From douglasd at iig.com.au Sun Nov 8 02:01:02 1998 From: douglasd at iig.com.au (Douglas De Vine) Date: Tue Dec 2 02:24:33 2003 Subject: NTDOM Message-ID: <3644FB5E.47C7C94A@iig.com.au> I would like to join mailing list please From vs at lasp.npi.msu.su Sun Nov 1 23:46:10 1998 From: vs at lasp.npi.msu.su (vs@lasp.npi.msu.su) Date: Tue Dec 2 02:24:39 2003 Subject: NULL printer driver Message-ID: <199811012346.CAA10650@lasp.npi.msu.su> A non-text attachment was scrubbed... Name: not available Type: text Size: 557 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981102/4eb2d868/attachment.bat From thwartedefforts at wonky.org Mon Nov 2 19:50:08 1998 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:39 2003 Subject: null session %U expansion (patch) Message-ID: <19981102195008.11347.cpmta@fillmore.criticalpath.net> On Fri, 30 October 1998, Luke Kenneth Casson Leighton wrote: > therefore, if we refuse anonymous connections, then clients will > "revalidate" with a non-anonymous connection (usr, pass, domain) > immediately, and _then_ do a netwkstagetinfo call, and we will be in a > position to respond correctly. > > can we add a "restrict anonymous" option to refuse all null session > connections, which i believe will fix this problem once and for all: we've > been over and over this for approximately eighteen months, it keeps coming > up. That sounds like exactly what is needed, assuming that the Windows clients will do the revalidate when the anonymous connection is denied. I think I can whip this up (should it be done higher up in the call stack than in reply_sesssetup_and_X?). Andy. From jallison at cthulhu.engr.sgi.com Mon Nov 2 19:59:53 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:39 2003 Subject: null session %U expansion (patch) References: <19981102195008.11347.cpmta@fillmore.criticalpath.net> Message-ID: <363E0F39.80057D3A@engr.sgi.com> thwartedefforts@wonky.org wrote: > > On Fri, 30 October 1998, Luke Kenneth Casson Leighton wrote: > > therefore, if we refuse anonymous connections, then clients will > > "revalidate" with a non-anonymous connection (usr, pass, domain) > > immediately, and _then_ do a netwkstagetinfo call, and we will be in a > > position to respond correctly. > > > > can we add a "restrict anonymous" option to refuse all null session > > connections, which i believe will fix this problem once and for all: we've > > been over and over this for approximately eighteen months, it keeps coming > > up. > > That sounds like exactly what is needed, assuming that the Windows clients will do the revalidate when the anonymous connection is denied. I think I can whip this up (should it be done higher up in the call stack than in reply_sesssetup_and_X?). > Unfortunately this would break browse mastering and password changes. Both Browse synchronisation and password changing are done via an anonymous connection. The process that does this (browse mastering) cannot revalidate as it doesn't have a user context to revalidate as. Look at the browse sync code in nmbd to see what really happens. On NT the equivalent of this code is done as the user MACHINE\System. The reason this keeps coming up is that it's a *Microsoft* bug that they see no profit in fixing as it only affects Samba servers - NT doesn't change the resource list on a per user basis. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Mon Nov 2 20:06:17 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:39 2003 Subject: null session %U expansion (patch) In-Reply-To: <19981102195008.11347.cpmta@fillmore.criticalpath.net> Message-ID: it should be done in reply_sessetup_X: if "username" is NULL, password is NULL then report "Access dewnied". On Tue, 3 Nov 1998 thwartedefforts@wonky.org wrote: > On Fri, 30 October 1998, Luke Kenneth Casson Leighton wrote: > > therefore, if we refuse anonymous connections, then clients will > > "revalidate" with a non-anonymous connection (usr, pass, domain) > > immediately, and _then_ do a netwkstagetinfo call, and we will be in a > > position to respond correctly. > > > > can we add a "restrict anonymous" option to refuse all null session > > connections, which i believe will fix this problem once and for all: we've > > been over and over this for approximately eighteen months, it keeps coming > > up. > > That sounds like exactly what is needed, assuming that the Windows clients will do the revalidate when the anonymous connection is denied. I think I can whip this up (should it be done higher up in the call stack than in reply_sesssetup_and_X?). > > Andy. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Mon Nov 2 21:06:32 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:39 2003 Subject: null session %U expansion (patch) In-Reply-To: <363E0F39.80057D3A@engr.sgi.com> Message-ID: > > Unfortunately this would break browse mastering and password changes. Both > Browse synchronisation and password changing are done via an anonymous > connection. ok, password changing: that's a good thing (you're referring to win95 and below password changes). nt password changes i have seen send a username/domain/password to log in and _then_ send the password change. browsing: that's slightly bad, and for that some exploration of the nt browse mechanism should be done. luke From r.buckland at qut.edu.au Tue Nov 3 08:29:03 1998 From: r.buckland at qut.edu.au (Ramon Buckland) Date: Tue Dec 2 02:24:39 2003 Subject: sercurity = server Message-ID: <3.0.32.19981103182902.006d783c@pigeon.qut.edu.au> Hi All, Great Job you are all doing, I have been on the list now for a few weeks and .. wow... keep it up. I have a few weirds happening with my local setup and I was wondering if somwone could shed light. Background: NT4 Controlled Domain (NT4SP3 PDC and BDC) Samba 1.9.18p10 security = server encrypted password = no Win95 clients scattered around using all three and each other. No password encryption is being used. WIN95_WS is WIN95 OSR/2 (User level Access, Obtain list from Domain) C$ is shared with UserGroup given Full Access myuser is in UserGroup ........ smbclient //win95_ws/sharedir -U myuser (enter passsword) *** Connects, not a problem *** ........ smbmount //win95_ws/sharedir /mnt/mountdir -U myuser smbmount //win95_ws/sharedir /mnt/mountdir -U myuser -I win95.ip.num smbmount //win95_ws/sharedir /mnt/mountdir -U myuser -I win95.ip.num -c samba_netbios_name (enter password for myuser) *** long wait *** mount error: Invalid argument Please look at smbmount's manul page for possible reasons *** All CAPS *** smbmount //WIN95_WS/SHAREDIR /mnt/mountdir -U MYUSER -I win95.ip.num -c samba_netbios_name (enter password for myuser CAPS) *** long wait *** mount error: Invalid argument Please look at smbmount's manul page for possible reasons ...... I can mount shares from the NT4SP3 PDC and BDC from Samba not a problem using smbmount This one has me bafffled. Any suggestions ? Thanks Ramon Ramon Buckland email: r.buckland@qut.edu.au Phone: +61 7 3864 1110 Mobile: 0416 259 789 http://www.fss.qut.edu.au QUT Facilities Support Services, Network Administrator From svedja at lysator.liu.se Tue Nov 3 13:34:49 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:39 2003 Subject: Problem with connecting with non-domain computer Message-ID: I have problems with connecting from a computer outside the domain (NT4-SP4) to a server. When clicking on network neighbourhood everything seems normal, the NT4 asks for user and password. I get a view of shares, but here the problem begins. The names in the list are corrupted in the way that the share-name and the comment are connected together so that when you click on the name the computer tries to connect to "NameComment" instead of just the "Name", thus failing to find the share. The Samba source is from yesterday, but the problem seems to have been there for a couple days at least. Samba is configured to run as a domain-controller. .. PS. I just noticed that the same error is there when connected as a domain_user. Just go thru network neighbourhood to the server and you will see the error. ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From prices at turtletech.com Tue Nov 3 17:31:26 1998 From: prices at turtletech.com (Scott Price) Date: Tue Dec 2 02:24:39 2003 Subject: subscribe Message-ID: <363F3DEE.BE38F076@turtletech.com> -- Scott Price prices@turtletech.com Hardware/Software Design, Web Development www.turtletech.com Hunt Technologies, Inc. Office:(218) 562-5101 Pequot Lakes, MN Fax:(218) 562-4878 From heinig at hdz-ima.rwth-aachen.de Tue Nov 3 18:33:48 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:39 2003 Subject: Samba backup (BDC functionality) Message-ID: <363F4C8C.2A3C4847@hdz-ima.rwth-aachen.de> Hi all, Please feel free to rant at me if this question's been asked before (I'm sure it has... :-) ), but does Samba support BDC functionality yet? More to the point, is it possible to configure 2 machines to run identical Samba configs (ie. identical smb.confs) and simply start the Samba server on the "backup" machine if/when the first machine goes down? We'd like to have some redundancy here, and if all it takes is making a copy of all user accounts, smbpasswd and creating a replica NIS+ server on our second machine and starting Samba on the second machine when the first dies, then that would be a virtually ideal solution. We can take 10 minutes - half hour downtime, but much above that will be difficult to justify to the powers that be (who are eagerly eyeing the NT Server glossy brochures... :-( :-( :-( ). Thanks, Gerald PS. It says on the Samba NTDOM FAQ that PDC <=> BDC *INTEGRATION* isn't implemented yet. What exactly does this mean? Does it mean that a BDC works, but you have to mirror data manually, or start it manually, or does it mean that BDC simply isn't implemented yet? From svedja at lysator.liu.se Tue Nov 3 18:52:13 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:39 2003 Subject: Capacity reporting problem Message-ID: background: Win98 against Samba-domain with todays code. Problem: The share reports incorrect size of partition but correct free space (probably) Connected the share to a drive and checked the free space. Solaris view of the world (12GB RAID-5 partition) Real space on disks: 13029980 * 1024-blocks capacity, 11308303 * 1024-blocks used, 1721677 * 1024-blocks free. Samba-share Reported by Win98: 4 227 793 920 bytes capacity, 2 492 356 608 bytes used, 1 735 437 317 bytes free. Reported files system is NTFS. Is there a Known Limitation in Win95/98 on the sizes of network shares (4GB ?) and I'm seeing the values modulo 4GB ? Or an incorrect assumption by Samba ? ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From svedja at lysator.liu.se Tue Nov 3 19:06:03 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:39 2003 Subject: Problem with connecting with non-domain computer In-Reply-To: Message-ID: To reply on myself, I tested it on my Win98 machine and I don NOT get the effect there. Everything seems OK on it. Dejan .... On Tue, 3 Nov 1998, Dejan Ilic wrote: > I have problems with connecting from a computer outside the domain > (NT4-SP4) to a server. > > When clicking on network neighbourhood everything seems normal, the > NT4 asks for user and password. I get a view of shares, but here the > problem begins. > > The names in the list are corrupted in the way that the share-name and > the comment are connected together so that when you click on the name > the computer tries to connect to "NameComment" instead of just the > "Name", thus failing to find the share. > > > The Samba source is from yesterday, but the problem seems to have been > there for a couple days at least. Samba is configured to run as a > domain-controller. > . > > > PS. > I just noticed that the same error is there when connected as a > domain_user. Just go thru network neighbourhood to the server and you > will see the error. From Jean-Francois.Micouleau at dalalu.fr Tue Nov 3 19:15:29 1998 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:39 2003 Subject: Problem with connecting with non-domain computer In-Reply-To: Message-ID: On Wed, 4 Nov 1998, Dejan Ilic wrote: > > The names in the list are corrupted in the way that the share-name and > > the comment are connected together so that when you click on the name > > the computer tries to connect to "NameComment" instead of just the > > "Name", thus failing to find the share. Checkout the CVS tree again. Luke have just corrected this bug. J.F. From canfield at uindy.edu Tue Nov 3 19:50:42 1998 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:39 2003 Subject: Office Problem Message-ID: I don't know if I'm looking in the right place, but... we are having problems with certain wizards not running. The big one is the one in MSAccess '97 in the Tools menu that "says Merge with MS Word." When logged in as a domain user, the OA always pops up and says that the wizard is not installed. But, if you log in as Administrator, or as a local user (we have a test account which is only a member of users), the wizard runs fine. Could this possibly be a user group mapping issue? Does anyone know of a fix, or where I should start looking? I know at one time there was some question as to just what group domain users were being mapped to. I am not sure if that has really been cleared up or not. We are using office 97 system policies, but there are only about 5 or 6 items that we even use in those. The system policy should also apply to local users, right (if not, I suppose this could be a potential location of the problem)? We also have the entire Program Files directory set to (RX). I don't think it is a permissions problem, though, because the local user works. On a related note, does anyone know of a site that might keep a listing of NT permissions that work for given programs? It's often a long and tedious process figuring out how tightly you can lock the permissions for given software before it breaks. If no such site exsits, I may start one. Thanks for the help! Dana From doverbey at att.com Tue Nov 3 19:57:15 1998 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALTEC) Date: Tue Dec 2 02:24:39 2003 Subject: Problem with connecting with non-domain computer Message-ID: <199811032001.PAA00635@njb140r1.ems.att.com> How do I get to the CVS branch? I believe, I will also need the IP address of the CVS server... Thanks A. Dudley Overbey Doverbey@att.com -----Original Message----- From: Jean Francois Micouleau [mailto:Jean-Francois.Micouleau@dalalu.fr] Sent: Tuesday, November 03, 1998 2:17 PM To: Multiple recipients of list Subject: Re: Problem with connecting with non-domain computer On Wed, 4 Nov 1998, Dejan Ilic wrote: > > The names in the list are corrupted in the way that the share-name and > > the comment are connected together so that when you click on the name > > the computer tries to connect to "NameComment" instead of just the > > "Name", thus failing to find the share. Checkout the CVS tree again. Luke have just corrected this bug. J.F. From lkcl at switchboard.net Wed Nov 4 00:16:32 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:39 2003 Subject: groups API database Message-ID: ok, so the story so far is: - all domain groups / users parameters have disappeared, to be replaced with: "local group map" "domain group map" which have the same format as "username map". at the moment, you can only have usernames, local groups or domain groups from _your_ domain in these files. there will be two options for putting users into groups (which is independant of the above, which covers nt->unix name mapping issues). option 1 -------- use /etc/group entries. you *must* ensure (and in the first version you will have no choice about this :-) that the unix group (local or domain) is in _your_ domain: see long message last week for details on why. if you add a user to a group that maps to an NT group in a different domain, an error message will be logged. if you wish to have a user added to an NT "local group", you will have to put an entry into "local group map" with the NT name and the UNIX name. this will inform samba that the unix group represents an NT local group as far as any NT machines are concerned. if you wish to have a user added to an NT "domain group", you will have to put an entry into "domain group map" with the NT name and the UNIX name. this will inform samba that the unix group represents an NT domain group as far as any NT machines are concerned. does anyone have any preferences as to which should be the default? namely, that if no entry exists (for a unix group that the user is in) in either "domain group map" or "local group map" the NT group should be assumed to be of type xyz. the options are: \LOCAL_SERVER\domain group (not possible!!!) \LOCAL_SERVER\local group \DOMAIN\domain group \DOMAIN\local group option 2 -------- suitable for "appliance mode": there will be a private/smbgroup or similar file, in which you add a list of domain groups and local groups in the domain that the user belongs to. there will be a private/domaingroup or similar file, which lists the users that are in a particular domain. there will be a private/localgroup or similar file, which lists, in the format \DOMAIN\group_or_user, the members in a local group. domain groups can only contain users in the domain; local groups can contain SID-RIDs of absolutely anything, anywhere: foriegn domains, groups, users, the works it's quite neat. there will need to be either some maintenance tools or i just get USRMGR.EXE working properly, to maintain these files. big "DO NOT EDIT" notices at the top of them :-) From m.chapman at student.unsw.edu.au Wed Nov 4 01:23:36 1998 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:39 2003 Subject: Office Problem References: Message-ID: <363FAC98.FFFE6F36@student.unsw.edu.au> Dana Canfield wrote: > I don't know if I'm looking in the right place, but... we are having > problems with certain wizards not running. The big one is the one in > MSAccess '97 in the Tools menu that "says Merge with MS Word." > When logged in as a domain user, the OA always pops up and says that > the wizard is not installed. But, if you log in as Administrator, or as a > local user (we have a test account which is only a member of users), the > wizard runs fine. In my case the solution was to make the wizard files (*.mde, *.mdt, *.mda) world-writable (if we weren't talking about Windows NT that would be considered a security risk!). There is something in the Knowledge Base about this in relation to Access 95, but in my experience it hasn't been fixed in 97 or the SP's. BTW Can people check the following and reply to me. I am sure both Service Packs have been thoroughly tested and these are to do with my configuration, but you never know... * Access 97 SP2 seems to have broken my Import Data wizard - it just doesn't come up. * NT 4.0 SP4 seems to have broken the Permissions dialog in file properties. Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From greg at discreet.com Wed Nov 4 01:33:35 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:40 2003 Subject: groups API database In-Reply-To: Message-ID: Sounds very cool... coming soon to a cvs tree near you? Greg On 04-Nov-98 Luke Kenneth Casson Leighton wrote: > ok, so the story so far is: > > - all domain groups / users parameters have disappeared, to be replaced > with: > > "local group map" > "domain group map" > > which have the same format as "username map". at the moment, you can only > have usernames, local groups or domain groups from _your_ domain in these > files. > > > there will be two options for putting users into groups (which is > independant of the above, which covers nt->unix name mapping issues). > > option 1 > -------- > > use /etc/group entries. you *must* ensure (and in the first version you > will have no choice about this :-) that the unix group (local or domain) > is in _your_ domain: see long message last week for details on why. if > you add a user to a group that maps to an NT group in a different domain, > an error message will be logged. > > if you wish to have a user added to an NT "local group", you will have to > put an entry into "local group map" with the NT name and the UNIX name. > this will inform samba that the unix group represents an NT local group as > far as any NT machines are concerned. > > if you wish to have a user added to an NT "domain group", you will have to > put an entry into "domain group map" with the NT name and the UNIX name. > this will inform samba that the unix group represents an NT domain group > as far as any NT machines are concerned. > > does anyone have any preferences as to which should be the default? > namely, that if no entry exists (for a unix group that the user is in) in > either "domain group map" or "local group map" the NT group should be > assumed to be of type xyz. the options are: > > \LOCAL_SERVER\domain group (not possible!!!) > \LOCAL_SERVER\local group > \DOMAIN\domain group > \DOMAIN\local group > > > option 2 > -------- > > suitable for "appliance mode": > > there will be a private/smbgroup or similar file, in which you add a list > of domain groups and local groups in the domain that the user belongs to. > > there will be a private/domaingroup or similar file, which lists the users > that are in a particular domain. > > there will be a private/localgroup or similar file, which lists, in the > format \DOMAIN\group_or_user, the members in a local group. > > domain groups can only contain users in the domain; local groups can > contain SID-RIDs of absolutely anything, anywhere: foriegn domains, > groups, users, the works it's quite neat. > > > there will need to be either some maintenance tools or i just get > USRMGR.EXE working properly, to maintain these files. big "DO NOT EDIT" > notices at the top of them :-) > > ---------------------------------- Greg Dickie just a guy* *from Discreet Logic ---------------------------------- From dnehring at telemedia.de Wed Nov 4 12:42:59 1998 From: dnehring at telemedia.de (Dirk Nehring) Date: Tue Dec 2 02:24:40 2003 Subject: Can't change password via Win98 Message-ID: <19981104134259.A22312@fireball.highway.bertelsmann.de> Hi, we're running Samba 2.0 (latest CVS version) as PDC, with a local smbpasswd. I have the following entry in smb.conf: [...] security = user encrypt passwords = yes passwd program = /usr/local/samba/bin/smbpasswd passwd chat = old*password %o\n new*password %n\n new*password %n\n changed [...] With smbpasswd -r localhost -U dnehring I have no problems changing my password, but when I logged in with a Win98 machine (works flawlessly, btw), I got "The domain controller for this domain cannot be found." Any idea? Dirk PS: Is the machine name "hostx$" required any more in smbpasswd? I works for me without that entry. -- Dirk Nehring | Phone: +49 5241 80- Telemedia Bertelsmann AG | Fax: +49 5241 80-9518 Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de 33311 G?tersloh | From cartegw at Eng.Auburn.EDU Wed Nov 4 13:59:58 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:40 2003 Subject: Samba backup (BDC functionality) References: <363F4C8C.2A3C4847@hdz-ima.rwth-aachen.de> Message-ID: <36405DDE.91EB3BC0@eng.auburn.edu> Gerald Heinig wrote: > > does Samba support BDC functionality yet? More to the point, is it > possible to configure 2 machines to run identical Samba configs (ie. > identical smb.confs) and simply start the Samba server on the "backup" > machine if/when the first machine goes down? That should work fine. The only problem might be the WINS registration. The NT clients look for DOMAIN<1b> on the WINS server to locate the DC. Also make sure that you copy - smb.conf - private/MACHINE.SID - private/smbpasswd to the second machine. Just to make sure, you are talking about only having one run at a time, simply being able to start the second up if the first DC \ crashes, correct? > PS. It says on the Samba NTDOM FAQ that PDC <=> BDC *INTEGRATION* isn't > implemented yet. What exactly does this mean? Does it mean that a BDC > works, but you have to mirror data manually, or start it manually, or > does it mean that BDC simply isn't implemented yet? PDC<->BDC integration is really the PDC<->BDC replication process. The protocol which MS uses to do this is undocumented and needs more study to implement. -- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Nov 4 14:35:13 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:40 2003 Subject: Can't change password via Win98 References: <19981104134259.A22312@fireball.highway.bertelsmann.de> Message-ID: <36406621.CD8A87F5@eng.auburn.edu> Dirk Nehring wrote: > > PS: Is the machine name "hostx$" required any more in smbpasswd? I works > for me without that entry. > Only for domain members. Win9x client are not really domain members. See http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html for a good description of the NT domain security model. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From svedja at lysator.liu.se Wed Nov 4 14:39:05 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:40 2003 Subject: Samba network security Message-ID: I'm setting up a computer pool with NT4-SP4 machines these days and I just noticed that SP4 implements NTLMv2 (enhancement of NTLM found up to SP3). Anybody implementing it ? I would like to see a option flag in smb.conf when you could select the "lowest" protocol permitted. Someting like "force protocol = lanman" or "force protocol = ntlm-v2" to enforce the enhancments of LM-fix and thus hopoefully strengthen the security if you have a NT-only computer pool like me. Also is SMB-signing implemented in Samba ? Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From lkcl at switchboard.net Wed Nov 4 14:44:10 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: Samba backup (BDC functionality) In-Reply-To: <36405DDE.91EB3BC0@eng.auburn.edu> Message-ID: > Also make sure that you copy > > - private/MACHINE.SID > - private/smbpasswd > > to the second machine. do this _securely_. From lkcl at switchboard.net Wed Nov 4 14:52:59 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: Samba network security In-Reply-To: Message-ID: On Thu, 5 Nov 1998, Dejan Ilic wrote: > I'm setting up a computer pool with NT4-SP4 machines these days and I > just noticed that SP4 implements NTLMv2 (enhancement of NTLM found up > to SP3). Anybody implementing it ? if you can get a full spec, i will implement it. > Also is SMB-signing implemented in Samba ? not that i know of. From mp at agymk.mumszki.hu Wed Nov 4 15:42:10 1998 From: mp at agymk.mumszki.hu (Martha Peter) Date: Tue Dec 2 02:24:40 2003 Subject: samba 2.0.0 and policies In-Reply-To: Message-ID: Hi! First of all, thanks to every samba maker to let us forget NT and use Linux as a domain controller/logon server. Just one tiny problem i faced to: i have downloaded samba 2.0.0 (CVS 2 weeks) and policy downloading stopped. Before that time i used 1.9.19 and everything went great, but now i counld't find any traces that W95 client wants to get the policy from the netlogon share. May i have to upgrade my samba or is there any solution. Thanx in advance Peter Peter Martha Andrassy Gyula Technical Secondary School, Miskol mp@agymk.mumszki.hu +36-46-412-444 From heinig at hdz-ima.rwth-aachen.de Wed Nov 4 16:29:29 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:40 2003 Subject: Samba backup (BDC functionality) References: <363F4C8C.2A3C4847@hdz-ima.rwth-aachen.de> <36405DDE.91EB3BC0@eng.auburn.edu> Message-ID: <364080E8.7E550F47@hdz-ima.rwth-aachen.de> Gerald W. Carter wrote: > Gerald Heinig wrote: > > > > does Samba support BDC functionality yet? More to the point, is it > > possible to configure 2 machines to run identical Samba configs (ie. > > identical smb.confs) and simply start the Samba server on the "backup" > > machine if/when the first machine goes down? > > That should work fine. The only problem might be the WINS > registration. The NT clients look for DOMAIN<1b> on the WINS > server to locate the DC. We're not using WINS here. Everything works OK, though. Should I be using WINS? > Also make sure that you copy > > - smb.conf > - private/MACHINE.SID > - private/smbpasswd > > to the second machine. Wonderful. No stress with changing hostnames/IP addresses then. > Just to make sure, you are talking about only having one run at > a time, simply being able to start the second up if the first DC \ > crashes, correct? Exactly. Obviously, it would be nice to have two running, with the second kicking straight in if the first dies. But starting by hand is absolutely fine. > > PS. It says on the Samba NTDOM FAQ that PDC <=> BDC *INTEGRATION* isn't > > implemented yet. What exactly does this mean? Does it mean that a BDC > > works, but you have to mirror data manually, or start it manually, or > > does it mean that BDC simply isn't implemented yet? > > PDC<->BDC integration is really the PDC<->BDC replication process. > The protocol which MS uses to do this is undocumented and needs > more study to implement. So what's the difference between a PDC and a BDC then? Are they essentially the same, only the BDC having slightly less "privilege" or "priority"? Something along the lines of NIS+ master server and replica server? Thanks for the help Gerald From cartegw at Eng.Auburn.EDU Wed Nov 4 17:04:56 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:40 2003 Subject: [Fwd: Samba backup (BDC functionality)] Message-ID: <36408938.F083AC42@eng.auburn.edu> Forgot to CC list. -------------- next part -------------- An embedded message was scrubbed... From: "Gerald W. Carter" Subject: Re: Samba backup (BDC functionality) Date: Wed, 04 Nov 1998 11:01:56 -0600 Size: 2237 Url: http://lists.samba.org/archive/samba-ntdom/attachments/19981104/dac084b6/attachment.eml From drobbins at obgyn.unm.edu Wed Nov 4 17:59:55 1998 From: drobbins at obgyn.unm.edu (Daniel Robbins) Date: Tue Dec 2 02:24:40 2003 Subject: Samba browsing with picture FIXED! Message-ID: <3640961B.28E6E5AD@obgyn.unm.edu> Got the latest CVS today, and the garbled browsing of the Samba server from NT4 has gone away! Great work everyone! Best Regards, -- Daniel Robbins System Administrator University of New Mexico drobbins@obgyn.unm.edu From dnehring at telemedia.de Thu Nov 5 15:46:18 1998 From: dnehring at telemedia.de (Dirk Nehring) Date: Tue Dec 2 02:24:40 2003 Subject: Can't change password via Win98 In-Reply-To: <36406621.CD8A87F5@eng.auburn.edu>; from Gerald W. Carter on Thu, Nov 05, 1998 at 01:36:24AM +1100 References: <19981104134259.A22312@fireball.highway.bertelsmann.de> <36406621.CD8A87F5@eng.auburn.edu> Message-ID: <19981105164618.A25836@fireball.highway.bertelsmann.de> On Thu, Nov 05, 1998 at 01:36:24AM +1100, Gerald W. Carter wrote: > Dirk Nehring wrote: > > > > PS: Is the machine name "hostx$" required any more in smbpasswd? I works > > for me without that entry. > > > > Only for domain members. Win9x client are not really domain members. > See > > http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html > > for a good description of the NT domain security model. Yeah, but can you explain why I can do with a real Windows NT Server, but not with Samba? Dirk -- Dirk Nehring | Phone: +49 5241 80- Telemedia Bertelsmann AG | Fax: +49 5241 80-9518 Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de 33311 G?tersloh | From mk at quadstone.com Thu Nov 5 17:25:30 1998 From: mk at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:24:40 2003 Subject: Help! v1.9.19 profiles not loaded in 2.0.0 Message-ID: <1395.199811051725@subnode.quadstone.com> The version of Samba PDS we are currently using (1.9.19-prealpha) doesn't seem to work with SP4 of NT 4.0 so I've downloaded the latest version (2.0.0-alpha11) via CVS. When I try to use this version the profile of users that are NOT in the "domain admin group" list is not loaded! No errors appear in the log files. The only way to fix it is to remove the users profile directory or profile/NTUSER.DAT file from both the PC and home directory. Are the profiles between these versions incompatible? Is there any other way to fix this than deleting everyones profile and starting again??!!! Michael _________ Michael Keightley Tel: +44 131 220 4491 Systems Manager Fax: +44 131 220 4492 Quadstone Limited WWW: http://www.quadstone.com From heinig at hdz-ima.rwth-aachen.de Thu Nov 5 17:44:32 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:40 2003 Subject: First login doesn't mount NFS automounted home directory Message-ID: <3641E400.8B015E99@hdz-ima.rwth-aachen.de> Hi all, We're having a few problems with a Samba version CVSed about 2 weeks ago: When I introduce a new user to the system, he can only log in via Samba *after* he's logged in at least once under UNIX on the server! When a new user logs in to NT with Samba, the error message produced is that NT can't find the server-stored profile and uses the local one instead. The log files indicate that a chdir to the user's home directory didn't work, although the automounter is mounting the home directories via NFS without any problem. When the user now logs in to UNIX (where everything works fine) and logs out again without doing anything, and then tries to log in to NT/Samba, everything works OK. I'm using NT4 SP3 / Samba NTDOM CVS as of 2 weeks ago ie. 24 October-ish and Solaris 2.6/ SPARCstation 20. Is this a known problem or does anyone need logfile output? Cheers Gerald From kjm at coe.neu.edu Thu Nov 5 20:52:05 1998 From: kjm at coe.neu.edu (Kyle McDonald) Date: Tue Dec 2 02:24:40 2003 Subject: First login doesn't mount NFS automounted home directory References: <3641E400.8B015E99@hdz-ima.rwth-aachen.de> Message-ID: <36420FF5.B3BA2BE6@coe.neu.edu> Hi, Are you using the -secure option on the NFS mount? This enables Secure RPC's and requires that the KeyServer on the UNIX machine have the users credentials cached. Secure RPC's are available by default if you are using NIS+ But NFS won't use them unless the disk is (both?) exported and/or mounted with the -secure option. The keyserver caches the credentials when they are passed to it by either keylogin, login, or dtlogin which unencrypt them using the users password. If these programs aren't run (or don't have access to the password) then they are unable to unencrypt the credentials and store them in the keyserver. I'm guessing that the reason it works after the user logs in is that login or dtlogin, have unencrypted them, and passed them on to the keyserver which will then store them until it dies (i.e. reboots) I have this problem in several non-samba places. And from what you've told me I will have it again with samba when I try to start using it for more things. The keyserver api is pretty well documented (and simple.) If Samba has access to the plain-text password, it could make all the same calls to the keyserver that keylogin does. I have hacked keylogin for my own purposes already ( being and .edu has it's advantages -> Solaris source code.) It's really a pretty simple program. I just don't know if Samba will have the clear text password under all the required circumstances. The quick fix is to not do the NFS mounts with the -secure option. -Kyle -- _ -------------------------------ooO( )Ooo------------------------------- Kyle J. McDonald (o o) Systems Analyst/ Northeastern University ||||| Applications Programmer College of Engineering email: kjm@coe.neu.edu 360 Huntington Ave. 230SN \\\// voice: (617)373-3361 Boston MA 02115 (o o) fax: (617)373-8504 -------------------------------ooO(_)Ooo------------------------------- -------------- next part -------------- HTML attachment scrubbed and removed From darylb at mail.ctsfw.edu Thu Nov 5 22:19:06 1998 From: darylb at mail.ctsfw.edu (Daryl Biberdorf) Date: Tue Dec 2 02:24:40 2003 Subject: How to make a real domain administrator Message-ID: I'm using 2.0.0alpha11 on Linux kernel 2.0.35. We have NT Workstation 4.0 SP-4 as clients. We can't figure out how to create a real domain administrator We have accounts created for the machine, for the administrator, and we have " domain admin group = administrator" in smb.conf. However, even though Samba as the PDC will successfully authenticate us, it doesn't give us domain administrator rights. Is there something that needs to be done locally on the workstation? Logging in as the local administrator (domain=machine name) gives us all we need. We'd like it to be more universal. Thanks in advance. We got put into this situation at the last minute. We never expected to be running alpha code in small production environment. Thanks. Daryl From cartegw at Eng.Auburn.EDU Thu Nov 5 22:30:01 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:40 2003 Subject: How to make a real domain administrator References: Message-ID: <364226E9.C0258025@eng.auburn.edu> Daryl Biberdorf wrote: > > We can't figure out how to create a real domain administrator > We have accounts created for the machine, for the > administrator, and we have " domain admin group = administrator" > in smb.conf. Do you have a mapping of "administrator" to a unix account Rather try 'domain admin group = ' or at least use the username map to map administrator to a real account. Note that these parameters are going away soon. Be on the look out for the new method of accomplishing this. > Thanks in advance. We got put into this situation > at the last minute. We never expected to be running > alpha code in small production environment. Welcome to my world!? :) j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Thu Nov 5 23:04:12 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: How to make a real domain administrator In-Reply-To: <364226E9.C0258025@eng.auburn.edu> Message-ID: On Fri, 6 Nov 1998, Gerald Carter wrote: > Daryl Biberdorf wrote: > > > > We can't figure out how to create a real domain administrator > > We have accounts created for the machine, for the > > administrator, and we have " domain admin group = administrator" > > in smb.conf. > > Do you have a mapping of "administrator" to a unix account > Rather try 'domain admin group = ' > or at least use the username map to map administrator to > a real account. > > Note that these parameters are going away soon. Be on "domain admin group" etc is: username map is not. From youri at easynet.fr Fri Nov 6 23:21:53 1998 From: youri at easynet.fr (Youri Pasquier) Date: Tue Dec 2 02:24:40 2003 Subject: subscribe Message-ID: <19981106232211Z12609285-21961+2217@samba.anu.edu.au> subscribe pasquier@mail.dotcom.fr From crussell at css.tayloru.edu Sat Nov 7 18:06:39 1998 From: crussell at css.tayloru.edu (Chris Russell) Date: Tue Dec 2 02:24:40 2003 Subject: USRMGR clarification Message-ID: What is User Manager currently working for (ie Win95, WinNT4 SP3, WinNT4 SP4)? Also would it be possible to compile either a "done" list or a "todo" list (and keep them up to date) so that people can either find out what is working or what is not working? I am willing to compile it if people will send me e-mails on what they know is or is not working. In Christ, Chris Russell crussell@css.tayloru.edu Head System Administrator Computer Science Department Taylor University From james at cows.ml.org Sat Nov 7 18:34:12 1998 From: james at cows.ml.org (James Willard) Date: Tue Dec 2 02:24:40 2003 Subject: USRMGR clarification In-Reply-To: from "Chris Russell" at Nov 8, 98 05:08:41 am Message-ID: <199811071834.NAA16349@cows.ml.org> I still haven't been able to get User Manager working for Win95, even though I believe there have been reports of people who have no problems with User Manager under 95. Is this true? It always gives me an RPC Server Unavailible message. A todo list would seem to be a good idea so that those who want to help knock out some problems can, so that they can go ahead and get 2.0.0 to release quality. Not much compares to the feeling of crossing things off of a "To Do" checklist. Of course, that's just my own humble opinion ;). While we're on the subject of things working, is the samba team aware that while in 95 Server Manager and bringing up the properties of a PDC, clicking on "Shares" gives an RPC error? This is only a problem for PDCs, because I have other samba-2.0.0 servers running as non-DCs and I can view their shares through Win95 Server Manager without any problem. James Willard james@cows.ml.org > > What is User Manager currently working for (ie Win95, WinNT4 SP3, WinNT4 > SP4)? > > Also would it be possible to compile either a "done" list or a "todo" > list (and keep them up to date) so that people can either find out what is > working or what is not working? I am willing to compile it if people will > send me e-mails on what they know is or is not working. > > In Christ, > Chris Russell > crussell@css.tayloru.edu > Head System Administrator > Computer Science Department > Taylor University > -- #!