998 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:24:48 2003 Subject: ouch Message-ID: <199812090734.BAA00159@mail.radiks.net> ok, cvs _latest_ , why would it need to contact itself to get SID? why not just read it from the DOM.SID file??!!?? also, this is in security=user nmbd dies, smbd stays running..... machine name- POCK [1998/12/09 02:36:53, 3] libsmb/namequery.c:resolve_hosts(575) resolve_name: Attempting host lookup for name POCK [1998/12/09 02:36:53, 5] libsmb/clientgen.c:cli_establish_connection(2594) cli_establish_connection: POCK<00> connecting to POCK<20> (192.168.1.10) - [ [1998/12/09 02:36:53, 3] lib/util_sock.c:open_socket_out(707) Connecting to 192.168.1.10 at port 139 [1998/12/09 02:36:54, 1] lib/util_sock.c:open_socket_out(736) error connecting to 192.168.1.10:139 (Connection refused) [1998/12/09 02:36:54, 1] libsmb/clientgen.c:cli_establish_connection(2608) cli_establish_connection: failed to connect to POCK<00> (192.168.1.10) [1998/12/09 02:36:54, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 02:36:54, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/09 02:36:54, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 02:36:54, 0] lib/sids.c:get_domain_sids(199) get_member_domain_sid: unable to initialise client connection. AND.... when in security=domain same in nmbd but smbd dies as well..... [1998/12/09 02:44:41, 5] lib/sids.c:read_sid_from_file(117) read_sid_from_file: sid S-1-5-21-2075569995-3768077195-2037518062 [1998/12/09 02:44:41, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/09 02:44:41, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 02:44:41, 0] lib/fault.c:fault_report(40) =============================================================== [1998/12/09 02:44:41, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 12029 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1998/12/09 02:44:41, 0] lib/fault.c:fault_report(43) =============================================================== [1998/12/09 02:44:41, 0] lib/util.c:smb_panic(2453) PANIC: internal error ~~~~~~ Brian Roberson ~~~~~~ ~~~ BrainStorm Technologies ~~ ~~~ Linux Solution Provider ~~~ ~~~~~~~ info@bstc.net ~~~~~~ ~~~~~ http://www.bstc.net/ ~~~~ ~~~~~~~ (402) 690-7306 ~~~~~~ From tridge at samba.org Wed Dec 9 07:54:04 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:48 2003 Subject: ouch In-Reply-To: <199812090734.BAA00159@mail.radiks.net> (message from Brian Roberson on Wed, 9 Dec 1998 18:34:56 +1100) References: <199812090734.BAA00159@mail.radiks.net> Message-ID: <19981209075412Z12583667-27751+135@samba.anu.edu.au> > ok, cvs _latest_ not quite, you're a few hours out of date. The code in nmbd you had the problem with has since been removed :) nmbd is now 25k lines of source code lighter. From john_reid at uow.edu.au Wed Dec 9 11:52:50 1998 From: john_reid at uow.edu.au (John Reid) Date: Tue Dec 2 02:24:48 2003 Subject: ouch again!!!! Message-ID: <366E6492.C1604C7@uow.edu.au> Dear all, try again - is there a limit on the number of attachments in a message to this list as previous message bounced? Firstly, thanks all for such a wonderful idea as samba - i've been developing a hatred of NT server for some time. No disk quotas, no su - either run as administrator all the time or forever logon, logout, etc or spend a fortune on 3rd party b&p I probably should also apologise for trying to run before i can crawl. 2beta2 worked fine without PDC but didn't try anything fancy. However, need PDC support - no spare industrial strength servers to run both s and nt. have been trying all week to compile and run smbd -D... falls over. make uninstall'd, deleted complete source dir (../pkgs/samba) and cvs'ed new code in case i had something silly (overkill?), recompiled and guess what - smbd -D falls over! details: OS - Solaris x86 2.6 patched last week, using shadow passwd file samba - latest cvs downloaded ~8pm AEDT 9/12/98 using "... co samba" - is this correct? procedure - config, make, m inst etc - edit, testparm smb.conf - smbd -D - watched it fall over - ran it again now EGG.SID generated to see if made any diff - watched it fall over - tried adding MNEMNOS$ to smbpasswd in case machine.SID needed to resolve PDC - watched smbpasswd fall over - no smb, no port 139? anything i can do to help, please let me know - although my c is a tad rusty - may be time for the wd40. complete configuration and log files attached - here are what i think may be the important bits: log.smb from 1st run: [1998/12/09 20:07:17, 1] smbd/server.c:main(627) smbd version 2.1.0-prealpha started. ....... [1998/12/09 20:07:18, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/09 20:07:18, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 20:07:18, 0] lib/sids.c:get_domain_sids(199) get_member_domain_sid: unable to initialise client connection. [1998/12/09 20:07:18, 0] smbd/server.c:main(687) ERROR: Samba cannot obtain PDC SID from PDC(s) . log.smb from second run: [1998/12/09 20:11:54, 1] smbd/server.c:main(627) smbd version 2.1.0-prealpha started. ..... [1998/12/09 20:11:54, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-1718833867-3239286558-3910785627 [1998/12/09 20:11:54, 5] lib/sids.c:read_sid_from_file(117) read_sid_from_file: sid S-1-5-21-1718833867-3239286558-3910785627 [1998/12/09 20:11:54, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/09 20:11:54, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 20:11:54, 0] lib/sids.c:get_domain_sids(199) get_member_domain_sid: unable to initialise client connection. [1998/12/09 20:11:54, 0] smbd/server.c:main(687) ERROR: Samba cannot obtain PDC SID from PDC(s) . i haven't added the server (MNEMNOS$) to smbpasswd - do i need to? however smbpassd -m MNEMNOS$ also falls over: ............. pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) .............. Adding chars 0x9c 0x0 (l->u = False) (u->l = False) resolve_name: Attempting lmhosts lookup for name MNEMNOS getlmhostsent: too many columns in lmhosts file (obsolete syntax) resolve_name: Attempting host lookup for name MNEMNOS cli_establish_connection: MNEMNOS<00> connecting to MNEMNOS<20> (130.130.120.15) - [] Connecting to 130.130.120.15 at port 139 error connecting to 130.130.120.15:139 (Connection refused) cli_establish_connection: failed to connect to MNEMNOS<00> (130.130.120.15) cli_shutdown cli_connect_serverlist: Domain password server not available. cli_shutdown get_member_domain_sid: unable to initialise client connection. cheers, John -------------------------------------------------------------------- john reid e-mail john_reid@uow.edu.au technical officer room G02, building 41 school of geosciences phone +61 02 4221 3963 university of wollongong fax +61 02 4221 4250 computers can figure out all kinds of problems, except the things in the world that just don't add up apply standard disclaimers as desired... --------------------------------------------------------------------- -------------- next part -------------- #======================= Global Settings ===================================== [global] debug level = 20 # ===server settings=== workgroup = EGG server string = Geosciences Test Primary Domain Controller hosts allow = 130.130.120. 130.130.123. 127. # Domain support ; domain controller = yes domain logons = yes ; password server = MNEMNOS logon script = user.bat security = domain encrypt passwords = yes domain user map = /usr/local/samba/lib/user.map guest account = guest # Printer support ; load printers = yes ; printcap name = /etc/printcap ; printcap name = lpstat ; printing = lprng # networking socket options = TCP_NODELAY ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: ; local master = yes os level = 65 domain master = yes ; preferred master = yes wins support = yes # machine configuration files log file = /usr/local/samba/var/log.%m max log size = 50 ; include = /usr/local/samba/lib/smb.conf.%m # ===User settings=== # logon scripts ; logon script = %m.bat ; logon script = %U.bat logon script = user.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no [homesdir] comment = Home directory root path = /export/home browseable = yes writable = no valid users = root # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /usr/local/samba/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer ;[printers] ; comment = All Printers ; path = /usr/spool/samba ; browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 From Martin.Schmidt at bundessortenamt.de Wed Dec 9 10:22:52 1998 From: Martin.Schmidt at bundessortenamt.de (Martin Schmidt@Bundessortenamt.de) Date: Tue Dec 2 02:24:48 2003 Subject: beta3 on HPUX 9.04 with cc/gcc Message-ID: <01BE2366.43174F30.Martin.Schmidt@Bundessortenamt.de> Hallo all Samba-2.0.0beta3 didn?t compile on HPUX 9.04 (HP-UX eder A.09.04 E 9000/817 1475312212 8-Benutzer-Lizenz) with ansi-C compiler and gcc (beta2 didn?t compile because of the PRINTCAP ...) I am running Samba-2.0.0beta1 (compiles with cc and a second time with gcc) -------------------8<------------------ $ export CC=cc $ export CFLAGS="-Ae" $ cd samba-2.0.0beta3 $ cd source $ ./configure creating cache ./config.cache checking for gcc... cc checking whether the C compiler (cc -Ae ) works... yes ... checking configure summary WARNING: trapdoor uid system - Samba may not operate correctly configure OK ./configure: sh internal 2K buffer overflow updating cache ./config.cache creating ./config.status creating include/stamp-h creating Makefile creating include/config.h $make ... Compiling lib/crc32.c Compiling lib/snprintf.c Compiling lib/util_str.c Compiling lib/util_sid.c Compiling lib/util_unistr.c Compiling lib/util_file.c Compiling lib/util.c Compiling lib/util_sock.c mkdir bin Linking bin/smbd /bin/ld: Unsatisfied symbols: seteuid (code) setegid (code) *** Error code 1 Stop. $ -------------------8<------------------ mfg Martin.Schmidt ---------------------------------------------------------------------- Bundessortenamt Pr?fstelle Eder am Holz 85452 Moosinning Tel.: 08123/2426 eMail1: Martin.Schmidt@bundessortenamt.de eMail2: Martin_Schmidt@t-online.de ---------------------------------------------------------------------- From john_reid at uow.edu.au Wed Dec 9 12:02:14 1998 From: john_reid at uow.edu.au (John Reid) Date: Tue Dec 2 02:24:48 2003 Subject: testing re ouch again Message-ID: <366E66C6.E77D9A12@uow.edu.au> I received my own message back with only addressing header - did anyone receive the full message. previous attempts resulted in error: Error Condition Re: Posting rejected using communicator v4.5 message contained attachments cheers, John -------------------------------------------------------------------- john reid e-mail john_reid@uow.edu.au technical officer room G02, building 41 school of geosciences phone +61 02 4221 3963 university of wollongong fax +61 02 4221 4250 computers can figure out all kinds of problems, except the things in the world that just don't add up apply standard disclaimers as desired... --------------------------------------------------------------------- From neil at gatewaymedia.co.uk Wed Dec 9 10:58:27 1998 From: neil at gatewaymedia.co.uk (Neil Ballantyne) Date: Tue Dec 2 02:24:48 2003 Subject: Domain Controller not found. Message-ID: <003a01be2362$d9a9bea0$0606060a@sal.gatewaymedia.co.uk> I have the latest cvs on solaris 2.6 x86, and configuration as per the faq, but when I try and add an NT4sp3 box to the domain it comes up with 'The Domain Controller for this domain cannot be located'. Any ideas where I should be looking to fix it? tia, -- neil From tridge at samba.org Wed Dec 9 11:09:11 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:48 2003 Subject: beta3 on HPUX 9.04 with cc/gcc In-Reply-To: <01BE2366.43174F30.Martin.Schmidt@Bundessortenamt.de> References: <01BE2366.43174F30.Martin.Schmidt@Bundessortenamt.de> Message-ID: <19981209110911Z12597180-16420+151@samba.anu.edu.au> > Samba-2.0.0beta3 didn´t compile on HPUX 9.04 (HP-UX eder A.09.04 E > 9000/817 1475312212 8-Benutzer-Lizenz) with ansi-C compiler and gcc > Linking bin/smbd > /bin/ld: Unsatisfied symbols: > seteuid (code) > setegid (code) 1) does the autogenerated includes/config.h have "#define HAVE_SETRESUID 1" in it? 2) if it does, then we need to work out which module isn't using the right #ifdef. Use nm to find which .o file has a seteuid() call in it 3) if includes/config.h doesn't have the HAVE_SETRESUID define then look in config.log to try to work out why configure isn't correctly detecting setresuid(). From tridge at samba.org Wed Dec 9 11:14:35 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:48 2003 Subject: testing re ouch again In-Reply-To: <366E66C6.E77D9A12@uow.edu.au> (message from John Reid on Wed, 9 Dec 1998 22:00:12 +1100) References: <366E66C6.E77D9A12@uow.edu.au> Message-ID: <19981209111438Z12584140-16420+152@samba.anu.edu.au> > I received my own message back with only addressing header - did anyone > receive the full message. previous attempts resulted in error: > > > Error Condition Re: Posting rejected > > using communicator v4.5 > message contained attachments the maximum message size of was exceeded. The config sets a limit of 40k to prevent people costing others too much when putting out large messages. You are better off summarising or putting large logs up for ftp somewhere. From Martin.Schmidt at bundessortenamt.de Wed Dec 9 11:59:41 1998 From: Martin.Schmidt at bundessortenamt.de (Martin Schmidt@Bundessortenamt.de) Date: Tue Dec 2 02:24:48 2003 Subject: AW: beta3 on HPUX 9.04 with cc/gcc Message-ID: <01BE2373.CA9B5020.Martin.Schmidt@Bundessortenamt.de> > -----Urspr?ngliche Nachricht----- > Von: Andrew Tridgell [SMTP:tridge@samba.org] > Gesendet am: Mittwoch, 9. Dezember 1998 12:09 > An: Martin.Schmidt@tscherma.hannover.bsa.de > Cc: samba-ntdom@samba.org > Betreff: Re: beta3 on HPUX 9.04 with cc/gcc > > > Samba-2.0.0beta3 didn?t compile on HPUX 9.04 (HP-UX eder A.09.04 E > > 9000/817 1475312212 8-Benutzer-Lizenz) with ansi-C compiler and gcc > > > Linking bin/smbd > > /bin/ld: Unsatisfied symbols: > > seteuid (code) > > setegid (code) > > 1) does the autogenerated includes/config.h have "#define HAVE_SETRESUID 1" > in it? YES > > 2) if it does, then we need to work out which module isn't using the > right #ifdef. Use nm to find which .o file has a seteuid() call in > it eder(root):../source #find . -name *.o -print | xargs nm Symbols from ./lib/smbrun.o: Name Value Scope Type Subspace setuid | |undef |code | seteuid | |undef |code | Symbols from ./lib/util.o: Name Value Scope Type Subspace setuid | |undef |code | seteuid | |undef |code | setgid | |undef |code | setegid | |undef |code | Symbols from ./smbd/chgpasswd.o: Name Value Scope Type Subspace setuid | |undef |code | seteuid | |undef |code | setgid | |undef |code | setegid | |undef |code | Symbols from ./smbd/uid.o: Name Value Scope Type Subspace seteuid | |undef |code | setuid | |undef |code | and nm: ./smbd/predict.o: no symbols > > 3) if includes/config.h doesn't have the HAVE_SETRESUID define then > look in config.log to try to work out why configure isn't correctly > detecting setresuid(). from config.log: ----------------8<----------------------- configure: In function `main': configure:2638: structure has no member named `d_off' configure: failed program was: #line 2632 "configure" #include "confdefs.h" #include #include #include int main() { struct dirent d; d.d_off; ; return 0; } configure:2663: checking for ino_t configure:2696: checking for loff_t configure:2729: checking for offset_t configure:2762: checking for ssize_t configure:2796: checking for errno in errno.h configure:2809: gcc -c -ansi -O3 conftest.c 1>&5 configure:2831: checking for setresuid declaration configure:2844: gcc -c -ansi -O3 conftest.c 1>&5 configure:2866: checking for setresgid declaration configure:2879: gcc -c -ansi -O3 conftest.c 1>&5 configure:2901: checking for crypt declaration configure:2914: gcc -c -ansi -O3 conftest.c 1>&5 configure:2937: checking for real setresuid configure:2951: gcc -o conftest -ansi -O3 conftest.c 1>&5 configure:2976: checking for real setresgid configure:2990: gcc -c -ansi -O3 conftest.c 1>&5 configure:2985: redefinition of `main' configure:2984: `main' previously defined here configure: In function `main': configure:2986: `samba_cv_have_setresgid' undeclared (first use this function) configure:2986: (Each undeclared identifier is reported only once configure:2986: for each function it appears in.) configure:2987: `yes' undeclared (first use this function) configure: failed program was: ----------------8<----------------------- Sorry, i am not a programmer. Is this OK mfg M.Schmidt ---------------------------------------------------------------------- Bundessortenamt Pr?fstelle Eder am Holz 85452 Moosinning Tel.: 08123/2426 eMail1: Martin.Schmidt@bundessortenamt.de eMail2: Martin_Schmidt@t-online.de ---------------------------------------------------------------------- From alex at targeting.co.uk Wed Dec 9 12:13:46 1998 From: alex at targeting.co.uk (Alex Knowles) Date: Tue Dec 2 02:24:48 2003 Subject: samba mangles files Message-ID: <615CAC0140CED111AF1500805FEDDB8A0D3B43@bill.profero.com> Sorry about this question, but I have samba running as the domain controller of it's own domain next to our nt network, this just for testing while i move over the network from an nt one to a samba one. However at the moment I can join an nt workstation to the samba domain fine, and it all works well. However when i copy a file from an nt machine to the samba box, it mangles the file, so it is unreadable on both machines, however copying from the nt machine to the samba box is fine. any ideas? cheers al From tridge at samba.org Wed Dec 9 12:29:03 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:48 2003 Subject: AW: beta3 on HPUX 9.04 with cc/gcc In-Reply-To: <01BE2373.CA9B5020.Martin.Schmidt@Bundessortenamt.de> References: <01BE2373.CA9B5020.Martin.Schmidt@Bundessortenamt.de> Message-ID: <19981209122915Z12584794-25281+173@samba.anu.edu.au> > configure: In function `main': > configure:2986: `samba_cv_have_setresgid' undeclared (first use this function) ahh, this is something that Jeremy has fixed already, but after the beta3 release. beta3 won't work on any platform that needs setresgid() (that's only HPUX as far as I know). I've put a fixed configure script for beta3 at ftp://samba.org/pub/tridge/configure From Delphine.Asseraf at cetelem.fr Wed Dec 9 13:56:29 1998 From: Delphine.Asseraf at cetelem.fr (Delphine Asseraf) Date: Tue Dec 2 02:24:48 2003 Subject: Samba and NIS+ Message-ID: <366E818D.3A54B7E7@cetelem.fr> I have users on NT4 SP3 that have accounts on UNIX (the same login). Thus, if I understand well, I have to create a smbpasswd file that will be used to recognize if NT users have right to access UNIX files. In encryption.txt, we are told about the way of making a smbpasswd file whith ypcat and mksmbpasswd. Can I use niscat and mksmbpasswd ? Or is there an other script for NIS+ ? Thanks From cartegw at Eng.Auburn.EDU Wed Dec 9 13:59:19 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:48 2003 Subject: samba mangles files References: <615CAC0140CED111AF1500805FEDDB8A0D3B43@bill.profero.com> Message-ID: <366E8237.FF3AEC0@eng.auburn.edu> Alex Knowles wrote: > > However when i copy a file from an nt machine to the samba box, it ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > mangles the file, so it is unreadable on both machines, however > copying from the nt machine to the samba box is fine. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I'm confused You mean mangles the filename or corrupts the data. Could you clarify please? Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Dec 9 14:03:39 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:49 2003 Subject: Samba and NIS+ References: <366E818D.3A54B7E7@cetelem.fr> Message-ID: <366E833B.E8D999B6@eng.auburn.edu> Delphine Asseraf wrote: > > I have users on NT4 SP3 that have accounts on UNIX (the same login). > Thus, if I understand well, I have to create a smbpasswd file that will > be used to recognize if NT users have right to access UNIX files. > In encryption.txt, we are told about the way of making a smbpasswd file > whith ypcat and mksmbpasswd. > Can I use niscat and mksmbpasswd ? > Or is there an other script for NIS+ ? Yes. ypcat is simply used to cat thas passwd map. 'niscat passwd.org_dir' will do the equivalent Speaking off the top of my head, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From alex at targeting.co.uk Wed Dec 9 14:17:28 1998 From: alex at targeting.co.uk (Alex Knowles) Date: Tue Dec 2 02:24:49 2003 Subject: samba mangles files Message-ID: <615CAC0140CED111AF1500805FEDDB8A0D3B44@bill.profero.com> Sorry it leaves the filename, but mangles the data, sorry for the ambiguity! ta al -----Original Message----- From: Gerald W. Carter [mailto:cartegw@Eng.Auburn.EDU] Sent: Wednesday, December 09, 1998 2:01 PM To: Multiple recipients of list Subject: Re: samba mangles files Alex Knowles wrote: > > However when i copy a file from an nt machine to the samba box, it ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > mangles the file, so it is unreadable on both machines, however > copying from the nt machine to the samba box is fine. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I'm confused You mean mangles the filename or corrupts the data. Could you clarify please? Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Wed Dec 9 16:38:52 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server Message-ID: PLEASE REPLY TO SAMBA-TECHNICAL, THANKS is there a way to obtain a list of daemons running? is there a method for starting / stopping them? on slackware, for example, /etc/rc.d/pcmcia.d has "start|stop|restart" which isn't particularly good. on redhat there is a directory where every script in it has "start|stop|restart". what i really wanted was something under program control (c code), although scripts would do. and yet another smb.conf option listing where a file is that contains the scripts. why i am asking is because i have "service control manager" running on the latest version of samba, and i wanted to start / stop / restart httpd, imapd, syslogd etc etc. luke From greg at discreet.com Wed Dec 9 18:36:38 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine to domain with latest CVS Message-ID: Further to my last mail, I'm looking around at the browse lists and indeed something is dodgy. Here is what I see: omain=[DL_RDMTL] OS=[Unix] Server=[Samba 2.1.0-prealpha] connected as guest security=user Server=[TAHITI] User=[nobody] Workgroup=[DL_RDMTL] Domain=[DL_RDMTL] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (RD Test NT PDC (2.1.0-prealpha)) netlogon Disk NetLogon Share This machine has a workgroup list: Workgroup Master --------- ------- TAHITI DL_RDMTL INDIANAPOLIS WINCENTER WINFRAME1 TAHITI is supposed to be my samba PDC for DOMAIN DL_RDMTL but he does not show up as even a master for that domain, in fact he is master of a blank domain! smbclient -L of other machines reveal the same info. Back to log.nmb! Greg -----FW: Cannot add machine to domain with latest CVS----- Date: Wed, 09 Dec 1998 08:21:52 -0500 (EST) From: Greg Dickie To: samba-ntdom@samba.org Subject: Cannot add machine to domain with latest CVS Hi, its me again, Looks like things have changed overnight. Now when I launch nmbd it no longer looks for itself as a password server, this is good, but it also appears not to know it is a PDC, thats bad ;-) Symptom is: when I try to add a machine into the domain I get "Domain controller for this domain cannot be located" Yet log.nmb seems OK to me. (logs available on request) Have not been able to check the getgrent looping problem yet. Progress though, cheers, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com --------------End of forwarded message------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Wed Dec 9 18:38:35 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine to domain with latest CVS Message-ID: Hi, its me again, Looks like things have changed overnight. Now when I launch nmbd it no longer looks for itself as a password server, this is good, but it also appears not to know it is a PDC, thats bad ;-) Symptom is: when I try to add a machine into the domain I get "Domain controller for this domain cannot be located" Yet log.nmb seems OK to me. (logs available on request) Have not been able to check the getgrent looping problem yet. Progress though, cheers, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From william at hae.com Wed Dec 9 19:00:33 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:49 2003 Subject: User Mgr and 2.0.0Beta3 Message-ID: <000401be23a6$329ac660$890eed84@omnibook.wyse.com> To manage local users on an NT machine (the one your on or a remote machine) you can use User Manager for Domains and under User | Selecte Domain and type in the machine name you wish to modify. For Samba 2.0.0 Beta 3, on a machine joined to the domain, User Manager GPF's if you select it. Logs, tcpdump and smb.conf available upon request. --- William Stuart (william@hae.com) Si hoc legere scis nimium eruditionis habes From lkcl at switchboard.net Wed Dec 9 19:25:05 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine to domain with latest CVS In-Reply-To: Message-ID: > TAHITI is supposed to be my samba PDC for DOMAIN DL_RDMTL but he does not show > up as even a master for that domain, in fact he is master of a blank domain! fixed this, greg. From greg at discreet.com Wed Dec 9 19:38:43 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine to domain with latest CVS In-Reply-To: Message-ID: YEAH! I'll try it right away! Thanks! Greg On 09-Dec-98 Luke Kenneth Casson Leighton wrote: >> TAHITI is supposed to be my samba PDC for DOMAIN DL_RDMTL but he does not >> show >> up as even a master for that domain, in fact he is master of a blank domain! > > fixed this, greg. > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Wed Dec 9 20:45:06 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: User Mgr and 2.0.0Beta3 In-Reply-To: <000401be23a6$329ac660$890eed84@omnibook.wyse.com> Message-ID: On Thu, 10 Dec 1998, William Stuart wrote: > To manage local users on an NT machine (the one your on or a remote machine) > you can use User Manager for Domains and under User | Selecte Domain and > type in the machine name you wish to modify. > > For Samba 2.0.0 Beta 3, on a machine joined to the domain, User Manager > GPF's if you select it. that doesn't surprise me. > Logs, tcpdump and smb.conf available upon request. if you said samba 2.1 pre-alpha, i'd be interested in log levels 100 plus smb.conf plus any user/group map files. From lkcl at switchboard.net Wed Dec 9 20:51:32 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <366EC915.24DD87F5@uswest.com> Message-ID: so, the basic impression is that all systems are different. would forcing people to reference a list of scripts that have "start|stop|restart" and optionally "status" be acceptable, taking the cue from redhat? daemon list file = /usr/local/samba/daemons: http /etc/rc.d/rc.init/rc.httpd .... ... yes, it would be a pain: i'd have to modify my slackware start-up by obtaining some scripts from somewhere which accepted "start|stop|restart". From greg at discreet.com Wed Dec 9 20:57:13 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS Message-ID: Thanks Luke, I can now add the machine to the domain but I still get the infinite getgrent loop when I try to log in a user. Did you get my log files last night? We had some mail trouble (aka IS) and I'm not sure what made it out and what didn't. Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Wed Dec 9 21:02:05 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: Maybe I'm missing something but most of these scripts simply start the programs or do a killall to stop them. Could you not simply get a process list from /proc and "do the right thing" ? 'course that UNIX wpuld need procfs and you wouldn't have all the options to start... nevermind... How do I get on samba-technical? ;-) Greg On 09-Dec-98 Luke Kenneth Casson Leighton wrote: > so, the basic impression is that all systems are different. would forcing > people to reference a list of scripts that have "start|stop|restart" and > optionally "status" be acceptable, taking the cue from redhat? > > daemon list file = /usr/local/samba/daemons: > http /etc/rc.d/rc.init/rc.httpd > ... ... > > yes, it would be a pain: i'd have to modify my slackware start-up by > obtaining some scripts from somewhere which accepted "start|stop|restart". > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From johnb at ee.duke.edu Wed Dec 9 21:06:51 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server References: Message-ID: <366EE66B.FB935783@ee.duke.edu> Luke, I think it would be nice if (maybe this was already what you were thinking of) ythe service manager did a lookthrough of the rc.d/init.d, etc directories and prebuild a daemon list file, and then let the user tweak any entries that need changing on a system-to-system basis. Since *most* important services have a nicely-behaved rc.d script, this would reduce the user-typing load to a minimum. btw, I use redhat 5.2. imho, john burchett duke U ee dept. Luke Kenneth Casson Leighton wrote: > so, the basic impression is that all systems are different. would forcing > people to reference a list of scripts that have "start|stop|restart" and > optionally "status" be acceptable, taking the cue from redhat? > > daemon list file = /usr/local/samba/daemons: > http /etc/rc.d/rc.init/rc.httpd > ... ... > > yes, it would be a pain: i'd have to modify my slackware start-up by > obtaining some scripts from somewhere which accepted "start|stop|restart". -------------- next part -------------- A non-text attachment was scrubbed... Name: vcard.vcf Type: text/x-vcard Size: 414 bytes Desc: Card for John Burchett Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981209/781a844c/vcard.vcf From cartegw at Eng.Auburn.EDU Wed Dec 9 21:10:58 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server References: Message-ID: <366EE762.AF74901C@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > so, the basic impression is that all systems are > different. would forcing people to reference a list of > scripts that have "start|stop|restart" and optionally > "status" be acceptable, taking the cue from redhat? I'm not sure this will pan out. Looking down the road, how will you map the disabled/manual/automatic service properties or the "run service as this account"? I would stay away from service management. At least not now. Service are totally disrelated from file sharing. Let Samba do what it does and not attempt to emulate the **entire** NT operating system. Given that such {start|stop} scripts already exist, all it takes is an SSH shell open on the Samba server to manage these. Just some thoughts, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jallison at cthulhu.engr.sgi.com Wed Dec 9 21:16:00 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server References: <366EE762.AF74901C@eng.auburn.edu> Message-ID: <366EE890.4D340FFA@engr.sgi.com> Gerald Carter wrote: > > I would stay away from service management. At least not > now. Service are totally disrelated from file sharing. > Let Samba do what it does and not attempt to emulate > the **entire** NT operating system. Given that such > {start|stop} scripts already exist, all it takes is an > SSH shell open on the Samba server to manage these. Hear, hear ! Now as to adding that functionality to a UNIX command line process - *that's* a much more useful thing to have. Quote of the month - "because the most useful tool in remote NT administration is a car" :-) :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Wed Dec 9 21:50:22 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: On Wed, 9 Dec 1998, Greg Dickie wrote: > Maybe I'm missing something but most of these scripts simply start the programs > or do a killall to stop them. Could you not simply get a process list from > /proc and "do the right thing" ? > > 'course that UNIX wpuld need procfs and you wouldn't have all the options to > start... nevermind... need to restart, too. what about killall smbd (which i do all the time)? what happens then! http://samba.org/listproc.html From lkcl at switchboard.net Wed Dec 9 21:53:54 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <366EE762.AF74901C@eng.auburn.edu> Message-ID: > > so, the basic impression is that all systems are > > different. would forcing people to reference a list of > > scripts that have "start|stop|restart" and optionally > > "status" be acceptable, taking the cue from redhat? > > I'm not sure this will pan out. Looking down the road, how will > you map the disabled/manual/automatic service properties or > the "run service as this account"? hm. become_user(), run script, unbecome_user(). > I would stay away from service management. At least not > now. Service are totally disrelated from file sharing. so is login services. so is printing. so is user manager for domains "SAM database management". etc. which is why i want to split the whole dce/rpc code into separate (GPL) daemons. > Let Samba do what it does and not attempt to emulate > the **entire** NT operating system. Given that such > {start|stop} scripts already exist, all it takes is an > SSH shell open on the Samba server to manage these. nah, nah, i wanna do it all! cake and eat it! ok, i'll settle for comprehensive rpcclient functionality and less in smbd for now. From D.Bannon at latrobe.edu.au Wed Dec 9 21:54:57 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: <3.0.3.32.19981210085457.00749f98@bioserve.biochem.latrobe.edu.au> At 03:41 AM 10/12/1998 +1100, Luke Kenneth Casson Leighton wrote: >PLEASE REPLY TO SAMBA-TECHNICAL, THANKS > >is there a way to obtain a list of daemons running? is there a method for >starting / stopping them? > Luke, I a not sure what you are asking, this is a script that I have in /usr/local/sbin that I use (manually) to stop and start (and gain access to smb.conf and smbpasswd) samba. Usage at the end. #!/bin/sh # Scrip to control Samba server, David Bannon, 14-6-96 # PATH=/bin:/usr/sbin:/usr/bin export PATH case "$1" in 'start') if [ -f /usr/local/samba/bin/smbd ] then /usr/local/samba/bin/smbd -D /usr/local/samba/bin/nmbd -D echo "Starting Samba Server" fi ;; 'conf') if [ -f /usr/local/samba/lib/smb.conf ] then vi /usr/local/samba/lib/smb.conf fi ;; 'pw') if [ -f /usr/local/samba/private/smbpasswd ] then vi /usr/local/samba/private/smbpasswd fi ;; 'restart') psline=`/bin/ps -eo pid,ucomm | fgrep smbd | grep -v grep` if [ "$psline" != "" ] then psline=`/bin/ps -eo pid,ucomm | fgrep smbd | grep -v grep` if [ "$psline" ] then set -- $psline pid=$1 while [ "$pid" != "" ] do /bin/kill -HUP $pid echo "Restarted pid # $pid" shift 2 pid=$1 done fi fi ;; 'stop') psline=`/bin/ps x | grep smbd | grep -v grep` if [ "$psline" != "" ] then while [ "$psline" != "" ] do psline=`/bin/ps x | fgrep smbd | grep -v grep` if [ "$psline" ] then set -- $psline pid=$1 /bin/kill -9 $pid echo "Stopped $pid line = $psline" sleep 2 fi done fi echo "Stopped Samba servers" psline=`/bin/ps x | grep nmbd | grep -v grep` if [ "$psline" ] then set -- $psline pid=$1 /bin/kill -9 $pid echo "Stopped Name Server " fi echo "Stopped Name Servers" ;; *) echo "usage: samba {stop | start | conf | pw }" ;; esac ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From greg at discreet.com Wed Dec 9 21:57:07 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: Dohh! killall smbd wait 5 smbd ;-) On 09-Dec-98 Luke Kenneth Casson Leighton wrote: > On Wed, 9 Dec 1998, Greg Dickie wrote: > >> Maybe I'm missing something but most of these scripts simply start the >> programs >> or do a killall to stop them. Could you not simply get a process list from >> /proc and "do the right thing" ? >> >> 'course that UNIX wpuld need procfs and you wouldn't have all the options to >> start... nevermind... > > need to restart, too. what about killall smbd (which i do all the time)? > what happens then! > > http://samba.org/listproc.html > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Wed Dec 9 21:57:42 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <366EE890.4D340FFA@engr.sgi.com> Message-ID: > Quote of the month - "because the most useful tool in > remote NT administration is a car" :-) :-). quote for next month - "because the most useful tool in remote UNIX administration is an ISDN line". From lkcl at switchboard.net Wed Dec 9 21:58:37 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine to domain with latest CVS In-Reply-To: Message-ID: On Thu, 10 Dec 1998, Greg Dickie wrote: > > Hi, its me again, > > Looks like things have changed overnight. ?? overnight?? try again. see http://samba.org/listproc/samba-cvs. From lkcl at switchboard.net Wed Dec 9 22:00:42 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <3.0.3.32.19981210085457.00749f98@bioserve.biochem.latrobe.edu.au> Message-ID: > >is there a way to obtain a list of daemons running? is there a method for > >starting / stopping them? > > > > Luke, I a not sure what you are asking, this is a script that I have in > /usr/local/sbin that I use (manually) to stop and start (and gain access to > smb.conf and smbpasswd) samba. Usage at the end. one of these for each and every daemon required to be controlled. then an smb.conf file listing a set of daemon name and the location of its control-script file. > #!/bin/sh > # Scrip to control Samba server, David Bannon, 14-6-96 > # > PATH=/bin:/usr/sbin:/usr/bin > export PATH > case "$1" in > 'start') > if [ -f /usr/local/samba/bin/smbd ] > then .... From lkcl at switchboard.net Wed Dec 9 22:01:43 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: On Wed, 9 Dec 1998, Greg Dickie wrote: > Dohh! > > killall smbd > wait 5 > smbd > > ;-) try something similar on NT: try stopping the "remote rpc service" remotely, and tell me if you can restart it remotely or not! From matthew at janus.law.usyd.edu.au Wed Dec 9 22:18:42 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: from "Luke Kenneth Casson Leighton" at Dec 10, 98 09:07:10 am Message-ID: <199812092218.JAA14460@janus.law.usyd.edu.au> > > Quote of the month - "because the most useful tool in > > remote NT administration is a car" :-) :-). > > quote for next month - "because the most useful tool in remote UNIX > administration is an ISDN line". What sort of unix admin tools do you use !. X would need ISDN, but you dont need X to admin a unix machine. The command line tools are not bandwidth hogs. From greg at discreet.com Wed Dec 9 22:27:51 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <199812092218.JAA14460@janus.law.usyd.edu.au> Message-ID: "because the most useful tool in remote UNIX administration is vi" On 09-Dec-98 Matthew Geier wrote: >> > Quote of the month - "because the most useful tool in >> > remote NT administration is a car" :-) :-). >> >> quote for next month - "because the most useful tool in remote UNIX >> administration is an ISDN line". > > What sort of unix admin tools do you use !. X would need ISDN, but you > dont need X to admin a unix machine. > The command line tools are not bandwidth hogs. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Wed Dec 9 22:49:06 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <199812092218.JAA14460@janus.law.usyd.edu.au> Message-ID: On Thu, 10 Dec 1998, Matthew Geier wrote: > > > Quote of the month - "because the most useful tool in > > > remote NT administration is a car" :-) :-). > > > > quote for next month - "because the most useful tool in remote UNIX > > administration is an ISDN line". > > What sort of unix admin tools do you use !. X would need ISDN, but you linux, console mode (80 x 60) using alt f1 to alt f6. what is X? From lkcl at switchboard.net Wed Dec 9 23:13:53 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: On Thu, 10 Dec 1998, Greg Dickie wrote: > > Thanks Luke, > > I can now add the machine to the domain but I still get the infinite > getgrent loop when I try to log in a user. Did you get my log files last night? no. i really really don't know what to do about this, it's a bit beyond my capabilities / experience / resources. why should a stub program that uses getgrent() work and the samba one fail? unless it's being called recursively, and there is a setgrent() in between each getgrent(). can you possibly grep for setgrent() and getgrent() and print out some debug info, then take a look, see if this is in fact happening? From johnb at ee.duke.edu Wed Dec 9 23:22:57 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:49 2003 Subject: How do you make a domain admin? Message-ID: <366F0651.F80643FA@ee.duke.edu> Luke, I am having trouble setting up an admin account. Samba is my PDC, NT my client, and I can now successfully log in as several users, including 'root'. However, when I go to the User Manager and try to view user profile information, it tells me 'access denied' - also for other admin stuff like certain options on the NET command. These are the measures I have already done to setup an admin domain admin group = root domain user map = ... file which contains adm Domain Admins root Administrators I noticed that there are TWO 'Administrators' groups in the User Manager window - one is the preexisting one that responses 'can't find group' when I click on it, and the other that is caused by the domain user map. When I click on it, it shows that the user 'root' is in it. There appears to be a bug of some sort when the mapping of Administrators is done, because it doesn't overwrite/augment the built-in Administrators group like it should. any suggestions on how to get an admin account ? thanx in advance, john burchett johnb@ee.duke.