/bin/perl -sp0777i Hi, I'm new to this list, so please forgive me if I've not provided the correct information. I've been setting up a samba server for a local college, and we've been running into some odd problems that I haven't seen described elsewhere. A little description of our odd setup first. We have a class C subnet that we've re-subnetted into 4. Let me clarify that, because it's odd. The campus router gives us a class C subnet, but we need to have four different subnets for security/practicality reasons. All of the machines on the four subnets think they are on the same class C subnet (they need to to get to the router with the single IP address) and they communicate with a linux based router that does proxy arping. I thought that odd subnetting was the problem at first, but not so any more for reasons I'll go into. Most of the machines get their IP addresses via DHCP which lists the SAMBA box as their wins server. The "lab" machines are NT4SP3 and diskless win95 (don't ask). They are on a different subnet than the SAMBA server. We had no problems while we just ran 95, but the addition of the NT machines forced us to move to the NTDOM CVS source. All of the machines are set up to authenticate off of the SAMBA server. When we moved to the cvs source as of about July, we noticed a few things. The NT machines worked fine most of the time, but occasionally said they couldn't find the domain controller after a LONG (several minute) wait. The '95 machines are a little quirky, often saying they can't authenticate you the first time you try and log in. If you try again immediately (even with a different username) it normally lets you in. It doesn't always work on the second try, though, and I've seen it take up for 4-5. The error message is that a domain controller cannot be found. If you wait for several (5-10) minutes after the first failed attempt it will revert back to not letting you in again. That would imply to me that something is happening when you attempt to log in the first time that lets you log in for a few minutes afterwards, but it's not obvious as to what. To try and solve this, we started trying newer CVS trees starting around mid to late August. This didn't change much on the '95 side, but now we couldn't log into the NT machines, ever. It gives an error code C000019B, which I can't find any reference to on the net or through deja-news. I meant to write down the (pretty uninfomative) text of the message but forgot (sorry). It basically says "couldn't log you in". In none of these cases could I find anything that struck me as relevent in the logs, except that there was always logs of packets going back and forth so the two machines were always communicating, even when the clients were saying that the domain controller can't be found, etc. We've tried putting the server on the local net, and that didn't help. I'm not sure what to try next or what to look for, so any help would be appreciated. I can provide any logs and config files you want, but I didn't give them here becuase this message is already long enough. Any suggestions would be appreciated. Thanks! Andrew From thwartedefforts at wonky.org Mon Nov 9 00:46:04 1998 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:40 2003 Subject: win95 client: domain name being interpreted as NativeOS Message-ID: <19981109004604.15524.cpmta@fillmore.criticalpath.net> I'm working on the 'restrict anonymous' parameter as Luke suggested, but I'm having a problem with browsing from win95 boxes, which I think is an issue unrelated to the 'restrict anonymous' parameter -- yes, 'restrict anonymous' does effect browsing as was pointed out, but in my attempt to account for that, I'm seeing this problem. Specificly, it appears that the domain name being sent by win95 is getting interpretered as the NativeOS in reply_sesssetup_and_X because of a difference in the password lengths, differences between what win95 provides and what winNT/smbclient provides, that are used in a pointer calculation. It may help to know that the domain name on my network is REACNET. Most clients are NTWKS SP3, with a handful of Win95 (4.00.950 B from the System control panel). There is also a NTSRV SP3 controlled domain with only it's PDC and BDC in it (soon to be turned off) also on the network. Samba 2.0 alpha 14 is the PDC for REACNET. All the variable names and code snippets are relative to smbd/reply.c:reply_sesssetup_and_X. The line numbers in the debugging output is going to be off because of my own debugging lines I've added. Here's a dump of the start of inbuf generated by a win95 client for an anonyous connection: [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4769) [000] 00 00 00 5F FF 53 4D 42 73 00 00 00 00 10 00 00 ..._.SMB s....... [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [010] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 77 1E ........ ......w. [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [020] 00 00 01 EB 0D FF 00 5F 00 68 0B 32 00 01 00 19 ......._ .h.2.... [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [030] 43 00 00 00 00 00 00 00 00 00 00 01 00 00 00 22 C....... ......." [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [040] 00 00 00 52 45 41 43 4E 45 54 00 57 69 6E 64 6F ...REACN ET.Windo [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [050] 77 73 20 34 2E 30 00 57 69 6E 64 6F 77 73 20 34 ws 4.0.W indows 4 [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [060] 2E 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .0...... ........ [1998/11/08 17:21:51, 2] lib/util.c:dump_data(4777) [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ ... [1998/11/08 17:21:51, 3] smbd/reply.c:reply_sesssetup_and_X(577) Domain=[] NativeOS=[REACNET] NativeLanMan=[Windows 4.0] [1998/11/08 17:21:51, 3] smbd/reply.c:reply_sesssetup_and_X(581) sesssetupX:name=[] Note that a username WAS NOT sent by win95, but a domain name was and the domain variable is the empty string and NativeOS is the domain name. From looking at the dump, a domain name, NativeOS, and NativeLanMan are all being sent (NativeOS == NativeLanMan). Here's a dump of the start of inbuf generated by a winNT client for an anonyous connection: [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4769) [000] 00 00 00 61 FF 53 4D 42 73 00 00 00 00 18 03 00 ...a.SMB s....... [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [010] 00 00 3A 71 49 19 2F C3 EE 9E 00 00 00 00 FE CA ..:qI./. ........ [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [020] 00 00 C0 07 0D FF 00 61 00 00 F0 32 00 01 00 39 .......a ...2...9 [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [030] 42 00 00 01 00 00 00 00 00 00 00 D4 00 00 00 24 B....... .......$ [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [040] 00 00 00 00 57 69 6E 64 6F 77 73 20 4E 54 20 31 ....Wind ows NT 1 [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [050] 33 38 31 00 00 57 69 6E 64 6F 77 73 20 4E 54 20 381..Win dows NT [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [060] 34 2E 30 00 00 00 00 00 00 00 00 00 00 00 00 00 4.0..... ........ [1998/11/08 17:18:38, 2] lib/util.c:dump_data(4777) [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ ... [1998/11/08 17:18:39, 3] smbd/reply.c:reply_sesssetup_and_X(577) Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[] [1998/11/08 17:18:39, 3] smbd/reply.c:reply_sesssetup_and_X(581) sesssetupX:name=[] Note that NT also did not send a username (this is to be expected during anonymous connections). From this dump, NT is not sending a domain name, but NativeOS is Windows NT 1381, and NativeLanMan is empty (if this should be Windows NT 4.0 is up in the air -- if it is, then that would indicate that this may be a client problem -- too many extra null bytes perhaps). I've shown that smb_buf starts at 0x41 in all cases (for both win95 and winNT), so at least the header information for this smb is correct (I assume -- I am not intimate with the SMB spec). The following code, which assigns to user and domain, appears: p += passlen1 + passlen2; fstrcpy(user,p); p = skip_string(p,1); domain = p; I have observed that: For win95, passlen1 = 0 and passlen2 = 0 For winNT, passlen1 = 1 and passlen2 = 0 when the client is browsing anonymously. I am still studying the code that assigns to passlen1 and passlen2, so I don't know if this difference is related to the windows client or the server. smbclient gives the winNT behaviour when browsing anonymously (smbclient -L machinename). When browsing with an explict username (smbclient -L machinename -U username, or a non-anon winNT browse), passlen1 and passlen2 are both 24. For non-anon win95 browse, passlen1 = 24, passlen2 = 0, and domain and NativeOS are set correctly... as to be expected for encrypted passwords -- everything is fine in the non-anonymous cases. This means that for anonymous (no password provided) browsing: under win95, user is copied from byte 0x41 and domain is copied from 0x42. under winNT, user is copied from byte 0x42 and domain is copied from 0x43. This causes a problem because the actual values (even though they are empty strings) are being read from the wrong place when the client is win95. When the client is win95, smbd should be reading an empty string from byte 0x42 for the username, and the domain name from byte 0x43, just like it does when the client is winNT or smbclient. The values of passlen1 and passlen2 throw off the reading of the subsequent values for win95 clients. One fix I was thinking of could be to detect if the client is win95 and modify passlen1 accordingly -- precedent would be the space for a null password sent by wfw also handled in the same area. This seems extremely kludgy though, and I have a feeling that something better can be done or there is something that someone missed in the setting of passlen1/passlen2 (those conditions that examine passlen1 > 0 and such look pretty complicated :) ) and you samba guys know what it is. :) Andy. thwartedefforts@wonky.org From brian at bstc.net Mon Nov 9 10:02:00 1998 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:24:40 2003 Subject: trust files Message-ID: what did I miss? Is there any docs on the trust_pass_xx functions in passdb/smbpassfile , e.g. anything on the $DOM.$MACH.mac files as to what they are, what they do, or even the format ( besides in the src file :-) I see where it is leading to, but found no doc. on these functions at all in the tree. ( again, except the src file's themselves ) Please understand, this is the first time I actually went digging in the tree at all, so If I did miss something be nice :) Isee Luke fixed the last char in machine/username from being dropped in usermgr/servmgr, thanks, that was starting to annoy me! I finally broke down and installed NT on a machine here, YUK! now, just need to put netmon on it and I will be ready to debug packets .. oh joy :-) --Brian From cartegw at Eng.Auburn.EDU Mon Nov 9 14:15:51 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree References: Message-ID: <3646F917.92EE9649@eng.auburn.edu> Andrew S. Prior wrote: > > The "lab" machines are NT4SP3 and diskless win95 (don't ask). ^^^^^^^^^^^^^^ Ugh! > couldn't log into the NT machines, ever. It gives an > error code C000019B, Andrew, Could you send me your smb.conf, and a tcpdump-smb raw output file of the failed login (tcpdump -w host )? I'll have a look. Or if you have netmon, the CAP file is OK as well. Oh and also, please send the "exact" wording of the error message. Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From m.chapman at student.unsw.edu.au Mon Nov 9 14:41:11 1998 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree References: <3646F917.92EE9649@eng.auburn.edu> Message-ID: <3646FF07.8C8DF836@student.unsw.edu.au> > couldn't log into the NT machines, ever. It gives an > error code C000019B, >From the DDK: // // MessageId: STATUS_DOMAIN_TRUST_INCONSISTENT // // MessageText: // // The name or SID of the domain specified is inconsistent with the trust information for that domain. // #define STATUS_DOMAIN_TRUST_INCONSISTENT ((NTSTATUS)0xC000019BL) Are you sure you retained the same MACHINE.SID etc files as when you first joined the workstations? Workstations don't particularly like their domain sid changing. Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From andrew at cs.toronto.edu Mon Nov 9 15:38:33 1998 From: andrew at cs.toronto.edu (Andrew S. Prior) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree In-Reply-To: <3646F917.92EE9649@eng.auburn.edu> Message-ID: On Mon, 9 Nov 1998, Gerald W. Carter wrote: > Andrew S. Prior wrote: > > > > The "lab" machines are NT4SP3 and diskless win95 (don't ask). > ^^^^^^^^^^^^^^ > Ugh! You said it! > > couldn't log into the NT machines, ever. It gives an > > error code C000019B, > > Could you send me your smb.conf, Attached to this e-mail. > and a tcpdump-smb raw output file of > the failed login (tcpdump -w host )? I'll have > a look. Or if you have netmon, the CAP file is OK as well. Where can I find "tcpdump-smb"? I've seen it mentioned a few times. > Oh and also, please send the "exact" wording of the error message. Yeah, I was kicking myself for not writing down the exact message when it happened. I hate it when I exhibit luserish behaviour. I've sent somebody off to get that. Andrew -------------- next part -------------- [global] workgroup = TRINITY_SAMBA encrypt passwords = yes comment = RedHat Samba Server volume = RedHat4 printing = lprng printcap name = /etc/printcap load printers = yes print command = /usr/local/bin/lpr -r -P%p %s lpq command = /usr/local/bin/lpq -P%p %s lprm command = /usr/local/bin/lprm -P%p %j log file = /var/log/log.%m max log size = 50 log level = 3 interfaces = 192.75.254.1/24 short preserve case = yes preserve case = yes local master = yes preferred master = yes dns proxy = no deadtime = 5 hosts allow = 192.75.254. , 128.100.60. , 128.100.38. time server = yes lock directory = /var/lock/samba locking = yes strict locking = yes share modes = yes security = user passwd program = /usr/bin/passwd passwd chat = "*New*" %n\n\r "*Retype*" %n\n\r "*success*" passwd chat debug = True unix password sync = True socket options = TCP_NODELAY os level = 33 domain master = yes domain logons = yes logon drive = h: logon home = "\\%N\%U" logon script = login.bat wins support = yes [homes] comment = Home Directories browseable = no read only = no preserve case = yes short preserve case = yes create mode = 0750 [netlogon] comment = Samba Network Logon Service path = /home/netlogon case sensitive = no guest ok = yes locking = no read only = yes browseable = yes admin users = @wheel [printers] comment = All Printers path = /tmp browseable = no printable = yes writable = no From andrew at cs.toronto.edu Mon Nov 9 15:43:45 1998 From: andrew at cs.toronto.edu (Andrew S. Prior) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree In-Reply-To: <3646FF07.8C8DF836@student.unsw.edu.au> Message-ID: On Mon, 9 Nov 1998, Matt Chapman wrote: > > couldn't log into the NT machines, ever. It gives an > > error code C000019B, > > >From the DDK: > > // > // MessageId: STATUS_DOMAIN_TRUST_INCONSISTENT > // > // MessageText: > // > // The name or SID of the domain specified is inconsistent with the trust > information for that domain. > // > #define STATUS_DOMAIN_TRUST_INCONSISTENT ((NTSTATUS)0xC000019BL) Thanks! Out of curiosity, what's the DDK? > Are you sure you retained the same MACHINE.SID etc files as when you first > joined the workstations? Workstations don't particularly like their domain sid > changing. When we updated the CVS tree and started up the new samba, we rebooted the NT machines, not touching any files on them. I don't know anything about a MACHINE.SID file. Is there something else we should have done? Should we leave the domain and join it again maybe? Andrew From m.chapman at student.unsw.edu.au Mon Nov 9 15:41:51 1998 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree References: Message-ID: <36470D3F.38E72566@student.unsw.edu.au> Andrew S. Prior wrote: > On Mon, 9 Nov 1998, Matt Chapman wrote: > > > > couldn't log into the NT machines, ever. It gives an > > > error code C000019B, > > > > >From the DDK: > > > > // > > // MessageId: STATUS_DOMAIN_TRUST_INCONSISTENT > > // > > // MessageText: > > // > > // The name or SID of the domain specified is inconsistent with the trust > > information for that domain. > > // > > #define STATUS_DOMAIN_TRUST_INCONSISTENT ((NTSTATUS)0xC000019BL) > > Thanks! Out of curiosity, what's the DDK? Device Development Kit, from Microsoft. > > Are you sure you retained the same MACHINE.SID etc files as when you first > > joined the workstations? Workstations don't particularly like their domain sid > > changing. > > When we updated the CVS tree and started up the new samba, we rebooted the > NT machines, not touching any files on them. I don't know anything about a > MACHINE.SID file. Is there something else we should have done? Should we > leave the domain and join it again maybe? The MACHINE.SID file is on the Samba server, generally in /usr/local/samba/private. If the domain sid has changed then yes, you will need to leave the domain and join it again. Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From mhw at wittsend.com Mon Nov 9 15:50:07 1998 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree In-Reply-To: from "Andrew S. Prior" at "Nov 10, 1998 2:44:54 am" Message-ID: <199811091550.KAA02917@alcove.wittsend.com> Andrew S. Prior enscribed thusly: > On Mon, 9 Nov 1998, Matt Chapman wrote: > > > couldn't log into the NT machines, ever. It gives an > > > error code C000019B, > > >From the DDK: > > // > > // MessageId: STATUS_DOMAIN_TRUST_INCONSISTENT > > // > > // MessageText: > > // > > // The name or SID of the domain specified is inconsistent with the trust > > information for that domain. > > // > > #define STATUS_DOMAIN_TRUST_INCONSISTENT ((NTSTATUS)0xC000019BL) > Thanks! Out of curiosity, what's the DDK? Device Driver Kit Development package for device driver development on NT. Obviously contains all sorts of "good stuff" that the common man doesn't get without paying out the bigga bucks for the DDK... :-( > > Are you sure you retained the same MACHINE.SID etc files as when you first > > joined the workstations? Workstations don't particularly like their domain sid > > changing. > > When we updated the CVS tree and started up the new samba, we rebooted the > NT machines, not touching any files on them. I don't know anything about a > MACHINE.SID file. Is there something else we should have done? Should we > leave the domain and join it again maybe? > > Andrew > > -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From cartegw at Eng.Auburn.EDU Mon Nov 9 16:01:49 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:40 2003 Subject: Odd behaviour with current CVS tree References: Message-ID: <364711ED.C899E8AA@eng.auburn.edu> Andrew S. Prior wrote: > > Where can I find "tcpdump-smb"? I've seen it mentioned a few times. ftp://samba.anu.edu.au/pub/samba/tcpdump-smb/ See Q3.1 in the NTDOM FAQ for more information. It's linked off the Samba pages and off my homepage. Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jal at mcs.le.ac.uk Tue Nov 10 15:11:14 1998 From: jal at mcs.le.ac.uk (J. A. Landamore) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 Message-ID: <22317.9811101511@sun2.mcs.le.ac.uk> A non-text attachment was scrubbed... Name: not available Type: text Size: 1159 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981110/7d4243e5/attachment.bat From urs.steiner at switzerland.org Tue Nov 10 17:32:48 1998 From: urs.steiner at switzerland.org (Urs Steiner) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 Message-ID: <003601be0cd0$22c8abe0$0300a8c0@noway> >The system cannot log you on to this domain because the system's computer >account in its primary domain is missing or the password on that account is >incorrect. I've had the same problem :) you may have to create the computer-accounts (computername$) new in your smbpasswd file then leave the domain and re-join it, IIRC Urs =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= e-mail: urs [dot] steiner [at] switzerland [dot] org Think of that: Paul's Law: You can't fall off the floor. From lkcl at switchboard.net Tue Nov 10 17:34:05 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 In-Reply-To: <22317.9811101511@sun2.mcs.le.ac.uk> Message-ID: fixed in latest version. On Wed, 11 Nov 1998, J. A. Landamore wrote: > Our system was working happily with the CVS from Oct. 22 1998 and SP3 on NT4. > We have only the administrator account locally, all other accounts are on the > samba server with roaming profiles. > > We have upgraded to SP4 and now no one can log on. If the administrator logs on > locally then people can connect to their shares quite happily. We have removed > all the machines from the domain and re-connected them, we get the "Welcome" > message indicating, at least to me, that they have connected to the samba > service happily. Yet when a user tries to log on they get > > The system cannot log you on to this domain because the system's computer > account in its primary domain is missing or the password on that account is > incorrect. > > Anyone any ideas what is (not) happening and how to cure it. Going back to SP3 > is not an option. > > TIA > > > John Landamore | Researchers have already cast much darkness | > Sys. Admin. | on the subject, and if they continue their | > | investigations we shall soon know nothing | > e-mail: jal@mcs.le.ac.uk | at all about it. | > | - Mark Twain - | > > Phone: +44 (0)116 2523410 > Fax: +44 (0)116 2523604 > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From svedja at lysator.liu.se Tue Nov 10 18:18:41 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:40 2003 Subject: Two problems Message-ID: Hi. I have two problems with Samba (uptodate CVS release) & NT4WKS-SP4, with full user profiles & policies. I can sen the smb.conf to interested people. *) An error when users log in, no all users as I can't reproduce it on my own test user. But most of the other people get it. "An error occured while saving your profile. The state of your remembered connections has not changed. More help is available by typing NET HELPMSG 3678." I have no clues what that means exacly. but it probably has something with next question: My logs are full off following warning message: "[1998/11/10 15:42:41, 0] smbd/nttrans.c:call_nt_transact_ioctl(1423) call_nt_transact_ioctl: Currently not implemented." Any clues ? ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From paulle at microsoft.com Tue Nov 10 19:05:39 1998 From: paulle at microsoft.com (Paul Leach) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 Message-ID: When did the problem creep in? We test against Samba here, and our testers tell me they tested against SP4. We also tested against it at the CIFS workshop with SP4 and NT5, without this kind of obvious problem (that I heard of). > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@switchboard.net] > Sent: Tuesday, November 10, 1998 9:39 AM > To: Multiple recipients of list > Subject: Re: NT4SP4 > > > fixed in latest version. > > > On Wed, 11 Nov 1998, J. A. Landamore wrote: > > > Our system was working happily with the CVS from Oct. 22 > 1998 and SP3 on NT4. > > We have only the administrator account locally, all other > accounts are on the > > samba server with roaming profiles. > > > > We have upgraded to SP4 and now no one can log on. If the > administrator logs on > > locally then people can connect to their shares quite > happily. We have removed > > all the machines from the domain and re-connected them, we > get the "Welcome" > > message indicating, at least to me, that they have > connected to the samba > > service happily. Yet when a user tries to log on they get > > > > The system cannot log you on to this domain because the > system's computer > > account in its primary domain is missing or the password on > that account is > > incorrect. > > > > Anyone any ideas what is (not) happening and how to cure > it. Going back to SP3 > > is not an option. > > > > TIA > > > > > > John Landamore | Researchers have > already cast much darkness | > > Sys. Admin. | on the subject, and if they > continue their | > > | investigations we shall soon > know nothing | > > e-mail: jal@mcs.le.ac.uk | at all about it. > | > > | - Mark Twain - > | > > > > Phone: +44 (0)116 2523410 > > Fax: +44 (0)116 2523604 > > > > Luke Kenneth Casson > Leighton > Samba and Network > Development > Samba and Network > Consultancy > From matthew at janus.law.usyd.edu.au Tue Nov 10 20:00:49 1998 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 In-Reply-To: from "Luke Kenneth Casson Leighton" at Nov 11, 98 04:39:27 am Message-ID: <199811102000.HAA28999@janus.law.usyd.edu.au> Incidently SP4 seems to have 'fixed' that user/browse list thing. Im now getting my 'personal' share list showing up up when I browse to the server, where as with SP3 I would get my personal share list the first time only, after that I would get the guest user share list. I have the following in my smb.conf ; Include special machine diffs ; include = /usr/local/samba/lib/smb.%M.conf ; ; include special OS diffs. include = smb.%a.conf ; ; Include special user files include = /usr/local/samba/lib/smb.%U.conf ; ; Include group specific files include = /usr/local/samba/lib/smb.%G.conf ; ; I havent actually used the %a or %G expansion for any thing. The machine one is handy for turning up the debug level for one workstation connection only... From lkcl at switchboard.net Tue Nov 10 20:08:02 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 In-Reply-To: Message-ID: On Tue, 10 Nov 1998, Paul Leach wrote: > When did the problem creep in? well i've been assisted by someone on this list who has been sending me bug reports against nt4sp4 rc1.43 and then rc1.99, and then against the final release. summary of issues found: sp4 rc1.43: - client-side dce/rpc code in sp4 rc1.43 failed to work against a samba server. this showed up as, for example, failure of sp4 to browse a samba server. investigation showed that we were replying with the rpc fragment 16 bytes short (the size of the rpc header). adding 16 fixed this - server-side dce/rpc code was fine. sp4 rc1.99 - server-side dce/rpc code in sp4 rc1.99 failed to work against samba client code. this showed up as failure of samba "security = domain" mode, and rpcclient breaking. investigation showed that the queries sent by samba client-side dce/rpc code had rpc fragment lengths 16 bytes short. sp4 final release - domain logons failed sp4 client against a samba PDC. sp4 clients were sending flags 0x4000 01ff in NetAuth2 requests. the code pre oct 22 returned exactly the same flags, which caused the sp4 client to think it was talking to a sp4 server. we now return 0x0000 01ff and the sp4 domain clients are happy. nt5 beta2 - unicode strings have headers and buffers. we had an off-by-one bug that all versions of nt except nt5 beta2 do not catch. nt5 beta2 returns a dce/rpc "fault" message if the header length does not match absolutely exactly with the buffer size. > We test against Samba here, and our testers > tell me they tested against SP4. We also tested against it at the CIFS > workshop with SP4 and NT5, without this kind of obvious problem (that I > heard of). i had fixed the rc1.44 and rc1.99 issues by then. i had not made any calls of the kind that failed (or if i did, i had not paid much attention to it). i also hadn't got one of the NT4 SP4 machines to join a samba domain, so the NetAuth2 issue wasn't found. to summarise, my observations (through mistakes in my rpc code!) so far basically show that the nt dce/rpc code is improving in its quality and robustness. luke > > -----Original Message----- > > From: Luke Kenneth Casson Leighton [mailto:lkcl@switchboard.net] > > Sent: Tuesday, November 10, 1998 9:39 AM > > To: Multiple recipients of list > > Subject: Re: NT4SP4 > > > > > > fixed in latest version. > > > > > > On Wed, 11 Nov 1998, J. A. Landamore wrote: > > > > > Our system was working happily with the CVS from Oct. 22 > > 1998 and SP3 on NT4. > > > We have only the administrator account locally, all other > > accounts are on the > > > samba server with roaming profiles. > > > > > > We have upgraded to SP4 and now no one can log on. If the > > administrator logs on > > > locally then people can connect to their shares quite > > happily. We have removed > > > all the machines from the domain and re-connected them, we > > get the "Welcome" > > > message indicating, at least to me, that they have > > connected to the samba > > > service happily. Yet when a user tries to log on they get > > > > > > The system cannot log you on to this domain because the > > system's computer > > > account in its primary domain is missing or the password on > > that account is > > > incorrect. > > > > > > Anyone any ideas what is (not) happening and how to cure > > it. Going back to SP3 > > > is not an option. > > > > > > TIA > > > > > > > > > John Landamore | Researchers have > > already cast much darkness | > > > Sys. Admin. | on the subject, and if they > > continue their | > > > | investigations we shall soon > > know nothing | > > > e-mail: jal@mcs.le.ac.uk | at all about it. > > | > > > | - Mark Twain - > > | > > > > > > Phone: +44 (0)116 2523410 > > > Fax: +44 (0)116 2523604 > > > > > > > Luke Kenneth Casson > > Leighton > > Samba and Network > > Development > > Samba and Network > > Consultancy > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Tue Nov 10 20:33:08 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: unix registry command Message-ID: USE AT YOUR OWN RISK. exactly the same rules apply to the use of rpcclient registry commands as to regedit.exe and regedt32.exe, except more so. obtain from: http://samba.anu.edu.au/cvs.html syntax: rpcclient -S nt_hostname -U username[%passwd] -W domain -l logfile rpcclient now has some _preliminary_ commands which work with HKEY_LOCAL_MACHINE and will in the near future work with HKEY_USERS - regenum keyname enumerates subkeys and values in a key named "keyname". the last modified date is shown against the enumerated subkeys the value type and the value data is shown against the enumerated values - regquery keyname shows the last modified date, the number of keys and values etc - reggetsec keyname shows the permissions (access control list) on a file. a list of SIDs and their permissions is shown. use the "lookupsids S-x-x-x..." command to find out the pretty-looking name, i will fix this in later versions. - regcreatekey parentkeyname subkeyname creates a key with _default_ permissions. cannot specify key permissions at the moment. - regcreateval parentkeyname valuename [1|3|4] value. 1=UNICODE string; 3=hex data (value is of format 0095a439 or 00,15,39,28,ba,ff etc) 4=DWORD (value is of format 0xNNNN or NNNN) that's all, for now: there are improvements to be made and more commands to add. have fun, and BE CAREFUL. luke Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From paulle at microsoft.com Tue Nov 10 21:04:51 1998 From: paulle at microsoft.com (Paul Leach) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 Message-ID: Of course, we don't test against Samba as a domain controller, only as a file server. > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@switchboard.net] > Sent: Tuesday, November 10, 1998 12:08 PM From lkcl at switchboard.net Tue Nov 10 21:15:23 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:40 2003 Subject: NT4SP4 In-Reply-To: Message-ID: On Tue, 10 Nov 1998, Paul Leach wrote: > Of course, we don't test against Samba as a domain controller, only as a > file server. that's what i thought, so hey: we'll work with you through different channels to resolve these kinds of issues. luke From adamsje at ENGR.ORST.EDU Tue Nov 10 23:36:29 1998 From: adamsje at ENGR.ORST.EDU (Jesse A. Adams) Date: Tue Dec 2 02:24:40 2003 Subject: Password Server Functionality Questions Message-ID: <3648CDFC.839A36B8@engr.orst.edu> Our massively successful samba (18p10) box houses the bulk of our NT domain files, including profiles and domain-wide shares. I'm basically a straight NT guy, with little grasp on unix, and am having a hard time swallowing the password server option from an NT perspective. We do have the password server option pointing to our PDC. >From smb.conf(5) docs: "By specifying the name of another SMB server (such as a WinNT box) with this option, and using "security = server" you can get Samba to do all its username/password validation via a remote server." It is my understanding that our samba server is going through a password authentication process the first time a user maps a samba share (this was confirmed through audited logon/off events). As in, a user maps a samba share, samba asks for a username and password, and sends it off to the "password server" for authentication. When the "password server" says the user is golden, the samba server allows the share to be mapped and all's finished. Mark Minasi, on page 61 of "Mastering Windows NT Server 4, 4th ed.," goes through a straight NT-to-NT handshaking process. The PDC (or BDC) gives you a security access token (SAT) identifying your credentials when you authenticate and login. Every time you connect to an NT share, the SAT (not username/password) is sent to the share and referenced against the share's approved users. We also keep our user's roaming profiles on our samba file server. The above mentioned difference is enough, I believe, to cause a bit of lag when logging in. The PDC is, in effect, authenticating a user twice (once to get to the desktop normally, and again from the samba side). Not to get way out of hand, but if the detect slow network's slowlinktimeout value is set to it's default of 2000, a user logging in sees "A slow network has been detected" (this message doesn't show up if the slowlinktimeout value is around 9000). Also, even with the slowlinktimeout value at 2000, if the samba version is 17p2 we don't get this message, or lag, while at 18p10 we do. According to MS' white papers on "Profiles & Policies," "To detect a slow network, the operating system computes the amount of time it takes to receive a response from the server." Since profiles live on the samba server, it is my belief the double-authentication, back to back at login, is causing enough of a bump for NT to think (in only this case) it is dealing with a slow network. Hopefully someone has some insight into all of this. I've gone through all the diffs between 17p2 and 18p10 with little success, and can only think this issue arose out of undocumented or insubstantial changes made between the two versions. -- Unc. Jess Adams 737-0600 adamsje@engr.orst.edu www.engr.orst.edu/~adamsje The Golden Rule to Arts & Sciences: Whoever has the gold, makes the rules. From pcc at llnl.gov Tue Nov 10 22:45:55 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:40 2003 Subject: unix registry command In-Reply-To: Message-ID: <3.0.5.32.19981110144555.009df300@poptop.llnl.gov> Just a data point: NT server is nt4.0 SP4 At 07:33 AM 11/11/98 +1100, Luke Kenneth Casson Leighton wrote: >- regenum keyname >- regquery keyname >- reggetsec keyname >- regcreateval parentkeyname valuename [1|3|4] value. Works fine >- regcreatekey parentkeyname subkeyname Does not appear to work, atleast in my test >From my log: [1998/11/10 15:38:20, 0] rpc_client/cli_reg.c:do_reg_create_key(549) REG_CREATE_KEY: Unknown NT error Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From lkcl at switchboard.net Tue Nov 10 23:43:23 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:41 2003 Subject: unix registry command In-Reply-To: <3.0.5.32.19981110144555.009df300@poptop.llnl.gov> Message-ID: phil, please could you verifiy that the username/domain under which you are accessing the NT server has access rights to create a subkey under that key. if you do, then please could you put the debug log levels up to about 50 (i _think_ it's possible to specify -d 50 on the command line) and do -l log-file and send me the output? thanks! luke On Tue, 10 Nov 1998, Phil Cox wrote: > Just a data point: > > NT server is nt4.0 SP4 > > At 07:33 AM 11/11/98 +1100, Luke Kenneth Casson Leighton wrote: > > >- regenum keyname > >- regquery keyname > >- reggetsec keyname > >- regcreateval parentkeyname valuename [1|3|4] value. > > Works fine > > >- regcreatekey parentkeyname subkeyname > > Does not appear to work, atleast in my test > > >From my log: > > [1998/11/10 15:38:20, 0] rpc_client/cli_reg.c:do_reg_create_key(549) > REG_CREATE_KEY: Unknown NT error > > > Phil > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Computer Incident Advisory Capability (CIAC) Philip C. Cox > (510)422-8193 (510)422-8564 > ciac@llnl.gov pcc@llnl.gov > ------------------------------------------------------------------- > PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 > Noteable Quote = "Do today what you want to be tomorrow." > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From D.Bannon at latrobe.edu.au Tue Nov 10 23:46:17 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:41 2003 Subject: Trouble with CVS tree In-Reply-To: Message-ID: <3.0.3.32.19981111104617.00747ddc@bioserve.biochem.latrobe.edu.au> Hi Folks, Any one else experiencing problems with the CVS tree at the moment ?? cvs server: Updating packaging/redhat cvs [server aborted]: cannot open directory /cvsroot/samba/packaging/redhat: No such file or directory David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lkcl at switchboard.net Wed Nov 11 00:42:29 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:41 2003 Subject: unix registry command In-Reply-To: <3.0.5.32.19981110144555.009df300@poptop.llnl.gov> Message-ID: > >- regcreatekey parentkeyname subkeyname > > Does not appear to work, atleast in my test ok, i fixed it. From peter at cs.curtin.edu.au Wed Nov 11 01:59:49 1998 From: peter at cs.curtin.edu.au (Peter Duff) Date: Tue Dec 2 02:24:41 2003 Subject: NT Domain questions Message-ID: <199811110959490470.03D2B8A8@bikeadm.cs.curtin.edu.au> Hi all, I'm in the process of building a samba box as a PDC using release 2.0.0a13. It seems to work pretty great, I can make machines join the domain and users can log in and have home directories mounted, profiles being updated and so on. The problem I am having, however, is that I cannot get password changing from NT Workstations (tried both SP1 and SP3) to work! I get the following unhelpful error message from the Nt Workstation: "Unable to change the password for this account (C0000253). Please consult your systems administrator" The samba logs have the following entry (log level 2) in the log. [1998/11/11 09:36:36, 0] rpc_server/srv_util.c:api_pipe_request(560) api_pipe_request: **** MUST CALL become_user() HERE **** I compiled samba with the -DNTDOMAIN and -DALLOW_CHANGE_PASSWORD options and I am using encrypted passwords. I have tried using the unix password sync options but this does not seem to change the error message that the NT workstation spits out. Perhaps I am doing something wrong in smb.conf, so does anybody have like a 'model' config for a pdc scenario that allows password changing? One another point: I figured I might try the latest release from cvs (2.0.0a15 I think) to see if it fixed these problems, but i cannot even configure it! I am using FreeBSD 3.0 (and have also tried freebsd 2.2.7). The magic configure script fails when doing the statfs check and seems to be related to the HAVE_SYS_PARAM #define. I know these comments are pretty vague and so I can send anyone my log files if you need. Keep up the cool work guys! Regards, Peter Duff Sysadmin School of Computing Curtin University, Perth WA. 9266 2986 peter@cs.curtin.edu.au From D.Bannon at latrobe.edu.au Wed Nov 11 02:12:05 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:41 2003 Subject: NT Domain questions In-Reply-To: <199811110959490470.03D2B8A8@bikeadm.cs.curtin.edu.au> Message-ID: <3.0.3.32.19981111131205.007436fc@bioserve.biochem.latrobe.edu.au> At 01:00 PM 11/11/1998 +1100, Peter Duff wrote: > ... >I have tried using the unix password sync options but this does not >seem to change the error message that the NT workstation spits out. If you have problems even when password sync is not active then it sounds like you are not writing to ~/private/smbpasswd. No suggestions, mine worked there 'out of the box'. here is the relevent part of my smb.conf, but you will see that it all relates to the sync bit which is a bit more tricky. unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* The last line is very dependant on what your passwd programme likes to say, keep it very general ! I sent Jerry some notes on my (limited) experience here for the FAQ, I hav'nt checked, but if there is nothing there, let me know and I will dig up a copy for you. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From harald at penti.sit.fi Wed Nov 11 13:32:35 1998 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:41 2003 Subject: ypserv dies on me.. Message-ID: I have cvs'ed Samba on Nov 11 98, 15:00 EET-DST, and I'm running a NIS-server on the SMB server as well. Linux/slackware, no shadow. the following problem: I am using the 'passwd sync' option in smb.conf, and all is working well, both passwords get changed and all, but when I get the "passwd: password changed for user 'foobar' by user 'root'" ypserv dies. This is kind of annoying, because suddenly a whole lot of other things break on the *nix machines in the network. :( I'm not shure if this is a problem with samba or ypserv....please help me.. =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From davek at medphys.ucl.ac.uk Wed Nov 11 15:27:56 1998 From: davek at medphys.ucl.ac.uk (Dave Kirkby) Date: Tue Dec 2 02:24:41 2003 Subject: NT password problem Message-ID: <3649ACFB.743A5D6D@medphys.ucl.ac.uk> I have an old Sun IPC unix workstation at home, running the latest release of Solaris (version 2.6) and Samba version 1_9_18p8. This is connected to a network of two computers - the Sun workstation and a PC running NT4, with service pack 3. I've altered the registry on the NT machine to allow plain passwords to be sent over the network, as detailed in one of the Samba documents. Security is no issue for me - the two machines are in my home, and the data is not confidential. I've mapped a few directories on the sun (root directory, the cdrom, my home directory), to drive letters on the NT machine. The problem I have is that each time I log onto the NT machine, I need to type the unix machines passwords several times (one for each directory shared). This gets a bit tedious, although it works fine. What is simplest way that I can get access to the files on the Sun, without typing in the password many times. I have looked at files detailing how to set up encrypted passwords, but can't seem to see if this is what I need to do. I have tried creating a user on the NT box with the username of 'root' and the same password as root on the Sun, but this don't work. (I suspect this is due to the different encryption algorithms), but I really don't know how to proceed. Any ideas ?? Dave Kirkby. From lkcl at switchboard.net Wed Nov 11 16:12:00 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:41 2003 Subject: NT password problem In-Reply-To: <3649ACFB.743A5D6D@medphys.ucl.ac.uk> Message-ID: this is the standard "encrypt password" issue. see samba/docs/*.reg. ask on samba@samba.anu.edu.au for further details if needs be. good luck, luke On Thu, 12 Nov 1998, Dave Kirkby wrote: > I have an old Sun IPC unix workstation at home, running the latest > release of Solaris (version 2.6) and Samba version 1_9_18p8. This is > connected to a network of two computers - the Sun workstation and a PC > running NT4, with service pack 3. I've altered the registry on the NT > machine to allow plain passwords to be sent over the network, as > detailed in one of the Samba documents. Security is no issue for me - > the two machines are in my home, and the data is not confidential. I've > mapped a few directories on the sun (root directory, the cdrom, my home > directory), to drive letters on the NT machine. > > The problem I have is that each time I log onto the NT machine, I need > to type the unix machines passwords several times (one for each > directory shared). This gets a bit tedious, although it works fine. What > is simplest way that I can get access to the files on the Sun, without > typing in the password many times. I have looked at files detailing how > to set up encrypted passwords, but can't seem to see if this is what I > need to do. > > I have tried creating a user on the NT box with the username of 'root' > and the same password as root on the Sun, but this don't work. (I > suspect this is due to the different encryption algorithms), but I > really don't know how to proceed. > > Any ideas ?? > > Dave Kirkby. > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From airlied at skynet.csn.ul.ie Wed Nov 11 16:08:38 1998 From: airlied at skynet.csn.ul.ie (Dave Airlie) Date: Tue Dec 2 02:24:41 2003 Subject: NT password problem In-Reply-To: <3649ACFB.743A5D6D@medphys.ucl.ac.uk> Message-ID: Just as a point I recently upgraded an old sun server here from samba 1.9.16p11 I think to a similiar 1.9.18p8 and with the old one I only had to enter my password once and with the new one it was multiple times .. Anyways this question is better off on the smba main list I think than here ... which is for NTdomain controller stuff mainly .. Dave. On Thu, 12 Nov 1998, Dave Kirkby wrote: > I have an old Sun IPC unix workstation at home, running the latest > release of Solaris (version 2.6) and Samba version 1_9_18p8. This is > connected to a network of two computers - the Sun workstation and a PC > running NT4, with service pack 3. I've altered the registry on the NT > machine to allow plain passwords to be sent over the network, as > detailed in one of the Samba documents. Security is no issue for me - > the two machines are in my home, and the data is not confidential. I've > mapped a few directories on the sun (root directory, the cdrom, my home > directory), to drive letters on the NT machine. > > The problem I have is that each time I log onto the NT machine, I need > to type the unix machines passwords several times (one for each > directory shared). This gets a bit tedious, although it works fine. What > is simplest way that I can get access to the files on the Sun, without > typing in the password many times. I have looked at files detailing how > to set up encrypted passwords, but can't seem to see if this is what I > need to do. > > I have tried creating a user on the NT box with the username of 'root' > and the same password as root on the Sun, but this don't work. (I > suspect this is due to the different encryption algorithms), but I > really don't know how to proceed. > > Any ideas ?? > > Dave Kirkby. > > > ------------ David Airlie, David.Airlie@ul.ie,airlied@skynet -------- Telecommunications Research Centre, ECE Dept, University of Limerick \ http://www.csn.ul.ie/~airlied -- Telecommunications Researcher \ --- TEL: +353-61-202695 ----------------------------------------------- From drobbins at obgyn.unm.edu Wed Nov 11 17:19:19 1998 From: drobbins at obgyn.unm.edu (Daniel Robbins) Date: Tue Dec 2 02:24:41 2003 Subject: Verbose PDC instructions? Message-ID: <3649C717.C286521A@obgyn.unm.edu> Hi, Are there any current detailed instructions on how to set up Samba as a PDC? I've tried various methods (from various instructions) and none seemed to work. Over here, we're waiting for the 2.0 release version. After some testing, we hope to switch our PDC from NT Server to Linux running Samba. We have about 70 workstations. All thanks to the Samba developers! Thanks, -- Daniel Robbins System Administrator University of New Mexico drobbins@obgyn.unm.edu From mh at bacher.at Wed Nov 11 23:03:16 1998 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:24:41 2003 Subject: Login with NO PASSWORD - panic Message-ID: Sorry, maybe I have missed something: I want to have an domain account without a password ( for a course envir.) CVS Code from Yesterday ! Samba as PDC Logon is on NT4.0 Server(German) wit SP3 "null password = yes" in smb.conf if User ("Administrator" mapped to admin) has a regular password - logon: no problem if you delete the password with: smbpasswd -n admin ( which is mapped to Administrator ) and want to login in with no password entered: You will get following error: [1998/11/11 23:17:53, 3] lib/username.c:map_username(122) Mapped user Administrator to admin [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(140) search by name: admin [1998/11/11 23:17:53, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /etc/smbpasswd [1998/11/11 23:17:53, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user admin, uid 102 [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(156) found by name: admin [1998/11/11 23:17:53, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(40) =============================================================== [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 3358 (2.0.0-prealpha) Please read the file BUGS.txt in the distribution [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(43) =============================================================== [1998/11/11 23:17:53, 0] lib/util.c:smb_panic(4181) PANIC: internal error ------------------------------------------------------------------- Martin Hofbauer Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From jallison at cthulhu.engr.sgi.com Wed Nov 11 23:26:01 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:41 2003 Subject: Login with NO PASSWORD - panic References: Message-ID: <364A1D09.FD0D1DD9@engr.sgi.com> Martin Hofbauer Bacher Systems EDV wrote: > > if you delete the password with: > smbpasswd -n admin ( which is mapped to Administrator ) > > and want to login in with no password entered: > > You will get following error: > > [1998/11/11 23:17:53, 3] lib/username.c:map_username(122) > Mapped user Administrator to admin > [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(140) > search by name: admin > [1998/11/11 23:17:53, 10] passdb/smbpass.c:startsmbfilepwent(45) > startsmbfilepwent: opening file /etc/smbpasswd > [1998/11/11 23:17:53, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user admin, uid 102 > [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(156) > found by name: admin > [1998/11/11 23:17:53, 7] passdb/smbpass.c:endsmbfilepwent(81) > endsmbfilepwent: closed password file. > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(40) > =============================================================== > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 3358 (2.0.0-prealpha) > Please read the file BUGS.txt in the distribution > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(43) > =============================================================== > [1998/11/11 23:17:53, 0] lib/util.c:smb_panic(4181) > PANIC: internal error > I just fixed this and checked it in. CVS update and try again to see if it fails. Thanks for finding the bug :-). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From mh at bacher.at Thu Nov 12 01:39:03 1998 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:24:41 2003 Subject: Login with NO PASSWORD - panic In-Reply-To: <364A1D09.FD0D1DD9@engr.sgi.com> Message-ID: Thanks, now logon with no password is working ! My current problem: With no password set, there is no way to change it to something other from the NT side ( CTRL-ALT_DEL -> "change password" ): But with a password set there is a different behavior: ( And has maybe nothing to do with my original Problem ...) User: smsadm PW_old: test1234 PW_new: test4321 if you set the password via smbpasswd a. restart Samba: "change password" is possible; logon with new password: ok ! But: Change password a second time: "...wrong password" message on NT In order to get "change password" working again you have to set the password with smbpassword and restart Samba again! Here is the smbpasswd entry for "smsadm": ( set with smbpaswd, PW: "test1234"): smsadm:103:624AAC413795CDC1FF17365FAF1FFE89:3B1B47E42E0463276E3DED6CEF349F93: Entry after first( successful) password change ( to "test4321"): smsadm:103:C959BEC57C2EF53BC2265B23734E0DAC:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: Here is a ( hopefully ) important part of the logfile: ( This is the part during my first ( successfull ) password change ! [1998/11/12 01:35:14, 4] lib/username.c:map_username(89) Scanning username map /etc/username.map [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(140) search by name: smsadm [1998/11/12 01:35:14, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /etc/smbpasswd [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user admin, uid 102 [1998/11/12 01:35:14, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user admin, uid 102 [1998/11/12 01:35:14, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user root, uid 0 [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user sach20$, uid 101 [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user smsadm, uid 103 [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(156) found by name: smsadm [1998/11/12 01:35:14, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(394) Checking SMB password for user smsadm [1998/11/12 01:35:14, 5] smbd/password.c:smb_password_ok(413) challenge received [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(421) smb_password_ok: Checking NT MD4 password [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(428) NT MD4 password check failed [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(434) Checking LM MD4 password [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(450) LM MD4 password check failed [1998/11/12 01:35:14, 3] smbd/password.c:pass_check_smb(522) Error smb_password_check failed [1998/11/12 01:35:14, 0] smbd/reply.c:reply_sesssetup_and_X(695) NT Password did not match ! Defaulting to Lanman [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(140) search by name: smsadm [1998/11/12 01:35:14, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /etc/smbpasswd [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user admin, uid 102 [1998/11/12 01:35:14, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user root, uid 0 [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user sach20$, uid 101 [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user smsadm, uid 103 [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(156) found by name: smsadm [1998/11/12 01:35:14, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(394) Checking SMB password for user smsadm [1998/11/12 01:35:14, 5] smbd/password.c:smb_password_ok(413) challenge received [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(421) smb_password_ok: Checking NT MD4 password [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(428) NT MD4 password check failed [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(434) Checking LM MD4 password [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(450) LM MD4 password check failed [1998/11/12 01:35:14, 3] smbd/password.c:pass_check_smb(522) Error smb_password_check failed [1998/11/12 01:35:14, 3] smbd/error.c:error_packet(138) error packet at line 705 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1998/11/12 01:35:14, 3] smbd/error.c:error_packet(143) error string = Bad file number [1998/11/12 01:35:14, 5] lib/util.c:show_msg(460) Here is the log during the second ( unsuccessfull ) change: [1998/11/12 02:12:40, 0] rpc_server/srv_util.c:api_pipe_request(676) api_pipe_request: **** MUST CALL become_user() HERE **** [1998/11/12 02:12:40, 0] rpc_server/srv_util.c:api_pipe_request(676) api_pipe_request: **** MUST CALL become_user() HERE **** [1998/11/12 02:12:40, 0] smbd/chgpasswd.c:check_oem_password(663) check_oem_password: no ntlm password ! ------------------------------------------------------------------- Martin Hofbauer Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- On Wed, 11 Nov 1998, Jeremy Allison wrote: > Martin Hofbauer Bacher Systems EDV wrote: > > > > > if you delete the password with: > > smbpasswd -n admin ( which is mapped to Administrator ) > > > > and want to login in with no password entered: > > > > You will get following error: > > > > [1998/11/11 23:17:53, 3] lib/username.c:map_username(122) > > Mapped user Administrator to admin > > [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(140) > > search by name: admin > > [1998/11/11 23:17:53, 10] passdb/smbpass.c:startsmbfilepwent(45) > > startsmbfilepwent: opening file /etc/smbpasswd > > [1998/11/11 23:17:53, 5] passdb/smbpass.c:getsmbfilepwent(252) > > getsmbfilepwent: returning passwd entry for user admin, uid 102 > > [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(156) > > found by name: admin > > [1998/11/11 23:17:53, 7] passdb/smbpass.c:endsmbfilepwent(81) > > endsmbfilepwent: closed password file. > > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(40) > > =============================================================== > > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(41) > > INTERNAL ERROR: Signal 11 in pid 3358 (2.0.0-prealpha) > > Please read the file BUGS.txt in the distribution > > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(43) > > =============================================================== > > [1998/11/11 23:17:53, 0] lib/util.c:smb_panic(4181) > > PANIC: internal error > > > > I just fixed this and checked it in. CVS update and > try again to see if it fails. Thanks for finding the > bug :-). > > Cheers, > > Jeremy Allison, > Samba Team. > > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > From D.Bannon at latrobe.edu.au Thu Nov 12 04:58:42 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:41 2003 Subject: Compile problem with OSF1 report In-Reply-To: References: <3.0.5.32.19981110144555.009df300@poptop.llnl.gov> Message-ID: <3.0.3.32.19981112155842.00741b54@bioserve.biochem.latrobe.edu.au> Easily fixed syntax problem that only affects OSF1 users. Todays CVS Compiling printing/printing.c /usr/lib/cmplrs/cc/cfe: Error: printing/printing.c, line 230: Syntax Error int length; --^ around line 230 source looks like this : pstrcpy(line2,line); #ifdef OSF1 int length; length = strlen(line2); if (line2[length-3] == ':') return(False); #endif /* OSF1 */ And I assume it should look like this : pstrcpy(line2,line); #ifdef OSF1 { int length; length = strlen(line2); if (line2[length-3] == ':') return(False); } #endif /* OSF1 */ An we still have lots of these, they have not caused problems in the past..... /usr/lib/cmplrs/cc/cfe: Warning: rpc_parse/parse_samr.c, line 3011: & before arr ay or function: ignored memcpy(&(hsh->hash), hash, sizeof(hsh->hash)); -------^ David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From harald at penti.sit.fi Thu Nov 12 09:01:37 1998 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:41 2003 Subject: How about "Trust Relationships"? Message-ID: Is it possible to have a Trust Relationship between a NT and a SAMBA server? I have a Nt server, which should trust the SAMBA server. =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From icoupeau at unav.es Thu Nov 12 10:22:12 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:41 2003 Subject: Compiler warnings and receive_smb: bug? Message-ID: <364AB6D4.29EFF916@unav.es> I look this message in the log (100) in Linux RedHat 5.1 Intel wit the latest CVS version I get (981112,10:30WET): ------------------------------- [1998/11/12 10:53:31, 6] lib/util_sock.c:write_socket(188) write_socket(6,39) wrote 39 [1998/11/12 10:53:31, 10] lib/util_sock.c:receive_smb(493) receive_smb: length < 0! ^^^^^^^^^^^^^^^^ [1998/11/12 10:53:31, 3] smbd/process.c:smbd_process(806) end of file from client ------------------------------- When compile the CVS I get two warnings: ------------------------------------ Compiling lib/util_str.c lib/util_str.c: In function `strncpyn': lib/util_str.c:845: warning: passing arg 1 discards `const' from pointer target type Compiling lib/util_sid.c ... Compiling lib/util_str.c with -fpic lib/util_str.c: In function `strncpyn': lib/util_str.c:845: warning: passing arg 1 discards `const' from pointer target type Compiling lib/util_sid.c with -fpic ------------------------------------ I don't know if the "receive_smb: length < 0!" is related to strncpyn... ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From icoupeau at unav.es Thu Nov 12 10:44:29 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:41 2003 Subject: Can't log Message-ID: <364ABC0D.892DE270@unav.es> I tried mount a volume or log in the PDC with the latest versions of CVS (during the latest week) with Linux 5.1 RedHat 5.1 (intel). With smbclient I obtain: > tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) ..neither I cant log from a NTWS4,SP3 to PDC. Of course I tested the passwords and so... Some help? Thx, Ignacio P.D. a bit of the log (sorry for the size): ------ [1998/11/12 11:11:45, 3] smbd/password.c:setup_groups(192) icoupeau is in 4 groups: 0, 103, 104, 500 [1998/11/12 11:11:45, 3] smbd/password.c:register_vuid(270) uid 100 registered to name icoupeau ... [1998/11/12 11:11:45, 4] smbd/password.c:smb_password_ok(394) Checking SMB password for user icoupeau [1998/11/12 11:11:45, 5] smbd/password.c:smb_password_ok(413) challenge received [1998/11/12 11:11:45, 4] smbd/password.c:smb_password_ok(421) smb_password_ok: Checking NT MD4 password [1998/11/12 11:11:45, 4] smbd/password.c:smb_password_ok(428) NT MD4 password check failed ... [1998/11/12 11:11:45, 3] smbd/password.c:authorise_login(731) ACCEPTED: validated uid ok as non-guest [1998/11/12 11:11:45, 3] smbd/service.c:make_connection(380) Connect path is /home/icoupeau [1998/11/12 11:11:45, 3] smbd/password.c:setup_groups(192) icoupeau is in 4 groups: 0, 103, 104, 500 [1998/11/12 11:11:45, 5] smbd/connection.c:claim_connection(127) trying claim /usr/local/etc/samba/var/locks STATUS. 100000 [1998/11/12 11:11:45, 8] lib/util.c:fcntl_lock(2750) fcntl_lock 7 7 0 1 1 [1998/11/12 11:11:45, 8] lib/util.c:fcntl_lock(2811) Lock call successful [1998/11/12 11:11:45, 8] lib/util.c:fcntl_lock(2750) fcntl_lock 7 7 0 1 2 [1998/11/12 11:11:45, 8] lib/util.c:fcntl_lock(2811) Lock call successful [1998/11/12 11:11:45, 0] smbd/uid.c:become_gid(135) Couldn't set gid 0 currently set to (0,0) [1998/11/12 11:11:45, 0] smbd/service.c:make_connection(419) Can't become connected user! ----- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From abs at maunsell.co.uk Thu Nov 12 18:20:12 1998 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:41 2003 Subject: Anyone have experience with samba and TSE Message-ID: <19981112182012.29041@maunsell.co.uk> We have just started looking at NT Server, TSE with Metaframe from Citrix and WinCenter Connect for Metaframe from NCD. We've had the 3.51 version of this lot around for a while, authenticating using NIS. With the 4.0 version, I wanted to authenticate against our samba PDC to bring the NC users into complete alignment with our NT4 workstation users. First off this went OK, the TSE box was able to join the domain, and smbclient was able to access it, I even connected to samba shares from a dos promt on the TSE box. However, logging into the domain from the gina (dont know whose that is, TSE, Metframe, or NCD?) fails - spectacularly, on the console it reboots the TSE box. This is against a 1.9.19-prealpha cvs'd on Jul_14_23:04 GMT, so I am busy trying to configure today's cvs code right now. Can anyone confirm my optimism that this is going to work, or tell my right now I've got to use Insignia's pathetic NIS offering? Thanks in advance -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From ekaftan at lanchile.cl Thu Nov 12 19:15:53 1998 From: ekaftan at lanchile.cl (Eduardo Kaftanski) Date: Tue Dec 2 02:24:41 2003 Subject: Anyone have experience with samba and TSE References: <19981112182012.29041@maunsell.co.uk> Message-ID: <364B33E9.CB571D3E@lanchile.cl> Andy Smith wrote: > > We have just started looking at NT Server, TSE with Metaframe from > Citrix > and WinCenter Connect for Metaframe from NCD. We've had the 3.51 > version > of this lot around for a while, authenticating using NIS. Stay with the 3.51 version. We installed NT TSE and MetaFrame and had to retrace our steps... The box is NOT stable, and the TCP/IP stack it comes with dies very frequently (two or 3 times a day with 60 users) -- --- "Linux? Sir, we have a year 229T Problem." (signature of jonathan@charm.cyberlink.ch, Peter Keel) From lkcl at switchboard.net Thu Nov 12 19:13:49 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:41 2003 Subject: Anyone have experience with samba and TSE In-Reply-To: <19981112182012.29041@maunsell.co.uk> Message-ID: andy, i've fixed loads of junk since july 14th, it doesn't surprise me if it falls over. if you have a spare NT server around can you substitute the samba server for an NT server, test out the spectacularly-failing client, do a network trace (netmon), send it to me. also a network trace of the spectacular crash. thanks! On Fri, 13 Nov 1998, Andy Smith wrote: > We have just started looking at NT Server, TSE with Metaframe from Citrix > and WinCenter Connect for Metaframe from NCD. We've had the 3.51 version > of this lot around for a while, authenticating using NIS. With the 4.0 > version, I wanted to authenticate against our samba PDC to bring the NC > users into complete alignment with our NT4 workstation users. > > First off this went OK, the TSE box was able to join the domain, and > smbclient was able to access it, I even connected to samba shares from > a dos promt on the TSE box. > > However, logging into the domain from the gina (dont know whose that > is, TSE, Metframe, or NCD?) fails - spectacularly, on the console it > reboots the TSE box. This is against a 1.9.19-prealpha cvs'd on > Jul_14_23:04 GMT, so I am busy trying to configure today's cvs code > right now. Can anyone confirm my optimism that this is going to work, > or tell my right now I've got to use Insignia's pathetic NIS offering? > > Thanks in advance > -- > _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 > /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 > ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk > / England. -or- abs@maunsl00.demon.co.uk > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From svedja at lysator.liu.se Thu Nov 12 22:18:52 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:41 2003 Subject: Quotas are in again Message-ID: Hi everybody. My changes that enables quota-support in Samba, is in now and I encurage everybody that have a need for quotas it to test it. Nothing fundamental has been changed since Samba 1.*. Still the code need to be tested on all the systems. The most important changes in my opinion. *) The input/output variables no longer are int but SMB_BIG_UINT, same as dfree uses. *) Quotas-files are splitted up in two files, one with th actual system-dependant quotas-code and one with a system-independant dummy code that allways fails (returns FALSE). The later is compiled in when "--with-quotas" is NOT selected during configure. I have tested the code on Solaris_x86 2.6 but I find no reason why it would not work on Solaris for Sparc. As I have no root-access to the other systems for which code exists in quotas.c I would like if other could confirm/deny if the code works on these systems. The OS's in question are LINUX, CRAY, SunOS-4, OSF1, IRIX 6.2, AIX, HPUX, FreeBSD & OpenBSD. Of course, anybody that wants to add support for other platforms are welcome. But the final decition is allways in the hands of the great Samba team. Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From alex at targeting.co.uk Fri Nov 13 10:51:59 1998 From: alex at targeting.co.uk (Alex Knowles) Date: Tue Dec 2 02:24:41 2003 Subject: sorry Message-ID: <615CAC0140CED111AF1500805FEDDB8A094AD7@ns.new-mediacom.co.uk> I apologise in advance for the newbieness of this question, (especially if it is posted to the wrong place). I'm about to set up a freebsd file/mail/print/web server for the office, The office uses NT workstations, with an nt and exchange server running the domain. Will it be possible for samba on the BSD box to be primary domain controller for all this? I heard somewhere that samba doesn't like NT password verification. In the first stage I shall be leaving the NT box as domain controller, but would like to kill that off as soon as possible. Leaving it just to handle exchange for those that want it (eugh!), and as a development box for running asp scripts etc. Again I apologise if this is the wrong place to be asking such a basic question thanks in advance alex From cartegw at Eng.Auburn.EDU Fri Nov 13 13:33:22 1998 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:41 2003 Subject: sorry References: <615CAC0140CED111AF1500805FEDDB8A094AD7@ns.new-mediacom.co.uk> Message-ID: <364C3522.E86A0C54@eng.auburn.edu> Alex Knowles wrote: > > domain. Will it be possible for samba on the BSD box to > be primary domain controller for all this? I heard > somewhere that samba doesn't like NT password verification. Check out the NTDOM FAQ linked off the main samba site under documentation Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From todd at edge.cis.McMaster.CA Fri Nov 13 15:22:46 1998 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:24:41 2003 Subject: user profile updates not happening Message-ID: I'm just getting started with samba-2.0 and it's looking good! I started building samba-2.0.0-alpha16 yesterday and by the end of the day I had my samba PDC running and my NT workstation was a member of the domain (and I had eliminated my need for NISGINA). I happily have a working netlogon share, I can run a logon script, and roaming profiles are almost working. The only problem I'm having is that roaming profiles are not being properly updated to the user's profile directory on the logon server. Here are my smb.conf settings related to domain logons. domain logons = yes logon drive = h: logon home = \\%N\%U logon path = \\%N\%U\NTProfile logon script = logon.cmd If a user logs on and does not already have an NTProfile directory in their home directory, one is created successfully. When they log out, the profile is saved under the NTProfile directory. On subsequent logins, the roaming profile seems to be loaded successfully from the profile server (at least I don't get any complaints about being unable to access the roaming profile), but any changes I have made to the profile do not seem to have been saved. Any ideas? -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From nimir at kis.p.lodz.pl Fri Nov 13 16:01:20 1998 From: nimir at kis.p.lodz.pl (Maciej Lesniewski) Date: Tue Dec 2 02:24:41 2003 Subject: Polices file problem... Message-ID: <19981113170120.B17761@zly.kis.p.lodz.pl> Hello :-) I got strange problem with netlogons... I created [netlogons] share and put some logon-script and policy file (config.pol). Everything works fine, but only for one group (staff); when I try to logon any people from other group (stud for example) policy file is _not_ used. logon-script every time is executed correctly (I set the time and mount few shares). Looks like there is a problem with permisions (config.pol is not accessible by any group except staff)... But permisions looks good: drwxr-xr-x 3 root other 512 Nov 6 17:22 bin drwxr-xr-x 3 root staff 512 Nov 11 15:48 lib drwxr-xr-x 2 root other 512 Nov 13 14:49 netlogon drwxr-xr-x 2 root other 512 May 8 1998 private drwxr-xr-x 3 root other 512 Nov 13 14:49 profiles drwxr-x--- 3 root staff 1024 Nov 13 12:37 var -rwxr--r-- 1 root other 8192 Nov 12 17:06 config.pol -rwxr--r-- 1 root other 139 Nov 12 13:12 logon.bat Any ideas?? TIA. -- *** Maciej Lesniewski Computer Engineering Department *** *** nimir@kis.p.lodz.pl Technical University of Lodz *** *** http://www.kis.p.lodz.pl/~nimir/ PGP key on finger *** From todd at edge.cis.McMaster.CA Fri Nov 13 17:00:29 1998 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:24:41 2003 Subject: user profile updates not happening In-Reply-To: Message-ID: I just answered my own question. When I looked at the Permissions of the NTuser.dat file in the local copy of the profile on the NT workstation (C:\WINNT\Profiles\username\NTUser.dat) the file did not have permissions for MYDOMAIN/username, but for MYDOMAIN/Account Deleted or Unknown Account or something like that. So no profile changes for username were being saved, either in the local copy on the workstation or the server roaming copy. I'm not sure how it got into this state, but it probably had something to do with my transition from NISGINA. I'm going to have to come up with a procedure to convert our production systems from NISGINA to samba PDC while preserving existing user profiles and making sure they are accessible by the new samba PDC domain users. Anyone dealt with this problem yet? On Sat, 14 Nov 1998, Todd Pfaff wrote: > I'm just getting started with samba-2.0 and it's looking good! > > I started building samba-2.0.0-alpha16 yesterday and by the end of the day > I had my samba PDC running and my NT workstation was a member of the > domain (and I had eliminated my need for NISGINA). I happily have a > working netlogon share, I can run a logon script, and roaming profiles are > almost working. > > The only problem I'm having is that roaming profiles are not being > properly updated to the user's profile directory on the logon server. > Here are my smb.conf settings related to domain logons. > > domain logons = yes > logon drive = h: > logon home = \\%N\%U > logon path = \\%N\%U\NTProfile > logon script = logon.cmd > > If a user logs on and does not already have an NTProfile directory in > their home directory, one is created successfully. When they log out, the > profile is saved under the NTProfile directory. > > On subsequent logins, the roaming profile seems to be loaded successfully > from the profile server (at least I don't get any complaints about being > unable to access the roaming profile), but any changes I have made to the > profile do not seem to have been saved. > > Any ideas? > > -- > Todd Pfaff \ Email: pfaff@mcmaster.ca > Computing and Information Services \ Voice: (905) 525-9140 x22920 > ABB 132 \ FAX: (905) 528-3773 > McMaster University \ > Hamilton, Ontario, Canada L8S 4M1 \ > -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From svedja at lysator.liu.se Fri Nov 13 17:10:12 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:41 2003 Subject: Polices file problem... In-Reply-To: <19981113170120.B17761@zly.kis.p.lodz.pl> Message-ID: config.pol are used on Win9x machines, NTconfig.pol are used on NT machines. Correct me if I'm wrong Dejan On Sat, 14 Nov 1998, Maciej Lesniewski wrote: > Hello :-) > > I got strange problem with netlogons... > I created [netlogons] share and put some logon-script and policy > file (config.pol). > > Everything works fine, but only for one group (staff); when I try to > logon any people from other group (stud for example) policy file is > _not_ used. logon-script every time is executed correctly (I set the time > and mount few shares). > > Looks like there is a problem with permisions (config.pol is not accessible > by any group except staff)... > > But permisions looks good: > > drwxr-xr-x 3 root other 512 Nov 6 17:22 bin > drwxr-xr-x 3 root staff 512 Nov 11 15:48 lib > drwxr-xr-x 2 root other 512 Nov 13 14:49 netlogon > drwxr-xr-x 2 root other 512 May 8 1998 private > drwxr-xr-x 3 root other 512 Nov 13 14:49 profiles > drwxr-x--- 3 root staff 1024 Nov 13 12:37 var > > -rwxr--r-- 1 root other 8192 Nov 12 17:06 config.pol > -rwxr--r-- 1 root other 139 Nov 12 13:12 logon.bat > > Any ideas?? From mh at bacher.at Fri Nov 13 18:17:40 1998 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:24:41 2003 Subject: Change Password fails, Was: Login with NO PASSWORD - panic In-Reply-To: Message-ID: Has anyone had success, change password a second ( or more ) times ? I got not respond to this problem, Please help ! Thank you ------------------------------------------------------------------- Martin Hofbauer Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- On Thu, 12 Nov 1998, Martin Hofbauer Bacher Systems EDV wrote: > > Thanks, now logon with no password is working ! > > My current problem: > With no password set, there is no way to change it to something > other from the NT side ( CTRL-ALT_DEL -> "change password" ): > > But with a password set there is a different behavior: > ( And has maybe nothing to do with my original Problem ...) > > User: smsadm > PW_old: test1234 > PW_new: test4321 > > if you set the password via smbpasswd a. restart Samba: > "change password" is possible; logon with new password: ok ! > > But: Change password a second time: "...wrong password" message on NT > In order to get "change password" working again you have to set > the password with smbpassword and restart Samba again! > > Here is the smbpasswd entry for "smsadm": ( set with smbpaswd, PW: > "test1234"): > smsadm:103:624AAC413795CDC1FF17365FAF1FFE89:3B1B47E42E0463276E3DED6CEF349F93: > > Entry after first( successful) password change ( to "test4321"): > smsadm:103:C959BEC57C2EF53BC2265B23734E0DAC:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: > > Here is a ( hopefully ) important part of the logfile: > ( This is the part during my first ( successfull ) password change ! > > > [1998/11/12 01:35:14, 4] lib/username.c:map_username(89) > Scanning username map /etc/username.map > [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(140) > search by name: smsadm > [1998/11/12 01:35:14, 10] passdb/smbpass.c:startsmbfilepwent(45) > startsmbfilepwent: opening file /etc/smbpasswd > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user admin, uid 102 > [1998/11/12 01:35:14, 6] passdb/smbpass.c:getsmbfilepwent(159) > getsmbfilepwent: skipping comment or blank line > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user admin, uid 102 > [1998/11/12 01:35:14, 6] passdb/smbpass.c:getsmbfilepwent(159) > getsmbfilepwent: skipping comment or blank line > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user root, uid 0 > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user sach20$, uid 101 > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user smsadm, uid 103 > [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(156) > found by name: smsadm > [1998/11/12 01:35:14, 7] passdb/smbpass.c:endsmbfilepwent(81) > endsmbfilepwent: closed password file. > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(394) > Checking SMB password for user smsadm > [1998/11/12 01:35:14, 5] smbd/password.c:smb_password_ok(413) > challenge received > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(421) > smb_password_ok: Checking NT MD4 password > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(428) > NT MD4 password check failed > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(434) > Checking LM MD4 password > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(450) > LM MD4 password check failed > [1998/11/12 01:35:14, 3] smbd/password.c:pass_check_smb(522) > Error smb_password_check failed > [1998/11/12 01:35:14, 0] smbd/reply.c:reply_sesssetup_and_X(695) > NT Password did not match ! Defaulting to Lanman > [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(140) > search by name: smsadm > [1998/11/12 01:35:14, 10] passdb/smbpass.c:startsmbfilepwent(45) > startsmbfilepwent: opening file /etc/smbpasswd > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user admin, uid 102 > [1998/11/12 01:35:14, 6] passdb/smbpass.c:getsmbfilepwent(159) > getsmbfilepwent: skipping comment or blank line > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user root, uid 0 > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user sach20$, uid 101 > [1998/11/12 01:35:14, 5] passdb/smbpass.c:getsmbfilepwent(252) > getsmbfilepwent: returning passwd entry for user smsadm, uid 103 > [1998/11/12 01:35:14, 10] passdb/passdb.c:iterate_getsmbpwnam(156) > found by name: smsadm > [1998/11/12 01:35:14, 7] passdb/smbpass.c:endsmbfilepwent(81) > endsmbfilepwent: closed password file. > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(394) > Checking SMB password for user smsadm > [1998/11/12 01:35:14, 5] smbd/password.c:smb_password_ok(413) > challenge received > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(421) > smb_password_ok: Checking NT MD4 password > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(428) > NT MD4 password check failed > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(434) > Checking LM MD4 password > [1998/11/12 01:35:14, 4] smbd/password.c:smb_password_ok(450) > LM MD4 password check failed > [1998/11/12 01:35:14, 3] smbd/password.c:pass_check_smb(522) > Error smb_password_check failed > [1998/11/12 01:35:14, 3] smbd/error.c:error_packet(138) > error packet at line 705 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 > [1998/11/12 01:35:14, 3] smbd/error.c:error_packet(143) > error string = Bad file number > [1998/11/12 01:35:14, 5] lib/util.c:show_msg(460) > > > Here is the log during the second ( unsuccessfull ) change: > [1998/11/12 02:12:40, 0] rpc_server/srv_util.c:api_pipe_request(676) > api_pipe_request: **** MUST CALL become_user() HERE **** > [1998/11/12 02:12:40, 0] rpc_server/srv_util.c:api_pipe_request(676) > api_pipe_request: **** MUST CALL become_user() HERE **** > [1998/11/12 02:12:40, 0] smbd/chgpasswd.c:check_oem_password(663) > check_oem_password: no ntlm password ! > > ------------------------------------------------------------------- > Martin Hofbauer Consulting > phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH > fax : +43 (1) 60 126-4 Wienerbergstr. 11B > e-mail: mh@bacher.at A-1101 Vienna, Austria > -- > > On Wed, 11 Nov 1998, Jeremy Allison wrote: > > > Martin Hofbauer Bacher Systems EDV wrote: > > > > > > > > if you delete the password with: > > > smbpasswd -n admin ( which is mapped to Administrator ) > > > > > > and want to login in with no password entered: > > > > > > You will get following error: > > > > > > [1998/11/11 23:17:53, 3] lib/username.c:map_username(122) > > > Mapped user Administrator to admin > > > [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(140) > > > search by name: admin > > > [1998/11/11 23:17:53, 10] passdb/smbpass.c:startsmbfilepwent(45) > > > startsmbfilepwent: opening file /etc/smbpasswd > > > [1998/11/11 23:17:53, 5] passdb/smbpass.c:getsmbfilepwent(252) > > > getsmbfilepwent: returning passwd entry for user admin, uid 102 > > > [1998/11/11 23:17:53, 10] passdb/passdb.c:iterate_getsmbpwnam(156) > > > found by name: admin > > > [1998/11/11 23:17:53, 7] passdb/smbpass.c:endsmbfilepwent(81) > > > endsmbfilepwent: closed password file. > > > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(40) > > > =============================================================== > > > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(41) > > > INTERNAL ERROR: Signal 11 in pid 3358 (2.0.0-prealpha) > > > Please read the file BUGS.txt in the distribution > > > [1998/11/11 23:17:53, 0] lib/fault.c:fault_report(43) > > > =============================================================== > > > [1998/11/11 23:17:53, 0] lib/util.c:smb_panic(4181) > > > PANIC: internal error > > > > > > > I just fixed this and checked it in. CVS update and > > try again to see if it fails. Thanks for finding the > > bug :-). > > > > Cheers, > > > > Jeremy Allison, > > Samba Team. > > > > > > -- > > -------------------------------------------------------- > > Buying an operating system without source is like buying > > a self-assembly Space Shuttle with no instructions. > > -------------------------------------------------------- > > > From icoupeau at unav.es Fri Nov 13 19:05:56 1998 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:41 2003 Subject: Can't log References: <364ABC0D.892DE270@unav.es> Message-ID: <364C8314.C501FE6B@unav.es> The error reported below is with the linux RH 5.1 and a kernel 2.125; with the 2.118 or 2.036 (better) runs fine: I added some NTWS, added users, etc. Sorry for the wasted time, Ignacio Ignacio Coupeau wrote: > > I tried mount a volume or log in the PDC with the latest versions of CVS > (during the latest week) with Linux 5.1 RedHat 5.1 (intel). > With smbclient I obtain: > > tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From crussell at css.tayloru.edu Fri Nov 13 20:21:10 1998 From: crussell at css.tayloru.edu (Chris Russell) Date: Tue Dec 2 02:24:41 2003 Subject: Todo list / Functionality list Message-ID: Would it be possible to compile either a "done" list or a "todo" list (and keep them up to date) so that people can either find out what is working or what is not working? I find it frustrating wondering what is working or not working at the moment. Hopefully it would also eliminate some of the messages from people asking what is working at the time. I am willing to compile it if people will send me e-mails on what they know is or is not working. In Christ, Chris Russell crussell@css.tayloru.edu Head System Administrator Computer Science Department Taylor University From jallison at cthulhu.engr.sgi.com Sat Nov 14 05:18:09 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:41 2003 Subject: Samba 2.0 Beta1 released ! Message-ID: <364D1291.8781241@engr.sgi.com> The Samba Team are pleased to announce Samba 2.0 Beta1 This is the first of (hopefully) a short series of Beta releases of the 2.0 code. We are relasing these Betas to enable the Samba Team to gain wider testing of the new autoconf mechanism and fix any bugs before the first ship of the new stable version of Samba - Samba 2.0. Samba 2.0 Beta1 is available in source form at the following URL (it will be available from our mirror sites shortly) : http://samba.anu.edu.au/samba/ftp/beta/samba-2.0.0beta1.tar.gz Please try this code and give us feedback. The WHATSNEW.txt file follows. As always, any bugs are our responsibility, Regards, The Samba Team. ----------------------------------------------------------- WHATS NEW IN Samba 2.0.0 beta1 ============================== This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. Major changes in Samba 2.0 -------------------------- There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.anu.edu.au/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.anu.edu.au/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.anu.edu.au As always, all bugs are our responsibility. Regards, The Samba Team. ---------------------------------------------------------------------- From canfield at uindy.edu Sat Nov 14 05:24:05 1998 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:41 2003 Subject: Todo list / Functionality list References: Message-ID: <364D13F5.2C75D3D0@uindy.edu> There is a list at peng1.uindy.edu/samba/todo.html. Luke used to send me pretty regular updates of what went where in terms of priority, but then Luke took some time off of the project, and I spent some time on other projects, so it hasn't been updated in a while. I'll try to look through the list this weekend and make it current again. Any input from others would be helpful, especially from the programmers who can clue me in as to the priority and status of each item. I'm also about 25% done with a "user's manual" of sorts for Samba 2.0.0. I'll try to get it posted to the same web site (peng1.uindy.edu) over the weekend as well, so that those of us who have offered to write documentation have something to start with. On an unrelated note, I posted here a week or so ago asking for people's experiences with NTFS permissions in a lab situation. I've found some useful info, and I'll be placing it on the same site later this week. Dana Chris Russell wrote: > Would it be possible to compile either a "done" list or a "todo" > list (and keep them up to date) so that people can either find out what is > working or what is not working? I find it frustrating wondering what is > working or not working at the moment. Hopefully it would also eliminate > some of the messages from people asking what is working at the time. I am > willing to compile it if people will send me e-mails on what they know is > or is not working. > > In Christ, > Chris Russell > crussell@css.tayloru.edu > Head System Administrator > Computer Science Department > Taylor University From mmezo at mx2.redestb.es Sat Nov 14 08:52:31 1998 From: mmezo at mx2.redestb.es (Marcos Mezo) Date: Tue Dec 2 02:24:41 2003 Subject: Access permissions start Dr.Watson on WinNT SP3 Message-ID: <364D44CF.2003C761@mx2.redestb.es> Hi all, First of all thank you for samba and for the improvements over the last few months I have been following the developement both in this list and trying every once in a while the CVS code. We are already finishing an installation of aprox. 70 PCs with NT4 SP3 and Linux with Linux and Samba acting as a PDC, which we want to set in production for the beginning of next year. (It's for a student's Lab) Everything seems to work allright except for one subtlety. We want our HD to be secure (that's why we choosed NT over 95/98), so we have to give permissions to deny write access to the HD and also to the registry, but two out of three times it fails and out comes Dr. Watson. I am going to try to catch it up in the samba logs and if I find out how to use it I'm going to use netmon to try to get a trace of the process. (any hints?) Thank you in advance, Marcos Mezo From mg at plum.de Sat Nov 14 11:48:17 1998 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:24:41 2003 Subject: NTdomain logon problems Message-ID: <001a01be0fc4$ac2587e0$0c4e4dc2@system3.plum.de> Hi, I was trying the 2.0.beta 1 and I got some trouble with domain logons: Client : NT 4.0 Server : Linux RH 5.0 pam glibc Normal logon works fine, just not the machine account : [1998/11/14 11:37:26, 10] passdb/passdb.c:iterate_getsmbpwnam(156) found by name: SYSTEM9$ [1998/11/14 11:37:26, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1998/11/14 11:37:26, 4] smbd/password.c:smb_password_ok(394) Checking SMB password for user system9$ [1998/11/14 11:37:26, 5] smbd/password.c:smb_password_ok(404) use last SMBnegprot challenge [1998/11/14 11:37:26, 4] smbd/password.c:smb_password_ok(421) smb_password_ok: Checking NT MD4 password [1998/11/14 11:37:26, 4] smbd/password.c:smb_password_ok(425) NT MD4 password check succeeded [1998/11/14 11:37:26, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 447 cmd=115 (SMBsesssetupX) eclass=c000006d [Error : Unknown error (109,49152)] smbpasswd : system9$:1040:53BC3C667927330BAAD3B435B51404EE:C813A9121E7BD7C8651496AB2ACFCC85:[U ]:LCT-364D5874: The same happens when I use smbclient -d 10 -U system9$ .. (it looks like some problems with the "$") TIA, Michael Glauche -------------- next part -------------- HTML attachment scrubbed and removed From m.chapman at student.unsw.edu.au Sat Nov 14 12:32:50 1998 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:41 2003 Subject: NTdomain logon problems References: <001a01be0fc4$ac2587e0$0c4e4dc2@system3.plum.de> Message-ID: <364D7872.C8B1E242@student.unsw.edu.au> > system9$:1040:53BC3C667927330BAAD3B435B51404EE:C813A9121E7BD7C8651496AB2A= > CFCC85:[U ]:LCT-364D5874: The 'U' here (user) should instead be 'W' for workstation. If using smbpasswd to add machine accounts you must use the -m switch. Good luck. Matt -- Matt Chapman E-mail: mattyc@cyberdude.com From cartegw at Eng.Auburn.EDU Sat Nov 14 20:50:32 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:41 2003 Subject: Access permissions start Dr.Watson on WinNT SP3 References: <364D44CF.2003C761@mx2.redestb.es> Message-ID: <364DED18.E6EA505E@eng.auburn.edu> Marcos Mezo wrote: > > our HD to be secure (that's why we choosed NT over 95/98), so > we have to give permissions to deny write access to the HD > and also to the registry, but two out of three times it fails > and out comes Dr. Watson. I am going to try to catch it up > in the samba logs and if I find out how to use it I'm going > to use netmon to try to get a trace of the process. > (any hints?) What caauses the fault. Need more information. Have you tried using the guidelines in the "Securing Windows NT" white paper from Microsoft? You'll need to allow some write access to registry keys and local files (%systemdrive%\temp for example) Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From andrew at cs.toronto.edu Sun Nov 15 17:22:19 1998 From: andrew at cs.toronto.edu (Andrew S. Prior) Date: Tue Dec 2 02:24:41 2003 Subject: Odd behaviour with current CVS tree In-Reply-To: <199811091550.KAA02917@alcove.wittsend.com> Message-ID: Hi again, I finally managed to get the information you all requested, so here it is. I updated to Samba 2.0.0beta1, just so you know exactly the code I'm dealing with. On starting the new samba I rebooted and tried to log into an NT machine and get the error: "The system can not log you on (C000019B). Please try again or consult your system administrator." I was running tcpdump-smb during this, and attached the output of that to this e-mail. I asle rebooted and tried to log into a '95 box, and the first time I try to log in I always get an error message. I think that sometimes the error message changes but the one I wrote down is: "The network could not validate your user name. You cannot use windows unless your user name is validated by the network. Make sure you typed everything correctly, or contact your system administrator". This problem happens with the older version of samba from the CVS tree but not the non-NTDOM samba. I attached a tcpdump-smb output from these attempts as well, it shows a failed login and then a working one right after it. The samba server is in the NT and '95 machines lmhosts file. Please help! If you want any more information, just let me know. Thanks. Andrew From svedja at lysator.liu.se Sun Nov 15 19:41:53 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:41 2003 Subject: Win95 Update & Samba ? Message-ID: >The http://support.microsoft.com/download/support/mslfiles/Vrdrupd.exe >will make the 95 boxes speak the NT-SP3 dialect of SMB. I hoped that this would help Win-95 to stop using LANMAN when communicating to Samba & use NTLM instead. But since I installed it I haven't been able to use the machine in the local domain. It seems to work in workgroup thou. Can anybody confirm this ? Samba is the newest CVS. Win95-OSR2 Dejan PS. Yes, I know how to add and remove machines from the Samba-domain so that is not the problem. From abs at maunsell.co.uk Sun Nov 15 21:24:41 1998 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:41 2003 Subject: Samba 2.0 Beta1 released ! In-Reply-To: ; from Tim Rice on Mon, Nov 16, 1998 at 07:24:58AM +1100 References: <364D1291.8781241@engr.sgi.com> Message-ID: <19981115212441.58304@maunsell.co.uk> On Mon, Nov 16, 1998 at 07:24:58AM +1100, Tim Rice wrote: > > A recent change to the source (somewhere between 11/10-11/14 I think) > has made thins worse on UnixWare. There are a bunch or macro redefined: > errors. > > Compiling smbd/server.c > UX:acomp: WARNING: "/usr/include/sys/xti.h", line 265: macro redefined: ROUNDUP Just got this same problem on Solaris 2.4, there is a ROUNDUP defined in /usr/include/sys/tiuser.h -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From D.Bannon at latrobe.edu.au Sun Nov 15 22:35:15 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:41 2003 Subject: Change Password fails, Was: Login with NO PASSWORD - panic In-Reply-To: References: Message-ID: <3.0.3.32.19981116093515.0076f538@bioserve.biochem.latrobe.edu.au> At 05:20 AM 14/11/1998 +1100, Martin Hofbauer Bacher Systems EDV wrote: > >Has anyone had success, change password a second ( or more ) times ? >I got not respond to this problem, Please help ! > Yes, it works fine on my test system that has a current cvs. Your problem may be that you are trying to change to a password that is not suitable, ie not enough letters, too similar etc. Because samba uses the system passwd command to change passwords and then tries to capture the response, it makes no attempt to look at why a change attemt fails, it just sees anything that does not look like success as failure and tell the NT that 'something' did not work. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From tridge at samba.anu.edu.au Sun Nov 15 23:08:15 1998 From: tridge at samba.anu.edu.au (Andrew Tridgell) Date: Tue Dec 2 02:24:41 2003 Subject: Samba 2.0 Beta1 released ! In-Reply-To: <19981115212441.58304@maunsell.co.uk> (message from Andy Smith on Mon, 16 Nov 1998 08:26:46 +1100) References: <364D1291.8781241@engr.sgi.com> <19981115212441.58304@maunsell.co.uk> Message-ID: <19981115230816Z12618350-584+146@samba.anu.edu.au> > Just got this same problem on Solaris 2.4, there is a ROUNDUP defined in > /usr/include/sys/tiuser.h I've fixed it for the next release. From canfield at uindy.edu Mon Nov 16 00:30:35 1998 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:41 2003 Subject: ToDo List updates Message-ID: <364F722A.7DBA9DA6@uindy.edu> I've updated the todo list (http://peng1.uindy.edu/samba/todo.html) to the best of my knowledge. If people could take a look at it and inform me of any errors, I'd appreciate it. On a separate note, I've also noticed that there are getting to be a lot of FAQ-style questions sent to the list lately (not pointing fingers, I've sent some obvious ones myself). Would it be worthwhile for someone to start sending a weekly or bi-weekly message with pointers to NTDOM FAQ, the TODO list, and the searchable list archives at MARC/PCC? If weekly releases are going to continue, maybe it could also include the siginificant changes for the week? Just a thought. Can From D.Bannon at latrobe.edu.au Mon Nov 16 02:22:31 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:41 2003 Subject: smbpasswd not called suid root ?? In-Reply-To: <364F722A.7DBA9DA6@uindy.edu> Message-ID: <3.0.3.32.19981116132231.00753148@bioserve.biochem.latrobe.edu.au> I know this is an old issue, but would like to know why smbpasswd is not allowed to be suid root. I call it from another binary that keeps users unix and smb passwords in sync and that binary has to be suid and therefore smbpasswd is too, when its called. Each time I get a new version I have to comment out this code so my sync system will work ! if ((eff_uid == (uid_t)0) && (real_uid != (uid_t)0)) { fprintf(stderr, "%s: Must *NOT* be setuid root.\n", prog_name); exit(1); } Is the problem because the origional smbpasswd itself was suid and when that changed the author put this code in to be sure that no one continued to have it suid ? (I don't want smbpasswd suid, just to call it from a suid binary) Its becoming less important now that the remote passwd change stuff works so well (great !) but some users like doing it the old way... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sbragion.denis at usa.net Mon Nov 16 10:43:55 1998 From: sbragion.denis at usa.net (Sbragion Denis) Date: Tue Dec 2 02:24:41 2003 Subject: Warning compiling 2.0beta1 under slackware 3.2 Message-ID: <3.0.6.32.19981116114355.009e7b00@MBox.InfoTecna.com> Hello, just a small info. I got this warning compiling samba 2.0beta1 under a Slackware 3.2 system (kernel 2.0.35): smbd/password.c: In function `setup_groups': smbd/password.c:167: warning: comparison is always 0 due to limited range of dat a type smbd/password.c:167: warning: comparison is always 0 due to limited range of dat a type Dont know if it matters. Bye! Sbragion Denis InfoTecna Tel, Fax: +39 039 2324054 URL: http://space.tin.it/internet/dsbragio From crea at alpha.aec.at Mon Nov 16 11:36:05 1998 From: crea at alpha.aec.at (Michael Pitra) Date: Tue Dec 2 02:24:42 2003 Subject: considering "Domain" In-Reply-To: <19981116113106Z12583659-8515+398@samba.anu.edu.au> Message-ID: I do not know if this message is right on this mailing list but I have one problem in understanding the difference between "workgroup" (to be set in the smb.conf) and "domain". When using smbclient -L I see some output (in NT1 protocol mode) like: [Domain]=... [OS]=... [Workgroup]=... [Domain]=... I also supposed then (after seeing the output :))) that this domain string is the one I have to enter in the Domain box (win95 login process) - all worked fine. It seemed to be always the same string for workgroup and domain. Where to set the workgroup is easy to find. But where do I set up the domain? Or is it per default that Workgroup and Domain have the same string? Looking in client.c and clientutil.c it tells me that the string is not the same, they are lying in the same block but on different positions. So i suppose that there has to be a possibility to set up the domain name! :) If anyone can help me... contact me. Thanks :) Michael Pitra --------------------------------------------------------------- | Michael Pitra @ Johannes Kepler Universitaet Linz | | snailmail: Kollwitzstrasse 3, A-4060 Leonding, Austria | | (c) crea@alpha.aec.at '97 | --------------------------------ATTENTION!----------------------------- X-Authentication: failed, maybe system hack (check for good times!) Contact your system administrator soon. From micheal at it.nuigalway.ie Mon Nov 16 11:56:10 1998 From: micheal at it.nuigalway.ie (Micheal Colhoun) Date: Tue Dec 2 02:24:42 2003 Subject: subscribe Message-ID: <3.0.5.32.19981116115610.009bae60@it.nuigalway.ie> subscribe Micheal. -- Micheal Colhoun voice: +353 91 524411 x 3327 Information Technology Centre fax: +353 91 750501 National University of Ireland, Galway Ireland From mk at quadstone.com Mon Nov 16 12:47:03 1998 From: mk at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:24:42 2003 Subject: smbpasswd program broken Message-ID: <17298.199811161247@subnode.quadstone.com> Just downloaded the latest version of 2.0 via cvs. When I try to add a machine (which is in the NIS password file) using the command: % smbpasswd -a -m odin I get the error: User "odin" was not found in system password file. I managed to fix it by putting this bit of code back into smbpasswd.c if(trust_account) { int username_len = strlen(user_name); if(username_len >= sizeof(pstring) - 1) { fprintf(stderr, "%s: machine account name too long.\n", user_name); exit(1); } if(user_name[username_len-1] != '$') { user_name[username_len] = '$'; user_name[username_len+1] = '\0'; } } (before the lines if(!remote_machine && ((pwd = Get_Pwnam(user_name, True)) == NULL)) { fprintf(stderr, "%s: User \"%s\" was not found in system password file.\ n", prog_name, user_name); exit(1); } ) Is it broken, or has the functionality changed? Michael _________ Michael Keightley Tel: +44 131 220 4491 Systems Manager Fax: +44 131 220 4492 Quadstone Limited WWW: http://www.quadstone.com From ccalculo at aero.upm.es Mon Nov 16 13:27:11 1998 From: ccalculo at aero.upm.es (Centro de Calculo) Date: Tue Dec 2 02:24:42 2003 Subject: Followup of NT failing when giving permissions Message-ID: <3650282F.293D02FD@aero.upm.es> As I told in a previous message NT SP3 Spanish fails to add new (local) users to the permissions lists of a local file/directory or to the local registry. This seems to be because it looks by default for the users in the domain, and then fails with Dr. Watson giving you the following message (translated from Spanish so might be unaccurate). "Exception: Access Violation (0x0000005), Adress 0x778933aa" It's allways the same message, and happens both when you are Machine or Domain administrator. I have a level 50 log (4.5Mb) and a tcpdump of it. Is anybody interested, and if this is the case, where can I put it? Thank you again Marcos Mezo -- --------------------- Centro de Calculo ETSI Aeronauticos U.P.M. E-mail: ccalculo@aero.upm.es Tfno: 91-336.62.87 From dany at banat.ro Mon Nov 16 19:28:05 1998 From: dany at banat.ro (Dan Ardelean) Date: Tue Dec 2 02:24:42 2003 Subject: samba PDC and Novell IntranetWare Client Message-ID: <01BE11A8.52AEADF0@usr33.banat.ro> I have a problem: With Samba 2.0.0 pre-alpha running on my Linux box. Samba is configured to run with "domain logons = yes" so it should act like a PDC. It really does - and i had no problem to login to my Samba domain from a normal NT workstation. The problem is that I have also a Novell Server on my network so I want to use the Novell Client for Windows NT After installing the Novell Client if I try to login to the Samba domain I get the dead blue screen telling me that "Windows Logon Process Terminated Unexpectendly ... System Shutdown". But in the same conditions in I try to login to a domain which has a PDC running Windows NT Server ( not Samba ) it works. So, I think Samba does not behave exactlt like a Windows NT Server PDC. I did some search on the earlier messages in this list ( i'm kind of new here ... ) and what I found was: >Message-Id: <199808061104.NAA12069@mail.cs.up.ac.za> >Date: Thu, 6 Aug 1998 13:01:57 +0200 (GMT) >From: louis.botha@cs.up.ac.za >Subject: Novell IntraNetware Client & PDC crashes >To: samba-ntdom@samba.anu.edu.au >Hello all, >We are in the unfortunate position that we are forced to use the >IntraNetware client from Novell. Don't ask why - it's a long story :) >The client behaves rather strangely. From the samba logs it seems that >when a user logs into the domain, the authentication works, the user >registry is read and the files in the profile directories are read. >The client then tries to execute an illegal instruction and the entire >NT box crashes. Oh joy. >The client does not crash when I connect to a real NT PDC. If I >uninstall the Intranetware client, I can log in successfully using a >Samba PDC. >Does anyone have any idea why this might happen when I switch to a >Samba PDC? >Regards, >Louis >-- >----------------------------------------------------------------------- >Louis Botha Computer Science Department >louis.botha@cs.up.ac.za University of Pretoria >Tel: +27-12-420-3617 Pretoria >Cell: +27-82-924-4616 South Africa >http://www.cs.up.ac.za/~lbotha >----------------------------------------------------------------------- >Date: Thu, 06 Aug 1998 10:21:09 -0500 >From: Dana Canfield >To: louis.botha@cs.up.ac.za, samba-ntdom@samba.anu.edu.au >Subject: Re: Novell IntraNetware Client & PDC crashes >I can't offer any help, but I can confirm that we have the same problem. >It is important to note that the Intranetware client *did* work back in the >May-ish CVS's, so something has changed in Samba. Jeremy has asked me for >a packet trace, but I don't have the right tools to do this from a thrid >machine, and I can't figure out how to do a packet trace from the client >machine, since it is the one that will crash. Maybe if you have a way of >doing this, you could send a trace to jeremy and they can fix it? >Dana So it seems that some other people experienced the same problem. Did you find any answears ? Thanks, Dan From eparis at ven.ra.rockwell.com Mon Nov 16 15:43:44 1998 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:24:42 2003 Subject: samba PDC and Novell IntranetWare Client References: <01BE11A8.52AEADF0@usr33.banat.ro> Message-ID: <72ph7g$4ej$1@zeus.ven.ra.rockwell.com> Hi! I can confirm this: a NT workstation running IntranetWare Client crashes when loging in into a Samba PDC. This happens when the Login dialog box is the one provided by the IntranetWare Client (dialog box that is very different than the standard one supplied by NT). This used to work until around Sep. 21. There is a workaround, though: change the value of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL from NWGINA.DLL to MSGINA.DLL. You'll get the standard Windows NT login dialog box. Samba is definitely doing something different than a NT PDC. I can get some tcpdumps. Anyone interested in them? peloy.- Dan Ardelean wrote: > I have a problem: > With Samba 2.0.0 pre-alpha running on my Linux box. > Samba is configured to run with "domain logons = yes" so it should act like a PDC. > It really does - and i had no problem to login to my Samba domain from a normal NT workstation. > The problem is that I have also a Novell Server on my network so I want to use the Novell Client for Windows NT > After installing the Novell Client if I try to login to the Samba domain I get the dead blue screen telling me that > "Windows Logon Process Terminated Unexpectendly ... System Shutdown". > But in the same conditions in I try to login to a domain which has a PDC running Windows NT Server ( not Samba ) it works. > So, I think Samba does not behave exactlt like a Windows NT Server PDC. > I did some search on the earlier messages in this list ( i'm kind of new here ... ) and what I found was: > >>Message-Id: <199808061104.NAA12069@mail.cs.up.ac.za> >>Date: Thu, 6 Aug 1998 13:01:57 +0200 (GMT) >>From: louis.botha@cs.up.ac.za >>Subject: Novell IntraNetware Client & PDC crashes >>To: samba-ntdom@samba.anu.edu.au > >>Hello all, > >>We are in the unfortunate position that we are forced to use the >>IntraNetware client from Novell. Don't ask why - it's a long story :) > >>The client behaves rather strangely. From the samba logs it seems that >>when a user logs into the domain, the authentication works, the user >>registry is read and the files in the profile directories are read. >>The client then tries to execute an illegal instruction and the entire >>NT box crashes. Oh joy. > >>The client does not crash when I connect to a real NT PDC. If I >>uninstall the Intranetware client, I can log in successfully using a >>Samba PDC. > >>Does anyone have any idea why this might happen when I switch to a >>Samba PDC? > >>Regards, >>Louis > >>-- >>----------------------------------------------------------------------- >>Louis Botha Computer Science Department >>louis.botha@cs.up.ac.za University of Pretoria >>Tel: +27-12-420-3617 Pretoria >>Cell: +27-82-924-4616 South Africa >>http://www.cs.up.ac.za/~lbotha >>----------------------------------------------------------------------- > >>Date: Thu, 06 Aug 1998 10:21:09 -0500 >>From: Dana Canfield >>To: louis.botha@cs.up.ac.za, samba-ntdom@samba.anu.edu.au >>Subject: Re: Novell IntraNetware Client & PDC crashes > >>I can't offer any help, but I can confirm that we have the same problem. >>It is important to note that the Intranetware client *did* work back in the >>May-ish CVS's, so something has changed in Samba. Jeremy has asked me for >>a packet trace, but I don't have the right tools to do this from a thrid >>machine, and I can't figure out how to do a packet trace from the client >>machine, since it is the one that will crash. Maybe if you have a way of >>doing this, you could send a trace to jeremy and they can fix it? > >>Dana > > So it seems that some other people experienced the same problem. > Did you find any answears ? > > Thanks, > Dan > From eparis at ven.ra.rockwell.com Mon Nov 16 15:50:13 1998 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:24:42 2003 Subject: Followup of NT failing when giving permissions References: <3650282F.293D02FD@aero.upm.es> Message-ID: <72phjl$4ej$2@zeus.ven.ra.rockwell.com> This also happens with English NT SP4. The procedure to trigger the crash is this: Open "My Computer", open a hard disk and right click over a directory that is not shared. In the directory properties, Sharing tab change from "Not shared" to "Shared as". Then press the "Permissions" button and the bottom. In the "Access through Share Permissions" button press the "Add..." button. Voila! The NT Explorer has just crashed. I don't know if it is the same error you are getting because I get "Explorer.exe - Application error: The instruction at "0x778933ae" referenced memory at "0x00000098". The memory could not be "read". This is with Samba-2.0.0beta1. peloy.- Centro de Calculo wrote: > As I told in a previous message NT SP3 Spanish fails to add new (local) > users to the permissions lists of a local file/directory or to the local > registry. This seems to be because it looks by default for the users in > the domain, and then fails with Dr. Watson giving you the following > message (translated from Spanish so might be unaccurate). > > "Exception: Access Violation (0x0000005), Adress 0x778933aa" > > It's allways the same message, and happens both when you are Machine or > Domain administrator. > > I have a level 50 log (4.5Mb) and a tcpdump of it. Is anybody > interested, and if this is the case, where can I put it? > > Thank you again > Marcos Mezo > -- > --------------------- > Centro de Calculo > ETSI Aeronauticos > U.P.M. > E-mail: ccalculo@aero.upm.es > Tfno: 91-336.62.87 > -- -- Eloy A. Paris Information Technology Department Rockwell Automation Venezuela Telephone: +58-2-9432311 Fax: +58-2-9431645 From pgmtekn at algonet.se Sat Nov 14 15:13:43 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:42 2003 Subject: User lists in W95 Message-ID: <001501be0fe1$5fa10940$0300a8c0@pippi.emil.pgmt> Hello, Just thought I'd ask about this as the 2.0.0 release seems to be closing in. When I try to get the user list from my samba PDC with a W95, share dialog, it fails. From the samba log I've deduced that it is a api_samr_rpc op 0x5 to the SAMR pipe that is unsupported (quite clearly spelled out in the log). Is this an issue that is being worked on (now that userlists in USRMGR seems to be working)? I've included the failing message to the end and would be happy to send any more info that may benefit this or any other issue. I can however not fix this (or even tell what this is) as I've got no NT station to test against. By the way, now that I'm anyway writing. The system attribue in DOS, are there any plans to keep that attribute in samba? Now that explorer uses these channels/customized directories etc, that end up in the profile, and require the system attribute to work it would be handy. Best regards Michael Stockman pgmtekn-micke@algonet.se The complete message: [000] 5C 50 49 50 45 5C 00 00 01 05 00 00 03 10 00 00 "\PIPE\.. ........" [010] 00 48 00 00 00 02 00 00 00 30 00 00 00 00 00 05 ".H...... .0......" [020] 00 00 00 00 00 02 00 00 00 00 00 00 00 39 8A 4D "........ .....9.M" [030] 36 1E 3A 00 00 08 00 0A 00 F4 F1 7E 01 05 00 00 "6.:..... ...~...." [040] 00 00 00 00 00 04 00 00 00 50 00 47 00 4D 00 54 "........ .P.G.M.T" [050] 00 "." From pgmtekn at algonet.se Mon Nov 16 17:26:16 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:42 2003 Subject: VB: User lists in W95 (+system attribute?) Message-ID: <003701be1186$39b97d60$0300a8c0@pippi.emil.pgmt> Hello, First, I sent this letter two days ago but it appears to have disappeared, so I'm trying to send it again. Sorry if anyone should get this twice. Just thought I'd ask about this as the 2.0.0 release seems to be closing in. When I try to get the user list from my samba PDC with a W95, share dialog, it fails. From the samba log I've deduced that it is a api_samr_rpc op 0x5 to the SAMR pipe that is unsupported (quite clearly spelled out in the log). Is this an issue that is being worked on (now that userlists in USRMGR seems to be working)? I've included the failing message to the end and would be happy to send any more info that may benefit this or any other issue. I can however not fix this (or even tell what this is) as I've got no NT station to test against. By the way, now that I'm anyway writing. The system attribue in DOS, are there any plans to keep that attribute in samba? Now that MSIE uses these channels/customized directories etc, that end up in the profile (on samba shares), and require the system attribute to work, it would be handy. Best regards Michael Stockman pgmtekn-micke@algonet.se The complete message: [000] 5C 50 49 50 45 5C 00 00 01 05 00 00 03 10 00 00 "\PIPE\.. ........" [010] 00 48 00 00 00 02 00 00 00 30 00 00 00 00 00 05 ".H...... .0......" [020] 00 00 00 00 00 02 00 00 00 00 00 00 00 39 8A 4D "........ .....9.M" [030] 36 1E 3A 00 00 08 00 0A 00 F4 F1 7E 01 05 00 00 "6.:..... ...~...." [040] 00 00 00 00 00 04 00 00 00 50 00 47 00 4D 00 54 "........ .P.G.M.T" [050] 00 "." From jallison at cthulhu.engr.sgi.com Mon Nov 16 18:03:56 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:42 2003 Subject: smbpasswd not called suid root ?? References: <3.0.3.32.19981116132231.00753148@bioserve.biochem.latrobe.edu.au> Message-ID: <3650690C.6CB65426@engr.sgi.com> David Bannon wrote: > > Is the problem because the origional smbpasswd itself was suid and when > that changed the author put this code in to be sure that no one continued > to have it suid ? (I don't want smbpasswd suid, just to call it from a suid > binary) > Yep - I added that code when I changed my original smbpasswd binary from setuid root to non-setuid root - exactly for the reasons you mention. Writing setuid root code is *hard* - it was getting difficult to add the features I wanted to smbpasswd and keep it secure and understandable - both pre-requisites for a setuid root binary. The client-server change I added made it possible for me to make it just an ordinary binary and I jumped at the chance. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From mathewss at nutech.com Mon Nov 16 18:53:40 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:42 2003 Subject: ToDo List updates In-Reply-To: <364F722A.7DBA9DA6@uindy.edu> Message-ID: Why not add it to the footer line of the listserver.. i do that for several of my lists to keep the Q. down.. And i agree it would be nice to have it right here, But even with that said from what i have found the NTDom faq is not keeping up with the fast pace of the development. We are adding and changing a lot of parameters specifily related to domain groups and user mappings.. And this stuff needs to be kept in a doc explaining how to setup these new features as they become available so we can all test them and help feed back info on there functionality.. One example is that in the current conf we have domain admin group = domain groups = domain guest group = domain guest users = and still showing up under testparm is domain admin users = even though the faq sais it is a bad idea to use. We need a doc that specificly explains these and how they are used. And the new ones that will replace these that will do mapping from the unix groups etc to NT groups.. And how to setup that stuff. Even though the NT User manager for domains does work it still shows my "Administrator" Account exists in the group "Users" and not as a domain admin and too this day i have not been able to create a true Domain Admin account. This i assume is do to the fact that i am missing critical information to understand it or samba is just not fully supporting this yet but i dont know what it is as the doc's are not clear enough on it. From reading the faq item 4.3.1 it seems clear i should be able to make a user a domain admin yet when doing so it does not realy work I can login sure but user manager does not show me as a domain admin, and i dont have the rights i need to do many things.... Just my 2 cents werth.. hope this sparks some idears.. If you read this far thanks :c) and have a nice week. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Mon, 16 Nov 1998, Dana Canfield wrote: > I've updated the todo list (http://peng1.uindy.edu/samba/todo.html) to > the best of my knowledge. If people could take a look at it and inform > me of any errors, I'd appreciate it. > > On a separate note, I've also noticed that there are getting to be a lot > of FAQ-style questions sent to the list lately (not pointing fingers, > I've sent some obvious ones myself). Would it be worthwhile for someone > to start sending a weekly or bi-weekly message with pointers to NTDOM > FAQ, the TODO list, and the searchable list archives at MARC/PCC? If > weekly releases are going to continue, maybe it could also include the > siginificant changes for the week? Just a thought. > > Can > > > > > From jallison at cthulhu.engr.sgi.com Mon Nov 16 19:54:55 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:42 2003 Subject: smbpasswd program broken References: <17298.199811161247@subnode.quadstone.com> Message-ID: <3650830F.D29E5147@engr.sgi.com> Michael Keightley wrote: > > Just downloaded the latest version of 2.0 via cvs. When I try to add a machine > (which is in the NIS password file) using the command: > > % smbpasswd -a -m odin > > I get the error: > > User "odin" was not found in system password file. > ... > > Is it broken, or has the functionality changed? > It was (slightly) broken by the re-write. I'm checking in a fix for this as we email... Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From webber at sj.univali.rct-sc.br Mon Nov 16 23:53:37 1998 From: webber at sj.univali.rct-sc.br (Celso Kopp Webber) Date: Tue Dec 2 02:24:42 2003 Subject: Todo list: account expiration In-Reply-To: <3650830F.D29E5147@engr.sgi.com> Message-ID: Hi everybody! I was recently playing with Samba by making some NET_API calls from a Delphi application under MS-Windows. I've noticed that the information provided about the user when you make some API calls involving NET_USER_INFO3 are very limited. Information that would be useful include the user's FullName, LastLogon, Password Expiration Date, and so on. One good feature would be to integrate account information present in UNIX systems that support shadow passwords, into the NET_USER_INFO3 returned by Samba supported RPC calls. By the way, could the developers of samba point some start points for those who would like to start playing with Samba source code? This way we, interested in some nice features, could start implementing some of our preferred "todo" wishes. I think that giving a general idea of what each .c file does would be a great way of documenting the whole Samba package. Things like where user information is read and stored on the Unix side, and so on ... Sorry if I was not clear on my statements, but anyway, these are my suggestions. Regards, Celso Kopp Webber. From helmut.kaufmann at schule.at Tue Nov 17 16:25:48 1998 From: helmut.kaufmann at schule.at (Helmut Kaufmann) Date: Tue Dec 2 02:24:42 2003 Subject: subsribe Message-ID: <3651A38C.614C1298@schule.at> subsribe From hulet at ittc.ukans.edu Tue Nov 17 15:38:24 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:42 2003 Subject: DEC Alpha OSF 4.0d and gcc 2.8.1 In-Reply-To: <364D1291.8781241@engr.sgi.com> Message-ID: I did a fresh cvs checkout of Samba 2.0 Beta1 but I am unable to compile the code on a DEC Alpha OSF 4.0d. We are using gcc 2.8.1 and receive the following errors after configure and make: Using FLAGS = -g -O2 -Iinclude -I./include -I./ubiqx -I./smbwrapper -DSMBLOGFILE="/usr/system/samba/var/log.smb" -DNMBLOGFILE="/usr/system/samba/var/log.nmb" -DCONFIGFILE="/usr/system/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/system/samba/lib/lmhosts" -DSWATDIR="/usr/system/samba/swat" -DSBINDIR="/usr/system/samba/bin" -DLOCKDIR="/usr/system/samba/var/locks" -DSMBRUN="/usr/system/samba/bin/smbrun" -DCODEPAGEDIR="/usr/system/samba/lib/codepages" -DDRIVERFILE="/usr/system/samba/lib/printers.def" -DBINDIR="/usr/system/samba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/usr/system/samba/private/smbpasswd" -DSMB_PASSWD_PROGRAM="/usr/system/samba/bin/smbpasswd" Using LIBS = Compiling smbd/server.c In file included from include/includes.h:224, from smbd/server.c:22: /usr/include/sys/mount.h:491: warning: no semicolon at end of struct or union /usr/include/sys/mount.h:491: parse error before `.' /usr/include/sys/mount.h:500: parse error before `.' /usr/include/sys/mount.h:512: parse error before `}' make: *** [smbd/server.o] Error 1 Any assistance would be appreciated. From twinders at SPC.cc.tx.us Tue Nov 17 16:04:07 1998 From: twinders at SPC.cc.tx.us (Tim Winders) Date: Tue Dec 2 02:24:42 2003 Subject: DEC Alpha OSF 4.0d and gcc 2.8.1 In-Reply-To: Message-ID: Michael - Try using cc instead of gcc. I am running 4.0D and have no problems getting the current cvs code (as of 9am this morning) to compile with cc. === Tim --------------------------------------------------------------------- | Tim Winders, CNE, MCSE | Email: Tim.Winders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | | Levelland, TX 79336 | | --------------------------------------------------------------------- On Wed, 18 Nov 1998, Michael S. Hulet wrote: > I did a fresh cvs checkout of Samba 2.0 Beta1 but I am unable to compile > the code on a DEC Alpha OSF 4.0d. We are using gcc 2.8.1 and receive the > following errors after configure and make: > > Using FLAGS = -g -O2 -Iinclude -I./include -I./ubiqx -I./smbwrapper > -DSMBLOGFILE="/usr/system/samba/var/log.smb" > -DNMBLOGFILE="/usr/system/samba/var/log.nmb" > -DCONFIGFILE="/usr/system/samba/lib/smb.conf" > -DLMHOSTSFILE="/usr/system/samba/lib/lmhosts" > -DSWATDIR="/usr/system/samba/swat" -DSBINDIR="/usr/system/samba/bin" > -DLOCKDIR="/usr/system/samba/var/locks" > -DSMBRUN="/usr/system/samba/bin/smbrun" > -DCODEPAGEDIR="/usr/system/samba/lib/codepages" > -DDRIVERFILE="/usr/system/samba/lib/printers.def" > -DBINDIR="/usr/system/samba/bin" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM="/bin/passwd" > -DSMB_PASSWD_FILE="/usr/system/samba/private/smbpasswd" > -DSMB_PASSWD_PROGRAM="/usr/system/samba/bin/smbpasswd" > Using LIBS = > Compiling smbd/server.c > In file included from include/includes.h:224, > from smbd/server.c:22: > /usr/include/sys/mount.h:491: warning: no semicolon at end of struct or > union > /usr/include/sys/mount.h:491: parse error before `.' > /usr/include/sys/mount.h:500: parse error before `.' > /usr/include/sys/mount.h:512: parse error before `}' > make: *** [smbd/server.o] Error 1 > > Any assistance would be appreciated. > > > From lkcl at switchboard.net Tue Nov 17 16:50:48 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:42 2003 Subject: ALPHA-code ALERT: group database API. Message-ID: if you are not using the latest cvs code and do not intend to, please ignore this message. if you are following the SAMBA_2_0 tag, not the main-line branch, please ignore this message. if you are currently not prepared to move to the new parameters, please stay with the SAMBA_2_0 tag or with the latest stable release of samba. if you wish to try out the latest experimental code, please read on... please be advised that, as mentioned two or more weeks ago, a group database API has been added. the following (temporary) parameters have therefore been removed: "domain admin users" "domain guest users" "domain groups" "domain admin group" "domain guest group" and these have been replaced with (ALSO subject to change): "local group map" - maps SAM aliases in any domain to real unix groups "domain group map" - maps SAM groups in any domain to real unix groups note that "any domain" currently means "only the domain the SAMBA server is either a member of or responsible for". the syntax of entries is: unixgroupname [DOMAIN\]ntgroupname unixgroupname [DOMAIN\]ntaliasname where [DOMAIN\] is currently unsupported. if [DOMAIN\] is unspecified, then the default is either the domain for which the samba server is a controller (security = user) or the domain of which the samba server is a member (security = domain). "smb passgrp file" - extension to smbpasswd, allows users to be members of SAM groups and aliases. default name is: /usr/local/samba/private/smbpassgrp the syntax of entries is: username:uid:alias1, alias2, ...:group1, group2, ...: where: - username and uid match exactly with the private/smbpasswd file - groupN is either a rid (NNN or 0xXXX) or a SAM group name (NOT a unix group name ). these are ONLY supported when samba is a PDC, as when samba is a member of a domain then the private/smbpasswd and private/smbpassgrp files actually become a set of _local_ workstation accounts (a local workstation SAM database). under these circumstances (member of domain), then "domain groups" simply do not exist in the local SAM, period. the only way to get "domain groups" is to use those on the PDC, for which workstations are NOT responsible, so the issue of making a workstation responsible for "domain groups" becomes a non-issue. hm. maybe i should re-state that, but i'm sure that the ensuing debate will clarify this. - aliasN is either a SID (e.g S-1-5-20-512, S-1-5-21-x-y-z-1029) or a SAM alias name (NOT a unix group name) note that: - when a user is added to a domain group, they can only be added to a domain group in the domain, NOT a foriegn domain (that is what aliases are for). - when a user is added to a local group (alias), the full SID must be specified. aliases can then have domain groups from foriegn domains added to them. in other words, administrators are advised to become familiar with NT account management _before_ attempting to set this up. if you become familiar with SAM administration (because that's what samba is starting to support) then it will make understanding of how this maps onto UNIX a lot easier. From jallison at cthulhu.engr.sgi.com Tue Nov 17 19:36:33 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:42 2003 Subject: ALPHA-code ALERT: group database API. References: Message-ID: <3651D041.FD3DC716@engr.sgi.com> > and these have been replaced with (ALSO subject to change): > > "local group map" - maps SAM aliases in any domain to real unix groups > "domain group map" - maps SAM groups in any domain to real unix groups Hahaha - gotcha now :-). Where are the updates to the smb.conf.5.yo YODL docs documenting these parameters in the HEAD branch ? ALL new parameters now *must* be documented. WHY ? Because I'm not going through the last two weeks of documentation update hell *ever* again :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Tue Nov 17 19:42:07 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:42 2003 Subject: ALPHA-code ALERT: group database API. In-Reply-To: <3651D041.FD3DC716@engr.sgi.com> Message-ID: On Tue, 17 Nov 1998, Jeremy Allison wrote: > > and these have been replaced with (ALSO subject to change): > > > > "local group map" - maps SAM aliases in any domain to real unix groups > > "domain group map" - maps SAM groups in any domain to real unix groups > > Hahaha - gotcha now :-). Where are the updates to the smb.conf.5.yo > YODL docs documenting these parameters in the HEAD branch ? ooops! > ALL new parameters now *must* be documented. > > WHY ? Because I'm not going through the last two weeks > of documentation update hell *ever* again :-). all right, sounds fair. i'll take it! From is04797 at salleURL.edu Tue Nov 17 20:55:16 1998 From: is04797 at salleURL.edu (=?iso-8859-1?Q?V=EDctor_Pons_Colomer?