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: vcard.vcf Type: text/x-vcard Size: 414 bytes Desc: Card for John Burchett Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981209/2942a4ca/vcard.vcf From greg at discreet.com Wed Dec 9 23:27:50 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: I did that last week and it looked OK but let me check it again. Is there any othre way to reset the file pointer? Greg On 09-Dec-98 Luke Kenneth Casson Leighton wrote: > On Thu, 10 Dec 1998, Greg Dickie wrote: > >> >> Thanks Luke, >> >> I can now add the machine to the domain but I still get the infinite >> getgrent loop when I try to log in a user. Did you get my log files last >> night? > > no. > > i really really don't know what to do about this, it's a bit beyond my > capabilities / experience / resources. why should a stub program that > uses getgrent() work and the samba one fail? > > unless it's being called recursively, and there is a setgrent() in between > each getgrent(). > > can you possibly grep for setgrent() and getgrent() and print out some > debug info, then take a look, see if this is in fact happening? > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Wed Dec 9 23:31:49 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: How do you make a domain admin? In-Reply-To: <366F0651.F80643FA@ee.duke.edu> Message-ID: 1. [Text: vcard.vcf] (429bytes) "Card for John Burchett" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ argh!!! On Thu, 10 Dec 1998, John Burchett wrote: > Luke, > > I am having trouble setting up an admin account. Samba is my PDC, NT my > client, and I can now successfully log in as several users, including > 'root'. However, when I go to the User Manager and try to view user > profile information, it tells me 'access denied' - also for other admin > stuff like certain options on the NET command. These are the measures I > have already done to setup an admin > > domain admin group = root this option is no longer in samba 2.1 pre-alpha. > domain user map = ... file which contains > adm Domain Admins > root Administrators you need: domain group map = ... file which contains adm="Domain Admins" and: local group map = ... file which contains wheel="Administrators" and: domain user map = ... file which contains root=Administrator and IMPORTANTLY: private/smbpasswd file which contains root:..... NOT, repeat NOT: administrator:.... then in /etc/group, any users that you want to be local administrators must be in wheen, and anyu users that you want to be domain admins must be in adm. From lkcl at switchboard.net Wed Dec 9 23:32:40 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: On Wed, 9 Dec 1998, Greg Dickie wrote: > I did that last week and it looked OK but let me check it again. Is there any > othre way to reset the file pointer? i do not know, all i did was look up the man pages and grep samba source code for pre-existing examples. From johnb at ee.duke.edu Wed Dec 9 23:43:40 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:49 2003 Subject: How do you make a domain admin? References: Message-ID: <366F0B2C.D4843655@ee.duke.edu> luke, cool, now my Domain user map will actually work. I didn't notice the '=' in those lines, you might check the man page, because it doesn't mention equal signs. Now I can login as Administrator (mapped to root), but there are still two Administrator groups, and I'm in only one of them also note, when I click on 'Domain Admins', USRMGR goes *boom* for some reason, and when I click on a user to get profile info, I get a long wait followed by 'remote procedure call failed'. I assume this means that displaying profile info isn't supported yet? one last thing, I have tried using the CVS as shown on the web site, but somehow I keep getting old code that is dated a few months back, and it's the alpha (not beta) version!? Where can I get the latest code? I've been looking on ftp.samba.org/.../cvs_current. Is that the place? thanx again for the help, john burchett johnb@ee.duke.edu Luke Kenneth Casson Leighton wrote: > 1. [Text: vcard.vcf] (429bytes) "Card for John Burchett" > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ argh!!! > > On Thu, 10 Dec 1998, John Burchett wrote: > > > Luke, > > > > I am having trouble setting up an admin account. Samba is my PDC, NT my > > client, and I can now successfully log in as several users, including > > 'root'. However, when I go to the User Manager and try to view user > > profile information, it tells me 'access denied' - also for other admin > > stuff like certain options on the NET command. These are the measures I > > have already done to setup an admin > > > > domain admin group = root > > this option is no longer in samba 2.1 pre-alpha. > > > domain user map = ... file which contains > > adm Domain Admins > > root Administrators > > you need: > > domain group map = ... file which contains > adm="Domain Admins" > > and: > > local group map = ... file which contains > wheel="Administrators" > > and: > domain user map = ... file which contains > root=Administrator > > and IMPORTANTLY: > private/smbpasswd file which contains > root:..... > > NOT, repeat NOT: > administrator:.... > > then in /etc/group, any users that you want to be local administrators > must be in wheen, and anyu users that you want to be domain admins must be > in adm. -------------- next part -------------- A non-text attachment was scrubbed... Name: vcard.vcf Type: text/x-vcard Size: 414 bytes Desc: Card for John Burchett Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981209/632d8e96/vcard.vcf From greg at discreet.com Wed Dec 9 23:42:22 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: Hmm setgrent appears in 3 files (aliasunix.c,groupunix.c,builtinunix.c) are all these mutually exclusive? On 09-Dec-98 Luke Kenneth Casson Leighton wrote: > On Wed, 9 Dec 1998, Greg Dickie wrote: > >> I did that last week and it looked OK but let me check it again. Is there >> any >> othre way to reset the file pointer? > > i do not know, all i did was look up the man pages and grep samba source > code for pre-existing examples. > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From tridge at samba.org Wed Dec 9 23:47:28 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: (message from Luke Kenneth Casson Leighton on Thu, 10 Dec 1998 03:41:22 +1100) References: Message-ID: <19981209234733Z12613788-27751+315@samba.anu.edu.au> > why i am asking is because i have "service control manager" running on the > latest version of samba, and i wanted to start / stop / restart httpd, > imapd, syslogd etc etc. Please don't put this explicitly in Samba, it's quite inappropriate and varies far too much between OSes. What you could do is have a option: os serices = /etc/services.conf then that file would contain a line per service like this: inetd "Internet super daemon" /etc/rc.d/init.d/inetd and the specified script would be run with "start", "stop", "restart" ok? please don't put any _specific_ services in Samba. From tridge at samba.org Wed Dec 9 23:57:06 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <366EE66B.FB935783@ee.duke.edu> (message from John Burchett on Thu, 10 Dec 1998 08:05:42 +1100) References: <366EE66B.FB935783@ee.duke.edu> Message-ID: <19981209235719Z12584794-25281+343@samba.anu.edu.au> > I think it would be nice if (maybe this was already what you were thinking > of) ythe service manager did a lookthrough of the rc.d/init.d, etc > directories and prebuild a daemon list file, and then let the user tweak any > entries that need changing on a system-to-system basis. Since *most* > important services have a nicely-behaved rc.d script, this would reduce the > user-typing load to a minimum. btw, I use redhat 5.2. no, don't do this. I think a fair number of sysadmins will be like me and will hate the idea of a remote NT box being able to control services on my box. I certainly don't want Samba squirreling through my startup scripts looking for things to screw up. If a admin wants this they can use: cd /etc/rc.d/init.d ls | awk '{print $1" "/etc/rc.d/init.d/$1}' > /etc/services.conf From lkcl at switchboard.net Thu Dec 10 00:05:21 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: On Wed, 9 Dec 1998, Greg Dickie wrote: > > Hmm setgrent appears in 3 files (aliasunix.c,groupunix.c,builtinunix.c) are all > these mutually exclusive? possibly not. imagine a situation in which a group enumeration occurs, it gets group info (members of the group). the group enumeration could call getgrent, and the enumeration of the group members could do likewise. what about getting the primary user's group and the users' group members? etc. so it's all riddled with awkward horrible stuff and i'm giving serious consideration to cacheing the unix group -> nt rid data using groupdb/aliasfile.c,groupfile.c and builtinfile.c. the enumeration algorithms for *unix.c are probably order n squared at least, and for them to be fixed properly then need to be order n cubed, which is horrible. From lkcl at switchboard.net Thu Dec 10 00:15:53 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: How do you make a domain admin? In-Reply-To: <366F0B2C.D4843655@ee.duke.edu> Message-ID: 1. [Text: vcard.vcf] (429bytes) "Card for John Burchett" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ argh! On Thu, 10 Dec 1998, John Burchett wrote: > luke, > > cool, now my Domain user map will actually work. I didn't notice the '=' in > those lines, you might check the man page, because it doesn't mention equal > signs. label(domaingroupmap) dit(bf(domain group map (G))) The map file is parsed line by line. If any line begins with a tt('#') or a tt(';') then it is ignored. Each line should contain a single UNIX group name on the left then a single NT Domain Group name on the right, separated by a tabstop or tt('='). If either name contains spaces then ^^^^^^^^^^^^^^^^^^ it should be enclosed in quotes. The line can be either of the form: tt( UNIXgroupname \\DOMAIN_NAME\\DomainGroupName ) or: tt( UNIXgroupname DomainGroupName ) > Now I can login as Administrator (mapped to root), but there are still > two Administrator groups, and I'm in only one of them you used the files i sent you verbatim? thin is root in both the adm _and_ the wheel /etc/group file ? > also note, when I click on 'Domain Admins', USRMGR goes *boom* for some > reason, and when I click on a user to get profile info, I get a long wait > followed by 'remote procedure call failed'. I assume this means that > displaying profile info isn't supported yet? no it does not mean that displaying profile info isn't supported. > one last thing, I have tried using the CVS as shown on the web site, but > somehow I keep getting old code that is dated a few months back, and it's the > alpha (not beta) version!? Where can I get the latest code? I've been looking > on ftp.samba.org/.../cvs_current. Is that the place? check out in a totally new directory do not use an old or pre-existing one. > > 1. [Text: vcard.vcf] (429bytes) "Card for John Burchett" > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ argh!!! From lkcl at switchboard.net Thu Dec 10 00:18:08 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:49 2003 Subject: listing of daemons running on a unix server In-Reply-To: <19981209234733Z12613788-27751+315@samba.anu.edu.au> Message-ID: On Thu, 10 Dec 1998, Andrew Tridgell wrote: > > why i am asking is because i have "service control manager" running on the > > latest version of samba, and i wanted to start / stop / restart httpd, > > imapd, syslogd etc etc. > > Please don't put this explicitly in Samba, it's quite inappropriate > and varies far too much between OSes. exactly. > What you could do is have a option: > > os serices = /etc/services.conf > > then that file would contain a line per service like this: > > inetd "Internet super daemon" /etc/rc.d/init.d/inetd > > and the specified script would be run with "start", "stop", "restart" > > ok? this is exactly how i envisage this to be done, you've even thought of a good name for the new smb.conf option :-) > please don't put any _specific_ services in Samba. what do you mean? From ken at sdd.hp.com Thu Dec 10 00:18:23 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:49 2003 Subject: Access Controls for Swat ? Message-ID: <199812100018.QAA06622@hpsdlz.sdd.hp.com> Are there any access controls for swat ? This is in the SAMBA_2_0 branch ... I see a call in cgi.c at startup like if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) { cgi_setup_error("400 Server Error", "", "Samba is configured to deny access from this client \n
Check your \"hosts allow\" and \"hosts deny\" options in smb.conf "); } which looks like its paying attention to a hosts allow/deny config but I have no idea how to set it up and can find no docs :-) ?? -- Ken From leisner at rochester.rr.com Thu Dec 10 00:20:00 1998 From: leisner at rochester.rr.com (Marty Leisner) Date: Tue Dec 2 02:24:49 2003 Subject: User Mgr and 2.0.0Beta3 In-Reply-To: Your message of "Thu, 10 Dec 1998 06:05:22 +1100." <000401be23a6$329ac660$890eed84@omnibook.wyse.com> Message-ID: <199812100020.TAA02299@rochester.rr.com> I'm confused about usrmgr. All I see is a program called musrmgr. I went to a machine at work (NT 4.0 workstation on a domain) and also only see musrmgr. What/where is usrmgr? Marty Leisner From tridge at samba.org Thu Dec 10 00:47:51 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:49 2003 Subject: Access Controls for Swat ? In-Reply-To: <199812100018.QAA06622@hpsdlz.sdd.hp.com> (message from Ken Stone on Thu, 10 Dec 1998 11:20:40 +1100) References: <199812100018.QAA06622@hpsdlz.sdd.hp.com> Message-ID: <19981210004751Z12583667-27751+321@samba.anu.edu.au> > which looks like its paying attention to a hosts allow/deny config but I > have no idea how to set it up and can find no docs :-) ?? SWAT has the following access controls: 1) passwords 2) it obeys the global smb.conf "hosts allow" and "hosts deny" settings 3) it's launched via inetd so you can easily use tcpwrappers if you want to Note that if you change the "hosts allow" and "hosts deny" settings from within SWAT then it is _very_ easy to deny yourself access! Then you need to fix it by hand editing smb.conf. Jeremy, want to add this to the SWAT man page? From greg at discreet.com Thu Dec 10 00:48:38 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:49 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: On 10-Dec-98 Luke Kenneth Casson Leighton wrote: > On Wed, 9 Dec 1998, Greg Dickie wrote: > >> >> Hmm setgrent appears in 3 files (aliasunix.c,groupunix.c,builtinunix.c) are >> all >> these mutually exclusive? > > possibly not. imagine a situation in which a group enumeration occurs, it > gets group info (members of the group). the group enumeration could call > getgrent, and the enumeration of the group members could do likewise. > > what about getting the primary user's group and the users' group members? > etc. > > so it's all riddled with awkward horrible stuff and i'm giving serious > consideration to cacheing the unix group -> nt rid data using > groupdb/aliasfile.c,groupfile.c and builtinfile.c. I was thinking about this as well, its not like the group database changes too often. Of course you still need to cycle through it at least once and how would you know when your cache needs to be flushed in an NIS situation? > > the enumeration algorithms for *unix.c are probably order n squared at > least, and for them to be fixed properly then need to be order n cubed, > which is horrible. > ---------------------------------- greg dickie just a guy* *from discreet logic Linux, the choice of a GNU generation! ---------------------------------- From matthew at janus.law.usyd.edu.au Thu Dec 10 00:54:52 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:50 2003 Subject: Log messages... In-Reply-To: <19981210004751Z12583667-27751+321@samba.anu.edu.au> from "Andrew Tridgell" at Dec 10, 98 11:49:04 am Message-ID: <199812100054.LAA28731@janus.law.usyd.edu.au> Lack of NT domain model experience showing here -- what does this mean ? [1998/12/10 22:49:06, 0] passdb/sampass.c:getsamfile21pwent(107) trust account bentham$ should be in DOMAIN_GROUP_RID_USERS This message is appearing every time I start usermgr, and is repeated for each machine account. I have all the machine accounts in a unix group called 'machine'. I presume this unix group would need to be mapped to some 'Well known' NT group ? No matter who I login as ( on all 3 machines I have in the test domain) im getting 'Your password has expired'. The main account I use it most definatly hasnt expired , I used the CTRL-ALT-DEL password option to change it from NT... From ken at sdd.hp.com Thu Dec 10 01:03:53 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:50 2003 Subject: Access Controls for Swat ? In-Reply-To: Your message of Thu, 10 Dec 1998 11:47:51 +1100. <19981210004751Z12583667-27751+321@samba.anu.edu.au> Message-ID: <199812100103.RAA07230@hpsdlz.sdd.hp.com> Ok, so there is no way to select which users can access it ? It would appear that anyone with an account/password on the samba/swat server can access swat ? Guess thats ok ... I'll have to consider it a bit. -- Ken > > which looks like its paying attention to a hosts allow/deny config but I > > have no idea how to set it up and can find no docs :-) ?? > > SWAT has the following access controls: > > 1) passwords > 2) it obeys the global smb.conf "hosts allow" and "hosts deny" settings > 3) it's launched via inetd so you can easily use tcpwrappers if you > want to > > Note that if you change the "hosts allow" and "hosts deny" settings > from within SWAT then it is _very_ easy to deny yourself access! Then > you need to fix it by hand editing smb.conf. > > Jeremy, want to add this to the SWAT man page? From john_reid at uow.edu.au Thu Dec 10 02:17:04 1998 From: john_reid at uow.edu.au (John Reid) Date: Tue Dec 2 02:24:50 2003 Subject: ouch again!!!! Message-ID: <366F2F20.4530B6A2@uow.edu.au> Dear all, Apologies for the list pollution earlier - tried to attach complete log files as appendix. too much of a beginner to know which bits really relevant. is it possible to set up the list server to give slightly more informative error messages so i don't have to bother everyone with crud? I probably should also apologise for trying to run before i can crawl. 2beta2 worked fine without PDC but didn't try anything fancy. However, need PDC support. have been trying to compile and run: smbd -D... falls over. make uninstall'd, deleted complete source dir (../pkgs/samba) and cvs'ed new code in case i had done something silly (overkill?), recompiled and guess what - smbd -D falls over! details: OS - Solaris x86 2.6 patched last week, using shadow passwd file samba - (was latest) cvs downloaded ~8pm AEDT 9/12/98 using "... co samba" - is this correct? now 11am 10/12 - still smae problem procedure - config, make, m inst etc - edit, testparm smb.conf - smbd -D - watched it fall over - ran it again now EGG.SID generated to see if made any diff - watched it fall over - tried adding MNEMNOS$ to smbpasswd in case machine.SID needed to resolve PDC - watched smbpasswd fall over - no smb, no port 139? anything i can do to help, please let me know - although my c is a tad rusty - may be time for the wd40. complete configuration and log files attached - here are what i think may be the important bits: log.smb from 1st run: [1998/12/09 20:07:17, 1] smbd/server.c:main(627) smbd version 2.1.0-prealpha started. ....... [1998/12/09 20:07:18, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/09 20:07:18, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 20:07:18, 0] lib/sids.c:get_domain_sids(199) get_member_domain_sid: unable to initialise client connection. [1998/12/09 20:07:18, 0] smbd/server.c:main(687) ERROR: Samba cannot obtain PDC SID from PDC(s) . log.smb from second run: [1998/12/09 20:11:54, 1] smbd/server.c:main(627) smbd version 2.1.0-prealpha started. ..... [1998/12/09 20:11:54, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-1718833867-3239286558-3910785627 [1998/12/09 20:11:54, 5] lib/sids.c:read_sid_from_file(117) read_sid_from_file: sid S-1-5-21-1718833867-3239286558-3910785627 [1998/12/09 20:11:54, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) cli_connect_serverlist: Domain password server not available. [1998/12/09 20:11:54, 10] libsmb/clientgen.c:cli_shutdown(2411) cli_shutdown [1998/12/09 20:11:54, 0] lib/sids.c:get_domain_sids(199) get_member_domain_sid: unable to initialise client connection. [1998/12/09 20:11:54, 0] smbd/server.c:main(687) ERROR: Samba cannot obtain PDC SID from PDC(s) . i haven't added the server (MNEMNOS$) to smbpasswd - do i need to? however smbpassd -m MNEMNOS$ also falls over: relevant bits of smb.conf [global] debug level = 20 # ===server settings=== workgroup = EGG # Domain support domain logons = yes logon script = user.bat security = domain encrypt passwords = yes domain user map = /usr/local/samba/lib/user.map guest account = guest # Printer support ; load printers = yes ; printcap name = /etc/printcap ; printcap name = lpstat ; printing = lprng # Browser Control Options: ; local master = yes os level = 65 domain master = yes ; preferred master = yes wins support = yes cheers, John -------------------------------------------------------------------- john reid e-mail john_reid@uow.edu.au technical officer room G02, building 41 school of geosciences phone +61 02 4221 3963 university of wollongong fax +61 02 4221 4250 computers can figure out all kinds of problems, except the things in the world that just don't add up apply standard disclaimers as desired... --------------------------------------------------------------------- From tridge at samba.org Thu Dec 10 01:16:55 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:50 2003 Subject: Access Controls for Swat ? In-Reply-To: <199812100103.RAA07230@hpsdlz.sdd.hp.com> (message from Ken Stone on Wed, 09 Dec 1998 17:03:53 -0800) References: <199812100103.RAA07230@hpsdlz.sdd.hp.com> Message-ID: <19981210011656Z12583667-16420+334@samba.anu.edu.au> > Ok, so there is no way to select which users can access it ? It would > appear that anyone with an account/password on the samba/swat server can > access swat ? one method is to use the unix permissions on smb.conf to deny them access. If they can't read smb.conf then they can't do much in SWAT. maybe we should also make SWAT obey the global "valid users" and "invalid users" options? Jeremy, what do you think? From ken at sdd.hp.com Thu Dec 10 01:23:33 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:50 2003 Subject: Access Controls for Swat ? In-Reply-To: Your message of Thu, 10 Dec 1998 12:16:55 +1100. <19981210011656Z12583667-16420+334@samba.anu.edu.au> Message-ID: <199812100123.RAA07684@hpsdlz.sdd.hp.com> > > Ok, so there is no way to select which users can access it ? It would > > appear that anyone with an account/password on the samba/swat server can > > access swat ? > > one method is to use the unix permissions on smb.conf to deny them > access. If they can't read smb.conf then they can't do much in SWAT. Nope ... just tried it ... mode 700, owner root. Logged into Swat as normal user and can see everything. Swat is running as root out of inetd and doesn't appear to switch users to whomever logs in. > maybe we should also make SWAT obey the global "valid users" and > "invalid users" options? Jeremy, what do you think? What I was looking for is a way to restrict swat to admins on a large samba server ... don't see how global valid users would do much though I guess it should pay attention to that for the small cases where valis users is used ? -- Ken From tridge at samba.org Thu Dec 10 01:37:55 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:50 2003 Subject: Access Controls for Swat ? In-Reply-To: <199812100123.RAA07684@hpsdlz.sdd.hp.com> (message from Ken Stone on Wed, 09 Dec 1998 17:23:33 -0800) References: <199812100123.RAA07684@hpsdlz.sdd.hp.com> Message-ID: <19981210013806Z12597180-25281+350@samba.anu.edu.au> > Nope ... just tried it ... mode 700, owner root. Logged into Swat > as normal user and can see everything. ahh, I know why. When I added support for "hosts allow" and "hosts deny" in SWAT I needed to move the smb.conf loading to before the uid switch. It has to do tht as it needs the contents of smb.conf in order to authenticate users. > Swat is running as root out of inetd and doesn't appear to switch > users to whomever logs in. it does switch, but only after it has authenticated the user. I'll fix it to disallow display of smb.conf if the user doesn't have read access. From lkcl at switchboard.net Thu Dec 10 01:58:44 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: Access Controls for Swat ? In-Reply-To: <199812100018.QAA06622@hpsdlz.sdd.hp.com> Message-ID: On Thu, 10 Dec 1998, Ken Stone wrote: > > Are there any access controls for swat ? This is in the SAMBA_2_0 branch ... > > I see a call in cgi.c at startup like > > if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) { ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^ from smb.conf.yo: label(allow hosts) dit(bf(allow hosts (S))) A synonym for this parameter is link(bf('hosts allow'))(hostsallow) This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service. From lkcl at switchboard.net Thu Dec 10 01:59:18 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: User Mgr and 2.0.0Beta3 In-Reply-To: <199812100020.TAA02299@rochester.rr.com> Message-ID: On Thu, 10 Dec 1998, Marty Leisner wrote: > > I'm confused about usrmgr. > > All I see is a program called musrmgr. > > I went to a machine at work (NT 4.0 workstation on a domain) and also > only see musrmgr. > > What/where is usrmgr? nt server comes with usrmgr.exe. nt wksa comes with musrmgr.exe. samba has rpcclient. From lkcl at switchboard.net Thu Dec 10 02:01:47 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: > > so it's all riddled with awkward horrible stuff and i'm giving serious > > consideration to cacheing the unix group -> nt rid data using > > groupdb/aliasfile.c,groupfile.c and builtinfile.c. > > I was thinking about this as well, its not like the group database changes too > often. Of course you still need to cycle through it at least once and how would > you know when your cache needs to be flushed in an NIS situation? i know, and i'd really like someone else to think about this one and deal with it. the code to do the cacheing exists, it's all there (i think aliasfile.c etc hasn't been compiled up for a while, i'll have to fix that) and it needs "mod / add / delete" added to it to be useful. From lkcl at switchboard.net Thu Dec 10 02:05:33 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: Log messages... In-Reply-To: <199812100054.LAA28731@janus.law.usyd.edu.au> Message-ID: On Thu, 10 Dec 1998, Matthew Geier wrote: > Lack of NT domain model experience showing here -- what does this mean ? > > [1998/12/10 22:49:06, 0] passdb/sampass.c:getsamfile21pwent(107) > trust account bentham$ should be in DOMAIN_GROUP_RID_USERS > > This message is appearing every time I start usermgr, and is repeated > for each machine account. > I have all the machine accounts in a unix group called 'machine'. I good. > presume this unix group would need to be mapped to some 'Well known' > NT group ? NT systems expect trust accounts to be in the well-known domain group "users", this is the default. i don't really want to "enforce" it by "fixing" the group_rid to 0x201 or whatever, but i put that log message there to remind me that it's still an issue to be resolved. > No matter who I login as ( on all 3 machines I have in the test domain) > im getting 'Your password has expired'. The main account I use it most i know! i'm wondering why, i think it's the "last change time" getting put as "password must change time" instead! From lkcl at switchboard.net Thu Dec 10 02:08:56 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: ouch again!!!! In-Reply-To: <366F2F20.4530B6A2@uow.edu.au> Message-ID: On Thu, 10 Dec 1998, John Reid wrote: > Dear all, > > Apologies for the list pollution earlier - tried to attach complete log > files as appendix. too much of a beginner to know which bits really > relevant. is it possible to set up the list server to give slightly > more informative error messages so i don't have to bother everyone with > crud? > > I probably should also apologise for trying to run before i can crawl. > 2beta2 worked fine without PDC but didn't try anything fancy. However, > need PDC support. > > have been trying to compile and run: smbd -D... falls over. > make uninstall'd, deleted complete source dir (../pkgs/samba) and cvs'ed > new code in case i had done something silly (overkill?), recompiled and > guess > what - smbd -D falls over! > [1998/12/09 20:07:18, 0] libsmb/clientgen.c:cli_connect_serverlist(2796) > cli_connect_serverlist: Domain password server not available. this means you have no "password server = " option. > relevant bits of smb.conf > > [global] > > debug level = 20 > > # ===server settings=== > workgroup = EGG > > # Domain support > > domain logons = yes > logon script = user.bat > security = domain here you go, you're in "security = domain" mode which means "i am a member of a domain", where is your PDC? you should have "password server = YOUR_PDC_NETBIOS_NAME". > encrypt passwords = yes > > domain user map = /usr/local/samba/lib/user.map > guest account = guest > > # Printer support > ; load printers = yes > ; printcap name = /etc/printcap > ; printcap name = lpstat > ; printing = lprng > > # Browser Control Options: > ; local master = yes > os level = 65 > domain master = yes > ; preferred master = yes > wins support = yes > > > > cheers, > John > > -------------------------------------------------------------------- > john reid e-mail john_reid@uow.edu.au > technical officer room G02, building 41 > school of geosciences phone +61 02 4221 3963 > university of wollongong fax +61 02 4221 4250 > > computers can figure out all kinds of problems, except the things in > the world that just don't add up > > apply standard disclaimers as desired... > --------------------------------------------------------------------- > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From jallison at cthulhu.engr.sgi.com Thu Dec 10 02:30:03 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:50 2003 Subject: Access Controls for Swat ? References: <199812100103.RAA07230@hpsdlz.sdd.hp.com> <19981210011656Z12583667-16420+334@samba.anu.edu.au> Message-ID: <366F322B.454525F7@engr.sgi.com> Andrew Tridgell wrote: > > > Ok, so there is no way to select which users can access it ? It would > > appear that anyone with an account/password on the samba/swat server can > > access swat ? > > one method is to use the unix permissions on smb.conf to deny them > access. If they can't read smb.conf then they can't do much in SWAT. > > maybe we should also make SWAT obey the global "valid users" and > "invalid users" options? Jeremy, what do you think? It makes sense to me. But I was the person who wanted to restrict it to people who have write access to smb.conf so what do I know :-) :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From johnb at ee.duke.edu Thu Dec 10 03:28:06 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:50 2003 Subject: How do you make a domain admin? References: Message-ID: <366F3FC6.7274346C@ee.duke.edu> Sorry about the vcard's... so where IS the new updated CVS directory? I can't seem to find it in any of the FTP sites or the CVS instruction page! From mhaigh at village.vut.edu.au Thu Dec 10 03:42:21 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:50 2003 Subject: trust accounts Message-ID: <366F431D.E6F5091@village.vut.edu.au> Hmmm - obviously I've missed something somewhere along the line. Using today's CVS source, trying to log in from an NT machine I get a lot of lines in the logs saying trust account MACHINE_NAME$ should be in DOMAIN_GROUP_RID_USERS Any ideas what I've done wrong??? -------------- next part -------------- A non-text attachment was scrubbed... Name: mhaigh.vcf Type: text/x-vcard Size: 279 bytes Desc: Card for Mick Haigh Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981210/efc2efff/mhaigh.vcf From D.Bannon at latrobe.edu.au Thu Dec 10 03:40:36 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:50 2003 Subject: How do you make a domain admin? In-Reply-To: <366F3FC6.7274346C@ee.duke.edu> References: Message-ID: <3.0.3.32.19981210144036.0074e330@bioserve.biochem.latrobe.edu.au> At 02:27 PM 10/12/1998 +1100, John Burchett wrote: >Sorry about the vcard's... so where IS the new updated CVS directory? I can't seem >to find it in any of the FTP sites or the CVS instruction page! > Better to allow cvs to find it : cvs -d:pserver:cvs@samba.anu.edu.au:/cvsroot login passwd = cvs cvs -d:pserver:cvs@samba.anu.edu.au:/cvsroot co samba I do this in /usr/local/src, better to clean out the samba dir first if you have been getting copies from other way... Hey, great ! No Vcard ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mhaigh at village.vut.edu.au Thu Dec 10 03:47:24 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:50 2003 Subject: trust accounts Message-ID: <366F444C.F326B021@village.vut.edu.au> Damn - it. Tried to send my vcard again. Here's the contents of my last message. --- Hmmm - obviously I've missed something somewhere along the line. Using today's CVS source, trying to log in from an NT machine I get a lot of lines in the logs saying trust account MACHINE_NAME$ should be in DOMAIN_GROUP_RID_USERS Any ideas what I've done wrong??? Mick From johnb at ee.duke.edu Thu Dec 10 04:09:37 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:50 2003 Subject: trust accounts References: <366F444C.F326B021@village.vut.edu.au> Message-ID: <366F4981.18BFE032@ee.duke.edu> Mick, someone else wrote with this one... look for the message 'Log messages'., or here's the hint - put the special 'machine' account in the group 'users'. That's where NT expects it to be... w/o the quotes (duh) lol -john burchett Mick Haigh wrote: > Damn - it. Tried to send my vcard again. Here's the contents of my > last message. > > --- > > Hmmm - obviously I've missed something somewhere along the line. > > Using today's CVS source, trying to log in from an NT machine I get a > lot of lines in the logs saying > > trust account MACHINE_NAME$ should be in DOMAIN_GROUP_RID_USERS > > Any ideas what I've done wrong??? > > Mick From eric at technocraft.com Thu Dec 10 04:28:24 1998 From: eric at technocraft.com (Eric Mason) Date: Tue Dec 2 02:24:50 2003 Subject: Win98 Problem Message-ID: <366F4DE7.4E66D9B4@technocraft.com> Hello all, I am running the latest CVS version of samba with the samba box as PDC, and it works great with my NT workstation -- logs in, roaming profiles, password changes work again (woohoo!), and everything's great -- but the Windows 98 box won't do anything but log in. Once I log on to the domain I can't talk to either the Samba PDC or the NT workstation. It's probably something stupid on my part, but it's really weird. I'd appreciate any ideas you can offer. Eric From eric at technocraft.com Thu Dec 10 04:38:28 1998 From: eric at technocraft.com (Eric Mason) Date: Tue Dec 2 02:24:50 2003 Subject: Win98 Problem Message-ID: <366F5044.4C75876B@technocraft.com> Correction to last message: The 98 box can talk to the samba pdc, but it can't talk to the nt workstation, which is a member of the domain. Says "A device is not functioning" when I double click on the nt machine in network neighborhood. Eric From johnb at ee.duke.edu Thu Dec 10 04:48:17 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:50 2003 Subject: How do you make a domain admin? References: Message-ID: <366F5291.53A0C474@ee.duke.edu> Luke, I now have Admin access. Thanx a ton, and I'm using the latest source code now. However, now when I click in the User Manager to get profile information, the machine sits for about 1 minute then says RPC call failed. Is profile viewing implemented in samba yet? still trying this one out... -john From johnb at ee.duke.edu Thu Dec 10 05:01:33 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:50 2003 Subject: Profile retrieval Message-ID: <366F55AC.9527D8B1@ee.duke.edu> Luke, I got some logs for you so you can see what I get when I try to view profiles. Some reason, in the logs it looks like one big loop, with the centerpiece line being: [1998/12/09 23:54:56, 10] groupdb/groupdb.c:user_is_member(202) searching for user johnb: not found I have admin privileges now (cause it says RPC failed , not 'access denied') so that's not the problem, but it appears to be 'searching' for something, and not successful in finding it. I'm guessing it's looking for something in the defined 'profile' directory (i.e. 'logon path'), but that's just my guess. Here's the loop I was speaking of (log level = 100) (note, I'm not sure where the head of this loop is, so some of the entries at the bottom may belong at the top) btw/ 'johnb' is the login profile that I'm trying to view. and like you guessed, root is in the ADM _and_ the wheel groups, so it is both an admin and a domain admin.. don't think there's anything wrong with this, is there? Thanx in advance, -john log: [1998/12/09 23:54:56, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3994100152-1206515041-417666105-512 [1998/12/09 23:54:56, 10] lib/domain_namemap.c:map_unixid(759) map_unixid: enum entry unix group adm 4 nt Domain Admins S-1-5-21-3994100152-1206515041-417666105-512 [1998/12/09 23:54:56, 10] lib/domain_namemap.c:lookupsmbpwnam(884) lookupsmbpwnam: unix user name root [1998/12/09 23:54:56, 10] lib/domain_namemap.c:lookupsmbpwuid(908) lookupsmbpwuid: unix uid 0 [1998/12/09 23:54:56, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3994100152-1206515041-417666105-500 [1998/12/09 23:54:56, 10] lib/domain_namemap.c:map_unixid(759) map_unixid: enum entry unix group root 0 nt Administrator S-1-5-21-3994100152-1206515041-417666105-500 [1998/12/09 23:54:56, 7] lib/domain_namemap.c:map_unixid(764) map_unixid: Mapping unix name root to nt name Administrator type 1 [1998/12/09 23:54:56, 10] groupdb/groupunix.c:getgrpunixpwent(210) line: 'root::1001:Administrator' [1998/12/09 23:54:56, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) group name root members: 1 [1998/12/09 23:54:56, 10] groupdb/groupdb.c:user_is_member(195) searching against user Administrator... [1998/12/09 23:54:56, 10] groupdb/groupdb.c:user_is_member(202) searching for user johnb: not found [1998/12/09 23:54:56, 10] groupdb/groupunix.c:getgrpunixpwent(169) getgrpunixpwent: enum unix group entry root [1998/12/09 23:54:56, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) lookupsmbgrpgid: unix gid 0 [1998/12/09 23:54:56, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3994100152-1206515041-417666105-1042 [1998/12/09 23:54:56, 10] lib/domain_namemap.c:map_unixid(759) map_unixid: enum entry unix group wheel 10 nt Administrators S-1-5-21-3994100152-1206515041-417666105-1042 From Martin.Schmidt at bundessortenamt.de Thu Dec 10 08:16:18 1998 From: Martin.Schmidt at bundessortenamt.de (Martin Schmidt@Bundessortenamt.de) Date: Tue Dec 2 02:24:50 2003 Subject: AW: beta3 on HPUX 9.04 with cc/gcc Message-ID: <01BE241D.BFE6D460.Martin.Schmidt@Bundessortenamt.de> > -----Urspr?ngliche Nachricht----- > Von: Andrew Tridgell [SMTP:tridge@samba.org] > Gesendet am: Mittwoch, 9. Dezember 1998 13:29 > An: Martin.Schmidt@tscherma.hannover.bsa.de > Cc: samba-ntdom@samba.org > Betreff: Re: AW: beta3 on HPUX 9.04 with cc/gcc > > > configure: In function `main': > > configure:2986: `samba_cv_have_setresgid' undeclared (first use this function) > > ahh, this is something that Jeremy has fixed already, but after the > beta3 release. beta3 won't work on any platform that needs setresgid() > (that's only HPUX as far as I know). > > I've put a fixed configure script for beta3 at > ftp://samba.org/pub/tridge/configure > Hallo Thanks for your help! it works fine (both - with gcc and ansi-c) on HPUX 9.04 with the new configure-script! Thanks again. mfg M.Schmidt ---------------------------------------------------------------------- Bundessortenamt Pr?fstelle Eder am Holz 85452 Moosinning Tel.: 08123/2426 eMail1: Martin.Schmidt@bundessortenamt.de eMail2: Martin_Schmidt@t-online.de ---------------------------------------------------------------------- From daniel.nilsson at telia.com Thu Dec 10 07:45:28 1998 From: daniel.nilsson at telia.com (Daniel Nilsson) Date: Tue Dec 2 02:24:50 2003 Subject: smbpasswd problems Message-ID: <366F7C18.A7C5A560@telia.com> Hi I'm trying out the CVS source 981204 but I'm getting some trouble with the encryption. Tested on Debian Linux 2.0 and FreeBSD 2.2.6: ./configure; make ; make install copied exapmles/smb.conf.default to /usr/local/samba/lib and commented out the line with encrypt passwords = yes. ran cat /etc/passwd | mksmbpasswd > /usr/local/samba/private/smbpasswd and changed permission according to encryption.txt. executed as root : omega:/usr/local/samba/bin# ./smbpasswd -D 10 daniel result: New SMB password: (entered a simple passwd) Retype new SMB password: (entered same simple passwd) startfilepwent: opening file /usr/local/samba/private/smbpasswd search by name: daniel startfilepwent: opening file /usr/local/samba/private/smbpasswd getfileline: skipping comment or blank line getfileline: skipping comment or blank line getfileline: skipping comment or blank line getsmbfilepwent: entry invalidated for unix user root pwdb_smb_map_names lookupsmbpwnam: unix user name root lookupsmbpwuid: unix uid 0 initialising map lookupsmbpwuid: unix uid 0 endfilepwent: closed file. pwdb_smb_map_names endfilepwent: closed file. Failed to find entry for user daniel. Failed to change password entry for daniel Same result for ./smbpasswd -D 10 syd The last lines in smbpasswd reads: syd:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Martin Sydstrand,,, daniel:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Daniel Nilsson,,, This used to work perfectly with samba 1.9.18. What am I doing wrong ? I have also tried the smbadduser script but is gives the same result, a smbpasswd file in which that smbpasswd cannot find the specified user. Regards -- Daniel Nilsson (dae@ludd.luth.se) D. Nilsson Elektronik & Data ?gonm?ttsgatan 3 S-421 36 V?stra Fr?lunda, Sweden Tel : +46 (0)31-7099970 Fax : +46 (0)31-7099980 Cellular : +46 (0)70 630 67 35 From daniel at med.up.pt Thu Dec 10 10:43:38 1998 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:24:50 2003 Subject: trust accounts In-Reply-To: <366F444C.F326B021@village.vut.edu.au> Message-ID: On Thu, 10 Dec 1998, Mick Haigh wrote: > Using today's CVS source, trying to log in from an NT machine I get a > lot of lines in the logs saying > > trust account MACHINE_NAME$ should be in DOMAIN_GROUP_RID_USERS > > Any ideas what I've done wrong??? Done wrong? Not reading the previous messages on the list :-) >From Luke's message, some 3 mails ago: in Re: Log messages... >NT systems expect trust accounts to be in the well-known domain group >"users", this is the default. i don't really want to "enforce" it by >"fixing" the group_rid to 0x201 or whatever, but i put that log message >there to remind me that it's still an issue to be resolved. Hope to help, Daniel Fonseca From greg at discreet.com Thu Dec 10 12:35:17 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:50 2003 Subject: Profile retrieval In-Reply-To: <366F55AC.9527D8B1@ee.duke.edu> Message-ID: Ah this looks familiar, I'm going to try and get this one today, I'll think about the caching problem later. Greg On 10-Dec-98 John Burchett wrote: > Luke, > > I got some logs for you so you can see what I get when I try to view > profiles. Some reason, in the logs it looks like one big loop, with the > centerpiece line being: > [1998/12/09 23:54:56, 10] groupdb/groupdb.c:user_is_member(202) > searching for user johnb: not found > > I have admin privileges now (cause it says RPC failed , not 'access > denied') so that's not the problem, but it appears to be 'searching' for > something, and not successful in finding it. I'm guessing it's looking > for something in the defined 'profile' directory (i.e. 