=) Date: Tue Dec 2 02:24:42 2003 Subject: Encrypted PWD Message-ID: Hi, people, I have a little (or not) question... Here is the scene: We have a network with 2 HP, 2 UltraSparc and 3 linux, all off them using samba 1.9.18. All my users uses to mount their home from their 95/NT boxes. Now, we have set a local net with NT boxes, routed with a debian Linux to the big net and internet. My problem is that whe need to use NT Domain logons and system policies, but they can mount our debian router homes trough these NT boxes, but not the other servers on the net homes (Hp's, etc...) as they are not using encrypted pwd. Is there any way to send encrypted pwd to use domain logons, and plain pwd to mount shared homes on the other net ? Or maybe other ideas? Setting encrypted pwd on the Hp's and other is not the solution as we are using NIS. Thanx!! ----------------------------------------------------------------------------- Viktu Pons Colomer Col.laborador del Centre de Serveis Inform?tics CSI Department of Computer Science Escola d'Enginyeria la Salle Telf: 07 972026 Universitat Ramon Llull E-mail: viktu@salleURL.edu C/ Balmes 1 viktu@grn.es 17144- Colomers (GIRONA) ----------------------------------------------------------------------------- From chenriq at homeshopping.com.br Tue Nov 17 19:59:32 1998 From: chenriq at homeshopping.com.br (CHENRIQUE) Date: Tue Dec 2 02:24:42 2003 Subject: make problem with Samba2Beta1 and SunOS4.1.4 Message-ID: <19981117195913Z12613773-7353+263@samba.anu.edu.au> I had a problem in make process of Samba2.0.0Beta1. I am using gcc 2.8.1, SunOS 4.1.4 in a sparcStation 5, and the error message was: ... ... ... Compiling rpcclient/cmd_netlogon.c rpcclient/cmd_netlogon.c: In function `cmd_netlogon_login_test': rpcclient/cmd_netlogon.c:78: warning: assignment makes pointer from integer with out a cast Linking bin/rpcclient Compiling utils/smbpasswd.c utils/smbpasswd.c: In function `get_pass': utils/smbpasswd.c:184: warning: assignment makes pointer from integer without a cast utils/smbpasswd.c: In function `process_root': utils/smbpasswd.c:285: `optarg' undeclared (first use in this function) utils/smbpasswd.c:285: (Each undeclared identifier is reported only once utils/smbpasswd.c:285: for each function it appears in.) utils/smbpasswd.c:318: `optind' undeclared (first use in this function) utils/smbpasswd.c: In function `process_nonroot': utils/smbpasswd.c:447: `optarg' undeclared (first use in this function) utils/smbpasswd.c:466: `optind' undeclared (first use in this function) *** Error code 1 make: Fatal error: Command failed for target `utils/smbpasswd.o' ----------------------------------------------------- TIA, Henrique. From todd at edge.cis.McMaster.CA Wed Nov 18 00:00:25 1998 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:24:42 2003 Subject: smbpasswd -j option and smb.conf In-Reply-To: Message-ID: Here is something to add to the low priority section of the todo list... This is just a minor annoyance and is easily worked around, but the '-j' option to smbpasswd requires that the 'password server' list be in the top level smb.conf file (ie. it can not be in an included file). # smbpasswd -j MYDOMAIN No password server list given in smb.conf - unable to join domain. -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From peter at cs.curtin.edu.au Wed Nov 18 01:50:58 1998 From: peter at cs.curtin.edu.au (Peter Duff) Date: Tue Dec 2 02:24:42 2003 Subject: make problem with Samba2Beta1 and SunOS4.1.4 References: <19981117195913Z12613773-7353+263@samba.anu.edu.au> Message-ID: <199811180950580930.03F25834@bikeadm.cs.curtin.edu.au> Yep, I had that problem too, and my quick and dirty solution was to put extern references in the offending c files. (straight out the sunos 414 getopt() man pages) ... extern char *optarg; extern int optind; that seemed to fix the problem, though the fix is quite ugly. Hope this solves your problem! On 11/18/98, at 5:56 AM, CHENRIQUE wrote: >I had a problem in make process of Samba2.0.0Beta1. >I am using gcc 2.8.1, SunOS 4.1.4 in a sparcStation 5, and the error >message was: > >.. >.. >.. >Compiling rpcclient/cmd_netlogon.c >rpcclient/cmd_netlogon.c: In function `cmd_netlogon_login_test': >rpcclient/cmd_netlogon.c:78: warning: assignment makes pointer from integer >with out a cast >Linking bin/rpcclient >Compiling utils/smbpasswd.c >utils/smbpasswd.c: In function `get_pass': >utils/smbpasswd.c:184: warning: assignment makes pointer from integer >without a cast >utils/smbpasswd.c: In function `process_root': >utils/smbpasswd.c:285: `optarg' undeclared (first use in this function) >utils/smbpasswd.c:285: (Each undeclared identifier is reported only once >utils/smbpasswd.c:285: for each function it appears in.) >utils/smbpasswd.c:318: `optind' undeclared (first use in this function) >utils/smbpasswd.c: In function `process_nonroot': >utils/smbpasswd.c:447: `optarg' undeclared (first use in this function) >utils/smbpasswd.c:466: `optind' undeclared (first use in this function) >*** Error code 1 >make: Fatal error: Command failed for target `utils/smbpasswd.o' > >----------------------------------------------------- > >TIA, > >Henrique. > > > *********** END FORWARDED MESSAGE *********** Regards, Peter Duff Sysadmin School of Computing Curtin University, Perth WA. 9266 2986 peter@cs.curtin.edu.au From D.Bannon at latrobe.edu.au Wed Nov 18 03:48:04 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:42 2003 Subject: configure, funny directories ?? In-Reply-To: <199811180950580930.03F25834@bikeadm.cs.curtin.edu.au> References: <19981117195913Z12613773-7353+263@samba.anu.edu.au> Message-ID: <3.0.3.32.19981118144804.007658ac@bioserve.biochem.latrobe.edu.au> I just pulled down the main cvs and ran configure, it seems (to me) to make a Makefile that will place the samba stuff in the wrong dir. Thus : prefix=/usr/local exec_prefix=${prefix} mandir=${prefix}/man INSTALL_BIN=$(exec_prefix)/bin INSTALL_MAN=$(prefix)/man ..... BASEDIR=/usr/local BINDIR = ${exec_prefix}/bin SBINDIR = ${exec_prefix}/sbin LIBDIR = ${exec_prefix}/lib VARDIR = $(BASEDIR)/var MANDIR = ${prefix}/man Makefile.in has BASEDIR=@prefix@ not BASEDIR=@prefix@/samba !! A decision has not been made to put binaries in /usr/local/bin and so on has it ?? If so, I don't like it, I prefer the traditional /usr/local/samba/bin with all the other samba stuff under ~/samba . Or is this a configure problem (hope so) ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From caesmb at lab2.cc.wmich.edu Wed Nov 18 13:11:20 1998 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:24:42 2003 Subject: Todo list: account expiration In-Reply-To: Message-ID: > By the way, could the developers of samba point some start points >for those who would like to start playing with Samba source code? This way >we, interested in some nice features, could start implementing some of our >preferred "todo" wishes. I think that giving a general idea of what each >c file does would be a great way of documenting the whole Samba >package. Things like where user information is read and stored on the Unix >side, and so on ... I'd like to second this... There are a couple wishes that I would we willing to code (especially with mas break coming up), but to just jump into the source and try and figure out what is going on is at this point incredibly overwhelming. Kevin From jeffh at streek.com Wed Nov 18 16:43:05 1998 From: jeffh at streek.com (Jeff Hahn) Date: Tue Dec 2 02:24:42 2003 Subject: Problems joining Samba-2.0.0Beta1 to NT 3.51SP5 Domain Message-ID: <00b401be1312$8424dce0$1e0a5ad1@singsing.streek.com> I'm having a real problem trying to get started with Security=domain following are the "interesting" lines from smbpasswd -j KCHOMECARE -r ELVIS -D 10 It appears as if the authentication is successful, but smbpasswd doesn't think so. Any help would be greatly appreciated! -Jeff bind_rpc_pipe: searching pipe name: client:\PIPE\lsarpc server:\PIPE\lsass bind_rpc_pipe: searching pipe name: client:\PIPE\samr server:\PIPE\lsass bind_rpc_pipe: searching pipe name: client:\PIPE\NETLOGON server:\PIPE\lsass bind_rpc_pipe: server pipe_name found: \PIPE\lsass bind_rpc_pipe: accepted! cli_net_req_chal: LSA Request Challenge from ELVIS to ACE: xxxxxxxxxx ................. cred_session_key clnt_chal: xxxxxxxxxxxxxxxxxxxx srv_chal : aaaaaaaaaaaaaaaaaa clnt+srv : bbbbbbbbbbbbbbbbbb sess_key : yyyyyyyyyyyyyyyyyyyy cred_create sess_key : yyyyyyyyyyyyyyyyyyyy stor_cred: xxxxxxxxxxxxxxxxxxxx timestamp: 0 timecred : xxxxxxxxxxxxxxxxxxxx calc_cred: zzzzzzzzzzzzzzzzz cli_net_auth2: srv:\\ELVIS acct:ACE$ sc:2 mc: ACE chal zzzzzzzzzzzzzzzz neg: 1ff ................. cred_create sess_key : zzzzzzzzzzzzzzzzz stor_cred: aaaaaaaaaaaaaaaaa timestamp: 0 timecred : aaaaaaaaaaaaaaaaaa calc_cred: 445015BD14E4CA9B cred_assert challenge : 445015BD14E4CA9B calculated: 445015BD14E4CA9B credentials check ok cli_net_auth2: error neg_flags (q,r) differ - (1ff,ff) cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine ELVIS. Error was : code 0. .................. 1998/11/18 09:56:34 : change_trust_account_password: Failed to change password for domain KCHOMECARE. From caesmb at lab2.cc.wmich.edu Wed Nov 18 19:20:59 1998 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:24:42 2003 Subject: Quotas in RedHat 5.2 Message-ID: This was posted a little while ago: ------ As I have no root-access to the other systems for which code exists in quotas.c I would like if other could confirm/deny if the code works on these systems. The OS's in question are LINUX, CRAY, SunOS-4, OSF1, IRIX 6.2, AIX, HPUX, FreeBSD & OpenBSD. ------ I've followed the steps to getting quotas going in Linux as documented in the Quota Mini-HOWTO. However, the auto configure for samba produces: checking whether to support disk-quotas... no Has anyone else had any luck with this under Linux? Just a side note, in case I really have something messed up, the "quota" command does not report any quotas for me, but the "repquota" command does. I might have something missing. What does autoconf look for in enabling quota support? Kevin From svedja at lysator.liu.se Wed Nov 18 22:51:54 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:42 2003 Subject: Quotas in RedHat 5.2 In-Reply-To: Message-ID: The (Auto)configure defaults NOT to use quotas automaticly. Most people have no need for the code. if you invoke "configure" with "configure --with-quotas=yes" for example, it will compile in the disk-quota code. If your system (Linux that is) is properly set up, it will hopefully work and reflect on the disk-size and space reported on Windows-side mounted shares. if you write "configure --help" you will find other usefull flags and their defaults. Samba & quotas has been reported to work on Linux too btw. Dejan On Thu, 19 Nov 1998, CAE Samba Admin wrote: > I've followed the steps to getting quotas going in Linux as documented in > the Quota Mini-HOWTO. However, the auto configure for samba produces: > > checking whether to support disk-quotas... no > > Has anyone else had any luck with this under Linux? Just a side note, in > case I really have something messed up, the "quota" command does not > report any quotas for me, but the "repquota" command does. I might have > something missing. What does autoconf look for in enabling quota support? > > Kevin From yoda at mind.net Thu Nov 19 04:53:41 1998 From: yoda at mind.net (Jesse Nelson) Date: Tue Dec 2 02:24:42 2003 Subject: Problems joining Samba-2.0.0Beta1 to NT 3.51SP5 Domain References: <00b401be1312$8424dce0$1e0a5ad1@singsing.streek.com> Message-ID: <3653A455.BC1AE949@mind.net> I am having this problem (similar ) when I run smbpasswd -j XUMA i get doing parameter syslog = 5 doing parameter syslog only = Yes doing parameter announce version = doing parameter announce as = win95 doing parameter os level = 65 doing parameter lm announce = True doing parameter socket address = 208.192.215.165 doing parameter hosts allow = localhost, 208.192.215.0/255.255.255.192 pm_process() returned Yes load_client_codepage: loading codepage 850. do_reseed: got 40 bytes from /dev/random. resolve_name: Attempting lmhosts lookup for name TRIPPER startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_name: Attempting host lookup for name TRIPPER Connecting to 208.192.215.164 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 1 size=1 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 modify_trust_password: machine TRIPPER rejected the session setup. Error was : code 131. 1998/11/18 20:49:30 : change_trust_account_password: Failed to change password for domain XUMA. Unable to join domain XUMA. Jeff Hahn wrote: > I'm having a real problem trying to get started with Security=domain > > following are the "interesting" lines from smbpasswd -j KCHOMECARE -r > ELVIS -D 10 > > It appears as if the authentication is successful, but smbpasswd doesn't > think so. > > Any help would be greatly appreciated! > > -Jeff > > bind_rpc_pipe: searching pipe name: client:\PIPE\lsarpc > server:\PIPE\lsass > bind_rpc_pipe: searching pipe name: client:\PIPE\samr server:\PIPE\lsass > bind_rpc_pipe: searching pipe name: client:\PIPE\NETLOGON > server:\PIPE\lsass > bind_rpc_pipe: server pipe_name found: \PIPE\lsass > bind_rpc_pipe: accepted! > cli_net_req_chal: LSA Request Challenge from ELVIS to ACE: xxxxxxxxxx > ................ > cred_session_key > clnt_chal: xxxxxxxxxxxxxxxxxxxx > srv_chal : aaaaaaaaaaaaaaaaaa > clnt+srv : bbbbbbbbbbbbbbbbbb > sess_key : yyyyyyyyyyyyyyyyyyyy > cred_create > sess_key : yyyyyyyyyyyyyyyyyyyy > stor_cred: xxxxxxxxxxxxxxxxxxxx > timestamp: 0 > timecred : xxxxxxxxxxxxxxxxxxxx > calc_cred: zzzzzzzzzzzzzzzzz > cli_net_auth2: srv:\\ELVIS acct:ACE$ sc:2 mc: ACE chal zzzzzzzzzzzzzzzz > neg: 1ff > ................ > cred_create > sess_key : zzzzzzzzzzzzzzzzz > stor_cred: aaaaaaaaaaaaaaaaa > timestamp: 0 > timecred : aaaaaaaaaaaaaaaaaa > calc_cred: 445015BD14E4CA9B > cred_assert > challenge : 445015BD14E4CA9B > calculated: 445015BD14E4CA9B > credentials check ok > cli_net_auth2: error neg_flags (q,r) differ - (1ff,ff) > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > ELVIS. > Error was : code 0. > ................. > 1998/11/18 09:56:34 : change_trust_account_password: Failed to change > password for domain KCHOMECARE. From chenriq at homeshopping.com.br Thu Nov 19 13:09:56 1998 From: chenriq at homeshopping.com.br (Carlos Henrique) Date: Tue Dec 2 02:24:42 2003 Subject: make problem with Samba2Beta1 and SunOS4.1.4 Message-ID: <19981119132034Z12616990-26631+821@samba.anu.edu.au> > Yep, I had that problem too, and my quick and dirty solution was > to > put extern references in the offending c files. > (straight out the sunos 414 getopt() man pages) > ... > extern char *optarg; > extern int optind; > > that seemed to fix the problem, though the fix is quite ugly. > > > Hope this solves your problem! > >> From: CHENRIQUE >> To: samba-ntdom@samba.anu.edu.au >> Subject: make problem with Samba2Beta1 and SunOS4.1.4 >> Date: Ter?a-feira, 17 de Novembro de 1998 17:59 >> >> I had a problem in make process of Samba2.0.0Beta1. >> I am using gcc 2.8.1, SunOS 4.1.4 in a sparcStation 5, and >>the error >> message was: ... Thank you ! It works! I wrote that two lines on the top of smbpasswd.c program and the problem was solved. But, I think that it is a little bug, isn't it? [] Henrique From chenriq at homeshopping.com.br Thu Nov 19 13:18:58 1998 From: chenriq at homeshopping.com.br (Carlos Henrique) Date: Tue Dec 2 02:24:42 2003 Subject: REPOST : -Re: nt password changing now works. Message-ID: <19981119132916Z12618383-23005+849@samba.anu.edu.au> I have this problem too, and I haven't any idea. Anyone have the solution? TIA. Henrique > > [Amol wrote:] > > > hmm, i did both....still doesnt work. > > > > > > added "migrate passwords = yes" and testparm complained about it being > > > an unknown parameter. > > > > > > then i did a smbpasswd on my username, and changed my password. > > > logged onto the the nt4.0 machine and tried the change my password, > > > still gives the same error. > > > > > > "[1998/10/22 15:07:35, 0] smbd/chgpasswd.c:(737) > > > check_oem_password: old lm password doesn't match" > > > > > > what am i doing wrong here? > > [I wrote:] > > > > Yes, I'm seeing exactly the same problem, even if I begin with a > > freshly created account. > Hmmm, however, I can change a non-null password to a null password > via ctl-alt-del. > Matthew From dave at www.buffalostate.edu Thu Nov 19 13:40:53 1998 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:24:42 2003 Subject: Quotas in RedHat 5.2 In-Reply-To: Message-ID: > I've followed the steps to getting quotas going in Linux as documented in > the Quota Mini-HOWTO. However, the auto configure for samba produces: Did you make sure you mount the partition you want with quotas, with the "usrquota" option in /etc/fstab?? > Has anyone else had any luck with this under Linux? Just a side note, in > case I really have something messed up, the "quota" command does not > report any quotas for me, but the "repquota" command does. I might have > something missing. What does autoconf look for in enabling quota support? the missing mount option causes "quota" to not give any info. Dave From firicddb at sp.zrz.tu-berlin.de Fri Nov 20 10:28:03 1998 From: firicddb at sp.zrz.tu-berlin.de (Tito Figueroa) Date: Tue Dec 2 02:24:42 2003 Subject: unix password sync Message-ID: <36554433.E1CA8E28@sp.zrz.tu-berlin.de> Hi all, I cannot change a user's samba password from a Windows NT 4.0 SP3 client when "unix password sync = True". Any ideas what/where I screwed up? AtDhVaAnNkCsE - Samba version 2.0.0 beta 1 on a RedHat5.1(SuSE5.3 too) - global section of the smb.conf contains, amongst other things, : encrypt passwords = yes unix password sync = true passwd chat debug = True passwd program = /usr/bin/passwd %u passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n ---machine.log----- [1998/11/15 18:14:14, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 321) [1998/11/15 18:14:14, 3] smbd/ipc.c:reply_trans(3573) trans <\PIPE\> data=1216 params=0 setup=2 [1998/11/15 18:14:14, 3] smbd/ipc.c:named_pipe(3428) named pipe command on <> name [1998/11/15 18:14:14, 3] smbd/ipc.c:api_fd_reply(3216) Got API command 0x26 on pipe "samr" (pnum 7027)api_pipe_request: **** MUST CALL become_user() HERE **** [1998/11/15 18:14:14, 3] rpc_server/srv_pipe.c:api_pipe_request(603) Doing \PIPE\samr [1998/11/15 18:14:14, 3] rpc_server/srv_pipe.c:api_rpc_command(675) api_rpc_command: SAMR_CHGPASSWD_USER [1998/11/15 18:14:14, 3] smbd/chgpasswd.c:chgpasswd(381) Password change for user: tfr [1998/11/15 18:14:14, 3] smbd/chgpasswd.c:findpty(90) pty: try to open ptya0, line was /dev/ptyXX [1998/11/15 18:14:14, 3] smbd/chgpasswd.c:findpty(94) pty: opened /dev/ptya0 [1998/11/15 18:14:14, 3] smbd/chgpasswd.c:chat_with_program(360) Dochild for user tfr (uid=0,gid=0) [1998/11/15 18:14:15, 3] smbd/chgpasswd.c:talktochild(279) response 3 incorrect [1998/11/15 18:14:15, 3] smbd/chgpasswd.c:chat_with_program(321) Child failed to change password: tfr [1998/11/15 18:14:15, 3] smbd/process.c:process_smb(565) Transaction 8 of length 46 [1998/11/15 18:14:15, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 321) [1998/11/15 18:14:25, 3] lib/util.c:ChDir(653) chdir to / Thank?s Tito Figueroa From lkcl at switchboard.net Fri Nov 20 11:28:03 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:42 2003 Subject: Todo list: account expiration In-Reply-To: Message-ID: love to see this happen... On Thu, 19 Nov 1998, CAE Samba Admin wrote: > > > By the way, could the developers of samba point some start points > >for those who would like to start playing with Samba source code? This way > >we, interested in some nice features, could start implementing some of our > >preferred "todo" wishes. I think that giving a general idea of what each > >c file does would be a great way of documenting the whole Samba > >package. Things like where user information is read and stored on the Unix > >side, and so on ... > > I'd like to second this... There are a couple wishes that I would > we willing to code (especially with mas break coming up), but to just jump > into the source and try and figure out what is going on is at this point > incredibly overwhelming. > > Kevin > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Fri Nov 20 11:43:03 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:42 2003 Subject: Problems joining Samba-2.0.0Beta1 to NT 3.51SP5 Domain In-Reply-To: <00b401be1312$8424dce0$1e0a5ad1@singsing.streek.com> Message-ID: as a hack, grep code for "client flags differ" take out the failure code. On Thu, 19 Nov 1998, Jeff Hahn wrote: > I'm having a real problem trying to get started with Security=domain > > following are the "interesting" lines from smbpasswd -j KCHOMECARE -r > ELVIS -D 10 > > It appears as if the authentication is successful, but smbpasswd doesn't > think so. > > Any help would be greatly appreciated! > > -Jeff > > > bind_rpc_pipe: searching pipe name: client:\PIPE\lsarpc > server:\PIPE\lsass > bind_rpc_pipe: searching pipe name: client:\PIPE\samr server:\PIPE\lsass > bind_rpc_pipe: searching pipe name: client:\PIPE\NETLOGON > server:\PIPE\lsass > bind_rpc_pipe: server pipe_name found: \PIPE\lsass > bind_rpc_pipe: accepted! > cli_net_req_chal: LSA Request Challenge from ELVIS to ACE: xxxxxxxxxx > ................ > cred_session_key > clnt_chal: xxxxxxxxxxxxxxxxxxxx > srv_chal : aaaaaaaaaaaaaaaaaa > clnt+srv : bbbbbbbbbbbbbbbbbb > sess_key : yyyyyyyyyyyyyyyyyyyy > cred_create > sess_key : yyyyyyyyyyyyyyyyyyyy > stor_cred: xxxxxxxxxxxxxxxxxxxx > timestamp: 0 > timecred : xxxxxxxxxxxxxxxxxxxx > calc_cred: zzzzzzzzzzzzzzzzz > cli_net_auth2: srv:\\ELVIS acct:ACE$ sc:2 mc: ACE chal zzzzzzzzzzzzzzzz > neg: 1ff > ................ > cred_create > sess_key : zzzzzzzzzzzzzzzzz > stor_cred: aaaaaaaaaaaaaaaaa > timestamp: 0 > timecred : aaaaaaaaaaaaaaaaaa > calc_cred: 445015BD14E4CA9B > cred_assert > challenge : 445015BD14E4CA9B > calculated: 445015BD14E4CA9B > credentials check ok > cli_net_auth2: error neg_flags (q,r) differ - (1ff,ff) > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > ELVIS. > Error was : code 0. > ................. > 1998/11/18 09:56:34 : change_trust_account_password: Failed to change > password for domain KCHOMECARE. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From barth at cck.uni-kl.de Fri Nov 20 13:01:41 1998 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:24:42 2003 Subject: unix password sync In-Reply-To: <36554433.E1CA8E28@sp.zrz.tu-berlin.de> Message-ID: <9811201205.AA07814@cckipc2.cck.uni-kl.de.cck.uni-kl.de> Hello! Just some small hints: > I cannot change a user's samba password from a Windows NT 4.0 SP3 client > > when "unix password sync = True". Any ideas what/where I screwed > up? Can you change your both passwords in sync with smbpasswd form unix? > > - Samba version 2.0.0 beta 1 on a RedHat5.1(SuSE5.3 too) Are you using PAM. PAM can have very strict rules about neu (unix) passwords. E.g. Changeing between to passwords as a test doesn't work. And you don't get the PAM-Massages through samba. Try really different, really good passswords. > - global section of the smb.conf contains, amongst other things, : > > encrypt passwords = yes > unix password sync = true > passwd chat debug = True You need debug level = 100 to take this effekt. You should see your passwd chat in the logs then. > passwd program = /usr/bin/passwd %u > passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n Isn't here missing something, that reflects the sucessfull change? I use: passwd chat = *New*password* %n\n *new*password* %n\n *updated\ssuccessfully* Hope this helps a bit Christian _____________________________________________________________ Dipl.-Wirtsch.-Ing. Christian Barth Universitaet Kaiserslautern Lehrstuhl fuer Fertigungstechnik und Betriebsorganisation Abteilung Fertigungstechnologie Raum 42/472 Postfach 3049 67655 Kaiserslautern Telefon 0631/205-2872 Telefax 0631/205-3238 email barth@cck.uni-kl.de From heinig at hdz-ima.rwth-aachen.de Fri Nov 20 11:51:28 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:42 2003 Subject: Todo list: account expiration References: Message-ID: <365557C0.945227B6@hdz-ima.rwth-aachen.de> Luke Kenneth Casson Leighton wrote: > love to see this happen... > > > > > By the way, could the developers of samba point some start points > > >for those who would like to start playing with Samba source code? This way > > >we, interested in some nice features, could start implementing some of our > > >preferred "todo" wishes. > > > > I'd like to second this... There are a couple wishes that I would > > we willing to code (especially with mas break coming up), but to just jump > > into the source and try and figure out what is going on is at this point > > incredibly overwhelming. I'd like to take this opportunity to ask the members of this list if there's anyone working on the NIS+ interaction/authentication stuff. I'm especially interested in this feature and have a bit of time on my hands the next month or so for a bit of coding. If anybody has any hacks, nice bits of code, if there are any NIS+ gurus out there willing to share ideas, please, drop me a mail. Thanks Gerald From lkcl at switchboard.net Fri Nov 20 12:57:26 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:42 2003 Subject: Todo list: account expiration In-Reply-To: <365557C0.945227B6@hdz-ima.rwth-aachen.de> Message-ID: please, someone needs to work on passdb/nispass.c, please feel free to go for it. recommend samba-technical as a forum. no, i don't have NIS+ or any experience with it else i'd do it myself. expected code development for nispass.c: 2,000 to 2,500 lines.once you're done there i can try to cut/paste to start a groupnisplus.c, and you could take it from there. luke > I'd like to take this opportunity to ask the members of this list if there's > anyone working on the NIS+ interaction/authentication stuff. I'm especially > interested in this feature and have a bit of time on my hands the next month or > so for a bit of coding. If anybody has any hacks, nice bits of code, if there > are any NIS+ gurus out there willing to share ideas, please, drop me a mail. > > Thanks > > Gerald > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From alex at targeting.co.uk Fri Nov 20 16:15:05 1998 From: alex at targeting.co.uk (Alex Knowles) Date: Tue Dec 2 02:24:42 2003 Subject: [ot] swat Message-ID: <615CAC0140CED111AF1500805FEDDB8A0D3AB0@ns.new-mediacom.co.uk> I'm sorry to post this here, but I'm trying to set up samba 2.0beta, and I've installed swat but it won't accept my root passwd, what am i doing wrong? ta al From jallison at cthulhu.engr.sgi.com Fri Nov 20 18:01:46 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:42 2003 Subject: Todo list: account expiration References: <365557C0.945227B6@hdz-ima.rwth-aachen.de> Message-ID: <3655AE8A.F6C197F9@engr.sgi.com> Gerald Heinig wrote: > > I'd like to take this opportunity to ask the members of this list if there's > anyone working on the NIS+ interaction/authentication stuff. I'm especially > interested in this feature and have a bit of time on my hands the next month or > so for a bit of coding. If anybody has any hacks, nice bits of code, if there > are any NIS+ gurus out there willing to share ideas, please, drop me a mail. > That would be great ! Currently I think the NIS+ code in Samba2.0 and the HEAD branch is broken and needs someone to maintain it on a long term basis. If you take on the job we could maybe offer you a really cool T-shirt and lots of email grief :-) :-). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From chenriq at homeshopping.com.br Fri Nov 20 18:04:53 1998 From: chenriq at homeshopping.com.br (Carlos Henrique) Date: Tue Dec 2 02:24:42 2003 Subject: Problem with NT Wkst changing password Message-ID: <19981120180834Z12621414-26463+1185@samba.anu.edu.au> Hi, I noticed that some peoples are having problem with Samba PDC password changing from a NT Wkst. I have this problem too, and i sended a mail in this list about it, but I didn't receive a answer. I readed a lot of mails, docs and faqs. I tried several options in smb.conf file. I have the files log.smb, log.nmb and log.machine for every options, using log level 1, 10 and 100. I used snoop sniffer of Solaris and get a trace of packets, but they didn't say anything to me. I didn't send this files to here because they are very large. Anyone can help me? Thank you. From harald at penti.sit.fi Fri Nov 20 18:14:49 1998 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:42 2003 Subject: "domain admin group" Message-ID: I am not shure wether I have this right or not: If I add myself to the 'domain admin group', I should get local admin rights on the win95 box I use. Right? I took system policies in use to prevent users from messing with the clients, but the problem is, if I don't configure a policy for myself, I cannot run regedit or any other util that I have disabled in poledit. I would like to be able to logon to the domain and get admin rights of the local win-machine. This only for windows 95/98 for now. Shouldn't I get all rights on the local machine if I belong to 'domain admin group'? I noticed in a mail from Luke Kenneth Casson Leighton on Thu 5 Nov, that the 'domain admin group' param is going away, but I haven't seen anything about it in the doco. Anywhere.. How about this? If people could reply to me how they have managed to get this working, it could write some kind of mini-howto. =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From canfield at uindy.edu Fri Nov 20 18:21:21 1998 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:42 2003 Subject: Numbering scheme Message-ID: <3655B321.546B7C0D@uindy.edu> Sorry if this is a dumb question, but I had planned to try to document changes between pre-releases at the todo-list site (I've seen quite a few messages to the list saying "did anything change from alpha XX to alpha YY?"), but I'm confused about the release numbering. Alpha 16 & Beta 1 were both released on Nov. 10, and and then Alpha 17 appeared on Nov. 17th. I realize that the weekly builds that are numbered Alpha are probably automatic builds, but where do they fit in to the scheme of things with regards to the betas, etc. Is it something where the "beta" tarballs are in a feature freeze, and the alpha tarballs are still free-for-alls (in which case, shouldn't they be 2.1.1prealpha or 2.0.1 or something)? Or is it that the betas are just cleaned up versions of the weekly alphas,? Thanks From jallison at cthulhu.engr.sgi.com Fri Nov 20 18:50:51 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:42 2003 Subject: Numbering scheme References: <3655B321.546B7C0D@uindy.edu> Message-ID: <3655BA0B.8BBFF893@engr.sgi.com> Dana Canfield wrote: > > Sorry if this is a dumb question, but I had planned to try to document > changes between pre-releases at the todo-list site (I've seen quite a > few messages to the list saying "did anything change from alpha XX to > alpha YY?"), but I'm confused about the release numbering. Alpha 16 & > Beta 1 were both released on Nov. 10, and and then Alpha 17 appeared on > Nov. 17th. I realize that the weekly builds that are numbered Alpha are > probably automatic builds, but where do they fit in to the scheme of > things with regards to the betas, etc. Is it something where the > "beta" tarballs are in a feature freeze, and the alpha tarballs are > still free-for-alls (in which case, shouldn't they be 2.1.1prealpha or > 2.0.1 or something)? Or is it that the betas are just cleaned up > versions of the weekly alphas,? Alpha 17 was a mistake - Andrew has now turned off the auto-alpha generation. The betas are going out from the 2.0 branch, the auto alphas were going out from HEAD. I'll change the version in the HEAD branch to be 2.1alpha. so any new alphas from the HEAD will be 2.1alphaX. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From todd at edge.cis.McMaster.CA Fri Nov 20 19:55:01 1998 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:24:42 2003 Subject: password change problem Message-ID: I'm using samba-2.0.0beta1. When trying to change a password as a non-root user with smbpasswd I get the following message from smbpasswd: machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. and the following message in log.smb: [1998/11/20 14:36:49, 0] smbd/chgpasswd.c:check_oem_password(684) check_oem_password: incorrect password length (1780921600). Whoa! I didn't type that many characters in my password! :-) Is this a known problem? Is there a fix in a later alpha? -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From chenriq at homeshopping.com.br Fri Nov 20 20:24:41 1998 From: chenriq at homeshopping.com.br (Carlos Henrique) Date: Tue Dec 2 02:24:42 2003 Subject: password change problem Message-ID: <19981120202349Z12610125-7353+1193@samba.anu.edu.au> > I'm using samba-2.0.0beta1. > > When trying to change a password as a non-root user with smbpasswd I get > the following message from smbpasswd: > > machine 127.0.0.1 rejected the password change: Error was : The specified > password is invalid. > > and the following message in log.smb: > > [1998/11/20 14:36:49, 0] smbd/chgpasswd.c:check_oem_password(684) > check_oem_password: incorrect password length (1780921600). > > Whoa! I didn't type that many characters in my password! :-) > > Is this a known problem? Is there a fix in a later alpha? > > -- > Todd Pfaff \ Email: pfaff@mcmaster.ca > Computing and Information Services \ Voice: (905) 525-9140 x22920 > ABB 132 \ FAX: (905) 528-3773 > McMaster University \ > Hamilton, Ontario, Canada L8S 4M1 \ Have you "unix password sync = yes" in smb.conf file? Have you any limit for unix passwords? If the answer is yes for these questions, it's the problem. Else... I don't know...(I have similar problem). From skeet at Bridgewater.EDU Fri Nov 20 20:31:06 1998 From: skeet at Bridgewater.EDU (Douglas K. Fischer) Date: Tue Dec 2 02:24:43 2003 Subject: password change problem In-Reply-To: Message-ID: On Sat, 21 Nov 1998, Todd Pfaff wrote: > I'm using samba-2.0.0beta1. > > When trying to change a password as a non-root user with smbpasswd I get > the following message from smbpasswd: > > machine 127.0.0.1 rejected the password change: Error was : The specified > password is invalid. > > and the following message in log.smb: > > [1998/11/20 14:36:49, 0] smbd/chgpasswd.c:check_oem_password(684) > check_oem_password: incorrect password length (1780921600). > > Whoa! I didn't type that many characters in my password! :-) > > Is this a known problem? Is there a fix in a later alpha? I've run across the same problem in 1.9.18p10 (see postings to samba-technical and main samba lists). I'm still trying to figure out exactly what's happening here but it seems that either the client is passing a bad data string into SamOEMhash or something wierd is happening inside of SamOEMhash. Of course, it could be something else entirely, I am far from a Samba guru... Douglas ---------------------------------------------------------------------- Douglas K. Fischer DFischer@Bridgewater.EDU (540) 828 - 5343 Network Systems Engineer C. E. Shull Information Technology Center College Box 36 Bridgewater College Bridgewater, VA 22812 ---------------------------------------------------------------------- From todd at edge.cis.McMaster.CA Fri Nov 20 20:54:21 1998 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:24:43 2003 Subject: password change problem In-Reply-To: Message-ID: On Fri, 20 Nov 1998, Douglas K. Fischer wrote: > I've run across the same problem in 1.9.18p10 (see postings to > samba-technical and main samba lists). I'm still trying to figure out > exactly what's happening here but it seems that either the client is > passing a bad data string into SamOEMhash or something wierd is happening > inside of SamOEMhash. Of course, it could be something else entirely, I am > far from a Samba guru... Ok, thanks. I had been using this successfully in an earlier release of 1.9.18 and I hadn't noticed that it broke in 1.9.18p10. Sorry for posting this question to the ntdom list, I'll move my followup to the other lists. -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From william at hae.com Sat Nov 21 07:22:42 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:43 2003 Subject: beta1 weirdness Message-ID: <000101be151f$baf2db00$65010aac@omnibook.wyse.com> All-- First of all, in order to get smbpasswd to create a machine account, I had to create *two* accounts in my passwd file: pii$::104:100:PII:/usr/home/pii:/bin/bash pii::105:100:PII:/usr/home/pii:/bin/bash I get two different errors if I had one but not the other. For completeness, here are the lines for smbpasswd: pii$:104:D820149B2431B5BCAAD3B435B51404EE:79B34E733201AE4A33BAF961714967B7:[ W ]:LCT-365656E1: The other thing is that I now can't join this machine to the NT domain. Any help would be appreciated, relevant files are below. SAMBA PDC is Gate (172.10.1.254) NT machine is PII (172.10.1.1). This machine is acting ad a firewall so it might be packet filtering but I doubt it, if you would like to see my fw configuration let me know. By the way, this is a home network so security is not a big concern. --- William Stuart (william@hae.com) Si hoc legere scis nimium eruditionis habes ----SMB.CONF----- # Samba config file created using SWAT # from 172.10.1.101 (172.10.1.101) # Date: 1998/11/20 22:34:03 # Global parameters workgroup = HAE netbios name = GATE server string = Samba 2.0.0-beta1 HAE PDC interfaces = 172.10.1.254/24 bind interfaces only = Yes encrypt passwords = Yes update encrypted = Yes hosts equiv = clytaemnestra happy unix password sync = Yes socket options = TCP_NODELAY load printers = No domain admin group = wstuart happy root logon path = \\gate\usr\home\%U logon home = \\gate\usr\home\%U domain logons = Yes os level = 45 preferred master = Yes domain master = Yes wins support = Yes admin users = wstuart [root] path = / read only = No -----END----- ----PACKET SNIFF----- 23:11:26.471814 172.10.1.1.1039 > 172.10.1.101.netbios-ssn: P 2812576:2812690(114) ack 17559388 win 8143 >>> NBT Packet NBT Session Packet Flags=0x0 Length=110 SMB PACKET: SMBtrans (REQUEST) SMB Command = 0x25 Error class = 0x0 Error code = 0 Flags1 = 0x18 Flags2 = 0x3 Tree ID = 55296 Proc ID = 51966 UID = 0 MID = 32 Word Count = 14 TotParamCnt=30 TotDataCnt=0 MaxParmCnt=8 MaxDataCnt=4200 MaxSCnt=0 TransFlags=0x0 Res1=0x1388 Res2=0x0 Res3=0x0 ParamCnt=30 ParamOff=80 DataCnt=0 DataOff=0 SUCnt=0 Name=\PIPE\LANMAN Data: (4 bytes) [000] 00 54 5C 4E .T\N Command=0x68 Str1=WrLehDz Str2=B16BBDz Data: (12 bytes) [000] 01 00 68 10 18 00 00 00 48 41 45 00 ..h..... HAE. (DF) (ttl 128, id 23610) 23:11:26.471814 172.10.1.101.netbios-ssn > 172.10.1.1.1039: P 1:69(68) ack 114 win 7458 >>> NBT Packet NBT Session Packet Flags=0x0 Length=64 SMB PACKET: SMBtrans (REPLY) SMB Command = 0x25 Error class = 0x0 Error code = 0 Flags1 = 0x98 Flags2 = 0x3 Tree ID = 55296 Proc ID = 51966 UID = 0 MID = 32 Word Count = 10 TotParamCnt=8 TotDataCnt=0 Res1=0 ParamCnt=8 ParamOff=55 Res2=0 DataCnt=0 DataOff=64 Res3=0 Lsetup=0 Unknown Data: (1 bytes) [000] 00 . Param Data: (8 bytes) [000] 00 00 00 00 00 00 00 00 ........ (DF) (ttl 32, id 49593) 23:11:26.641814 172.10.1.1.1039 > 172.10.1.101.netbios-ssn: . ack 69 win 8075 (DF) (ttl 128, id 24378) -----END----- From william at hae.com Sun Nov 22 09:04:21 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:43 2003 Subject: beta1 weirdness Message-ID: <000001be15f7$181cd240$02010aac@omnibook.wyse.com> I fixed it. It was a firewall problem. William From heinig at hdz-ima.rwth-aachen.de Mon Nov 23 12:33:09 1998 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:24:43 2003 Subject: Todo list: account expiration References: <365557C0.945227B6@hdz-ima.rwth-aachen.de> <3655AE8A.F6C197F9@engr.sgi.com> Message-ID: <36595605.A6139B77@hdz-ima.rwth-aachen.de> Jeremy Allison wrote: > > Gerald Heinig wrote: > > > > I'd like to take this opportunity to ask the members of this list if there's > > anyone working on the NIS+ interaction/authentication stuff. I'm especially > > interested in this feature and have a bit of time on my hands the next month or > > so for a bit of coding. If anybody has any hacks, nice bits of code, if there > > are any NIS+ gurus out there willing to share ideas, please, drop me a mail. > > > > That would be great ! Currently I think the NIS+ code > in Samba2.0 and the HEAD branch is broken and needs someone > to maintain it on a long term basis. Erm, OK... (What have I got myself into now... :-) ). I must confess I don?t have any NIS+ *programming* experience, though I know how to use NIS+ itself. I?m willing to learn, though, hence the appeal to the NIS+ gurus out there (hello Kyle :-) ). > > If you take on the job we could maybe offer you a really > cool T-shirt and lots of email grief :-) :-). Oh, in that case, no problem at all! What can I do for you? :-) :-) :-) Cheers, Gerald -- "A man's got to know his limitations..." 