'logon path'), > but that's just my guess. Here's the loop I was speaking of (log level = > 100) (note, I'm not sure where the head of this loop is, so some of the > entries at the bottom may belong at the top) > > btw/ 'johnb' is the login profile that I'm trying to view. and like you > guessed, root is in the ADM _and_ the wheel groups, so it is both an > admin and a domain admin.. don't think there's anything wrong with this, > is there? > > Thanx in advance, > -john > > log: > > [1998/12/09 23:54:56, 7] lib/util_sid.c:sid_to_string(50) > sid_to_string returning S-1-5-21-3994100152-1206515041-417666105-512 > [1998/12/09 23:54:56, 10] lib/domain_namemap.c:map_unixid(759) > map_unixid: enum entry unix group adm 4 nt Domain Admins > S-1-5-21-3994100152-1206515041-417666105-512 > [1998/12/09 23:54:56, 10] lib/domain_namemap.c:lookupsmbpwnam(884) > lookupsmbpwnam: unix user name root > [1998/12/09 23:54:56, 10] lib/domain_namemap.c:lookupsmbpwuid(908) > lookupsmbpwuid: unix uid 0 > [1998/12/09 23:54:56, 7] lib/util_sid.c:sid_to_string(50) > sid_to_string returning S-1-5-21-3994100152-1206515041-417666105-500 > [1998/12/09 23:54:56, 10] lib/domain_namemap.c:map_unixid(759) > map_unixid: enum entry unix group root 0 nt Administrator > S-1-5-21-3994100152-1206515041-417666105-500 > [1998/12/09 23:54:56, 7] lib/domain_namemap.c:map_unixid(764) > map_unixid: Mapping unix name root to nt name Administrator type 1 > [1998/12/09 23:54:56, 10] groupdb/groupunix.c:getgrpunixpwent(210) > line: 'root::1001:Administrator' > [1998/12/09 23:54:56, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) > > group name root members: 1 > [1998/12/09 23:54:56, 10] groupdb/groupdb.c:user_is_member(195) > searching against user Administrator... > [1998/12/09 23:54:56, 10] groupdb/groupdb.c:user_is_member(202) > searching for user johnb: not found > [1998/12/09 23:54:56, 10] groupdb/groupunix.c:getgrpunixpwent(169) > getgrpunixpwent: enum unix group entry root > [1998/12/09 23:54:56, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) > lookupsmbgrpgid: unix gid 0 > [1998/12/09 23:54:56, 7] lib/util_sid.c:sid_to_string(50) > sid_to_string returning S-1-5-21-3994100152-1206515041-417666105-1042 > [1998/12/09 23:54:56, 10] lib/domain_namemap.c:map_unixid(759) > map_unixid: enum entry unix group wheel 10 nt Administrators > S-1-5-21-3994100152-1206515041-417666105-1042 > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From mhaigh at village.vut.edu.au Thu Dec 10 13:23:47 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:50 2003 Subject: DOMAIN.MACHINE.mac Message-ID: <366FCB63.D149E944@village.vut.edu.au> Ok - I know someone else has asked this before - but what on earth is the format of the file DOMAIN.MACHINE.mac????? I gather it contains the trust account password for a machine, but how does one create it? This doesn't _seem_ to be documented anywhere. From cartegw at Eng.Auburn.EDU Thu Dec 10 15:49:16 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:50 2003 Subject: DOMAIN.MACHINE.mac References: <366FCB63.D149E944@village.vut.edu.au> Message-ID: <366FED7C.4BFD9F1@eng.auburn.edu> Mick Haigh wrote: > > Ok - I know someone else has asked this before - but what on earth is > the format of the file DOMAIN.MACHINE.mac????? > > I gather it contains the trust account password for a machine, but how > does one create it? This doesn't _seem_ to be documented anywhere. The file gets created when your samba box joins a domain. See the Samba NTDOM FAQ, Q6.1. The file format is simply the ASCII printout of the NT machione password hash if I remember correctly. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Thu Dec 10 17:16:11 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: How do you make a domain admin? In-Reply-To: <366F3FC6.7274346C@ee.duke.edu> Message-ID: On Thu, 10 Dec 1998, John Burchett wrote: > Sorry about the vcard's... no problem. hey, where did it go???!!!! cool! > so where IS the new updated CVS directory? I can't seem > to find it in any of the FTP sites or the CVS instruction page! only samba-2.0.0beta series is on ftp. the cvs instructions haven't changed because there's no need for them to. you only need two tags: no tag at all (to get samba-2.1prealpha) or SAMBA_2_0_0 (to get samba-2.0.0beta3). or SAMBA_1_9_18 to get samba-1.9.18p10 or SAMBA_1_9_17 to get samba-1.9.17p8 (was that the last one?) etc. From lkcl at switchboard.net Thu Dec 10 17:19:41 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: Win98 Problem In-Reply-To: <366F5044.4C75876B@technocraft.com> Message-ID: On Thu, 10 Dec 1998, Eric Mason wrote: > Correction to last message: The 98 box can talk to the samba pdc, but > it can't talk to the nt workstation, which is a member of the domain. really??? that's a new one. can you send me a "NetMonitor" trace, or failing that use tcpdump and then run capconvert on it or print the tcpdump output to a text file (what am i getting myself into, here, i _hate_ win98). > Says "A device is not functioning" when I double click on the nt machine > in network neighborhood. > > Eric > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Thu Dec 10 17:21:33 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: How do you make a domain admin? In-Reply-To: <366F5291.53A0C474@ee.duke.edu> Message-ID: On Thu, 10 Dec 1998, John Burchett wrote: > Luke, > > I now have Admin access. Thanx a ton, and I'm using the latest source > code now. hooray. > However, now when I click in the User Manager to get profile > information, the machine sits for about 1 minute then says RPC call > failed. Is profile viewing implemented in samba yet? yes. oh dear this is probably the order-n-cubed algoritms hitting you, or the getgrent() infinite loop. can you check log files at level 20 or so? From lkcl at switchboard.net Thu Dec 10 17:23:13 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: Profile retrieval In-Reply-To: <366F55AC.9527D8B1@ee.duke.edu> Message-ID: ok, how many users do you have, and how many groups? From johnb at ee.duke.edu Thu Dec 10 17:59:52 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:50 2003 Subject: update References: Message-ID: <36700C18.54CCD6CA@ee.duke.edu> luke, I looked over the logs, and I think it may be this infinite loop, cause when I double click in the USRMGR to get a profile, samba starts takinging up like 100MB of memory and all the cpu time it can get. I can always just kill it and restart it, and it's back to normal (don't even have to log out of the NT client) As I think I mailed you earlier, I identified a loop that is repeated about 20 or so times... (probably infinite with more log-file space). I looked through the code of the groupdb.c file where the loops is coming from, and it is in user_is_member routine. It goes 'Searching against Administrator', then finishes looking through that group. Then it goes on to two other groups (only ones I have mapped) but DOESN'T do anything else. then it just repeats the whole thing over and over. I don't still have the logs, I think they're in a previous message, but I bet it's the same problem greg was having w/an infinite loop. Since it at least searches for 'Administrator' I tried looking at the profile for administrator, and user_is_member reported that it had been found, but the loop went on anyway! dunno exactly what's wrong here, other than some kind of runaway loop. TTFN (ta ta for now, for those uneducated illiterates out there, lol) -john oh, and btw, Server manager crashes right when I start it up in the domain of interest. Doesn't give any data at all, just dies. Luke Kenneth Casson Leighton wrote: > On Thu, 10 Dec 1998, John Burchett wrote: > > > Luke, > > > > I now have Admin access. Thanx a ton, and I'm using the latest source > > code now. > > hooray. > > > However, now when I click in the User Manager to get profile > > information, the machine sits for about 1 minute then says RPC call > > failed. Is profile viewing implemented in samba yet? > > yes. oh dear this is probably the order-n-cubed algoritms hitting you, or > the getgrent() infinite loop. can you check log files at level 20 or so? From johnb at ee.duke.edu Thu Dec 10 18:01:49 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:50 2003 Subject: Profile retrieval References: Message-ID: <36700C8D.BA292025@ee.duke.edu> - I have only 2,3 users - johnb (me), joe (a temp), and root/Administrator. Groups of interest are only root and 'grad' (my group and joe's too) Luke Kenneth Casson Leighton wrote: > ok, how many users do you have, and how many groups? From lkcl at switchboard.net Thu Dec 10 19:25:52 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: update In-Reply-To: <36700C18.54CCD6CA@ee.duke.edu> Message-ID: On Fri, 11 Dec 1998, John Burchett wrote: > luke, > > I looked over the logs, and I think it may be this infinite loop, cause when kkkthanx, ok got to reduce the nesting levels to zero, that's going to be a pain. From gregr at staff.cs.usyd.edu.au Thu Dec 10 20:14:03 1998 From: gregr at staff.cs.usyd.edu.au (Greg Ryan) Date: Tue Dec 2 02:24:50 2003 Subject: Advice on versions for samba NT Server support Message-ID: <19981210192850Z12617726-477+213@samba.anu.edu.au> I'm just starting to look at samba and NT, having had it happily working serving labs of Windows 95 for some times, and I'd like some initial advice on which samba version to upgrade to. We're looking at setting up one or more NT Server boxes running Citrix Metaframe, and want our Unix users to be able to log in on these NT Servers (running NT Terminal Server) and have the usual resources made available - home directory mounted and printers accessible. We currently run samba-1.9.18p8. Am I right in assuming that I need to set up a samba server sa a Primary Domain Controller? Does samba-2.0.0beta3 have the support for PDC that I need, or do I need to move to a prealpha? Greg Ryan gregr@cs.usyd.edu.au From greg at discreet.com Thu Dec 10 20:58:38 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:50 2003 Subject: Cannot add machine with latest CVS In-Reply-To: Message-ID: Just a quick update on this. I think I've covered the basics. I've gone into dbx in a looping process and put breakpoints on setgrent and getgrent. It never stops at setgrent so I don't think thats the problem . My small test program seems to work ok so I don't think it's the OS... Now I'm really confused. Anyone have any ideas? Greg On 10-Dec-98 Luke Kenneth Casson Leighton wrote: >> > so it's all riddled with awkward horrible stuff and i'm giving serious >> > consideration to cacheing the unix group -> nt rid data using >> > groupdb/aliasfile.c,groupfile.c and builtinfile.c. >> >> I was thinking about this as well, its not like the group database changes >> too >> often. Of course you still need to cycle through it at least once and how >> would >> you know when your cache needs to be flushed in an NIS situation? > > i know, and i'd really like someone else to think about this one and deal > with it. the code to do the cacheing exists, it's all there (i think > aliasfile.c etc hasn't been compiled up for a while, i'll have to fix > that) and it needs "mod / add / delete" added to it to be useful. > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From ken at hudat.com Thu Dec 10 16:42:40 1998 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:24:50 2003 Subject: listing of daemons running on a unix server In-Reply-To: <366EE762.AF74901C@eng.auburn.edu> Message-ID: On Thu, 10 Dec 1998, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > so, the basic impression is that all systems are > > different. would forcing people to reference a list of > > scripts that have "start|stop|restart" and optionally > > "status" be acceptable, taking the cue from redhat? > > I'm not sure this will pan out. Looking down the road, how will > you map the disabled/manual/automatic service properties or > the "run service as this account"? > > I would stay away from service management. At least not > now. Service are totally disrelated from file sharing. > Let Samba do what it does and not attempt to emulate > the **entire** NT operating system. Given that such > {start|stop} scripts already exist, all it takes is an > SSH shell open on the Samba server to manage these. Agreed. This is something that should be handled by the various desktop packages that are out there. Most of the desktop projects out there are focusing on the end user and not general administration. The fOX Project is more geared towards stuff like administration, etc, but it is still very young. It's based on Xclass (win32 looking widgets, etc) and can be found at foxproject.org ... so if you really want to do that kinda programming, then check at that site. Also, I'd like to point out that depending on which OS's you just between, the start/stop scripts can handle any number of different combined things. For example, on SGI's (IRIX) ... all of the network related things are in *1* script called "network" ... Therefore, to start/stop autofs, you'd have to login locally and stop/start the "network" ... The only way to build a tool to properly manage all of this stuff is to have something similar to locales, where each OS has a different way of doing things, and your app knows about each and every one of them. There is however one positive note... Almost all of the scripts reside in a $PATH that has /etc and /init.d/ in it :-) -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From lkcl at switchboard.net Thu Dec 10 21:54:45 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:50 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: > Agreed. This is something that should be handled by the various desktop > packages that are out there. Most of the desktop projects out there are > focusing on the end user and not general administration. The fOX Project > is more geared towards stuff like administration, etc, but it is still > very young. It's based on Xclass (win32 looking widgets, etc) and can be > found at foxproject.org ... so if you really want to do that kinda > programming, then check at that site. personally, i don't, thanks for pointing it. the idea is to provide tools for _them_ to use to administer remote systems, in a command-line tool. and then to provide the capability to "be managed" by rpcclient on a unxix bo, via samba. luke From tridge at samba.org Thu Dec 10 22:29:34 1998 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:24:50 2003 Subject: How do you make a domain admin? In-Reply-To: (message from Luke Kenneth Casson Leighton on Fri, 11 Dec 1998 04:18:35 +1100) References: Message-ID: <19981210222945Z12590964-473+246@samba.anu.edu.au> > only samba-2.0.0beta series is on ftp. not quite true. ftp://ftp.samba.org/pub/samba/cvs_current/ has the latest head branch, unpacked. you can also fetch it with: rsync -avz ftp.samba.org::sambaftp/pub/samba/cvs_current . From ken at hudat.com Thu Dec 10 17:37:57 1998 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:24:50 2003 Subject: listing of daemons running on a unix server Message-ID: On Thu, 10 Dec 1998, Andrew Tridgell wrote: > > I think it would be nice if (maybe this was already what you were thinking > > of) ythe service manager did a lookthrough of the rc.d/init.d, etc > > directories and prebuild a daemon list file, and then let the user tweak any > > entries that need changing on a system-to-system basis. Since *most* > > important services have a nicely-behaved rc.d script, this would reduce the > > user-typing load to a minimum. btw, I use redhat 5.2. > > no, don't do this. > > I think a fair number of sysadmins will be like me and will hate the > idea of a remote NT box being able to control services on my box. I > certainly don't want Samba squirreling through my startup scripts > looking for things to screw up. > > If a admin wants this they can use: > > cd /etc/rc.d/init.d > ls | awk '{print $1" "/etc/rc.d/init.d/$1}' > /etc/services.conf Maybe there should simply be one script assigned specifically to the purpose of remote admin by an NT box... That script can return a list of the services which are available (whatever the admin chooses) and then a procedure for starting/stopping each one. That way, it's very much controled. PS> disregard my last message that included desktop projects... I was thinking of something else when I wrote it. -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From scrappy at hub.org Fri Dec 11 06:56:54 1998 From: scrappy at hub.org (The Hermit Hacker) Date: Tue Dec 2 02:24:50 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: On Thu, 10 Dec 1998, Luke Kenneth Casson Leighton wrote: > so, the basic impression is that all systems are different. would forcing > people to reference a list of scripts that have "start|stop|restart" and > optionally "status" be acceptable, taking the cue from redhat? > > daemon list file = /usr/local/samba/daemons: > http /etc/rc.d/rc.init/rc.httpd > ... ... > > yes, it would be a pain: i'd have to modify my slackware start-up by > obtaining some scripts from somewhere which accepted "start|stop|restart". Solaris uses 'start|stop' scripts too...always has, as far as I'm aware... Marc G. Fournier Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org From grund at fh-furtwangen.de Fri Dec 11 10:02:12 1998 From: grund at fh-furtwangen.de (Helmut Grund) Date: Tue Dec 2 02:24:50 2003 Subject: =?iso-8859-1?Q?Changing_Passwords_from_NT-Client_with_password_chat_don?= =?iso-8859-1?Q?=B4t_work?= Message-ID: <009801be24ed$554cfaf0$22011c8d@rzpcgrd.zrz.fh-furtwangen.de> Help, what?s wrong in my configuration ? Samba 2.0 runs on a DEC Alpha with UNIX 4.0 for testing as PDC. Here the log and the smb.conf: [1998/12/11 10:28:03, 5] passdb/smbpass.c:(257) getsmbfilepwent: returning passwd entry for user hgrund, uid 11720 [1998/12/11 10:28:03, 10] passdb/passdb.c:(156) found by name: hgrund [1998/12/11 10:28:03, 7] passdb/smbpass.c:(81) endsmbfilepwent: closed password file. [1998/12/11 10:28:03, 100] libsmb/smbencrypt.c:(121) nt_lm_owf_gen: pwd, nt# [1998/12/11 10:28:03, 100] lib/util.c:(2790) [000] 31 D6 CF E0 D1 6A E9 31 B7 3C 59 D7 E0 C0 89 C0 1....j.1 . Message-ID: <000a01be24ec$959def70$02292090@pc001.cs.york.ac.uk> Kendrick Vargas wrote >... > Maybe there should simply be one script assigned specifically to the > purpose of remote admin by an NT box... That script can return a list > of the services which are available (whatever the admin chooses) and then > a procedure for starting/stopping each one. That way, it's very much > controled. Can I add my vote for this as the simplest, transparent, controlable, and machine-independent suggestion I have seen so far... Martin martin@cs.york.ac.uk From grund at fh-furtwangen.de Fri Dec 11 10:40:42 1998 From: grund at fh-furtwangen.de (Helmut Grund) Date: Tue Dec 2 02:24:51 2003 Subject: =?iso-8859-1?Q?Changing_Passwords_from_NT-Client_with_password_chat_don?= =?iso-8859-1?Q?=B4t_work?= Message-ID: <00c701be24f2$b3fbecf0$22011c8d@rzpcgrd.zrz.fh-furtwangen.de> Sorry, the last mail was in wrong format. Help, what?s wrong in my configuration ? Samba 2.0 runs on a DEC Alpha with UNIX 4.0 for testing as PDC. Here the log and the smb.conf: [1998/12/11 10:28:03, 5] passdb/smbpass.c:(257) getsmbfilepwent: returning passwd entry for user hgrund, uid 11720 [1998/12/11 10:28:03, 10] passdb/passdb.c:(156) found by name: hgrund [1998/12/11 10:28:03, 7] passdb/smbpass.c:(81) endsmbfilepwent: closed password file. [1998/12/11 10:28:03, 100] libsmb/smbencrypt.c:(121) nt_lm_owf_gen: pwd, nt# [1998/12/11 10:28:03, 100] lib/util.c:(2790) [000] 31 D6 CF E0 D1 6A E9 31 B7 3C 59 D7 E0 C0 89 C0 1....j.1 . I am trying to get two WFW PC's talking to via Linux/Samba (RedHat 5.2) server Interface. One PC continuously streams binary datafile onto its directory on the server while the other continuously reads it. Information on the size of this file (which can continuously increase up to 3MB) is continuously updated and is stored using a fixed width pointer in the file header. It appears that the second PC can't read this pointer and uses its old value. Therefore it can not read the file beyond its old time mark. Everything works OK when PC's talk directly to each other (peer-to-peer) without the server. I've tried all the usual fixes with oplocks, permissons, etc. in smb.conf but without much success. Is there possibly a way to force an update of the first chunk of data in the cache? Any help is greatly appreciated Sergei Schurov ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail From sms1001 at netscape.net Fri Dec 11 11:07:02 1998 From: sms1001 at netscape.net (Sergei Schurov) Date: Tue Dec 2 02:24:51 2003 Subject: Cacheing Problem Message-ID: <19981211110702.21282.qmail@www0d.netaddress.usa.net> I am trying to get two WFW PC's talking to via Linux/Samba (RedHat 5.2) server Interface. One PC continuously streams binary datafile onto its directory on the server while the other continuously reads it. Information on the size of this file (which can continuously increase up to 3MB) is continuously updated and is stored using a fixed width pointer in the file header. It appears that the second PC can't read this pointer and uses its old value. Therefore it can not read the file beyond its old time mark. Everything works OK when PC's talk directly to each other (peer-to-peer) without the server. I've tried all the usual fixes with oplocks, permissons, etc. in smb.conf but without much success. Is there possibly a way to force an update of the first chunk of data in the cache? Any help is greatly appreciated Sergei Schurov Sorry to post this twice, as I forgot to put the subject header first time ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail From Nick.Holloway at parallax.co.uk Fri Dec 11 11:36:52 1998 From: Nick.Holloway at parallax.co.uk (Nick Holloway) Date: Tue Dec 2 02:24:51 2003 Subject: restrict anonymous patch against 2beta2 In-Reply-To: <19981202190949.10304.cpmta@fillmore.criticalpath.net> Message-ID: <3.0.5.32.19981211113652.0097a610@exchange.parallax.co.uk> At 11:09 02/12/98 -0800, thwartedefforts@wonky.org wrote: >This patch adds a 'restrict anonymous' parameter to samba which >forces samba to deny anonymous connections from clients. >[...] >This has two effects: > - The %U and %G macro expansions will work in a predictable manner, > because a username is always needed. This gets rid of cases > where the client refreshes the share listing and shares "disappear". I would just like to report that this seems to solve the problem we are having with shares disappearing (see PR#11506). As well as NT, we have also tried access from a Windows '98 client, and that was fine (it did trigger the warning about browsing in a Win95 environment -- perhaps the log level of that could be reduced). This is something I would _really_ like to see in Samba 2.0.0. This has been a problem for quite a while, and was mentioned periodically in comp.protocols.smb by others. It is getting worse here, as more machines move to NT from Windows '95. Although it does have known problems when acting as a PDC, this isn't a particular problem with our environment, and the setting defaults to off. It also has a known workaround, which the problem with NT connecting anonymously currently doesn't. -- `O O' | Nick.Holloway@parallax.co.uk // ^ \\ | Nick.Holloway@alfie.demon.co.uk http://www.alfie.demon.co.uk/ From dave at www.buffalostate.edu Fri Dec 11 15:20:45 1998 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:24:51 2003 Subject: your mail In-Reply-To: <19981211105815.26042.qmail@www0l.netaddress.usa.net> Message-ID: > I am trying to get two WFW PC's talking to via Linux/Samba (RedHat 5.2) server > Interface. One PC continuously streams binary datafile onto its directory on > the server while the other continuously reads it. Information on the size of > this file (which can continuously increase up to 3MB) is continuously updated > and is stored using a fixed width pointer in the file header. > It appears that the second PC can't read this pointer and uses its old value. > Therefore it can not read the file beyond its old time mark. > > Everything works OK when PC's talk directly to each other (peer-to-peer) > without the server. I've tried all the usual fixes with oplocks, permissons, > etc. in smb.conf but without much success. > > Is there possibly a way to force an update of the first chunk of data in the > cache? you might wanna fiddle with "read raw, and write raw", along with turning oplocks on (real oplocks, not the fake ones). the main problem i can imagine is filesystem caching, where the writes from the "feeder" computer aren't completed right away, while the other trys to read.. the solution is to turn on "strict sync" but that is likely to give you a severe performance hit. see the smb.conf man page for details.. dave From jason at datrix.co.za Fri Dec 11 15:43:07 1998 From: jason at datrix.co.za (Jason Armstrong) Date: Tue Dec 2 02:24:51 2003 Subject: NT Share browsing Message-ID: I don't know if this is a known problem with the latest CVS code ... I joined a Samba PDC domain ok with my Windows NT machine. However, I can't browse the shares on the machine in the Network Neighbourhood, I get 'An unexpected network error occurred', and then after trying again: 'No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.' Also, another thing I noticed are that every time I login I get asked if I want to change my password. The Domain Admins stuff is starting to work for me though, really cool! Jason From agavnian at cegelec-red.fr Fri Dec 11 16:38:37 1998 From: agavnian at cegelec-red.fr (Maurice Agavnian) Date: Tue Dec 2 02:24:51 2003 Subject: NT Share browsing References: Message-ID: <36714A8D.10B8C135@cegelec-red.fr> I use samba 2.0 beta 3 and have a similar pb. The message is '\\server is not accessible'. I have a lot of shares (~70) on my samba server. If try to decrease to 50 shares, then after restarting the smbd daemon, I can browse them. It's a bug ? Don't know... Maurice. Jason Armstrong wrote: > > I don't know if this is a known problem with the latest CVS code > .. I joined a Samba PDC domain ok with my Windows NT machine. > However, I can't browse the shares on the machine in the Network > Neighbourhood, I get 'An unexpected network error occurred', and > then after trying again: 'No more connections can be made to this > remote computer at this time because there are already as many > connections as the computer can accept.' > > Also, another thing I noticed are that every time I login I > get asked if I want to change my password. > > The Domain Admins stuff is starting to work for me though, really > cool! > > Jason From lkcl at switchboard.net Fri Dec 11 18:08:21 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups Message-ID: sorry for the duplication (again). just noticed something, and its significance. a users' primary group can only be a domain group. it _cannot_ be set to an alias (e.g Administrators, Account Operators etc). could those people having "recursion" and 100% cpu usage difficulties please check that all their users' primary groups are not in a unix group that maps, using an entry in "local group map", to an alias? From johnb at ee.duke.edu Fri Dec 11 18:29:23 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups Message-ID: <36716483.7EC2BCBA@ee.duke.edu> Luke, I'm not exactly sure what you mean... here are my domain, local maps. Can you tell me if I have this problem? DSL = my samba domain Domain Group Map adm DSL\"Domain Admins" users DSL\"Domain Users" Domain User Map root=Administrator Local Group Map wheel=Administrators nobody=Guests lp="Print Operators" sys="System Operators" uucp="Replicator" disk="Backup Operators" daemon="Power Users" bin="Account Operators" Note, I just did all this local group mapping for fun... the only one I *really* need is the wheel mapping. my samba user map is: root = Administrator I am mostly logging in as 'Administrator' to do my profile checking, though the user 'johnb' (me) is in the adm group too. Suggestions? -john From aandras at rutcor.rutgers.edu Fri Dec 11 18:29:37 1998 From: aandras at rutcor.rutgers.edu (Andras Andras) Date: Tue Dec 2 02:24:51 2003 Subject: subscribe Message-ID: <36716491.517E@rutcor.rutgers.edu> -- Andras Gy. Andras ----------------- RUTCOR, Rutgers Center for Operations Research Rutgers University, The State University of New Jersey 640 Bartholomew Road, Piscataway, NJ 08854-8003 HomePage: http://rutcor.rutgers.edu/~aandras/ e-mail: mailto:aandras@rutcor.rutgers.edu From lkcl at switchboard.net Fri Dec 11 18:37:09 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: <36716483.7EC2BCBA@ee.duke.edu> Message-ID: On Fri, 11 Dec 1998, John Burchett wrote: > Luke, > > I'm not exactly sure what you mean... here are my domain, local maps. > Can you tell me if I have this problem? not without your /etc/passwd file, _however_......... > Local Group Map > wheel=Administrators > nobody=Guests > lp="Print Operators" > sys="System Operators" > uucp="Replicator" > disk="Backup Operators" > daemon="Power Users" > bin="Account Operators" ... if *any* user has wheel,nobody,lp,sys,uucp,disk,daemon,bin as the primary unix group in /etc/passwd, you *will* have problems with that user. From johnb at ee.duke.edu Fri Dec 11 18:50:34 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups References: Message-ID: <3671697A.855D5DB7@ee.duke.edu> luke, my etc/passwd file is simple, and the user I'm using the most (Administrator) and my other one (johnb) have 'root' and 'grad' as their primary groups, so no problems there. I do use NIS though, so maybe that's it? Still infinite looping! Also, something of interest. In the minute after I double click on a profile to get it's properties, the NT machine sits with an hourglass. Meanwhile, my samba server burns ~99% cpu, but little memory is used (i.e. notmal amount). However AFTER the NT machine returns 'RPC failed, then (and only at that point) samba grabs like 80MB of memory. Also an interesting point, SMBD runs 2 or 3 copies of itself. curiously, only one of these hogs the cpu and memory. when I kill that one, the others stay, but my cpu and memory are back to normal. 3rd point, when I use User Manager, it first comes up with the message 'A device attached to this system is not functioning' 'Would you like to select another domain...?'. I click Yes, and then type in my domain name, and it works as it should. dunno, just an annoyance bug. Final problem, some reason it STILL tells me trust account phb$ should be in DOMAIN_GROUP_RID_USERS What should my mapping be and in which (domain or local) to get this to work? I have tried saying users=Users users=DSL\Users (dsl is my domain) also, I have a unix group 'users' and phb$ is in it. Is there any requirement on what the GID of this group should be? Also, what is RID (NT thing?) and what's the deal here? thanx a ton, -john where phb (pointy-haired boss, lol) is the nt machine that is my client. Luke Kenneth Casson Leighton wrote: > On Fri, 11 Dec 1998, John Burchett wrote: > > > Luke, > > > > I'm not exactly sure what you mean... here are my domain, local maps. > > Can you tell me if I have this problem? > > not without your /etc/passwd file, _however_......... > > > Local Group Map > > wheel=Administrators > > nobody=Guests > > lp="Print Operators" > > sys="System Operators" > > uucp="Replicator" > > disk="Backup Operators" > > daemon="Power Users" > > bin="Account Operators" > > ... if *any* user has wheel,nobody,lp,sys,uucp,disk,daemon,bin as the > primary unix group in /etc/passwd, you *will* have problems with that > user. From hulet at ittc.ukans.edu Fri Dec 11 18:56:13 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: Message-ID: Didn't help me but for what it is worth; I took the samba source code I was using on my DEC Alpha 4.0d machine and re-compiled it on a Linux 5.0 machine. Same smb.conf file and map files. Works fine on the Linux box except it says my password has expired. I am even an administrator again. We used gcc 2.8.1 on the Alpha and gcc 2.7.2.3 on the Linux box. Do you need any entry in domain.map, domainuser.map, and local.map or can local.map be empty? If you give me specific entries for each of these files and what the entries should be in my unix group file; I'll try that in case my map files are messed up. On Sat, 12 Dec 1998, Luke Kenneth Casson Leighton wrote: > sorry for the duplication (again). > > just noticed something, and its significance. a users' primary group can > only be a domain group. it _cannot_ be set to an alias (e.g > Administrators, Account Operators etc). > > could those people having "recursion" and 100% cpu usage difficulties > please check that all their users' primary groups are not in a unix group > that maps, using an entry in "local group map", to an alias? > From greg at discreet.com Fri Dec 11 19:11:34 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: Message-ID: don't even have a "local group map". Could that be the problem? Greg On 11-Dec-98 Luke Kenneth Casson Leighton wrote: > sorry for the duplication (again). > > just noticed something, and its significance. a users' primary group can > only be a domain group. it _cannot_ be set to an alias (e.g > Administrators, Account Operators etc). > > could those people having "recursion" and 100% cpu usage difficulties > please check that all their users' primary groups are not in a unix group > that maps, using an entry in "local group map", to an alias? --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Fri Dec 11 19:19:43 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: Message-ID: On Fri, 11 Dec 1998, Greg Dickie wrote: > > don't even have a "local group map". Could that be the problem? > no. no local group map with samba-as-a-pdc you will not see a problem. From lkcl at switchboard.net Fri Dec 11 19:22:00 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: <3671697A.855D5DB7@ee.duke.edu> Message-ID: > little memory is used (i.e. notmal amount). However AFTER the NT machine > returns 'RPC failed, then (and only at that point) samba grabs like > 80MB of memory. argh. > > 3rd point, when I use User Manager, it first comes up with the message 'A > device attached to this system is not functioning' 'Would you like to > select another domain...?'. I click Yes, and then type in my domain name, > and it works as it should. dunno, just an annoyance bug. i know. > Final problem, some reason it STILL tells me > trust account phb$ should be in DOMAIN_GROUP_RID_USERS > > What should my mapping be and in which (domain or local) to get this to > work? I have tried saying > users=Users > users=DSL\Users (dsl is my domain) users="Domain Users" in a domain group map entry. > also, I have a unix group 'users' and phb$ is in it. Is there any > requirement on what the GID of this group should be? Also, what is > RID (NT thing?) and what's the deal here? too much to explain, with r.s.i and all. check the archives, check the web for info on nt-only domain administration, books on nt-only domain admin etc. From johnb at ee.duke.edu Fri Dec 11 19:38:35 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups References: Message-ID: <367174BA.9EC853C8@ee.duke.edu> Would you believe that I just went through a dozen source files and found that out? lol guess I should have done that in the first place... for some odd reason, even after I do this (it was a problem before also) when ever I click on "Domain Admins/Guest/Users" in the user manager it say that the 'group can not be found'. Any ideas? Usually the 'preexisting' NT groups will give this error, but if I map a unix group to them (like Administrators) the error goes away and I can view the group. For some reason the "Domain ..." groups, even though mapped to unix groups, still won't display!? any ideas? -clueless in durham (john) lol somehow, signing this way just sounds cool... anybody agree? hmm, guess I've been reading too much dear abby.. doh > > > also, I have a unix group 'users' and phb$ is in it. Is there any > > requirement on what the GID of this group should be? Also, what is > > RID (NT thing?) and what's the deal here? > > too much to explain, with r.s.i and all. check the archives, check the > web for info on nt-only domain administration, books on nt-only domain > admin etc. From lkcl at switchboard.net Fri Dec 11 19:51:26 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: <367174BA.9EC853C8@ee.duke.edu> Message-ID: On Fri, 11 Dec 1998, John Burchett wrote: > Would you believe that I just went through a dozen source files and found that > out? lol > > guess I should have done that in the first place... for some odd reason, even > after I do this (it was a problem before also) when ever I click on "Domain > Admins/Guest/Users" in the user manager it say that the 'group can not be > found'. Any ideas? do you have an entry mapping it in a "domain group map" entry to a real unix group? if so, and it still doesn't work, then i have a bug to fix. > Usually the 'preexisting' NT groups will give this error, but if I map a unix > group to them (like Administrators) the error goes away and I can view the > group. For some reason the "Domain ..." groups, even though mapped to unix > groups, still won't display!? argh i have a bug to fix. From greg at discreet.com Fri Dec 11 21:19:58 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: Message-ID: Just curious... same config. in terms of /etc/group, NIS, NIS+, LDAP? Greg On 11-Dec-98 Michael S. Hulet wrote: > Didn't help me but for what it is worth; I took the samba source code I > was using on my DEC Alpha 4.0d machine and re-compiled it on a Linux 5.0 > machine. Same smb.conf file and map files. Works fine on the Linux box > except it says my password has expired. I am even an administrator again. > We used gcc 2.8.1 on the Alpha and gcc 2.7.2.3 on the Linux box. Do you > need any entry in domain.map, domainuser.map, and local.map or can > local.map be empty? If you give me specific entries for each of these > files and what the entries should be in my unix group file; I'll try that > in case my map files are messed up. > > > On Sat, 12 Dec 1998, Luke Kenneth Casson Leighton wrote: > >> sorry for the duplication (again). >> >> just noticed something, and its significance. a users' primary group can >> only be a domain group. it _cannot_ be set to an alias (e.g >> Administrators, Account Operators etc). >> >> could those people having "recursion" and 100% cpu usage difficulties >> please check that all their users' primary groups are not in a unix group >> that maps, using an entry in "local group map", to an alias? >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From hulet at ittc.ukans.edu Fri Dec 11 21:45:13 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:51 2003 Subject: alert: primary groups must be domain groups In-Reply-To: Message-ID: Same smb.conf, domain.map, domainuser.map, local.map, /etc/passwd, /etc/group, smbpasswd. The only thing that changed was the compiler (gcc 2.8.1 to gcc 2.7.2.3) and the platform (DEC Alpha 4.0d to Linux 5.0). Then my runaway smbd didn't occur and I was able to log in. On Fri, 11 Dec 1998, Greg Dickie wrote: > > Just curious... > > same config. in terms of /etc/group, NIS, NIS+, LDAP? > > Greg > > > On 11-Dec-98 Michael S. Hulet wrote: > > Didn't help me but for what it is worth; I took the samba source code I > > was using on my DEC Alpha 4.0d machine and re-compiled it on a Linux 5.0 > > machine. Same smb.conf file and map files. Works fine on the Linux box > > except it says my password has expired. I am even an administrator again. > > We used gcc 2.8.1 on the Alpha and gcc 2.7.2.3 on the Linux box. Do you > > need any entry in domain.map, domainuser.map, and local.map or can > > local.map be empty? If you give me specific entries for each of these > > files and what the entries should be in my unix group file; I'll try that > > in case my map files are messed up. > > > > > > On Sat, 12 Dec 1998, Luke Kenneth Casson Leighton wrote: > > > >> sorry for the duplication (again). > >> > >> just noticed something, and its significance. a users' primary group can > >> only be a domain group. it _cannot_ be set to an alias (e.g > >> Administrators, Account Operators etc). > >> > >> could those people having "recursion" and 100% cpu usage difficulties > >> please check that all their users' primary groups are not in a unix group > >> that maps, using an entry in "local group map", to an alias? > >> > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > From mhaigh at village.vut.edu.au Fri Dec 11 22:20:43 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:51 2003 Subject: error Message-ID: <36719ABA.354DC758@village.vut.edu.au> Using the last couple of versions of CVS code (or trying to) - I get a lot of [1998/12/12 08:44:52, 0] smbd/uid.c:become_root(366) ERROR: become root depth is non zero in the logs when I try to log on from an NT box. Any ideas?? Also - I'm still getting the warnings about trust accounts being a member of DOMAIN_GROUP_RID_USERS, despite the fact that I have all my machine accounts in the _Unix_ group 'users', and that I have a line saying 'users="Domain Users"' in my domain group map file (as per Luke's post). Obviously I'm doing something silly - I just have no idea what :( Thanks. Mick -------------- next part -------------- A non-text attachment was scrubbed... Name: mhaigh.vcf Type: text/x-vcard Size: 279 bytes Desc: Card for Mick Haigh Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981212/5025417b/mhaigh.vcf From johnb at ee.duke.edu Fri Dec 11 23:17:33 1998 From: johnb at ee.duke.edu (John Burchett) Date: Tue Dec 2 02:24:51 2003 Subject: RID mapping Message-ID: <3671A80C.1F3C46DA@ee.duke.edu> Luke, I think I've discovered somewhat the problem that I'm having. My 'trust' account (phb$) has a UID of 32770, and I think this is the idea... (32770 * 4) + 1000 + 1 = the number that samba decides it's UID should be. I think this needs to be mapped to 0x201 by 'smb group file'. I saw it in your code and tried compiling it in but no go. I guess this is work in progress? I haven't cvs'd recently, so I'll do that now. Crux of the issue: Is the warning message "phb$ should be in ... DOMAIN_GROUP_RID_USERS" fatal? Will that lock me off from viewing profiles, etc. or (important) cause me to get the message RPC call failed? I looked around at the infinite loop that's happening,, good luck,... can't tell much but that it bogs down lookin through the list somehow. I think this looks suspicious... [1998/12/11 18:15:38, 10] groupdb/groupdb.c:add_domain_group(175) adding group root() [1998/12/11 18:15:38, 10] groupdb/groupunix.c:getgrpunixpwent(169) getgrpunixpwent: enum unix group entry root [1998/12/11 18:15:38, 10] lib/domain_namemap.c:lookupsmbgrpgid(1143) It happens in the loop and looks like maybe it is adding a newfound group, then searching, then adding then searching.... etc. Is it searching the list it just added too? dunno.. can't hurt, might help, you get the idea. good luck, -john From svedja at lysator.liu.se Sat Dec 12 01:21:41 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:51 2003 Subject: Configure-diff to check for bind library Message-ID: Copy of this mail already sent to samba-bugs ----- Hi. Got annoyed by configure removing the "-lbind" every time. The configure should now check for the __inet_addr inc and if found it will check for the bind-library. If succesfull in both cases (and thus bind is probably needed during link) it will add "-lbind" to LIBS variable. If it fail on any of the two tests it will retain the old behaviour and additionaly emit a warning if the symbol is found but not the library. The only real question is if the EGREP regular expression is narrow enough to accuratly tell if the include-file is bind's include file. I leave that up to you to deceide :-) But it works on my machine and I tested all pathological cases I could imagine at this time after midnight... The diff is against Beta-3 but should work on the later CVS releases also if hand-patched. Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] -------------- next part -------------- --- configure.in.orig Fri Dec 11 23:37:04 1998 +++ configure.in Sat Dec 12 01:59:15 1998 @@ -1079,6 +1079,16 @@ ) ################################################# +# check if we need to link the Bind library +AC_MSG_CHECKING(check if we need to link the Bind library) +AC_EGREP_HEADER(__inet_addr,arpa/inet.h, + AC_MSG_RESULT(yes) + AC_CHECK_LIB(bind,__inet_addr, + [LIBS="$LIBS -lbind"], + AC_MSG_WARN([Bind library probably needed but not found !])), + AC_MSG_RESULT(no)) + +################################################# # these tests are taken from the GNU fileutils package AC_CHECKING(how to get filesystem space usage) space=no From mhaigh at village.vut.edu.au Sat Dec 12 04:36:41 1998 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:51 2003 Subject: error Message-ID: <3671F2D9.B5F4C1F1@village.vut.edu.au> Arrrrggghh. I again I forgot the vcard :( -- Using the last couple of versions of CVS code (or trying to) - I get a lot of [1998/12/12 08:44:52, 0] smbd/uid.c:become_root(366) ERROR: become root depth is non zero in the logs when I try to log on from an NT box. Any ideas?? Also - I'm still getting the warnings about trust accounts being a member of DOMAIN_GROUP_RID_USERS, despite the fact that I have all my machine accounts in the _Unix_ group 'users', and that I have a line saying 'users="Domain Users"' in my domain group map file (as per Luke's post). Obviously I'm doing something silly - I just have no idea what :( Thanks. Mick From ruch at wanadoo.fr Sat Dec 12 10:45:20 1998 From: ruch at wanadoo.fr (Didier Ruch) Date: Tue Dec 2 02:24:51 2003 Subject: listing of daemons running on a unix server Message-ID: <003f01be25bc$843e3020$989afcc1@veroelod> >Kendrick Vargas wrote >>... >> Maybe there should simply be one script assigned specifically to the >> purpose of remote admin by an NT box... That script can return a list >> of the services which are available (whatever the admin chooses) and then >> a procedure for starting/stopping each one. That way, it's very much >> controled. > >Can I add my vote for this as the simplest, transparent, controlable, and >machine-independent suggestion I have seen so far... > >Martin Me too, Didier From lkcl at switchboard.net Mon Dec 14 17:40:44 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: error In-Reply-To: <3671F2D9.B5F4C1F1@village.vut.edu.au> Message-ID: don't worry about these for now, they're not fatal. > Using the last couple of versions of CVS code (or trying to) - I get a > lot of > > [1998/12/12 08:44:52, 0] smbd/uid.c:become_root(366) > ERROR: become root depth is non zero > > in the logs when I try to log on from an NT box. Any ideas?? > > Also - I'm still getting the warnings about trust accounts being a > member of DOMAIN_GROUP_RID_USERS, despite the fact that I have all my > machine accounts in the _Unix_ group 'users', and that I have a line > saying 'users="Domain Users"' in my domain group map file (as per Luke's > > post). Obviously I'm doing something silly - I just have no idea what > :( > > Thanks. > Mick > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From admin at ncds.com Mon Dec 14 22:10:25 1998 From: admin at ncds.com (Eric P. Miller) Date: Tue Dec 2 02:24:51 2003 Subject: subscribe Message-ID: <36758CD1.2C3EE1A3@ncds.com> subscribe From jallison at cthulhu.engr.sgi.com Tue Dec 15 01:53:51 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:51 2003 Subject: Samba 2.0.0beta4 released. Message-ID: <3675C12F.50DC6793@engr.sgi.com> The Samba Team are pleased to announce Samba 2.0 Beta4 This is the fourth of (hopefully) a short series of Beta releases of the 2.0 code and incorporates bug fixes and changes from feedback gained from the earlier betas. Show-stopper bugs notwithstanding, this is expected to be the last beta release before the official ship of the stable Samba 2.0 release, so it is very important for people to send feedback and patches for configuring and building Samba 2.0 on unusual platforms. We are relasing these Betas to enable the Samba Team to gain wider testing of the new autoconf mechanism and fix any bugs before the first ship of the new stable version of Samba - Samba 2.0. Samba 2.0 Beta4 is available in source form from samba.org and all of our mirror sites. Please go to your nearest mirror site from samba.org and click on the link under the "Samba News" announcement to download this code. Please try this code and give us feedback. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org The WHATSNEW.txt file follows. As always, any bugs are our responsibility, Regards, The Samba Team. ----------------------------------------------------------- Issues fixed between Beta3 and Beta4 ------------------------------------ 1). More sanity checks in testparm code to help diagnose smb.conf problems. 2). Ensure log header not written before log rotated. 3). Fix getrlimit number of file descriptors problem with AIX. AIX supports the call but always returns infinity. This was causing smbd to try and allocate a large amount of memory. 4). Fixed name lookup in lmhosts to match the documentation for name type lookup. 5). Removed need to link password database code into nmbd. 6). Stop nmbd sending broadcast name refresh requests, use permanent TTL on broadcast interfaces. 7). Flag "PRINTER" and "SHARE" parameters so SWAT can display them correctly. 8). Fix SWAT so that it can display auto-generated printer list. 9). Added AFS and DCE auth includes back. 10). Added workaround to Windows NT redirector bug where it sends 64 bit lock requests to systems that don't support 64 bit offsets (eg. Linux). 11). Fixed name mangling cache bug. 12). Fix smbpasswd bug where a missmatched password could be mis-interpreted when adding a user. 13). Updates to SWAT to display "commit" button if user has write access to smb.conf. 14). Fixed to autoconf for HPUX systems to work around broken HPUX shadow.h include file. ----------------------------------------------------------- Issues fixed between Beta2 and Beta3 ------------------------------------ 1). New parameters added : "add user script" "delete user script" Designed to allow Samba servers to be set up with no UNIX users and to allow them to create the needed UNIX users on the fly. See the smb.conf documentation for more details. 2). Autoconf issues including fixes for large file support for Solaris and SINIX, and stat64 tests on SVR4 systems. 3). Code dealing with dos pathnames and native pathnames split to be explicit about when Samba is accessing which type of name. 4). Fix for missing PRINTCAP define under HPUX. 5). Added Samba specific strtoul(). 6). Fix for reverse filename mapping with ISO8859-5 filenames. 7). Fix for nmbd not starting correctly sometimes due to pid locking file. 8). Check for error returns in file descriptor limit checking code. 9). Kernel oplock code bugfix. 10). Restored client retarget code. 11). Fix for potential stack overflow in Digital UNIX crypt check. 12). Explicitly test for negative uids in smbpasswd file. 13). Fix for NT username in Domain logon code. 14). Patch from Scott Moomaw to correctly return "Invalid Info level" to Win95 printer clients. 15). Fix to allow NT printer clients to add printers (as 1.9.18 code would allow). 16). Fix to prevent ".." being used in servicename. 17). New SWAT icons. ----------------------------------------------------------- Issues fixed between Beta1 and Beta2 ------------------------------------ 1). Many autoconf issues (too many to list here). 2). Correctly set default printing for AIX. 3). Attempt to fix struct rtentry not being defined problem. 4). Convert all open() style calls to wrappers for 64 bit systems. 5). Get more 'const' correct. 6). Fix bug with O_EXCL not being set on exlusive open requests. 7). Fix string_sub() problem with LinPopup. 8). Fix lmhosts bug causing only 3 character names to be looked up. 9). Fixed bug with NetBIOS pointers in scope names. 10). Removed code that was preventing NT3.51 PDC logons from working. 11). Fixed crash bug when processing DELETE_ON_CLOSE directive from MS Office. 12). Fixed NT4.x problems adding printer. 13). Stop multiple logs of NT ACL's not supported messages. 14). Changed 'security=server' mode to use *SMBSERVER name if initial connect refused. 15). Fixed NT4.x problem with modify times not being preserved on explorer file copy. 16). 'Silent' switch for testparm. 17). Added 'hosts allow/deny' checks to SWAT. ----------------------------------------------------------- WHATS NEW IN Samba 2.0.0 beta4 ============================== This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. Major changes in Samba 2.0 -------------------------- There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From David.Billinghurst at riotinto.com.au Tue Dec 15 02:57:45 1998 From: David.Billinghurst at riotinto.com.au (Billinghurst, David (RTD)) Date: Tue Dec 2 02:24:51 2003 Subject: Machines in domain S and users in domain U Message-ID: Our multi-site NT network is set up with * all users in a corporate domain U * all NT workstations/servers in site based resource domains S * each resource domain S trusts the corporate domain U At present I am using samba-1.9.18p10 with * security = server, and * workgroup = S * password server = "PDC and BDC for domain U" This works well. I would like to move domain based security for our samba servers. The NT administrator wants the samba servers to go into the resource domain S (and will not allow them into the corporate domain U). As all the users are in the domain U I was wondering: * Will this work? * Is it a good idea to move to domain based security yet? (Yes. I have read DOMAIN_MEMBER.txt) +++++++++++++++++++++++++++++++++++++++++ (Mr) David Billinghurst Comalco Research Centre PO Box 316, Thomastown, Vic, Australia, 3074 Phone: +61 3 9469 0642 FAX: +61 3 9462 2700 E-mail: David.Billinghurst@riotinto.com.au From greg at discreet.com Tue Dec 15 12:57:36 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:51 2003 Subject: latest cvs does not compile on IRIX 6.2 Message-ID: Hi, CVS tree from this morning: Compiling lib/system.c "lib/system.c", line 283: error(1119): return value type does not match the function type return mmap64(addr, len, prot, flags, fd, offset); ^ 1 error detected in the compilation of "lib/system.c". *** Error code 2 (bu21) here is the man page: NAME mmap, mmap64 - map pages of memory SYNOPSIS #include #include void *mmap(void *addr, size_t len, int prot, int flags, int fd, off_t off); void *mmap64(void *addr, size_t len, int prot, int flags, int fd, off64_t off); DESCRIPTION The functions mmap and mmap64 establish a mapping between a process's address space and a virtual memory object. The format of the call is as follows: pa = mmap(addr, len, prot, flags, fd, off); mmap establishes a mapping between the process's address space at an address pa for len bytes to the memory object represented by the file descriptor fd at offset off for len bytes. The value of pa is an implementation-dependent function of the parameter addr and values of flags, further described below. A successful mmap call returns pa as its result. The address ranges covered by [pa, pa + len) and [off, off + len) must be legitimate for the possible (not necessarily current) address space of a process and the object in question, respectively. The only difference between mmap and mmap64 is that in mmap64 the off parameter is 64 bits long, so that the file offset can be greater than 2 gigabytes. This is useful for certain filesystem types that support such file offsets. The mapping established by mmap replaces any previous mappings for the process's pages in the range [pa, pa + len). The parameter prot determines whether read (load), write (store), execute, or some combination of accesses are permitted to the pages being mapped. The protection options are defined in as: PROT_READ Page can be read. PROT_WRITE Page can be written. PROT_EXEC Page can be executed. PROT_NONE Page can not be accessed. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From peiam.arad at freund-dirks.de Tue Dec 15 13:15:17 1998 From: peiam.arad at freund-dirks.de (Peiam Arad) Date: Tue Dec 2 02:24:51 2003 Subject: password sync nt<->linux Message-ID: <367660E5.5522@freund-dirks.de> I have one question. We have a NT PDC and a Linux-server with samba. Now i like to authenticate the samba-users with our PDC. My problem is: How could I set user permissions for the PDC-users on the Linuxserver. I could synchronisize samba-users and the linux-users, but how could i do this with NT-PDC-users and Linux-users. Another Problem is that the NT-users are working via telnet on the linux-server. I don't want to create every user at the NT-server and the linux-server. Peiam P.S.: Please excuse my bad english. From greg at discreet.com Tue Dec 15 13:33:45 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:51 2003 Subject: latest cvs does not compile on IRIX 6.2 In-Reply-To: Message-ID: OK bad etiquette to answer one's own post but casting the mmap64 to (void *) seems to make my compiler happy. Greg On 15-Dec-98 Greg Dickie wrote: > > Hi, > > CVS tree from this morning: > Compiling lib/system.c > "lib/system.c", line 283: error(1119): return value type does not match the > function type > return mmap64(addr, len, prot, flags, fd, offset); > ^ > > 1 error detected in the compilation of "lib/system.c". > *** Error code 2 (bu21) > > > here is the man page: > > NAME > mmap, mmap64 - map pages of memory > > SYNOPSIS > #include > #include > > void *mmap(void *addr, size_t len, int prot, int flags, int fd, off_t > off); > > void *mmap64(void *addr, size_t len, int prot, int flags, int fd, > off64_t > off); > > DESCRIPTION > The functions mmap and mmap64 establish a mapping between a process's > address space and a virtual memory object. The format of the call is as > follows: > > pa = mmap(addr, len, prot, flags, fd, off); > > mmap establishes a mapping between the process's address space at an > address pa for len bytes to the memory object represented by the file > descriptor fd at offset off for len bytes. The value of pa is an > implementation-dependent function of the parameter addr and values of > flags, further described below. A successful mmap call returns pa as > its > result. The address ranges covered by [pa, pa + len) and [off, off + > len) must be legitimate for the possible (not necessarily current) > address space of a process and the object in question, respectively. > > The only difference between mmap and mmap64 is that in mmap64 the off > parameter is 64 bits long, so that the file offset can be greater than 2 > gigabytes. This is useful for certain filesystem types that support > such > file offsets. > > The mapping established by mmap replaces any previous mappings for the > process's pages in the range [pa, pa + len). > > The parameter prot determines whether read (load), write (store), > execute, or some combination of accesses are permitted to the pages > being > mapped. The protection options are defined in as: > > PROT_READ Page can be read. > PROT_WRITE Page can be written. > PROT_EXEC Page can be executed. > PROT_NONE Page can not be accessed. > > > > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From mk at quadstone.com Tue Dec 15 17:15:13 1998 From: mk at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:24:51 2003 Subject: problems with smbtar Message-ID: <11240.199812151715@subnode.quadstone.com> Changed over to 2.0.0beta4 on one of our domain controller. smbtar no longer tar's up subdirectories. E.g. % smbtar -v -s odin -x odind -u testy -p -t /tmp/xx.tar Params count: 11 server is odin share is odind\ tar args is tape is /tmp/xx.tar blocksize is Added interface ip=190.88.198.2 bcast=190.88.198.127 nmask=255.255.255.128 Domain=[SPONG] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] 1754 ( 34.3 kb/s) \CHOICE.COM 4109 ( 77.2 kb/s) \ffastun.ffa 8192 ( 1600.0 kb/s) \ffastun.ffl 4096 ( 74.1 kb/s) \ffastun.ffo 4096 ( 81.6 kb/s) \ffastun0.ffx 127808 ( 6240.6 kb/s) \ZZ.EXE 1388 ( 25.1 kb/s) \ZZTOP.BAT tar: dumped 7 tar files Total bytes written: 154112 There is also a "Dell" directory in here which isn't being tar'ed up! Anyone got any idea what might be wrong? Michael _________ Michael Keightley Tel: +44 131 220 4491 Systems Manager Fax: +44 131 220 4492 Quadstone Limited WWW: http://www.quadstone.com From rob.naccarato at sheridanc.on.ca Tue Dec 15 18:54:37 1998 From: rob.naccarato at sheridanc.on.ca (Rob Naccarato) Date: Tue Dec 2 02:24:51 2003 Subject: Problems with 2.0beta4 Message-ID: Today I gave beta4 a try and I still cannot connect to my DEC Unix 4.0d machine (beta1 seems to work, though). I simply attempted to connect from a win95 machine a la: "net view \\server", and I get Error86: the network password is not correct. This is wrong, the password is correct. I ran smbd with a debug level of 10 (I've omitted the password): ... [1998/12/15 13:51:26, 10] lib/util.c:(2798) [020] 4E 45 54 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 NET.Wind ows 4.0. [1998/12/15 13:51:26, 10] lib/util.c:(2798) [030] 57 69 6E 64 6F 77 73 20 34 2E 30 00 Windows 4.0. [1998/12/15 13:51:26, 3] smbd/process.c:(402) switch message SMBsesssetupX (pid 18608) [1998/12/15 13:51:26, 3] smbd/reply.c:(674) Domain=[SHERNET] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [1998/12/15 13:51:26, 3] smbd/reply.c:(679) sesssetupX:name=[ROB] [1998/12/15 13:51:26, 6] param/loadparm.c:(1767) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Dec 10 10:15:18 1998 [1998/12/15 13:51:26, 4] passdb/pass_check.c:(791) Checking password for user rob (l=7) [1998/12/15 13:51:26, 5] passdb/pass_check.c:(836) Checking password for user rob in OSF1_ENH_SEC [1998/12/15 13:51:26, 5] passdb/pass_check.c:(843) No entry for user rob in protected database ! [1998/12/15 13:51:26, 3] smbd/error.c:(133) error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1998/12/15 13:51:26, 3] smbd/error.c:(143) error string = No such file or directory [1998/12/15 13:51:26, 5] lib/util.c:(430) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=128 smb_flg2=1 [1998/12/15 13:51:26, 5] lib/util.c:(438) smb_tid=0 smb_pid=28497 smb_uid=1 smb_mid=56323 smt_wct=0 [1998/12/15 13:51:26, 5] lib/util.c:(453) smb_bcc=0 [1998/12/15 13:51:26, 6] lib/util_sock.c:(185) write_socket(6,39) [1998/12/15 13:51:26, 6] lib/util_sock.c:(188) write_socket(6,39) wrote 39 [1998/12/15 13:51:28, 10] lib/util_sock.c:(493) receive_smb: length < 0! [1998/12/15 13:51:28, 3] smbd/process.c:(806) end of file from client [1998/12/15 13:51:28, 2] smbd/server.c:(405) Closing connections [1998/12/15 13:51:28, 3] smbd/server.c:(430) Server exit (normal exit) Rob Naccarato "Civilized men are more discourteous than savages Sys Admin because they know they can be impolite without Sheridan College having their skulls split, as a general thing." Oakville, Ont. Canada - Robert E. Howard From greg at discreet.com Tue Dec 15 18:59:54 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:51 2003 Subject: getgrent infinite loop thingy Message-ID: Hi Luke et al., FYI I did an experiment today. I actually tried the latest CVS on an IRIX 6.5 machine. I had been using IRIX 6.2. It looks like the getgrent() infinite loop does not happen on 6.5. I can login fine. I know there are significant differences between the 2 versions, but I do not know of any that would have this effect. Bizarre but at least now I can still test. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From rob.naccarato at sheridanc.on.ca Tue Dec 15 21:23:22 1998 From: rob.naccarato at sheridanc.on.ca (Rob Naccarato) Date: Tue Dec 2 02:24:51 2003 Subject: Problems with 2.0beta4 In-Reply-To: Message-ID: On Tue, 15 Dec 1998, Rob Naccarato wrote: > > Today I gave beta4 a try and I still cannot connect to my DEC Unix 4.0d > machine (beta1 seems to work, though). > > I simply attempted to connect from a win95 machine a la: "net view > \\server", and I get Error86: the network password is not correct. > > This is wrong, the password is correct. > I've now got it to work. In includes/includes.h, I removed these lines: #if defined(HAVE_PUTPRPWNAM) && defined(AUTH_CLEARTEXT_SEG_CHARS) #define OSF1_ENH_SEC 1 #endif Therefore, the Samba compilation assumes that if you're running OSF, you're running enhanced security, which I'm not. Could this be made an option to configure, with the default being to use BSD security? Rob Naccarato "Civilized men are more discourteous than savages Sys Admin because they know they can be impolite without Sheridan College having their skulls split, as a general thing." Oakville, Ont. Canada - Robert E. Howard From mar at nesin.usr.pu.ru Wed Dec 16 10:03:51 1998 From: mar at nesin.usr.pu.ru (Maryanna Nesina) Date: Tue Dec 2 02:24:51 2003 Subject: * Can we use Linux server as PDC for 95-s? Message-ID: Hi, all! I greatly appologise for maybe a rather silly question, but I'm not very familiar with Unix. The thing is that we have a class with win95 workstations where a GroupPolicy is carried out (the appropriate file is reading from the NT server's \Netlogon dir while the 95's boxes are logging) and the list of the groups and users is taken from the NT PDC. In PolEdit it is checked not to allow for a 95 to start without the right logging to a server. Now for the several reasons we are going to have a Linux (or FreeBSD) Server. Would it be possible for our 95's PC to take the list of groups and users from the Unix machine (using Samba there, I sopose?), to grab the PolAdit's file while logging from there and to start Win95 only if the logging to Unix Server is OK? Thanks, Maryanna Nesina \ / \ / @@@@ ============================ )( @ @ ====== * Math in Biology Lab 00 @@@ @@@@ * * Biological Institute of ~ \\\ \\ * * St.Petersburg State University, * * Oranienbaumskoye sh. 2, Stary Peterhof, * * St.Petersburg, 198 904, RUSSIA * * E-mail mar@nesin.usr.pu.ru * ================================================= From jal at mcs.le.ac.uk Wed Dec 16 11:20:12 1998 From: jal at mcs.le.ac.uk (J. A. Landamore) Date: Tue Dec 2 02:24:51 2003 Subject: leaving and rejoining domain Message-ID: <19011.9812161120@sun2.mcs.le.ac.uk> A non-text attachment was scrubbed... Name: not available Type: text Size: 967 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981216/97f8a038/attachment.bat From cartegw at Eng.Auburn.EDU Wed Dec 16 14:22:52 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:51 2003 Subject: leaving and rejoining domain References: <19011.9812161120@sun2.mcs.le.ac.uk> Message-ID: <3677C23C.2CFB64EE@eng.auburn.edu> J. A. Landamore wrote: > > However to get them to rejoin the domain I need to stop samba, > remove the machine entry from smbpasswd, add the machine > entry and restart samba. I can then get the success dialog box > when I add them to the domain otherwise it fails. > Could someone please explain why it refuses to use the > old smbpasswd entry please? The process of joining a domain consists of the server and workstation using a default password which is the client's NetBIOS machine in lowe case letters. Everytime you join a domain, the server and client use the default password. After joining the domain, the client will change it to some random string (but still not that secure). You shoudl not have to kill smbd to change the machine password for a domain member. Just use 'smbpasswd machine$' replacing machine$ with the netbios machine name appended by '$' when prompted for a password, enter the machine name in lower case characters. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From psc59782 at glaxowellcome.com Wed Dec 16 16:16:21 1998 From: psc59782 at glaxowellcome.com (Carroll, Patrick S) Date: Tue Dec 2 02:24:51 2003 Subject: Help with domain trust relationship Message-ID: Hello, I've got samba 2.0.0beta4 compiled and working properly on my RedHat 5.1 (Linux kernel 2.1.131) system. I have the following NT domains to work with... I have the Linux box setup on the NT Domain "X" Users are only authenticated on NT Domain "Y". There is a trust relationship between Domain X and Y (both are NT servers) I setup my smb.conf file with.. workgroup = (Domain "X") security = domain (also tried server) encrypt passwords = yes password server = (primary domain controller for domain "x", also tried primary domain controller for domain "y") and pam_smb.conf with (Domain Y, also tried Domain X) (PDC for Y, also tried PDC for X) I had my system admin add my computer netbios name (same as dns name) to the NT Domain "X". I ran the following.. smbpasswd -j (NT Domain "X") And I successfully joined the domain, and the mac file was created in /etc. (Note: if I tried to rejoin the domain at a later date, I got an error message. If I asked the domain admin to re-add me, I could join, but would get the same error if I retried). Now I setup my username with a "*" password in the password file. I tried telnet to the Linux Box. When I log-in with my username and the NT domain password, I get the following error.... =================================================== Red Hat Linux release 5.2 (Apollo) Kernel 2.1.131 on an i686 login: psc59782 Password: client_init: connection succeeded LSA Query Info Policy Domain Member - Domain: US-DESKTOP2 SID: S-1-5-21-26028188-139138990-2934943 63 Domain Controller - Domain: US-DESKTOP2 SID: S-1-5-21-26028188-139138990-2934943 63 NET_REQ_CHAL: NT_STATUS_INVALID_COMPUTER_NAME Server rejected the login of psc59782 to domain US1_AUTH. Login incorrect ========================================================== (note: us-desktop2 is domain "X", us1_AUTH is domain "Y"). Any suggestions? Patrick Carroll Instrument Technical Support ASci Automation Office: 483-7124 International: 703-7124 Mobile Phone: 272-5692 Text Pager: http://griwww.glaxo.com/src/personalPages/show/psc59782 Unsecure Personal Email: mailto:Patrick.S.Carroll@gte.net From L-MAY at gmx.de Wed Dec 16 18:56:50 1998 From: L-MAY at gmx.de (Lothar May) Date: Tue Dec 2 02:24:51 2003 Subject: Mailing list Message-ID: <655.913834610@www.gmx.net> --- Sent through Global Message Exchange - http://www.gmx.net From jallison at cthulhu.engr.sgi.com Wed Dec 16 17:45:53 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:51 2003 Subject: leaving and rejoining domain References: <19011.9812161120@sun2.mcs.le.ac.uk> Message-ID: <3677F1D1.937291@engr.sgi.com> J. A. Landamore wrote: > > I have several machines that normally belong in a domain served by > samba-2.0.0beta2, that I occassionally need to remove from the domain and then > rejoin the domain. To remove them from the domain I just change them to > workgroup machines in the network control panel. (Is this the correct way of > doing it?). However to get them to rejoin the domain I need to stop samba, > remove the machine entry from smbpasswd, add the machine entry and restart > samba. I can then get the success dialog box when I add them to the domain > otherwise it fails. > Could someone please explain why it refuses to use the old smbpasswd entry > please? Because when you change them to workgroup machines in the control panel it destroys whatever machine password key it has stored in the registry (or refuses to use it again, which amounts to the same thing). When you tell the WinNT machines to re-join the domain they will start again with the initial (known) password of machine name in lower case as UNICODE, md4 hashed. Thus you need to reset the smbpasswd machine entry to match this. Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Wed Dec 16 21:09:37 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:51 2003 Subject: leaving and rejoining domain In-Reply-To: <3677F1D1.937291@engr.sgi.com> Message-ID: > When you tell the WinNT machines to re-join the domain > they will start again with the initial (known) password > of machine name in lower case as UNICODE, md4 hashed. > > Thus you need to reset the smbpasswd machine entry to > match this. if microsoft tells us the format of "add sam database user" entry i can fix this. From D.Bannon at latrobe.edu.au Wed Dec 16 22:28:28 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <19011.9812161120@sun2.mcs.le.ac.uk> Message-ID: <3.0.3.32.19981217092828.00750d70@bioserve.biochem.latrobe.edu.au> At 10:21 PM 16/12/1998 +1100, J. A. Landamore wrote: >.. machines ... that I occassionally need to remove from the domain and then >rejoin the domain. How about creating a local account on the machine(s) and selecting local machine at the logon dialog. I don't think this messes up the machine passwd, you can return to the domain by selecting the domain again in the logon dialog. But there are lots of other times when this is a real pain. Because the same effect shows up when updating a version of samba that has been in operation for a period of time, we need to do this on EVERY NT in the domain when we upgrade samba. 1. Reset the smbpasswd entry for machine : smbpasswd -m -a machine 2. Leave and rejoin the domain a) Log on as Administrator to the local machine, change the lower field in logon dialog to local machine name, use the user name of Administrator and the Administrator's password. b) From the network icon change from domain to workgroup. Click OK to warning message. Then change back to domain and get the 'Welcome to domain' message. OK and reboot. At the logon dialog, select the domain and use a suitable domain user name and passwd and logon (otherwise other 'users' will try and use their domain username with the local machine name....). Is there any prospect of this being solved ? Luke ? Please ! Does the same thing happen in NT ? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lkcl at switchboard.net Wed Dec 16 22:36:23 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <3.0.3.32.19981217092828.00750d70@bioserve.biochem.latrobe.edu.au> Message-ID: > But there are lots of other times when this is a real pain. Because the > same effect shows up when updating a version of samba that has been in > operation for a period of time, we need to do this on EVERY NT in the > domain when we upgrade samba. why??? i have never needed to do this. From matthew at janus.law.usyd.edu.au Wed Dec 16 22:39:23 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <3.0.3.32.19981217092828.00750d70@bioserve.biochem.latrobe.edu.au> from "David Bannon" at Dec 17, 98 09:29:47 am Message-ID: <199812162239.JAA12777@janus.law.usyd.edu.au> > But there are lots of other times when this is a real pain. Because the > same effect shows up when updating a version of samba that has been in > operation for a period of time, we need to do this on EVERY NT in the > domain when we upgrade samba. > This has not happened to me - ive upgraded progressively from the 2.0 alpha's to the beta release, often with a couple of weeks between cvs updates and Ive not had to rejoin the workstations, the reconnect fine. I havent run the 2.1 alpha's on the same machine however, I got another box to play with and that started with the 2.1 series. It has been CVS updated many times and the workstations keep working fine. From D.Bannon at latrobe.edu.au Wed Dec 16 22:48:19 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: References: <3.0.3.32.19981217092828.00750d70@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19981217094819.006e1d3c@bioserve.biochem.latrobe.edu.au> At 09:40 AM 17/12/1998 +1100, Luke Kenneth Casson Leighton wrote: >> But there are lots of other times when this is a real pain. Because the >> same effect shows up when updating a version of samba that has been in >> operation for a period of time, we need to do this on EVERY NT in the >> domain when we upgrade samba. > >why??? i have never needed to do this. I suspect it depends on how long a particular version is running ? Is that possible ? On my play machine that I am testing for a computer lab next year, I update pretty often and don't need to do the above. However, on two production machines that may go some months without being upgraded, I most certainly need to do that with the NT's. When does the NTWS decide it must change its passwd ? And more importantly, why does it so decide ? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From greg at discreet.com Wed Dec 16 23:05:28 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: Something must be happening to the .SID file? Greg On 16-Dec-98 Luke Kenneth Casson Leighton wrote: >> But there are lots of other times when this is a real pain. Because the >> same effect shows up when updating a version of samba that has been in >> operation for a period of time, we need to do this on EVERY NT in the >> domain when we upgrade samba. > > why??? i have never needed to do this. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Wed Dec 16 23:17:41 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <3.0.3.32.19981217094819.006e1d3c@bioserve.biochem.latrobe.edu.au> Message-ID: On Thu, 17 Dec 1998, David Bannon wrote: > At 09:40 AM 17/12/1998 +1100, Luke Kenneth Casson Leighton wrote: > >> But there are lots of other times when this is a real pain. Because the > >> same effect shows up when updating a version of samba that has been in > >> operation for a period of time, we need to do this on EVERY NT in the > >> domain when we upgrade samba. > > > >why??? i have never needed to do this. > > I suspect it depends on how long a particular version is running ? Is that > possible ? i don't think so. password change NetSrvPwSet time is set to 1 week, isn't it jeremy? > On my play machine that I am testing for a computer lab next > year, I update pretty often and don't need to do the above. However, on two > production machines that may go some months without being upgraded, I most > certainly need to do that with the NT's. When does the NTWS decide it must > change its passwd ? And more importantly, why does it so decide ? hm. you may have a point, here... From Jean-Francois.Micouleau at dalalu.fr Thu Dec 17 09:01:56 1998 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: On Thu, 17 Dec 1998, Luke Kenneth Casson Leighton wrote: > > But there are lots of other times when this is a real pain. Because the > > same effect shows up when updating a version of samba that has been in > > operation for a period of time, we need to do this on EVERY NT in the > > domain when we upgrade samba. > > why??? i have never needed to do this. I just had this bug on 2 production servers yesterday after upgrading from 2.0beta1 to 2.0beta4. Users were unable to log in: error C000019B. The only solution was to rejoin the domain for each WKS (around a 100). The worse part was with the profiles, all applications were confused by the changed SID. I think the bug come from beta4 which doesn't interpret the MACHINE.SID as beta1 done (sid_to_string() and string_to_sid()). J.F. From heinig at hdz-ima.rwth-aachen.de Thu Dec 17 09:41:17 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:52 2003 Subject: Samba NIS+ support Message-ID: <3678D1BD.3A421E7B@hdz-ima.rwth-aachen.de> Hi all, Bad news on the NIS+ front, I'm afraid. It seems I completely underestimated the time needed for my college work and setting up our department network here. I was banking on having finished both tasks by end of november and having december to do a bit of work on the NIS+ account management on Samba. No such luck: I've run into a load of unforeseen problems with my paper and although our department is now up and running smoothly with Samba 2.0beta2 / NT 4 SP3 (great job, guys! ) there were a lot of time-consuming teething problems. The outlook for me next year is ultra-bleak timewise, so, regrettably, I can't do anything on Samba/NIS+ above the hobby level. I hope I haven't let anybody down... if so, my apologies. I would, however, like to get an answer to a problem which will have to be solved if NIS+ is used as the main account database. NIS+ authenticates users with a public key system which involves NIS+ decrypting the user's private key with his password when he logs in, and storing the private key in the keyserver for future reference. The private keys are lost when the machine is rebooted or when the user issues a keylogout request. The problem we have here is that on a machine other than the root master server running NIS+ and Samba, any user that *hasn't* yet logged in to UNIX at least once (which stores the private key in the keyserver on the UNIX box) is set to UID nobody and consequently has virtually no access rights ie. NFS mounts of home directories do not work (since the user is unauthenticated) and all files are created with UID nobody. The user either has to log in once to the UNIX machine (which performs the keyserver store automatically) or do a telnet to the UNIX box and do a keylogin. Of course Samba could do all that, but it would need the user's cleartext password, which is normally encrypted when it arrives from the NT box. The question is, can Samba generate the cleartext password from the NT hash, or would we have to store the cleartext password in NIS+, perhaps encrypted with some other key known only to NIS+? Cheers, Gerald From jan.van.rensburg at epiuse.com Thu Dec 17 10:11:20 1998 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:24:52 2003 Subject: starting from scratch Message-ID: hi, i've been on this mailing list for almost a year now & are familiar with most of the samba basics. we are setting up a branch office that will run linux on the server side, 95 & nt on the client side. our head office is mostly an nt shop. an nt domain & ms exchange 5.5. i'm looking for tips and suggestions that might be helpful when i'm setting up the new branch office. our basic requirements will be: 1.) file mirroring between our head office nt file server and the linux box with samba (should i go for the samba 2.0 betas or stick to the 1.19.x for now?) 2.) mail "mirroring". will forwarding from ms exchange to the linux host be the best way to do this? nice to have's would be: 1.) automatic username/password sync's (as far as i know pdc<->bdc functionality isn't implemented yet, any other ways to do this?) thanks, --jan van rensburg From masaje at maths.bath.ac.uk Thu Dec 17 12:27:17 1998 From: masaje at maths.bath.ac.uk (A J Every) Date: Tue Dec 2 02:24:52 2003 Subject: newbie trying to create samba pdc on linux Message-ID: Hi, I'm relatively new to samba, but not so much NT. I'm trying to create a samba PDC on my linux RedHat 5.2 box. I'm using samba beta 4 to do this. My current state is: 1. Domain is visible on NT boxes. 2. I have connected once from NT using an account created in smbpasswd 3. After this initial account logon I have started to get the message "The system cannot log you on now because the domain MATHS-SAMBA is not available" 4. At other times I get an error message similar to Michael Hulet's on the ntdom archive "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on the account is incorrect" Looking at the ports it appears that both Linux and NT are talking to each other via samba (connecting) but not actually noticing the connection. What I basically want to know, before I email this list with logs, port logs etc., is should I go with beta 4 to try and achieve these aims. Do other people use this to get PDC control. I keep reading about how this does not fully work and is not yet supported so I keep wondering whether (for a change) I haven't made a mistake. thanks alan (every). --------------------- Alan Every, Systems Programmer, Mathematical Sciences, University of Bath From Martin.Schmidt at bundessortenamt.de Thu Dec 17 16:57:33 1998 From: Martin.Schmidt at bundessortenamt.de (Martin.Schmidt@Bundessortenamt.de) Date: Tue Dec 2 02:24:52 2003 Subject: Beta4 on HPUX 9.04 and SuSE-Linux Message-ID: <01BE29E6.BA242360.Martin.Schmidt@Bundessortenamt.de> Hallo Samba 2.0.0Beta4compiles fine on HP-UX (eder A.09.04 E 9000/817 1475312212 8-Benutzer-Lizenz) with gcc 2.7.2. (gcc -v: Reading specs from /usr/local/lib/gcc-lib/hppa1.1-hp-hpux9.04/2.7.2/specs gcc version 2.7.2) Only ./configure; make; make install. It also compiles fine on S.u.S.E-Linux 5.3 (Linux ede005w 2.0.35 #130 Mon Jul 27 11:06:31 MEST 1998 i586 unknown). gcc -v : Reading specs from /usr/lib/gcc-lib/i486-linux/2.7.2.1/specs gcc version 2.7.2.1 I will try it on HPUX 9.04 with Ansi-C compiler (non standart-compiler) (HP-UX johanna A.09.04 C 9000/827 702635132 32-Benutzer-Lizenz): ... checking configure summary configure OK ./configure: sh internal 2K buffer overflow updating cache ./config.cache creating ./config.status creating include/stamp-h creating Makefile creating include/config.h $make Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -Ae -DSMBLOGFIL" Using LIBS = Compiling smbd/server.c without error?s (only sh internal 2K overflow) Thanks for that good work mfg M.Schmidt ---------------------------------------------------------------------- Bundessortenamt Pr?fstelle Eder am Holz 85452 Moosinning eMail1: Martin.Schmidt@bundessortenamt.de eMail2: Martin_Schmidt@t-online.de ---------------------------------------------------------------------- From lkcl at switchboard.net Thu Dec 17 18:49:58 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: On Thu, 17 Dec 1998, Jean Francois Micouleau wrote: > On Thu, 17 Dec 1998, Luke Kenneth Casson Leighton wrote: > > > > But there are lots of other times when this is a real pain. Because the > > > same effect shows up when updating a version of samba that has been in > > > operation for a period of time, we need to do this on EVERY NT in the > > > domain when we upgrade samba. > > > > why??? i have never needed to do this. > > I just had this bug on 2 production servers yesterday after upgrading from > 2.0beta1 to 2.0beta4. > > Users were unable to log in: error C000019B. The only solution was to > rejoin the domain for each WKS (around a 100). The worse part was with the > profiles, all applications were confused by the changed SID. > > I think the bug come from beta4 which doesn't interpret the MACHINE.SID as > beta1 done (sid_to_string() and string_to_sid()). due to this bug, the workstations should only be confused once. thereafter, how about powering down all the workstations before stopping smbd? although, i stop and restart smbd all the time and nothing bad happens. but i don't often give it a week (the NetSrvPwSet time)! From lkcl at switchboard.net Thu Dec 17 18:52:19 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: Samba NIS+ support In-Reply-To: <3678D1BD.3A421E7B@hdz-ima.rwth-aachen.de> Message-ID: > NT box. The question is, can Samba generate the cleartext password from > the NT hash, never. the only "clean" way to get the clear-text password is to write a replacement NIS+ L.S.A. (local security authority) for nt clients. and microsoft, knowing full well what this means, is not prepared to release the API for Lsa development. From jmeff at engsoc.queensu.ca Thu Dec 17 19:33:26 1998 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: <000001be29f4$1e51f800$0245a8c0@dagobah.cgocable.net> > > I think the bug come from beta4 which doesn't interpret the > MACHINE.SID as > > beta1 done (sid_to_string() and string_to_sid()). > > due to this bug, the workstations should only be confused once. > > thereafter, how about powering down all the workstations before stopping > smbd? although, i stop and restart smbd all the time and nothing bad > happens. but i don't often give it a week (the NetSrvPwSet time)! > So you're saying, if a workstation is disconnected from the domain for a week, then it'll have to be re-added to the domain when it returns? that could pose a problem for many people. if there's a way to work around it, and debug what's causing NTWS to refuse re-joining, it seems very worthwhile. Jamie From lkcl at switchboard.net Thu Dec 17 20:15:21 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <000001be29f4$1e51f800$0245a8c0@dagobah.cgocable.net> Message-ID: > > thereafter, how about powering down all the workstations before stopping > > smbd? although, i stop and restart smbd all the time and nothing bad > > happens. but i don't often give it a week (the NetSrvPwSet time)! > > > > So you're saying, if a workstation is disconnected from the domain for a > week, then it'll have to be re-added to the domain when it returns? no, i'm saying that i personally have never reproduced this, as i don't leave my samba server up for more than a week without modification! From cigor at EUnet.yu Thu Dec 17 20:55:36 1998 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:24:52 2003 Subject: How to set up Samba PDC Message-ID: <01be29ff$985b6b80$0200a8c0@big.co.yu> Hi all. I have few questions: The situation in my school is: 17 NTWS(SP3) 1 Linux Server 1 WinNT Server We want to set up Samba linux server to be PDC, not WinNT. This is because Admin on WinNT server want to have only one user(for students), but we want one account for one student. My question is what do I need to set up Samba to be fully functional PDC. Samba2.0 b4, ... and what else, and where can I get it(if you can full path) Thank you for your help. From D.Bannon at latrobe.edu.au Thu Dec 17 22:28:10 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: References: Message-ID: <3.0.3.32.19981218092810.0075d138@bioserve.biochem.latrobe.edu.au> At 08:02 PM 17/12/1998 +1100, Jean Francois Micouleau wrote: >> > But there are lots of other times when this is a real pain. Because the >> > same effect shows up when updating a version of samba that has been in >> > operation for a period of time, we need to do this on EVERY NT in the >> > domain when we upgrade samba. > >I think the bug come from beta4 which doesn't interpret the MACHINE.SID as >beta1 done (sid_to_string() and string_to_sid()). > No, I don't think so, I have been aware if this behaviour in all versions since NTDom stuff was operational. The important thing is that it only shows up if the server has been running, without mods, for some time (months ??). Powering down does not trigger the symptoms, upgrading samba does !??? (What the hell could be the difference ?). I have at least one NT here that will not join until I go through the process. I'll save it if someone can suggest any tests to do before. (Time is a problem at present, I've been kicked out of my play room while the builders do it all up, but will try ). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From matthew at janus.law.usyd.edu.au Thu Dec 17 22:29:02 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:52 2003 Subject: Latest CVS - problems.. Message-ID: <199812172229.JAA07371@janus.law.usyd.edu.au> Using the latest 2.1-alpha CVS downloaded less than an hour ago - On an NT workstation, logged in as a user in the administrator group. svrmgr - crashes with a 'access voliation' with out showing any hosts. cacls.exe causes an exception is lass.exe, after which no RPC function seems to work anymore. The machine has to rebooted before any one else can login again. cacls is only being used to get acls of local users or groups - im trying to restrict access to all the system files so people cant tamper. The server is a dual CPU Linux 2.1.131 system, which other than the kernel and Samba is stock RedHat 5.2 If I run cacls.exe on another workstation served by 2.0beta4, it works, but issues a warning about not mapping users and groups. I can get tcpdumps and debug logs if required. From jallison at cthulhu.engr.sgi.com Thu Dec 17 22:43:45 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:52 2003 Subject: problems with smbtar References: <11240.199812151715@subnode.quadstone.com> Message-ID: <36798921.20F0DDA7@engr.sgi.com> Michael Keightley wrote: > > Changed over to 2.0.0beta4 on one of our domain controller. smbtar no longer > tar's up subdirectories. E.g. > I just fixed this in the 2.0 branch (it was a mask of '*.*' being used against NT instead of '*' - Samba takes either - NT is picky... :-). CVS update the 2.0 branch and it should be fixed (it'll be fixed in the 2.0.0 release). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Thu Dec 17 22:50:44 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <3.0.3.32.19981218092810.0075d138@bioserve.biochem.latrobe.edu.au> Message-ID: > No, I don't think so, I have been aware if this behaviour in all versions > since NTDom stuff was operational. The important thing is that it only > shows up if the server has been running, without mods, for some time > (months ??). Powering down does not trigger the symptoms, upgrading samba > does !??? (What the hell could be the difference ?). ok, when i upgrade samba, i never run the install scripts. in fact, i run it from immediately after doing "make": make bin/smbd bin/nmbd killall smbd killall nmbd rm /usr/local/samba/log.* bin/smbd bin/nmbd exactly what procedure do you follow? From ken at hudat.com Thu Dec 17 17:54:07 1998 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:24:52 2003 Subject: listing of daemons running on a unix server In-Reply-To: <000a01be24ec$959def70$02292090@pc001.cs.york.ac.uk> Message-ID: On Fri, 11 Dec 1998, Martin Atkins wrote: > Kendrick Vargas wrote > >... > > Maybe there should simply be one script assigned specifically to the > > purpose of remote admin by an NT box... That script can return a list > > of the services which are available (whatever the admin chooses) and then > > a procedure for starting/stopping each one. That way, it's very much > > controled. > > Can I add my vote for this as the simplest, transparent, controlable, and > machine-independent suggestion I have seen so far... Ok... Assuming this is the way you go, what exactly would be necessary. I'm simply asking as there doesn't seem to be any further development going on regarding this... Assuming that a file /usr/local/samba/etc/service-control.conf existed, and assuming that a script read that file line by line deciding which services were mapped to what, and what could be managed by the NT box... what would be the first thing returned to the NT box? I mean, assuming the script is called from the NT, it should firt return the available services... what format would that be in? PS> If that's allready being written, ignore me :-) -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From lkcl at switchboard.net Thu Dec 17 22:53:23 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: Latest CVS - problems.. In-Reply-To: <199812172229.JAA07371@janus.law.usyd.edu.au> Message-ID: On Fri, 18 Dec 1998, Matthew Geier wrote: > Using the latest 2.1-alpha CVS downloaded less than an hour ago - > > On an NT workstation, logged in as a user in the administrator group. > > svrmgr - crashes with a 'access voliation' with out showing any hosts. not as interesting, at this stage. > cacls.exe causes an exception is lass.exe, after which no RPC function > seems to work anymore. The machine has to rebooted before any one else > can login again. you're lucky you can reboot! normally, lsass.exe going down requires a power-off. can you get a netmon trace for me? From lkcl at switchboard.net Thu Dec 17 23:04:37 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: listing of daemons running on a unix server In-Reply-To: Message-ID: On Fri, 18 Dec 1998, Kendrick Vargas wrote: > On Fri, 11 Dec 1998, Martin Atkins wrote: > > > Kendrick Vargas wrote > > >... > > > Maybe there should simply be one script assigned specifically to the > > > purpose of remote admin by an NT box... That script can return a list > > > of the services which are available (whatever the admin chooses) and then > > > a procedure for starting/stopping each one. That way, it's very much > > > controled. > > > > Can I add my vote for this as the simplest, transparent, controlable, and > > machine-independent suggestion I have seen so far... > > Ok... Assuming this is the way you go, what exactly would be necessary. > I'm simply asking as there doesn't seem to be any further development > going on regarding this... > > Assuming that a file /usr/local/samba/etc/service-control.conf existed, > and assuming that a script read that file line by line deciding which > services were mapped to what, and what could be managed by the NT box... > what would be the first thing returned to the NT box? OpenSCManager(), followed by EnumServices followed by OpenService etc etc. > I mean, assuming the script is called from the NT, it should firt return > the available services... what format would that be in? see: include/rpc_svcctl.h rpc_parse/parse_svc.c rpc_server/srv_svcctl.c rpc_client/cli_svcctl.c rpcclient/cmd_svcctl.c From D.Bannon at latrobe.edu.au Fri Dec 18 02:52:15 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: References: <3.0.3.32.19981218092810.0075d138@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19981218135215.00752b50@bioserve.biochem.latrobe.edu.au> At 10:50 PM 17/12/1998 +0000, Luke Kenneth Casson Leighton wrote: >ok, when i upgrade samba, i never run the install scripts. in fact, i run >it from immediately after doing "make": > >make bin/smbd bin/nmbd >killall smbd >killall nmbd >rm /usr/local/samba/log.* >bin/smbd >bin/nmbd ./configure make samba stop // that's my script to stop, start etc make install rm /usr/local/var/log.* samba start ie, bog standard. The samba script calls /usr/local/samba/bin/smbd etc. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Jean-Francois.Micouleau at dalalu.fr Fri Dec 18 08:24:36 1998 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: On Fri, 18 Dec 1998, Luke Kenneth Casson Leighton wrote: > > I think the bug come from beta4 which doesn't interpret the MACHINE.SID as > > beta1 done (sid_to_string() and string_to_sid()). > > due to this bug, the workstations should only be confused once. Once ? I tried rebooting a WKS several times, same thing. > thereafter, how about powering down all the workstations before stopping > smbd? Some WKS were down when I upgraded. Whenever a new user tried to login (either on a freshly booted WKS or on one already booted), I had the same error message. although, i stop and restart smbd all the time and nothing bad > happens. but i don't often give it a week (the NetSrvPwSet time)! Yep on my devel machines I never had this problem too. J.F. From williamj at email.aston.ac.uk Fri Dec 18 09:23:17 1998 From: williamj at email.aston.ac.uk (John Williams) Date: Tue Dec 2 02:24:52 2003 Subject: Samba 2.0.0beta3 as PDC and trusted domains Message-ID: <3.0.5.32.19981218092317.00995cc0@email.aston.ac.uk> Hi, We are trying to set up a Winframe 1.7 server on NT 3.51. What we would ideally like to do, is set it up so that users are dynamically created and use NIS for password authentication, like nisgina does on NT Workstations, but nisgina does not run on servers. I've set up a Samba 2 PDC in a seperate domain which works for NT workstation logins. I would like to make the Winframe server "trust" the Samba server domain and authenticate to it but I get an error message that the Samba domain is not set up to allow trusts and user logins fail. Can this setup be made to work? Thanks John --- John Williams Team Leader Academic Systems LIS (MB) Aston University Aston Triangle Birmingham B4 7ET 0121 359 3611 x 5142 Fax 0121 359 7358 Mobile 07801266235 From eroidl at grammer.de Fri Dec 18 13:19:54 1998 From: eroidl at grammer.de (Engelbert Roidl) Date: Tue Dec 2 02:24:52 2003 Subject: HELP -- upgrade to 1.9.18p8 causing print/disk trouble ..." Message-ID: <367A567A.54B6228E@grammer.de> Hello Jim, I've installed samba-1.9.18p8 some months ago. Everything worked find till yesterday. My PCs went in a similar problem as yours. If I want to connect to a Networkprinter (my samba is the printserver for the PC) it takes a verly long time (10 Minutes) till I get any response from my printer. If I want to print it takes a very long time too to get the dialog with the right printer. The strange thing is, that it worked a very long time very find. Setting up WINS does not help anything. Do you have any suggestions? Does anyone have any suggestions? Bye Engelbert Roidl [global] workgroup = HASCAD server string = Samba Server printing = bsd printcap name = /etc/printcap print command = lp -d %p %s lpq command = /usr/bin/lpq %p lprm command = /usr/bin/lprm -P%p %j lpq cache time = 45 domain master = no wins server = 10.18.5.204 local master = no debug level = 3 [printers] path=/work/systmp browseable = yes printable = yes public = yes writeable = no create mode = 0700 ----------------------------------------------------------------------------------------------- Date: Mon, 20 Jul 1998 11:54:57 -0400 (EDT) From: Jim Farrell To: samba-ntdom@samba.anu.edu.au, samba@samba.anu.edu.au Subject: HELP -- upgrade to 1.9.18p8 causing print/disk trouble ... I recently upgraded all our site's samba servers to 1.9.18p8, and I seem to be having many strange problems where they didn't exist before. I haven't made any changes to smb.conf. The biggest trouble I seem to have is that people can no longer access printers ... NT/95 just gives a generic "path to server not available" message. Some nodes even have trouble connecting to shares. When the PC's browse the network, then can see the server just fine, but often cannot browse any shares on the server. Rebooting the PC doesn't help. I've found that if I configure the WINS services on the PC's, the trouble often goes away. On NT I set "use DNS for WINS resolution". Once WINS is properly configured, the PC seems to work fine. smbclient from any machine on the network, and on other subnets has no trouble connecting to the samba services at all. I've never had to use WINS services before on my local PC's .... but I set the samba server up (a long while ago) to serve WINS anyway just in case people needed it. Now, it looks as if the PC's won't work at all unless WINS services are enabled. The [global] section of my smb.conf appears below .... any pointers/help would be appreciated. If I cannot solve this issue soon, I'll have to back the server upgrade out and continue running older versions. Thanks, -- jim (IP of this server is 192.168.45.20) [global] deadtime = 10 domain master = yes encrypt passwords = yes guest account = nobody load printers = yes log file = /usr/local/samba/var/logs/log.%m null passwords = no os level = 60 preferred master = yes printcap name = /usr/local/samba/lib/printcap printing = sysv remote announce = 192.168.166.255/ABLAB 192.168.112.255/ASTLAB 192.168.45.255/ABLAB remote browse sync = 192.168.166.100 192.168.112.18 security = user server string = ablab server share modes = no socket options = TCP_NODELAY strict locking = no time server = true username map = /usr/local/samba/private/mapnames wins proxy = yes wins support = yes workgroup = ABLAB From simek at gedas.cz Fri Dec 18 10:47:33 1998 From: simek at gedas.cz (Simek, Pavel) Date: Tue Dec 2 02:24:52 2003 Subject: SUBSCRIBE Message-ID: subscribe Ing. Pavel Simek gedas GmbH TGM 840 29301, Mlada Boleslav tel:+420-326-711429 fax:+420-326-711420 From svedja at lysator.liu.se Fri Dec 18 16:19:28 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:52 2003 Subject: Strange error Message-ID: # more log.a112.lambo.student.liu.se [1998/12/17 19:49:47, 0] smbd/uid.c:unbecome_user(340) chdir(/export/users/wheel/src/samba/samba-2.0.0beta4/source) failed in unbecome_user [1998/12/17 19:49:49, 0] smbd/uid.c:unbecome_user(340) chdir(/export/users/wheel/src/samba/samba-2.0.0beta4/source) failed in unbecome_user Well, yes, it is a Samba2 Beta4 but the error is quite strange. Why the chdir to source ? In unbecome_user ? Notice that the login was outside the domain that Samba is running, so the connection was thru normal share. Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From lkcl at switchboard.net Fri Dec 18 18:22:34 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: <3.0.3.32.19981218135215.00752b50@bioserve.biochem.latrobe.edu.au> Message-ID: On Fri, 18 Dec 1998, David Bannon wrote: > At 10:50 PM 17/12/1998 +0000, Luke Kenneth Casson Leighton wrote: > > >ok, when i upgrade samba, i never run the install scripts. in fact, i run > >it from immediately after doing "make": > > > >make bin/smbd bin/nmbd > >killall smbd > >killall nmbd > >rm /usr/local/samba/log.* > >bin/smbd > >bin/nmbd > > ./configure > make > samba stop // that's my script to stop, start etc > make install ^^^^^^^^^^^^ what does this do? remove some important files? i bet it deletes, say, *.mac files inadvertently. try *not* doing this, but copying nmbd and smbd manually, ok? From lkcl at switchboard.net Fri Dec 18 18:27:37 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: ok, are you also doing a "make install" on the production servers, and manually copying smbd / nmbd on the development ones? On Fri, 18 Dec 1998, Jean Francois Micouleau wrote: > On Fri, 18 Dec 1998, Luke Kenneth Casson Leighton wrote: > > > > I think the bug come from beta4 which doesn't interpret the MACHINE.SID as > > > beta1 done (sid_to_string() and string_to_sid()). > > > > due to this bug, the workstations should only be confused once. > > Once ? I tried rebooting a WKS several times, same thing. > > > thereafter, how about powering down all the workstations before stopping > > smbd? > > Some WKS were down when I upgraded. Whenever a new user tried to login > (either on a freshly booted WKS or on one already booted), I had the same > error message. > > although, i stop and restart smbd all the time and nothing bad > > happens. but i don't often give it a week (the NetSrvPwSet time)! > > Yep on my devel machines I never had this problem too. > > J.F. > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From Jean-Francois.Micouleau at dalalu.fr Sat Dec 19 12:33:51 1998 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: Message-ID: On Sat, 19 Dec 1998, Luke Kenneth Casson Leighton wrote: > what does this do? remove some important files? i bet it deletes, say, > *.mac files inadvertently. try *not* doing this, but copying nmbd and > smbd manually, ok? Don't think so. My MACHINE.SID is still the same since the first samba installation on those servers. J.F. From D.Bannon at latrobe.edu.au Sun Dec 20 22:57:20 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:52 2003 Subject: leaving and rejoining domain In-Reply-To: References: <3.0.3.32.19981218135215.00752b50@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19981221095720.0074d790@bioserve.biochem.latrobe.edu.au> At 06:22 PM 18/12/1998 +0000, Luke Kenneth Casson Leighton wrote: >.... >> make install > ^^^^^^^^^^^^ > >what does this do? remove some important files? i bet it deletes, say, >*.mac files inadvertently. try *not* doing this, but copying nmbd and >smbd manually, ok? > Sure, I'll try that, but no point doing it now, will need to wait (a month ?) until we can be sure that the magic time has passed. Meanwhile where the hell are these *.mac fies you mention ? I thought I could see if 'make install' would play with then, but I can'nt find, can make ? > >ok, are you also doing a "make install" on the production servers, and >manually copying smbd / nmbd on the development ones? > > No, I don't do this. I use 'make install' on both my play system and the production system. The only difference is how long between upgrades. It really is a time problem. Hmm... David. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From weejock at ferret.lmh.ox.ac.uk Sun Dec 20 23:36:22 1998 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:24:52 2003 Subject: 2.0.0beta4 problems Message-ID: Hi, I've been trying to migrate an horrible NT Small Business Server box to Linux (RH5.2) and I thought that I'd try to replicate the domain stuff, since it seems to be getting rather complete (well done, BTW). Unfortunately, I have come across several problems which will, no doubt, prove to be related to misconfiguration or NT problems, rather than bugs... :) Situation: * Clients all NT4WS (SP4), currently quite happy with NT SBS as domain controller for the domain "EHR". About 8-9 of them. * Current server an intel P200 or some sort running the aforementioned NT SBS. * New server - the same box running RedHat 5.2, kernel 2.0.36pre6 (stock RH kernel, anyway) and samba 2.0.0b4 (made from makerpms.sh). Tried with domain EHR2, as keeping the same domain name seemed to confuse the clients. It has entries for all clients in both /etc/hosts and in /etc/lmhosts (lmhosts has the M flag only on the server name). NetBIOS names are the same as DNS names (although the network is on 10.0.0.x and there is no actualy DNS for them). DNS domain is .ehr (which obviously doesn't exist). Configured as a workgroup, clients can connect and read and write files with no performance problems. Authentication works fine (from /etc/passwd - no shadow, no MD5). Much of the network relies upon world-writable files and, even with "create mode = 777" in the share definitions and "create mask = 0" in the global section, directories were getting created mode 755 and files mode 766. The 766 files did not seem to be writable by other users. With encrypted passwords, the next problem comes. I create a Unix user (sally) and run: makesmbpasswd.sh /etc/smbpasswd and then remove all disallowed samba users (daemon users, etc) from the file. I run smbpasswd sally (all as root so far) and set her password to sally. This seems to work, but then: # smbclient //p75/sally -U sally Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 Password: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) and this appears in log.: [1998/12/20 23:09:01, 0] smbd/reply.c:reply_sesssetup_and_X(771) NT Password did not match ! Defaulting to Lanman Doing a similar thing for a different user, however, worked. I don't know what's happening there. I also verified that the /etc/smbpasswd file was being used by setting an smbpasswd different to the Unix password. The smb one worked and the Unix one didn't. Having acquired a small set of working usernames and passwords, I proceeded to the clients. (Question: If NT thinks it's in a domain, how do I change that without first logging in to a local account without network connections?) After changing random NT settings until the clients could find the domain server, they started to complain about the absence of machine accounts on the server. So far, so good. However, adding machine accounts with smbpasswd -m didn't work so well: # smbpasswd -m client$ User "client$" was not found in system password file. (If real accounts are necessary, perhaps NTDOMAIN.txt could explain this?) # adduser client$ # smbclient -m client$ New SMB password: Retype new SMB password: Failed to find entry for user client$. Failed to change password entry for client$ # smbpasswd -a -m client$ Added user client$. Password changed for user client$ # However, here we got stuck, since samba refused to acknowledge the existance of the machine accounts to NT or smbclient: # smbclient //p75/client\$ -U client\$ Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 Password: session setup failed: code 0 # smbpasswd client\$ New SMB password: Retype new SMB password: Password changed for user client$ # smbclient //p75/client\$ -U client\$ Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 Password: session setup failed: code 0 # and at this stage I got pretty stuck. Any help on this would be greatly appreciated - I'm sure that most of my problems are self-caused, but I'm pretty stuck nevertheless. I'll be more than happy to provide any more details... Cheers, Matthew. Here are selected entries from /etc/passwd (please don't try to break this machine :): matthew:.Df3IjbUKyF7Q:500:500:Matthew Kirkwood:/home/matthew:/bin/bash patrick:tD0ULQMzd6Hn6:501:502:Patrick Kirk:/home/patrick:/bin/bash sally:6pa/ajBkTDaCY:502:503:Sally O'neal:/home/sally:/bin/bash p20$:F0PRBeLD9TriE:511:511::/home/p20:/bin/bash nila:b1v8KK106B2p.:514:514::/home/nila:/bin/bash guest:5HNj2FBf8tbFE:515:515::/home/guest:/bin/bash and smbpasswd (commented out things may prove useful to us later): matthew:500:4C1FCC560AF18970AAD3B435B51404EE:15882D2CD740919C2F41D351FD3A77DD:[DU ]:LCT-367D13D7:Matthew Kirkwood sally:502:93FB9D0D47317806AAD3B435B51404EE:16B0A9CF926612E200AAD2B07D924059:[DU ]:LCT-367D10AC:Sally O'neal support:503:93E28745B8BF4BA6AAD3B435B51404EE:C3F541BAF5C46E5169E95691975D12BC:[DU ]:LCT-367D10CB: p20$:511:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[DU ]:LCT-367D15E4: patrick:501:2EF6D2E7EA769781AAD3B435B51404EE:12FA788906B2BDB667477E2A91099F37:Patrick Kirk:/home/patrick:/bin/bash nila:514:A751691F48A80B36AAD3B435B51404EE:29AF1083076602C9D14191B1041E252F::/home/nila:/bin/bash guest:515:A0E150C75A17008EAAD3B435B51404EE:823893ADFAD2CDA6E1A414F3EBDF58F7:[U ]:LCT-367D54CF: And here is smb.conf: [global] workgroup = EHR2 server string = P75 (Linux) hosts allow = 10.0.0. printcap name = /etc/printcap load printers = yes ; printing = bsd browseable = yes public = yes log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd username map = /etc/smbusers ; include = /etc/smb.conf.%m socket options = TCP_NODELAY interfaces = 10.0.0.2/24 ; local master = no os level = 60 domain master = yes preferred master = yes domain logons = yes ; logon script = %m.bat ; logon script = %U.bat ; logon path = \\%L\Profiles\%U ; name resolve order = wins lmhosts bcast wins support = yes ; wins server = w.x.y.z ; wins proxy = yes dns proxy = yes preserve case = yes short preserve case = yes ; default case = lower ; case sensitive = no create mask = 0 [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no share modes = no [faxes] comment = Received Faxes path = /var/spool/fax/recvq writable = no [system] comment = Application files path = /home/samba/system writable = yes create mode = 777 [data] comment = Application data path = /home/samba/data writable = yes create mode = 777 [m] comment = Milemaster path = /home/samba/m writable = yes create mode = 777 [archives] comment = Backup directory path = /home/samba/archives writable = yes valid users = @admin create mode = 777 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes From pgmtekn at algonet.se Sat Dec 19 11:20:31 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:52 2003 Subject: Group db et al Message-ID: <001801be2b41$97b8eca0$0300a8c0@pippi.emil.pgmt> Hello, I've been digging a little in why usrmgr (for W95) refuses to show a list of users and groups any more (samba PDC, head branch). The symptome seems to be that send_trans_reply (in smbd/ipc.c) finds that maxdataret is smaller than the length of rdata, which causes it to set NT_STATUS_ACCESS_VIOLATION on the reply which usrmgr very much dislikes. The relation to user lists is that this occurs in the reply to SAMR_QUERY_DISPINFO which usrmgr does when trying to get a user list (if you have too many users in your smbpasswd file). Fixing this will however not make usrmgr run (unless something else gets fixed too) as usrmgr reports NT error 0xefef0000 (with fewer users, I don't know what this is). In this case there is not error reported in the samba logs (could be a malformed packet by samba?). A similar thing happens in reply_enum_dom_groups (something like that). It appears that all groups in /etc/groups are added to the list (mapping to domain groups is carried out). Is this meant to be? I thought that only groups explicitly mapped to domain groups should have been added(?) as is the case with domain users. All these groups (21 on my system) causes the send_trans_reply to fail as above (no, I haven't tried to remove groups from /etc/groups and see what happens). Best regards Michael Stockman pgmtekn-micke@algonet.se From makayg at math.u-szeged.hu Mon Dec 21 08:06:55 1998 From: makayg at math.u-szeged.hu (Geza Makay) Date: Tue Dec 2 02:24:52 2003 Subject: 100% CPU usage and no login Message-ID: <3.0.1.16.19981221090655.274f4bba@sol.math.u-szeged.hu> Hi everyone, I do see 100% CPU usage, and I cannot login from a Windows NT 4.0 WorkStation. I did everything according to the documentation, and even joining to the domain worked wonderfully. I did not create any "domain group map" or "domain user map", if I do not want to manage users using NT, then I do not need these (according to the documentation). If I try to login with an incorrect user name or password, then I receive the message that the user name or password is not correct within a second. But trying to login with a correct username/password always stops the NT for 2-5 minutes, then I got the message that the machine account does not have the correct password. Setting the log level to 99, I see the followings in the log file (only an extract): [1998/12/21 07:16:41, 4] rpc_server/srv_pipe.c:api_rpc_command(670) api_rpc_command: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL ... [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) api_rpc_command: api_netlog_rpc op 0xf - api_rpc_command: NET_AUTH2 ... [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) api_rpc_command: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON ... [1998/12/21 07:16:42, 3] rpc_server/srv_netlog.c:api_net_sam_logon(653) SAM Logon (Interactive). Domain:[BOLYAI]. User:[makay] ... [1998/12/21 07:16:42, 10] passdb/sampassdb.c:pwdb_sam_map_names(443) pwdb_sam_map_name: found unix user makay nt makay uid 202 rid 0x710 [1998/12/21 07:16:42, 10] groupdb/groupdb.c:iterate_getusergroupsnam(217) search for usergroups by name: makay Although the RPC commands differ from those in the documentation (in NTDOMAIN.txt it says they start with LSA_, and that I should also have an LSA_NET_SRV_PWSET after LSA_AUTH2, which I do not have), this seems OK to me sofar, everything happened within 1 second of the actual entering the password at the login screen on the NT machine. Now the interesting part: the following messages repeat until I kill the appropriate smbd process: [1998/12/21 07:16:42, 10] lib/domain_namemap.c:lookupsmbgrpgid(1171) lookupsmbgrpgid: unix gid 0 [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(210) line: 'root::1001:' [1998/12/21 07:16:42, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) group name root members: 0 [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(169) getgrpunixpwent: enum unix group entry root Note that I do not get an LSA_SAM_LOGOFF (or NET_SAM_LOGOFF) anywhere in the log file. Could someone, please, check what goes wrong? Another note (which may be related to the above problem): I get several warnings during compilation on our SCO OpenServer Enterprise System 5.0.2 with gcc version 2.7.2.1, most of them connected with the first argument of the bzero function, like the following: smbd/connection.c: In function `yield_connection': smbd/connection.c:45: warning: passing arg 1 of `bzero' from incompatible pointer type another bunch of them connected with the second argument of the make_unistr2 function, like the following: rpc_parse/parse_lsa.c: In function `make_q_lookup_names': rpc_parse/parse_lsa.c:689: warning: passing arg 2 of `make_unistr2' discards `const' from pointer target type but there are others: lib/util.c: In function `get_unixgroups': lib/util.c:2352: warning: comparison is always 0 due to limited range of data type lib/util.c:2352: warning: comparison is always 0 due to limited range of data type lib/util.c: In function `nametouid': lib/util.c:2441: warning: passing arg 1 of `Get_Pwnam' discards `const' from pointer target type Thanks for any help. With best regards, Geza ************************************************************************* * Name: Geza Makay (Mr., Dr., Prof.) * * Institute: Jozsef Attila University of Szeged * * Mail: Bolyai Institute, Aradi vertanuk tere 1. * * H-6720, Szeged, Hungary * * Tel: (62) 454-091 (Hungary's code: 36) * * Fax/Message: (62) 426-246 (Hungary's code: 36) * * E-mail: makayg@math.u-szeged.hu * * World Wide Web: http://www.math.u-szeged.hu/ * ************************************************************************* * "To err is human, but to really mess things up you need a computer." * ************************************************************************* From barth at cck.uni-kl.de Mon Dec 21 09:33:08 1998 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:24:52 2003 Subject: 2.0.0beta4 problems In-Reply-To: Message-ID: <199812210833.JAA09424@fbk.mv.uni-kl.de> Hello! I just on thing: Some of your smbpasswd enteries are in new Format, some in old format, which normaly doesn't matter. But the new one all seam to be disabeled. > and smbpasswd (commented out things may prove useful to us later): > matthew:500:4C1FCC560AF18970AAD3B435B51404EE:15882D2CD740919C > 2F41D351FD3A77DD:[DU ]:LCT-367D13D7:Matthew Kirkwood ^-here > sally:502:93FB9D0D47317806AAD3B435B51404EE:16B0A9CF926612E200AAD2B07D924059:[DU > ]:LCT-367D10AC:Sally O'neal > support:503:93E28745B8BF4BA6AAD3B435B51404EE:C3F541BAF5C46E5169E95691975D12BC:[DU > ]:LCT-367D10CB: > p20$:511:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0 > C089C0:[DU ]:LCT-367D15E4: ^-here! > patrick:501:2EF6D2E7EA769781AAD3B435B51404EE:12FA788906B2BDB667477E2A91099F37:Pat > rick Kirk:/home/patrick:/bin/bash > nila:514:A751691F48A80B36AAD3B435B51404EE:29AF1083076602C9D14191B1041E252F::/home > /nila:/bin/bash > guest:515:A0E150C75A17008EAAD3B435B51404EE:823893ADFAD2CDA6E1A414F3EBDF58F7:[U > ]:LCT-367D54CF: Try smbpasswd -e , see "man smbpasswd" Christian From L-MAY at gmx.de Mon Dec 21 11:18:13 1998 From: L-MAY at gmx.de (Lothar May) Date: Tue Dec 2 02:24:52 2003 Subject: Mailing list Message-ID: <14102.914239093@www.gmx.net> Hi there, I'd like to join the ntdom-mailing list. Lothar --- Sent through Global Message Exchange - http://www.gmx.net From cigor at EUnet.yu Mon Dec 21 11:55:27 1998 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:24:52 2003 Subject: I have a question Message-ID: <01be2cd8$cd403d90$0200a8c0@big.co.yu> I have instaled Samba2.0.0b4 and it is workihn fine. But have one problem. When I logon to my domain HOME WinNT copy profile from net. This is Ok. I can make changes and it save them. My problem is that when I want to add permission to files (or dir) it report Error and I can not get user or group list. I know that this is big but this can (I hope) help to solve this problem. This is log From Dr. W. Application exception occurred: App: exe\explorer.dbg (pid=97) When: 12/21/1998 @ 12:26:46.519 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: BIG User Name: cigor Number of Processors: 1 Processor Type: x86 Family 5 Model 2 Stepping 12 Windows Version: 4.0 Current Build: 1381 Current Type: Uniprocessor Free Registered Organization: Chi software Registered Owner: Colovic Igor *----> Task List <----* 0 Idle.exe 2 System.exe 20 smss.exe 24 csrss.exe 34 WINLOGON.exe 40 SERVICES.exe 43 LSASS.exe 68 SPOOLSS.exe 85 RPCSS.exe 88 TAPISRV.exe 99 RASMAN.exe 105 PSTORES.exe 39 NDDEAGNT.exe 97 EXPLORER.exe 145 systray.exe 82 REALPLAY.exe 138 NTVDM.exe 143 DTS95SRV.exe 71 DRWTSN32.exe 0 _Total.exe (01580000 - 015bc000) exe\explorer.dbg (77f60000 - 77fbc000) dll\ntdll.dbg (77ed0000 - 77efc000) dll\gdi32.dbg (77f00000 - 77f5e000) dll\kernel32.dbg (77e70000 - 77ec4000) dll\user32.dbg (77dc0000 - 77dfe000) dll\advapi32.dbg (77e10000 - 77e62000) dll\rpcrt4.dbg (77c40000 - 77d7c000) dll\shell32.dbg (70d80000 - 70df0000) comctl32.dbg (77720000 - 77731000) dll\mpr.dbg (779b0000 - 779b9000) dll\linkinfo.dbg (77a40000 - 77a4c000) dll\ntshrui.dbg (78000000 - 78047000) msvcrt.dbg (77b20000 - 77bd2000) dll\ole32.dbg (77800000 - 7783a000) dll\netapi32.dbg (77840000 - 77849000) dll\NetRap.dbg (777e0000 - 777ed000) dll\samlib.dbg (5f810000 - 5f817000) dll\rpcltc1.dbg (77fd0000 - 77ffa000) dll\winmm.dbg (6bd00000 - 6bd14000) K:\DDK\lib\i386\free\cmedia32.dll (777f0000 - 777fc000) dll\ntlanman.dbg (77890000 - 778a3000) dll\netui0.dbg (77850000 - 7788a000) dll\netui1.dbg (77630000 - 77657000) dll\crtdll.dbg (77a90000 - 77a9b000) dll\version.dbg (779c0000 - 779c8000) dll\lz32.dbg (74f80000 - 74f87000) dll\rshx32.dbg (77760000 - 77783000) dll\acledit.dbg (77790000 - 777db000) dll\netui2.dbg (77d80000 - 77db2000) dll\comdlg32.dbg (77740000 - 77758000) dll\netmsg.dbg State Dump for Thread Id 0x99 eax=00000000 ebx=00000000 ecx=0045b6a8 edx=00000000 esi=0009007c edi=0012ff0c eip=77e7276a esp=0012fc94 ebp=0012fca0 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e7275f b802120000 mov eax,0x1202 77e72764 8d542404 lea edx,[esp+0x4] ss:0115e69b=???????? 77e72768 cd2e int 2e 77e7276a c3 ret 77e7276b 56 push esi 77e7276c 33c0 xor eax,eax 77e7276e 8b742408 mov esi,[esp+0x8] ss:0115e69b=???????? 77e72772 8b4e10 mov ecx,[esi+0x10] ds:010bea82=???????? 77e72775 03ce add ecx,esi 77e72777 394608 cmp [esi+0x8],eax ds:010bea82=???????? 77e7277a 760e jbe WaitMessage+0x2b (77e7278a) 77e7277c 8b11 mov edx,[ecx] ds:0045b6a8=0001021c 77e7277e 40 inc eax 77e7277f 83c104 add ecx,0x4 77e72782 013432 add [edx+esi],esi ds:0009007c=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012fca0 01588132 00000000 00000010 000205a4 7ffdf000 user32!WaitMessage 0012ff60 01587dea 01580000 00000000 000205a4 0000000a explorer! 0012ffc0 77f1b304 00000010 7800109f 7ffdf000 7ffdf000 explorer! 0012fff0 00000000 01587d5e 00000000 00000000 77fa5aa0 kernel32!GetProcessPriorityBoost 00000000 00000000 00000000 00000000 00000000 00000000 explorer! *----> Raw Stack Dump <----* 0012fc94 9f 26 58 01 00 00 00 00 - 08 db 14 00 60 ff 12 00 .&X.........`... 0012fca4 32 81 58 01 00 00 00 00 - 10 00 00 00 a4 05 02 00 2.X............. 0012fcb4 00 f0 fd 7f 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fcc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fcd4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fcf4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd74 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fd94 00 00 00 00 00 00 00 00 - 00 00 00 00 b5 01 01 00 ................ 0012fda4 3f 00 3f 00 3f 00 3f 00 - 00 00 00 00 00 00 00 00 ?.?.?.?......... 0012fdb4 00 00 00 00 00 00 00 00 - 1c 10 fc 7f 22 14 fc 7f ............"... 0012fdc4 1e 14 fc 7f 00 00 00 00 - e4 04 01 00 3f 00 3f 00 ............?.?. State Dump for Thread Id 0x81 eax=00000000 ebx=0015cb68 ecx=7ffdd000 edx=00000000 esi=7ffdf000 edi=00000001 eip=77f6819b esp=008bfd98 ebp=008bfdec iopl=0 nv up ei pl nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000213 function: NtWaitForMultipleObjects 77f68190 b8c4000000 mov eax,0xc4 77f68195 8d542404 lea edx,[esp+0x4] ss:018ee79f=???????? 77f68199 cd2e int 2e 77f6819b c21400 ret 0x14 77f6819e 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 008bfdec 77e7a670 0000000a 0016f010 00000000 00002710 ntdll!NtWaitForMultipleObjects 008bfe48 77e7a6bc 00000009 008bfe8c 00002710 000000ff user32!MsgWaitForMultipleObjectsEx 008bfe64 77c4c849 00000009 008bfe8c 00000000 00002710 user32!MsgWaitForMultipleObjects 008bffb8 77f04f2c 00000000 77f762f9 00000014 00000000 shell32!SHAppBarMessage 008bffec 00000000 77c5d4a5 00000000 00000000 00000000 kernel32!lstrcmpiW 00000000 00000000 00000000 00000000 00000000 00000000 explorer! *----> Raw Stack Dump <----* 008bfd98 83 c7 f1 77 0a 00 00 00 - 68 cb 15 00 01 00 00 00 ...w....h....... 008bfda8 00 00 00 00 dc fd 8b 00 - 34 f0 16 00 00 00 00 00 ........4....... 008bfdb8 10 f0 16 00 28 00 00 00 - 00 00 00 00 8c fe 8b 00 ....(........... 008bfdc8 14 fe 8b 00 02 01 00 00 - 00 00 00 00 48 59 fa 77 ............HY.w 008bfdd8 80 fd 8b 00 00 1f 0a fa - ff ff ff ff 00 00 00 00 ................ 008bfde8 dc fd 8b 00 48 fe 8b 00 - 70 a6 e7 77 0a 00 00 00 ....H...p..w.... 008bfdf8 10 f0 16 00 00 00 00 00 - 10 27 00 00 00 00 00 00 .........'...... 008bfe08 00 00 00 00 81 00 00 00 - 02 01 00 00 74 fd 8b 00 ............t... 008bfe18 01 00 00 00 dc ff 8b 00 - 94 fe f8 77 a0 b1 f9 77 ...........w...w 008bfe28 ff ff ff ff 74 a9 16 00 - 74 a9 16 00 33 b7 c4 77 ....t...t...3..w 008bfe38 00 00 00 00 00 00 00 00 - 44 d0 fd 7f 60 00 00 00 ........D...`... 008bfe48 64 fe 8b 00 bc a6 e7 77 - 09 00 00 00 8c fe 8b 00 d......w........ 008bfe58 10 27 00 00 ff 00 00 00 - 00 00 00 00 b8 ff 8b 00 .'.............. 008bfe68 49 c8 c4 77 09 00 00 00 - 8c fe 8b 00 00 00 00 00 I..w............ 008bfe78 10 27 00 00 ff 00 00 00 - f9 62 f7 77 14 00 00 00 .'.......b.w.... 008bfe88 00 00 00 00 a8 00 00 00 - 88 00 00 00 68 00 00 00 ............h... 008bfe98 78 00 00 00 98 00 00 00 - cc 00 00 00 a4 00 00 00 x............... 008bfea8 54 00 00 00 f8 00 00 00 - 00 00 00 00 ec 11 f6 77 T..............w 008bfeb8 60 35 fa 77 f2 11 f6 77 - 30 ff 8b 00 14 00 00 00 `5.w...w0....... 008bfec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x9d eax=7ffdb000 ebx=00150920 ecx=00154728 edx=00000000 esi=00000000 edi=00154728 eip=77f67e77 esp=00f0fe44 ebp=00f0ff90 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtReplyWaitReceivePort 77f67e6c b890000000 mov eax,0x90 77f67e71 8d542404 lea edx,[esp+0x4] ss:01f3e84b=???????? 77f67e75 cd2e int 2e 77f67e77 c21000 ret 0x10 77f67e7a 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00f0ff90 77e162f0 77e163e5 00154728 00f0ffec 77bbc6ac ntdll!NtReplyWaitReceivePort 00003a98 00000000 00000000 00000000 00000000 00000000 rpcrt4!NdrOleAllocate *----> Raw Stack Dump <----* 00f0fe44 42 60 e1 77 e4 00 00 00 - 7c ff f0 00 00 00 00 00 B`.w....|....... 00f0fe54 00 0f 15 00 ac c6 bb 77 - 04 bb 14 00 20 09 15 00 .......w.... ... 00f0fe64 44 fe f0 00 00 00 00 00 - 0c ff f0 00 48 b0 f3 77 D...........H..w 00f0fe74 80 31 9b 77 00 50 9b 77 - 98 fe f0 00 f0 28 b2 77 .1.w.P.w.....(.w 00f0fe84 00 00 b2 77 02 00 00 00 - 00 00 00 00 78 ee 14 00 ...w........x... 00f0fe94 00 f0 fd 7f 70 ee 14 00 - 03 3d f6 77 00 00 b2 77 ....p....=.w...w 00f0fea4 02 00 00 00 00 00 00 00 - 1c ff f0 00 00 00 00 00 ................ 00f0feb4 ec 11 f6 77 60 35 fa 77 - f2 11 f6 77 30 ff f0 00 ...w`5.w...w0... 00f0fec4 68 01 15 00 b8 47 15 00 - 00 00 00 00 00 00 00 00 h....G.......... 00f0fed4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00f0fee4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00f0fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00f0ff04 c0 fe f0 00 00 00 00 00 - ff ff ff ff 94 fe f8 77 ...............w 00f0ff14 e8 b0 f9 77 ff ff ff ff - 00 00 00 00 33 62 f7 77 ...w........3b.w 00f0ff24 3b 62 f7 77 30 ff f0 00 - 01 00 00 00 17 00 01 00 ;b.w0........... 00f0ff34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00f0ff44 00 00 00 00 00 00 00 00 - 88 ed 64 80 88 fb 67 80 ..........d...g. 00f0ff54 24 54 86 01 67 10 60 03 - 00 00 00 00 3c 00 30 c0 $T..g.`.....<.0. 00f0ff64 00 f0 db 03 fc f6 00 c0 - 68 fe f0 00 00 90 fd 7f ........h....... 00f0ff74 d0 ed 01 fe 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x80 eax=004369f8 ebx=00162fa0 ecx=0001004c edx=00000000 esi=00010134 edi=00162fa8 eip=77e7276a esp=0151feac ebp=0151feb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e7275f b802120000 mov eax,0x1202 77e72764 8d542404 lea edx,[esp+0x4] ss:0254e8b3=???????? 77e72768 cd2e int 2e 77e7276a c3 ret 77e7276b 56 push esi 77e7276c 33c0 xor eax,eax 77e7276e 8b742408 mov esi,[esp+0x8] ss:0254e8b3=???????? 77e72772 8b4e10 mov ecx,[esi+0x10] ds:0103eb3a=???????? 77e72775 03ce add ecx,esi 77e72777 394608 cmp [esi+0x8],eax ds:0103eb3a=???????? 77e7277a 760e jbe WaitMessage+0x2b (77e7278a) 77e7277c 8b11 mov edx,[ecx] ds:0001004c=006d0065 77e7277e 40 inc eax 77e7277f 83c104 add ecx,0x4 77e72782 013432 add [edx+esi],esi ds:00010134=00000054 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0151feb8 0158bad1 00010134 0009007c 00000000 00162f98 user32!WaitMessage 0151ffb8 77f04f2c 00162f98 0009007c 00000000 00162f98 explorer! 0151ffec 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW 00000000 00000000 00000000 00000000 00000000 00000000 explorer! State Dump for Thread Id 0x76 eax=00420063 ebx=00dffea8 ecx=00420000 edx=00000000 esi=7ffdf000 edi=00000001 eip=77f6819b esp=00dffe84 ebp=00dffed8 iopl=0 nv up ei pl nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000213 function: NtWaitForMultipleObjects 77f68190 b8c4000000 mov eax,0xc4 77f68195 8d542404 lea edx,[esp+0x4] ss:01e2e88b=???????? 77f68199 cd2e int 2e 77f6819b c21400 ret 0x14 77f6819e 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00dffed8 77e7a670 00000001 00dfff00 00000000 000493e0 ntdll!NtWaitForMultipleObjects 00dfff34 77e7a6bc 00000000 00000000 000493e0 00000008 user32!MsgWaitForMultipleObjectsEx 00dfff50 77c70ec2 00000000 00000000 00000000 000493e0 user32!MsgWaitForMultipleObjects 00dfffb8 77f04f2c 00162960 00451438 00000047 00162960 shell32!Control_FillCache_RunDLLW 00dfffec 00000000 77c70dc3 00162960 00000000 00004000 kernel32!lstrcmpiW 00000000 00000000 00000000 00000000 00000000 00000000 explorer! *----> Raw Stack Dump <----* 00dffe84 83 c7 f1 77 01 00 00 00 - a8 fe df 00 01 00 00 00 ...w............ 00dffe94 00 00 00 00 c8 fe df 00 - 00 00 00 00 00 00 00 00 ................ 00dffea4 00 ff df 00 84 00 00 00 - 80 7f cc 77 02 00 00 00 ...........w.... 00dffeb4 e4 fe df 00 45 00 00 00 - 00 ff df 00 f0 de 15 00 ....E........... 00dffec4 00 00 14 00 00 a2 2f 4d - ff ff ff ff 00 00 00 00 ....../M........ 00dffed4 c8 fe df 00 34 ff df 00 - 70 a6 e7 77 01 00 00 00 ....4...p..w.... 00dffee4 00 ff df 00 00 00 00 00 - e0 93 04 00 00 00 00 00 ................ 00dffef4 00 00 00 00 00 00 00 00 - 00 00 00 00 84 00 00 00 ................ 00dfff04 c8 d7 15 00 80 7f cc 77 - 02 ff df 00 b6 60 c4 77 .......w.....`.w 00dfff14 00 00 00 00 f0 da 15 00 - 80 7f cc 77 24 0c c7 77 ...........w$..w 00dfff24 00 00 00 00 00 00 00 00 - 44 a0 fd 7f 84 00 00 00 ........D....... 00dfff34 50 ff df 00 bc a6 e7 77 - 00 00 00 00 00 00 00 00 P......w........ 00dfff44 e0 93 04 00 08 00 00 00 - 00 00 00 00 b8 ff df 00 ................ 00dfff54 c2 0e c7 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............ 00dfff64 e0 93 04 00 08 00 00 00 - 38 14 45 00 47 00 00 00 ........8.E.G... 00dfff74 60 29 16 00 f4 3c 16 00 - 01 52 1a 80 f3 06 01 00 `)...<...R...... 00dfff84 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................ 00dfff94 00 00 00 00 00 05 00 00 - f0 da 15 00 f0 88 15 00 ................ 00dfffa4 00 00 00 00 00 00 00 00 - 00 00 00 00 76 00 00 00 ............v... 00dfffb4 76 00 00 00 ec ff df 00 - 2c 4f f0 77 60 29 16 00 v.......,O.w`).. State Dump for Thread Id 0x98 eax=00000318 ebx=00166a10 ecx=016bffa8 edx=00000000 esi=00030150 edi=00166a18 eip=77e7276a esp=016bfeac ebp=016bfeb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e7275f b802120000 mov eax,0x1202 77e72764 8d542404 lea edx,[esp+0x4] ss:026ee8b3=???????? 77e72768 cd2e int 2e 77e7276a c3 ret 77e7276b 56 push esi 77e7276c 33c0 xor eax,eax 77e7276e 8b742408 mov esi,[esp+0x8] ss:026ee8b3=???????? 77e72772 8b4e10 mov ecx,[esi+0x10] ds:0105eb56=???????? 77e72775 03ce add ecx,esi 77e72777 394608 cmp [esi+0x8],eax ds:0105eb56=???????? 77e7277a 760e jbe WaitMessage+0x2b (77e7278a) 77e7277c 8b11 mov edx,[ecx] ds:016bffa8=016bffdc 77e7277e 40 inc eax 77e7277f 83c104 add ecx,0x4 77e72782 013432 add [edx+esi],esi ds:00030150=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 016bfeb8 0158bad1 00030150 00000001 7ffdcbf8 00166a08 user32!WaitMessage 016bffb8 77f04f2c 00166a08 00000001 7ffdcbf8 00166a08 explorer! 016bffec 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW 00000000 00000000 00000000 00000000 00000000 00000000 explorer! State Dump for Thread Id 0x89 eax=00904100 ebx=77771528 ecx=00904100 edx=00000000 esi=008f1c44 edi=008f1c6c eip=77e724e7 esp=019ce928 ebp=019ce944 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: InvalidateRect 77e724ce b893110000 mov eax,0x1193 77e724d3 8d542404 lea edx,[esp+0x4] ss:029fd32f=???????? 77e724d7 cd2e int 2e 77e724d9 c20c00 ret 0xc 77e724dc b87c110000 mov eax,0x117c 77e724e1 8d542404 lea edx,[esp+0x4] ss:029fd32f=???????? 77e724e5 cd2e int 2e 77e724e7 c21400 ret 0x14 77e724ea 55 push ebp 77e724eb 8bec mov ebp,esp 77e724ed 83ec0c sub esp,0xc 77e724f0 53 push ebx 77e724f1 56 push esi 77e724f2 57 push edi 77e724f3 8b7508 mov esi,[ebp+0x8] ss:029fd34a=???????? 77e724f6 c745f814000000 mov dword ptr [ebp-0x8],0x14 ss:029fd34a=???????? 77e724fd 8d7e14 lea edi,[esi+0x14] ds:0192064a=???????? 77e72500 8b4e04 mov ecx,[esi+0x4] ds:0192064a=???????? 77e72503 897dfc mov [ebp-0x4],edi ss:029fd34a=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019ce944 7779bc8f 019ce964 00000000 00000000 00000000 user32!InvalidateRect 019ce980 7779698a 019cead8 00000000 008f1680 77771098 netui2!HAS_MESSAGE_PUMP::RunMessagePump 000101ca 0044003b 005c003a 00550054 00420052 005c004f netui2!DIALOG_WINDOW::Process [omap] *----> Raw Stack Dump <----* 019ce928 6c 1a e8 77 64 e9 9c 01 - 00 00 00 00 00 00 00 00 l..wd........... 019ce938 00 00 00 00 40 e9 9c 01 - 02 00 00 00 80 e9 9c 01 ....@........... 019ce948 8f bc 79 77 64 e9 9c 01 - 00 00 00 00 00 00 00 00 ..ywd........... 019ce958 00 00 00 00 2c 1c 8f 00 - 28 1c 8f 00 ee 01 01 00 ....,...(....... 019ce968 00 02 00 00 00 00 00 00 - 91 00 31 00 f9 c2 10 00 ..........1..... 019ce978 26 02 00 00 84 01 00 00 - ca 01 01 00 8a 69 79 77 &............iyw 019ce988 d8 ea 9c 01 00 00 00 00 - 80 16 8f 00 98 10 77 77 ..............ww 019ce998 c9 69 79 77 a0 e9 9c 01 - 38 00 00 00 3e a1 76 77 .iyw....8...>.vw 019ce9a8 8c ea 9c 01 98 10 77 77 - 80 16 8f 00 98 10 77 77 ......ww......ww 019ce9b8 00 00 00 00 00 00 00 00 - 0e 00 00 00 09 00 00 00 ................ 019ce9c8 01 00 00 00 65 00 10 01 - 05 00 00 00 6f 03 01 04 ....e.......o... 019ce9d8 50 00 00 00 f0 0a 8c 00 - 60 ea 9c 01 e8 54 e7 77 P.......`....T.w 019ce9e8 6f 03 01 04 49 00 5a 00 - 08 ea 9c 01 04 00 00 00 o...I.Z......... 019ce9f8 00 00 00 00 d8 ce 16 00 - 00 8e 45 00 c0 8e 45 00 ..........E...E. 019cea08 04 00 00 00 04 00 00 00 - 50 00 00 00 01 00 00 00 ........P....... 019cea18 65 00 10 01 04 00 00 00 - 17 00 00 00 50 00 00 00 e...........P.. .. 019cea28 01 00 00 00 65 00 10 01 - 04 00 00 00 05 00 00 00 ....e........... 019cea38 01 00 00 00 12 00 00 00 - 65 00 10 01 53 00 00 00 ........e...S... 019cea48 05 00 00 00 01 00 00 00 - 12 00 00 00 65 00 10 01 ............e... 019cea58 01 00 00 00 01 00 00 00 - e0 ea 9c 01 8f 6d e7 77 .............m.w State Dump for Thread Id 0x83 eax=0000007c ebx=01acfaa0 ecx=0000001f edx=0000007c esi=00040010 edi=00904bb0 eip=778933aa esp=01acf900 ebp=0000003e iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: NLS_STR::CopyFrom 7789338a 55 push ebp 7789338b e8a6170000 call NLS_STR::Realloc (77894b36) 77893390 85c0 test eax,eax 77893392 7507 jnz NLS_STR::CopyFrom+0x82 (7789339b) 77893394 b808000000 mov eax,0x8 77893399 eb53 jmp NLS_STR::CopyFrom+0xd5 (778933ee) 7789339b 8d046d00000000 lea eax,[00000000+ebp*2] ds:0000003e=???????? 778933a2 8b7b14 mov edi,[ebx+0x14] ds:02afe4a6=???????? 778933a5 8bc8 mov ecx,eax 778933a7 c1e902 shr ecx,0x2 FAULT ->778933aa f3a5 rep movsd ds:00040010=???????? es:00904bb0=00000000 778933ac 8bc8 mov ecx,eax 778933ae 83e103 and ecx,0x3 778933b1 f3a4 rep movsb ds:00040010=?? es:00904bb0=00 778933b3 8b4b14 mov ecx,[ebx+0x14] ds:02afe4a6=???????? 778933b6 66c704690000 mov word ptr [ecx+ebp*2],0x0 ds:0000003e=???? 778933bc 896b0c mov [ebx+0xc],ebp ds:02afe4a6=???????? 778933bf eb24 jmp NLS_STR::CopyFrom+0xcc (778933e5) 778933c1 33c0 xor eax,eax 778933c3 394308 cmp [ebx+0x8],eax ds:02afe4a6=???????? 778933c6 7512 jnz NLS_STR::CopyFrom+0xc1 (778933da) 778933c8 394310 cmp [ebx+0x10],eax ds:02afe4a6=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0000003e 00000000 00000000 00000000 00000000 00000000 netui0!NLS_STR::CopyFrom [omap] *----> Raw Stack Dump <----* 01acf900 e0 fa ac 01 08 00 00 00 - 06 00 00 00 00 00 00 00 ................ 01acf910 b0 4b 90 00 43 3b 89 77 - 10 00 04 00 7c 00 00 00 .K..C;.w....|... 01acf920 1d 18 7b 77 10 00 04 00 - 7c 00 00 00 68 41 90 00 ..{w....|...hA.. 01acf930 c0 48 90 00 00 00 00 00 - d8 1e 17 00 50 1f 17 00 .H..........P... 01acf940 88 1f 17 00 c0 1f 17 00 - c8 f6 16 00 00 f7 16 00 ................ 01acf950 58 1b 87 77 00 00 00 00 - 78 a3 89 77 00 00 00 00 X..w....x..w.... 01acf960 94 00 f3 00 00 f7 16 00 - 28 00 00 00 00 f7 16 00 ........(....... 01acf970 00 00 00 00 58 1b 87 77 - 00 00 00 00 78 a3 89 77 ....X..w....x..w 01acf980 00 00 00 00 9c 00 f3 00 - c8 f6 16 00 28 00 00 00 ............(... 01acf990 c8 f6 16 00 00 00 00 00 - 58 1b 87 77 00 00 00 00 ........X..w.... 01acf9a0 78 a3 89 77 00 00 00 00 - a4 00 f3 00 c0 1f 17 00 x..w............ 01acf9b0 28 00 00 00 c0 1f 17 00 - 00 00 00 00 58 1b 87 77 (...........X..w 01acf9c0 00 00 00 00 78 a3 89 77 - 00 00 00 00 ac 00 f3 00 ....x..w........ 01acf9d0 88 1f 17 00 28 00 00 00 - 88 1f 17 00 00 00 00 00 ....(........... 01acf9e0 58 1b 87 77 00 00 00 00 - 78 a3 89 77 00 00 00 00 X..w....x..w.... 01acf9f0 b4 00 f3 00 50 1f 17 00 - 28 00 00 00 50 1f 17 00 ....P...(...P... 01acfa00 00 00 00 00 58 1b 87 77 - 00 00 00 00 78 a3 89 77 ....X..w....x..w 01acfa10 00 00 00 00 c4 00 f3 00 - d8 1e 17 00 28 00 00 00 ............(... 01acfa20 d8 1e 17 00 00 00 00 00 - 30 19 87 77 28 19 87 77 ........0..w(..w 01acfa30 00 00 00 00 38 f7 16 00 - 04 00 00 00 00 00 00 00 ....8........... From greg at discreet.com Mon Dec 21 13:01:19 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:52 2003 Subject: 100% CPU usage and no login In-Reply-To: <3.0.1.16.19981221090655.274f4bba@sol.math.u-szeged.hu> Message-ID: Hi Geza, This seems to be a known problem on several platforms. I had this problem on IRIX 6.2 and switched to a 6.5 machine and it was gone. I believe it has also been reported on DEC UNIX. I spent a few days trying to figure out what was going on then gave up. I believe Luke is working on a workaround. What is happening is that samba is trying to find all the groups on your machine but the system is always returning the first group and smbd gets stuck in an infinite (ish) loop. So not a good answer for sure, but change your OS. Greg On 21-Dec-98 Geza Makay wrote: > Hi everyone, > > I do see 100% CPU usage, and I cannot login from a Windows NT 4.0 > WorkStation. I did everything according to the documentation, and even > joining to the domain worked wonderfully. I did not create any "domain > group map" or "domain user map", if I do not want to manage users using NT, > then I do not need these (according to the documentation). If I try to > login with an incorrect user name or password, then I receive the message > that the user name or password is not correct within a second. But trying > to login with a correct username/password always stops the NT for 2-5 > minutes, then I got the message that the machine account does not have the > correct password. Setting the log level to 99, I see the followings in the > log file (only an extract): > > [1998/12/21 07:16:41, 4] rpc_server/srv_pipe.c:api_rpc_command(670) > api_rpc_command: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL > .. > [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) > api_rpc_command: api_netlog_rpc op 0xf - api_rpc_command: NET_AUTH2 > .. > [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) > api_rpc_command: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON > .. > [1998/12/21 07:16:42, 3] rpc_server/srv_netlog.c:api_net_sam_logon(653) > SAM Logon (Interactive). Domain:[BOLYAI]. User:[makay] > .. > [1998/12/21 07:16:42, 10] passdb/sampassdb.c:pwdb_sam_map_names(443) > pwdb_sam_map_name: found unix user makay nt makay uid 202 rid 0x710 > [1998/12/21 07:16:42, 10] groupdb/groupdb.c:iterate_getusergroupsnam(217) > search for usergroups by name: makay > > Although the RPC commands differ from those in the documentation (in > NTDOMAIN.txt it says they start with LSA_, and that I should also have an > LSA_NET_SRV_PWSET after LSA_AUTH2, which I do not have), this seems OK to > me sofar, everything happened within 1 second of the actual entering the > password at the login screen on the NT machine. Now the interesting part: > the following messages repeat until I kill the appropriate smbd process: > > [1998/12/21 07:16:42, 10] lib/domain_namemap.c:lookupsmbgrpgid(1171) > lookupsmbgrpgid: unix gid 0 > [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(210) > line: 'root::1001:' > [1998/12/21 07:16:42, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) > group name root members: 0 > [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(169) > getgrpunixpwent: enum unix group entry root > > Note that I do not get an LSA_SAM_LOGOFF (or NET_SAM_LOGOFF) anywhere in > the log file. Could someone, please, check what goes wrong? > > Another note (which may be related to the above problem): I get several > warnings during compilation on our SCO OpenServer Enterprise System 5.0.2 > with gcc version 2.7.2.1, most of them connected with the first argument of > the bzero function, like the following: > > smbd/connection.c: In function `yield_connection': > smbd/connection.c:45: warning: passing arg 1 of `bzero' from incompatible > pointer type > > another bunch of them connected with the second argument of the > make_unistr2 function, like the following: > > rpc_parse/parse_lsa.c: In function `make_q_lookup_names': > rpc_parse/parse_lsa.c:689: warning: passing arg 2 of `make_unistr2' > discards `const' from pointer target type > > but there are others: > > lib/util.c: In function `get_unixgroups': > lib/util.c:2352: warning: comparison is always 0 due to limited range of > data type > lib/util.c:2352: warning: comparison is always 0 due to limited range of > data type > lib/util.c: In function `nametouid': > lib/util.c:2441: warning: passing arg 1 of `Get_Pwnam' discards `const' > from pointer target type > > Thanks for any help. > > With best regards, > > Geza > > > ************************************************************************* > * Name: Geza Makay (Mr., Dr., Prof.) * > * Institute: Jozsef Attila University of Szeged * > * Mail: Bolyai Institute, Aradi vertanuk tere 1. * > * H-6720, Szeged, Hungary * > * Tel: (62) 454-091 (Hungary's code: 36) * > * Fax/Message: (62) 426-246 (Hungary's code: 36) * > * E-mail: makayg@math.u-szeged.hu * > * World Wide Web: http://www.math.u-szeged.hu/ * > ************************************************************************* > * "To err is human, but to really mess things up you need a computer." * > ************************************************************************* --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jamest at math.ksu.edu Mon Dec 21 14:54:01 1998 From: jamest at math.ksu.edu (James Thompson) Date: Tue Dec 2 02:24:52 2003 Subject: Where is it? Was Re: Mailing list In-Reply-To: <14102.914239093@www.gmx.net> Message-ID: On Mon, 21 Dec 1998, Lothar May wrote: > I'd like to join the ntdom-mailing list. > Feeling like a nice guy I went to pull the subscription info from the samba web pages. The only docs on how to subscribe to samba related lists that I found is under the link titled nothing to do with Samba on the .samba.org/samba/archives.html page. If I'm not missing something more obvious might I suggest a link (with a obvious title like subscription info) be added on samba/archives.html. TIA ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 Kansas State University Department of Mathematics ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< From lkcl at switchboard.net Mon Dec 21 15:21:06 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: Where is it? Was Re: Mailing list In-Reply-To: Message-ID: http://samba.org/listproc On Tue, 22 Dec 1998, James Thompson wrote: > On Mon, 21 Dec 1998, Lothar May wrote: > > I'd like to join the ntdom-mailing list. > > > > Feeling like a nice guy I went to pull the subscription info from the > samba web pages. The only docs on how to subscribe to samba related lists > that I found is under the link titled > > nothing to do with Samba > > on the .samba.org/samba/archives.html page. > > If I'm not missing something more obvious might I suggest a link (with a > obvious title like subscription info) be added on samba/archives.html. > > TIA > > ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< > James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 > Kansas State University Department of Mathematics > ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From jamest at math.ksu.edu Mon Dec 21 15:36:43 1998 From: jamest at math.ksu.edu (James Thompson) Date: Tue Dec 2 02:24:53 2003 Subject: Where is it? Was Re: Mailing list In-Reply-To: Message-ID: On Mon, 21 Dec 1998, Luke Kenneth Casson Leighton wrote: > http://samba.org/listproc > OK. But, starting from the .samba.org/samba/samba.html how is a new user to find subscription information. Here is the only method I found.... Home Support Samba Related Mailing Lists Nothing to do with samba This just doesn't seem very intutative. I expected to find a link under Samba Related Mailing Lists labeled something like To Subscribe or Subscription Info. The Nothing to do with samba link implies that it is a list of mail lists that have "Nothing to do with samba". I'm not trying to be a pain, I just found the current setup a little user unfriendly. ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 Kansas State University Department of Mathematics ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< From greg at discreet.com Mon Dec 21 18:04:35 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:53 2003 Subject: latest CVS-passwords not working Message-ID: Hi, CVS code from this morning. I can add a machine to the domain but then it seems like the machine account is always wrong after that. I get: [1998/12/21 12:14:54, 0] smbd/reply.c:(443) session_trust_account: Trust Account BELLATRIX$ - password failed [1998/12/21 12:14:57, 0] smbd/reply.c:(443) session_trust_account: Trust Account BELLATRIX$ - password failed and ooo this looks evil but probably unrelated: =============================================================== [1998/12/21 12:19:54, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 55122 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1998/12/21 12:19:54, 0] lib/fault.c:(43) =============================================================== [1998/12/21 12:19:54, 0] lib/util.c:(2467) PANIC: internal error [1998/12/21 12:19:54, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7032 [1998/12/21 12:19:55, 0] passdb/sampass.c:(107) trust account bellatrix$ should be in DOMAIN_GROUP_RID_USERS [1998/12/21 12:19:55, 0] lib/fault.c:(40) =============================================================== [1998/12/21 12:19:55, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 55088 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1998/12/21 12:19:55, 0] lib/fault.c:(43) =============================================================== [1998/12/21 12:19:55, 0] lib/util.c:(2467) PANIC: internal error [1998/12/21 12:19:55, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 700b [1998/12/21 12:19:58, 0] passdb/sampass.c:(107) trust account bellatrix$ should be in DOMAIN_GROUP_RID_USERS I saw some postings about SID-reading & writing, could this be it? Any ideas? Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jallison at cthulhu.engr.sgi.com Mon Dec 21 20:15:34 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:53 2003 Subject: Strange error References: Message-ID: <367EAC66.90B6FFD6@engr.sgi.com> Dejan Ilic wrote: > > # more log.a112.lambo.student.liu.se > [1998/12/17 19:49:47, 0] smbd/uid.c:unbecome_user(340) > chdir(/export/users/wheel/src/samba/samba-2.0.0beta4/source) failed > in unbecome_user > [1998/12/17 19:49:49, 0] smbd/uid.c:unbecome_user(340) > chdir(/export/users/wheel/src/samba/samba-2.0.0beta4/source) failed > in unbecome_user > > Well, yes, it is a Samba2 Beta4 but the error is quite strange. Why > the chdir to source ? In unbecome_user ? > > Notice that the login was outside the domain that Samba is running, so > the connection was thru normal share. Indeed - it's very strange ! Can you reproduce it at will ? If so can you get higher level debug logs ? Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From caesmb at lab2.cc.wmich.edu Mon Dec 21 20:26:59 1998 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:24:53 2003 Subject: SP4 Domain Joining Problems Message-ID: Hello... we've been running samba-1.9.19prealhpa for about 6 months now happily. I'm in the middle of updating our labs to NT SP4 and I have found that I can no longer join a samba domain. I get an error message saying that NT is "Unable to update local security in order to join domain". Has anyone else run into this? Would getting Samba 2.0b4 take care of this? Are there any differences in the smbpasswd file between my current version and samba 2.0? In other words should it be a simple drop in replacement, or is this going to be a process? Thanks, Kevin Currie From Roland.Kaeser at schaffhausen.ch Mon Dec 21 20:31:00 1998 From: Roland.Kaeser at schaffhausen.ch (=?iso-8859-1?Q?Roland_K=E4ser?=) Date: Tue Dec 2 02:24:53 2003 Subject: Samba as a NT PDC Message-ID: <002701be2d22$8f2c0f80$5f646464@ws.intersoft.ch> Hy together This is my last Chance! I use the SuSE Linux distribution (Germany) with samba 1.9px. In my Area are many peoples they say that they not can use linux before it not supports an NT-Domain-Controller. Since samba this Protocoll supports, I try to bring samba to it me a NT-PDC to emulate, but up to now without any success. can send me someone know the binarys or sources with a halfway useful documentation? PLEASE HELP ME THIS IS MY LAST CHANCE!! Roland Roland Kaeser Sennenwieshalde 3 8200 Schaffhausen Roland.Kaeser@schaffhausen.ch -------------- next part -------------- HTML attachment scrubbed and removed From mh at bacher.at Mon Dec 21 22:59:49 1998 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:24:53 2003 Subject: LDAP Problems with PDC functionality In-Reply-To: Message-ID: I am testing the ldap funtionality with the latest cvs code : Problems: 1.) if you modify a User with command "smbpasswd " the "dn:' has always be set to: "dn: uid=user,o=XX,c=AT", If the Users "dn" is like: "dn: cn=Peter XXX,o=YYY,c=AT" it is not working 2.) Set a trusted machine account with "smbpasswd -m pc_test" results in modifying user attributes or something, not workstation attributes to the LDAP Object: This should be the values for Workstation: "pc_test": dn: uid=pc_test$,ou=People,ou=Zentrale,o=ACG,c=AT userpassword: {crypt}kWV2P7wioKciA objectclass: sambaAccount givenname: Martin uid: pc_test$ nickname: pc_test$ idnumber: 501 rid: 501 gidnumber: 5001 creatorsname: cn=admin,o=ACG,c=AT createtimestamp: 981221221008Z modifytimestamp: 981221222542Z modifiersname: cn=admin,o=ACG,c=AT lmpassword: 721B633461B5EDA5AAD3B435B51404EE ntpassword: 23EC459244537F6096505FBAFD905448 pwdlastset: 367ECAE7 acctflags: [DU ] ..... If you want to join the domain following errors occures: [1998/12/21 23:13:58, 0] passdb/ldap.c:ldap_search_for(99) search: Protocol error [1998/12/21 23:13:58, 0] passdb/ldap.c:ldap_search_for(99) search: Protocol error [1998/12/21 23:13:59, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1998/12/21 23:13:59, 0] passdb/ldap.c:ldap_search_for(99) search: Protocol error [1998/12/21 23:13:59, 0] passdb/ldap.c:ldap_search_for(99) search: Protocol error [1998/12/21 23:13:59, 0] passdb/ldap.c:ldap_search_for(99) search: Protocol error [1998/12/21 23:13:59, 0] smbd/reply.c:session_trust_account(428) session_trust_account: Trust account PC_TEST$ user doesn't exist [1998/12/21 23:15:48, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1998/12/21 23:15:49, 0] smbd/reply.c:session_trust_account(443) session_trust_account: Trust Account PC_TEST$ - password failed [1998/12/21 23:26:10, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1998/12/21 23:26:10, 0] smbd/reply.c:session_trust_account(443) session_trust_account: Trust Account PC_TEST$ - password failed Do you have Any tips for me, where I can continue,get more details about the ldap configuration, that has to be done ? ------------------------------------------------------------------- Martin Hofbauer IT-Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From s2232203 at cse.unsw.edu.au Tue Dec 22 05:03:58 1998 From: s2232203 at cse.unsw.edu.au (Matthew Chapman) Date: Tue Dec 2 02:24:53 2003 Subject: LDAP Problems with PDC functionality In-Reply-To: from "Martin Hofbauer Bacher Systems EDV" at Dec 22, 98 10:02:58 am Message-ID: <981222050358.10203@cse.unsw.edu.au> > > I am testing the ldap funtionality with the latest cvs code : Fantastic! It needs a bit of work yet and I need as many people as possible to try it out. > 1.) if you modify a User with command "smbpasswd " the "dn:' > has always be set to: "dn: uid=user,o=XX,c=AT", > > If the Users "dn" is like: "dn: cn=Peter XXX,o=YYY,c=AT" > > it is not working OK will fix. > 2.) Set a trusted machine account with "smbpasswd -m pc_test" results in > modifying user attributes or something, not workstation attributes > to the LDAP Object: Can you elaborate? Currently creating a machine account should create a fairly normal user, but with a W in acctFlags to indicate a workstation trust account. Is this W not being added? > > If you want to join the domain following errors occures: > [1998/12/21 23:13:58, 0] passdb/ldap.c:ldap_search_for(99) > search: Protocol error Can you try this at debug level 3 or higher please. Matt From makayg at math.u-szeged.hu Tue Dec 22 09:18:03 1998 From: makayg at math.u-szeged.hu (Geza Makay) Date: Tue Dec 2 02:24:53 2003 Subject: 100% CPU usage and no login In-Reply-To: References: <3.0.1.16.19981221090655.274f4bba@sol.math.u-szeged.hu> Message-ID: <3.0.1.16.19981222101803.35bffe48@sol.math.u-szeged.hu> At 08:01 AM 12/21/98 -0500, you wrote: >> I do see 100% CPU usage, and I cannot login from a Windows NT 4.0 >> WorkStation. I did everything according to the documentation, and even >> joining to the domain worked wonderfully. I did not create any "domain >> group map" or "domain user map", if I do not want to manage users using NT, >> then I do not need these (according to the documentation). If I try to >> login with an incorrect user name or password, then I receive the message >> that the user name or password is not correct within a second. But trying >> to login with a correct username/password always stops the NT for 2-5 >> minutes, then I got the message that the machine account does not have the >> correct password. Setting the log level to 99, I see the followings in the >> log file (only an extract): >> >> [1998/12/21 07:16:41, 4] rpc_server/srv_pipe.c:api_rpc_command(670) >> api_rpc_command: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL >> .. >> [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) >> api_rpc_command: api_netlog_rpc op 0xf - api_rpc_command: NET_AUTH2 >> .. >> [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) >> api_rpc_command: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON >> .. >> [1998/12/21 07:16:42, 3] rpc_server/srv_netlog.c:api_net_sam_logon(653) >> SAM Logon (Interactive). Domain:[BOLYAI]. User:[makay] >> .. >> [1998/12/21 07:16:42, 10] passdb/sampassdb.c:pwdb_sam_map_names(443) >> pwdb_sam_map_name: found unix user makay nt makay uid 202 rid 0x710 >> [1998/12/21 07:16:42, 10] groupdb/groupdb.c:iterate_getusergroupsnam(217) >> search for usergroups by name: makay >> >> Although the RPC commands differ from those in the documentation (in >> NTDOMAIN.txt it says they start with LSA_, and that I should also have an >> LSA_NET_SRV_PWSET after LSA_AUTH2, which I do not have), this seems OK to >> me sofar, everything happened within 1 second of the actual entering the >> password at the login screen on the NT machine. Now the interesting part: >> the following messages repeat until I kill the appropriate smbd process: >> >> [1998/12/21 07:16:42, 10] lib/domain_namemap.c:lookupsmbgrpgid(1171) >> lookupsmbgrpgid: unix gid 0 >> [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(210) >> line: 'root::1001:' >> [1998/12/21 07:16:42, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) >> group name root members: 0 >> [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(169) >> getgrpunixpwent: enum unix group entry root >> >> Note that I do not get an LSA_SAM_LOGOFF (or NET_SAM_LOGOFF) anywhere in >> the log file. Could someone, please, check what goes wrong? > > This seems to be a known problem on several platforms. I had this problem on >IRIX 6.2 and switched to a 6.5 machine and it was gone. I believe it has also >been reported on DEC UNIX. I spent a few days trying to figure out what was >going on then gave up. I believe Luke is working on a workaround. What is >happening is that samba is trying to find all the groups on your machine but >the system is always returning the first group and smbd gets stuck in an >infinite (ish) loop. > >So not a good answer for sure, but change your OS. Dear Greg, Luke, and others writing the code, OK, I checked this out going really deep in the code, and I found the following: groupdb/groupunix.c:getgrpunixpwent() calls lib/util.c:gidtoname() (through several steps) in a while cycle which goes by the return value of getgrent(). lib/util.c:gidtoname() calls getgrgid() which resets the file pointer of the group file (at least under my OS). Therefore the while cycle in groupdb/groupunix.c:getgrpunixpwent() would go into an infinite loop, if it did not have a break in it. Most likely the author(s) did not expect/know that getgrgid() resets the file pointer of the group file (at least on some OS's, like mine), and that causes that the groupdb/groupunix.c:getgrpunixpwent() function always check the very same group over and over again. Here is a short test code with an infinite cycle, which describes exactly what happens in these files (I put this in the groupdb/groupunix.c:getgrpunixpwent() just before the original while cycle, and it made the program go into an infinite cycle): ... struct group *unix_grp; ... while ((unix_grp = getgrent()) != NULL) { DEBUG(1,("getgrent->name: %s\n",unix_grp->gr_name)); getgrgid(unix_grp->gr_gid); } /* cycle through unix groups */ ... Could someone from the authors of these codes confirm this (I have SCO OpenServer Enterprise System 5.0.2)? And is it possible to do something about it? Thank in advance. With best regards, Geza Makay ************************************************************************* * Name: Geza Makay (Mr., Dr., Prof.) * * Institute: Jozsef Attila University of Szeged * * Mail: Bolyai Institute, Aradi vertanuk tere 1. * * H-6720, Szeged, Hungary * * Tel: (62) 454-091 (Hungary's code: 36) * * Fax/Message: (62) 426-246 (Hungary's code: 36) * * E-mail: makayg@math.u-szeged.hu * * World Wide Web: http://www.math.u-szeged.hu/ * ************************************************************************* * "To err is human, but to really mess things up you need a computer." * ************************************************************************* From greg at discreet.com Tue Dec 22 12:44:07 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:53 2003 Subject: 100% CPU usage and no login In-Reply-To: <3.0.1.16.19981222101803.35bffe48@sol.math.u-szeged.hu> Message-ID: Errr, I feel honored. I do not actually write any code, I just bitch about the bugs ;-) Apparently I'm useless at that too since I did not catch this getgrgid() thing. Indeed the man page indicates that it searches from the beginning of the file and therefore could easily reset the pointer in some implementations. Luke, waddaya think? I could always start to write code and fix this up although my programming skills are unfortunately a bit rusty. Greg On 22-Dec-98 Geza Makay wrote: > At 08:01 AM 12/21/98 -0500, you wrote: >>> I do see 100% CPU usage, and I cannot login from a Windows NT 4.0 >>> WorkStation. I did everything according to the documentation, and even >>> joining to the domain worked wonderfully. I did not create any "domain >>> group map" or "domain user map", if I do not want to manage users using NT, >>> then I do not need these (according to the documentation). If I try to >>> login with an incorrect user name or password, then I receive the message >>> that the user name or password is not correct within a second. But trying >>> to login with a correct username/password always stops the NT for 2-5 >>> minutes, then I got the message that the machine account does not have the >>> correct password. Setting the log level to 99, I see the followings in the >>> log file (only an extract): >>> >>> [1998/12/21 07:16:41, 4] rpc_server/srv_pipe.c:api_rpc_command(670) >>> api_rpc_command: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL >>> .. >>> [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) >>> api_rpc_command: api_netlog_rpc op 0xf - api_rpc_command: NET_AUTH2 >>> .. >>> [1998/12/21 07:16:42, 4] rpc_server/srv_pipe.c:api_rpc_command(670) >>> api_rpc_command: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON >>> .. >>> [1998/12/21 07:16:42, 3] rpc_server/srv_netlog.c:api_net_sam_logon(653) >>> SAM Logon (Interactive). Domain:[BOLYAI]. User:[makay] >>> .. >>> [1998/12/21 07:16:42, 10] passdb/sampassdb.c:pwdb_sam_map_names(443) >>> pwdb_sam_map_name: found unix user makay nt makay uid 202 rid 0x710 >>> [1998/12/21 07:16:42, 10] groupdb/groupdb.c:iterate_getusergroupsnam(217) >>> search for usergroups by name: makay >>> >>> Although the RPC commands differ from those in the documentation (in >>> NTDOMAIN.txt it says they start with LSA_, and that I should also have an >>> LSA_NET_SRV_PWSET after LSA_AUTH2, which I do not have), this seems OK to >>> me sofar, everything happened within 1 second of the actual entering the >>> password at the login screen on the NT machine. Now the interesting part: >>> the following messages repeat until I kill the appropriate smbd process: >>> >>> [1998/12/21 07:16:42, 10] lib/domain_namemap.c:lookupsmbgrpgid(1171) >>> lookupsmbgrpgid: unix gid 0 >>> [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(210) >>> line: 'root::1001:' >>> [1998/12/21 07:16:42, 5] groupdb/groupdb.c:iterate_getusergroupsnam(239) >>> group name root members: 0 >>> [1998/12/21 07:16:42, 10] groupdb/groupunix.c:getgrpunixpwent(169) >>> getgrpunixpwent: enum unix group entry root >>> >>> Note that I do not get an LSA_SAM_LOGOFF (or NET_SAM_LOGOFF) anywhere in >>> the log file. Could someone, please, check what goes wrong? >> >> This seems to be a known problem on several platforms. I had this > problem on >>IRIX 6.2 and switched to a 6.5 machine and it was gone. I believe it has also >>been reported on DEC UNIX. I spent a few days trying to figure out what was >>going on then gave up. I believe Luke is working on a workaround. What is >>happening is that samba is trying to find all the groups on your machine but >>the system is always returning the first group and smbd gets stuck in an >>infinite (ish) loop. >> >>So not a good answer for sure, but change your OS. > > Dear Greg, Luke, and others writing the code, > > OK, I checked this out going really deep in the code, and I found the > following: > > groupdb/groupunix.c:getgrpunixpwent() calls lib/util.c:gidtoname() > (through several steps) in a while cycle which goes by the > return value of getgrent(). > lib/util.c:gidtoname() calls getgrgid() which resets the file > pointer of the group file (at least under my OS). > Therefore the while cycle in groupdb/groupunix.c:getgrpunixpwent() > would go into an infinite loop, if it did not have a break in it. > > Most likely the author(s) did not expect/know that getgrgid() resets the > file pointer of the group file (at least on some OS's, like mine), and that > causes that the groupdb/groupunix.c:getgrpunixpwent() function always check > the very same group over and over again. > Here is a short test code with an infinite cycle, which describes exactly > what happens in these files (I put this in the > groupdb/groupunix.c:getgrpunixpwent() just before the original while cycle, > and it made the program go into an infinite cycle): > > ... > struct group *unix_grp; > ... > while ((unix_grp = getgrent()) != NULL) > { > DEBUG(1,("getgrent->name: %s\n",unix_grp->gr_name)); > getgrgid(unix_grp->gr_gid); > } > > /* cycle through unix groups */ > ... > > Could someone from the authors of these codes confirm this (I have SCO > OpenServer Enterprise System 5.0.2)? And is it possible to do something > about it? > > Thank in advance. > > With best regards, > > Geza Makay > > > ************************************************************************* > * Name: Geza Makay (Mr., Dr., Prof.) * > * Institute: Jozsef Attila University of Szeged * > * Mail: Bolyai Institute, Aradi vertanuk tere 1. * > * H-6720, Szeged, Hungary * > * Tel: (62) 454-091 (Hungary's code: 36) * > * Fax/Message: (62) 426-246 (Hungary's code: 36) * > * E-mail: makayg@math.u-szeged.hu * > * World Wide Web: http://www.math.u-szeged.hu/ * > ************************************************************************* > * "To err is human, but to really mess things up you need a computer." * > ************************************************************************* --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Tue Dec 22 04:19:15 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:53 2003 Subject: SP4 Domain Joining Problems References: Message-ID: <367F1DC3.F0567F54@eng.auburn.edu> CAE Samba Admin wrote: > > Hello... we've been running samba-1.9.19prealhpa for > about 6 months now happily. I'm in the middle of > updating our labs to NT SP4 and I have found that I > can no longer join a samba domain. I get an error > message saying that NT is "Unable to update local security > in order to join domain". Has anyone else run into > this? Would getting Samba 2.0b4 take care of this? > Are there any differences in the smbpasswd file between my > current version and samba 2.0? In other words should > it be a simple drop in replacement, or is this going > to be a process? Kevben, There were some issues fixed owith SP4. Time to update the you snapshot of the code (and be prepared :) ) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From hulet at ittc.ukans.edu Tue Dec 22 14:19:43 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:53 2003 Subject: SP4 Domain Joining Problems In-Reply-To: Message-ID: I'm having the same problem. If you remove service pack 4 everything works again. My NT SP4 clients can only participate in a workgroup environment and can not join the samba domain. They can join an NT Server domain however. Not much help but maybe you will feel better if someone else feels your pain. On Tue, 22 Dec 1998, CAE Samba Admin wrote: > > Hello... we've been running samba-1.9.19prealhpa for about 6 months now > happily. I'm in the middle of updating our labs to NT SP4 and I have > found that I can no longer join a samba domain. I get an error message > saying that NT is "Unable to update local security in order to join > domain". Has anyone else run into this? Would getting Samba 2.0b4 take > care of this? Are there any differences in the smbpasswd file between my > current version and samba 2.0? In other words should it be a simple drop > in replacement, or is this going to be a process? > > Thanks, > Kevin Currie > > > From stefcol at tin.it Tue Dec 22 15:15:39 1998 From: stefcol at tin.it (Stefano Colombo) Date: Tue Dec 2 02:24:53 2003 Subject: Group mappings Message-ID: <000501be2dbd$ef5449e0$42370a0a@scolombo> I know for sure this is a really dumb question , but I'm in a hurry and can't go through al the Samba FAQ . So how can I map Groups in a samba server ? Stefano Colombo MCP (email : scolombo@cdmtecno.pr.it ) CDM Tecnoconsulting SPA , v. G Marconi 25 , 43050 Sorbolo Italy Tel. + 39 0521 669511 Fax. + 39 0521 669527 scolombo@cdmtecno.pr.it www.cdmtc.it _____________________________________________ Il sesso senza amore e' un'esperienza vuota, ma fra le esperienze vuote e' una delle migliori Woody Allen _____________________________________________ From lkcl at switchboard.net Tue Dec 22 15:23:01 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: leaving and rejoining domain In-Reply-To: <3.0.3.32.19981221095720.0074d790@bioserve.biochem.latrobe.edu.au> Message-ID: On Mon, 21 Dec 1998, David Bannon wrote: > At 06:22 PM 18/12/1998 +0000, Luke Kenneth Casson Leighton wrote: > >.... > >> make install > > ^^^^^^^^^^^^ > > > >what does this do? remove some important files? i bet it deletes, say, > >*.mac files inadvertently. try *not* doing this, but copying nmbd and > >smbd manually, ok? > > > > Sure, I'll try that, but no point doing it now, will need to wait (a month > ?) until we can be sure that the magic time has passed. Meanwhile where the > hell are these *.mac fies you mention ? I thought I could see if 'make > install' would play with then, but I can'nt find, can make ? ah, those get created in "security = domain" mode. From lkcl at switchboard.net Tue Dec 22 15:25:25 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: Group db et al In-Reply-To: <001801be2b41$97b8eca0$0300a8c0@pippi.emil.pgmt> Message-ID: michael, thanks for your input. is win95, not that i like win95, sending LANMAN versions of these functions or is it sending dce/rpc calls? On Mon, 21 Dec 1998, Michael Stockman wrote: > Hello, > > I've been digging a little in why usrmgr (for W95) refuses to show a list of users and groups any more (samba PDC, head branch). The symptome seems to be that send_trans_reply (in smbd/ipc.c) finds that maxdataret is smaller than the length of rdata, which causes it to set NT_STATUS_ACCESS_VIOLATION on the reply which usrmgr very much dislikes. > > The relation to user lists is that this occurs in the reply to SAMR_QUERY_DISPINFO which usrmgr does when trying to get a user list (if you have too many users in your smbpasswd file). Fixing this will however not make usrmgr run (unless something else gets fixed too) as usrmgr reports NT error 0xefef0000 (with fewer users, I don't know what this is). In this case there is not error reported in the samba logs (could be a malformed packet by samba?). > > A similar thing happens in reply_enum_dom_groups (something like that). It appears that all groups in /etc/groups are added to the list (mapping to domain groups is carried out). Is this meant to be? I thought that only groups explicitly mapped to domain groups should have been added(?) as is the case with domain users. All these groups (21 on my system) causes the send_trans_reply to fail as above (no, I haven't tried to remove groups from /etc/groups and see what happens). > > Best regards > Michael Stockman > pgmtekn-micke@algonet.se > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Tue Dec 22 15:35:03 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: Where is it? Was Re: Mailing list In-Reply-To: Message-ID: On Mon, 21 Dec 1998, James Thompson wrote: > On Mon, 21 Dec 1998, Luke Kenneth Casson Leighton wrote: > > > http://samba.org/listproc > > > > OK. But, starting from the .samba.org/samba/samba.html how is a > new user to find subscription information. http://samba.org/listproc, link to http://lists.samba.org/cgi-bin/weblist. alternatively, follow the instructions on http://samba.org/listproc, it says "send email to listproc@samba.org" is this not clear? if you do so, you will receive instructions, they are exactly the same instructions that you will receive from any standard listproc server, and samba.org runs the standard listproc server. From weejock at ferret.lmh.ox.ac.uk Tue Dec 22 15:36:43 1998 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:24:53 2003 Subject: domain users map? Message-ID: Hi, I have a domain set up and working quite nicely now, but I need to give a couple of users admin rights (mostly so that they can write files on their local disks, share printers, etc). The NTDOM FAQ says that the domain admin users option is no longer used, but doesn't yet document the new way. Could someone please post a map file and maybe a couple of smb.conf entries to point me in the right direction? Thanks, Matthew. From lkcl at switchboard.net Tue Dec 22 15:46:57 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: LDAP Problems with PDC functionality In-Reply-To: <981222050358.10203@cse.unsw.edu.au> Message-ID: > > 2.) Set a trusted machine account with "smbpasswd -m pc_test" results in > > modifying user attributes or something, not workstation attributes > > to the LDAP Object: > > Can you elaborate? Currently creating a machine account should create a > fairly normal user, but with a W in acctFlags to indicate a workstation > trust account. Is this W not being added? ideally one of two things should be done: either: a) create a separate schema for all trust accounts, you still have to have acctFlags. b) set W NOT N in acctFlags, it's not an ACB_NORMAL it's an ACB_WKSTRUST. From lkcl at switchboard.net Tue Dec 22 15:51:28 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: 100% CPU usage and no login In-Reply-To: Message-ID: On Tue, 22 Dec 1998, Greg Dickie wrote: > > Errr, > > I feel honored. I do not actually write any code, I just bitch about the bugs > ;-) Apparently I'm useless at that too since I did not catch this getgrgid() > thing. Indeed the man page indicates that it searches from the beginning of the > file and therefore could easily reset the pointer in some implementations. > > Luke, waddaya think? I could always start to write code and fix this up > although my programming skills are unfortunately a bit rusty. well now i know what i suspected to be the problem is in fact the case (nested getgrnam() loops) i can fix it. From lkcl at switchboard.net Tue Dec 22 15:53:05 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:53 2003 Subject: SP4 Domain Joining Problems In-Reply-To: Message-ID: there are at least three independent issues that had to be fixed for SP4 in the rpc code. no i will not be back-patching old versions, too much has happened since 1.9.19prealpha. On Wed, 23 Dec 1998, Michael S. Hulet wrote: > I'm having the same problem. If you remove service pack 4 everything > works again. My NT SP4 clients can only participate in a workgroup > environment and can not join the samba domain. They can join an NT Server > domain however. Not much help but maybe you will feel better if someone > else feels your pain. > > > On Tue, 22 Dec 1998, CAE Samba Admin wrote: > > > > > Hello... we've been running samba-1.9.19prealhpa for about 6 months now > > happily. I'm in the middle of updating our labs to NT SP4 and I have > > found that I can no longer join a samba domain. I get an error message > > saying that NT is "Unable to update local security in order to join > > domain". Has anyone else run into this? Would getting Samba 2.0b4 take > > care of this? Are there any differences in the smbpasswd file between my > > current version and samba 2.0? In other words should it be a simple drop > > in replacement, or is this going to be a process? > > > > Thanks, > > Kevin Currie > > > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From Jean-Francois.Micouleau at dalalu.fr Tue Dec 22 16:02:35 1998 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:53 2003 Subject: domain users map? In-Reply-To: Message-ID: On Wed, 23 Dec 1998, Matthew Kirkwood wrote: > Hi, > > I have a domain set up and working quite nicely now, but I need to > give a couple of users admin rights (mostly so that they can write > files on their local disks, share printers, etc). > > The NTDOM FAQ says that the domain admin users option is no longer > used, but doesn't yet document the new way. If you're running samba 2.0 Beta x, the domain admin users is still the way to go. If you're running the head cvs branch, it's another story. To sum up in when the samba server is a PDC: smb.conf: domain user map = /usr/local/samba/lib/domainuser.map domain group map = /usr/local/samba/lib/domaingroup.map domainuser.map contains the mapping between the NT users and their equivalent on Unix: [root@doubleface lib]# cat domainuser.map root administrator ^^^-> a tab or an '=' sign should work. domaingroup.map contains the mapping between the NT domain groups and the Unix groups [root@doubleface lib]# cat domaingroup.map wheel "Domain Admins" ^^^-> a tab or an '=' sign should work. 'wheel' must be in /etc/group. All the Unix users who are in the 'wheel' unix group will be domain admins on the NT side. J.F. From jreid at jove.rutgers.edu Tue Dec 22 16:06:41 1998 From: jreid at jove.rutgers.edu (John Reid) Date: Tue Dec 2 02:24:53 2003 Subject: (no subject) Message-ID: <367FC391.887D20B9@jove.rutgers.edu> subscribe -- ----------------------------------------------------------------------- John Reid, Systems Programmer Rutgers University, Engineering Computing Services Phone: (732) 445-3761 Pager: (732) 989-9585 jreid@jove.rutgers.edu ----------------------------------------------------------------------- From joachim at kupke.ml.org Tue Dec 22 16:11:09 1998 From: joachim at kupke.ml.org (Joachim Kupke) Date: Tue Dec 2 02:24:53 2003 Subject: Your Passwd has expired ..... In-Reply-To: <3.0.3.32.19981203162048.0073b4a4@bioserve.biochem.latrobe.edu.au> Message-ID: <199812221611.RAA15968@portal.kupke.de> On 3 Dec, concerning "Your Passwd has expired .....", David Bannon wrote: > The current main branch CSV tells me that my passwd has expired today and > offers to let me change it. Now, I think that would be a good feature but I > don't think it is really implemented yet ?? The current CVS code will still do this. Without it actually being a problem (users may decline to change their passwords), it tends to get on one's nerves. Is there any planning to fix this? -- Joachim \\\|/// \\ - - // ( @ @ ) +-----------------------------+---------oOOo-(_)-oOOo-----------------+ | Joachim Kupke | Das Sein zum Tode ist eminent viru- | | | lent; sowohl im kontingenten als auch | | mailto:joachim@kupke.ml.org | im abstrakt ontischen Bereich. | | http://www.kupke.ml.org/ | (BTW: The end of MS is near...) | +-----------------------------+-----------------Oooo------------------+ oooO ( ) ( ) ) / \ ( (_/ \_) From weejock at ferret.lmh.ox.ac.uk Tue Dec 22 16:12:26 1998 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:24:53 2003 Subject: domain users map? In-Reply-To: Message-ID: On Tue, 22 Dec 1998, Jean Francois Micouleau wrote: > > The NTDOM FAQ says that the domain admin users option is no longer > > used, but doesn't yet document the new way. > > If you're running samba 2.0 Beta x, the domain admin users is still the > way to go. Ah OK, thanks. I'll let you know what happens... [disappears to test this] Matthew. From mh at bacher.at Tue Dec 22 16:19:14 1998 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:24:53 2003 Subject: LDAP Problems with PDC functionality In-Reply-To: <981222050358.10203@cse.unsw.edu.au> Message-ID: On Tue, 22 Dec 1998, Matthew Chapman wrote: > > > > I am testing the ldap funtionality with the latest cvs code : > > Fantastic! It needs a bit of work yet and I need as many people as > possible to try it out. It is always motivating to have such response ! FYI: I am working on solaris 2.7, sparc, with no (!) extra ldap library Only the new SUNWlldap Package. Compiles and runs without problems > > > 1.) if you modify a User with command "smbpasswd " the "dn:' > > has always be set to: "dn: uid=user,o=XX,c=AT", > > > > If the Users "dn" is like: "dn: cn=Peter XXX,o=YYY,c=AT" > > > > it is not working > > OK will fix. > > > 2.) Set a trusted machine account with "smbpasswd -m pc_test" results in > > modifying user attributes or something, not workstation attributes > > to the LDAP Object: > > Can you elaborate? Currently creating a machine account should create a > fairly normal user, but with a W in acctFlags to indicate a workstation > trust account. Is this W not being added? > If you look at my original mail,you will see the acctFlags, It is "[DU ]" !!! not W I use following command: "smbpasswd -m pc_test" Is it possible to change only U to W and try ro run it ? ... It will test it. ... but, that leads me to the question: Is it possible with the current ldap code to get SAMBA PDC running ? > > > > If you want to join the domain following errors occures: > > [1998/12/21 23:13:58, 0] passdb/ldap.c:ldap_search_for(99) > > search: Protocol error > > Can you try this at debug level 3 or higher please. > > Matt > After ( :-) ) this problem report i was gone throw the mailinglist archive and found out, that there was a big discussion about the ldap schema: Do you have a current ldap scheme ? I looked through the source and so this is what I have constructed: objectclass sambaAccount requires objectclass allows ntuid, description, uidNumber, gidNumber, rid, grouprid, lmPassword, ntPassword, pwdLastSet, smbHome, homeDrive, script, profile, workstations, acctFlags, pwdCanChange, pwdMustChange, logonTime, logoffTime, kickoffTime How accurate is that ? Thankx Martin Hofbauer From weejock at ferret.lmh.ox.ac.uk Tue Dec 22 16:30:22 1998 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:24:53 2003 Subject: domain users map? In-Reply-To: Message-ID: On Tue, 22 Dec 1998, Matthew Kirkwood wrote: > > If you're running samba 2.0 Beta x, the domain admin users is still > > the way to go. > > Ah OK, thanks. > > I'll let you know what happens... > > [disappears to test this] It doesn't seem to work - the listed users can't write to their local disks. I don't suppose that this log entry is relevant, is it? [1998/12/22 16:25:15, 0] smbd/service.c:make_connection(208) p25 (10.0.0.25) couldn't find service clients Also: I can no longer get a list of shares with smbclient -L: root@p75:~# smbclient -L //P75 -U patrick Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 Connection to //P75 failed My smb.conf is at http://ferret.lmh.ox.ac.uk/~weejock/smb_conf.txt Matthew. From D.Bannon at latrobe.edu.au Tue Dec 22 21:37:19 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:53 2003 Subject: Group mappings In-Reply-To: <000501be2dbd$ef5449e0$42370a0a@scolombo> Message-ID: <3.0.3.32.19981223083719.0075c4cc@bioserve.biochem.latrobe.edu.au> At 02:22 AM 23/12/1998 +1100, Stefano Colombo wrote: >I know for sure this is a really dumb question , but I'm in a hurry and >can't go through al the Samba FAQ . >So how can I map Groups in a samba server ? > This has not made it to the FAQ yet, will be there soon, I am sure. ------------------------------------------- How do I make a Domain Administrator now that the experimental "domain admin group = X" parameter has been replaced in 2.1 ? Simplest Version : Choose a suitable UNIX group, for example the group "adm". In smb.conf : domain group map = /usr/local/samba/lib/domaingroup.map In the file /usr/local/samba/lib/domaingroup.map : adm="Domain Admins" In /etc/group, put any user you want to be a "Domain Admin" in the group "adm". These users will have Domain Admin rights on the workstations and will, for example, have Domain Admins policy rules (ie permissions) applied to them. They can take the workstation out of a domain, remove or edit profiles on the machine etc. You can do much more (if you understand differences between local and domain admins), to create local administrators : Choose a suitable unix group, for example "wheel". local group map = /usr/local/samba/lib/localgroup.map In the file /usr/local/samba/lib/localgroup.map put : wheel=BUILTIN\Administrators domain user map = /usr/local/samba/lib/domainuser.map In the file /usr/local/samba/lib/domainuser.map put : root=Administrator Then run : smbpasswd -a root and tell it your root password. Then in /etc/group, any users that you want to be local administrators must be in the group "wheel". ------------------------- Thanks. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Tue Dec 22 21:44:29 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:53 2003 Subject: domain users map? In-Reply-To: Message-ID: <3.0.3.32.19981223084429.0075d0d0@bioserve.biochem.latrobe.edu.au> At 02:42 AM 23/12/1998 +1100, Matthew Kirkwood wrote: >Hi, > >I have a domain set up and working quite nicely now, but I need to >give a couple of users admin rights (mostly so that they can write >files on their local disks, share printers, etc). > As I said in another post, this is on its way to the FAQ, I'm sure Jerry will do it as soon as he can. ------------------------------------------- How do I make a Domain Administrator now that the experimental "domain admin group = X" parameter has been replaced in 2.1 ? Simplest Version : Choose a suitable UNIX group, for example the group "adm". In smb.conf : domain group map = /usr/local/samba/lib/domaingroup.map In the file /usr/local/samba/lib/domaingroup.map : adm="Domain Admins" In /etc/group, put any user you want to be a "Domain Admin" in the group "adm". These users will have Domain Admin rights on the workstations and will, for example, have Domain Admins policy rules (ie permissions) applied to them. They can take the workstation out of a domain, remove or edit profiles on the machine etc. You can do much more (if you understand differences between local and domain admins), to create local administrators : Choose a suitable unix group, for example "wheel". local group map = /usr/local/samba/lib/localgroup.map In the file /usr/local/samba/lib/localgroup.map put : wheel=BUILTIN\Administrators domain user map = /usr/local/samba/lib/domainuser.map In the file /usr/local/samba/lib/domainuser.map put : root=Administrator Then run : smbpasswd -a root and tell it your root password. Then in /etc/group, any users that you want to be local administrators must be in the group "wheel". ------------------------- Thanks. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Axel.Thimm at physik.fu-berlin.de Tue Dec 22 22:44:42 1998 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:24:53 2003 Subject: "Logon service not started" ? Message-ID: <19981222234442.A20708@physik.fu-berlin.de> I am trying to set up the latest cvs samba code. The domain servers are OSF1 sambas using encrypted passwords; clients are WinNT 4.0SP4 (german). With some help (and the FAQ on NTDOM) I succeeded in joining the domain. On startup I now get the three fields as described in section 2.4 of this FAQ. When I give in a name/password pair I get on hold while watching a moving Windows flag beside a message "Loging in progress" (my translation). After a timeout it fails with a message like "Your logon service has not been started". On the samba side I increased debug levels to infinity, but there is no attempt recorded of a domain logon. (domain logon = yes and workgroup = , same as the one used by the WinNT client) Switching the client to workgroup mode it works (no netlogon/profile roaming of course). Attached are my smb.conf files (two because one is standard for all installations), in case someone looks at them and tells me what I am doing wrong :( Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de Axel.Thimm@ifh.de === smb.conf start ; Datei smb.conf (2.Versuch) [global] print command = /usr/local/bin/lpr -r -b -P%p -U %M %s lpq command = /usr/local/bin/lpq -P%p dead time = 15 workgroup = unix_cluster hosts allow = .physik.fu-berlin.de wins support = no preserve case = yes short preserve case = yes ;wide links = no invalid users = root daemon bin uucp uucpa auth cron lp tcb adm ris wnn rdist include = /usr/samba2/lib/smb.conf.local [homes] browseable = no read only = no create mode = 0640 directory mask = 0750 [printers] path = /var/tmp writable = no public = yes printable = yes [www] path = /www/%u readonly = no create mode = 0644 directory mask = 0755 [scratch] path = /scratch readonly = no create mode = 0640 directory mask = 0750 === smb.conf end === smb.conf.local start #hosts allow = #debuglevel = 90 debuglevel = 20 domain master = yes local master = yes preferred master = yes os level = 65 wins support = yes #wins server = axp1 printcap name = /etc/printcap printing = bsd security = user #security = share domain logons = yes logon drive = Z: logon home = \\%N\%U logon path = \\%N\%U\profile #logon script = scripts/%U.bat ### only for netlogons #logon script = login.bat #nis homedir = true #homedir map = smb.home encrypt passwords = yes #null passwords = yes #passwd chat debug = yes workgroup = hamprecht_linke preserve case = yes short preserve case = yes [netlogon] path = /etc/netlogon writable = no guest ok = no #browsable = no #writeable = no #public = no #locking = no #share modes = no [SekrLi] path = /home/blecke/Sekretariat/Linke browsable = no writable = yes force user = blecke valid users = linke [SekrHa] path = /home/blecke/Sekretariat/Hamprecht browsable = no writable = yes force user = blecke valid users = hamprech [SekrHaLi] path = /home/blecke/Sekretariat/Gesch?ftsf?hrung browsable = no writable = yes force user = blecke valid users = hamprech linke === smb.conf.local end From pgmtekn at algonet.se Tue Dec 22 23:29:13 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:53 2003 Subject: Group db et al Message-ID: <001801be2e02$ebda09e0$0300a8c0@pippi.emil.pgmt> >thanks for your input. is win95, not that i like win95, sending LANMAN >versions of these functions or is it sending dce/rpc calls? They are sent to an open pipe SAMR and samba calls a function create_rpc_reply in conjunction, so I suppose it is dce/rpc versions. I don't like W95 too much either, but to me it's either that or W98 which so far is even worse. Best regards Michael Stockman pgmtekn-micke@algonet.se From weejock at ferret.lmh.ox.ac.uk Wed Dec 23 10:56:47 1998 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:24:53 2003 Subject: domain users map? In-Reply-To: <3.0.3.32.19981223084429.0075d0d0@bioserve.biochem.latrobe.edu.au> Message-ID: On Wed, 23 Dec 1998, David Bannon wrote: > >I have a domain set up and working quite nicely now, but I need to > >give a couple of users admin rights (mostly so that they can write > >files on their local disks, share printers, etc). > > As I said in another post, this is on its way to the FAQ, I'm sure Jerry > will do it as soon as he can. OK, then. Two more: 1. Profiles I'm having problems with roaming profiles. Using the suggested \\%N\profiles\%U when the user logs off, it announces that it couldn't save the roaming profile and to tell my administrator if I can be bothered. (It says that to administrator, too. How dumb can you get? :) It also says "(Code 65)". No log entries (not running with -d anything). 2. User lists Anything which tries to get a user listing crashes horribly. When this is explorer it tends to take the rest of the machine with it. Obviously, it shouldn't crash, but it seems to be being provoked a little more than the old NT box was doing... No log entries, except this, which I doubt is relevant: [1998/12/23 10:53:45, 0] smbd/service.c:make_connection(208) p20 (10.0.0.20) couldn't find service clients Does anyone know why it would be trying to connect to a "clients" share? 3. smbclient -L smbclient -L //server no longer works: [root@p75 samba]# smbclient -L //P75 Added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 Connection to //P75 failed strace shows it broadcasting, but not receiving anything... Any more help greatly appreciated. Cheers, Matthew. From stefcol at tin.it Wed Dec 23 11:08:57 1998 From: stefcol at tin.it (Stefano Colombo) Date: Tue Dec 2 02:24:53 2003 Subject: Slowness and Write problem Message-ID: <000801be2e64$a354bf00$42370a0a@scolombo> I'm experiencing a problem that it seems I couldn't solve by myself, so please take a minute to help me ;-) I'm running a samba server 1.9.18p10 on a HPUX 10.20 box. The problems arise when the clients ( all NT 4SP3 workstations ) have to save into a samba'share. The process is quite slow and seldom hung. The worst case is with a CAD Application ( Pro Engineer ) which sometimes can't save the file with an , apparently NT's, error which follow "Error moving from buffer to ..... " Any help is greatly appreciated Stefano Colombo MCP (email : scolombo@cdmtecno.pr.it ) CDM Tecnoconsulting SPA , v. G Marconi 25 , 43050 Sorbolo Italy Tel. + 39 0521 669511 Fax. + 39 0521 669527 scolombo@cdmtecno.pr.it www.cdmtc.it _____________________________________________ Il sesso senza amore e' un'esperienza vuota, ma fra le esperienze vuote e' una delle migliori Woody Allen _____________________________________________ From Axel.Thimm at physik.fu-berlin.de Wed Dec 23 12:16:10 1998 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:24:53 2003 Subject: core dump while chatting password? Message-ID: <19981223131610.A23582@physik.fu-berlin.de> Latest cvs samba on OSF1, encrypted passwords, remote password change with smpbasswd -r, unix passwd sync = yes: [1998/12/23 12:55:00, 100] smbd/chgpasswd.c:talktochild(276) talktochild: chatbuf=[*] responsebuf=[changing NIS passwd entry for thimm sh: 15514 Memory fault - core dumped ] The dump came from yppasswd having a segment violation, installed more than 9 month ago and used by 700+ users, and noone complained about core dumps until now. So I think something is wrong with the chat wrapper. On the other hand non-NIS passwd programs work with the chatter (?) Here are the dump infos: GDB 4.16 (alpha-dec-osf4.0), Copyright 1996 Free Software Foundation, Inc... (no debugging symbols found)... Core was generated by `passwd'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/shlib/libc.so...(no debugging symbols found)...done. #0 0x3ff8018e108 in __crypt16 () (gdb) where #0 0x3ff8018e108 in __crypt16 () #1 0x1200054a0 in checkoldpasswd () Any hint? How could I spott the error? Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de Axel.Thimm@ifh.de From Axel.Thimm at physik.fu-berlin.de Wed Dec 23 12:41:01 1998 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:24:53 2003 Subject: "Logon service not started" ? In-Reply-To: <19981222234442.A20708@physik.fu-berlin.de>; from Axel Thimm on Wed, Dec 23, 1998 at 09:45:59AM +1100 References: <19981222234442.A20708@physik.fu-berlin.de> Message-ID: <19981223134101.A22179@physik.fu-berlin.de> On Wed, Dec 23, 1998 at 09:45:59AM +1100, Axel Thimm wrote: > I am trying to set up the latest cvs samba code. The domain servers are OSF1 > sambas using encrypted passwords; clients are WinNT 4.0SP4 (german). > > With some help (and the FAQ on NTDOM) I succeeded in joining the domain. On > startup I now get the three fields as described in section 2.4 of this FAQ. > > When I give in a name/password pair I get on hold while watching a moving > Windows flag beside a message "Loging in progress" (my translation). After a > timeout it fails with a message like "Your logon service has not been > started". I am replying to myself as I found some more information. During a logon try the following can be seen with debuglevel = 100 in log.smb. The last two lines are repeated too many times to count (log.smb wrapps after 5MB to log.smb.old). I think the error must be there. Somehow samba wants to assign a group to the loging in user thimm who is uid=4019(thimm) gid=411(ag-linke) groups=0(system) Perhaps the secondary group entry confuses samba? Thanks, Axel. [1998/12/23 13:23:57, 4] rpc_server/srv_pipe.c:api_rpc_command(670) api_rpc_command: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON ... [1998/12/23 13:23:58, 3] rpc_server/srv_netlog.c:api_net_sam_logon(653) SAM Logon (Interactive). Domain:[HAMPRECHT_LINKE]. User:[thimm] [1998/12/23 13:23:58, 10] passdb/sampassdb.c:iterate_getsam21pwntnam(135) search by name: thimm [1998/12/23 13:23:58, 10] lib/util_file.c:startfilepwent(126) startfilepwent: opening file /usr/samba2/private/smbpasswd ... [1998/12/23 13:23:58, 5] passdb/smbpass.c:getsmbfilepwent(198) getsmbfilepwent: returning passwd entry for unix user thimm, unix uid 4019 [1998/12/23 13:23:58, 10] passdb/passdb.c:pwdb_smb_map_names(267) pwdb_smb_map_names [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbpwnam(886) lookupsmbpwnam: unix user name thimm [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbpwuid(1020) lookupsmbpwuid: unix uid 4019 [1998/12/23 13:23:58, 4] lib/util.c:automount_server(2077) Home server: dirac [1998/12/23 13:23:58, 4] lib/util.c:automount_server(2077) Home server: dirac [1998/12/23 13:23:58, 10] passdb/sampassdb.c:pwdb_sam_map_names(395) pwdb_sam_map_names [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbpwnam(886) lookupsmbpwnam: unix user name thimm [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbpwuid(1020) lookupsmbpwuid: unix uid 4019 [1998/12/23 13:23:58, 10] passdb/sampassdb.c:pwdb_sam_map_names(443) pwdb_sam_map_name: found unix user thimm nt thimm uid 4019 rid 0x42b4 [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbgrpgid(1269) lookupsmbgrpgid: unix gid 411 [1998/12/23 13:23:58, 10] lib/domain_namemap.c:load_name_map(526) initialising map [1998/12/23 13:23:58, 10] lib/domain_namemap.c:load_name_map(526) initialising map [1998/12/23 13:23:58, 10] passdb/sampassdb.c:pwdb_sam_map_names(525) pwdb_sam_map_name: found gid 411 and group rid 0xa55 for unix user thimm [1998/12/23 13:23:58, 10] passdb/sampassdb.c:iterate_getsam21pwntnam(155) found by name: thimm [1998/12/23 13:23:58, 7] lib/util_file.c:endfilepwent(161) endfilepwent: closed file. [1998/12/23 13:23:58, 10] passdb/sampassdb.c:pwdb_sam_map_names(395) pwdb_sam_map_names [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbpwnam(886) lookupsmbpwnam: unix user name thimm [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbpwuid(1020) lookupsmbpwuid: unix uid 4019 [1998/12/23 13:23:58, 10] passdb/sampassdb.c:pwdb_sam_map_names(443) pwdb_sam_map_name: found unix user thimm nt thimm uid 4019 rid 0x42b4 [1998/12/23 13:23:58, 10] groupdb/groupdb.c:iterate_getusergroupsnam(217) search for usergroups by name: thimm [1998/12/23 13:23:58, 10] groupdb/groupunix.c:getgrpunixpwent(169) getgrpunixpwent: enum unix group entry system [1998/12/23 13:23:58, 10] lib/domain_namemap.c:lookupsmbgrpgid(1269) lookupsmbgrpgid: unix gid 0 [1998/12/23 13:23:58, 10] groupdb/groupunix.c:getgrpunixpwent(169) getgrpunixpwent: enum unix group entry system ... last two entries repeated a lot of times ... -- Axel.Thimm@physik.fu-berlin.de Axel.Thimm@ifh.de From thwartedefforts at wonky.org Wed Dec 23 17:28:33 1998 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:53 2003 Subject: event auditing (was Re: Logging failed) Message-ID: <19981223172833.23142.cpmta@fillmore.criticalpath.net> On Wed, 23 December 1998, "Dan \"Effugas\" Kaminsky" wrote: > More necessary, IMHO, is a way for SAMBA to log file operations. No, not > like the debug logs, I mean like web logs. Win95/NT finally has this > ability with NetWatcher Pro; I think Samba should too. While there are > issues with what exactly constitutes a file operation "event"(Is an > open/close 1 entry or 2? What about "streaming" style grabs?), I think the > complexities can be left for the debug logs. I just want a simple way to > see that computer \\FOO has accessed my shared files, and I don't want to > have to repeatedly check interactively. My auditing patch can handle that, still in development though, but I have been using it in my production environment for the last 3 or 4 months with no problems. http://www.reac.com/samba/samba-audit.html http://www.reac.com/samba/samba-audit-2beta4.diff Of course, there are still some issues to be worked out, like logoff events are not handled cleanly, and print operations are not handled at all. And it needs to use the detected syslog stuff from the configure script, etc, etc. Andy. From cartegw at Eng.Auburn.EDU Thu Dec 24 05:41:54 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:53 2003 Subject: R: Group mappings References: <000801be2dc2$05abc0c0$42370a0a@scolombo> Message-ID: <3681D422.E8B3CC94@eng.auburn.edu> I am uploading it now. Check the NTDOM FAQ linked off the documentation page on the samba site. See section 4. Here's the bulk of it. Thanks to David Bannon for send it to me. :-) Hope this helps, jerry --------------------------------------------- This has changed in the latest version of the HEAD branch. The "domain admin users" and "domain admin group" parameters have gone away. See the smb.conf man page for information on * domain group map * domain user map * local group map Here are some sample notes... To put users in the "Domain Admins" group * Choose a suitable UNIX group, for example the group "adm". Add the following parameter to smb.conf domain group map = /usr/local/samba/lib/domaingroup.map * Now create /usr/local/samba/lib/domaingroup.map and add adm="Domain Admins" * In /etc/group (or the NIS map), put any user you want to be a "Domain Admin" in the group "adm". These users will have Domain Admin rights on the workstations and will, for example, have Domain Admins policy rules (ie permissions) applied to them. They can take the workstation out of a domain, remove or edit profiles on the machine etc. To add users to the local Administrator accounts on machines * Add the following parameter to smb.conf local group map = /usr/local/samba/lib/localgroup.map * Choose a suitable unix group, for example "wheel" and add the following entry to the loca group map file wheel=BUILTIN\Administrators * Then in /etc/group (or the NIS map), any users that you want to be local administrators must be in the group "wheel". Now to map NT user accounts to unix accounts * Add the following parameter to smb.conf domain user map = /usr/local/samba/lib/domainuser.map * In the file /usr/local/samba/lib/domainuser.map put : root=Administrator * Then run smbpasswd -a root and enter a password. ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Thu Dec 24 06:31:25 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:53 2003 Subject: NTFOM FAQ updated Message-ID: <3681DFBD.57737F5F@eng.auburn.edu> Netmon can be run under Windows 9x as most of you know. I've added details in the NTDOM FAQ under debugging how to do it. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cigor at EUnet.yu Thu Dec 24 08:28:55 1998 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:24:53 2003 Subject: Question about User list Message-ID: <01be2f17$71b4cc20$0200a8c0@big.co.yu> I have set up Samba2.0.0b4 and it is working great. I can log in. Roaming profiles are working fine. My question is: Why I can not get user list from Samba server. It this work in progress or what. What I want is to forbid all users(but users in admin group) to write to local disk. Can it be done if I can not get user/group list from server. There are some files that WinNT is looking(like userinit.exe) and it can not find them(they are not there) Can this be reason why I can not get user list. ______________________________________________ Colovic Igor Linux Users Group of Yugoslavia www.linux.org.yu cigor@eunet.yu DelphiPro@yahoo.com From cigor at EUnet.yu Sat Dec 26 22:35:35 1998 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:24:53 2003 Subject: Q about cvs vs. samba2.0.0b4 Message-ID: <01be3120$0db82900$0200a8c0@big.co.yu> My question is simple. Is it better to use cvs code or samba2.0.0b4 from www.samba.org , and what are differences. Please if you can answer quickly. ______________________________________________ Colovic Igor Linux Users Group of Yugoslavia www.linux.org.yu cigor@eunet.yu DelphiPro@yahoo.com From samba at aquasoft.com.au Sun Dec 27 02:58:39 1998 From: samba at aquasoft.com.au (Samba-Support) Date: Tue Dec 2 02:24:53 2003 Subject: Q about cvs vs. samba2.0.0b4 In-Reply-To: <01be3120$0db82900$0200a8c0@big.co.yu> Message-ID: My advice in this instance is to go with the current CVS tree for the Samba-2.0.0 branch. My reason is simple, we heve not yet issued a Beta with the most recent fixes in it and are unlikely to do this as I believe we are very near release. The Samba-2.1.0 developmental branch is not yet ready for prime-time testing. Samba-2.1.0 code is found under the default location (or head branch). Please be careful when downloading CVS code that you do specify SAMBA_2_0 as the branch tag. Thos who wish to test the Domain Control code should work with the 2.1.0 code and not the 2.0.0 code - but please realise that 2.1.0 is not as mature as the 2.0.0 code tree. As to the differences between Beta4 and 2.0.0 CVS code: There is a bug in nmbd in Beta4 that can cause memory depletion and subsequent exposure of the system. This is fixed in the current CVS code. Apparently this bug had been there for some time. I am running beta4 at a number of sites, yet only one site was bitten by this bug that has been closed out. This importance of wide-spread pre-release testing and stress testing can not be over-emphasised. Over all, 2.0.0 is looking good so do expect to hear a release announcement during January. We would like to see some more feedback for platform compilation support to make sure we can compile on as many platforms as possible. Cheers, John H Terpstra - Samba-Team On Sun, 27 Dec 1998, Colovic Igor wrote: > My question is simple. > > Is it better to use cvs code or samba2.0.0b4 from www.samba.org , and what > are differences. > > Please if you can answer quickly. > ______________________________________________ > Colovic Igor Linux Users Group of Yugoslavia > www.linux.org.yu > cigor@eunet.yu > DelphiPro@yahoo.com > > > > > From cartegw at Eng.Auburn.EDU Mon Dec 28 02:50:35 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:53 2003 Subject: Question about User list References: <01be2f17$71b4cc20$0200a8c0@big.co.yu> Message-ID: <3686F1FB.44D9E235@eng.auburn.edu> Colovic Igor wrote: > > I have set up Samba2.0.0b4 and it is working great. I can > log in. Roaming profiles are working fine. For the PDC functionality, you should be using the HEAD branch (get it via CVS. See the NTDOM FAQ Q2.1 for more info) Be warned that it is all still experiemental (as your probably know) > My question is: > Why I can not get user list from Samba server. It this > work in progress or what. Not completed yet. Still being worked on. > What I want is to forbid all users(but users in admin > group) to write to local disk. > Can it be done if I can not get user/group list from server. Not that I know of. > There are some files that WinNT is looking(like userinit.exe) > and it can not find them(they are not there) > Can this be reason why I can not get user list. Yup. Others (including myself) have reproduced that as well. No idea why but it unrelated to the user list thing. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ccunning at math.ohio-state.edu Tue Dec 29 15:47:50 1998 From: ccunning at math.ohio-state.edu (Chad Cunningham) Date: Tue Dec 2 02:24:53 2003 Subject: smb.conf example Message-ID: Does anyone have a smb.conf file for an NT PDC setup I could look at? I'm a bit confused about how this needs to be set up. Specifically with the security= directive. I'm not sure how this works. All the users on our NT machines have accounts on the UNIX machine that will be running samba. Can samba use the same passwords for both the unix box and the NT machines? Do I have to have two password files, or can I use /etc/passwd for both? What would be really nice is if when an account was created on the unix box, they would then have access to log in on the NT machines. Is this a dream, or do I have to create a samba account for everyone as well? From anders.ostling at neurope.ikea.com Tue Dec 29 17:00:17 1998 From: anders.ostling at neurope.ikea.com (Anders Vstling) Date: Tue Dec 2 02:24:54 2003 Subject: smb.conf example References: Message-ID: <36890AA1.3E8FE877@neurope.ikea.com> Chad Cunningham wrote: > Does anyone have a smb.conf file for an NT PDC setup I could look at? > I'm a bit confused about how this needs to be set up. Specifically > with the security= directive. I'm not sure how this works. All the workgroup = INEAB security = server password server = milou idefix preferred master = no > > users on our NT machines have accounts on the UNIX machine that will > be running samba. Can samba use the same passwords for both the unix > box and the NT machines? Do I have to have two password files, or can > I use /etc/passwd for both? Use pam_smb for this. Here is an extract from my file /etc/pam.d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_smb_auth.so auth required /lib/security/pam_nologin.so ... /etc/pam.d/ftp #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file= /etc/ftpusers onerr=succeed auth required /lib/security/pam_smb_auth.so auth required /lib/security/pam_shells.so account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so > > > What would be really nice is if when an account was created on the > unix box, they would then have access to log in on the NT machines. > Is this a dream, or do I have to create a samba account for everyone > as well? Put an asterisk in the /etc/passwd file for the user. This will forward the authentication to the named NT server (see smb.conf) /Anders -- -------------------------------------------------------- Anders ?stling IKEA Corporate Technology Group Email: anders dot ostling AT neurope dot ikea dot com Phone: +46-42-25 73 45 Fax : +46-42-25 73 70 Mobil: +46-70-753 70 39 -------------------------------------------------------- From max at zl2max.gen.nz Wed Dec 30 07:34:20 1998 From: max at zl2max.gen.nz (Max Wheatley) Date: Tue Dec 2 02:24:54 2003 Subject: Help with NT domain Message-ID: <3689D77C.A2C552D1@zl2max.gen.nz> Hi Guys I am trying to upgrade my Samba server to become my PDC. I have upgrades to 2.0.0beta4, got rid of "plain passwords" I have been running Samba for a while with no problems. I have NT server running as a PDC in another domain to compare with etc. .. Now having been caught out with smbpasswd once I am worried. I think I have created a machine account on my samba PDC: ---------------------------------------------------------------------- max:501:9D4A55B3E6F81FF7AAD3B435B51404EE:1EE931B7A4923D5A13425397A868AD77:[U ]:LCT-36872AA0:Max Wheatley cheryl:502:DC631B1384ABD794AAD3B435B51404EE:57CFF28FBA74BD23B6575D49CCC894B4:[U ]:LCT-36881F23:Cheryl Wheatley root:0:609FCABC7B0F9AEAAAD3B435B51404EE:DDFF3B733E17BE6500375694FE258864:[U ]:LCT-3689A14D: woodstock$:505:A97A071EBE79BB06144E2E8ADEF09EFD:D6469AB396B1BFF35200F54797E98FDE:[W ]:LCT-3689CF4C: ----------------------------------------------------------------------- The machine name is woodstock ( tried upper and lower ) and the password is set to woodstock ( lowercase only ). Hows that look ??? When I try to add my NT workstation to the Samba domain I get the following message in my samba log. --------------------------------------------------------------------------------------------- [1998/12/30 17:00:41, 0] smbd/reply.c:session_trust_account(395) session_trust_account: Trust account WOODSTOCK$ only supported with security = user --------------------------------------------------------------------------------------------- Thanks in advance max@zl2max.gen.nz max.wheatley@telecom.co.nz From samba at aquasoft.com.au Wed Dec 30 11:38:13 1998 From: samba at aquasoft.com.au (Samba-Support) Date: Tue Dec 2 02:24:54 2003 Subject: Help with NT domain In-Reply-To: <3689D77C.A2C552D1@zl2max.gen.nz> Message-ID: Max, The error message says you need to have in your smb.conf file [globals] section: security = user you also need: encrypt passwords = Yes Is this what you have? Cheers, John H Terpstra - Samba-Team On Wed, 30 Dec 1998, Max Wheatley wrote: > Hi Guys > > I am trying to upgrade my Samba server to become my PDC. > > I have upgrades to 2.0.0beta4, got rid of "plain passwords" > > I have been running Samba for a while with no problems. > > I have NT server running as a PDC in another domain to compare with etc. > . > > Now having been caught out with smbpasswd once I am worried. > > > I think I have created a machine account on my samba PDC: > ---------------------------------------------------------------------- > max:501:9D4A55B3E6F81FF7AAD3B435B51404EE:1EE931B7A4923D5A13425397A868AD77:[U > ]:LCT-36872AA0:Max Wheatley > cheryl:502:DC631B1384ABD794AAD3B435B51404EE:57CFF28FBA74BD23B6575D49CCC894B4:[U > ]:LCT-36881F23:Cheryl Wheatley > root:0:609FCABC7B0F9AEAAAD3B435B51404EE:DDFF3B733E17BE6500375694FE258864:[U > ]:LCT-3689A14D: > woodstock$:505:A97A071EBE79BB06144E2E8ADEF09EFD:D6469AB396B1BFF35200F54797E98FDE:[W > ]:LCT-3689CF4C: > > ----------------------------------------------------------------------- > > The machine name is woodstock ( tried upper and lower ) and the password > is set to woodstock ( lowercase only ). > > Hows that look ??? > > When I try to add my NT workstation to the Samba domain I get the > following message in my samba log. > --------------------------------------------------------------------------------------------- > [1998/12/30 17:00:41, 0] smbd/reply.c:session_trust_account(395) > session_trust_account: Trust account WOODSTOCK$ only supported with > security = user > --------------------------------------------------------------------------------------------- > > Thanks in advance > > > > max@zl2max.gen.nz > max.wheatley@telecom.co.nz > From mot at fima.net Wed Dec 30 13:03:14 1998 From: mot at fima.net (Bassine Ilya) Date: Tue Dec 2 02:24:54 2003 Subject: Problem witn NT login into SAMBA-PDC Message-ID: <368A2492.6DC903AE@fima.net> Hi! I've decided to try Samba-2.0beta4 to make a PDC. I have a Linux Slakware 3.6 box, with last version of shadow and quota support. After the installation from the source I've read all documentation about SAMBA-NT-DOMAIN. Samba was configured as PDC: [Global] ... workgroup = DOMAIN netbios name = SERVER hosts allow = 10.0.1. domain logons = yes security = user encrypted update = yes encrypt passwords = yes local master = yes domain master = yes logon path = \\%L\Profiles\%U logon script = %U.bat wins proxy = yes dns proxy = no # on my test network I have not DNS service adduser script = /usr/sbin/adduser .... The sections [netlogon] and [Profiles] were done as it was said in smb.conf manual. I've used smbpasswd to make encrypted passwords. I've tried Windows 95 (Service Pack 1.0) and Windows 98. So I had not any problem with them. But when I've begin to use Windows NT 4.0 SP3 as the client -> the problem was occurred. 1. I've made an unix account: adduser -> ntwork1$ ( home = /dev/null, shell = /bin/false, password was not null) 2. I've make a Windows NT's user profile with User Manager and put it to the [Profile] section. 3. I've made an machine account using smbpasswd: smbpasswd -a -m ntwork1 4. I've tried two ways : a. Leave the null password for machine b. Change the password using smbpasswd ntwork1$ 5. I've joined my NT-station to the Samba-DOMAIN, successful. I mean I've seen "Welcome to DOMAIN" 6. I've tried to logon into SAMBA DOMAIN after the restarting of the NT-STATION -> without success. On the NT box I've seen "bla-bla-bla user password is wrong" On the Linux box in log.ntwork1 I've seen "user ilya is invalid on this system" I've tried many configurations but with the same result (including plain text password and hacking NT registry) Please help... a week of the trying and hard work -> and no chance.... From sm at sys.uea.ac.uk Wed Dec 30 13:32:55 1998 From: sm at sys.uea.ac.uk (Shaun McCullagh SYS) Date: Tue Dec 2 02:24:54 2003 Subject: NIS Authentication & Samba v2.x Message-ID: Hi, Is there any way of configuring samba v2 to authenticate user passwords with NIS instead of using the smbpasswd file? Cheers Shaun McCullagh IT Support Officer Email: sm@sys.uea.ac.uk School of Information Systems., Tel +44 1603 592307 University of East Anglia, FAX +44 1603 507720 Norwich England NR4 7TJ All views expressed are my own. From cartegw at Eng.Auburn.EDU Wed Dec 30 15:40:56 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:54 2003 Subject: NIS Authentication & Samba v2.x References: Message-ID: <368A4988.6A83ED27@eng.auburn.edu> Shaun McCullagh SYS wrote: > > Hi, > > Is there any way of configuring samba v2 to authenticate > user passwords with NIS instead of using the smbpasswd > file? Version 2.0 will run in the same way as previous versions and accept plain text passwords from clients. However, for security = domain and PDC functionality, you must use encrypted passwords. Hope that answers your questions. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Dec 30 16:00:23 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:54 2003 Subject: Problem witn NT login into SAMBA-PDC References: <368A2492.6DC903AE@fima.net> Message-ID: <368A4E17.86CAC22E@eng.auburn.edu> Bassine Ilya wrote: > > Samba was configured as PDC: > > [Global] > .. > workgroup = DOMAIN > netbios name = SERVER > hosts allow = 10.0.1. > domain logons = yes > security = user > encrypted update = yes Can't user this with "encrypt passwords = yes" > adduser script = /usr/sbin/adduser This is to be used if you a domain member, not a PDC. > 3. I've made an machine account using smbpasswd: > smbpasswd -a -m ntwork1 > 4. I've tried two ways : > a. Leave the null password for machine > b. Change the password using smbpasswd ntwork1$ > > 5. I've joined my NT-station to the Samba-DOMAIN, successful. I mean > I've seen "Welcome to DOMAIN" > 6. I've tried to logon into SAMBA DOMAIN after the restarting of the > NT-STATION -> without success. > On the NT box I've seen "bla-bla-bla user password is wrong" I'm assuming that you added the smbpasswd entry for user ilya? Just a note, but you must use kencryptes passwords for NT PDC support. This means that every user must have and entry in the private/smbpasswd. Have you read the NTDOM FAQ? IF not, it's under documentation on the samba site (http://samba.org) Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jallison at cthulhu.engr.sgi.com Thu Dec 31 02:01:48 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:54 2003 Subject: Samba 2.0.0 Beta5 released. Message-ID: <368ADB0C.4C7E2933@engr.sgi.com> The Samba Team is pleased to announce Samba 2.0.0 Beta5 This is the fifth of (hopefully) a short series of Beta releases of the 2.0.0 code and incorporates bug fixes and changes from feedback gained from the earlier betas. Show-stopper bugs notwithstanding, this is expected to be the last beta release before the official ship of the stable Samba 2.0.0 release, so it is very important for people to send feedback and patches for configuring and building Samba 2.0.0 on unusual platforms. We made this same announcement for Beta4, but due to the number of autoconf (and other) problems fixed since the release of Beta4 we thought it safer to release another Beta. We are relasing these Betas to enable the Samba Team to gain wider testing of the new autoconf mechanism and fix any bugs before the first ship of the new stable version of Samba - Samba 2.0.0. Samba 2.0.0 Beta5 is available in source form from samba.org and all of our mirror sites. Please go to your nearest mirror site from samba.org and click on the link under the "Samba News" announcement to download this code. Please try this code and give us feedback. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org The WHATSNEW.txt file follows. As always, any bugs are our responsibility, Regards, The Samba Team. ----------------------------------------------------------- Issues fixed between Beta4 and Beta5 ------------------------------------ 1). Recuse directory bug with NT and smbtar fixed. smbtar now recurses through all directories correctly. 2). Subtle bug fixed with the SIGCLD eating process status values in cases where they are needed. 3). Fixed autoconf detection and handling of the different setresuid/seteuid/setuid calls on different UNIXs. 4). Wrapped readdir64 for large file support. 5). Fixed --with-nisplus compile for Solaris. 6). Fixed wildcard bug with 16 bit clients. Also got closer to NT wildcard semantics. 7). Allowed seek fails with EPIPE when doing client seeks to allow Windows clients to communicate with UNIX processes via fifo's (worked on 1.9.18, was broken in 2.0.0beta1-4). 8). Fixed compile bug with slow share mode code. 9). Fixes for QNX compiles. 10). Fixed recursion bug in nmbd if WINS server returns an error at a bad time :-). 11). Log AFS auth fail. 12). Fixed Digital UNIX enhanced security problem with SWAT. 13). Updated SID generation code to produce NT compatible SIDs. 14). Fixed bug with ENOSPC on close() calls. This should now be detected and returned to the client. 15). NT transact parameters weren't being zeroed out before use. 16). Fixed lockread bug where it was asking for a read-only lock. It should be using a write lock (however strange this seems :-). 17). Many SWAT printer fixes from Herb Lewis. 18). SWAT parameters now grouped in a more logical way. 19). Changed main smbd select loop to 60 seconds, smb.conf checks to every 120 seconds to reduce load on large servers. ----------------------------------------------------------- Issues fixed between Beta3 and Beta4 ------------------------------------ 1). More sanity checks in testparm code to help diagnose smb.conf problems. 2). Ensure log header not written before log rotated. 3). Fix getrlimit number of file descriptors problem with AIX. AIX supports the call but always returns infinity. This was causing smbd to try and allocate a large amount of memory. 4). Fixed name lookup in lmhosts to match the documentation for name type lookup. 5). Removed need to link password database code into nmbd. 6). Stop nmbd sending broadcast name refresh requests, use permanent TTL on broadcast interfaces. 7). Flag "PRINTER" and "SHARE" parameters so SWAT can display them correctly. 8). Fix SWAT so that it can display auto-generated printer list. 9). Added AFS and DCE auth includes back. 10). Added workaround to Windows NT redirector bug where it sends 64 bit lock requests to systems that don't support 64 bit offsets (eg. Linux). 11). Fixed name mangling cache bug. 12). Fix smbpasswd bug where a missmatched password could be mis-interpreted when adding a user. 13). Updates to SWAT to display "commit" button if user has write access to smb.conf. 14). Fixed to autoconf for HPUX systems to work around broken HPUX shadow.h include file. ----------------------------------------------------------- Issues fixed between Beta2 and Beta3 ------------------------------------ 1). New parameters added : "add user script" "delete user script" Designed to allow Samba servers to be set up with no UNIX users and to allow them to create the needed UNIX users on the fly. See the smb.conf documentation for more details. 2). Autoconf issues including fixes for large file support for Solaris and SINIX, and stat64 tests on SVR4 systems. 3). Code dealing with dos pathnames and native pathnames split to be explicit about when Samba is accessing which type of name. 4). Fix for missing PRINTCAP define under HPUX. 5). Added Samba specific strtoul(). 6). Fix for reverse filename mapping with ISO8859-5 filenames. 7). Fix for nmbd not starting correctly sometimes due to pid locking file. 8). Check for error returns in file descriptor limit checking code. 9). Kernel oplock code bugfix. 10). Restored client retarget code. 11). Fix for potential stack overflow in Digital UNIX crypt check. 12). Explicitly test for negative uids in smbpasswd file. 13). Fix for NT username in Domain logon code. 14). Patch from Scott Moomaw to correctly return "Invalid Info level" to Win95 printer clients. 15). Fix to allow NT printer clients to add printers (as 1.9.18 code would allow). 16). Fix to prevent ".." being used in servicename. 17). New SWAT icons. ----------------------------------------------------------- Issues fixed between Beta1 and Beta2 ------------------------------------ 1). Many autoconf issues (too many to list here). 2). Correctly set default printing for AIX. 3). Attempt to fix struct rtentry not being defined problem. 4). Convert all open() style calls to wrappers for 64 bit systems. 5). Get more 'const' correct. 6). Fix bug with O_EXCL not being set on exlusive open requests. 7). Fix string_sub() problem with LinPopup. 8). Fix lmhosts bug causing only 3 character names to be looked up. 9). Fixed bug with NetBIOS pointers in scope names. 10). Removed code that was preventing NT3.51 PDC logons from working. 11). Fixed crash bug when processing DELETE_ON_CLOSE directive from MS Office. 12). Fixed NT4.x problems adding printer. 13). Stop multiple logs of NT ACL's not supported messages. 14). Changed 'security=server' mode to use *SMBSERVER name if initial connect refused. 15). Fixed NT4.x problem with modify times not being preserved on explorer file copy. 16). 'Silent' switch for testparm. 17). Added 'hosts allow/deny' checks to SWAT. ----------------------------------------------------------- WHATS NEW IN Samba 2.0.0 beta5 ============================== This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. Major changes in Samba 2.0 -------------------------- There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From max at zl2max.gen.nz Thu Dec 31 02:49:21 1998 From: max at zl2max.gen.nz (Max Wheatley) Date: Tue Dec 2 02:24:54 2003 Subject: Help with NT domain References: <199812301035.LAA17421@ditten.farmasi.uit.no> Message-ID: <368AE631.85847A63@zl2max.gen.nz> Hi Michael ( and the rest of the list ) Michael Hinz wrote: > So, add the following line to your smb.conf and it will work. > > security = user > Hmmmm well when I read the doc' I read it as exactly the opposite, but hey. Anyway I changed this and it works fine. Thanks for your help. The big thing I found out though was the length of the machine name woodstock exceeds 8 characters ..... maybe that is why smbpasswd -a -m woodstock, would not or could not write the password field ... Changed machine name to marica and all is OK. I then spent some time sorting out profiles ..... Much confusion. I have the users profile in their home directory\profile. For the moment this seems to work, but can't see how. A few words of enlightenment may help. I got login scripts to work. I haven't checked polices yet as i have a problem. I read the bit about "domain admins" in the "FAQ for Samba NTDOM PDC support" paper. I followed that example and set it up, the only problem is testparms chokes on the "domain map group" & "local group map". When I use SWAT and look at the "full" view it shows: domain admin group = domain guest group = domain admin users = domain guest users = ..... did I miss something here ???? One last little question, in beta4 smbmount doesn't compile "out of the box" no more, do I need to modify the make file ? or is there some reason why I don't need it no more ?? Thanks -- max@zl2max.gen.nz max.wheatley@telecom.co.nz From max at zl2max.gen.nz Thu Dec 31 03:16:59 1998 From: max at zl2max.gen.nz (Max Wheatley) Date: Tue Dec 2 02:24:54 2003 Subject: Problem witn NT login into SAMBA-PDC References: <368A2492.6DC903AE@fima.net> <368A4E17.86CAC22E@eng.auburn.edu> Message-ID: <368AECAB.50F7F74@zl2max.gen.nz> Gerald Carter wrote: > > Bassine Ilya wrote: > > > > Samba was configured as PDC: > > > > [Global] > > .. > > workgroup = DOMAIN > > netbios name = SERVER > > hosts allow = 10.0.1. > > domain logons = yes > > security = user > > encrypted update = yes > > Can't user this with "encrypt passwords = yes" Not so, just done it today..... Remember to take the "plain text" password patch out of the registry, and I think must be SP3 or better. > > > > adduser script = /usr/sbin/adduser > > This is to be used if you a domain member, not a PDC. No, I don't thing so according to what i read and did today smbpasswd reads the account name. In fact if you run it with out a entry in /etc/passwd you get an error message. Sorry to be a little negative, but I only finished this a few hours ago ..... -- max@zl2max.gen.nz max.wheatley@telecom.co.nz From cartegw at Eng.Auburn.EDU Thu Dec 31 03:29:08 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:54 2003 Subject: Help with NT domain References: <199812301035.LAA17421@ditten.farmasi.uit.no> <368AE631.85847A63@zl2max.gen.nz> Message-ID: <368AEF84.98EC2EFF@eng.auburn.edu> Max Wheatley wrote: > > The big thing I found out though was the length of the machine name > woodstock exceeds 8 characters ..... maybe that is why smbpasswd -a -m > woodstock, would not or could not write the password field ... Changed > machine name to marica and all is OK. This is not a problem for smbpasswd but is a problem for some unix's as they don;t allow usernames longer than eight characters in /etc/passwd. Machine names follow the standard rules for NetBIOS names ( <=15 alpha numberic characters plus a few others) > > I then spent some time sorting out profiles ..... Much confusion. > I have the users profile in their home directory\profile. For > the moment this seems to work, but can't see how. A few > words of enlightenment may help. The logon path default is \\%L\%U\profile which places this is the user's home directory. You get roaming profiles with the Samba PDC support by default. > I got login scripts to work. Good. > I haven't checked polices yet as i have a problem. They function as well. > I read the bit about "domain admins" in the "FAQ for > Samba NTDOM PDC support" paper. I followed that example > and set it up, the only problem is testparms chokes on > the "domain map group" & "local group map". When > I use SWAT and look at the "full" view it shows: > domain admin group = > domain guest group = > domain admin users = > domain guest users = > > .... did I miss something here ???? The NTDOM FAQ is for the latest CVS code which branched from 2.0 in order to allow continued development. The branch was necessary to stabilize the 2.0 release. That's the way things work. There is one development tree which the releases are branched off near the release date. The CVS version (see Q2.1 of the NTDOM FAQ) contains the cutting edge PDC support. There is PDC support in 2.0 but it is not the latest. If you choose to stay with 2.0, use the "domain admin users" and "domain admin groups" parameters. Each takes a list of usernames similar to the "valid users" parameter. If you go with the HEAD brnahc (obtained via CVS), then use the examples from the NTDOM FAQ. I will go back and note the distinction between the two tonight if I get a chance. > One last little question, in beta4 smbmount doesn't > compile "out of the box" no more, do I need to modify > the make file ? or is there some reason why I don't need > it no more ?? The smbmount with Samba is for linux kernels 2.1.something and higher. You'll need to run ./configure --with-smbmount to enable compilation on the smbmount binaries. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From samba at aquasoft.com.au Thu Dec 31 03:27:01 1998 From: samba at aquasoft.com.au (Samba-Support) Date: Tue Dec 2 02:24:54 2003 Subject: Help with NT domain In-Reply-To: <368AE631.85847A63@zl2max.gen.nz> Message-ID: On Thu, 31 Dec 1998, Max Wheatley wrote: > Hi Michael ( and the rest of the list ) > > > Michael Hinz wrote: > > > So, add the following line to your smb.conf and it will work. > > > > security = user > > > > > Hmmmm well when I read the doc' I read it as exactly the opposite, but > hey. Anyway I changed this and it works fine. Thanks for your help. I guessed this was your problem. NT users USER level security. > > > The big thing I found out though was the length of the machine name > woodstock exceeds 8 characters ..... maybe that is why smbpasswd -a -m > woodstock, would not or could not write the password field ... Changed > machine name to marica and all is OK. This is NOT a Samba problem but an OS limitation on your platform. > > > I then spent some time sorting out profiles ..... Much confusion. I have > the users profile in their home directory\profile. For the moment this > seems to work, but can't see how. A few words of enlightenment may help. > Profiles with NT are still a bit tricky! Maybe it will be sorted out in 2.1.0. > I got login scripts to work. > > I haven't checked polices yet as i have a problem. > > I read the bit about "domain admins" in the "FAQ for Samba NTDOM PDC > support" paper. I followed that example and set it up, the only problem The NTDOM FAQ is for Samba-2.1.0. Samba-2.0.0 does have some limited NT Domain Control ability but it is far from complete. The Samba-Team official position on NT Domain Control is that it is NOT supported for 2.0.0. > is testparms chokes on the "domain map group" & "local group map". When > I use SWAT and look at the "full" view it shows: "domain group map" and "local group map" are specific to Samba-2.1.0 the ones below are specific to samba-2.0.0 and do not function correctly, that is why the change was made in 2.1.0. > domain admin group = > domain guest group = > domain admin users = > domain guest users = > > .... did I miss something here ???? > > > One last little question, in beta4 smbmount doesn't compile "out of the > box" no more, do I need to modify the make file ? or is there some > reason why I don't need it no more ?? smbmount / smbumount are NOT part of Samba. They are part only of the Linux SMBFS package. That is what you need to update. The Samba-Team does NOT support smbmount. From ken.mohr at wdc.com Thu Dec 31 04:13:36 1998 From: ken.mohr at wdc.com (Ken Mohr) Date: Tue Dec 2 02:24:54 2003 Subject: Future smbpasswd functionability? In-Reply-To: Message-ID: Hello All, In perspective to being able to changes passwords on NT machines via smbpasswd. Would there be any possible functionality with being able to use smbpasswd to reset any user password on the NT machine via correct Admin and password? The reason I am in question of this is because we're currently helping the helpdesk with tools via web pages and I really dispite IIS completely and would prefer to use a unix means and samba seems the most logical way. Thanks, Ken Mohr From svedja at lysator.liu.se Thu Dec 31 11:16:10 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:54 2003 Subject: MMAP broken in Beta-5 Message-ID: ./configure--with-smbwrapper --with-mmap --with-quotas Samba2.0.0 -beta5 on Solaris_x86 2.6 with GCC-2.8.1 # make all Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DSMB_PASSWD_PROGRAM="" Using LIBS = -lsec -lsocket -lnsl -ldl -lpam -lbind Linking bin/smbd Undefined first referenced symbol in file sys_mmap smbd/open.o ld: fatal: Symbol referencing errors. No output written to bin/smbd make: *** [bin/smbd] Error 1 From icoupeau at unav.es Thu Dec 31 12:21:21 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:54 2003 Subject: Beta5-Problem with NT login Message-ID: <368B6C41.B1BC6870@unav.es> I tested the Beta5 PDC in two different linux RedHat 5.2 (Kernel 2.0.36) boxes. The ws are Intel NT4 SP3. The problem: I can't log in the domain; the NT say me some like to: Can't init session into C000019B (translated from the spanish; so in english the error message will sound very different...) With log level up 5 I can't see any error in the linux PDC. If the NT ws is removed from smbpasswd and added again to domain, runs fine... the NT log in the domain, etc. Is the only solution rejoin all the NT ws to the domain?... Thx, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From cartegw at Eng.Auburn.EDU Thu Dec 31 14:43:15 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:54 2003 Subject: Beta5-Problem with NT login References: <368B6C41.B1BC6870@unav.es> Message-ID: <368B8D83.197FB564@eng.auburn.edu> Ignacio Coupeau wrote: > > I tested the Beta5 PDC in two different linux RedHat > 5.2 (Kernel 2.0.36) boxes. The ws are Intel NT4 SP3. > > The problem: > I can't log in the domain; the NT say me some like to: Can't init > session into C000019B (translated from the spanish; so in english the > error message will sound very different...) > > With log level up 5 I can't see any error in the linux PDC. > > If the NT ws is removed from smbpasswd and added again to domain, runs > fine... the NT log in the domain, etc. > Is the only solution rejoin all the NT ws to the domain?... If memory serves me correctly, it sounds like the domain sid was changed when you installed the latest Beta version. Did you save a copy of the MACHINE.SID file? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ken at sdd.hp.com Thu Dec 31 16:13:52 1998 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:24:54 2003 Subject: MMAP broken in Beta-5 In-Reply-To: Your message of Thu, 31 Dec 1998 22:17:14 +1100. Message-ID: <199812311613.IAA10378@hpsdlz.sdd.hp.com> I would second that ... has been for a week or so in the CVS code, sorry I couldn't warn you sooner :-( HP-UX 10.20 here ... from a first look thru, it appears that maybe --with-mmap in general is busted. -- Ken > /configure--with-smbwrapper --with-mmap --with-quotas > > Samba2.0.0 -beta5 on Solaris_x86 2.6 with GCC-2.8.1 > > # make all > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > -DSMBLOGFILE="/usr/local/samba/var/log.smb" > -DNMBLOGFILE="/usr/local/samba/var/log.nmb" > -DCONFIGFILE="/usr/local/samba/lib/smb.conf" > -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" > -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" > -DLOCKDIR="/usr/local/samba/var/locks" > -DSMBRUN="/usr/local/samba/bin/smbrun" > -DCODEPAGEDIR="/usr/local/samba/lib/codepages" > -DDRIVERFILE="/usr/local/samba/lib/printers.def" > -DBINDIR="/usr/local/samba/bin" > -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" > -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" > -DSMB_PASSWD_PROGRAM="" > Using LIBS = -lsec -lsocket -lnsl -ldl -lpam -lbind > Linking bin/smbd > Undefined first referenced > symbol in file > sys_mmap smbd/open.o > ld: fatal: Symbol referencing errors. No output written to bin/smbd > make: *** [bin/smbd] Error 1 > From svedja at lysator.liu.se Thu Dec 31 16:29:28 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:54 2003 Subject: MMAP broken in Beta-5 In-Reply-To: <199812311613.IAA10378@hpsdlz.sdd.hp.com> Message-ID: Well, the function does exist in source/lib/system.c but the function is not included in the linking, so the resulting Makefile is actualy the one busted (or the define HAVE_SHARED_MMAP is not included when compiling system.c) source/lib/system.c: #if defined(HAVE_SHARED_MMAP) /******************************************************************* An mmap() wrapper that will deal with 64 bit filesizes. ********************************************************************/ void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, SMB_OFF_T offset) { #if defined(LARGE_SMB_OFF_T) && defined(HAVE_MMAP64) return mmap64(addr, len, prot, flags, fd, offset); #else return mmap(addr, len, prot, flags, fd, offset); #endif } #endif /* HAVE_SHARED_MMAP */ ** On Thu, 31 Dec 1998, Ken Stone wrote: > > I would second that ... has been for a week or so in the CVS code, sorry > I couldn't warn you sooner :-( > > HP-UX 10.20 here ... from a first look thru, it appears that maybe --with-mmap > in general is busted. > > -- Ken > > > /configure--with-smbwrapper --with-mmap --with-quotas > > > > Samba2.0.0 -beta5 on Solaris_x86 2.6 with GCC-2.8.1 > > > > # make all > > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper > > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > > -DSMBLOGFILE="/usr/local/samba/var/log.smb" > > -DNMBLOGFILE="/usr/local/samba/var/log.nmb" > > -DCONFIGFILE="/usr/local/samba/lib/smb.conf" > > -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" > > -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" > > -DLOCKDIR="/usr/local/samba/var/locks" > > -DSMBRUN="/usr/local/samba/bin/smbrun" > > -DCODEPAGEDIR="/usr/local/samba/lib/codepages" > > -DDRIVERFILE="/usr/local/samba/lib/printers.def" > > -DBINDIR="/usr/local/samba/bin" > > -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" > > -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" > > -DSMB_PASSWD_PROGRAM="" > > Using LIBS = -lsec -lsocket -lnsl -ldl -lpam -lbind > > Linking bin/smbd > > Undefined first referenced > > symbol in file > > sys_mmap smbd/open.o > > ld: fatal: Symbol referencing errors. No output written to bin/smbd > > make: *** [bin/smbd] Error 1 > > > ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From Ryan at Distribution.com Thu Dec 31 21:20:36 1998 From: Ryan at Distribution.com (Ryan Koski) Date: Tue Dec 2 02:24:54 2003 Subject: beta5 shared memory Message-ID: <773702019F1DD21196ED00A0C9D6526F2DC38E@EXCHANGE.distribution.com> Hello... Running RedHat 5.2 (2.0.36), after doing a configure, make, and make install: [root@gateway source]# smbstatus Samba version 2.0.0beta5 Service uid gid pid machine ---------------------------------------------- ERROR smb_shm_open : open failed with code No such file or directory ERROR: Failed to initialise share modes! Can't initialise shared memory - exiting [root@gateway source]# This has been around since beta2 ( I guess I kinda hoped it would get fixed in each subsequent beta :-) ). Ryan Koski Management Information Systems Distribution Architects International