'Dirty' Harry Callaghan A.K.A Clint Eastwood From lkcl at switchboard.net Mon Nov 23 13:30:15 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: Numbering scheme In-Reply-To: <3655B321.546B7C0D@uindy.edu> Message-ID: the betas are from the SAMBA_2_0 branch. the alphas will eventually become samba-2.1. maybe the auto-release... oh yes, i agree with you :-) vvvvvvvvvvvvv > still free-for-alls (in which case, shouldn't they be 2.1.1prealpha or > 2.0.1 or something)? Or is it that the betas are just cleaned up > versions of the weekly alphas,? > > Thanks > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From Jean-Francois.Micouleau at dalalu.fr Mon Nov 23 13:35:51 1998 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:43 2003 Subject: Todo list: account expiration In-Reply-To: <36595605.A6139B77@hdz-ima.rwth-aachen.de> Message-ID: On Tue, 24 Nov 1998, Gerald Heinig wrote: > Erm, OK... (What have I got myself into now... :-) ). I must confess I > don?t have any NIS+ *programming* experience, though I know how to use > NIS+ itself. I?m willing to learn, though, hence the appeal to the NIS+ > gurus out there (hello Kyle :-) ). You know NIS+ ? You can code in C language ? You have the NIS+ man pages ? Great you can program the NIS+ code. Take a look at passdb/passdb.c, passdb/smbpass.c, passdb/nispass.c Read the comment at the beginning of passdb.c, everything is explained. > Oh, in that case, no problem at all! What can I do for you? :-) :-) :-) make nispass.c compile and work as expected. The goal of this file is to: lookup a single user enumerate all the users add a user blah blah a user a user is either a struct user_info_21 or a struct smb_passwd or a sam_disp_info. If you need help just ask on samba-technical. Jean Francois From lkcl at switchboard.net Mon Nov 23 14:20:47 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: Todo list: account expiration In-Reply-To: Message-ID: > a user is either a struct user_info_21 or a struct smb_passwd or a > sam_disp_info. the only one that will give everything is the user_info_21 one (sam_passwd). there are mapping functions for the ones you don't want to bother coding up optimally (if possible). > > If you need help just ask on samba-technical. yep! luke (h) you got time to do the ldap.c one? if the nispass one is starting, maybe should do ldap too so that the issues are only covered once. luke From hulet at ittc.ukans.edu Mon Nov 23 15:02:30 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:43 2003 Subject: NT SP4 problems In-Reply-To: Message-ID: I have a problem with NT SP4 and Samba. I try to join our Samba 2.0beta domain and NT gives me an "unable to update local security in order to join domain" error. I can join our NT 4.0 domain fine. After the error NT says you are no longer a member of any domain. Has anyone come across this error and how to fix it? Any responses would be appreciated. Michael Hulet From ink at inconnu.isu.edu Mon Nov 23 16:10:42 1998 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:24:43 2003 Subject: NT Printing In-Reply-To: <19981118223634Z12621140-7353+543@samba.anu.edu.au> Message-ID: We've been using Samba for over two years now and we have recently installed some Windows NT machines. I installed 2.0beta1 and everything works just great! (thanks) Is anyone working on getting the spool rpc connections (printing) to go? If not, I'd like to help out if I can. The wheel is turning but the hamster is dead. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From suprem at multimania.com Mon Nov 23 16:36:06 1998 From: suprem at multimania.com (Remy Bruno) Date: Tue Dec 2 02:24:43 2003 Subject: authentication Message-ID: <36598EF6.3D4B28E8@multimania.com> I'm on an NT domain and I use samba as a client of this domain. I've got problems concerning authentication done by my machine: the authentication I *want* it to do is either via the local passwd file (and NOT the smbpasswd file) or via the NT authentication of the server. But whatever "security = " option I put, I see (in the logs) that samba tries to find a smbpasswd file and fails if it doesn't find one! And when I put one with the good logins (but not the passwords, as I don't know them: there are in the passwd file or on the NT server and I *want* to use the same ones), it tells me that the account is disabled! So, what can I do? Noboddy can access my machine this way! Is there an option in smb.conf which says that we don't want to use an smbpasswd file? Regards, Remy BRUNO http://www.multimania.com/suprem e-mail: suprem@multimania.com From sbragion.denis at usa.net Mon Nov 23 17:33:59 1998 From: sbragion.denis at usa.net (Sbragion Denis) Date: Tue Dec 2 02:24:43 2003 Subject: authentication In-Reply-To: <36598EF6.3D4B28E8@multimania.com> Message-ID: <3.0.6.32.19981123183359.00a3e1e0@MBox.InfoTecna.com> Hello, At 03.52 24/11/98 +1100, Remy Bruno wrote: >I'm on an NT domain and I use samba as a client of this domain. >I've got problems concerning authentication done by my machine: the ... >what can I do? Noboddy can access my machine this way! Is there an >option in smb.conf which says that we don't want to use an smbpasswd >file? NT Domain support needs encrypted password but Unix encrypt them in a way that is imcompatible with the NT one. So you must have an smbpasswd file to store the NT encrypted password, sorry. Hope it helps. Sbragion Denis InfoTecna Tel, Fax: +39 039 2324054 URL: http://space.tin.it/internet/dsbragio From lkcl at switchboard.net Mon Nov 23 18:43:35 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: sid_to_string / string_to_sid problems Message-ID: for those people who may have been wondering why some of you could not use usrmgr.exe, it's probably because there are signed / unsigned conversion issues in the above two functions. does anyone wish to write a strtoul AUTOCONF test, or write an unsigned 32 bit text-to-uint32 routine? luke From abs at maunsell.co.uk Mon Nov 23 19:22:34 1998 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:43 2003 Subject: autoconf and ISC Unix Message-ID: <19981123192234.08297@maunsell.co.uk> The good news is that the latest code (cvs'd from the HEAD branch on sunday Nov 22 11:49 GMT) does configure and build perfectly on my old Solaris 2.4 Sun SS20's. There is also a lot of progress on ISC Unix, but it needs some nudging along still. Firstly, on my ISC systems at least (4.1, no maintenance update), I need to set the following :- CFLAGS="-O -D_POSIX_SOURCE -D_XOPEN_SOURCE -D_SYSV3 -DISC" LIBS="-lsec -lcrypt -linet -lcposix" Not too much of a hardship, but it would be nice to clue configure in to this Unix. Like my Solaris 2.4 suns, the ISC systems will be with me for a while yet to come. Secondly, ISC defines a lot of necessary stuff in and and I expect you would be after a more elegant way of dealing with this than my rather crude approach in include/includes.h :- --------------------------begin included patch ------------------------- *** current/source/include/includes.h.orig Mon Nov 23 17:16:21 1998 --- current/source/include/includes.h Mon Nov 23 13:59:40 1998 *************** *** 47,52 **** --- 47,56 ---- #include + #ifdef ISC + #include + #include + #endif #ifdef TIME_WITH_SYS_TIME #include --------------------------end included patch ------------------------- Now, because configure didn't know about bsdtypes.h, it mis-defined these in include/config.h :- #define uid_t int #define pid_t int #define mode_t int #define gid_t int Again, I am not sure of the most elegant way of dealing with this in configure, I could do something along the lines of the '#if STDC_HEADERS' conditional includes. I also found ONLCR was not defined in smbd/chgpasswd.c. I could have used -D_XOPEN_SOURCE, which would have included it from , or what I in fact did, which was to define it manually in config.h. Finally, the only other change necessary to get all the objects to compile is to lib/util_sock.c, where EINPROGRESS and EALREADY are defined on ISC in . I got round this temporarily by including the file in lib/util_sock.c, again, I presume you have a better way of dealing with this sort of platform specific stuff. Previous code (with the above mods) did link and run, I have binaries dated Nov 15 23:01 GMT. Unfortunately, yesterdays code wont link at all because of the dependance on mmap() in sys/system.c and fchmod() in rpc_server/srv_sid.c, neither of which I have. Anyone any suggestions? Thanks. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From suprem at multimania.com Mon Nov 23 20:05:07 1998 From: suprem at multimania.com (Remy Bruno) Date: Tue Dec 2 02:24:43 2003 Subject: authentication References: <3.0.6.32.19981123183359.00a3e1e0@MBox.InfoTecna.com> Message-ID: <3659BFF3.2EBF0F0E@multimania.com> Sbragion Denis wrote: > > NT Domain support needs encrypted password but Unix encrypt them in a way > that is imcompatible with the NT one. So you must have an smbpasswd file to > store the NT encrypted password, sorry. > Yes, but with the 18p4 version of samba, it worked! That is people could access to the shares I made them by typing the password of their account they had on my linux box! And then, this doesn't work! Furthermore, the authentication could be done by the *NT server* (that is not MY computer but another one). That is what is done by the windows95 computers, so why couldn't samba do the same? This doesn't imply any unix authentication and thus shouldn't cause any problem! Moreover, with one of the new alpha versions of samba (I think it was 11), I saw in the log that samba tried to validate the password through the NT server, that it *achieved* to ("password server accepted the password") BUT that it tried after to re-validate it via the local smbpasswd file. What I would have it to do is to accept the connection as soon as the password server accepts the password and not to re-validate it localy. I think that this would be possible (and I thougt that it was the aim of the "security=server" and "security=domain" options, but maybe there is another option that I don't know). I recall that I am not the domain server but a client and that I can't know all the passwords of the users that are on the NT domain. Regards, Remy BRUNO http://www.multimania.com/suprem e-mail: suprem@multimania.com From abs at maunsell.co.uk Mon Nov 23 23:05:41 1998 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:43 2003 Subject: autoconf and ISC Unix In-Reply-To: <19981123192234.08297@maunsell.co.uk>; from Andy Smith on Tue, Nov 24, 1998 at 06:29:12AM +1100 References: <19981123192234.08297@maunsell.co.uk> Message-ID: <19981123230541.42949@maunsell.co.uk> On Tue, Nov 24, 1998 at 06:29:12AM +1100, Andy Smith wrote: > > Previous code (with the above mods) did link and run, I have binaries > dated Nov 15 23:01 GMT. Unfortunately, yesterdays code wont link at > all because of the dependance on mmap() in sys/system.c and fchmod() in > rpc_server/srv_sid.c, neither of which I have. Anyone any suggestions? Following up my own question, I just got the Nov 15 code back off tape, and I see that the mmap() is indeed new, but the fchmod() problem existed even then, and I got it compiled by simply commenting out the code. Sorry if I caused any confusion. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From lkcl at switchboard.net Mon Nov 23 23:16:25 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: group database API Message-ID: ok, the default compile options will have: - local group map - domain group map - username map ... and behaviour that takes the _unix_ group database and, depending on your configuration (member of domain, or a PDC) will make life a little bit simpler and easier to set up NT domain groups. NO other parameters. From jallison at cthulhu.engr.sgi.com Tue Nov 24 01:59:14 1998 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:43 2003 Subject: Samba 2.0 Beta2 released ! Message-ID: <365A12F2.5243BA16@engr.sgi.com> The Samba Team are pleased to announce Samba 2.0 Beta2 This is the second of (hopefully) a short series of Beta releases of the 2.0 code and incorporates bug fixes and changes from feedback gained from the first beta. We are relasing these Betas to enable the Samba Team to gain wider testing of the new autoconf mechanism and fix any bugs before the first ship of the new stable version of Samba - Samba 2.0. Samba 2.0 Beta2 is available in source form from samba.org and all of our mirror sites. Please go to your nearest mirror site from samba.org and click on the link under the "Samba News" announcement to download this code. Please try this code and give us feedback. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org The WHATSNEW.txt file follows. As always, any bugs are our responsibility, Regards, The Samba Team. ----------------------------------------------------------- Issues fixed between Beta1 and Beta2 ------------------------------------ 1). Many autoconf issues (too many to list here). 2). Correctly set default printing for AIX. 3). Attempt to fix struct rtentry not being defined problem. 4). Convert all open() style calls to wrappers for 64 bit systems. 5). Get more 'const' correct. 6). Fix bug with O_EXCL not being set on exlusive open requests. 7). Fix string_sub() problem with LinPopup. 8). Fix lmhosts bug causing only 3 character names to be looked up. 9). Fixed bug with NetBIOS pointers in scope names. 10). Removed code that was preventing NT3.51 PDC logons from working. 11). Fixed crash bug when processing DELETE_ON_CLOSE directive from MS Office. 12). Fixed NT4.x problems adding printer. 13). Stop multiple logs of NT ACL's not supported messages. 14). Changed 'security=server' mode to use *SMBSERVER name if initial connect refused. 15). Fixed NT4.x problem with modify times not being preserved on explorer file copy. 16). 'Silent' switch for testparm. 17). Added 'hosts allow/deny' checks to SWAT. ----------------------------------------------------------- WHATS NEW IN Samba 2.0.0 beta2 ============================== This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. Major changes in Samba 2.0 -------------------------- There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From jrivas at ares.ipf.uvigo.es Tue Nov 24 13:19:33 1998 From: jrivas at ares.ipf.uvigo.es (=?ISO-8859-1?Q?Jos=E9?= Luis Rivas =?ISO-8859-1?Q?L=F3pez?=) Date: Tue Dec 2 02:24:43 2003 Subject: PDC In-Reply-To: Message-ID: I would like to make my samba server a PDC, but with Windows Nt Workstation and SP3. Who knows how to make it? Thanks, Esper From cartegw at Eng.Auburn.EDU Tue Nov 24 13:31:02 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:43 2003 Subject: PDC References: Message-ID: <365AB516.1B52505@eng.auburn.edu> Jos? Luis Rivas L?pez wrote: > > I would like to make my samba server a PDC, but with Windows Nt > Workstation and SP3. Who knows how to make it? Begin with the NTDOM FAQ linked off the main samba page (http://samba.org) Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Tue Nov 24 14:24:10 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:43 2003 Subject: PDC busted in CVS Message-ID: Hi, Maybe I'm doing something wrong all of a sudden but with cvs code from yesterday or today my NT workstations cannot find my samba PDC. Did something change besides the group map parameters? Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Tue Nov 24 14:33:52 1998 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:43 2003 Subject: PDC busted in CVS References: Message-ID: <365AC3D0.80ED088B@eng.auburn.edu> Greg Dickie wrote: > > Hi, > > Maybe I'm doing something wrong all of a sudden but with > cvs code from yesterday or today my NT workstations cannot > find my samba PDC. Did something change besides the group > map parameters? Greg, Are you trying to add new machines or are existing ones unable to locate the DC? Can you get a trace and make sure that it is not a name resolution problem. The machine should be able to resolve DOMAIN<1b> Thanks, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Tue Nov 24 14:50:20 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:43 2003 Subject: PDC busted in CVS In-Reply-To: <365AC3D0.80ED088B@eng.auburn.edu> Message-ID: Actually I guess it is both. My test machine was unable to log me on so I removed it from the domain and tried to add it back but could not. I'll get a trace. Is tcpdump OK? Greg On 24-Nov-98 Gerald Carter wrote: > Greg Dickie wrote: >> >> Hi, >> >> Maybe I'm doing something wrong all of a sudden but with >> cvs code from yesterday or today my NT workstations cannot >> find my samba PDC. Did something change besides the group >> map parameters? > > Greg, > > Are you trying to add new machines or are existing ones > unable to locate the DC? Can you get a trace and make sure > that it is not a name resolution problem. The machine should > be able to resolve DOMAIN<1b> > > > > > Thanks, > j- > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Tue Nov 24 16:08:26 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: rpcclient samtest with SP4 server - core dump In-Reply-To: <002401be17c3$c2eb88b0$21c9ca95@mowp.siemens.ru> Message-ID: On Tue, 24 Nov 1998, Andrej Borsenkow wrote: > > > > > i just tried ntpass against a SP4 server, it worked fine. hm. i wonder > > if i have some uninitialised variables somewhere? this seems to smell of > > that... > > > > > > Looks like it. Every now and then it fails to setup session ... At least, > the first time after password was changed. yeah, i know - i'd like to track that down. is anyone else experiencing the same problems, with smbclient? session setup failure, that is, on a random basis? From greg at discreet.com Tue Nov 24 17:04:52 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:43 2003 Subject: PDC busted in CVS In-Reply-To: <365AC3D0.80ED088B@eng.auburn.edu> Message-ID: Tried the LATEST CVS but still no go. I have a feeling I'm just stupid but if anyone could point out how, I'd appreciate it. Ta, Greg Here is the trace of tcpdump -w On 24-Nov-98 Gerald Carter wrote: > Greg Dickie wrote: >> >> Hi, >> >> Maybe I'm doing something wrong all of a sudden but with >> cvs code from yesterday or today my NT workstations cannot >> find my samba PDC. Did something change besides the group >> map parameters? > > Greg, > > Are you trying to add new machines or are existing ones > unable to locate the DC? Can you get a trace and make sure > that it is not a name resolution problem. The machine should > be able to resolve DOMAIN<1b> > > > > > Thanks, > j- > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: output.dump Type: application/octet-stream Size: 13272 bytes Desc: output.dump Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981124/add8f8fc/output.obj From lkcl at switchboard.net Tue Nov 24 17:22:27 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: yodl is _cool_ Message-ID: please could someone review docs/manpages/smb.conf.5 or docs/htmldocs/smb.conf.5.html sections "domain group map" and "local group map" see if you understand what the heck is going on, because i sure don't :-) From ambach at unfall.klinik.uni-mainz.de Tue Nov 24 18:11:26 1998 From: ambach at unfall.klinik.uni-mainz.de (Christian Ambach) Date: Tue Dec 2 02:24:43 2003 Subject: =?iso-8859-1?Q?NT_WS_4=2E0_Sp3_can=B4t_login_into_Samba_contro?= =?iso-8859-1?Q?lled_domain?= Message-ID: <01BE17DE.3C549FB0@BV> Hi Guys ! I?ve got an NT WS4.0 here with SP3 and an Samba 2.0beta2 on Linux. I created an machine account for the NT Box, the name is BV, by smbpasswd -a -m bv$ When I use the network control in NT I get a message "The machine account does not exist or is not accessible". This is my smbpasswd file # # SMB password file. # ambach:502:***:[DU ]:LCT-365A8CA8:Christian Ambach ktel:503:30C722E57B621A3FAAD3B435B51404EE:BA519CACD7A2BBB50763CD94EEB6F5EB:[DU ]:LCT-3651BBFA: bv$:500:03366C649152D368AAD3B435B51404EE:4AAD84F57F1957A1FD31039D435BA64C:[W]:LCT-3651BB71: and here an excerpt of the log: (smbd -d 20) [1998/11/24 19:13:27, 1] smbd/server.c:main(619) smbd version 2.0.0beta2 started. Copyright Andrew Tridgell 1992-1998 [1998/11/24 19:13:27, 2] smbd/server.c:main(623) uid=0 gid=0 euid=0 egid=0 [1998/11/24 19:13:27, 3] param/loadparm.c:init_globals(814) Initialising global parameters [1998/11/24 19:13:27, 3] param/params.c:pm_process(538) params.c:pm_process() - Processing configuration file "/etc/smb.conf" [1998/11/24 19:13:27, 3] param/loadparm.c:do_section(2159) Processing section "[global]" doing parameter workgroup = UNFALLCHIRURGIE doing parameter guest account = nobody doing parameter keep alive = 30 doing parameter os level = 2 doing parameter security = share doing parameter printing = bsd doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter server string = %h Samba Server %v doing parameter interfaces = 134.93.79.49/255.255.255.0 doing parameter wins support = yes doing parameter os level = 2 doing parameter preferred master = yes doing parameter local master = yes doing parameter domain master = yes doing parameter encrypt passwords = yes doing parameter netbios name = Lx1 doing parameter domain logons = yes [1998/11/24 19:13:27, 2] param/loadparm.c:do_section(2176) Processing section "[homes]" doing parameter comment = Heimatverzeichnis doing parameter browseable = no doing parameter read only = no doing parameter create mode = 0750 [1998/11/24 19:13:27, 2] param/loadparm.c:do_section(2176) Processing section "[printers]" doing parameter comment = All Printers doing parameter browseable = no doing parameter printable = yes doing parameter public = no doing parameter read only = yes doing parameter create mode = 0700 doing parameter directory = /tmp [1998/11/24 19:13:27, 2] param/loadparm.c:do_section(2176) Processing section "[Install]" doing parameter comment = Installverzeichnis doing parameter browseable = yes doing parameter read only = no doing parameter public = yes doing parameter path = /install [...] [1998/11/24 19:13:27, 7] lib/util_sid.c:string_to_sid(109) string_to_sid: converted SID S-1-5-21-2679584760-1107086205-3812469782 ok [...] Now BV tries to get into the domain [1998/11/24 19:14:14, 3] smbd/oplock.c:open_oplock_ipc(75) open_oplock ipc: pid = 407, global_oplock_port = 1035 [1998/11/24 19:14:14, 3] smbd/process.c:smbd_process(755) priming nmbd [...] [1998/11/24 19:14:15, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 407) [1998/11/24 19:14:15, 3] smbd/reply.c:reply_sesssetup_and_X(599) Domain=[UNFALLCHIRURGIE] NativeOS=[Windows NT 1381] NativeLanMan=[] [1998/11/24 19:14:15, 3] smbd/reply.c:reply_sesssetup_and_X(603) sesssetupX:name=[AMBACH] [1998/11/24 19:14:15, 6] param/loadparm.c:lp_file_list_changed(1761) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Nov 24 17:13:49 1998 [...] smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [1998/11/24 19:14:16, 5] lib/util.c:show_msg(466) smb_tid=1 smb_pid=51966 smb_uid=0 smb_mid=768 smt_wct=0 [1998/11/24 19:14:16, 5] lib/util.c:show_msg(476) smb_bcc=0 [1998/11/24 19:14:16, 6] lib/util_sock.c:write_socket(185) write_socket(6,39) [1998/11/24 19:14:16, 6] lib/util_sock.c:write_socket(188) write_socket(6,39) wrote 39 [1998/11/24 19:14:16, 10] rom /dev/random. [1998/11/24 19:14:16, 4] locking/shmem_sysv.c:sysv_shm_open(544) Trying sysv shmem open of size 1048576 [1998/11/24 19:14:16, 5] locking/shmem_sysv.c:shm_initialize(424) shm_initialize : initializing shmem size 1048576 [1998/11/24 19:14:16, 6] locking/shmem_sysv.c:shm_alloc(253) shm_alloc : allocated 52 bytes at offset 48 [1998/11/24 19:14:16, 3] locking/shmem_sysv.c:sysv_shm_open(702) Initialised IPC area of size 1048576 [1998/11/24 19:14:16, 6] param/loadparm.c:lp_file_list_changed(1761) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Nov 24 17:13:49 1998 [1998/11/24 19:14:16, 2] smbd/server.c:main(707) Changed root to / [1998/11/24 19:14:16, 3] smbd/oplock.c:open_oplock_ipc(50) open_oplock_ipc: opening loopback UDP socket. [1998/11/24 19:14:16, 3] lib/util_sock.c:open_socket_in(675) bind succeeded on port 0 [1998/11/24 19:14:16, 3] smbd/oplock.c:open_oplock_ipc(75) open_oplock ipc: pid = 408, global_oplock_port = 1037 [1998/11/24 19:14:16, 3] smbd/process.c:smbd_process(755) priming nmbd [1998/11/24 19:14:16, 3] lib/util_sock.c:send_one_packet(604) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1998/11/24 19:14:16, 4] lib/time.c:TimeInit(110) Serverzone is -3600 [1998/11/24 19:14:16, 10] lib/util_sock.c:read_smb_length_return_keepalive(445) got smb length of 68 [1998/11/24 19:14:16, 6] smbd/process.c:process_smb(564) got message type 0x81 of len 0x44 [1998/11/24 19:14:16, 3] smbd/process.c:process_smb(565) Transaction 0 of length 72 [1998/11/24 19:14:16, 2] smbd/reply.c:reply_special(95) netbios connect: name1=LX1 name2=BV [1998/11/24 19:14:16, 6] param/loadparm.c:lp_file_list_changed(1761) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Nov 24 17:13:49 1998 [1998/11/24 19:14:16, 5] smbd/connection.c:claim_connection(127) trying claim /var/lock STATUS. 100000 [1998/11/24 19:14:16, 8] lib/util.c:fcntl_lock(2750) fcntl_lock 7 7 0 1 1 [1998/11/24 19:14:16, 8] lib/util.c:fcntl_lock(2811) Lock call successful [1998/11/24 19:14:16, 8] lib/util.c:fcntl_lock(2750) fcntl_lock 7 7 0 1 2 [1998/11/24 19:14:16, 8] lib/util.c:fcntl_lock(2811) Lock call successful [1998/11/24 19:14:16, 5] smbd/reply.c:reply_special(147) init msg_type=0x81 msg_flags=0x0 [1998/11/24 19:14:16, 6] lib/util_sock.c:write_socket(185) write_socket(6,4) [1998/11/24 19:14:16, 6] lib/util_sock.c:write_socket(188) write_socket(6,4) wrote 4 [1998/11/24 19:14:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(445) got smb length of 170 [1998/11/24 19:14:17, 6] smbd/process.c:process_smb(564) got message type 0x0 of len 0xaa [1998/11/24 19:14:17, 3] smbd/process.c:process_smb(565) Transaction 1 of length 174 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(460) size=170 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(466) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=0 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(476) smb_bcc=135 [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2950) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [010] 52 41 4D 20 31 2E 30 00 02 58 45 4E 49 58 20 43 RAM 1.0. .XENIX C [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [020] 4F 52 45 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E ORE..MIC ROSOFT N [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [030] 45 54 57 4F 52 4B 53 20 31 2E 30 33 00 02 4C 41 ETWORKS 1.03..LA [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [040] 4E 4D 41 4E 31 2E 30 00 02 57 69 6E 64 6F 77 73 NMAN1.0. .Windows [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [050] 20 66 6F 72 20 57 6F 72 6B 67 72 6F 75 70 73 20 for Wor kgroups [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [060] 33 2E 31 61 00 02 4C 4D 31 2E 32 58 30 30 32 00 3.1a..LM 1.2X002. [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [070] 02 4C 41 4E 4D 41 4E 32 2E 31 00 02 4E 54 20 4C .LANMAN2 .1..NT L [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [080] 4D 20 30 2E 31 32 00 M 0.12. [1998/11/24 19:14:17, 3] smbd/process.c:switch_message(402) switch message SMBnegprot (pid 408) [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [PC NETWORK PROGRAM 1.0] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [XENIX CORE] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [MICROSOFT NETWORKS 1.03] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LANMAN1.0] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [Windows for Workgroups 3.1a] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LM1.2X002] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LANMAN2.1] [1998/11/24 19:14:17, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [NT LM 0.12] [...] smb_bcc=24 [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2950) [000] 2B 4C D3 F9 62 61 AB 43 55 4E 46 41 4C 4C 43 48 +L..ba.C UNFALLCH [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [010] 49 52 55 52 47 49 45 00 IRURGIE. [1998/11/24 19:14:17, 6] lib/util_sock.c:write_socket(185) write_socket(6,97) [1998/11/24 19:14:17, 6] lib/util_sock.c:write_socket(188) write_socket(6,97) wrote 97 [1998/11/24 19:14:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(445) got smb length of 168 [1998/11/24 19:14:17, 6] smbd/process.c:process_smb(564) got message type 0x0 of len 0xa8 [1998/11/24 19:14:17, 3] smbd/process.c:process_smb(565) Transaction 2 of length 172 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(460) size=168 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(466) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=13 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[0]=117 (0x75) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[1]=116 (0x74) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[2]=61440 (0xF000) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[3]=50 (0x32) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[4]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[5]=408 (0x198) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[6]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[7]=1 (0x1) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[8]=1 (0x1) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[9]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[10]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[11]=212 (0xD4) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[12]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(476) smb_bcc=55 [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2950) [000] 00 00 42 56 24 00 55 4E 46 41 4C 4C 43 48 49 52 ..BV$.UN FALLCHIR [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [010] 55 52 47 49 45 00 57 69 6E 64 6F 77 73 20 4E 54 URGIE.Wi ndows NT [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [020] 20 31 33 38 31 00 00 57 69 6E 64 6F 77 73 20 4E 1381..W indows N [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [030] 54 20 34 2E 30 00 00 T 4.0.. [1998/11/24 19:14:17, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 408) [1998/11/24 19:14:17, 3] smbd/reply.c:reply_sesssetup_and_X(599) Domain=[UNFALLCHIRURGIE] NativeOS=[Windows NT 1381] NativeLanMan=[] [1998/11/24 19:14:17, 3] smbd/reply.c:reply_sesssetup_and_X(603) sesssetupX:name=[BV$] [1998/11/24 19:14:17, 6] param/loadparm.c:lp_file_list_changed(1761) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Tue Nov 24 17:13:49 1998 [1998/11/24 19:14:17, 3] smbd/reply.c:reply_sesssetup_and_X(721) Registered username bv$ for guest access [1998/11/24 19:14:17, 7] param/loadparm.c:lp_servicenumber(2576) lp_servicenumber: couldn't find bv$ [1998/11/24 19:14:17, 3] param/loadparm.c:lp_add_home(1431) adding home directory bv$ at /dev/null [1998/11/24 19:14:17, 6] smbd/reply.c:reply_sesssetup_and_X(783) Client requested max send size of 61440 [1998/11/24 19:14:17, 3] smbd/process.c:chain_reply(715) Chained message [1998/11/24 19:14:17, 5] lib/util.c:show_msg(460) size=168 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(466) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=4 [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[0]=255 (0xFF) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[1]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[2]=0 (0x0) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(471) smb_vwv[3]=24 (0x18) [1998/11/24 19:14:17, 5] lib/util.c:show_msg(476) smb_bcc=41 [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2950) [000] C0 9D 89 EE 0B D6 DE 7B 77 BB EC D8 D9 1E 91 8A .......{ w....... [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [010] B4 36 34 27 6D 2F A9 7C 5C 5C 4C 58 31 5C 49 50 .64'm/.| \\LX1\IP [1998/11/24 19:14:17, 10] lib/util.c:dump_data(2958) [020] 43 24 00 3F 3F 3F 3F 3F 00 C$.????? . [1998/11/24 19:14:17, 3] smbd/process.c:switch_message(402) switch message SMBtconX (pid 408) [1998/11/24 19:14:17, 4] smbd/reply.c:reply_tcon_and_X(301) Got device type ????? [1998/11/24 19:14:17, 10] passdb/passdb.c:iterate_getsmbpwnam(140) search by name: bv [1998/11/24 19:14:17, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /etc/smbpasswd [1998/11/24 19:14:17, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/24 19:14:17, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/24 19:14:17, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user ambach, uid 502 [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user ktel, uid 503 [1998/11/24 19:14:17, 10] passdb/smbpass.c:getsmbfilepwent(206) getsmbfilepwent: entry invalidated for user issendorff [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user bv$, uid 500 [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user pc4$, uid 505 [1998/11/24 19:14:17, 4] passdb/smbpass.c:getsmbfilepwent(140) getsmbfilepwent: end of file reached [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(300) getsmbfilepwent: end of file reached. [1998/11/24 19:14:17, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1998/11/24 19:14:17, 3] smbd/password.c:pass_check_smb(494) Couldn't find user bv in smb_passwd file. [1998/11/24 19:14:17, 10] passdb/passdb.c:iterate_getsmbpwnam(140) search by name: bv$ [1998/11/24 19:14:17, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /etc/smbpasswd [1998/11/24 19:14:17, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/24 19:14:17, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/24 19:14:17, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user ambach, uid 502 [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user ktel, uid 503 [1998/11/24 19:14:17, 10] passdb/smbpass.c:getsmbfilepwent(206) getsmbfilepwent: entry invalidated for user issendorff [1998/11/24 19:14:17, 5] passdb/smbpass.c:getsmbfilepwent(252) getsmbfilepwent: returning passwd entry for user bv$, uid 500 [1998/11/24 19:14:17, 10] passdb/passdb.c:iterate_getsmbpwnam(156) found by name: bv$ [1998/11/24 19:14:17, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1998/11/24 19:14:17, 4] smbd/password.c:smb_password_ok(394) Checking SMB password for user bv$ [1998/11/24 19:14:17, 5] smbd/password.c:smb_password_ok(413) challenge received [1998/11/24 19:14:17, 4] smbd/password.c:smb_password_ok(421) smb_password_ok: Checking NT MD4 password [1998/11/24 19:14:17, 4] smbd/password.c:smb_password_ok(425) NT MD4 password check succeeded [1998/11/24 19:14:17, 3] smbd/password.c:authorise_login(719) ACCEPTED: session list username and given password ok [1998/11/24 19:14:17, 3] smbd/service.c:make_connection(380) Connect path is /tmp [1998/11/24 19:14:17, 5] smbd/uid.c:become_user(293) become_user uid=(0,500) gid=(100,100) [1998/11/24 19:14:17, 3] lib/util.c:ChDir(653) chdir to /tmp [1998/11/24 19:14:17, 3] lib/util.c:ChDir(653) chdir to /usr/local/samba/bin [1998/11/24 19:14:17, 5] smbd/uid.c:unbecome_user(343) unbecome_user now uid=(0,0) gid=(0,0) [1998/11/24 19:14:17, 3] smbd/service.c:make_connection(482) bv (134.93.79.54) connect to service IPC$ as user bv$ (uid=500, gid=100) (pid 408) [...] Hope you can help me. Christian Ambach From chenriq at homeshopping.com.br Wed Nov 25 00:33:42 1998 From: chenriq at homeshopping.com.br (Carlos Henrique) Date: Tue Dec 2 02:24:43 2003 Subject: smbpasswd don't work in user mode. References: <3654B87E.CE4AB669@homeshopping.com.br> Message-ID: <365B5065.6EA3A810@homeshopping.com.br> I have Sparcstation 5 with SunOS 4.1.4 and samba2.0.0beta2 and smbpasswd don't work in other user that root. I get this message: $ smbpasswd -D 4 Old SMB password: New SMB password: Retype new SMB password: Connecting to 127.0.0.1 at port 139 machine 127.0.0.1 rejected the password change: Error was : The specified passwo rd is invalid. Failed to change password for henrique And in log.machine file, i get this message: [1998/11/23 10:19:34, 0] smbd/chgpasswd.c: chgpasswd (449) Password changing not compiled in (user=henrique) What is wrong? Thanks. From mathewss at nutech.com Wed Nov 25 01:48:48 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:43 2003 Subject: Bug report. Message-ID: I have to get myself home before the wife puts my dinner out to the dog.. but here is as far as i got on finding a new bug in cvs today where i cant login to my boxes anymore. start searching for mathewss user to login then it switches to another user. search by name3: mathewss [1998/11/24 17:15:51, 6] lib/util_file.c:getfileline(248) getfileline: skipping comment or blank line [1998/11/24 17:15:51, 6] lib/util_file.c:getfileline(248) getfileline: skipping comment or blank line [1998/11/24 17:15:51, 6] lib/util_file.c:getfileline(248) getfileline: skipping comment or blank line [1998/11/24 17:15:51, 5] passdb/smbpass.c:getsmbfilepwent(201) getsmbfilepwent: returning passwd entry for user root, uid 0 [1998/11/24 17:15:51, 5] passdb/smbpass.c:getsmbfile21pwent(276) getsmbfile21pwent [1998/11/24 17:15:51, 10] passdb/passdb.c:iterate_getsam21pwnam(282) search by name4: root ^^^^^^^ Whoops.. from passdb.c with a few debug's added to locate problem. DEBUG(10, ("search by name3: %s\n", name)); /* name = mathewss */ while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, nam e)) { DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); } /* name now = root */ DEBUG(10, ("search by name4: %s\n", name)); if (pwd != NULL) { DEBUG(10, ("found by name: %s\n", name)); } Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From D.Bannon at latrobe.edu.au Wed Nov 25 04:44:52 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:43 2003 Subject: yodl is _cool_ In-Reply-To: Message-ID: <3.0.3.32.19981125154452.0075b770@bioserve.biochem.latrobe.edu.au> At 04:49 AM 25/11/1998 +1100, Luke Kenneth Casson Leighton wrote: >please could someone review docs/manpages/smb.conf.5 or >docs/htmldocs/smb.conf.5.html sections "domain group map" and "local group >map" see if you understand what the heck is going on, because i sure don't >:-) > Well, I have read both the man page (or that bit) and then re-read Luke's post of Nov 18. No, I cannot say it is clear at all. Lukes post says that smbpassgrp syntax is : username:uid:alias1,...:group1.... But man page says its : UnixGroupName : DomainGroupName However, Lukes post also mentions that syntax in the paragraph above the definition of smbpassgrp. Hmm..... Can we get it a bit clearer ? For example, to map someone, who is a member of (unix) adm as (NT) Administrator would we do this ? : domain group map = /usr/local/samba/private/smbpassgrp and in smbpassgrp we have : adm Administrators I cannot try it at present as I cannot get the 2.0 beta1 to allow any sort of NTDomain logon. Works fine if I revert to 2.0 prealpha but that does not use the new syntax. Why am I seeing reference to 2.0 beta2 in cvs change log, I cvs'ed only an hour ago and just checked, cvs gets me 2.0 beta1 ! Do I need the -r BRANCH_WHAT_EVER to get 2.0 beta2 ?? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mathewss at nutech.com Wed Nov 25 06:28:29 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:43 2003 Subject: yodl is _cool_ In-Reply-To: <3.0.3.32.19981125154452.0075b770@bioserve.biochem.latrobe.edu.au> Message-ID: Ya it seems the latest cvs cant support domain login anymore i posted today a few things i found odd in the code for someone to hopefull dig into. But the good news is that after revewing the new docs i was able to understand it enough to come up with the following and actualy add accounts to "Domain Admins" and other groups very easy. i simply added a few groups to my unix group file as follows. Domain Admins:*:2000:mathewss,raven Domain Users:*:2001:mathewss,raven now if i look at user mathewss under usermanager i see that user in the group domain admins etc etc. thats COOL :c) and easy to maintain. I also played with the domain group map entry with no realy effect. It seemed that maping say wheel to say Domain Admins didnt have any effect. Seems logical to me at least as the user mathewss has su capability and is part of the wheel group to alias that group to say "Domain Admins" yet wheel "Domain Admins" or wheel Domain Admins inside of the domain group map file seems to have no effect. The username map does seem to work fine i can basicly alias a user on NT to a user on the unix box. on a side note under User Properties under user manager i noticed that the check box for Password never expires is not checked for the users. Yet under account it is properly set to never not sure if thats normal since ive been off of using Winnt pdc for a long time now. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Wed, 25 Nov 1998, David Bannon wrote: > At 04:49 AM 25/11/1998 +1100, Luke Kenneth Casson Leighton wrote: > >please could someone review docs/manpages/smb.conf.5 or > >docs/htmldocs/smb.conf.5.html sections "domain group map" and "local group > >map" see if you understand what the heck is going on, because i sure don't > >:-) > > > > Well, I have read both the man page (or that bit) and then re-read Luke's > post of Nov 18. No, I cannot say it is clear at all. > > Lukes post says that smbpassgrp syntax is : > username:uid:alias1,...:group1.... > > But man page says its : > UnixGroupName : DomainGroupName > > However, Lukes post also mentions that syntax in the paragraph above the > definition of smbpassgrp. Hmm..... > > Can we get it a bit clearer ? > > For example, to map someone, who is a member of (unix) adm as > (NT) Administrator would we do this ? : > > domain group map = /usr/local/samba/private/smbpassgrp > > and in smbpassgrp we have : > > adm Administrators > > I cannot try it at present as I cannot get the 2.0 beta1 to allow any sort > of NTDomain logon. Works fine if I revert to 2.0 prealpha but that does not > use the new syntax. Why am I seeing reference to 2.0 beta2 in cvs change > log, I cvs'ed only an hour ago and just checked, cvs gets me 2.0 beta1 ! Do > I need the -r BRANCH_WHAT_EVER to get 2.0 beta2 ?? > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > > > > From brian at bstc.net Wed Nov 25 09:12:42 1998 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:24:43 2003 Subject: registry stuff Message-ID: <19981125091859Z12669983-5975+777@samba.anu.edu.au> hi all, been working on getting win95-98 boxes to use user level security, validated via samba PDC (2.0.0beta2), works great, however I had to do some hard coding in the registry to get it all to work, as you know, win95+ cannot see the user list yet from samba. here is how I got around it, I thought maybe someone else may benefit from my research. (digging:) All the information in this document was derived solely by fat fingering through the registry, I am 99.9% positive of the validity of the statements made in this document, if any of it is incorrect, I appologize, and where did you find out? :-) Brian Roberson brian@bstc.net USER LEVEL SECURITY ACCESS REG KEYS UNDER HKEY_LOCAL_MACHINE\Security\Access\ for a shared folder: HKEY_LOCAL_MACHINE\Security\Access\$DRIVE\$FOLDER USERS ARE A BINARY VALUE UNDER THE SHARED RESOURCE, IN THE FORMAT OF $DOMAIN\USERNAME AND THE BINARY VALUE IS A 2 BYTE RESOURCE DETERMINING THE ACCESS ALLOWED TO RESOURCE, AND GROUP INFO. The first byte is for permisions. The second byte is for the group/user class, when set to 80h, this represents a domain group, when set to 00h its user. If you have a binary value named `*` with content of `81h 80h` , It shows as " The World " {Read Only}. If you have a binary value named `$SOMENAME\$SOMEDOMAIN` with content `81h 80h` it shows up as a group in the share properties, with value set to `81h 00h` it shows as a sigle user in the share properties. ** ALL VALUES ARE IN HEX ( more legible to write 81 00 than 10000001 10000000 ) *** [R] READ FILES [W] WRITE TO FILES [C] CREATE FILES AND FOLDERS [D] DELETE FILES [T] CHANGE FILE ATTRIBUTES [F] LIST FILES [A] CHANGE ACCESS CONTROL USER SPECIFIC VALUES: b7 00 -- FULL ACCESS [RWCDTF] 81 00 -- READ ONLY [RF] CUSTOM SINGLE: 81 00 -- RD ONLY [R] 02 00 -- WR ONLY [W] 04 00 -- CREATE FILES [C] 10 00 -- DELETE FILES [D] 20 00 -- CHANGE FILE ATTRIBUTES [T] 80 00 -- LIST FILES [F] 40 00 -- CHANGE ACCESS CONTROL [A] CUSTOM MULTIPLE {2} : 03 00 -- [RW] 05 00 -- [RC] 11 00 -- [RD] 21 00 -- [RT] 81 00 -- [RF] 41 00 -- [RA] 06 00 -- [WC] 12 00 -- [WD] 22 00 -- [WT] 82 00 -- [WF] 42 00 -- [WA] 14 00 -- [CD] 24 00 -- [CT] 84 00 -- [CF] 44 00 -- [CA] 30 00 -- [DT] 90 00 -- [DF] 50 00 -- [DA] a0 00 -- [TF] 60 00 -- [TA] CUSTOM MULTIPLE {3}: 70 00 -- [RWC] 13 00 -- [RWD] 23 00 -- [RWT] 83 00 -- [RWF] 43 00 -- [RWA] 15 00 -- [RCD] 25 00 -- [RCT] 85 00 -- [RCF] 45 00 -- [RCA] 31 00 -- [RDT] 91 00 -- [RDF] 51 00 -- [RDA] a1 00 -- [RTF] 61 00 -- [RTA] c1 00 -- [RFA] 16 00 -- [WCD] 26 00 -- [WCT] 86 00 -- [WCF] 46 00 -- [WCA] 32 00 -- [WDT] 92 00 -- [WDF] 52 00 -- [WDA] a2 00 -- [WTF] 62 00 -- [WTA] c2 00 -- [WFA] 34 00 -- [CDT] 94 00 -- [CDF] 54 00 -- [CDA] a4 00 -- [CTF] 64 00 -- [CTA] c4 00 -- [CFA] b0 00 -- [DTF] 70 00 -- [DTA] d0 00 -- [DFA] e0 00 -- [TFA] CUSTOM MULTIPLE {4} 17 00 -- [RWCD] 27 00 -- [RWCT] 87 00 -- [RWCF] 47 00 -- [RWCA] 33 00 -- [RWDT] 93 00 -- [RWDF] 53 00 -- [RWDA] a3 00 -- [RWTF] 63 00 -- [RWTA] c3 00 -- [RWFA] 36 00 -- [WCDT] 96 00 -- [WCDF] 56 00 -- [WCDA] a6 00 -- [WCTF] 66 00 -- [WCTA] c6 00 -- [WCFA] b2 00 -- [WDTF] 72 00 -- [WDTA] d2 00 -- [WDFA] e2 00 -- [WTFA] b4 00 -- [CDTF] 74 00 -- [CDTA] e4 00 -- [CTFA] f0 00 -- [DTFA] CUSTOM MULTIPLE {5} 37 00 -- [RWCDT] 97 00 -- [RWCDF] 57 00 -- [RWCDA] a7 00 -- [RWCTF] 67 00 -- [RWCTA] c7 00 -- [RWCFA] b3 00 -- [RWDTF] 73 00 -- [RWDTA] d3 00 -- [RWDFA] b3 00 -- [RWDTF] 73 00 -- [RWDTA] e3 00 -- [RWTFA] b6 00 -- [WCDTF] 76 00 -- [WCDTA] d6 00 -- [WCDFA] e6 00 -- [WCTFA] f2 00 -- [WDTFA] f4 00 -- [CDTFA] CUSTOM MULTIPLE {6} b7 00 -- [RWCDTF] 77 00 -- [RWCDTA] d7 00 -- [RWCDFA] e7 00 -- [RWCTFA] f3 00 -- [RWDTFA] f5 00 -- [RCDTFA] f6 00 -- [WCDTFA] here is an example key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [HKEY_LOCAL_MACHINE\Security\Access] [HKEY_LOCAL_MACHINE\Security\Access\G:] "*"=hex:81,80 [HKEY_LOCAL_MACHINE\Security\Access\C:] [HKEY_LOCAL_MACHINE\Security\Access\C:\temp] "BST\\BRIAN"=hex:81,00 "BST\\Administrators"=hex:81,80 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ~~~~~~ Brian Roberson ~~~~~~ ~~~ BrainStorm Technologies ~~ ~~~ Linux Solution Provider ~~~ ~~~~~~~ info@bstc.net ~~~~~~ ~~~~~ http://www.bstc.net/ ~~~~ ~~~~~~~ (402) 690-7306 ~~~~~~ From stefcol at tin.it Wed Nov 25 09:50:15 1998 From: stefcol at tin.it (Stefano Colombo) Date: Tue Dec 2 02:24:43 2003 Subject: subscribe Message-ID: <000a01be1859$00e7cda0$bc0b650a@scolombo> subscribe scolombo@cdmtecno.pr.it end Stefano Colombo MCP (email : scolombo@cdmtecno.pr.it ) CDM Tecnoonsulting SPA , v. G Marconi 25 , 43050 Sorbolo Italy Tel. + 39 0521 669511 Fax. + 39 0521 669527 scolombo@cdmtecno.pr.it www.cdmtc.it _____________________________________________ Il sesso senza amore e' un'esperienza vuota, ma fra le esperienze vuote e' una delle migliori Woody Allen _____________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1768 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981125/cb1ce4d7/winmail.bin From cigor at EUnet.yu Wed Nov 25 10:19:07 1998 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:24:43 2003 Subject: I have a question about PDC Message-ID: <01be185d$09320210$0200a8c0@big.co.yu> In my school we have one flat network and two domains: NRT_DOMAIN and LABNET. For NRT_DOMAIN server iz samba1.9.18. I know that this is not realy a domain but we plane to install samba2 as soon as there is stable relice. For LABNET server is NT4SP3. The thing is that we want to all users be able to log on to these two domains with same user name and passwd. Can this be done. We want that when user change passwd in one domain it is changed in another, and when we add user in one domain it is also added in another. Any sugestions. ____________________________________________ Colovic Igor Linux User Group of Yugoslavia www.linux.org.yu cigor@EUnet.yu DelphiPro@Yahoo.com From abs at maunsell.co.uk Wed Nov 25 11:09:02 1998 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:43 2003 Subject: autoconf and ISC Unix In-Reply-To: <19981123192234.08297@maunsell.co.uk>; from Andy Smith on Tue, Nov 24, 1998 at 06:29:12AM +1100 References: <19981123192234.08297@maunsell.co.uk> Message-ID: <19981125110902.15692@maunsell.co.uk> On Tue, Nov 24, 1998 at 06:29:12AM +1100, Andy Smith wrote: > > dated Nov 15 23:01 GMT. Unfortunately, yesterdays code wont link at > all because of the dependance on mmap() in sys/system.c and fchmod() in > rpc_server/srv_sid.c, neither of which I have. Anyone any suggestions? It gets worse :- Linking bin/smbd undefined first referenced symbol in file fchmod rpc_server/srv_sid.o mmap lib/system.o strtoul lib/util_sid.o ld fatal: Symbol referencing errors. No output written to bin/smbd make: *** [bin/smbd] Error 1 -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From sean at compu-aid.com Wed Nov 25 13:13:26 1998 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:24:43 2003 Subject: Password Expiration Message-ID: I looked at the NT-DOM FAQ and searched the mailing list archive but couldn't come up with a definite answer to this question. It has been my experience that with Samba 1.9.18 in security=server mode that Samba does not handle situations where NT requires that the user change their password (such as when "User must change password on next logon" is checked). The result is just a logon denied. Does 2.0 handle this properly (i.e.: relaying a message to the NT workstation to pop up a window prompting for a new password)? If so I may need to make an early switch. This client won't be too keen on hearing "uhh... we can't do that" :( If it's the capability isn't there right now how hard would it be to implement? I have never done Samba coding (or anything wrt protocols) but I know some C and I might hack at it if I thought there was any chance of success. Thanks, Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From suprem at multimania.com Wed Nov 25 13:26:13 1998 From: suprem at multimania.com (Remy Bruno) Date: Tue Dec 2 02:24:43 2003 Subject: pb with usernames with spaces Message-ID: <365C0574.5D804E98@multimania.com> On the NT domain where I am, usernames have spaces, for example, my login on the domain is "remy bruno". And that seems to cause problems with samba: I tried to connect myself to my own machine my typing 'smbclient \\\\suprem\\rem -U "remy bruno"' (suprem is my netbios name, rem is the name of the share I made to myself (for the tries), and I see in my logs: (...) [1998/11/25 14:11:57, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 7518) [1998/11/25 14:11:57, 3] smbd/reply.c:reply_sesssetup_and_X(599) Domain=[REZ] NativeOS=[Unix] NativeLanMan=[Samba] [1998/11/25 14:11:57, 3] smbd/reply.c:reply_sesssetup_and_X(603) sesssetupX:name=[REMY BRUNO] [1998/11/25 14:12:01, 3] smbd/password.c:setup_groups(192) remy bruno is in 1 groups: 509 [1998/11/25 14:12:01, 3] smbd/password.c:register_vuid(270) uid 100 registered to name remy bruno [1998/11/25 14:12:01, 3] smbd/password.c:register_vuid(272) Clearing default real name [1998/11/25 14:12:01, 3] smbd/process.c:process_smb(565) Transaction 3 of length 67 [1998/11/25 14:12:01, 3] smbd/process.c:switch_message(402) switch message SMBtconX (pid 7518) [1998/11/25 14:12:01, 4] smbd/reply.c:reply_tcon_and_X(301) Got device type ????? [1998/11/25 14:12:01, 3] smbd/password.c:pass_check_smb(500) account for user remy was disabled. > ^^^^-------------------- FALSE ! [1998/11/25 14:12:01, 3] smbd/password.c:pass_check_smb(486) Couldn't find user bruno > ^^^^^----------------- FALSE ! [1998/11/25 14:12:01, 2] smbd/service.c:make_connection(266) Invalid username/password for rem (...) and it fails. It is as if there were "2 users": remy and bruno and not ONE user "remy bruno"... It is a bug? Furthermore, in order to check if the validations were succesfull, I made an account for "remy" with "NO PASSWORD", but this doesn't change anything. I should also say that the "remy bruno" line in smbpasswd has a valid password field, so it is not disabled. (I think the NT server does authenticate the good username because when it fails, the log are different) Thanks for your answers. Regards, Remy BRUNO http://www.multimania.com/suprem e-mail: suprem@multimania.com From lkcl at switchboard.net Wed Nov 25 13:54:44 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:43 2003 Subject: yodl is _cool_ In-Reply-To: <3.0.3.32.19981125154452.0075b770@bioserve.biochem.latrobe.edu.au> Message-ID: On Wed, 25 Nov 1998, David Bannon wrote: > At 04:49 AM 25/11/1998 +1100, Luke Kenneth Casson Leighton wrote: > >please could someone review docs/manpages/smb.conf.5 or > >docs/htmldocs/smb.conf.5.html sections "domain group map" and "local group > >map" see if you understand what the heck is going on, because i sure don't > >:-) > > > > Well, I have read both the man page (or that bit) and then re-read Luke's > post of Nov 18. No, I cannot say it is clear at all. > > Lukes post says that smbpassgrp syntax is : > username:uid:alias1,...:group1.... that is for "smb group file" and "smb alias file", please ignore these. > But man page says its : > UnixGroupName : DomainGroupName that is for "domain/local group map" > However, Lukes post also mentions that syntax in the paragraph above the > definition of smbpassgrp. Hmm..... > > Can we get it a bit clearer ? re-read it > For example, to map someone, who is a member of (unix) adm as > (NT) Administrator would we do this ? : > > domain group map = /usr/local/samba/private/smbpassgrp this, _if_ this parameter was being used, should be: "smb group file = ..../private/smbpassgrp" but like i said ignore the smb group/alias file parameters you want: "domain group map = /usr/local/samba/private/domain.map" > and in smbpassgrp we have : > > adm Administrators > > I cannot try it at present as I cannot get the 2.0 beta1 to allow any sort > of NTDomain logon. Works fine if I revert to 2.0 prealpha but that does not > use the new syntax. Why am I seeing reference to 2.0 beta2 in cvs change > log, I cvs'ed only an hour ago and just checked, cvs gets me 2.0 beta1 ! Do > I need the -r BRANCH_WHAT_EVER to get 2.0 beta2 ?? -r SAMBA_2_0. DO NOT check out in the same directory as the main branch is already checked out in. From lkcl at switchboard.net Wed Nov 25 13:57:43 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: yodl is _cool_ In-Reply-To: Message-ID: On Wed, 25 Nov 1998, Sean Mathews wrote: > > Ya it seems the latest cvs cant support domain login > anymore i posted today a few things i found odd in the > code for someone to hopefull dig into. But the good news > is that after revewing the new docs i was able to understand > it enough to come up with the following and actualy add > accounts to "Domain Admins" and other groups very easy. > > i simply added a few groups to my unix group file as follows. > > Domain Admins:*:2000:mathewss,raven > Domain Users:*:2001:mathewss,raven > > now if i look at user mathewss under usermanager i see > that user in the group domain admins etc etc. > thats COOL :c) and easy to maintain. yeeeehah. > > I also played with the domain group map entry > with no realy effect. It seemed that maping say wheel > to say Domain Admins didnt have any effect. Seems > logical to me at least as the user mathewss has > su capability and is part of the wheel group to > alias that group to say "Domain Admins" yet > > wheel "Domain Admins" > > or > > wheel Domain Admins > > inside of the domain group map file seems to have no effect. oh dear, i will try to fix this... From stefcol at tin.it Wed Nov 25 13:47:46 1998 From: stefcol at tin.it (Stefano Colombo) Date: Tue Dec 2 02:24:44 2003 Subject: username map problem Message-ID: <002701be187a$2fab8840$bc0b650a@scolombo> Hi all , I'm installing samba 1.9.18p10 onto a HPUX 10.20 box. I've already setup a basica configuration, using smbpasswd to create the smbpasswd file starting from my /etc/passwd. It works fine until I'm using those users. Now , however , I'm trying to set up a mapping between NT / UNIX users. So I create a username.map file and included the following in my smb.conf file usename map = /usr/local/samba/private/username.map In the map file I included , for example , the following line uxuser = ntuser The uxuser does exist , when I try to connect from my NT workstation ( NT4 SP3 ) , I provide for the user "ntuser" and and the corresponding password . But the resource is not mapped and the "map" dialog window keep prompting ANY help ? TIA Stefano Colombo MCP (email : scolombo@cdmtecno.pr.it ) CDM Tecnoonsulting SPA , v. G Marconi 25 , 43050 Sorbolo Italy Tel. + 39 0521 669511 Fax. + 39 0521 669527 scolombo@cdmtecno.pr.it www.cdmtc.it _____________________________________________ Il sesso senza amore e' un'esperienza vuota, ma fra le esperienze vuote e' una delle migliori Woody Allen _____________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2352 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981125/ca0fdd71/winmail.bin From lkcl at switchboard.net Wed Nov 25 15:01:22 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed Message-ID: ok. 1) i wasn't setting up the "global_member_sid" variable, so samba was reporting that it was a member of S-0-0 instead of S-1-5-21-xxx-yyy-zzz. 2) there was a bug in rpc_server/srv_netlogon.c with a true/false mistake returning a status error instead of no status error. From amol at memcad.com Wed Nov 25 17:40:28 1998 From: amol at memcad.com (Amol Karnik) Date: Tue Dec 2 02:24:44 2003 Subject: make fails on solaris2.5.1 References: Message-ID: <365C410C.A5ACF9D2@memcad.com> hi all, OS : Solaris 2.5.1 comnpilers : Sun C++ Compiler 4.2 just a cvs update on the source code, and did a fresh configure, make in a clean dir. configure goes ok. when i type make it says : make: Fatal error in reader: Makefile, line 349: Macro assignment on dependency line lines 348 to 356 from the Makefile are pasted below. any thoughts? - amol # this is for IRIX .c.po32: # .deps/.dummy @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi # @if (: >> .deps/$@ || : > .deps/$@) >/dev/null 2>&1; then :; \ # else dir=.deps/`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` \ # $(MAKEDIR); fi; rm -f .deps/$@ .deps/$@d @echo Compiling $*.c with -Kpic and -32 @$(CC) -32 -I. -I$(srcdir) $(FLAGS) -Kpic -c $< \ -o $*.po32.o # -Wp,-MD,.deps/$@ && \ # sed 's|^'`echo $*.po32.o | sed 's,.*/,,'`':|$@:|' \ # <.deps/$@ >.deps/$@d && \ # rm -f .deps/$@ && : >.deps/.stamp @mv $*.po32.o $@ bin/.dummy: @if (: >> $@ || : > $@) >/dev/null 2>&1; then :; else \ dir=bin $(MAKEDIR); fi @: >> $@ || : > $@ # what a fancy emoticon! From mathewss at nutech.com Wed Nov 25 19:00:35 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed In-Reply-To: Message-ID: Ok cool that fixed my login problem maybe the problem i reported is a non issue though i will dig into the code a bit and see how it reacts with this fix. New problem :c) it never ends does it? :c) Now that i am able to add myself to Global groups with such ease now i need to be able to add myself to a local grup. when i pull up my info for my account i am part of "Domain Admins" and "Domain Users" but I am no longer part of any local group. This leads to the inability to say log on localy as that right is granted to the local group users etc.. Any ideas? Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Thu, 26 Nov 1998, Luke Kenneth Casson Leighton wrote: > ok. > > 1) i wasn't setting up the "global_member_sid" variable, so samba was > reporting that it was a member of S-0-0 instead of S-1-5-21-xxx-yyy-zzz. > > 2) there was a bug in rpc_server/srv_netlogon.c with a true/false mistake > returning a status error instead of no status error. > > > > > > From lkcl at switchboard.net Wed Nov 25 19:14:12 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed In-Reply-To: Message-ID: On Wed, 25 Nov 1998, Sean Mathews wrote: > > Ok cool that fixed my login problem maybe the problem > i reported is a non issue though i will dig into the code it was definitely an issue. > a bit and see how it reacts with this fix. > New problem :c) it never ends does it? :c) nope. > Now that i am able to add myself to Global groups > with such ease now i need to be able to add myself to a local grup. > when i pull up my info for my account i am part of "Domain Admins" > and "Domain Users" but I am no longer part of any local group. > This leads to the inability to say log on localy as that right > is granted to the local group users etc.. > Any ideas? yes, you will need to create an entry in private/local.map for one unix group. except that i know i have a crash-bug with the "local group map" and "domain group map" code oops. except a) access to samba.anu.edu.au is down at the moment b) i'm trying to do an LsaLookupNames call in rpcclient. From urs.steiner at switzerland.org Wed Nov 25 19:09:33 1998 From: urs.steiner at switzerland.org (Urs Steiner) Date: Tue Dec 2 02:24:44 2003 Subject: long logout duration Message-ID: <004d01be18a7$29aab150$0300a8c0@noway> Hy all I have a small but annoying problem: i am using Samba 2.0.0-prealpha from november 20 (well it was also in previous versions) as a domain server for my NT WKS4SP4. login doesn't take substantially more time than before joining the domain but the logout takes now about 5 minutes longer... which doesn't really seem normal for transmitting about 2mb over a 100mbit-network it would seem to me ... and what i can remember from the last time i sat at a machine with a real NT server(been quite a time ) it didn't take quite as long as this... so: is a)my memory faulty? b)some settings not as they should be or c)this is like it is and there is nothing which can be done about that other than drinking a good cup of whatever? Thanks Urs =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= e-mail: urs [dot] steiner [at] switzerland [dot] org Think of that: FACISM: You have two cows. Give milk to the government. The government sells it. From pcc at llnl.gov Wed Nov 25 18:57:57 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:44 2003 Subject: SMBD getting INTERNAL ERROR In-Reply-To: <19981028193142.18206.cpmta@fillmore.criticalpath.net> Message-ID: <3.0.5.32.19981125105757.009c1bf0@poptop.llnl.gov> Here is the debug level 50 of it. I just did the cvs update, so it should be tha latest source. Phil [1998/11/25 11:48:41, 1] smbd/server.c:main(627) smbd version 2.0.0-beta1 started. Copyright Andrew Tridgell 1992-1998 [1998/11/25 11:48:41, 2] smbd/server.c:main(631) uid=0 gid=0 euid=0 egid=0 [1998/11/25 11:48:41, 3] param/loadparm.c:init_globals(819) Initialising global parameters [1998/11/25 11:48:41, 3] param/params.c:pm_process(538) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [1998/11/25 11:48:41, 3] param/loadparm.c:do_section(2163) Processing section "[global]" doing parameter workgroup = CIAC doing parameter server string = Snuggy Samba Server doing parameter load printers = yes doing parameter printing = sysv doing parameter log file = /usr/local/samba/var/log.%m doing parameter max log size = 50 doing parameter security = domain doing parameter password server = nala goldfinger doing parameter encrypt passwords = yes doing parameter socket options = TCP_NODELAY doing parameter dns proxy = no [1998/11/25 11:48:41, 2] param/loadparm.c:do_section(2180) Processing section "[homes]" doing parameter comment = Home Directories doing parameter browseable = no doing parameter writable = yes [1998/11/25 11:48:41, 2] param/loadparm.c:do_section(2180) Processing section "[printers]" doing parameter comment = All Printers doing parameter path = /usr/spool/samba doing parameter browseable = no doing parameter guest ok = no doing parameter writable = no doing parameter printable = yes [1998/11/25 11:48:41, 2] param/loadparm.c:do_section(2180) Processing section "[snuggysrc]" doing parameter comment = Snuggy Src Dir doing parameter path = /usr/local/src doing parameter public = yes [1998/11/25 11:48:41, 2] param/loadparm.c:do_section(2180) Processing section "[tmp]" doing parameter comment = Temporary file space doing parameter path = /tmp doing parameter read only = no doing parameter public = yes [1998/11/25 11:48:41, 3] param/loadparm.c:lp_load(2502) pm_process() returned Yes [1998/11/25 11:48:41, 3] param/loadparm.c:lp_add_ipc(1476) adding IPC service [1998/11/25 11:48:41, 7] param/loadparm.c:lp_servicenumber(2580) lp_servicenumber: couldn't find ciac [1998/11/25 11:48:41, 3] param/loadparm.c:lp_add_printer(1511) adding printer service ciac [1998/11/25 11:48:41, 6] param/loadparm.c:lp_file_list_changed(1765) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Wed Nov 25 11:46:22 1998 [1998/11/25 11:48:41, 4] lib/interface.c:get_broadcast(118) Derived broadcast address 128.115.222.255 [1998/11/25 11:48:41, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=128.115.222.105 bcast=128.115.222.255 nmask=255.255.255.0 [1998/11/25 11:48:41, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 246 are available. [1998/11/25 11:48:41, 6] lib/charset.c:codepage_initialise(338) codepage_initialise: client code page = 850 [1998/11/25 11:48:41, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) [1998/11/25 11:48:41, 50] lib/util_sid.c:string_to_sid(107) string_to_sid: tok: 32 rid 0x20 [1998/11/25 11:48:41, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-5-32 ok [1998/11/25 11:48:41, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-1 ok [1998/11/25 11:48:41, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-3 ok [1998/11/25 11:48:41, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-5 ok [1998/11/25 11:48:41, 50] lib/util_sid.c:string_to_sid(107) string_to_sid: tok: 21 rid 0x15 [1998/11/25 11:48:41, 50] lib/util_sid.c:string_to_sid(107) string_to_sid: tok: 1097270503 rid 0x416704e7 [1998/11/25 11:48:41, 50] lib/util_sid.c:string_to_sid(107) string_to_sid: tok: 3701727034 rid 0xdca3df3a [1998/11/25 11:48:41, 50] lib/util_sid.c:string_to_sid(107) string_to_sid: tok: 2939094081 rid 0xaf2f0441 [1998/11/25 11:48:41, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-5-21-1097270503-3701727034-2939094081 ok [1998/11/25 11:48:41, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-1097270503-3701727034-2939094081 [1998/11/25 11:48:41, 5] rpc_server/srv_sid.c:read_sid_from_file(117) read_sid_from_file: sid S-1-5-21-1097270503-3701727034-2939094081 [1998/11/25 11:48:41, 3] libsmb/namequery.c:resolve_lmhosts(548) resolve_name: Attempting lmhosts lookup for name NALA [1998/11/25 11:48:41, 4] libsmb/namequery.c:startlmhosts(338) startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory [1998/11/25 11:48:41, 3] libsmb/namequery.c:resolve_hosts(575) resolve_name: Attempting host lookup for name NALA [1998/11/25 11:48:41, 0] lib/fault.c:fault_report(40) =============================================================== [1998/11/25 11:48:41, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 18049 (2.0.0-prealpha) Please read the file BUGS.txt in the distribution [1998/11/25 11:48:41, 0] lib/fault.c:fault_report(43) =============================================================== [1998/11/25 11:48:41, 0] lib/util.c:smb_panic(2530) PANIC: internal error - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From greg at discreet.com Wed Nov 25 19:52:09 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:44 2003 Subject: oops Message-ID: Hi again, Just trying the latest CVS and now PDC functionality works but it I get the wrong username on the NT box. It looks like samba is returning the first uid in the smbpasswd file but I'm sifting through the code now trying to follow the logic. Maybe an unitialized variable somewhere? Anyone else have the problem? Cheers, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From hulet at ittc.ukans.edu Wed Nov 25 16:35:08 1998 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:44 2003 Subject: unix passwd sync = yes In-Reply-To: Message-ID: I am still unable to set unix passwd sync = yes and change my password on an NT workstation. NT complains " User name or old password is incorrect." encrypt passwords = yes unix password sync = yes passwd program = /usr/local/bin/passwd %u passwd chat = *password* \n *password* %n\n *passwords*\n **password* %n\n passwd chat debug = true If I set unix password sync = no, I am able to change the password on the NT side with no problem. My log file says: [1998/11/25 09:53:37, 0] rpc_server/srv_pipe.c:api_pipe_request(592) api_pipe_request: **** MUST CALL become_user() HERE **** [1998/11/25 09:53:37, 0] rpc_server/srv_pipe.c:api_pipe_request(592) api_pipe_request: **** MUST CALL become_user() HERE **** Is this my problem? We are using Digital Unix 4.0D and Samba 2.0Beta. Has anyone gotten passwords to sync on Digital Unix? I would be interested in the smb.conf file. Any hints would be appreciated. Thanks, Michael Hulet From ratzka at HRZ.Uni-Marburg.DE Wed Nov 25 16:17:50 1998 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:24:44 2003 Subject: I have a question about PDC In-Reply-To: <01be185d$09320210$0200a8c0@big.co.yu> References: <01be185d$09320210$0200a8c0@big.co.yu> Message-ID: <199811251617.RAA23772@pprz04.HRZ.Uni-Marburg.DE> >>>>> "IC" == Colovic Igor writes: IC> For NRT_DOMAIN server iz samba1.9.18. I know that this is not IC> realy a domain but we plane to install samba2 as soon as there IC> is stable relice. IC> For LABNET server is NT4SP3. IC> The thing is that we want to all users be able to log on to IC> these two domains with same user name and passwd. Can this be IC> done. We want that when user change passwd in one domain it is IC> changed in another, and when we add user in one domain it is IC> also added in another. Any sugestions. As you want to have one single collection of users, I'd suggest using one single domain. I.e. you would make your samba machine a member of the LABNET domain. (This is the level of domain functionality that should be stable in 2.0, once it is stable. PDC functionality is planned for later releases). -- Wolfgang Ratzka Phone: +49 6421 28 3531 FAX: +49 6421 28 6994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany ------------------------------Where do you want to go tomorrow? From mathewss at nutech.com Wed Nov 25 21:07:17 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:44 2003 Subject: oops In-Reply-To: Message-ID: ya it is inside of getsam21pwent() it seems to manager to replace the pointer that was sent into iterate_getsam21pwnam(char *name) so that name is replaced by what ever user the getsam21pwent() line it pulls from the password file. thus it gets a match and resumes. thus the !strequal(pwd->smb_name,name) causes it to stop the while and it thinks its all done for the first line of the password file. Blaa blaaa etc etc.. anyway.. luke knows about it im going to try now and get him some more detailed debug data so he can find it. I tried but im way to spoiled by GUI Windows compilers to deal with gdb and my printfing has only told me where but not why :c) Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Thu, 26 Nov 1998, Greg Dickie wrote: > > Hi again, > > Just trying the latest CVS and now PDC functionality works but it I get the > wrong username on the NT box. It looks like samba is returning the first uid in > the smbpasswd file but I'm sifting through the code now trying to follow the > logic. Maybe an unitialized variable somewhere? > > Anyone else have the problem? > > Cheers, > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > > > > From mathewss at nutech.com Wed Nov 25 21:42:33 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed In-Reply-To: Message-ID: ok i found it i did a trace -d 20 but it showd no new info but if you still need it i can provide it. the problem is is getsmbfile21pwent(void *vp) on line 290 pstrcpy(samlogon_user, pw_buf->smb_name); samlogin_user is a global :( ugggg.. and is the same pointer as is passed into iterate_getsam21pwnam(char *name) so you can image what happens next.. im going to see what happens if i just remove this pstrcpy() and see if there are any adverse effects. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Thu, 26 Nov 1998, Luke Kenneth Casson Leighton wrote: > On Wed, 25 Nov 1998, Sean Mathews wrote: > > > > > Ok cool that fixed my login problem maybe the problem > > i reported is a non issue though i will dig into the code > > it was definitely an issue. > > > a bit and see how it reacts with this fix. > > New problem :c) it never ends does it? :c) > > nope. > > > Now that i am able to add myself to Global groups > > with such ease now i need to be able to add myself to a local grup. > > when i pull up my info for my account i am part of "Domain Admins" > > and "Domain Users" but I am no longer part of any local group. > > This leads to the inability to say log on localy as that right > > is granted to the local group users etc.. > > Any ideas? > > yes, you will need to create an entry in private/local.map for one unix > group. except that i know i have a crash-bug with the "local group map" > and "domain group map" code oops. > > except a) access to samba.anu.edu.au is down at the moment b) i'm trying > to do an LsaLookupNames call in rpcclient. > > > > > From lkcl at switchboard.net Wed Nov 25 21:42:12 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed In-Reply-To: Message-ID: On Wed, 25 Nov 1998, Sean Mathews wrote: > > > ok i found it i did a trace -d 20 but it showd no new info > but if you still need it i can provide it. > > the problem is is getsmbfile21pwent(void *vp) > on line 290 > > pstrcpy(samlogon_user, pw_buf->smb_name); > > samlogin_user is a global :( ugggg.. and is the same pointer > as is passed into iterate_getsam21pwnam(char *name) yep! i just found that, too :-) i'm fixing it. the code is a bit of a mess, here, there are calls made to getsmbpwnam() and later on to getsam21pwnam() which is kind of stupid... From mathewss at nutech.com Wed Nov 25 21:48:53 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed In-Reply-To: Message-ID: Seems to work now. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Thu, 26 Nov 1998, Luke Kenneth Casson Leighton wrote: > On Wed, 25 Nov 1998, Sean Mathews wrote: > > > > > Ok cool that fixed my login problem maybe the problem > > i reported is a non issue though i will dig into the code > > it was definitely an issue. > > > a bit and see how it reacts with this fix. > > New problem :c) it never ends does it? :c) > > nope. > > > Now that i am able to add myself to Global groups > > with such ease now i need to be able to add myself to a local grup. > > when i pull up my info for my account i am part of "Domain Admins" > > and "Domain Users" but I am no longer part of any local group. > > This leads to the inability to say log on localy as that right > > is granted to the local group users etc.. > > Any ideas? > > yes, you will need to create an entry in private/local.map for one unix > group. except that i know i have a crash-bug with the "local group map" > and "domain group map" code oops. > > except a) access to samba.anu.edu.au is down at the moment b) i'm trying > to do an LsaLookupNames call in rpcclient. > > > > > From mathewss at nutech.com Wed Nov 25 21:50:59 1998 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:44 2003 Subject: domain login problems fixed In-Reply-To: Message-ID: Well darn it :cP your too fast.. i keep trying to help hehe Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Wed, 25 Nov 1998, Luke Kenneth Casson Leighton wrote: > On Wed, 25 Nov 1998, Sean Mathews wrote: > > > > > > > ok i found it i did a trace -d 20 but it showd no new info > > but if you still need it i can provide it. > > > > the problem is is getsmbfile21pwent(void *vp) > > on line 290 > > > > pstrcpy(samlogon_user, pw_buf->smb_name); > > > > samlogin_user is a global :( ugggg.. and is the same pointer > > as is passed into iterate_getsam21pwnam(char *name) > > yep! > > i just found that, too :-) i'm fixing it. the code is a bit of a mess, > here, there are calls made to getsmbpwnam() and later on to > getsam21pwnam() which is kind of stupid... > > > > > From cw at ix.net.nz Wed Nov 25 22:06:25 1998 From: cw at ix.net.nz (Chris Wedgwood) Date: Tue Dec 2 02:24:44 2003 Subject: sid_to_string / string_to_sid problems In-Reply-To: ; from Luke Kenneth Casson Leighton on Tue, Nov 24, 1998 at 05:54:14AM +1100 References: Message-ID: <19981126110625.A9541@caffeine.ix.net.nz> On Tue, Nov 24, 1998 at 05:54:14AM +1100, Luke Kenneth Casson Leighton wrote: > does anyone wish to write a strtoul AUTOCONF test, or write an > unsigned 32 bit text-to-uint32 routine? > > luke off the top of my head... not compiled or anything: uint32_t atoul32(char *str) { char c; uint32_t v = 0; while((c = *str)){ if((c < '0') || (c > '9')) return v; v = v*10 + (c - '0') str++; } return v; } is this what you mean? -cw From pgmtekn at algonet.se Wed Nov 25 22:22:48 1998 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:24:44 2003 Subject: SAMLOGON weirdness Message-ID: <001e01be18c2$236e3620$0300a8c0@pippi.emil.pgmt> Hello, I'm running several ("new") versions of the server, so don't ask which. However it seems that W95 at a number of times logs on a user "Administrator" to the samba machine via a SAMLOGON. However I didn't (until today) have a user administrator, which caused some calls to fail, either because the user wasn't in the smbpasswd file or because it wasn't in the passwd file. What I did have was a mapping to "root" (well, got to use some user) in the username map. This must have been ignored, or my map file was wrong (less likely as I could use "administrator" to log in with the root password). Thus I must ask wheter if you are obliged to have a user administrator on you system (difficult to add), SAMLOGON should pay more attention to username map or "administrator" should be hard coded into samba (perhaps not so nice?)? Best regards Michael Stockman pgmtekn-micke@algonet.se From lkcl at switchboard.net Wed Nov 25 22:23:42 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: sid_to_string / string_to_sid problems In-Reply-To: <19981126110625.A9541@caffeine.ix.net.nz> Message-ID: hi chris, we've taken the GPL code for strtoul from libc, use that in lib/replace.c. thanks! From lkcl at switchboard.net Wed Nov 25 22:34:53 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: SAMLOGON weirdness In-Reply-To: <001e01be18c2$236e3620$0300a8c0@pippi.emil.pgmt> Message-ID: hi michael, with the new nt domain code, yes, the mapping stuff is becoming a big issue. we intend to fix the problem, by passing a struct around with { unix name nt name } instead of places where just char *name is passed. the reason is that there is lots of confusion about what a name has become, once map_username is called... On Thu, 26 Nov 1998, Michael Stockman wrote: > Hello, > > I'm running several ("new") versions of the server, so don't ask > which. However it seems that W95 at a number of times logs on a user > "Administrator" to the samba machine via a SAMLOGON. However I didn't > (until today) have a user administrator, which caused some calls to > fail, either because the user wasn't in the smbpasswd file or because > it wasn't in the passwd file. What I did have was a mapping to "root" > (well, got to use some user) in the username map. This must have been > ignored, or my map file was wrong (less likely as I could use > "administrator" to log in with the root password). Thus I must ask > wheter if you are obliged to have a user administrator on you system > (difficult to add), SAMLOGON should pay more attention to username map > or "administrator" should be hard coded into samba (perhaps not so > nice?)? > > Best regards > Michael Stockman > pgmtekn-micke@algonet.se > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Wed Nov 25 23:37:14 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: group database API Message-ID: ok, we had someone make an encouraging comment ("hey cool, i added two groups to /etc/group and they came up in USRMGR.EXE!") and they said also, "i can't add users to the Local Administrator group". well, researching this led me to find that the samr call 0x10 should not be, as i called it, "lookup_ids", but should be called "samr_query_useraliases" and is equivalent to the MSDN "NetUserGetLocalGroups" function (methinks). except. this call is made on both S-1-5-20 and on S-1-5-21-xxx-yyy-zzz. why is it made on S-1-5-20? because that's the "BUILTIN" domain, of which "Local Administrator group" is a member. argh. this means that the "domain group map" and "local group map" functionality is going to have to support the domain named "BUILTIN". argh. so, expect to have to add, to say /usr/local/samba/lib/local.map: wheel "BUILTIN\Administrators" acctops "BUILTIN\Account Operators" backops "BUILTIN\Backup Operators" why me. i mean, what did i ever do to deserve this? From william at hae.com Wed Nov 25 23:54:41 1998 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:24:44 2003 Subject: group database API In-Reply-To: Message-ID: <000601be18ce$f7b02b80$4f0eed84@omnibook.wyse.com> -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Luke Kenneth Casson Leighton Sent: Wednesday, November 25, 1998 3:39 PM To: Multiple recipients of list Subject: Re: group database API [...schnipp...] > why me. i mean, what did i ever do to deserve this? You chose to implement a "secret" protocol of Microsoft's. Their motto is: "Security through Absurdity" William From lkcl at switchboard.net Thu Nov 26 00:05:57 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:44 2003 Subject: group database API In-Reply-To: <000601be18ce$f7b02b80$4f0eed84@omnibook.wyse.com> Message-ID: > You chose to implement a "secret" protocol of Microsoft's. Their motto is: > "Security through Absurdity" dear mr stuart, thank you for reminding me. next time i will choose something simple, like a well-documented protocol such as kerberos, or ldap. luke From brian at bstc.net Thu Nov 26 00:12:16 1998 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:24:44 2003 Subject: followup-Re: registry stuff In-Reply-To: <001801be18c0$6ebcb180$0300a8c0@pippi.emil.pgmt> Message-ID: <19981126001835Z12617414-14542+980@samba.anu.edu.au> the full document can be found at: http://bstc.net/~brian/sharemodes.txt heres info on print shares I should have included the first shot: PRINT SERVICES SAME IDEA, However, there is only 1 mode for printers :) full access! ( `b7h 00h` for user, `b7h 80h` for group ) all printers are formatted like: HKEY_LOCAL_MACHINE\Security\Access\PRINT\$PRINTERNAME ( e.g. all printers are under the PRINT key ) example export for print services: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [HKEY_LOCAL_MACHINE\Security\Access\PRINT] [HKEY_LOCAL_MACHINE\Security\Access\PRINT\HP OfficeJet Series 500 Printer] "*"=hex:b7,80 "BST\\BRIAN"=hex:b7,00 [HKEY_LOCAL_MACHINE\Security\Access\PRINT\HP DeskJet 660 (Color)] "BST\\BRIAN"=hex:b7,00 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX At 11:10 PM 11/25/98 +0100, you wrote: >Hello, > >I got your mail about user level security in W95/W98. I've tested it >on two of our computers which works fine for shares of the file >system. However I have not yet figured how a shared printer works, and >would like to ask if you might know/have an idea? > >Best regards > Michael Stockman > pgmtekn-micke@algonet.se > >PS. To me the information you provided was long missed and you filled >a lot of that gap, thanks. > ~~~~~~ Brian Roberson ~~~~~~ ~~~ BrainStorm Technologies ~~ ~~~ Linux Solution Provider ~~~ ~~~~~~~ info@bstc.net ~~~~~~ ~~~~~ http://www.bstc.net/ ~~~~ ~~~~~~~ (402) 690-7306 ~~~~~~ From brian at bstc.net Thu Nov 26 04:03:11 1998 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:24:44 2003 Subject: yikes Message-ID: Ok, I need help debugginging ..... redhat 5.0 _all_ updates ( glibc-2.0.7-19 ) `smbd -D -d 10` {log.smb} XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [1998/11/25 21:48:31, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-5-32 ok [1998/11/25 21:48:31, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-1 ok [1998/11/25 21:48:31, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-3 ok [1998/11/25 21:48:31, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-5 ok [1998/11/25 21:48:31, 7] lib/util_sid.c:string_to_sid(111) string_to_sid: converted SID S-1-5-21-3686860302-513978358-2754961581 ok [1998/11/25 21:48:31, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3686860302-513978358-2754961581 [1998/11/25 21:48:31, 5] rpc_server/srv_sid.c:read_sid_from_file(117) read_sid_from_file: sid S-1-5-21-3686860302-513978358-2754961581 [1998/11/25 21:48:31, 0] lib/fault.c:fault_report(40) =============================================================== [1998/11/25 21:48:31, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 2236 (2.0.0-beta1) Please read the file BUGS.txt in the distribution [1998/11/25 21:48:31, 0] lib/fault.c:fault_report(43) =============================================================== [1998/11/25 21:48:31, 0] lib/util.c:smb_panic(2372) PANIC: internal error XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX smbd -D -d 10 would _not_ dump core, but smbd -D would `gdb smbd core` Core was generated by `./smbd -D'. Program terminated with signal 6, Aborted. find_solib: Can't read pathname for load map: Input/output error #0 0x40083781 in ?? () from /lib/libc.so.6 (gdb) bt #0 0x40083781 in ?? () from /lib/libc.so.6 #1 0x400835af in ?? () from /lib/libc.so.6 #2 0x400847bf in ?? () from /lib/libc.so.6 #3 0x80b9fe2 in smb_panic () #4 0x80b244a in fault_report () #5 0x80b2487 in sig_fault () #6 0xbfffec7c in ?? () ^^^ Whats this??? #7 0x8091893 in cli_nt_session_open () #8 0x808274f in get_member_domain_sid () #9 0x804b70d in main () (gdb) :-) fun ~~~~~~ Brian Roberson ~~~~~~~~ ~~~ BrainStorm Technologies ~~ ~~ Linux Sollution Provider ~~ ~~~~~~~~ info@bstc.net ~~~~~~~ ~~~~ http://www.bstc.net/ ~~~~ ~~~~~~~ (402) 690-7306 ~~~~~~~ From pcc at llnl.gov Thu Nov 26 05:22:35 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:44 2003 Subject: yikes In-Reply-To: Message-ID: <3.0.5.32.19981125212235.009cb3b0@poptop.llnl.gov> At 03:02 PM 11/26/98 +1100, Brian Roberson wrote: >[1998/11/25 21:48:31, 0] lib/fault.c:fault_report(40) > =============================================================== >[1998/11/25 21:48:31, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 2236 (2.0.0-beta1) > Please read the file BUGS.txt in the distribution >[1998/11/25 21:48:31, 0] lib/fault.c:fault_report(43) > =============================================================== >[1998/11/25 21:48:31, 0] lib/util.c:smb_panic(2372) > PANIC: internal error I am running into the same error. it has something to do with the "server = domain" or "server = server" line in the smb.conf. if you set it to user or share, smbd will startup without error. I sent some thing to the list earlier as well. Let me know if you find the answer. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From D.Bannon at latrobe.edu.au Thu Nov 26 06:04:34 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:44 2003 Subject: yodl is _cool_ In-Reply-To: References: <3.0.3.32.19981125154452.0075b770@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19981126170434.0077f634@bioserve.biochem.latrobe.edu.au> Luke, thanks for your advice, now getting 2.0.0b2. But to get back to your origional question : >> >please could someone review docs/manpages/smb.conf.5 or >> >docs/htmldocs/smb.conf.5.html sections "domain group map" and "local group The beta2 version does not mention "domain group map" etc, it is the old prealpha stuff about "domain admin group". And to reiterate my (revised) question : For example, to map someone, who is a member of (unix) adm as (NT) Administrator would we do this ? : domain group map = /usr/local/samba/private/domain.map and in domain.map we have either : adm Administrators or adm Domain Admins 'cos it don't work for me. A user who is a member of adm can logon fine, but not as an Administrator, I also tried quotes, "Domain Admins". So I tried Sean Mathews method of making a group called Domain Admins, and, you guessed it, no go. Looking in the logs it appears that the user is correctly identified as a member of his unix group but I can see no attempt made to match that group to a particular NT group. Any hints where I should start looking ??? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Thu Nov 26 06:17:09 1998 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:24:44 2003 Subject: yodl is _cool_ In-Reply-To: References: <3.0.3.32.19981125154452.0075b770@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19981126171709.00750b8c@bioserve.biochem.latrobe.edu.au> At 01:54 PM 25/11/1998 +0000, Luke Kenneth Casson Leighton wrote: >-r SAMBA_2_0. DO NOT check out in the same directory as the main branch >is already checked out in. No, sorry Luke, having a better look at the logs indicates that there is something funny here. I did a clean CSV and got 2.0.0beta2 but it does the old "Domain Admin Group" stuff, not the "Domain Group Map". Which would explain why the group mapping is not working ..... log.smb: doing parameter domain group map = /usr/local/samba/private/domain .map log.smb: Unknown parameter encountered: "domain group map" log.smb: Ignoring unknown parameter "domain group map" Just to confirm, I put a "Domain Admin Group" back and could do admin stuff again. What do yoy reckon ?? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From h.nardmann at secunet.de Thu Nov 26 10:04:05 1998 From: h.nardmann at secunet.de (Heiko Nardmann) Date: Tue Dec 2 02:24:44 2003 Subject: SSL support in Samba ? Message-ID: <365D2795.D492E280@secunet.de> Is there any SSL support planned for Samba or already in work/done? -- Ciao ... Heiko Nardmann (Dipl.-Ing.) Software Development, secunet (www.secunet.de) Security Networks GmbH, Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13 Fax : +49 271 48950-50 From brian at bstc.net Thu Nov 26 19:39:50 1998 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:24:44 2003 Subject: yikes In-Reply-To: <3.0.5.32.19981125212235.009cb3b0@poptop.llnl.gov> References: Message-ID: <19981126194605Z12638114-26803+116@samba.anu.edu.au> At 09:22 PM 11/25/98 -0800, Phil Cox wrote: > >I am running into the same error. it has something to do with the "server = >domain" or "server = server" line in the smb.conf. if you set it to user or >share, smbd will startup without error. I sent some thing to the list >earlier as well. Let me know if you find the answer. > after changing the security parameter from `security = domain` to `security = user` smbd starts. Heres a rpcclient gdb output after issueing `samuser -g -u` ( core dumped ) Core was generated by `rpcclient -S pock -U brian -W BST -l debug' . Program terminated with signal 11, Segmentation fault. find_solib: Can't read pathname for load map: Input/output error #0 0x40097a8e in ?? () from /lib/libc.so.6 (gdb) bt #0 0x40097a8e in ?? () from /lib/libc.so.6 #1 0x400fee7c in ?? () from /lib/libc.so.6 #2 0x4009d201 in ?? () from /lib/libc.so.6 #3 0x804e2a3 in cmd_sam_query_user () #4 0x804a70b in do_command () #5 0x804a928 in process () #6 0x804b4b7 in main () (gdb) ( debug log shows just the addition of the interface ) ~~~~~~ Brian Roberson ~~~~~~ ~~~ BrainStorm Technologies ~~ ~~~ Linux Solution Provider ~~~ ~~~~~~~ info@bstc.net ~~~~~~ ~~~~~ http://www.bstc.net/ ~~~~ ~~~~~~~ (402) 690-7306 ~~~~~~ From stefcol at tin.it Fri Nov 27 11:04:59 1998 From: stefcol at tin.it (Stefano Colombo) Date: Tue Dec 2 02:24:44 2003 Subject: hide dot files doesn't work Message-ID: <000201be19f5$c668ee40$bc0b650a@scolombo> Hi Samba people .. I'm quite new in here and I'd like to share a problem I'm experiencing. I've installed a 1.9.18p10 samba serve onto a HPUX 10.20 box . One of the problem I'm investigating on is that even if the " hide dot files" is explicitely specified in the smb.conf file , when I map a resource from a NT server I see all the "dot" files and directories in it TIA Stefano Colombo MCP (email : scolombo@cdmtecno.pr.it ) CDM Tecnoonsulting SPA , v. G Marconi 25 , 43050 Sorbolo Italy Tel. + 39 0521 669511 Fax. + 39 0521 669527 scolombo@cdmtecno.pr.it www.cdmtc.it _____________________________________________ Il sesso senza amore e' un'esperienza vuota, ma fra le esperienze vuote e' una delle migliori Woody Allen _____________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2100 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19981127/eac96a48/winmail.bin From svedja at lysator.liu.se Fri Nov 27 11:56:30 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:44 2003 Subject: Problems with CVS Samba-2 beta2 Message-ID: Compiling lib/util_sock.c mkdir bin Linking bin/smbd Undefined first referenced symbol in file __inet_addr libsmb/namequery.o __inet_ntoa libsmb/clientgen.o ld: fatal: Symbol referencing errors. No output written to bin/smbd make: *** [bin/smbd] Error 1 Todays release on CVS of Samba-2 beta-2 (me think, taken with -R SAMBA_2_0). What is the most current btw ? "-r SAMBA_2_0" or the one without ? Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From svedja at lysator.liu.se Fri Nov 27 12:22:37 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:44 2003 Subject: Problems with CVS Samba-2 beta2 In-Reply-To: Message-ID: Just to add to my own report, This is on a Solaris_x86 2.6 system. On Fri, 27 Nov 1998, Dejan Ilic wrote: > Compiling lib/util_sock.c > mkdir bin > Linking bin/smbd > Undefined first referenced > symbol in file > __inet_addr libsmb/namequery.o > __inet_ntoa libsmb/clientgen.o > ld: fatal: Symbol referencing errors. No output written to bin/smbd > make: *** [bin/smbd] Error 1 > > Todays release on CVS of Samba-2 beta-2 (me think, taken with -R > SAMBA_2_0). From stefcol at tin.it Fri Nov 27 12:10:14 1998 From: stefcol at tin.it (Stefano Colombo) Date: Tue Dec 2 02:24:44 2003 Subject: client name problem Message-ID: <000801be19fe$e3fc4160$bc0b650a@scolombo> Hi , I have a w95 client which has the name of a Unix user account on the samba server which I 'm trying to connect to . When I try to map a resource from that samba server using the user name and password I 'm not being authenticated and the map fails .. Any Idea ? Stefano Colombo MCP (email : scolombo@cdmtecno.pr.it ) CDM Tecnoonsulting SPA , v. G Marconi 25 , 43050 Sorbolo Italy Tel. + 39 0521 669511 Fax. + 39 0521 669527 scolombo@cdmtecno.pr.it www.cdmtc.it _____________________________________________ Il sesso senza amore e' un'esperienza vuota, ma fra le esperienze vuote e' una delle migliori Woody Allen _____________________________________________ From svedja at lysator.liu.se Fri Nov 27 14:37:04 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:44 2003 Subject: More on my problems Message-ID: Tried both CVS-distributions (Beta-1 & Beta-2) and both show the same problem om my Solaris_x86 2.6 Linking bin/smbd Undefined first referenced symbol in file __inet_addr libsmb/namequery.o __inet_ntoa libsmb/clientgen.o ld: fatal: Symbol referencing errors. No output written to bin/smbd inet_ntoa exitst in libnsl, but not "__inet_ntoa". sambe for __inet_addr. I have not had the problems earlier, but I haven't compiled the newest releases for a couple day either :-) It worked fine some weeks ago. At least 98-11-12 release works. Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From greg at discreet.com Fri Nov 27 14:47:08 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:44 2003 Subject: Latest CVS causes exception in lsass Message-ID: Hi, Well ya gotta break some eggs to make a cake. It is super cool to see all the groups showing up in the domain user manager but there are a couple of things: when I log in I only belong to my primary domain group as seen on UNIX, no local groups and I'm not a Domain Admin any more. This is probably my ignorance of the new local group map stuff. The other problem is it seems to cause an exception in lsass.exe (whatever the hell that is!). I can send traces if anybody needs. Thanks for all the neat stuff, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From dbadrak at geo.census.gov Fri Nov 27 15:24:39 1998 From: dbadrak at geo.census.gov (Don Badrak) Date: Tue Dec 2 02:24:44 2003 Subject: More on my problems In-Reply-To: Message-ID: Dejan, On Sat, 28 Nov 1998, Dejan Ilic wrote: > Tried both CVS-distributions (Beta-1 & Beta-2) and both show the same > problem om my Solaris_x86 2.6 > > Linking bin/smbd > Undefined first referenced > symbol in file > __inet_addr libsmb/namequery.o > __inet_ntoa libsmb/clientgen.o > ld: fatal: Symbol referencing errors. No output written to bin/smbd > > inet_ntoa exitst in libnsl, but not "__inet_ntoa". > sambe for __inet_addr. I have not had the problems earlier, but I > haven't compiled the newest releases for a couple day either :-) > > It worked fine some weeks ago. At least 98-11-12 release works. Those symbols are from the bind 8.1.2 library. Make sure that somewhere you have -lbind in your link line (you may also need a -L/location/of/bind/library). Do "nm /location/of/bind/libary/libbind.a | grep __inet" to see that you get the right library. Bind 4.9.x used libresolv.a and lib44bsd.a (compatability library). in Bind 8.x, it is all rolled into libbind.a. -- Don Badrak 301.457.1793 work Telecommunications Office 301.457.4438 fax U.S. Bureau of the Census 301.457.1828 fax Suitland MD, USA From svedja at lysator.liu.se Fri Nov 27 15:25:53 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:44 2003 Subject: More on my problems In-Reply-To: Message-ID: Yep, my problems were solved when I included "-lbind" when compiling. Thanks to all that helped me on this one. Dejan On Fri, 27 Nov 1998, Don Badrak wrote: > Dejan, > > On Sat, 28 Nov 1998, Dejan Ilic wrote: > > > Tried both CVS-distributions (Beta-1 & Beta-2) and both show the same > > problem om my Solaris_x86 2.6 > > > > Linking bin/smbd > > Undefined first referenced > > symbol in file > > __inet_addr libsmb/namequery.o > > __inet_ntoa libsmb/clientgen.o > > ld: fatal: Symbol referencing errors. No output written to bin/smbd > > > > inet_ntoa exitst in libnsl, but not "__inet_ntoa". > > sambe for __inet_addr. I have not had the problems earlier, but I > > haven't compiled the newest releases for a couple day either :-) > > > > It worked fine some weeks ago. At least 98-11-12 release works. > > Those symbols are from the bind 8.1.2 library. Make sure that somewhere > you have -lbind in your link line (you may also need a > -L/location/of/bind/library). > > Do "nm /location/of/bind/libary/libbind.a | grep __inet" to see that you > get the right library. > > Bind 4.9.x used libresolv.a and lib44bsd.a (compatability library). in > Bind 8.x, it is all rolled into libbind.a. > > > -- > Don Badrak 301.457.1793 work > Telecommunications Office 301.457.4438 fax > U.S. Bureau of the Census 301.457.1828 fax > Suitland MD, USA > > > ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From chenriq at homeshopping.com.br Fri Nov 27 16:30:59 1998 From: chenriq at homeshopping.com.br (Carlos Henrique) Date: Tue Dec 2 02:24:44 2003 Subject: Problem: changing password from WinNT workstation 4 SP3 Message-ID: <365ED3BC.4B35C140@homeshopping.com.br> Platform: SunOS 4.1.4 Samba-2.0.beta2 Excerpt from our smb.conf ... workgroup = DEMAB_DMDDS server string = hosts allow = 172.19.48.0/255.255.248.0 127. 172.27.16.0/255.255.240.0 172.19. 96.0/255.255.248.0 security = user unix password sync = no case sensitive = Yes passwd chat debug = True log level = 1 null passwords = yes passwd program = /usr/bin/passwd %u encrypt passwords = yes interfaces = 172.19.41.2/255.255.248.0 172.19.65.2/255.255.248.0 remote announce = 172.19.55.255 172.27.16.40 ... - "unix password sync = yes" only works for root changing password. Using "unix password sync = no"; - I can change samba password on unix using smbpasswd (for a non-root user), but I can't do the same from WinNT. log.: [1998/11/26 10:24:51, 0] smbd/chgpasswd.c:check_oem_password(741) check_oem_password: old lm password doesn't match. ... - If I change the user password to null on WinNT, it works. - There are two lines where this message is shown in smbd/chgpasswd.c. I could s ee that the message above came from the second one and commented out the "if" bl ock of this message. After make/make install, I changed password on WinNT again. log. [1998/11/26 10:29:12, 0] smbd/chgpasswd.c:check_oem_password(748) check_oem_password: old nt password doesn't match. ... This message appears in the next "if" after the previous 'if' block commented. So, I commented out this "if" block, too. After make/make install again, when I changed password, WinNT showed the message "password changed". However, when logging off the following message was sent to log. [1998/11/26 10:35:24, 0] smbd/reply.c:reply_sesssetup_and_X(695) NT Password did not match ! Defaulting to Lanman ... When loggin on after that, only the old password worked. And, I saw in smbpasswd file (unix) that only the LCT string had been changed, while the hash string remained the same. From mh at bacher.at Fri Nov 27 16:46:58 1998 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:24:44 2003 Subject: Problem: changing password from WinNT workstation 4 SP3 In-Reply-To: <365ED3BC.4B35C140@homeshopping.com.br> Message-ID: Now this is the 4th problem report of that issue I have seen ( including my request 2-3 Weeks ago ) But there is no real good answer till now ! The answer is always, you have to use passwords, that are okay to your unix OS policy ( e.g. for solaris: min 6 char, min 2 digits,..) But that is not true with samba 2.0.0beta in Solaris 2.6, I have run the tests with old password: "test1234" to new "1234test" ( which is ok for solaris 2.6) and had the same results as you ! Mmmm, Maybe there are more important problems to solve (currently ) ... ------------------------------------------------------------------- Martin Hofbauer Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- On Sat, 28 Nov 1998, Carlos Henrique wrote: > Platform: > SunOS 4.1.4 > Samba-2.0.beta2 > Excerpt from our smb.conf > .. > workgroup = DEMAB_DMDDS > > server string = > > hosts allow = 172.19.48.0/255.255.248.0 127. 172.27.16.0/255.255.240.0 > 172.19. > 96.0/255.255.248.0 > > security = user > > unix password sync = no > > case sensitive = Yes > > passwd chat debug = True > > log level = 1 > > null passwords = yes > > passwd program = /usr/bin/passwd %u > > encrypt passwords = yes > > interfaces = 172.19.41.2/255.255.248.0 172.19.65.2/255.255.248.0 > > remote announce = 172.19.55.255 172.27.16.40 > > .. > > - "unix password sync = yes" only works for root changing password. > Using "unix > password sync = no"; > - I can change samba password on unix using smbpasswd (for a non-root > user), but > I can't do the same from WinNT. > log.: > > [1998/11/26 10:24:51, 0] smbd/chgpasswd.c:check_oem_password(741) > check_oem_password: old lm password doesn't match. > ... > > - If I change the user password to null on WinNT, it works. > - There are two lines where this message is shown in smbd/chgpasswd.c. I > could s > ee that the message above came from the second one and commented out the > "if" bl > ock of this message. After make/make install, I changed password on > WinNT again. > log. > > [1998/11/26 10:29:12, 0] smbd/chgpasswd.c:check_oem_password(748) > check_oem_password: old nt password doesn't match. > .. > > This message appears in the next "if" after the previous 'if' block > commented. > So, I commented out this "if" block, too. > After make/make install again, when I changed password, WinNT showed the > message > "password changed". However, when logging off the following message was > sent to > log. > > [1998/11/26 10:35:24, 0] smbd/reply.c:reply_sesssetup_and_X(695) > NT Password did not match ! Defaulting to Lanman > .. > > When loggin on after that, only the old password worked. And, I saw in > smbpasswd > file (unix) that only the LCT string had been changed, while the hash > string > remained the same. > > > From svedja at lysator.liu.se Fri Nov 27 22:51:07 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:44 2003 Subject: Domain administrators Message-ID: With all the recent changes in Samba I would like to get some help on how to set up domain administrator account. "domain admin group/user" is depricieted. What parameter should I use (example please). I guess it is the "domain group map". But does it take 8-bit characters? Swedish administrators are "administrat?r" in example. (Those who can read QP-mail will know what I mean). And what coding should be used ? ISO-8859-1 or Windows coding ? It's not clear from the smb.conf. Thanks Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From bernie at ecr.mu.oz.au Sat Nov 28 03:15:13 1998 From: bernie at ecr.mu.oz.au (Bernie Kirby) Date: Tue Dec 2 02:24:44 2003 Subject: Problem: changing password from WinNT workstation 4 SP3 Message-ID: <199811280315.OAA07148@plooker.ecr.mu.oz.au> G'day, I also have this problem. It would seem to be byte order problem maybe unique to Solaris2.x In any case, the 'new' password ends up being null at approx line 700+ in chpasswd.c, where it calls char *pw; new_pw_len /= 2; pw = unistrn2((uint16*)(&lmdata[512-uni_pw_len]), new_pw_len); pw is always a null string. As an experiment, I replaced this call with: { char buf[100]; int i; memset(buf, 0, sizeof(buf)); for (i = 0; i < new_pw_len*2 && i < 100; i += 2) { buf[i/2] = (char)lmdata[512-uni_pw_len + i]; memcpy(new_passwd, buf, new_pw_len+1); DEBUG(0, ("new passwd = '%s'\n", new_passwd)); } This isn't a general solution, but it shows the problem. You get the 'proper' new password. and no longer get check_oem_password: old lm password doesn't match. and can now at least proceed... And on to another problem... Latest CVS code checked out a day ago...but the problem has existed for a week or two.. smbpasswd -a username... in passdb/smbpasschange.c, when adding a new user local_password_change calls getpwnam(), which returns a static buffer. then after the call to smb_pwent = getsmbpwnam(user_name); at about line 113, the pwd->pw_uid is now equal to the last uid read in the smbpasswd file. (remember, we are adding a user, and they don't exist in the smbpasswd file yet). Thus the new user gets the uid of the last one in the smbpasswd file. I don't know, but it looks like it's calling one of the getpw*() routines for each of the entry in the smbpasswd file and overwriting the static buffer from the first getpwnam call. I just made a local copy of the returned buffer and now at least the new users aren't getting mucked about... From delaitt at cpc.westminster.ac.uk Sun Nov 29 12:43:10 1998 From: delaitt at cpc.westminster.ac.uk (Thierry Delaitre) Date: Tue Dec 2 02:24:44 2003 Subject: password server = Novell server ? Message-ID: Dear All, Is it possible to configure the 'password server' global option to use a Novell server for login/password authentication ? If not, would it be possible to use an NT PC as a gateway between NT and Novell Netware 4 ? So, that NT clients would query the Samba server which would query the NT box which would then finally query the Novell server for login/passowrd authentication. Thanks, Thierry. -------------------------------------------------------------------- Thierry Delaitre | Phone: +44/171-911-5000 ext. 3586 Centre for Parallel Computing | FAX: +44/171-911.5143 University of Westminster | mailto:delaitt@cpc.wmin.ac.uk 115 New Cavendish Street | http://www.cpc.wmin.ac.uk/~delaitt LONDON W1M 8JS, UK | -------------------------------------------------------------------- From svinto at ita.chalmers.se Sun Nov 29 14:01:40 1998 From: svinto at ita.chalmers.se (Svante Sormark) Date: Tue Dec 2 02:24:45 2003 Subject: SSL support in Samba ? In-Reply-To: <365D2795.D492E280@secunet.de> Message-ID: this would prbably be trivial to do using a wrapper like stunnel ( http://mike.daewoo.com.pl/computer/stunnel/ ) On Thu, 26 Nov 1998, Heiko Nardmann wrote: >Is there any SSL support planned for Samba or already in work/done? > >-- >Ciao ... Heiko Nardmann (Dipl.-Ing.) >Software Development, secunet (www.secunet.de) >Security Networks GmbH, Weidenauer Str. 223-225, D-57076 Siegen >Tel. : +49 271 48950-13 Fax : +49 271 48950-50 > -------------------------------------------------------------------------- | Svante S?rmark | Chalmers IT -avdelning | utvecklare | 0707 538336 | -------------------------------------------------------------------------- From lkcl at switchboard.net Sun Nov 29 18:02:29 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: yodl is _cool_ In-Reply-To: <3.0.3.32.19981126170434.0077f634@bioserve.biochem.latrobe.edu.au> Message-ID: On Thu, 26 Nov 1998, David Bannon wrote: > Luke, thanks for your advice, now getting 2.0.0b2. wrong version. http://samba.org/cvs.html, do not specify a tag. > But to get back to your origional question : > > >> >please could someone review docs/manpages/smb.conf.5 or > >> >docs/htmldocs/smb.conf.5.html sections "domain group map" and "local group > > The beta2 version does not mention "domain group map" etc, it is the old > prealpha stuff about "domain admin group". correct. > And to reiterate my (revised) question : > > For example, to map someone, who is a member of (unix) adm as > (NT) Administrator would we do this ? : > > domain group map = /usr/local/samba/private/domain.map > > and in domain.map we have either : > > adm Administrators > or > adm Domain Admins adm="Domain Admins" > 'cos it don't work for me. correct, 2.0.0b2 won't. From lkcl at switchboard.net Sun Nov 29 18:02:49 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: yodl is _cool_ In-Reply-To: <3.0.3.32.19981126171709.00750b8c@bioserve.biochem.latrobe.edu.au> Message-ID: On Thu, 26 Nov 1998, David Bannon wrote: > At 01:54 PM 25/11/1998 +0000, Luke Kenneth Casson Leighton wrote: > > >-r SAMBA_2_0. DO NOT check out in the same directory as the main branch > >is already checked out in. > > No, sorry Luke, having a better look at the logs indicates that there is > something funny here. I did a clean CSV and got 2.0.0beta2 but it does the wrong version. From svedja at lysator.liu.se Sun Nov 29 18:07:50 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:45 2003 Subject: yodl is _cool_ In-Reply-To: Message-ID: On Mon, 30 Nov 1998, Luke Kenneth Casson Leighton wrote: > On Thu, 26 Nov 1998, David Bannon wrote: > > > Luke, thanks for your advice, now getting 2.0.0b2. > > wrong version. http://samba.org/cvs.html, do not specify a tag. Without the tag I get a version that claims to be Beta-1. Which one is correct, the one with "-r SAMBA_2_0" or the one without ? Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From svedja at lysator.liu.se Sun Nov 29 18:23:15 1998 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:45 2003 Subject: Quotas are in again In-Reply-To: Message-ID: /* CC to the samba group for "validation". */ /* Why can files "take more than quota-allowed space" on accounts */ /* If my assumptions are correct, it should probably be documented */ Can you do a small test for me ? Can you copy a file that is larger than quotas ? And then check the free space on the hard-drive(s) On my system I copied a 180MB file to a account that can hold 10MB (quota-restriction) Here is "before" and "after" free space. Notice that the "180MB-large" file is on the accout, despite the fact that it can hold only 10MB. Before the copy. # df -k Filesystem 1024-blocks Used Available Capacity Mounted on ... /dev/dsk/c0t0d1s0 13029980 10270900 2759080 79% /export/users ... After the copy. # df -k Filesystem 1024-blocks Used Available Capacity Mounted on /dev/dsk/c0t0d1s0 13029980 10280252 2749728 79% /export/users Notice that only the actual 10MB (approx, I had some other files too) was taken. It seems like Solaris does the same, it creates a file tha SEEMS larger than quotas, but as it is empty, it doesn't count anywhere. Notice the diference between empty and filled with zeros. Some filesystem allows you to do that, and the file only takes the space when you actualy write something in it, whatever it is zeros or actual data. It seems like Ext2 (Linux) and UFS (SunOS and some other systems) can do it. Don't know, maybe Samba should stop the process immediatly when the copying begins instead of (only) when roof is hitted. I whould hate to be a owner of 14K-modem that tries to upload a 10MB file only to find out that you hit the quota a couple KB before the whole file is transfered... Maybe a additional check when creating the "hole" would be in place. ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From lkcl at switchboard.net Sun Nov 29 18:55:17 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass In-Reply-To: Message-ID: HOLD THAT CVS TREE DON'T UPDATE IT! send a bug report to me, detailing what version of nt you are using, along with a tar ball, and how to reproduce it. if this is nt4 sp4 you're using, then microsoft will want to know about it. thanx, luke On Sat, 28 Nov 1998, Greg Dickie wrote: > > Hi, > > Well ya gotta break some eggs to make a cake. It is super cool to see all > the groups showing up in the domain user manager but there are a couple of > things: when I log in I only belong to my primary domain group as seen on UNIX, > no local groups and I'm not a Domain Admin any more. This is probably my > ignorance of the new local group map stuff. > > The other problem is it seems to cause an exception in lsass.exe (whatever the > hell that is!). I can send traces if anybody needs. > > Thanks for all the neat stuff, > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From chris at cmcardle.demon.co.uk Sun Nov 29 23:20:54 1998 From: chris at cmcardle.demon.co.uk (Christian McArdle) Date: Tue Dec 2 02:24:45 2003 Subject: Windows \\server\homes not disconnecting bug Message-ID: <01BE1BEE.E9BEE200.chris@cmcardle.demon.co.uk> Having heard about the new NT Domain support in Samba, I just gave it a try and it works brilliantly. Thanks everyone for all the effort put in! In DOMAIN.txt it talks about a bug in Windows that causes it to not disconnect the \\server\homes share when logging out. I'm not sure if this is well known, or fixed elsewhere, but I have found a solution anyway. First I set up a logon.bat script for everyone to use. Then I set the first line to: net use \\server\homes /delete This disconnects the stray share, ensuring it is recreated correctly when it is next needed. I used this to set up Netscape to use centralised profiles. You can specify a profile directory of something like "\\server\homes\netscape" or whatever and it will find the netscape directory on the current user's home directory. This method could be used to overcome lots of non-user sensitive path names in other programs that you want to behave in a user sensitive manner. Sorry if everyone knew all this before. And thanks again. It's so nice never to have to use NT Server. Christian McArdle. From sean at compu-aid.com Mon Nov 30 03:43:50 1998 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:24:45 2003 Subject: password server = Novell server ? In-Reply-To: Message-ID: On Sun, 29 Nov 1998, Thierry Delaitre wrote: > Is it possible to configure the 'password server' global option to use a > Novell server for login/password authentication ? If not, would it be > possible to use an NT PC as a gateway between NT and Novell Netware 4 ? > So, that NT clients would query the Samba server which would query the NT > box which would then finally query the Novell server for login/passowrd > authentication. Well... I don't think something like "security=netware" is currently an option. I see a couple of possible options: 1) If possible, setup Samba to use PAM and then use a PAM module for authentication against NDS (or the Bindery). Last time I looked at these modules they were a little rough around the edges but that was a long time ago and they should be significantly better by now I think. 2) As you said, use the NT server to handle the authentication translation. I have never set that up before but I see no reason why Samba would even know that the NT server authentication isn't happening locally on NT. I have a large client that has Samba servers authenticating to a single NT PDC that has some AS/400 integration software to pass authentication through to the AS/400 user accounts and it works just fine. Except for when the NT Server decides to drop off the network, that's why I'd recommend option #1. Netware is a lot more stable then NT :) Best, Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From urs.steiner at switzerland.org Sun Nov 29 16:41:24 1998 From: urs.steiner at switzerland.org (Urs Steiner) Date: Tue Dec 2 02:24:45 2003 Subject: long logout duration Message-ID: <00f701be1bb7$1a59f220$0300a8c0@noway> Florain Laws wrote: >> I have a small but annoying problem: >> i am using Samba 2.0.0-prealpha from november 20 (well it was also in >> previous versions) as a domain server for my NT WKS4SP4. >> >> login doesn't take substantially more time than before >> joining the domain >> but the logout takes now about 5 minutes longer... >> which doesn't really seem normal for transmitting about 2mb over a >> 100mbit-network it would seem to me ... > >Have you checked the size of your user profile, >or is this the 2mb your are talking about? yes! my userprofile is between 2 and 2.5 MB (as i anyway use only one computer, i decided to store the outlook express files locally) >The user profile data are stored back to the server at every >logout, and that can take quite long, if the profile is big. I figured that also, but as said above, 2mb shouldn't take as long as that ... even if its 100 folders and 499 files which anyway should stay about the same most times as i reconn Urs =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= e-mail: urs [dot] steiner [at] switzerland [dot] org Think of that: "It's private!" * Rimmer "It's gone public." * Cat From greg at discreet.com Mon Nov 30 12:31:52 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass In-Reply-To: Message-ID: Hi Luke, It's actually NT4.0SP3. What would you like in the tarball? What is lsass.exe? Thanks, Greg On 29-Nov-98 Luke Kenneth Casson Leighton wrote: > HOLD THAT CVS TREE DON'T UPDATE IT! > > send a bug report to me, detailing what version of nt you are using, along > with a tar ball, and how to reproduce it. > > if this is nt4 sp4 you're using, then microsoft will want to know about > it. > > thanx, > > luke > > On Sat, 28 Nov 1998, Greg Dickie wrote: > >> >> Hi, >> >> Well ya gotta break some eggs to make a cake. It is super cool to see all >> the groups showing up in the domain user manager but there are a couple of >> things: when I log in I only belong to my primary domain group as seen on >> UNIX, >> no local groups and I'm not a Domain Admin any more. This is probably my >> ignorance of the new local group map stuff. >> >> The other problem is it seems to cause an exception in lsass.exe (whatever >> the >> hell that is!). I can send traces if anybody needs. >> >> Thanks for all the neat stuff, >> Greg >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet logic >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Mon Nov 30 15:13:02 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass In-Reply-To: Message-ID: On Mon, 30 Nov 1998, Greg Dickie wrote: > > Hi Luke, > > It's actually NT4.0SP3. oh, that's ok then :-) > What would you like in the tarball? source/* do a make clean and rm bin/*, please :-) > What is lsass.exe? local security authority secure service i think. it's responsible for authenticating users, even if that means contacting someone else who tells it that the user is authenticated. it's a bit bad if it crashes, in other words: as you can't log in :-) > Thanks, > Greg > > On 29-Nov-98 Luke Kenneth Casson Leighton wrote: > > HOLD THAT CVS TREE DON'T UPDATE IT! > > > > send a bug report to me, detailing what version of nt you are using, along > > with a tar ball, and how to reproduce it. > > > > if this is nt4 sp4 you're using, then microsoft will want to know about > > it. > > > > thanx, > > > > luke > > > > On Sat, 28 Nov 1998, Greg Dickie wrote: > > > >> > >> Hi, > >> > >> Well ya gotta break some eggs to make a cake. It is super cool to see all > >> the groups showing up in the domain user manager but there are a couple of > >> things: when I log in I only belong to my primary domain group as seen on > >> UNIX, > >> no local groups and I'm not a Domain Admin any more. This is probably my > >> ignorance of the new local group map stuff. > >> > >> The other problem is it seems to cause an exception in lsass.exe (whatever > >> the > >> hell that is!). I can send traces if anybody needs. > >> > >> Thanks for all the neat stuff, > >> Greg > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet logic > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > >> > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba and Network Consultancy > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From nescau at akira.ucpel.tche.br Mon Nov 30 10:41:47 1998 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:24:45 2003 Subject: password server = Novell server ? In-Reply-To: Message-ID: Hello! > Is it possible to configure the 'password server' global option to use a > Novell server for login/password authentication ? It isn't possible (right now) with samba... but I've developed sometime ago a PAM module (for linux only) that authenticates any user using his/her netware account (login+password). It's pretty simple and hasn't much features but works very well. I'd be glad on sending it to you as soon as I finish the documentation The only problem here is that you have to use unnencrypted passwords to share the unix/samba user database and it can be a trouble to NT clients. Hope This Helps Luis [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- Gospel User -- NetAdmin -- Linuxer -- Musician? ] [ RHuser - DRWATSON.EXE user - http://akira.ucpel.tche.br/~nescau - IS 40:31 ] [______________________________ Yeshua Hamashia _____________________________] From greg at discreet.com Mon Nov 30 16:00:08 1998 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:45 2003 Subject: Latest CVS causes exception in lsass In-Reply-To: Message-ID: Didn't seem terribly hard to reproduce, I just rebooted a machine that was in the domain and boom. There is also another way which you might be interested in: ClearCase Doctor from Rational also seems to provoke it when it checks out domain capabilities. Ya, I noticed I could not log in after that process died... bummer. you can pick it up at ftp://ftp.discreet.com/outgoing/this_version_kills_lsass.tar.gz Let me know if you need more info. Thanks, Greg On 30-Nov-98 Luke Kenneth Casson Leighton wrote: > On Mon, 30 Nov 1998, Greg Dickie wrote: > >> >> Hi Luke, >> >> It's actually NT4.0SP3. > > oh, that's ok then :-) > >> What would you like in the tarball? > > source/* do a make clean and rm bin/*, please :-) > >> What is lsass.exe? > > local security authority secure service i think. it's responsible for > authenticating users, even if that means contacting someone else who tells > it that the user is authenticated. > > it's a bit bad if it crashes, in other words: as you can't log in :-) > > >> Thanks, > >> Greg >> >> On 29-Nov-98 Luke Kenneth Casson Leighton wrote: >> > HOLD THAT CVS TREE DON'T UPDATE IT! >> > >> > send a bug report to me, detailing what version of nt you are using, along >> > with a tar ball, and how to reproduce it. >> > >> > if this is nt4 sp4 you're using, then microsoft will want to know about >> > it. >> > >> > thanx, >> > >> > luke >> > >> > On Sat, 28 Nov 1998, Greg Dickie wrote: >> > >> >> >> >> Hi, >> >> >> >> Well ya gotta break some eggs to make a cake. It is super cool to see >> >> all >> >> the groups showing up in the domain user manager but there are a couple >> >> of >> >> things: when I log in I only belong to my primary domain group as seen on >> >> UNIX, >> >> no local groups and I'm not a Domain Admin any more. This is probably my >> >> ignorance of the new local group map stuff. >> >> >> >> The other problem is it seems to cause an exception in lsass.exe >> >> (whatever >> >> the >> >> hell that is!). I can send traces if anybody needs. >> >> >> >> Thanks for all the neat stuff, >> >> Greg >> >> >> >> --------------------------------------------------------------------- >> >> Greg Dickie >> >> Just A Guy* >> >> *from discreet logic >> >> Montreal >> >> (514) 954-7171 >> >> greg@discreet.com >> >> >> >> >> > >> > Luke Kenneth Casson Leighton >> > >> > Samba and Network Development >> > >> > Samba and Network Consultancy >> > >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet logic >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Mon Nov 30 16:01:40 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: yikes In-Reply-To: <3.0.5.32.19981130065519.009b61c0@poptop.llnl.gov> Message-ID: try a checkout, now, phil. andrej brought this to my attention too. On Tue, 1 Dec 1998, Phil Cox wrote: > The proposed fix did not work. > > Phil > > At 06:26 AM 11/26/98 +0000, Matt Chapman wrote: > >Phil Cox wrote: > > > >> >[1998/11/25 21:48:31, 0] lib/fault.c:fault_report(40) > >> > =============================================================== > >> >[1998/11/25 21:48:31, 0] lib/fault.c:fault_report(41) > >> > INTERNAL ERROR: Signal 11 in pid 2236 (2.0.0-beta1) > >> > Please read the file BUGS.txt in the distribution > >> >[1998/11/25 21:48:31, 0] lib/fault.c:fault_report(43) > >> > =============================================================== > >> >[1998/11/25 21:48:31, 0] lib/util.c:smb_panic(2372) > >> > PANIC: internal error > > > >Try this. It doesn't seem to be the same bug as Brian is reporting but > this is a > >nasty one... can someone commit this? > > > > Matt > > > > > >--- clientgen.old Thu Nov 26 16:35:39 1998 > >+++ clientgen.c Thu Nov 26 17:16:50 1998 > >@@ -2727,7 +2727,7 @@ > > struct nmb_name calling, called; > > BOOL connected_ok = True; > > > >- ZERO_STRUCT(cli); > >+ ZERO_STRUCTP(cli); > > > > if (!cli_initialise(cli)) > > { > > > > > >-- > >Matt Chapman > >E-mail: mattyc@cyberdude.com > > > > > > > > > > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Computer Incident Advisory Capability (CIAC) Philip C. Cox > (510)422-8193 (510)422-8564 > ciac@llnl.gov pcc@llnl.gov > ------------------------------------------------------------------- > PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 > Noteable Quote = "Do today what you want to be tomorrow." > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Mon Nov 30 16:12:48 1998 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:45 2003 Subject: group database API Message-ID: ok, it's almost ready, first pass, and it's even documented in smb.conf.yo (hurrah) create: /usr/local/samba/lib/local.map and put "local group map = above file name". create: /usr/local/samba/lib/.map and put "domain group map = above file name". create: /usr/local/samba/lib/domainuser.map and put "domain user map = above file name". in local.map, put entries like: wheel=BUILTIN\Administrators sys=BUILTIN\"System Operators" some_local_unixgroup=some_NT_local_group in domain.map, put entries like: users="Domain Users" to get them to be distinguished from the _local_ BUILTIN group named "Users". hm. domainuser map doesn't work right now, i'll fix that. From pcc at llnl.gov Mon Nov 30 16:17:24 1998 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:45 2003 Subject: yikes In-Reply-To: References: <3.0.5.32.19981130065519.009b61c0@poptop.llnl.gov> Message-ID: <3.0.5.32.19981130081724.009bd550@poptop.llnl.gov> At 04:01 PM 11/30/98 +0000, Luke Kenneth Casson Leighton wrote: >try a checkout, now, phil. andrej brought this to my attention too. Now getting this weird output: # bin/smbpasswd can't create private directory : No such file or directory ERROR: Samba cannot create a SAM SID for its domain (). Can't setup password database vectors. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow."