From zsolt at tek.bke.hu Thu Apr 1 00:31:59 1999 From: zsolt at tek.bke.hu (Tulassay Zsolt) Date: Tue Dec 2 02:25:59 2003 Subject: mail using Netscape Mail over samba ? Message-ID: Hi folks, (as far as I can remember, this is my first mail ever sent to an english mailing list, and surely the first to a samba-list.) I am the proud administrator of a Linux box running RedHat 5.2 and samba-1.9.18p10 (2.0.3 didn't work properly but that's not my problem here). The samba server provides domain logon for the windows machines in our network. The whole thing has only been running for two days now, so I'm just starting to configure it. Just to be clear, there are machines which are used by only one person, but there are others which are used by lots of users simultaneously. But all of them are runnng Win95/98. My problem is how to provide email service for our users, ie. which mailer software to use and over which protocol (POP/IMAP/etc). I had an idea, namely that if a user logs on the samba server, he can access his UNIX mail folders directly through his home dir. So what if I tried to set up Netscape Communicator to use H:\mail as the mail directory (where H: is the drive letter where the home dirs get mounted) and so I could avoid having to use IMAP (I had lots of trouble using IMAP earlier). I gave it a try and it seemed to work. But then came the real problem, you may already know what I mean: Communicator puts user settings into various files on the hard drive to which pointers are made in HKEY_LOCAL_MACHINE in the registry. Which is machine dependant. So I couldn't get it to handle the different settings for different users. I had first the idea to add some registry keys at every logon which could fix this up, but then I couldn't manage to get it right. Then I thought about the Roaming Profiles, installed the Apache module mod_roaming, and seemed happy, but it turned out, that Netscape tried to use the same roaming access profile every time, regardless of the username I used to log in to the samba server. And I couldn't find any hint where it stores the roaming access settings locally (I didn't find anything in the registry). What I'd like to achieve is, that if somebody logs in to our domain, he could read his email through some Windows mail client software regardless of which computer he uses to log in from. (after all it can be some other than Netscape Mail as well, I just thought NSMail would be the easiest way to go). If somebody managed to get this right, I would really appreciate if he could help me. Well, if you have a solution based on IMAP, I don't mind. I have to admit I don't even know how to get to work NSMail using IMAP on the windows boxes). Or if you could name me some mail clients that work together with Navigator and put their stuff into HKCU I would be fairly happy with that as well. Sorry for the long letter. TIA, Zsolt Tulassay PS please CC to me, I only get the digest From D.Bannon at latrobe.edu.au Thu Apr 1 01:23:30 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:59 2003 Subject: mail using Netscape Mail over samba ? In-Reply-To: Message-ID: <3.0.3.32.19990401112330.0074fbd8@bioserve.biochem.latrobe.edu.au> At 10:33 AM 01/04/1999 +1000, Tulassay Zsolt wrote: > >Hi folks, >(as far as I can remember, this is my first mail ever sent to an >english mailing list, and surely the first to a samba-list.) > >My problem is how to provide email service for our users, ie. ---------- I have a large dept here that uses (almost exclusivly) Eudora to read email. We have a samba drive (drive p: for personal) that is mapped to each users home directory with a logon script. The computers have a shortcut to eudora that has a a command line parameter that tells eudora to use the users files on p: Shortcut command line: k:\eudora\eudora p:\eudora Where k:\eudora is where the binaries are kept, and P:\eudora is where the users own email files are kept. I have my create user script make a Eudora directory in the new users home dir and change its ownership to that user. Then the first time they use the eudora shortcut, Eudora prompts them for config info and creates the necesary files. Easy. Have a look in the FAQ and HowTo to find out how to setup logon scripts. >PS please CC to me, I only get the digest PS. you may well be questioned if this is appropriate question in the samba NTDomain list, especially if you don't subscribe to it ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From hugh at forsoft.com Thu Apr 1 01:30:59 1999 From: hugh at forsoft.com (Hugh E Cruickshank) Date: Tue Dec 2 02:25:59 2003 Subject: mail using Netscape Mail over samba ? Message-ID: <01BE7B9C.3ECBA280@fishec> Hi Zsolt: I think that we have done what you a attempting to do but with SCO OSR5.0.4. We opted to use the Microsoft Windows Messaging software that comes with Win95 but it think the technique should work with any MAPI type software (say Outlook). 1. We created a subdirectory on our user's UNIX home directory in a pre-exec script ("win/exchange"). 2. We created a netlogon batch file that always mounts the user's home directory to the same drive letter ("H:"). 3. We manually reconfigured each of our Win95 boxes to store the "Personal Folders" and "Addressbook" files on the home directory (in "H:\WIN\EXCHANGE\"). 4. We configured the software to use POP and SMTP to communicate with the UNIX host to receive and sendmail. This is far from ideal but it works. It was to be an interim solution for us but my users are so entrenched now after 3-4 years that they threaten to revolt every time I talk about introducing a "real" MUA. I am sure there are better ways of doing this but this might give you some ideas to start with. Good luck and if you need any more details on what we did please let me know. Regards, Hugh -- Hugh E Cruickshank, Forward Information Systems, www.forsoft.com ---------- From: Tulassay Zsolt Sent: Wednesday, March 31, 1999 16:33 To: Multiple recipients of list Subject: mail using Netscape Mail over samba ? Hi folks, (as far as I can remember, this is my first mail ever sent to an english mailing list, and surely the first to a samba-list.) I am the proud administrator of a Linux box running RedHat 5.2 and samba-1.9.18p10 (2.0.3 didn't work properly but that's not my problem here). The samba server provides domain logon for the windows machines in our network. The whole thing has only been running for two days now, so I'm just starting to configure it. Just to be clear, there are machines which are used by only one person, but there are others which are used by lots of users simultaneously. But all of them are runnng Win95/98. My problem is how to provide email service for our users, ie. which mailer software to use and over which protocol (POP/IMAP/etc). I had an idea, namely that if a user logs on the samba server, he can access his UNIX mail folders directly through his home dir. So what if I tried to set up Netscape Communicator to use H:\mail as the mail directory (where H: is the drive letter where the home dirs get mounted) and so I could avoid having to use IMAP (I had lots of trouble using IMAP earlier). I gave it a try and it seemed to work. But then came the real problem, you may already know what I mean: Communicator puts user settings into various files on the hard drive to which pointers are made in HKEY_LOCAL_MACHINE in the registry. Which is machine dependant. So I couldn't get it to handle the different settings for different users. I had first the idea to add some registry keys at every logon which could fix this up, but then I couldn't manage to get it right. Then I thought about the Roaming Profiles, installed the Apache module mod_roaming, and seemed happy, but it turned out, that Netscape tried to use the same roaming access profile every time, regardless of the username I used to log in to the samba server. And I couldn't find any hint where it stores the roaming access settings locally (I didn't find anything in the registry). What I'd like to achieve is, that if somebody logs in to our domain, he could read his email through some Windows mail client software regardless of which computer he uses to log in from. (after all it can be some other than Netscape Mail as well, I just thought NSMail would be the easiest way to go). If somebody managed to get this right, I would really appreciate if he could help me. Well, if you have a solution based on IMAP, I don't mind. I have to admit I don't even know how to get to work NSMail using IMAP on the windows boxes). Or if you could name me some mail clients that work together with Navigator and put their stuff into HKCU I would be fairly happy with that as well. Sorry for the long letter. TIA, Zsolt Tulassay PS please CC to me, I only get the digest From webber at sj.univali.rct-sc.br Thu Apr 1 03:07:01 1999 From: webber at sj.univali.rct-sc.br (Celso Kopp Webber) Date: Tue Dec 2 02:25:59 2003 Subject: UIDs x GIDs on Samba-NTdom Message-ID: Hi all! I've found a "feature" on Samba yesterday that may interest you. Sorry if this is already known, or if it was already discussed here (although I haven't seen anything lately). I had one system with one user with UID #300, named User1, and one group with GID #300, named Laboratory. Whenever I tried on an NT client add permissions to group Laboratory, after I select it on the list, NT showed in fact permissions to user User1. It came to my mind that the coincidence beetween one's UID and the other's GID was the cause. Changing GID for Laboratory solved the problem. I'm having also another problem. Since I'm using RedHat on the server side, every user has its own primary group, for instance, bob's primary group is bob. Both bob UID and bob GID are the same. This causes UsrMgr.exe and others to not show the list of groups/users, because if I have 700 users, I have at least 700 groups. Is there any way of using options like "domain group map = " to filter some groups, i.e., not showing some of them. Thanks for your help in advance, and congratulations for the great software samba is! Prof. Celso Kopp Webber mailto://webber@sj.univali.rct-sc.br Universidade do Vale do Itajai' - UNIVALI Campus Sao Jose - Sao Jose, SC Administracao de Redes Rod. SC 407, Km. 4 88122-000 Sao Jose-SC Brazil Fone: +55 (48) 281-1505 Fax: +55 (48) 281-1506 From D.Bannon at latrobe.edu.au Thu Apr 1 03:15:46 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:59 2003 Subject: UIDs x GIDs on Samba-NTdom In-Reply-To: Message-ID: <3.0.3.32.19990401131546.0075c8c4@bioserve.biochem.latrobe.edu.au> At 01:10 PM 01/04/1999 +1000, Celso Kopp Webber wrote: >Since I'm using RedHat on the >server side, every user has its own primary group, adduser -n bob Will create 'bob' without making a group 'bob'. This group per user is very silly in many applications ! You can also spec the desired group on the commandline with -g david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Alexandre.Lecuyer at iu-vannes.fr Thu Apr 1 06:35:18 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:25:59 2003 Subject: UIDs x GIDs on Samba-NTdom References: Message-ID: <370313A5.6B72B7EA@iu-vannes.fr> Celso Kopp Webber wrote: > Hi all! > > I've found a "feature" on Samba yesterday that may interest you. > Sorry if this is already known, or if it was already discussed here > (although I haven't seen anything lately). > > I had one system with one user with UID #300, named User1, and one > group with GID #300, named Laboratory. > > Whenever I tried on an NT client add permissions to group > Laboratory, after I select it on the list, NT showed in fact permissions to > user User1. It came to my mind that the coincidence beetween one's UID and > the other's GID was the cause. Changing GID for Laboratory solved the > problem. We had the same problem here... is changing the GID the only way to solve this ? From G.Klein at edelmann.de Thu Apr 1 09:29:00 1999 From: G.Klein at edelmann.de (Gerhard Klein) Date: Tue Dec 2 02:25:59 2003 Subject: mail using Netscape Mail over samba ? References: Message-ID: <37033C5C.610A835@edelmann.de> Hello Zsolt, we are using Netscape 4.x with NT4.0. Every user who logs in gets his own network drive e:\. f. e. samba [home]. All his mail, adressbook, options etc. are in e:\netscape. We are using only one netscape profile. This netscape profile is configured to use e:\netscape for user data. We name this profile default, but the name isn't importent. The trick is, that the netscape profile- and path-name is a part of regestry HKEY_LOCAL_MACHINE. The profile- and user-data are in e:\netscape which depends on user login. This should also run with Windows 95/98 - try it. Gerhard Tulassay Zsolt schrieb: > Hi folks, > (as far as I can remember, this is my first mail ever sent to an > english mailing list, and surely the first to a samba-list.) > > I am the proud administrator of a Linux box running RedHat 5.2 and > samba-1.9.18p10 (2.0.3 didn't work properly but that's not my > problem here). The samba server provides domain logon for the > windows machines in our network. The whole thing has only been > running for two days now, so I'm just starting to configure it. > Just to be clear, there are machines which are used by only one > person, but there are others which are used by lots of users > simultaneously. But all of them are runnng Win95/98. > > My problem is how to provide email service for our users, ie. > which mailer software to use and over which protocol (POP/IMAP/etc). > I had an idea, namely that if a user logs on the samba server, > he can access his UNIX mail folders directly through his home dir. > So what if I tried to set up Netscape Communicator to use H:\mail as > the mail directory (where H: is the drive letter where the home dirs > get mounted) and so I could avoid having to use IMAP (I had lots of > trouble using IMAP earlier). > > I gave it a try and it seemed to work. But then came the real > problem, you may already know what I mean: Communicator puts user > settings into various files on the hard drive to which pointers > are made in HKEY_LOCAL_MACHINE in the registry. Which is machine > dependant. So I couldn't get it to handle the different settings for > different users. > > I had first the idea to add some registry keys at every logon > which could fix this up, but then I couldn't manage to get it right. > Then I thought about the Roaming Profiles, installed the Apache module > mod_roaming, and seemed happy, but it turned out, that Netscape tried > to use the same roaming access profile every time, regardless of the > username I used to log in to the samba server. > And I couldn't find any hint where it stores the roaming access > settings locally (I didn't find anything in the registry). > > What I'd like to achieve is, that if somebody logs in to our domain, > he could read his email through some Windows mail client software > regardless of which computer he uses to log in from. > (after all it can be some other than Netscape Mail as well, I just > thought NSMail would be the easiest way to go). > > If somebody managed to get this right, I would really appreciate if > he could help me. Well, if you have a solution based on IMAP, I don't > mind. I have to admit I don't even know how to get to work NSMail > using IMAP on the windows boxes). > > Or if you could name me some mail clients that work together > with Navigator and put their stuff into HKCU I would be fairly > happy with that as well. > > Sorry for the long letter. > TIA, > > Zsolt Tulassay > > PS please CC to me, I only get the digest -- http://www.edelmann.de mailto:G.Klein@edelmann.de Phone: +49 7321 340 368 Fax: +49 7321 340 363 From greg at discreet.com Thu Apr 1 12:48:36 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:59 2003 Subject: samba 2.0.x does not work with security=server? Message-ID: Hi, I been having a lot of problems where peoples connections just seem to drop out and not come back. This is happening with samba 2.0.x on IRIX 6.4. My samba machine has: security = server password server = dublin_enc encrypt passwords = yes and so last night I cranked up the debug level and got the following. It looks like smbd loses the connection and tries to pick it up again (normal so far) but in anything other than security = share, it fails miserably. So I believe there are actually 2 problems, one is that the session drops out (although there seems to be decent code to handle that in clientgen.c so maybe that's normal) and then it cannot reconnect gracefully. People are losing work because of this so I'd like to figure out how to fix it. Anyone have any ideas? Thanks, Greg [1999/03/31 23:26:19, 0] lib/util_sock.c:(407) write_data: write failure. Error = Broken pipe [1999/03/31 23:26:19, 0] lib/util_sock.c:(190) write_socket: Error writing 118 bytes to socket 9: ERRNO = Broken pipe [1999/03/31 23:26:19, 5] libsmb/clientgen.c:(2588) cli_reestablish_connection: CUBA<00> connecting to DUBLIN_ENC<20> (ip 192.168.60.32) - jdilelle [] [1999/03/31 23:26:19, 5] libsmb/clientgen.c:(2618) cli_establish_connection: CUBA<00> connecting to DUBLIN_ENC<20> (192.168.60.32) - jdilelle [] [1999/03/31 23:26:19, 3] lib/util_sock.c:(711) Connecting to 192.168.60.32 at port 139 [1999/03/31 23:26:19, 5] libsmb/clientgen.c:(2321) Sent session request [1999/03/31 23:26:19, 5] lib/util.c:(452) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 [1999/03/31 23:26:19, 5] lib/util.c:(460) smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 [1999/03/31 23:26:19, 5] lib/util.c:(475) smb_bcc=0 [1999/03/31 23:26:19, 5] lib/util.c:(452) size=86 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [1999/03/31 23:26:19, 5] lib/util.c:(460) smb_tid=0 smb_pid=25978 smb_uid=100 smb_mid=1 smt_wct=17 [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[0]=6 (0x6) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[1]=12803 (0x3203) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[2]=256 (0x100) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[3]=65280 (0xFF00) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[4]=255 (0xFF) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[5]=0 (0x0) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[6]=256 (0x100) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[7]=24576 (0x6000) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[8]=51 (0x33) [1999/03/31 23:26:19, 5] lib/util.c:(469) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[9]=14592 (0x3900) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[10]=3 (0x3) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[11]=32768 (0x8000) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[12]=3559 (0xDE7) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[13]=63434 (0xF7CA) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[14]=48763 (0xBE7B) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[15]=11265 (0x2C01) [1999/03/31 23:26:19, 5] lib/util.c:(469) smb_vwv[16]=2049 (0x801) [1999/03/31 23:26:19, 5] lib/util.c:(475) smb_bcc=17 [1999/03/31 23:26:19, 5] lib/util.c:(452) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [1999/03/31 23:26:19, 5] lib/util.c:(460) smb_tid=0 smb_pid=25978 smb_uid=100 smb_mid=1 smt_wct=0 [1999/03/31 23:26:19, 5] lib/util.c:(475) smb_bcc=0 [1999/03/31 23:26:19, 5] lib/util.c:(452) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [1999/03/31 23:26:19, 5] lib/util.c:(460) smb_tid=0 smb_pid=25978 smb_uid=100 smb_mid=1 smt_wct=0 [1999/03/31 23:26:19, 5] lib/util.c:(475) smb_bcc=0 [1999/03/31 23:26:19, 1] libsmb/clientgen.c:(2716) failed session setup [1999/03/31 23:26:19, 0] libsmb/clientgen.c:(72) Error writing 118 bytes to client. -1. Exiting <-- UH-OH --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From fricke at Team.OWL-Online.DE Thu Apr 1 13:02:03 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:25:59 2003 Subject: Thank you Message-ID: <37036E4B.971C52C3@team.owl-online.de> Thank you all for help!!! Samba works fine with roaming profiles. The only problem I got is that the user don?t use the NTConfig.Pol which is in the netlogon-share. Is there something wrong with the permissions or why does it not work?? Regards Cord From greg at discreet.com Thu Apr 1 15:10:37 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:59 2003 Subject: Thank you In-Reply-To: <37036E4B.971C52C3@team.owl-online.de> Message-ID: Could be permissions or could be the case sensitivity settings try setting case sensitive = no in netlogon. Greg On 01-Apr-99 Cord-H. Fricke wrote: > Thank you all for help!!! > Samba works fine with roaming profiles. > The only problem I got is that the user don?t use the NTConfig.Pol which > is in the netlogon-share. > Is there something wrong with the permissions or why does it not work?? > > Regards > > Cord --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Thu Apr 1 15:13:12 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:25:59 2003 Subject: Thank you References: <37036E4B.971C52C3@team.owl-online.de> Message-ID: <37038D08.1523B19F@eng.auburn.edu> Cord-H. Fricke wrote: > > The only problem I got is that the user don?t use > the NTConfig.Pol which is in the netlogon-share. > Is there something wrong with the permissions or why does > it not work?? Cord, Check the NT Domain FAQ. The netlogon share should have locking = no browseable = yes public = no You may also need top play with the case settings on the share. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) ======================================================================== See the NT Domain FAQ linked off the documentation page at any one the mirrors for http://samba.org ======================================================================== From molloyt at oldtrafford.csis.ul.ie Thu Apr 1 15:42:43 1999 From: molloyt at oldtrafford.csis.ul.ie (Tony Molloy) Date: Tue Dec 2 02:25:59 2003 Subject: Thank you In-Reply-To: <37036E4B.971C52C3@team.owl-online.de> Message-ID: On Fri, 2 Apr 1999, Cord-H. Fricke wrote: > Thank you all for help!!! > Samba works fine with roaming profiles. > The only problem I got is that the user don4t use the NTConfig.Pol which > is in the netlogon-share. > Is there something wrong with the permissions or why does it not work?? > > Regards > > Cord > Cord, I have this working with the following. Redhat Linux 5.2 and Samba-2.0.3 Here are the relevant bits from smb.conf Global ... case sensitive = No preserve case = Yes ... [netlogon] comment = Network Logon Service Directory path = /home/samba/netlogon browseable = Yes create mask = 0755 locking = No root preexec = /home/samba/netlogon/logonscript %U %m and the policy file in /home/samba/netlogon -rwxrwxr-x 1 root root 16384 Apr 1 12:50 ntconfig.pol Hope this helps. Tony. --------------------------------------------------------------------- Tony Molloy. e-mail: tony.molloy@ul.ie Systems Manager. Dept. of CSIS. Phone: +353-61-202778 (DL) Univ. of Limerick. +353-61-333644 ext. 2778 Ireland. Fax: +353-61-330876 --------------------------------------------------------------------- From happy at opf.slu.cz Fri Apr 2 09:43:05 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:25:59 2003 Subject: Problems connecting to Samba PDC Message-ID: <37049129.AA934E18@opf.slu.cz> Hi guys, I have properly configured Samba-2.1.0 to act as a PDC for my Windows NTSP3 workstations. I added a computer account for one workstation and now that I try to connect to the domain, I get the following error message from the NT4 box: "The connection to the domain is already created. Before joining the domain you must disconnect". And this while I am logged on as administrator. Somebody any ideas what could be the cause? Petr Stastny -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990402/c423aa94/happy.vcf From happy at opf.slu.cz Fri Apr 2 09:57:42 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:25:59 2003 Subject: Problems connecting to Samba PDC Message-ID: <37049496.A9811167@opf.slu.cz> Hi guys, I have properly configured Samba-2.1.0 to act as a PDC for my Windows NTSP3 workstations. I added a computer account for one workstation and now that I try to connect to the domain, I get the following error message from the NT4 box: "The connection to the domain is already created. Before joining the domain you must disconnect". And this while I am logged on as administrator. Somebody any ideas what could be the cause? Petr Stastny From aryosukarno at earthlink.net Fri Apr 2 13:50:48 1999 From: aryosukarno at earthlink.net (Aryo K. Sukarno) Date: Tue Dec 2 02:25:59 2003 Subject: How to set permission Message-ID: <000001be7d0f$d08aa080$3eddf9d1@netliaison.com> Hello, I just installed samba as PDC, everything was seems to be normal without any errors. I used the Samba for storing the web files, however if I try to install frontpage server extension on the ntserver it alway failed saying that it can not set or read file permission for _vti_bin: initializing the SID failed. Is it possible to fix this? I'm using root as a user on the ntserver, and on the samba I also change the directory belong to the same user. Any help I will appreciate. Thank you Aryo From happy at opf.slu.cz Fri Apr 2 15:34:16 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:25:59 2003 Subject: Problems connecting to Samba PDC References: Message-ID: <3704E377.91A54833@opf.slu.cz> Thank you for this hint, Simon. Anyway, it still doesn't work, but the error message is now other. When I try to connect I get "Unable to connect to the domain master for this domain. Please ask the system administrator to check the computer account in the domain". And this I get even when I did everything exactly as I read it in the FAQ. In the logs I see the NT box communicates with the Samba PDC, but there are errors in it. my log seems as follow (with debug level set to 20): Transaction 2 of length 159 [1999/04/02 16:27:41, 5] lib/util.c:show_msg(494) size=155 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 [1999/04/02 16:27:41, 5] lib/util.c:show_msg(500) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=13 [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[0]=117 (0x75) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[1]=121 (0x79) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[2]=61440 (0xF000) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[3]=50 (0x32) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[4]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[5]=1729 (0x6C1) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[6]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[7]=11 (0xB) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[8]=18255 (0x474F) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[9]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[10]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[11]=212 (0xD4) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[12]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(510) smb_bcc=60 [1999/04/02 16:27:41, 10] lib/util.c:dump_data(3001) [000] 73 75 70 65 72 76 69 73 6F 72 00 53 55 50 45 52 supervis or.SUPER [010] 56 49 53 4F 52 24 00 41 44 4D 00 57 69 6E 64 6F VISOR$.A DM.Windo [020] 77 73 20 4E 54 20 31 33 38 31 00 00 57 69 6E 64 ws NT 13 81..Wind [030] 6F 77 73 20 4E 54 20 34 2E 30 00 00 ows NT 4 .0.. [1999/04/02 16:27:41, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 1729) [1999/04/02 16:27:41, 3] smbd/reply.c:reply_sesssetup_and_X(625) Domain=[ADM] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/04/02 16:27:41, 3] smbd/reply.c:reply_sesssetup_and_X(629) sesssetupX:name=[SUPERVISOR$] [1999/04/02 16:27:41, 6] param/loadparm.c:lp_file_list_changed(1817) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_ time: Fri Apr 2 16:16:02 1999 [1999/04/02 16:27:41, 10] lib/domain_namemap.c:lookupsmbpwntnam(1075) lookupsmbpwntnam: nt user name ADM\supervisor$ [1999/04/02 16:27:41, 10] lib/sids.c:split_domain_name(596) name 'ADM\supervisor$' split into domain:ADM and nt name:supervisor$' [1999/04/02 16:27:41, 10] lib/domain_namemap.c:load_name_map(526) initialising map [1999/04/02 16:27:41, 4] passdb/pass_check.c:pass_check(781) Checking password for user supervisor$ (l=10) [1999/04/02 16:27:44, 3] smbd/error.c:error_packet(138) error packet at line 721 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/04/02 16:27:44, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/04/02 16:27:44, 5] lib/util.c:show_msg(494) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [1999/04/02 16:27:44, 5] lib/util.c:show_msg(500) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=0 [1999/04/02 16:27:44, 5] lib/util.c:show_msg(510) smb_bcc=0 [1999/04/02 16:27:44, 6] lib/util_sock.c:write_socket(185) write_socket(6,39) [1999/04/02 16:27:44, 6] lib/util_sock.c:write_socket(188) write_socket(6,39) wrote 39 [1999/04/02 16:27:44, 10] lib/util_sock.c:receive_smb(493) receive_smb: length < 0! [1999/04/02 16:27:44, 3] smbd/process.c:smbd_process(810) end of file from client [1999/04/02 16:27:44, 2] smbd/server.c:exit_server(406) Closing connections [1999/04/02 16:27:44, 3] smbd/server.c:exit_server(431) Server exit (normal exit) Simon Barber wrote: > > I have properly configured Samba-2.1.0 to act as a PDC for my Windows > > NTSP3 workstations. I added a computer account for one workstation and > > now that I try to connect to the domain, I get the following error > > message from the NT4 box: > > "The connection to the domain is already created. Before joining the > > domain you must disconnect". > > And this while I am logged on as administrator. > > > > Somebody any ideas what could be the cause? > > I had the very same problem. It's caused when you have drives and/ or > printers mapped to the domain you're trying to connect to. I got > round this by disconnecting all drives and printers and then trying again. > > Simon > > ------------------------------------------------------------------------ > Simon Barber Systems Administrator > sbarber@mcg.co.uk Melville Craig Group > > The Rules of Combat > 4. The easy way is always mined. > ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990402/b34e7ddb/happy.vcf From happy at opf.slu.cz Fri Apr 2 16:43:41 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:25:59 2003 Subject: Problem connecting to a Samba PDC Message-ID: <3704F3BC.DAD1440F@opf.slu.cz> Simon Barber wrote: > > I have properly configured Samba-2.1.0 to act as a PDC for my Windows > > NTSP3 workstations. I added a computer account for one workstation and > > now that I try to connect to the domain, I get the following error > > message from the NT4 box: > > "The connection to the domain is already created. Before joining the > > domain you must disconnect". > > And this while I am logged on as administrator. > > > > Somebody any ideas what could be the cause? > > I had the very same problem. It's caused when you have drives and/ or > printers mapped to the domain you're trying to connect to. I got > round this by disconnecting all drives and printers and then trying again. > > Simon > > ------------------------------------------------------------------------ > Simon Barber Systems Administrator > sbarber@mcg.co.uk Melville Craig Group > > The Rules of Combat > 4. The easy way is always mined. > ------------------------------------------------------------------------ Thank you for this hint, Simon. Anyway, it still doesn't work, but the error message is now other. When I try to connect I get "Unable to connect to the domain master for this domain. Please ask the system administrator to check the computer account in the domain". And this I get even when I did everything exactly as I read it in the FAQ. In the logs I see the NT box communicates with the Samba PDC, but there are errors in it. my log seems as follow (with debug level set to 20): Transaction 2 of length 159 [1999/04/02 16:27:41, 5] lib/util.c:show_msg(494) size=155 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 [1999/04/02 16:27:41, 5] lib/util.c:show_msg(500) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=13 [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[0]=117 (0x75) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[1]=121 (0x79) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[2]=61440 (0xF000) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[3]=50 (0x32) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[4]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[5]=1729 (0x6C1) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[6]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[7]=11 (0xB) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[8]=18255 (0x474F) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[9]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[10]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[11]=212 (0xD4) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(505) smb_vwv[12]=0 (0x0) [1999/04/02 16:27:41, 5] lib/util.c:show_msg(510) smb_bcc=60 [1999/04/02 16:27:41, 10] lib/util.c:dump_data(3001) [000] 73 75 70 65 72 76 69 73 6F 72 00 53 55 50 45 52 supervis or.SUPER [010] 56 49 53 4F 52 24 00 41 44 4D 00 57 69 6E 64 6F VISOR$.A DM.Windo [020] 77 73 20 4E 54 20 31 33 38 31 00 00 57 69 6E 64 ws NT 13 81..Wind [030] 6F 77 73 20 4E 54 20 34 2E 30 00 00 ows NT 4 .0.. [1999/04/02 16:27:41, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 1729) [1999/04/02 16:27:41, 3] smbd/reply.c:reply_sesssetup_and_X(625) Domain=[ADM] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/04/02 16:27:41, 3] smbd/reply.c:reply_sesssetup_and_X(629) sesssetupX:name=[SUPERVISOR$] [1999/04/02 16:27:41, 6] param/loadparm.c:lp_file_list_changed(1817) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_ time: Fri Apr 2 16:16:02 1999 [1999/04/02 16:27:41, 10] lib/domain_namemap.c:lookupsmbpwntnam(1075) lookupsmbpwntnam: nt user name ADM\supervisor$ [1999/04/02 16:27:41, 10] lib/sids.c:split_domain_name(596) name 'ADM\supervisor$' split into domain:ADM and nt name:supervisor$' [1999/04/02 16:27:41, 10] lib/domain_namemap.c:load_name_map(526) initialising map [1999/04/02 16:27:41, 4] passdb/pass_check.c:pass_check(781) Checking password for user supervisor$ (l=10) [1999/04/02 16:27:44, 3] smbd/error.c:error_packet(138) error packet at line 721 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/04/02 16:27:44, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/04/02 16:27:44, 5] lib/util.c:show_msg(494) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [1999/04/02 16:27:44, 5] lib/util.c:show_msg(500) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=0 [1999/04/02 16:27:44, 5] lib/util.c:show_msg(510) smb_bcc=0 [1999/04/02 16:27:44, 6] lib/util_sock.c:write_socket(185) write_socket(6,39) [1999/04/02 16:27:44, 6] lib/util_sock.c:write_socket(188) write_socket(6,39) wrote 39 [1999/04/02 16:27:44, 10] lib/util_sock.c:receive_smb(493) receive_smb: length < 0! [1999/04/02 16:27:44, 3] smbd/process.c:smbd_process(810) end of file from client [1999/04/02 16:27:44, 2] smbd/server.c:exit_server(406) Closing connections [1999/04/02 16:27:44, 3] smbd/server.c:exit_server(431) Server exit (normal exit) What can I do with this? Petr Stastny -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990402/a53a4cf3/happy.vcf From jeff.tejnecky at apexmail.com Fri Apr 2 17:32:03 1999 From: jeff.tejnecky at apexmail.com (Jeff Tejnecky) Date: Tue Dec 2 02:25:59 2003 Subject: Samba and ZAK Message-ID: <3704FF13.70E46F87@apexmail.com> Has anyone had any success with using Samba as the PDC in a Microsoft Zero Administration Kit setup? Any help or reference to information would be appreciated. From chris at netquarters.net Fri Apr 2 21:39:32 1999 From: chris at netquarters.net (Christopher Robert Woods) Date: Tue Dec 2 02:25:59 2003 Subject: Authentication errors & nmbd message. Message-ID: <199904022138.QAA15197@tautog.netquarters.net> I am getting authentication errors from win '95 machines when they login. These errors are showing up in /var/log/messages. LINUX PAM_pwdb[904]: 1 authentication failure; (uid=0) -> jen for samba service LINUX PAM_pwdb[895]: 1 authentication failure; (uid=0) -> chris for samba service. However, I am able to browse samba shares just fine. Thoughts? Also I am getting this error many times: LINUX inetd[268]: /usr/loca/samba/bin/nmbd: exit status 0x1 Is this just happening because people are rebooting or is there something else?  Thans! From mhaigh at village.vu.edu.au Sat Apr 3 12:36:27 1999 From: mhaigh at village.vu.edu.au (Mick Haigh) Date: Tue Dec 2 02:25:59 2003 Subject: Samba and ZAK References: <3704FF13.70E46F87@apexmail.com> Message-ID: <37060B4B.DFD68E5A@village.vu.edu.au> Jeff Tejnecky wrote: > Has anyone had any success with using Samba as the PDC in a Microsoft > Zero Administration Kit setup? Any help or reference to information > would be appreciated. Yup. I've got two labs (32 machines) running ZAK from a Samba PDC. I'm using the CVS code from Feb 21 at the moment because it seems to work really well, but I have had it running well at various times with much older versions of the code. I'm using the newer code now because it offers much better support for NT groups (which you will find handy). I'm kinda busy right at the moment with work and I won't be around for the next couple of days (going home for Easter) but if you have any specific questions feel free to ask. (If you're lucky I might even document the process of setting the whole thing up in the next couple of weeks). Have fun. Mick From lkcl at switchboard.net Sat Apr 3 01:50:27 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:00 2003 Subject: Samba and ZAK In-Reply-To: <37060B4B.DFD68E5A@village.vu.edu.au> Message-ID: On Sat, 3 Apr 1999, Mick Haigh wrote: > Jeff Tejnecky wrote: > > > Has anyone had any success with using Samba as the PDC in a Microsoft > > Zero Administration Kit setup? Any help or reference to information > > would be appreciated. > > Yup. I've got two labs (32 machines) running ZAK from a Samba PDC. I'm cool! what's ZAK? > I'm kinda busy right at the moment with work and I won't be around for > the next couple of days (going home for Easter) but if you have any > specific questions feel free to ask. (If you're lucky I might even > document the process of setting the whole thing up in the next couple of > weeks). go on, you know you want to. put another notch in the spear for samba. From dave at www.buffalostate.edu Sat Apr 3 02:11:09 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:00 2003 Subject: Samba and ZAK In-Reply-To: Message-ID: > > > Has anyone had any success with using Samba as the PDC in a Microsoft > > > Zero Administration Kit setup? Any help or reference to information > > > would be appreciated. > > > > Yup. I've got two labs (32 machines) running ZAK from a Samba PDC. I'm > > cool! what's ZAK? Zero Administration Kit Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From soporte at sentinel.com.ar Sat Apr 3 02:42:40 1999 From: soporte at sentinel.com.ar (Hernan Ochoa) Date: Tue Dec 2 02:26:00 2003 Subject: Kerberos authentication Message-ID: Hi! >GINAs are not an appropriate place to provide alternative authentication. >microsoft is fully aware of this and deliberately does not provide any >information about the more appropriate API interface (the Local Security >Authority) except if you pay them extortionate amounts of money and if >they like the way that you smell. >therefore, the only _public_ way to provide alternative authentication is >to have a GINA that calls into MSGINA once you have "done your own thing" >sufficient to fool MSGINA into thinking that the [Kerberos, NIS etc] user >exists. GINA is more adecuate to change the "interface" of the login, i think. if you want to change the method of authentication you should use a subauthentication package, or an authentication package. the default authentication package is msv1_0.dll, here is where all the code that compares the hash of your password with the local or remote sam database resides. you can also write a subauthentication package that can do EXTRA authentication, and if that extra authentication fails, the logon is failed. to write a new authentication package would be the rigth thing. The LSA API is documented in LSAAUTH.HLP, i've being doing some research on this lately, do you know this documentation? it doesn't contain everything you need? Microsoft has done some nasty tricks with this file. if you read the help file sequentially, you won't find the CRUCIAL sections where the LSA API is documented, they're missing. but if you go to the index, or do a search, you will see all that important parts that you were looking for. yes, another one from microsoft, unbelievable. i think there's everything you need, i didn't read the API too much because i didn't need it for what i was trying to accomplish, now that i remember, maybe it was too much oriented towards the MSV1_0 API, anyway, i have "researched" msv1_0.dll so if you need everything maybe i can help. Hernan Ochoa hochoa@core-sdi.com Core-SDI Information Security http://www.core-sdi.com From clive at clara.net Sat Apr 3 10:03:01 1999 From: clive at clara.net (Clive Flint) Date: Tue Dec 2 02:26:00 2003 Subject: Samba and ZAK References: Message-ID: <3705E754.24C6A851@clara.net> > > > Yup. I've got two labs (32 machines) running ZAK from a Samba PDC. I'm > > cool! what's ZAK? Zero Administration Kit. Find it at www.microsoft.com > > specific questions feel free to ask. (If you're lucky I might even > > document the process of setting the whole thing up in the next couple of > > weeks). > > go on, you know you want to. put another notch in the spear for samba. Great idea! Clive Flint clive@clara.net From gabriel.h at mail.utexas.edu Sat Apr 3 18:41:10 1999 From: gabriel.h at mail.utexas.edu (Gabe Harriman) Date: Tue Dec 2 02:26:00 2003 Subject: Samba as PDC Problem Message-ID: <001201be7e01$8b7329c0$0200a8c0@kozmo.com> I'm having a problem getting Samba to become a PDC. Whenever I view it on my Server Manager, it claims to be a Backup NT Server. I have followed the directions on the website precisely, and it still doesn't work. I don't have any other NT Servers on my domain, so there shouldn't be a conflict. Also, when I try and upgrade it to a PDC thru the Server Manager, it tells me that "The RPC server is unavailable". Can someone please help me fix this? Thanks Gabe Harriman -------------- next part -------------- HTML attachment scrubbed and removed From greg at discreet.com Sat Apr 3 23:52:36 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:00 2003 Subject: Samba as PDC Problem In-Reply-To: <001201be7e01$8b7329c0$0200a8c0@kozmo.com> Message-ID: Gabe, samba will not respond to most commands thru the server manager (yet). I'm betting it is simply a display problem. Try adding a machine to the domain, if it works it is in fact functioning as a PDC... Greg On 03-Apr-99 Gabe Harriman wrote: > This is a multi-part message in MIME format. > > ------=_NextPart_000_000F_01BE7DCF.409D3760 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > I'm having a problem getting Samba to become a PDC. Whenever I view it = > on my Server Manager, it claims to be a Backup NT Server. I have = > followed the directions on the website precisely, and it still doesn't = > work. I don't have any other NT Servers on my domain, so there = > shouldn't be a conflict. Also, when I try and upgrade it to a PDC thru = > the Server Manager, it tells me that "The RPC server is unavailable". = > Can someone please help me fix this? Thanks > > Gabe Harriman > > ------=_NextPart_000_000F_01BE7DCF.409D3760 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > http-equiv=3DContent-Type> > > > > >
I'm having a problem getting Samba to become a = > PDC. =20 > Whenever I view it on my Server Manager, it claims to be a Backup NT=20 > Server.  I have followed the directions on the website precisely, = > and it=20 > still doesn't work.  I don't have any other NT Servers on my = > domain, so=20 > there shouldn't be a conflict.  Also, when I try and upgrade it to = > a PDC=20 > thru the Server Manager, it tells me that "The RPC server is = > unavailable". =20 > Can someone please help me fix this?  Thanks
>
 
>
Gabe Harriman
> > ------=_NextPart_000_000F_01BE7DCF.409D3760-- ---------------------------------- greg dickie just a guy* *from discreet logic Linux, the choice of a GNU generation! ---------------------------------- From canfield at uindy.edu Sun Apr 4 04:00:51 1999 From: canfield at uindy.edu (Canfield) Date: Tue Dec 2 02:26:00 2003 Subject: mail using Netscape Mail over samba ? References: Message-ID: <3706E3F3.9446BA4C@uindy.edu> It may not work for your application, but using Netscape 4.5 with mod_roaming & apache is great. It's cross platform, and it works cleanly. We just rename the "guest" application to Netscape Communicator, and other than the login screen, nobody knows the difference (though it's much better if you use the free Client Customixation Kit to lock the roaming configuration). Dana Tulassay Zsolt wrote: > Hi folks, > (as far as I can remember, this is my first mail ever sent to an > english mailing list, and surely the first to a samba-list.) > > I am the proud administrator of a Linux box running RedHat 5.2 and > samba-1.9.18p10 (2.0.3 didn't work properly but that's not my > problem here). The samba server provides domain logon for the > windows machines in our network. The whole thing has only been > running for two days now, so I'm just starting to configure it. > Just to be clear, there are machines which are used by only one > person, but there are others which are used by lots of users > simultaneously. But all of them are runnng Win95/98. > > My problem is how to provide email service for our users, ie. > which mailer software to use and over which protocol (POP/IMAP/etc). > I had an idea, namely that if a user logs on the samba server, > he can access his UNIX mail folders directly through his home dir. > So what if I tried to set up Netscape Communicator to use H:\mail as > the mail directory (where H: is the drive letter where the home dirs > get mounted) and so I could avoid having to use IMAP (I had lots of > trouble using IMAP earlier). > > I gave it a try and it seemed to work. But then came the real > problem, you may already know what I mean: Communicator puts user > settings into various files on the hard drive to which pointers > are made in HKEY_LOCAL_MACHINE in the registry. Which is machine > dependant. So I couldn't get it to handle the different settings for > different users. > > I had first the idea to add some registry keys at every logon > which could fix this up, but then I couldn't manage to get it right. > Then I thought about the Roaming Profiles, installed the Apache module > mod_roaming, and seemed happy, but it turned out, that Netscape tried > to use the same roaming access profile every time, regardless of the > username I used to log in to the samba server. > And I couldn't find any hint where it stores the roaming access > settings locally (I didn't find anything in the registry). > > What I'd like to achieve is, that if somebody logs in to our domain, > he could read his email through some Windows mail client software > regardless of which computer he uses to log in from. > (after all it can be some other than Netscape Mail as well, I just > thought NSMail would be the easiest way to go). > > If somebody managed to get this right, I would really appreciate if > he could help me. Well, if you have a solution based on IMAP, I don't > mind. I have to admit I don't even know how to get to work NSMail > using IMAP on the windows boxes). > > Or if you could name me some mail clients that work together > with Navigator and put their stuff into HKCU I would be fairly > happy with that as well. > > Sorry for the long letter. > TIA, > > Zsolt Tulassay > > PS please CC to me, I only get the digest From simar at gmx.net Sun Apr 4 22:56:19 1999 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:26:00 2003 Subject: forgotten function ? Message-ID: <3707EE13.23F4214F@gmx.net> smbd/password.o: In function `check_user_equiv': smbd/password.o(.text+0x16d8): undefined reference to `yp_get_default_domain' lib/username.o: In function `user_in_netgroup_list': lib/username.o(.text+0x4f6): undefined reference to `yp_get_default_domain' lib/access.o: In function `string_match': lib/access.o(.text+0x10e): undefined reference to `yp_get_default_domain' thats the output when i try to compile the CVS-tree my system is linux 2.2.5 with glibc 2.0.6 can anyone help From JOERG.KILIAN.JK at bayer-ag.de Sun Apr 4 23:01:38 1999 From: JOERG.KILIAN.JK at bayer-ag.de (JOERG.KILIAN.JK@bayer-ag.de) Date: Tue Dec 2 02:26:00 2003 Subject: Joerg Kilian ist au?er Haus. Message-ID: <0006800010125699000002L092*@MHS> Ich werde au?er Haus sein von 02.04.99 Bis 18.04.99. Ich werde Ihre Nachrichten nach meiner R?ckkehr beantworten. From brissing at vexcel.com Sat Apr 3 00:58:35 1999 From: brissing at vexcel.com (Dean Brissinger) Date: Tue Dec 2 02:26:00 2003 Subject: 2.0.3 missing support.... Message-ID: Quick question: With Samba 2.0.3 as my PDC I cannot control domain users and groups permission settings through the NT explorer (I want to lock down C:\WinNT for Domain Admin's only). If I setup a BDC and give it the Samba domain, will it answer the RPC calls required to do this sort of thing (in the mean time until Samba supports them, anyway)? From kevinc at grainsystems.com Mon Apr 5 14:36:33 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:26:00 2003 Subject: Password change using Samba PDC References: Message-ID: <3708CA71.12D78A88@grainsystems.com> We're using the latest CVS source and are having trouble getting clients to be able to change their password. Problem #1 is that Win95 clients can't seem to even find the Samba PDC when they execute a password change via the control panel's "MS Networking" password change. I've tried watching the Samba PDC for any inkling of a response. It never gets their call, so to speak. Any ideas on what is going wrong there? (I doubt it is a Samba issue.) Attempting to bypass problem 1 for the moment, we have tried issueing the password change from the dos shell in 95 ("net password /domain:SAMBADOM myusername"). This _does_ contact the Samba PDC, but Samba complains that the old password is incorrect. The exact failure occurs in smbd/chgpasswd.c, and indeed, the hashes it is comparing are different (it does a memcmp). Are we missing some obvious setting, or is this a real problem? Interestingly enough, smbpasswd as root works fine (users can then login to the domain), but smbpasswd as the user fails to correctly verify their old SMB password. Of course, this code is elsewhere. Is this related? Any ideas would be most welcome. We are trying very hard here to get a Samba PDC working, with the eventual plan to switch over perhaps a dozen NT servers. Thanks. - Kevin Colby kevinc@grainsystems.com From jaeger at morpheus.net Mon Apr 5 17:15:46 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:26:00 2003 Subject: BDC question Message-ID: <3708EFC2.E2CA1713@morpheus.net> I'm sure this has been asked on the list before, so I'll just ask for pointers on the subject. I'm wondering if I can set up a samba BDC with an NT PDC. I'm still looking around in the samba doco, so I may just be missing something, but it seems to me that the doco is all geared towards using samba as PDC. Anyone have any pointers to doco I should look at for a BDC setup? Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From lkcl at switchboard.net Mon Apr 5 17:54:35 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:00 2003 Subject: Kerberos authentication In-Reply-To: <19990403024315Z12859677-4937+274@samba.anu.edu.au> Message-ID: On Sat, 3 Apr 1999, Hernan Ochoa wrote: > Hi! > > > > > >GINAs are not an appropriate place to provide alternative authentication. > >microsoft is fully aware of this and deliberately does not provide any > >information about the more appropriate API interface (the Local Security > >Authority) except if you pay them extortionate amounts of money and if > >they like the way that you smell. > >therefore, the only _public_ way to provide alternative authentication is > >to have a GINA that calls into MSGINA once you have "done your own thing" > >sufficient to fool MSGINA into thinking that the [Kerberos, NIS etc] user > >exists. > > GINA is more adecuate to change the "interface" of the login, i think. correct. > if you want to change the method of authentication you should use a subauthentication > package, or an authentication package. also correct. > the default authentication package is msv1_0.dll, here is where all the code that compares the hash of your password with the local or remote sam database resides. and for nt5, there is an additional one: kerberos.dll. > you can also write a subauthentication package that can do EXTRA authentication, and if that extra authentication fails, the logon is failed. this is specific to msv1_0.dll: they have a further extension system. you are _still_ required to have an account in the SAM database and there is no API in the msv1_0.dll subauthentication system to create _new_ accounts. > to write a new authentication package would be the rigth thing. agreed. > The LSA API is documented in LSAAUTH.HLP, ur... no it's not. LSAAUTH.HLP has been completely truncated and contains, for developer purposes, absolutely no useful information. > i've being doing some research on this lately, do you know this > documentation? yes i do. > it doesn't contain everything you need? of course not. > Microsoft has done some nasty tricks with this file. if you read the > help file sequentially, you won't find the CRUCIAL sections where the > LSA API is documented, they're missing. but if you go to the index, or > do a search, you will see all that important parts that you were > looking for. no, you will find that the _client-side_ API is fully documented. the server side is missing. i have some other documentation (the server side function prototypes) and this is semi-sufficient: it has no explanation. if you have the IFS kit it contains ntifs.h which also contains the necessary function prototypes and the higher-order function prototype table. > yes, another one from microsoft, unbelievable. > > i think there's everything you need, i didn't read the API too much > because i didn't need it for what i was trying to accomplish, now that > i remember, maybe it was too much oriented towards the MSV1_0 API, it is. well, actually, it's "too much orientated" towards NT "profile" information. > anyway, i have "researched" msv1_0.dll so if you need everything maybe > i can help. if one person writes a dummy authentication package and releases it under the GPL we're in business. luke From lkcl at switchboard.net Mon Apr 5 18:06:11 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:00 2003 Subject: Samba and ZAK In-Reply-To: Message-ID: > > go on, you know you want to. put another notch in the spear for samba. > > Hehe. Ok Luke - you've convinced me. Is there anyplace in particular I > should send drafts to for checking/inclusion in the distribution? well, if you send urls i tend not to look at them, it's a pain (alt-f1 lynx http://www. alt-f6 alt-f1 ^H^H^H^H foo.bar. alt-f6 alt-f1 baz.com/ ... etc) if you send it as inline text to one of the lists ntdom or tech, as long as it's < 40,000 chars it'll get through and then lots of people will get to see it and maybe even review it. lukes From lkcl at switchboard.net Mon Apr 5 19:00:33 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:00 2003 Subject: site poll. Message-ID: occasionally i feel like i and other people would like to know how samba is being used. if you feel so inclined, could people kindly let us know some of the things below (pick one or more or all), such as: - a brief description of your organisation. - what you use samba for (e.g as file servers; login servers; backup purposes or remote admin with smbclient or rpcclient). - what version(s) of samba you are using. if using a version from cvs please include date and tag. - what server(s), including the specification (OS, ram, hdd, network, rough estimate of mb/s throughput at peak load would be excellent if you can get it) - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and how many simultaneous users. - what sort of hosts connect to your servers. i should probably be advocating people to fill in the survey instead of this :) thank you! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From cfandre at minn.net Mon Apr 5 20:00:41 1999 From: cfandre at minn.net (Clay Fandre) Date: Tue Dec 2 02:26:00 2003 Subject: Compiling on HP-UX 10.10 Message-ID: <37091669.53CEC934@minn.net> I am getting a buch of errors when trying to compile the CVS or 2.0.3 versions of samba on a HP-UX 10.10 machine. Anyone know why? I am using gcc 2.8.1. Here's the error message: Compiling passdb/pass_check.c passdb/pass_check.c: In function `password_check': passdb/pass_check.c:728: warning: passing arg 1 of `strcmp' makes pointer from nteger without a cast passdb/pass_check.c: In function `pass_check': passdb/pass_check.c:792: warning: assignment makes pointer from integer without a cast passdb/pass_check.c:793: dereferencing pointer to incomplete type passdb/pass_check.c:794: dereferencing pointer to incomplete type passdb/pass_check.c:812: warning: initialization makes pointer from integer wit out a cast passdb/pass_check.c:813: dereferencing pointer to incomplete type passdb/pass_check.c:814: dereferencing pointer to incomplete type *** Error exit code 1 Stop. Thanks. Clay Fandre From fred at cs.byu.edu Mon Apr 5 21:55:04 1999 From: fred at cs.byu.edu (Fred Clift) Date: Tue Dec 2 02:26:02 2003 Subject: Compiling on HP-UX 10.10 Message-ID: <199904052137.PAA17494@mail.cs.byu.edu> I had a very similar problem with the CVS from a month ago or so... I figured out what this was. Let me guess -- you've got gcc installed? and the installation was done on a slightly different version of hpux 10.10 (ie different patch level, or trusted-vs-nontrusted etc). And, you're trying to build with gcc. The problem might be that gcc built it's private copies of all the system include files before /usr/include/security.h was installed. If you look at the lines in pass_check.c they're probably ones that are doing 'secure password structure' mucking. This structure is defined in the above header file and since gcc doesn't have it, you dont end up getting definitions of some critical stuff. Two things you can do: 1) if you have the 'for fee' compilier, do the equivalent setenv CC cc ./configure and then try and build (forcing configure to not use gcc) or 2) rebuild gcc on the machine you're trying to build samba on and use that. > >Compiling passdb/pass_check.c >a cast >passdb/pass_check.c:793: dereferencing pointer to incomplete type >passdb/pass_check.c:794: dereferencing pointer to incomplete type >passdb/pass_check.c:812: warning: initialization makes pointer from >integer wit >out a cast >passdb/pass_check.c:813: dereferencing pointer to incomplete type >passdb/pass_check.c:814: dereferencing pointer to incomplete type >*** Error exit code 1 > -- Fred Clift - fred@cs.byu.edu Systems Manager - Computer Science - BYU Remember: if brute force doesn't work, you're just not using enough. From svedja at lysator.liu.se Mon Apr 5 21:44:26 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:26:02 2003 Subject: Domain-login "bug" found Message-ID: I finaly tracked down an "unwanted" feature in Samba's domain-code. The users could log into a machine that was in the domain as long as they had the correct letters & numbers in the right place in their password, but wrong capitalization (!= correct password). The login sequence would pass then pass the first phase of of checking the user and let the user log in to the machine. This part is done in the RPC-code entirely, if I understood it correctly. Then the other part of login would start, the NT4 tries to mount the NETLOGON, the user homedir, and start the login-script. All would fail because the password is incorrect in the NTMAN-passwd. As a result the login would be totaly messed up, many programs would be set up incorrectly and users would be told to talk to sysadmin in a 30-second message (that you can't pause. MS thinks the whole world read english fluently!). I'm sure more people than I have had this problem. And the problem does NOT exist in a NT4wks with NT4server combination. It's a Samba problem and potentialy a security problem as people can get access to workstations without knowing the correct capitalization, even if NT4 (NT3.x ?) send the correct in NT-hash. I don't have to tell you how many strange problems this has lead to. It took several months until an users pointed out the way to reproduce the problem with missing shares. Just log in on a NT4 with a correct username and wrong capitalization in password and you got it! You get access to the machine but no shares on the samba-server. The "bug" is in an "and" statement that I changed to "or" to get the wanted effect. source/rpc_server/srv_netlog.c (in Samba-2.0.3) in the function net_login_interactive has this code: if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 && memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0) { status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } Note that the "&&" statement is the problematic part as BOTH the lanman and the ntman passwords have to fail to generate the "incorrect password" error. It the NT4-user logs in with "correct" password with wrong capitalization, the lanman-password would be correct, effectivly telling the system that password is OK. Then in the non-RPC part it would fail in "phase-2" of domain-login. The quick solution for NT-only domains: By changing the code from "&&" to "||" the code enforce that BOTH lanman and ntman password has to be correct to avoid the "incorrect password" message. Incorrect capitalization will not be accepted any more in domain-login! The kludge only affects domain-login and not workgroup-logins as it is in the RPC-code. Also, it is useless in mixed NT4/Win9* domains as Win9* generates only lanman-passwords and will allways fail in the code as ntman is allways incorrect. The real solution would be to make samba check only lanman-passwd on Win9* domain-logins and in NT4-case lanman and if needed ntman as generating it is optional on NT4. The non-rpc part of code does like that today and that is why is fails on subsequent mounting of shares in "phase-2" due to incorrect ntman-password, yes ? Dejan -- ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] --- source/rpc_server/srv_netlog.c.ORIG Tue Dec 15 02:21:11 1998 +++ source/rpc_server/srv_netlog.c Mon Apr 5 22:17:46 1999 @@ -531,7 +531,7 @@ dump_data(100, nt_pwd, 16); #endif - if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 && + if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 || memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0) { status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD; From dave at www.buffalostate.edu Mon Apr 5 21:44:50 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:02 2003 Subject: site poll. In-Reply-To: Message-ID: > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: > > - a brief description of your organisation. Educational Institution (College) > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). > File print, and login servers. Currently have about 10 or more samba servers, with upwards of probably 100 gigs of combined storage space. > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. 1.9.18p10 on most machines. Will waiting a bit before jumping to the 2.0/2.1 tress, as 1.9.18 has been so stable. > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) Most servers are Ppro/PII 200 or faster. The current fastest samba server is a Dell 2300 with PII 450, 256Megs rams, and 30-50 gigs of RAID space. with dual 100Mbit ethercards in it. Currently its not being pushed too hard. During tests though it can saturate the 100Mbit lan connection. > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. tough to say, as we use a lot of "generic" users for public access workstations, but there always 50-200 simultaneous connections running (each user might get up to 15 drives). > > - what sort of hosts connect to your servers. Win95 mostly, some winNT. (though they can sometimes act strangely..) > Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From webber at sj.univali.rct-sc.br Tue Apr 6 00:17:24 1999 From: webber at sj.univali.rct-sc.br (Celso Kopp Webber) Date: Tue Dec 2 02:26:02 2003 Subject: Slow speed connection Message-ID: Hi all, Since my CVSed version from 03/30/99, although domain logons work fine, they're VERY slow. When any user logs in, in almost cases NT workstation says it has detected a slow connection, and ask with you want to use local profiles or bla bla bla. Sometimes it does not show this message. In fact, my Samba PDC is about 760 accounts large, and when adding any ACL permission the list is not shown, although if I do a "search" and then add that user to the ACL it works ok. Is that normal? I'm not including my smb.conf since I have an identical machine with just a few accounts (5) and it works fine. So, I was wondering if is there any performance issues regarding the number of users in smbpasswd? In a previous message, I've pointed out that I've found out that Samba users only a single number space for both UIDs and GIDs when dealing with ACLs, is that correct? Thanks in advance, Prof. Celso Kopp Webber mailto://webber@sj.univali.rct-sc.br Universidade do Vale do Itajai' - UNIVALI Campus Sao Jose - Sao Jose, SC Administracao de Redes Rod. SC 407, Km. 4 88122-000 Sao Jose-SC Brazil Fone: +55 (48) 281-1505 Fax: +55 (48) 281-1506 From G.Klein at edelmann.de Tue Apr 6 06:55:12 1999 From: G.Klein at edelmann.de (Gerhard Klein) Date: Tue Dec 2 02:26:02 2003 Subject: Compiling on HP-UX 10.10 References: <37091669.53CEC934@minn.net> Message-ID: <3709AFD0.1B5AF52C@edelmann.de> There are two bugs in shadow.h. Bug 1: If you haven't patched your system, you will find following lines in /usr/include/shadow.h: extern struct spwd * getspnam(char *); extern int lckpwdf(void), <------- replace , with ; extern int ulckpwdf(void); Delete config.cache and run configure again. Bug 2: If you make 2.0.3 you get a lot of warnings like: In file included from /usr/include/hpsecurity.h:22, from /usr/include/shadow.h:8, from include/includes.h:285, from smbd/server.c:22: /usr/include/values.h:27: warning: `MAXINT' redefined The warnings are o.k. :) If you make 2.1.0 you get your errors again: > Compiling passdb/pass_check.c > passdb/pass_check.c: In function `password_check': > passdb/pass_check.c:728: warning: passing arg 1 of `strcmp' makes > pointer from > nteger without a cast > passdb/pass_check.c: In function `pass_check': > passdb/pass_check.c:792: warning: assignment makes pointer from integer > without > a cast > passdb/pass_check.c:793: dereferencing pointer to incomplete type > passdb/pass_check.c:794: dereferencing pointer to incomplete type > passdb/pass_check.c:812: warning: initialization makes pointer from > integer wit > out a cast > passdb/pass_check.c:813: dereferencing pointer to incomplete type > passdb/pass_check.c:814: dereferencing pointer to incomplete type > *** Error exit code 1 In 2.0.3 there is a workaround in configure for the second HPUX bug. The samba-team leave it out in 2.1.0 :(( Try the attached patch to put in the workaround. Gerhard -- http://www.edelmann.de mailto:G.Klein@edelmann.de Phone: +49 7321 340 368 Fax: +49 7321 340 363 -------------- next part -------------- *** configure.orig Fri Mar 19 09:47:08 1999 --- configure Fri Mar 19 09:44:27 1999 *************** *** 1811,1816 **** --- 1811,1851 ---- fi done + # + # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT. + # This causes configure to fail to detect it. Check for shadow separately on HPU + X. + # + case "$host_os" in + *hpux*) + cat > conftest.$ac_ext < + int main() { + struct spwd testme + ; return 0; } + EOF + if { (eval echo configure:2028: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; + }; then + rm -rf conftest* + ac_cv_header_shadow_h=yes + else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_shadow_h=no + fi + rm -f conftest* + if test x"$ac_cv_header_shadow_h" = x"yes"; then + cat >> confdefs.h <<\EOF + #define HAVE_SHADOW_H 1 + EOF + + fi + ;; + esac + for ac_hdr in shadow.h netinet/tcp.h sys/security.h security/pam_appl.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` From happy at opf.slu.cz Tue Apr 6 08:29:00 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:02 2003 Subject: unable to connect to a Samba PDC Message-ID: <3709C5CC.51291388@opf.slu.cz> Hi, when I try to connect to my Samba PDC from WNT SP3, then after maybe 5 sec I get the following error message: "Unable to connect to the domain controller for this domain. Please ask the administrator to check the computer account in the domain." I did everything as described in the FAQ, I use the last development branch of Samba. When I examine the log of the client I see an error message in the form "[1999/04/06 09:20:20, 10] lib/util_sock.c:receive_smb(497) receive_smb: length<0!". This is obviously an error but I don't know on which side - on the Samba side or on the workstation side. How to solve it / what could be the cause? Thank you for your hints. Petr Stastny -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990406/09931164/happy.vcf From happy at opf.slu.cz Tue Apr 6 10:14:05 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:02 2003 Subject: unable to connect to a Samba PDC Message-ID: <3709DE6D.B6B6DDC9@opf.slu.cz> Hi, when I try to connect to my Samba PDC from WNT SP3, then after maybe 5 sec I get the following error message: "Unable to connect to the domain controller for this domain. Please ask the administrator to check the computer account in the domain." I did everything as described in the FAQ, I use the last development branch of Samba. When I examine the log of the client I see an error message in the form "[1999/04/06 09:20:20, 10] lib/util_sock.c:receive_smb(497) receive_smb: length<0!". This is obviously an error but I don't know on which side - on the Samba side or on the workstation side. How to solve it / what could be the cause? Thank you for your hints. Petr Stastny From mbreuer at Siac.COM Tue Apr 6 12:49:47 1999 From: mbreuer at Siac.COM (mbreuer@Siac.COM) Date: Tue Dec 2 02:26:02 2003 Subject: Compiling on HP-UX 10.10 References: <37091669.53CEC934@minn.net> Message-ID: <199904061256.IAA08652@pub.siac.com> I had the same problem. I believe there are HP patches which address this, but I just made a small change to 'configure.' In 'configure' there is a line around 1816 (head branch from Feb 25 something like... for ac_hdr in shadow.h netinet/tcp.h sys/security.h security/pam_appl.h Add the file hpsecurity.h to this line. There was another related change necessary in 2.0.0, as well as a correction to one of the HP include files (sorry, don't remember which, but HP did supply a patch). Clay Fandre wrote: > I am getting a buch of errors when trying to compile the CVS or 2.0.3 > versions of samba on a HP-UX 10.10 machine. Anyone know why? I am using > gcc 2.8.1. Here's the error message: > > Compiling passdb/pass_check.c > passdb/pass_check.c: In function `password_check': > passdb/pass_check.c:728: warning: passing arg 1 of `strcmp' makes > pointer from > nteger without a cast > passdb/pass_check.c: In function `pass_check': > passdb/pass_check.c:792: warning: assignment makes pointer from integer > without > a cast > passdb/pass_check.c:793: dereferencing pointer to incomplete type > passdb/pass_check.c:794: dereferencing pointer to incomplete type > passdb/pass_check.c:812: warning: initialization makes pointer from > integer wit > out a cast > passdb/pass_check.c:813: dereferencing pointer to incomplete type > passdb/pass_check.c:814: dereferencing pointer to incomplete type > *** Error exit code 1 > > Stop. > > Thanks. > > Clay Fandre From happy at opf.slu.cz Tue Apr 6 14:58:11 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:02 2003 Subject: Unable to connect to domain Message-ID: <370A2103.D3ED95BF@opf.slu.cz> When I try to connect to a Samba PDC, I get following error in the log of connecting client: [1999/04/06 15:52:26, 10] lib/util_sock.c:receive_smb(493) receive_smb: length < 0! (with debug level set to 20) What can cause this? I had set up all correctly, added a machine account as described in the FAQ, but I am unable to connect to the domain. I use Samba 2.1.0. Thanks for any help. Petr Stastny -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990406/34c99a48/happy.vcf From jamest at math.ksu.edu Tue Apr 6 15:03:36 1999 From: jamest at math.ksu.edu (James Thompson) Date: Tue Dec 2 02:26:02 2003 Subject: CVS or 2.0.3? Message-ID: Hello, I'm currently using samba as a PDC for a small group of NT workstations. The code is CVS from before the 2.0.x series was released, but it works and if it isn't broke..... Anyway, I'm also using the last of the 1.x series on a more critical network. I'd really like to merge these two networks back into one server. Since the old CVS code has been rock solid for my needs I'm tempted to attempt to run a new cvs copy rather than 2.0.3 series (which doesn't support PDC right?) to replace both my current servers. Here's what I'd like to have. Password change on Win95/WinNT clients sync with the unix passwords. NT Service Pack 4 support (which my CVS server lacks) So, are there any show stoppers in the current cvs code? TIA ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 Kansas State University Department of Mathematics ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< From aperrin at demog.Berkeley.EDU Tue Apr 6 15:31:27 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:02 2003 Subject: site poll. In-Reply-To: Message-ID: On Tue, 6 Apr 1999, Luke Kenneth Casson Leighton wrote: > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: > > - a brief description of your organisation. A relatively small academic department of a large public university, serving principally faculty and graduate students. > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). > File and login service; a high value placed on unix-NT integration so users can switch back and forth (relatively) transparently. > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. > not sure what tag -- generally, a relatively old CVS download (1.9.19-prealpha) because it works great and we don't have time to keep changing it. > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) > 1.) Login server: Sparcstation 2, around 48Mb RAM, about 2G hdd, 10Mbps ethernet connection 2.) File server: Sparcstation Ultra Enterprise 2, 512Mb RAM, approx. 50G hdd, 100Mbps ethernet connection both running Solaris 7 > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. > about 1000 accounts; typically 15-20 using workstations at any one time, often ~40 sessions active. > - what sort of hosts connect to your servers. > All NT Workstation 4.0, SP3 > i should probably be advocating people to fill in the survey instead of > this :) > > thank you! > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== > From lkcl at switchboard.net Tue Apr 6 16:46:36 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:02 2003 Subject: Slow speed connection In-Reply-To: Message-ID: On Tue, 6 Apr 1999, Celso Kopp Webber wrote: > > Hi all, > > Since my CVSed version from 03/30/99, although domain logons work fine, > they're VERY slow. When any user logs in, in almost cases NT workstation > says it has detected a slow connection, and ask with you want to use > local profiles or bla bla bla. Sometimes it does not show this message. > > In fact, my Samba PDC is about 760 accounts large, and when adding any ACL > permission the list is not shown, although if I do a "search" and then add > that user to the ACL it works ok. > > Is that normal? I'm not including my smb.conf since I have an identical > machine with just a few accounts (5) and it works fine. So, I was > wondering if is there any performance issues regarding the number of users > in smbpasswd? it's probably an order n-squared algorithm issue hitting you. i really need to revive the "file-cache" code and use that as the default, and ask someone to write a program to auto-generate the file caches. > In a previous message, I've pointed out that I've found out that Samba > users only a single number space for both UIDs and GIDs when dealing with > ACLs, is that correct? at the moment, unfortunately: yes. From allen at driversoft.com Tue Apr 6 17:20:05 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:02 2003 Subject: Slow speed connection In-Reply-To: Message-ID: I remember seeing a thread about how the more users you have the longer it takes to enumerate the smbpasswd file. What happens is NT waits a certain amount of time for the reply back and says the network connection is slow if it doesn't get a reply fast enough. Try moving some account to the top of your smbpasswd file, and see if that alleiates it with that account. I thought somebody was going to work on rewriting smbpasswd. ;) Hope that answers your question. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Tue, 6 Apr 1999, Celso Kopp Webber wrote: > > Hi all, > > Since my CVSed version from 03/30/99, although domain logons work fine, > they're VERY slow. When any user logs in, in almost cases NT workstation > says it has detected a slow connection, and ask with you want to use > local profiles or bla bla bla. Sometimes it does not show this message. > > In fact, my Samba PDC is about 760 accounts large, and when adding any ACL > permission the list is not shown, although if I do a "search" and then add > that user to the ACL it works ok. > > Is that normal? I'm not including my smb.conf since I have an identical > machine with just a few accounts (5) and it works fine. So, I was > wondering if is there any performance issues regarding the number of users > in smbpasswd? > > In a previous message, I've pointed out that I've found out that Samba > users only a single number space for both UIDs and GIDs when dealing with > ACLs, is that correct? > > Thanks in advance, > > > Prof. Celso Kopp Webber > mailto://webber@sj.univali.rct-sc.br > > Universidade do Vale do Itajai' - UNIVALI > Campus Sao Jose - Sao Jose, SC > Administracao de Redes > Rod. SC 407, Km. 4 > 88122-000 Sao Jose-SC > Brazil > > Fone: +55 (48) 281-1505 > Fax: +55 (48) 281-1506 > > > From tas at microdisplay.com Tue Apr 6 19:18:50 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:02 2003 Subject: Help! Network NeighborHood Vanished Message-ID: <370A5E1A.44ED7266@microdisplay.com> Hi, After weeks of flawless performance, my Samba-2.1.0-prealpha stopped serving the Network Neighborhood. I reset the oslevel 9 in hopes I had a conflict somewhere, and have restarted several times without success - only the master is showing. I also removed all contents in the /locks directory and restarted in hopes Samba would recache the contents, also without luck. -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From lkcl at switchboard.net Tue Apr 6 20:18:19 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:02 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: <370A5E1A.44ED7266@microdisplay.com> Message-ID: take a look at what the other servers are doing. has someone introduced nt4 sp4 on a pdc on your network, for example? has someone upgraded a wks. os level = 33 should beat nt: os level = 255 will beat ABSOLUTELY everything. on the local tcp/ip subnet ONLY. On Wed, 7 Apr 1999, Todd Stiers wrote: > Hi, > > After weeks of flawless performance, my Samba-2.1.0-prealpha > stopped serving the Network Neighborhood. > > I reset the oslevel 9 in hopes I had a conflict somewhere, > and have restarted several times without success - only the master > is showing. > > I also removed all contents in the /locks directory and restarted > in hopes Samba would recache the contents, also without luck. > > -Todd > > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From jmeff at engsoc.queensu.ca Tue Apr 6 21:25:16 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:26:02 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: <370A5E1A.44ED7266@microdisplay.com> Message-ID: <000201be8073$f6f99a20$0245a8c0@cgocable.net> I can support Todd's claim, it's the same story here. I'm on a small network, only one PDC which runs samba2.1prealpha (march 3 cvs), OS level set to 63. All I see is the samba PDC (the master browser), and none of the ntsp4 workstations. No other OS's on the network, or any other workgroups or domains visible in network neighborhood. So the nmbd process has been running for 30 days and it's stopped working now. Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Todd Stiers > Sent: Tuesday, April 06, 1999 3:20 PM > To: Multiple recipients of list > Subject: Help! Network NeighborHood Vanished > > > Hi, > > After weeks of flawless performance, my Samba-2.1.0-prealpha > stopped serving the Network Neighborhood. > > I reset the oslevel 9 in hopes I had a conflict somewhere, > and have restarted several times without success - only the master > is showing. > > I also removed all contents in the /locks directory and restarted > in hopes Samba would recache the contents, also without luck. > > -Todd > > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] > > > From tas at microdisplay.com Tue Apr 6 21:29:12 1999 From: tas at microdisplay.com (Todd Stiers Netscape) Date: Tue Dec 2 02:26:02 2003 Subject: Help! Network NeighborHood Vanished References: <000201be8073$f6f99a20$0245a8c0@cgocable.net> Message-ID: <370A7CA8.F82FE746@microdisplay.com> Thanks Jamie and everyone - I fixed the problem by setting my os level to 96 rather than 9 or the default 33. I reset this value and it works - I thought lower value was higher precedent. I am NOT using the latest prealpha, if you are other responders are claiming yesterday's CVS had issues. -Todd Jamie ffolliott wrote: > I can support Todd's claim, it's the same story here. I'm on a small > network, only one PDC which runs samba2.1prealpha (march 3 cvs), OS level > set to 63. All I see is the samba PDC (the master browser), and none of the > ntsp4 workstations. No other OS's on the network, or any other workgroups > or domains visible in network neighborhood. So the nmbd process has been > running for 30 days and it's stopped working now. > > Jamie > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Todd Stiers > > Sent: Tuesday, April 06, 1999 3:20 PM > > To: Multiple recipients of list > > Subject: Help! Network NeighborHood Vanished > > > > > > Hi, > > > > After weeks of flawless performance, my Samba-2.1.0-prealpha > > stopped serving the Network Neighborhood. > > > > I reset the oslevel 9 in hopes I had a conflict somewhere, > > and have restarted several times without success - only the master > > is showing. > > > > I also removed all contents in the /locks directory and restarted > > in hopes Samba would recache the contents, also without luck. > > > > -Todd > > > > -- > > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > > Todd Stiers > > Director of Systems Administration > > The MicroDisplay Corporation > > http://www.microdisplay.com (510)243-9515x129 > > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] > > > > > > -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From dave at www.buffalostate.edu Tue Apr 6 22:18:51 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:02 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: <370A5E1A.44ED7266@microdisplay.com> Message-ID: > After weeks of flawless performance, my Samba-2.1.0-prealpha > stopped serving the Network Neighborhood. > > I reset the oslevel 9 in hopes I had a conflict somewhere, > and have restarted several times without success - only the master > is showing. > > I also removed all contents in the /locks directory and restarted > in hopes Samba would recache the contents, also without luck. check to see if you have any Windoze NT WINS servers running. Sometimes they mess things up, and need to have their cache's flushed. Also remove the "BROWSE.dat" file and restart samba.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From ankit at drillbit.tamu.edu Tue Apr 6 22:11:30 1999 From: ankit at drillbit.tamu.edu (Ankit Shah) Date: Tue Dec 2 02:26:02 2003 Subject: site poll. In-Reply-To: Message-ID: On Tue, 6 Apr 1999, Luke Kenneth Casson Leighton wrote: :-)occasionally i feel like i and other people would like to know how samba :-)is being used. if you feel so inclined, could people kindly let us know :-)some of the things below (pick one or more or all), such as: :-) :-)- a brief description of your organisation. An educational institute :-) :-)- what you use samba for (e.g as file servers; login servers; backup :-)purposes or remote admin with smbclient or rpcclient). File server, print server, Quota management (interesting hack!), CDROM server :-) :-)- what version(s) of samba you are using. if using a version from cvs :-)please include date and tag. 1.9.18p5 :-) :-)- what server(s), including the specification (OS, ram, hdd, network, :-)rough estimate of mb/s throughput at peak load would be excellent if you :-)can get it) Total 2 NT servers 1 PDC -- PPro 200 NT4.0SP3, 10Mbps network, 4GB hdd 1 BDC -- PII200, 64MB RAM, 10Mbps network, 2 GB hdd We have to keep NT server to serve some licensing keys for softwares we use. We also authenticate from NT. Other than that everything is on Linux+Samba total 5 servers running Linux+samba. 3 -- Dual PII 400, with 128MB RAM, 10Mb network, 500-600K/sec will be good 1 -- P100, with 32MB RAM, 10Mbps network 1 -- Dual P90, with 64MB RAM, 10Mbps network about 75GB space total :-) :-)- how many users and in what database (private/smbpasswd; LDAP; MYSQL) and :-)how many simultaneous users. about 500 user accounts on an NT PDC. about 150-170 users during normal office hours. :-) :-)- what sort of hosts connect to your servers. Mostly NT4.0SP3, some Win95/98 Keep up the good work! I am mostly snooping this list for our future actions. :-) :-)i should probably be advocating people to fill in the survey instead of :-)this :) :-) :-)thank you! :-) :-)luke :-) :-) Luke Kenneth Casson Leighton :-) Samba and Network Development :-) Samba Web site :-) :-)===================================================================== :-)Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 :-)Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 :-)Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 :-) :-)http://www.iss.net/ *Adaptive Network Security for the Enterprise* :-) ISS Connect - International User Conference - May '99 :-)===================================================================== :-) .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. Ankit Shah Microcomputer Specialist Petroleum Engineering Dept. Texas A & M University .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. From greg at discreet.com Tue Apr 6 23:22:34 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:02 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: <000201be8073$f6f99a20$0245a8c0@cgocable.net> Message-ID: Errr, actually I just noticed that the other day... nothing seems to be going on in nmb. Stop & restart, it's fine. The stupid thing is that par or truss shows it still doing stuff. I saw this on 2.0.3 though my CVS PDC only does domain logons. Greg On 06-Apr-99 Jamie ffolliott wrote: > I can support Todd's claim, it's the same story here. I'm on a small > network, only one PDC which runs samba2.1prealpha (march 3 cvs), OS level > set to 63. All I see is the samba PDC (the master browser), and none of the > ntsp4 workstations. No other OS's on the network, or any other workgroups > or domains visible in network neighborhood. So the nmbd process has been > running for 30 days and it's stopped working now. > > Jamie > > >> -----Original Message----- >> From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >> Todd Stiers >> Sent: Tuesday, April 06, 1999 3:20 PM >> To: Multiple recipients of list >> Subject: Help! Network NeighborHood Vanished >> >> >> Hi, >> >> After weeks of flawless performance, my Samba-2.1.0-prealpha >> stopped serving the Network Neighborhood. >> >> I reset the oslevel 9 in hopes I had a conflict somewhere, >> and have restarted several times without success - only the master >> is showing. >> >> I also removed all contents in the /locks directory and restarted >> in hopes Samba would recache the contents, also without luck. >> >> -Todd >> >> -- >> [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- >> Todd Stiers >> Director of Systems Administration >> The MicroDisplay Corporation >> http://www.microdisplay.com (510)243-9515x129 >> ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] >> >> >> ---------------------------------- greg dickie just a guy* *from discreet logic Linux, the choice of a GNU generation! ---------------------------------- From dlee at cse.fau.edu Wed Apr 7 02:53:36 1999 From: dlee at cse.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:02 2003 Subject: SWAT Message-ID: how about a SSL version of SWAT? --==Don==-- From tridge at samba.org Wed Apr 7 04:34:51 1999 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:26:02 2003 Subject: SWAT In-Reply-To: (message from Donjuma Lee on Wed, 7 Apr 1999 12:55:44 +1000) References: Message-ID: <19990407043459Z12829329-9373+2738@samba.anu.edu.au> > how about a SSL version of SWAT? yes, this would be excellent. What someone needs to do is add hooks in cgi.c so that the mini-webserver accepts ssl connections by calling the ssleay library. Maybe set using a comand line option to SWAT? It would certainly be a _very_ worthwhile addition. Anyone feel like taking it on? The little demo ssl servers in the ssleay library would make it a bit easier, and you could also look at the SSL code already in smbd. From happy at opf.slu.cz Wed Apr 7 05:33:25 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:02 2003 Subject: unable to connect to a Samba PDC References: <67DD2D8CC31BD111A8BB080009DDDED5CADBF2@nsccnta01.sccd.ctc.edu> Message-ID: <370AEE25.C0DDBA60@opf.slu.cz> Yes, I have created a machine account for that system, I tried to reset that account's password by issuing "smbpasswd -a -m "machine_name" and it still displays the message "Unable to connect". I really don't know what to do. "Burch, Phil" wrote: > Do you have a machine account created for the system? Have you tried > resetting that account's password? > > Phil Burch > Computing Services > North Seattle Community College > http://nsccux.sccd.ctc.edu > > -----Original Message----- > From: Petr Stastny [mailto:happy@opf.slu.cz] > Sent: Tuesday, April 06, 1999 3:09 AM > To: Multiple recipients of list > Subject: unable to connect to a Samba PDC > > Hi, > > when I try to connect to my Samba PDC from WNT SP3, then after maybe 5 > sec I get the following error message: "Unable to connect to the domain > controller for this domain. Please ask the administrator to check the > computer account in the domain." I did everything as described in the > FAQ, I use the last development branch of Samba. > > When I examine the log of the client I see an error message in the form > "[1999/04/06 09:20:20, 10] lib/util_sock.c:receive_smb(497) receive_smb: > length<0!". > > This is obviously an error but I don't know on which side - > on the Samba side or on the workstation side. > > How to solve it / what could be the cause? > > Thank you for your hints. > > Petr Stastny -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990407/c74f15e0/happy.vcf From happy at opf.slu.cz Wed Apr 7 05:40:30 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:02 2003 Subject: site poll. References: Message-ID: <370AEFCE.8AD512DB@opf.slu.cz> Luke Kenneth Casson Leighton wrote: > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: > > - a brief description of your organisation. > Grammar School in Cesky Tesin, Czech Republic, approx. 450 students. > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). > Login server, file server. > > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. > cvs 6.4.1999 > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) > Pentium Cyrix 233MMX, RedHat 5.2, 64MB RAM, 10GB HDD, 10 Mbps > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. > 250 users, 30 simultaneous > > - what sort of hosts connect to your servers. > Windows 95, NT Workstations > > i should probably be advocating people to fill in the survey instead of > this :) > > thank you! > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990407/2bd2baea/happy.vcf From fumiya at cij.co.jp Wed Apr 7 07:03:18 1999 From: fumiya at cij.co.jp (SATOH Fumiyasu) Date: Tue Dec 2 02:26:02 2003 Subject: SWAT In-Reply-To: Message-ID: <199904070703.AA01775@salt.si.ykhm.cij.co.jp> Donjuma Lee wrote: >how about a SSL version of SWAT? You can use a 'SSL wrapped' SWAT with TCP Wrapper and Apache-SSL (or Apache + mod_ssl). Example is below (summary only :-). But I have never tried this. /etc/inetd.conf --------------------------------------------------------------------- swat stream tcp nowait root /usr/sbin/tcpd /usr/local/samba/bin/swat --------------------------------------------------------------------- /etc/hosts.allow --------------------------------------------------------------------- swat: 127.0.0.1 --------------------------------------------------------------------- Actually you don't need TCP Wrapper unless doing access restriction when someone connects with SWAT via noncrypted connection. Apache-SSL httpsd.conf (part of configuration) --------------------------------------------------------------------- ServerName swat.hogehoge.com TransferLog /usr/local/apache/var/log/access.swat ErrorLog /usr/local/apache/var/log/error.swat SSLCertificateFile /usr/local/apache/etc/swat-cert.pem SSLCertificateKeyFile /usr/local/apache/etc/swat-key.pem ProxyPass / http://127.0.0:901/ --------------------------------------------------------------------- To use 'ProxyPass' directive, build Apache with mod_proxy module. -- >8 -- signature -- >8 -- FROM : SATOH Fumiyasu WEB : http://www.bento.ad.jp/~fumiya/ WEB(LAN): http://kumasun.si.ykhm.cij.co.jp/ SAMBA : http://samba.bento.ad.jp/ From dcimaro at ipruniv.cce.unipr.it Wed Apr 7 06:15:49 1999 From: dcimaro at ipruniv.cce.unipr.it (Diego Cimarosa) Date: Tue Dec 2 02:26:03 2003 Subject: R: Forcing Domain Logons in Win98 Message-ID: <021a01be80be$15276f00$655d4ea0@diego.labgiuri.unipr.it> Finally it works ! a) Copy MPRSERV.DLL on a NT machine b) Edit it with a resource editor (Visual C++ for example) and open as resource, change protection for the field "domain" and save it on Windows95-98 machine c) Use POLEDIT.EXE to force right policies : c.1) "Require validation from network for Windows access" c.2) "Logon on to Windows NT" c.3) "Workgroup" etc... and ... voila' ! e) DON'T FORGET to create proper account on Linux-Samba BEFORE reboot ... BYE ! -----Messaggio originale----- Da: Nicholas Humfrey A: Multiple recipients of list Data: mercoled? 24 marzo 1999 19.20 Oggetto: Forcing Domain Logons in Win98 > >Sorry this may be a bit off topic, but I thought someone here might have >manged this: I am trying to force people to logon to my classroom domain >before they can access the computer. However I cannot prevent people from >typing an invalid domain name, which passes the logon over to 'Windows >Logon' giving them access to the system. Is there a way of infocing a >single domain or preventing logon to invalid domains ? > >Thanks > >Nicholas Humfrey >Madras College > > > From czarek at newyorkbroker.de Wed Apr 7 08:05:51 1999 From: czarek at newyorkbroker.de (Cezary Augustynowicz) Date: Tue Dec 2 02:26:03 2003 Subject: error in smb.log Message-ID: <000001be80cd$742056c0$be01a8c0@edv1> I installed samba 2.0.3 on my pc with kernel 2.0.36 in my log.smb I still get the following error message: ****************************************************** [1999/...] lib/util_sock.c:(407) write_data: write failure. Error = Broken pipe ****************************************************** I get this message every 30 sec. how can I fix this problem? thanks in advance czarek -------------- next part -------------- HTML attachment scrubbed and removed From roger at coconet.com Wed Apr 7 12:47:35 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:03 2003 Subject: Running MS Access Message-ID: <00a301be80f4$d075a8e0$d360b0cc@saturn2> Excuse me if this has been discussed before, but I searched the archives but didn't find what I was looking for. I am running redhat 5.2 and samba1.9.18p10 and wish to use a mapped drive for MS Access and Peachtree Accounting. I assumed that MS Access did it's own file locking and database management from the client jet egine database, but it doesn't seem to work that way. If I use the default oplocks = true, then I get a file in use when I attempt to connect the second client to MS Access. If I use oplocks = false, then I get no error, but.......the data is not updated unless the clients exit the application. Does NT run some type of processes that Samba does not? I'm not a programmer and don't understand the workings of OS's, but it seems to me that WIN95 peer-to-peer would offer no services that Samba would'nt. Is there anywhere or any one that has MS access or Peachtree Accounting working? It is my understanding that Peachtree uses btrieve as it's database engine. TIA Roger D. From lkcl at switchboard.net Wed Apr 7 12:51:00 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:03 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: <000201be8073$f6f99a20$0245a8c0@cgocable.net> Message-ID: check that none of the ntsp4 wkstas have had "preferred master" registry setting set. use nmblookup and nbtstat to detect which ntwksta has become the lmb. use wins always. etc. luke On Wed, 7 Apr 1999, Jamie ffolliott wrote: > I can support Todd's claim, it's the same story here. I'm on a small > network, only one PDC which runs samba2.1prealpha (march 3 cvs), OS level > set to 63. All I see is the samba PDC (the master browser), and none of the > ntsp4 workstations. No other OS's on the network, or any other workgroups > or domains visible in network neighborhood. So the nmbd process has been > running for 30 days and it's stopped working now. > > Jamie > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Todd Stiers > > Sent: Tuesday, April 06, 1999 3:20 PM > > To: Multiple recipients of list > > Subject: Help! Network NeighborHood Vanished > > > > > > Hi, > > > > After weeks of flawless performance, my Samba-2.1.0-prealpha > > stopped serving the Network Neighborhood. > > > > I reset the oslevel 9 in hopes I had a conflict somewhere, > > and have restarted several times without success - only the master > > is showing. > > > > I also removed all contents in the /locks directory and restarted > > in hopes Samba would recache the contents, also without luck. > > > > -Todd > > > > -- > > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > > Todd Stiers > > Director of Systems Administration > > The MicroDisplay Corporation > > http://www.microdisplay.com (510)243-9515x129 > > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] > > > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From erik at total4.nl Wed Apr 7 13:31:56 1999 From: erik at total4.nl (Erik Duisters) Date: Tue Dec 2 02:26:03 2003 Subject: DOMAIN_GROUP_RID_USERS Message-ID: <99040715360700.00448@fubar02> Hi, Downloaded the latest cvs today Apr. 7. I'm finally able to login on a sun box, but now I get the message: "trust account 0127D$ should be in DOMAIN_GROUP_RID_USERS" I also get the "ERROR: become root depth is non zero" and "ERROR: unbecome root depth is zero" message often. Any idea's? Erik From hulet at ittc.ukans.edu Wed Apr 7 14:05:23 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:26:03 2003 Subject: site poll. In-Reply-To: Message-ID: > - a brief description of your organisation. University > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). We are using Samba has our Primary Domain Controller. Domain Logins, Roaming profiles, print server, and file server. We also needed password synchronization between Unix and NT which Samba provides. > > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. HEAD branch March 25, 1999 > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) Digital DEC Alpha Server 1000A running Digital Unix 4.0D, 256 Meg Ram, 150 Gigabytes, ATM/10base-T. Approximately 350 machines. Solaris 2.6, SunOS 4.1.4, Linux, Digital Unix 4.0, and Ultrix to name a few of the Unix flavors. Windows 95/98/NT for PCs. A few Apple MacIntosh. > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. 120 Users using private/smbpasswd. Approximately 40 simulataneous users > > - what sort of hosts connect to your servers. 100 of the machines are NT Workstation 4.0 Service Pack 3 and 4 logging into Samba domain. Some Windows 95/98 machines using Samba shares and print services. Michael Hulet ITTC, University of Kansas From fcc at jerez.micro.lucent.com Wed Apr 7 14:43:36 1999 From: fcc at jerez.micro.lucent.com (Francisco Caliz) Date: Tue Dec 2 02:26:03 2003 Subject: Clients on a different subnet + DHCP Message-ID: <370B6F18.6F493B37@jerez.micro.lucent.com> I have a simple (to explain, at least) problem: I have samba on a Solaris 2.6 server, with the basic configuration ( I share /tmp with no restrictions ), the smbclient on another Solaris machine on the same subnet is perfectly able to access the share, but NT 4.0 Workstations can`t do it. NT Workstations live on a different subnet (xx.yy.33.zz) than Solari`s one (xx.yy.32.zz), and some of them can see the samba server as a member of the network neighborhood if you find it by name, but some others can`t do it at all. None of them can see the share, or the location of the server (the domain/workgroup, I mean). I have run some tests to ensure the visibility between the machines, specificaly a series of tests proposed by Andrew Tridgell, and everything worked OK, but I suspect that these test were assumpting that PC`s had static IP address (we use DHCP). I don`t know how to ensure the samba server to became a member of any NT domain, or if this is neccesary. This is the share, the only difference from a basic smb.conf: [tmp] comment = Temporary file space path = /tmp read only = no public = yes Thank you very much. Francisco Caliz Carretero. From Giorgos.Vlachos at eurodyn.com Wed Apr 7 15:02:29 1999 From: Giorgos.Vlachos at eurodyn.com (Giorgos Vlachos) Date: Tue Dec 2 02:26:03 2003 Subject: subscribe Message-ID: <370B7385.BFF22B7C@eurodyn.com> subscribe -- Giorgos Vlachos European Dynamics SA Technical Assistance Center (TAC) EUDRA Support Group From hulet at ittc.ukans.edu Wed Apr 7 17:00:52 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:26:03 2003 Subject: DOMAIN_GROUP_RID_USERS In-Reply-To: <99040715360700.00448@fubar02> Message-ID: "trust account 0127D$ should be in DOMAIN_GROUP_RID_USERS" is just a note. You don't have to do anything about it. Go to http://samba.anu.edu.au/samba/docs/ntdom_faq/samba_ntdom_faq.html and read 2.6 I just asked this same question 18 Mar 1999. On Wed, 7 Apr 1999, Erik Duisters wrote: > Hi, > > Downloaded the latest cvs today Apr. 7. I'm finally able to login > on a sun box, but now I get the message: > > "trust account 0127D$ should be in DOMAIN_GROUP_RID_USERS" > > I also get the "ERROR: become root depth is non zero" > and "ERROR: unbecome root depth is zero" message often. > > > Any idea's? > > > Erik > From led at unter.encoding.com Wed Apr 7 17:28:01 1999 From: led at unter.encoding.com (Lawrence Doan) Date: Tue Dec 2 02:26:03 2003 Subject: domain groups in 2.0.3 Message-ID: <199904071728.RAA14724@unter.encoding.com> I'm running 2.0.3 on both linux and FreeBSD, and try as I might I cannot get domain groups to work. I have: -) verified that the smbpasswd-/etc/group-\\DOMAIN namespace is unique -) not attempted group or user mapping except for "domain admin group" What I have observed are several interesting glitches: -) when adding permissions to a file (properties->permissions->add) explorer.exe restarts itself. Occasionally it shows mangled group and user names. -) sometimes valid users (users which can log into the domain) do no appear in add new local group-> add -) unix groups *never* appear in add new local group -> add Does 2.0.3 in fact support NT groups at all? Having sent this message I will immediately find that I did a dumb and will have to sheepishly retract it. (I hope.) thanks, -L From oroy at gwl.com Wed Apr 7 17:44:37 1999 From: oroy at gwl.com (Olivier Roy De Rives) Date: Tue Dec 2 02:26:03 2003 Subject: Clients on a different subnet + DHCP Message-ID: <199904071744.LAA19721@gp-dragon.gwl.com> An LMHOST file on your workstations with the Samba Server's IP and (if applicable) the PDC's IP should remedy this. Something like this: 199.199.50.20 PDCNAME #PRE #DOM: DOMAINNAME 199.199.62.10 SAMBASERVER #PRE Hope this helps > Originator: samba-ntdom@samba.org > From: Francisco Caliz > To: Multiple recipients of list > Subject: Clients on a different subnet + DHCP > X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas > X-URL: http://samba.anu.edu.au/listproc > X-Comment: Discussion of NT domain controller support in Samba > Content-Transfer-Encoding: 7bit > MIME-Version: 1.0 > Date: Thu, 8 Apr 1999 00:46:14 +1000 > > > I have a simple (to explain, at least) problem: > > I have samba on a Solaris 2.6 server, with the basic configuration ( I > share /tmp with no restrictions ), the smbclient on another Solaris > machine on the same subnet is perfectly able to access the share, but NT > 4.0 Workstations can`t do it. > > NT Workstations live on a different subnet (xx.yy.33.zz) than Solari`s > one (xx.yy.32.zz), and some of them can see the samba server as a member > of the network neighborhood if you find it by name, but some others > can`t do it at all. None of them can see the share, or the location of > the server (the domain/workgroup, I mean). > > I have run some tests to ensure the visibility between the machines, > specificaly a series of tests proposed by Andrew Tridgell, and > everything worked OK, but I suspect that these test were assumpting that > PC`s had static IP address (we use DHCP). > > I don`t know how to ensure the samba server to became a member of any > NT domain, or if this is neccesary. > > This is the share, the only difference from a basic smb.conf: > > [tmp] > comment = Temporary file space > path = /tmp > read only = no > public = yes > > > Thank you very much. > Francisco Caliz Carretero. Olivier Roy De Rives NT/UNIX Sys. Admin. Great-West Life & Annuity Denver, CO (303)689-4437 Fax: 689-4850 From bryan.oshea at usa-emotron.com Wed Apr 7 20:35:25 1999 From: bryan.oshea at usa-emotron.com (Bryan O'Shea) Date: Tue Dec 2 02:26:03 2003 Subject: having trouble getting nt4.0 workstations to log in to samba 2.0.3 running on linux 2.2.5 Message-ID: <370BC18D.217DE7D9@usa-emotron.com> having trouble getting nt4.0 workstations to log in to samba 2.0.3 running on linux 2.2.5 i have a bunch of nt4.0 workstations and i can't quite get them to log into the domain my windows95/98 boxes work great and the nt login scripts run great and map my drives out just fine. here is my a copy of my smb.conf file could anyone help me out i am using envrypted passwords i can see all the shares when i log into NT i just can't get it to join the domain.. is there something i must do when i create the smbpasswd for the user logging in ?? [global] workgroup=usa-emotron server string=oscar ;loadprinters=yes log file=/var/log/samba/log.%m max log size = 50 security = user password level=2 username level=2 socket options = TCP_NODELAY local master = yes domain logons = yes logon script = %U.bat name resolve order = host wins lmhosts bcast wins support = yes dns proxy = no encrypt passwords = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no [shared] comment = Public storage path=/home/public ;public= yes writeable=yes printable= no valid users = @emotron force group = emotron create mask = 0770 force create mode = 0000 directory mask = 0770 force directory mode = 0000 From laird at area.com Wed Apr 7 22:13:38 1999 From: laird at area.com (Alan Laird) Date: Tue Dec 2 02:26:03 2003 Subject: simple config request: samba PDC w/ NT4SP3 clients In-Reply-To: Message-ID: Hello, Does anyone have an idea why this would be? The problem summary seems to be that an NT4SP3 system with the plaintext registry provided with the samba distribution, is not able to see the samba PDC but will see it fine if the samba server is running encrypted passwords. Thanks, Alan On Wed, 31 Mar 1999, Alan Laird wrote: > >Hello, > >I am a bit confused as to the right way to configure the current tree to >support what I want to do. > >1) Use NIS+ database for user authentication >2) Map a directory upon logon. > >My environment is such that I do not have control of the nis+ server to go >changing passwords via samba. I have read ENCRYPTION.txt and understand >that both auth schemes are one way and so cannot be used to auth each >other. This indicates to me that I need to set "encrypt passwords = no" >to use the nis+ database. > >Unfortunately, when I set "encrypt passwords = no", nt4sp3 systems cannot >join the domain. If I set "encrypt passwords = yes" then the machine can >join but I am back into the divergent auth problem. > >I am assuming that I need to run samba as PDC (there are no domains here) >to get a client to run a logon script to mount their home directory. > >Is there any way around this problem? > >Regards, > >Alan Laird > >-------------- >Alan Laird >alan@laird.net > > > -------------- Alan Laird alan@laird.net From simonmu at optimation.co.nz Thu Apr 8 00:30:25 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:26:03 2003 Subject: Running MS Access In-Reply-To: <00a301be80f4$d075a8e0$d360b0cc@saturn2> Message-ID: On Wed, 7 Apr 1999, Roger D. wrote: > I am running redhat 5.2 and samba1.9.18p10 and wish to use a mapped drive > for MS Access and > Peachtree Accounting. I assumed that MS Access did it's own file locking and > database management from the client jet egine database, but it doesn't seem > to work that way. >From what I have noticed MS access does a mix of file locking and also record locking via a .ldb file. Any user who wants to get at a database needs write access to the directory that it is in so a .ldb file can be created. I have enabled as much locking as possible inside samba and this also seems to help. We now have users (albiet braindead ones, ie should be using a database server anyway) using access databases from network samba shares with no problems. If this does not steer you in the right direction let me know and I will send you the relevant entries from my smb.conf. Regards Simon Murcott S.Murcott@optimation.co.nz From allen at driversoft.com Thu Apr 8 03:00:15 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:03 2003 Subject: Useful registry keys. In-Reply-To: Message-ID: someone mentioned turning off the lmb parameter in NT, so I dug out the key to do it and ran across another useful key. Hope these help. ;) For making NT so it won't become the lmb: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters IsDomainMaster: FALSE MaintainServerList: No I believe this one turns off the slow link connection: ---> CUT HERE <--- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] "SlowLinkDetectEnabled"=dword:00000000 ---> END CUT <--- Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com From andre at anneck.de Thu Apr 8 05:26:58 1999 From: andre at anneck.de (Andre Anneck) Date: Tue Dec 2 02:26:03 2003 Subject: How to add machine accounts? In-Reply-To: <199904071728.RAA14724@unter.encoding.com> Message-ID: <199904080518.HAA09466@bbaer.muenster.de> Hi there, I am running FreeBSD 3.1, Samba 2.0.3, When I try to add a machine account it always gives me "bla does not exist in system password file" or something like this, sorry have my box not handy right now. I edited /etc/passwd And inserted some testusers, referring to those people who already did it... I try to add the account with ./smbpasswd -a -m I have read several mails in the archive that claim that it would be as easy as that. Addin a line in /etc/passwd, then using smbpasswd with options a, m. I think I missed something so obvious I cant see it... please open my eyes... I would like to have the Samba Box to be my PDC... *sniff*. The UORMSS - Source Net http://www.anneck.de/rmss ------------------------------------- ICQ# 1339921 | Home: http://anneck.de From wagner at zeus.et.bocholt.fh-ge.de Thu Apr 8 07:37:25 1999 From: wagner at zeus.et.bocholt.fh-ge.de ( (Carsten Wagner)) Date: Tue Dec 2 02:26:03 2003 Subject: How to add machine accounts? In-Reply-To: <199904080518.HAA09466@bbaer.muenster.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, add a machine in the system passwd file with a following "$" (without the quotes): testmachine$: and so on. Then you can do smbpasswd -am testmachine$. Good luck, Schnaggy :-) On 08-Apr-99 Andre Anneck wrote: > Hi there, > > I am running FreeBSD 3.1, Samba 2.0.3, > > When I try to add a machine account it always gives me > "bla does not exist in system password file" > or something like this, sorry have my box not handy right now. > > I edited /etc/passwd > And inserted some testusers, referring to those people who already > did it... > > I try to add the account with > /smbpasswd -a -m > > I have read several mails in the archive that claim that it would be > as easy as that. Addin a line in /etc/passwd, then using > smbpasswd with options a, m. > > I think I missed something so obvious I cant see it... please open > my eyes... I would like to have the Samba Box to be my PDC... > *sniff*. > > > The UORMSS - Source Net > http://www.anneck.de/rmss > ------------------------------------- > ICQ# 1339921 | Home: http://anneck.de -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBNwxcsUQHsyCoPLbdEQJw3QCfXfRenj6Hh+Upt8Q333Emld+Oj8kAniBq uJvEhc7SgKtkXnUxiMlESSKh =ca1q -----END PGP SIGNATURE----- From myles at puck.nether.net Thu Apr 8 07:50:18 1999 From: myles at puck.nether.net (Myles Uyema) Date: Tue Dec 2 02:26:03 2003 Subject: Windows 2000 compatibility issues Message-ID: If anyone else has successfully gotten a Win2000 workstation to join a samba domain, I'd really like to hear your experiences. Currently my beta3 version is dying horrible blue death when I try to join the Samba domain. I'm using the CVS tree, last updated 1999-04-07 16:49 UTC without success (With windows 2000). Looks like I'm sticking with NT 4 for samba compatibility. Myles Uyema From martin at kuppinger.com Thu Apr 8 08:11:20 1999 From: martin at kuppinger.com (Kuppinger - Martin Kuppinger) Date: Tue Dec 2 02:26:03 2003 Subject: AW: Useful registry keys. Message-ID: <01BE81A9.50D5FD50@STRNTPMK> someone mentioned turning off the lmb parameter in NT, so I dug out the key to do it and ran across another useful key. Hope these help. ;) For making NT so it won't become the lmb: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters IsDomainMaster: FALSE MaintainServerList: No [>] IsDomainMaster is FALSE by default. But the parameter itself doesn't determine, that the system can't be elected as master browser. It's only important when there are several systems with the same election criteria. MaintainServerList ist AUTO by default on NT Workstations and Server, YES by default on NT domain controllers. It has to be set on each NT System in the network (system policy would be the best choice to do that). But if you change these values, you have to be aware that you need browser servers in the network. If you have only one samba server, this server will have to do all the work. NT normally works with 2 browser servers (one master, one backup) up to 31 systems with server service running. For every 32 additional systems there will be one more browser server. The role of the browser servers is controlled by an election criterium (4 Byte): First Byte: Operating System (With NT Server set to 0x20, NT WS 0x10) Byte 2+3: Election version (changes with internal versions of browser service, not NT version) Byte 4: version criteria. PDC wins if Byte 1-3 are equal, then WINS and so on. MaintainServerList isn't very important [>] If you look at these criterias, the easiest way to ensure that a samba server will be master browser is to set the OS-Version of the Server higher then 0x20. For the samba developers that means that you should make this configurable - than the admin could determine if samba is definitely master browser or not. Don't play to much with the parameters mentioned above. IsDomainMaster could be useful - but you have to ensure that there are enough browser servers. Otherwise there could be a lot of election traffic and so on by design (If you should use the word "design" for something such obscure as the browser service) One additional point: If you work with several IP subnets, there is an Domain Master Browser in addition to the master browsers of the local subnets. This Domain Master Browser is always (!) the PDC. I believe this one turns off the slow link connection: ---> CUT HERE <--- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] "SlowLinkDetectEnabled"=dword:00000000 ---> END CUT <--- [>] It turns off the message displayed. There is another parameter SlowLinkTimeOut which you could use to set the time in milliseconds. Default is 2000, maximum in system policy is 20000, in registry i've read about 120.000 [>] Martin Kuppinger martin@kuppinger.com From csclailf at nus.edu.sg Thu Apr 8 09:22:36 1999 From: csclailf at nus.edu.sg (Lai L F) Date: Tue Dec 2 02:26:03 2003 Subject: How to add machine accounts? References: <199904080518.HAA09466@bbaer.muenster.de> Message-ID: <370C755C.987A2198@nus.edu.sg> you need a trailing $ after the machine_name Andre Anneck wrote: > > Hi there, > > I am running FreeBSD 3.1, Samba 2.0.3, > > When I try to add a machine account it always gives me > "bla does not exist in system password file" > or something like this, sorry have my box not handy right now. > > I edited /etc/passwd > And inserted some testusers, referring to those people who already > did it... > > I try to add the account with > /smbpasswd -a -m > > I have read several mails in the archive that claim that it would be > as easy as that. Addin a line in /etc/passwd, then using > smbpasswd with options a, m. > > I think I missed something so obvious I cant see it... please open > my eyes... I would like to have the Samba Box to be my PDC... > *sniff*. > > The UORMSS - Source Net > http://www.anneck.de/rmss > ------------------------------------- > ICQ# 1339921 | Home: http://anneck.de From greg at discreet.com Thu Apr 8 11:27:17 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:03 2003 Subject: How to add machine accounts? In-Reply-To: <199904080518.HAA09466@bbaer.muenster.de> Message-ID: The users you add in /etc/passwd must be machine accounts. That is, if your machine is called dilbert, the account in /etc/passwd must be "dilbert$". Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com On Thu, 8 Apr 1999, Andre Anneck wrote: > Hi there, > > I am running FreeBSD 3.1, Samba 2.0.3, > > When I try to add a machine account it always gives me > "bla does not exist in system password file" > or something like this, sorry have my box not handy right now. > > I edited /etc/passwd > And inserted some testusers, referring to those people who already > did it... > > I try to add the account with > /smbpasswd -a -m > > I have read several mails in the archive that claim that it would be > as easy as that. Addin a line in /etc/passwd, then using > smbpasswd with options a, m. > > I think I missed something so obvious I cant see it... please open > my eyes... I would like to have the Samba Box to be my PDC... > *sniff*. > > > The UORMSS - Source Net > http://www.anneck.de/rmss > ------------------------------------- > ICQ# 1339921 | Home: http://anneck.de > From dvh at icanz.gen.nz Thu Apr 8 11:07:46 1999 From: dvh at icanz.gen.nz (David Hawke) Date: Tue Dec 2 02:26:03 2003 Subject: site poll. References: Message-ID: <370C8E02.CF76AB13@icanz.gen.nz> Luke Kenneth Casson Leighton wrote: > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: really interesting to see the big iron comments coming from people - makes my multiple uses seem trivial. Most of the comment below is in support of a number of voluntary organisations but we also use it heavily to integrate disparate systems in the office. > > > - a brief description of your organisation. Generally small budget voluntary groups with a few PC's requiring file/print/mail services - hence Linux+Samba is great on old hw. Office use is to support a GIS consultancy team > > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). > file/print; login on 2 sites (Win9x & WfWg), soon to be multiple NT4Wkstn in my office as well as soon as I am comfortable with it. File services include remote (out of office) > > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. > 2.0.3 mostly (2 old sites on 1.9p10, I think - don't have to go near them much so I've forgotten) > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) > 386SX33 (don't laugh - tis true :-))) 16Mb , 1.2Gb HDD, 10Mbit net Linux 1.3.59 486DX33 16Mb, 700Mb SCSI, 10Mbit, Linux 2.0.36 AMDK4-75 32Mb, 1.7Gb SCSI, 10Mbit, Linux 2.0.36 DX4/100 32 Mb, 12Gb IDE, 10Mbit x 2, Linux 2.0.36 Cyrix P150 32Mb, 9Gb IDE, 100Mbit, Linux 2.0.35 Cyrix P200 96Mb, 8Gb SCSI, 100Mbit, Linux 2.0.36 HP9000/730, 64Mb, 12Gb SCSI, 10Mbit, HPUX 10.02 > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. > Typically 3 -10 users simultaneously, Unix passwords (mostly private networks, server also does dial up, pop and firewall) > > - what sort of hosts connect to your servers. > Win9x, WinNT wkstn I have to say that Samba has saved the day on many occasions. I have always appreciated the development efforts of the team and take the opportunity to expreess my appreciation now. David Hawke Geographic Technologies Ltd Auckland NZ -- ----------------------------------------------------------------------- David Hawke Ph: +64 9 846 9297 dvh@icanz.gen.nz Fax: +64 9 846 9293 From e8903122 at student.tuwien.ac.at Wed Apr 7 14:34:03 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:26:03 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: Message-ID: Hello ! On Wed, 7 Apr 1999, Luke Kenneth Casson Leighton wrote: > take a look at what the other servers are doing. has someone introduced > nt4 sp4 on a pdc on your network, for example? has someone upgraded a > wks. Are there any samba-PDC-related problems with SP4 ? Kind regards, Richard ------ The world is a jungle in general, and the networking game contributes many animals. ---- David C. Plummer, RFC 826 From yan at cardinalengineering.com Thu Apr 8 12:55:34 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:26:03 2003 Subject: rpcclient References: Message-ID: <370CA746.B415FA72@cardinalengineering.com> Where can I find docs for rpcclient? I need to shutdown and restart a service running on an NT4.0SP4 server from the samba server. Latest CVS, downloaded today. Yan From appro at fy.chalmers.se Thu Apr 8 13:48:25 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:26:03 2003 Subject: Windows 2000 compatibility issues References: Message-ID: <370CB3A9.51E15A87@fy.chalmers.se> > If anyone else has successfully gotten a Win2000 workstation to join a > samba domain, I'd really like to hear your experiences. Beta2 worked just fine for me... But I always ran customized CVS version. Look up messages with "demystified" subject at http://anu.samba.org/listproc/samba-ntdom/thread.html for details about modifications made (incl. disclaimer!) and some explanations. Alternative way to do same thing (but sacrificing even more functionality) is to add "nt pipe support = no" to config file. Well, I realize (and hope you do too:-) that it might as well be caused by something else... > Currently my > beta3 version is dying horrible blue death when I try to join the Samba > domain. Andy. From ldoan at mindq.com Thu Apr 8 14:27:38 1999 From: ldoan at mindq.com (Long Doan) Date: Tue Dec 2 02:26:03 2003 Subject: Dependencies Message-ID: <00a001be81cb$f6f07310$14804ecf@long.mindq.com> Dear Samba developers/users, FYI, For the last couple days, it seems like there is a few missing dependencies in the main line, so some of the object files were not correctly rebuilt, causing smbd/nmbd to crash and/or work incorrectly. I have not narrow down to any particular dependency, but in the mean time, a "make clean" after cvs update solves a lot of problems. Long. Long Doan (ldoan@mindq.com) MindQ Publishing, Inc. 11490 Commerce Park Drive, Suite 400 Reston, VA 20191 703-262-6610 (direct) 703-262-6600 (main) 703-716-0237 (fax) MindQ - The Better Way to Learn http://www.mindq.com From hulet at ittc.ukans.edu Thu Apr 8 15:00:18 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:26:03 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: Message-ID: We have a mix of SP3 and SP4. No unique problems with SP4 and our Samba PDC yet. CVS March 25, 1999. We haven't been running SP4 for a long time however. Our PDC usually doesn't show up in Network Neighborhood anyways. We us Start/Run \\PDC_NAME and Samba always answers the call. Michael Hulet Network System Administrator ITTC, University of Kansas On Thu, 8 Apr 1999, Richard Kail wrote: > Hello ! > > On Wed, 7 Apr 1999, Luke Kenneth Casson Leighton wrote: > > > take a look at what the other servers are doing. has someone introduced > > nt4 sp4 on a pdc on your network, for example? has someone upgraded a > > wks. > > Are there any samba-PDC-related problems with SP4 ? > > Kind regards, > Richard > > ------ > The world is a jungle in general, and the networking game > contributes many animals. ---- David C. Plummer, RFC 826 > From tradergt at bigfoot.com Thu Apr 8 15:43:42 1999 From: tradergt at bigfoot.com (Jeff Smelser) Date: Tue Dec 2 02:26:03 2003 Subject: Samba Message-ID: I have samba working at home great, but would like to connect to certain drives from work. How can I get my machine to be seen there? Is it a good idea? I am sure this is a security problem right? Jeff From aperrin at demog.Berkeley.EDU Thu Apr 8 15:52:26 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:03 2003 Subject: Running MS Access In-Reply-To: <00a301be80f4$d075a8e0$d360b0cc@saturn2> Message-ID: We have an access database shared, and working fine; here's the info on the share. Multiple users use it all the time. [global] workgroup = DEMOGRAPHY netbios name = POPULATION smbrun = /usr/LOCAL/samba/bin/smbrun lock dir = /usr/LOCAL/samba/var/locks debug level = 1 wins support = yes os level = 0 preferred master = no domain logons = no encrypt passwords = yes security = domain password server = boserup log file = /opt/samba/log/samba.%m.log load printers = no hide dot files = no default service = homes time server = yes guest account = nobody case sensitive = no preserve case = yes short preserve case = yes include = /usr/LOCAL/samba/lib/smb.conf.%m include = /usr/LOCAL/samba/lib/smb.conf.%u [demogtrak] guest ok = no read only = no browseable = yes path = /home/davis/12s7/demogtrak Comment = Demography Contact Information System #@davis:/home/davis/12s7>ls -lag demogtrak total 3658 drwxrwxr-x 2 aperrin rm101b 512 Apr 7 11:24 . drwxr-xr-x 26 root root 1024 Mar 18 17:29 .. -rwxrwxr-- 1 root access 626688 Apr 2 10:54 demogdata.mdb -rwxrwxr-- 1 aperrin access 3211264 Apr 7 11:24 demogtrak.mdb --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 7 Apr 1999, Roger D. wrote: > Excuse me if this has been discussed before, but I searched the archives but > didn't find what I was looking for. > > I am running redhat 5.2 and samba1.9.18p10 and wish to use a mapped drive > for MS Access and > Peachtree Accounting. I assumed that MS Access did it's own file locking and > database management from the client jet egine database, but it doesn't seem > to work that way. > > If I use the default oplocks = true, then I get a file in use when I attempt > to connect the second client to MS Access. If I use oplocks = false, then I > get no error, but.......the data is not updated unless the clients exit the > application. Does NT run some type of processes that Samba does not? I'm > not a programmer and don't understand the workings of OS's, but it seems to > me that WIN95 peer-to-peer would offer no services that Samba would'nt. > > Is there anywhere or any one that has MS access or Peachtree Accounting > working? It is my understanding that Peachtree uses btrieve as it's > database engine. > > TIA > > Roger D. > > > From spiritu at nwu.edu Thu Apr 8 16:48:23 1999 From: spiritu at nwu.edu (Jonathan Michael Hawkins) Date: Tue Dec 2 02:26:03 2003 Subject: SWAT References: <199904070703.AA01775@salt.si.ykhm.cij.co.jp> Message-ID: <370CDDD7.7F897BB1@nwu.edu> SATOH Fumiyasu wrote: > > Donjuma Lee wrote: > >how about a SSL version of SWAT? > > You can use a 'SSL wrapped' SWAT with TCP Wrapper and Apache-SSL > (or Apache + mod_ssl). Example is below (summary only :-). > But I have never tried this. I use this with sslwrap. Works fine. Restrict SWAT access to the localhost (using TCP Wrappers) and all connections to some random port on my machine are sslwrapped to the SWAT port. Secure access :) Jonathan -- Jonathan Michael Hawkins Northwestern University Assistant Network Administrator Evanston, IL USA McCormick Computing Support http://www.tech.nwu.edu/support mailto:spiritu@nwu.edu OAS, AAS, LLS!!! -- GO CATS! From sm3 at sys.uea.ac.uk Thu Apr 8 16:55:45 1999 From: sm3 at sys.uea.ac.uk (Shaun McCullagh) Date: Tue Dec 2 02:26:03 2003 Subject: Help! Network NeighborHood Vanished Message-ID: Hello ! On Wed, 7 Apr 1999, Luke Kenneth Casson Leighton wrote: > take a look at what the other servers are doing. has someone introduced > nt4 sp4 on a pdc on your network, for example? has someone upgraded a > wks. Are there any samba-PDC-related problems with SP4 ? We've been using SP4 with v2.0.0 quite happily for about six weeks. Shaun McCullagh, IT Support Officer, School of Information Systems., University of East Anglia., Norwich England NR4 7TJ Office: E02.109 http://www.sys.uea.ac.uk/~sm Tel +44 1603 592307 mailto:sm@sys.uea.ac.uk FAX +44 1603 593344 From lkcl at switchboard.net Thu Apr 8 17:41:43 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:03 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: Message-ID: On Wed, 7 Apr 1999, Richard Kail wrote: > Hello ! > > On Wed, 7 Apr 1999, Luke Kenneth Casson Leighton wrote: > > > take a look at what the other servers are doing. has someone introduced > > nt4 sp4 on a pdc on your network, for example? has someone upgraded a > > wks. > > Are there any samba-PDC-related problems with SP4 ? only if you enable smb signing or lmcompatibilitylevel or ntlmminclientsec to microsoft's [almost exclusively] undocumented security settings. From lkcl at switchboard.net Thu Apr 8 17:45:40 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:03 2003 Subject: rpcclient In-Reply-To: <370CA746.B415FA72@cardinalengineering.com> Message-ID: haven't written it yet. see rpcclient/cmd_reg.c, grep for shutdown. shutdown [-m msg] [-t timeout, secs] [-r or --reboot]. On Thu, 8 Apr 1999, Yan Seiner wrote: > Where can I find docs for rpcclient? > > I need to shutdown and restart a service running on an NT4.0SP4 server > from the samba server. > > Latest CVS, downloaded today. > > Yan > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From mlaurent at eie.fceia.unr.edu.ar Thu Apr 8 19:31:50 1999 From: mlaurent at eie.fceia.unr.edu.ar (Marcelo E. Laurenti) Date: Tue Dec 2 02:26:03 2003 Subject: Help! Network NeighborHood Vanished In-Reply-To: Message-ID: On Thu, 8 Apr 1999, Richard Kail wrote: > Hello ! > > On Wed, 7 Apr 1999, Luke Kenneth Casson Leighton wrote: > > > take a look at what the other servers are doing. has someone introduced > > nt4 sp4 on a pdc on your network, for example? has someone upgraded a > > wks. > Yes, and I have had no problems > Are there any samba-PDC-related problems with SP4 ? > > Kind regards, > Richard > > ------ > The world is a jungle in general, and the networking game > contributes many animals. ---- David C. Plummer, RFC 826 > -- Marcelo E. Laurenti Escuela de Ingenieria Electronica Fac. de Cs. Exactas e Ingenieria Universidad Nacional de Rosario From iainr at civ.hw.ac.uk Thu Apr 8 19:48:15 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:26:03 2003 Subject: Joining an NT domain using the command line? In-Reply-To: Message-ID: HI all, Can anyone help with this, we're looking at updating about 60 PC's to run NT with domain logons using imagecast (disk cloning tool) everything is working fine except that we can't work out how to get the PC to join the domain automatically (were not looking forwards to running round the building messing with control-panel). imagecast generates SID's ok and changes the hostname but won't postconfigure the domain appropriately. If we clone a PC which is already in the domain it will set everything up but in order to get logons working you have to mess with the control panel as described in the NTDOM FAQ. Obviously imagecast isn't calling whatever api calls are used to join (no activity is seen on the samba server with the log settings set to 50) does anyone know how to do this from the command line or via a C program/perl script? ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From bryan.oshea at usa-emotron.com Thu Apr 8 20:28:08 1999 From: bryan.oshea at usa-emotron.com (Bryan O'Shea) Date: Tue Dec 2 02:26:03 2003 Subject: Running MS Access References: Message-ID: <370D1158.6B4D3F35@usa-emotron.com> Andrew Perrin - Demography wrote: > We have an access database shared, and working fine; here's the info on > the share. Multiple users use it all the time. > > [global] > workgroup = DEMOGRAPHY > netbios name = POPULATION > smbrun = /usr/LOCAL/samba/bin/smbrun > lock dir = /usr/LOCAL/samba/var/locks > debug level = 1 > wins support = yes > os level = 0 > preferred master = no > domain logons = no > encrypt passwords = yes > security = domain > password server = boserup > log file = /opt/samba/log/samba.%m.log > load printers = no > hide dot files = no > default service = homes > time server = yes > guest account = nobody > case sensitive = no > preserve case = yes > short preserve case = yes > include = /usr/LOCAL/samba/lib/smb.conf.%m > include = /usr/LOCAL/samba/lib/smb.conf.%u > > [demogtrak] > guest ok = no > read only = no > browseable = yes > path = /home/davis/12s7/demogtrak > Comment = Demography Contact Information System > > #@davis:/home/davis/12s7>ls -lag demogtrak > total 3658 > drwxrwxr-x 2 aperrin rm101b 512 Apr 7 11:24 . > drwxr-xr-x 26 root root 1024 Mar 18 17:29 .. > -rwxrwxr-- 1 root access 626688 Apr 2 10:54 demogdata.mdb > -rwxrwxr-- 1 aperrin access 3211264 Apr 7 11:24 demogtrak.mdb > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Wed, 7 Apr 1999, Roger D. wrote: > > > Excuse me if this has been discussed before, but I searched the archives but > > didn't find what I was looking for. > > > > I am running redhat 5.2 and samba1.9.18p10 and wish to use a mapped drive > > for MS Access and > > Peachtree Accounting. I assumed that MS Access did it's own file locking and > > database management from the client jet egine database, but it doesn't seem > > to work that way. > > > > If I use the default oplocks = true, then I get a file in use when I attempt > > to connect the second client to MS Access. If I use oplocks = false, then I > > get no error, but.......the data is not updated unless the clients exit the > > application. Does NT run some type of processes that Samba does not? I'm > > not a programmer and don't understand the workings of OS's, but it seems to > > me that WIN95 peer-to-peer would offer no services that Samba would'nt. > > > > Is there anywhere or any one that has MS access or Peachtree Accounting > > working? It is my understanding that Peachtree uses btrieve as it's > > database engine. > > > > TIA > > > > Roger D. > > > > > > I am storing peachtree accounting software on a samba server also this is what i used to get around the strange locks and so forth... made a unix group called peach and added valid users to that group and gave correct permissions to the unix path and added this to my smb.conf i don't know if this a correct way to approach this but it gives everyone r/w access to the dir that belongs to the peachtree group [peach] comment = Peachtree path=/home/peach writeable = yes valid users = @peach printable = no browseable = no force group = peach create mask = 0770 force create mode = 0000 directory mask =0770 force directory mode = 0000 -Bryan From andre at anneck.de Thu Apr 8 21:24:41 1999 From: andre at anneck.de (Andre Anneck) Date: Tue Dec 2 02:26:03 2003 Subject: How to add machine accounts? In-Reply-To: References: <199904080518.HAA09466@bbaer.muenster.de> Message-ID: <199904082116.XAA29576@bbaer.muenster.de> Ok... I guess I didnt make myself clear enough. I have the trailing $ at the machine-accounts name wich is the username in the /etc/passwd... but when I run smbpasswd it still complains about the account would not be existend... ??!!!?!?... Here is what I do: 1. Edit /etc/passwd, add the following line: mypdc$:dummy:1001:1001:test:/dev/nul:/usr/sbin 2. Save /etc/passwd 3. Do at the prompt: /usr/local/samba/bin/smbpasswd -a -m mypdc And I get this response: User "mypdc$" was not found in system password file. What am I missing???? > > The users you add in /etc/passwd must be machine accounts. That is, if > your machine is called dilbert, the account in /etc/passwd must be > "dilbert$". > > Greg > > --------------------------------------------------------------------- Greg > Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) > 954-7171 greg@discreet.com > > > On Thu, 8 Apr 1999, Andre Anneck wrote: > > > Hi there, > > > > I am running FreeBSD 3.1, Samba 2.0.3, > > > > When I try to add a machine account it always gives me > > "bla does not exist in system password file" > > or something like this, sorry have my box not handy right now. > > > > I edited /etc/passwd > > And inserted some testusers, referring to those people who already did > > it... > > > > I try to add the account with > > /smbpasswd -a -m > > > > I have read several mails in the archive that claim that it would be as > > easy as that. Addin a line in /etc/passwd, then using smbpasswd with > > options a, m. > > > > I think I missed something so obvious I cant see it... please open my > > eyes... I would like to have the Samba Box to be my PDC... *sniff*. > > > > > > The UORMSS - Source Net > > http://www.anneck.de/rmss > > ------------------------------------- > > ICQ# 1339921 | Home: http://anneck.de > > > The UORMSS - Source Net http://www.anneck.de/rmss ------------------------------------- ICQ# 1339921 | Home: http://anneck.de From m.chapman at student.unsw.edu.au Fri Apr 9 01:56:32 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:26:03 2003 Subject: Joining an NT domain using the command line? References: Message-ID: <370D5E50.C0CAADC1@student.unsw.edu.au> Iain Rae wrote: > > imagecast generates SID's ok and changes the hostname but won't > postconfigure the domain appropriately. If we clone a PC which is already > in the domain it will set everything up but in order to get logons working > you have to mess with the control panel as described in the NTDOM FAQ. > Try cloning a PC which is already in the domain and then cloning its smbpasswd entry, so that the trust password is the same. There is nothing special about the process of "joining a domain"; it just involves a synchronisation of secrets. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From wagner at zeus.et.bocholt.fh-ge.de Fri Apr 9 05:47:52 1999 From: wagner at zeus.et.bocholt.fh-ge.de ( (Carsten Wagner)) Date: Tue Dec 2 02:26:03 2003 Subject: How to add machine accounts? In-Reply-To: <199904082116.XAA29576@bbaer.muenster.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OK, here's a line I tried and it worked: kalliope$:*:900:900::/dev/null:/bin/false Try it, Schnaggy:-) On 08-Apr-99 Andre Anneck wrote: > Ok... I guess I didnt make myself clear enough. > I have the trailing $ at the machine-accounts name wich is the > username in the /etc/passwd... > but when I run smbpasswd it still complains about the account > would not be existend... ??!!!?!?... > > Here is what I do: > 1. Edit /etc/passwd, add the following line: > mypdc$:dummy:1001:1001:test:/dev/nul:/usr/sbin > 2. Save /etc/passwd > 3. Do at the prompt: > /usr/local/samba/bin/smbpasswd -a -m mypdc -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBNw2UhkQHsyCoPLbdEQKTtQCg/jVpecs0/LVWvk4ZUhslakaBM9AAniqQ ShwgatQNqrjok8tkZNQfch6Y =oR3m -----END PGP SIGNATURE----- From johanh at fusion.kth.se Fri Apr 9 06:55:03 1999 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:26:04 2003 Subject: site poll. In-Reply-To: Message-ID: On Tue, 6 Apr 1999, Luke Kenneth Casson Leighton wrote: > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: > > - a brief description of your organisation. We're really small compared to some others I've seen on this site poll. Eduction and research. We try to develope a new energy source without the risk of core melt down and big waste problems. It will be fuled by sea water. (True, and it looks like its possible (http://www.fusion.kth.se) :-)). We are around 80 people in total on the whole plasma physics department. > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). File and print server for a $\approx 10$ 95 boxes. Loginserver for one NT4sp3 box. Might increase to a few (10--15) boxes in the future. 4 administrative NT boxes running with a central NT server, used by Samba as password server. > > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. For 95 Samba 2.0.2. For the 4 administrative NT boxes 1.9.19-prealpha. For the NT box latest CVS main branch. > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) Main server (samba 2.0.2): Sun Ultra I 170E with $3 \times 9 \,$GB disk and 384MB RAM Other servers on: Sun Ultra I 147 128MB RAM user disks on NFS Sun Ultra 5 128MB RAM user disks on NFS All on Solaris 2.6 The machines are often computers in peoples offices, and therefor, the load from Samba is hard to tell. The Samba load is to small to meassure. Throughput at peak load of the machines will not be very high, since the machines are then running MPI parallel calculations. > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. At pressent 108 accounts in YP passwd. Most also in smbpasswd. Unix passwords through Kerberos 4. Typically 4 users simultaneous on each server. > > - what sort of hosts connect to your servers. Mainly Sun workstations. Some PC:s through Samba. Also some Macs through CAP and VMS and HPUX printing by lpd. Mail/DNS/WEB server on Sun. > > i should probably be advocating people to fill in the survey instead of > this :) > > thank you! > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== > Thanks Samba team for a great product! /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From Alexandre.Lecuyer at iu-vannes.fr Fri Apr 9 07:39:03 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:26:04 2003 Subject: localgroup map Message-ID: <370DAE97.C3D524BA@iu-vannes.fr> I am trying to use the "local group map", running samba 2.1.0 prealpha as a PDC. The NT workstations being french versions of NT, I have edited the lib/util_pwdb.c to change Administrators to Administrateurs, etc... I have one line in localgroup.map : inst=BUILTIN\Administrateurs When I try to login as user "localadm" (uid=511(localadm) gid=1509(inst) groups=1509(inst)) I get the following message from the station : "the system couldn't open a session [..]" and in the samba logs, I have this message : [1999/04/09 09:34:09, 0] passdb/sampassdb.c:pwdb_sam_map_names(740) UNIX User localadm Primary Group is in the wrong domain! S-1-5-32-544 What did I miss ? Any help will be appreciated Thanx, -- Alexandre L?cuyer CCRI IUT-IUP de Vannes From janet at bioss.sari.ac.uk Fri Apr 9 07:47:20 1999 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:26:04 2003 Subject: failed session request Message-ID: <370DB088.3C35319E@bioss.sari.ac.uk> Hi I have been using 1.9.19-prealpha for PDC stuff without problems for a while. I now want to use the domain group map etc facilities. So I downloaded the cvs tree from yesterday (2.1.0-prealpha) to an empty directory, ran configure, make and make install. So far so good. Now when I try to run 'smbpasswd -a -m ' or 'smbpasswd -a root' I get : failed session request failed session request cli_connect_serverlist: Domain password server not available. get_member_domain_sid: unable to initialise client connection. Can't setup password database vectors. What have I missed ? (I cant access the archives of this mailing list right now - the server seems to be unavailable.) I'm running Samba on Solaris 2.5.1 by the way. Janet ************************************************************************* Janet Dickson | http://www.bioss.sari.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.sari.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* From bican at metu.edu.tr Fri Apr 9 07:55:52 1999 From: bican at metu.edu.tr (Can Bican) Date: Tue Dec 2 02:26:04 2003 Subject: NIS + Domain Message-ID: <370DB288.2689DBF4@rorqual.cc.metu.edu.tr> We are trying to use samba as a domain controller (just for passwords) for NT workstations. Our main concern is to be able to synchronize NIS passwords. If we turn off password encryption, machine accounts become unavailable. Conversely, if we turn on password encryption, we cannot use the existing passwords. Is there a way to overcome this? Can samba do the encrypted way for machines and the other way for users, or is it reasonable to patch samba for this? -- Can Bican METU Computer Center From roger at coconet.com Fri Apr 9 09:22:40 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:04 2003 Subject: Running MS Access Message-ID: <020d01be826a$84b8cb40$5b60b0cc@saturn2> Thanks to all that responded. Since we are using programs that are suppose to do their own locking...I set oplocks to false and changed the umasks as noted below. Everything appears to be functioning properly including the locking in Access and Peachtree. As a side note, the Access product works the same on the NT as on the Samba..you have to exit the file to refresh the data... I didn't know that before. Also we added a product call Contour (loan processing package) to the Samba server today as well and it seems to be performing ok. Roger D. > >I am storing peachtree accounting software on a samba server also >this is what i used to get around the strange locks and so forth... >made a unix group called peach and added valid users to that group >and gave correct permissions to the unix path and added this to my smb.conf >i don't know if this a correct way to approach this but it gives everyone r/w >access to the dir >that belongs to the peachtree group > >[peach] > comment = Peachtree > path=/home/peach > writeable = yes > valid users = @peach > printable = no > browseable = no > force group = peach > create mask = 0770 > force create mode = 0000 > directory mask =0770 > force directory mode = 0000 > > >-Bryan > > From iainr at civ.hw.ac.uk Fri Apr 9 10:26:29 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: <370D5E50.C0CAADC1@student.unsw.edu.au> Message-ID: On Fri, 9 Apr 1999, Matt Chapman wrote: > Iain Rae wrote: > > > > imagecast generates SID's ok and changes the hostname but won't > > postconfigure the domain appropriately. If we clone a PC which is already > > in the domain it will set everything up but in order to get logons working > > you have to mess with the control panel as described in the NTDOM FAQ. > > > > Try cloning a PC which is already in the domain and then cloning its > smbpasswd entry, so that the trust password is the same. > > There is nothing special about the process of "joining a domain"; it > just involves a synchronisation of secrets. > > Matt Now why didn't I think of that. Of course, it works. thanks > > > -- > Matt Chapman > m.chapman@student.unsw.edu.au > ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From Armin.Amon at mgm-edv.de Fri Apr 9 10:58:08 1999 From: Armin.Amon at mgm-edv.de (Armin Amon) Date: Tue Dec 2 02:26:04 2003 Subject: site poll. References: Message-ID: <370DDD40.6EC83E96@mgm-edv.de> Luke Kenneth Casson Leighton wrote: > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: > > - a brief description of your organisation. Software Development in Java and Powerbuilder > > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). > file server (with NT PDC) > > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. > 2.0.2 > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) > P133 128 MB 18+4 GB mirrowed + 18 + 2 GB, Linux 2.036, 100 MBit 3Com Ethernetcard, no statistics available > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. > about 30 users in private/smbpasswd, simultaneous about 20 > > - what sort of hosts connect to your servers. > All NT4SP4 Clients, 10 MBit Ethernet > > i should probably be advocating people to fill in the survey instead of > this :) > > thank you! > > luke > bye Armin > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== From G.Klein at edelmann.de Fri Apr 9 11:49:44 1999 From: G.Klein at edelmann.de (Gerhard Klein) Date: Tue Dec 2 02:26:04 2003 Subject: NIS + Domain References: <370DB288.2689DBF4@rorqual.cc.metu.edu.tr> Message-ID: <370DE957.A63778AF@edelmann.de> We use a NT4.0 PDC and want use Samba PDC. You have to turn on password encryption and unix password sync. But how to sync NT password and smbpasswd first time? 1. Idee: Give everybody a new password in smbpasswd and let it change by the user. 2. Idee: Move NT password from regestrie to smbpasswd. But I don't know how to do. Can anybody help? Gerhard Can Bican schrieb: > We are trying to use samba as a domain controller (just for > passwords) for NT workstations. Our main concern is to be able to > synchronize NIS passwords. If we turn off password encryption, machine > accounts become unavailable. Conversely, if we turn on password > encryption, we cannot use the existing passwords. Is there a way to > overcome this? Can samba do the encrypted way for machines and the other > way for users, or is it reasonable to patch samba for this? > > -- > Can Bican > METU Computer Center -- http://www.edelmann.de mailto:G.Klein@edelmann.de Phone: +49 7321 340 368 Fax: +49 7321 340 363 From happy at opf.slu.cz Fri Apr 9 12:19:18 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:04 2003 Subject: Samba PDC Message-ID: <370DF046.FF1222BA@opf.slu.cz> Has anybody run successfully a Samba PDC on RedHat 5.2? I try to do it but it doesn't matter what I do, it still doesn't work. Domain logons for Win9x work just grets, all declared shares are accessible even to NT workstations, but no NT workstation can join the Samba domain. When I try to join I get the "Unable to connect to the domain controller..." error message. I did everything as described in the FAQ, I added a computer account for my NT box, I issued "smbpasswd -a -m machine_name", but I get still the same message. I think there is some problem related to the PAM authentication. This might be specific problem of RedHat 5.2.. Any hints appreciated. Petr Stastny -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990409/bd6dc9d8/happy.vcf From cartegw at Eng.Auburn.EDU Fri Apr 9 12:42:32 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: <370D5E50.C0CAADC1@student.unsw.edu.au> Message-ID: On Fri, 9 Apr 1999, Matt Chapman wrote: > Try cloning a PC which is already in the domain and then cloning its > smbpasswd entry, so that the trust password is the same. > > There is nothing special about the process of "joining a domain"; it > just involves a synchronisation of secrets. Actually I was thinking about this the other day. The advantages of being able to join a domain from a command line is that I could rshd into an NT box (I have a rshd on every nt client) and rejoin, exit, etc... as long as the machine was on the network. Very handy I think. My idea was that you would simply have to duplicate the the RPC made when one used the network control panel. Sound right? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Jean-Francois.Micouleau at dalalu.fr Fri Apr 9 13:32:46 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: Message-ID: On Fri, 9 Apr 1999, Gerald W. Carter wrote: > My idea was that you would simply have to duplicate the the RPC made > when one used the network control panel. Sound right? NetWkstaSetInfo from the MSDN ? J.F. From dave at www.buffalostate.edu Fri Apr 9 13:53:34 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:04 2003 Subject: How to add machine accounts? In-Reply-To: <199904082116.XAA29576@bbaer.muenster.de> Message-ID: > Ok... I guess I didnt make myself clear enough. > I have the trailing $ at the machine-accounts name wich is the > username in the /etc/passwd... > but when I run smbpasswd it still complains about the account > would not be existend... ??!!!?!?... > > Here is what I do: > 1. Edit /etc/passwd, add the following line: > mypdc$:dummy:1001:1001:test:/dev/nul:/usr/sbin > 2. Save /etc/passwd > 3. Do at the prompt: > /usr/local/samba/bin/smbpasswd -a -m mypdc > > And I get this response: > User "mypdc$" was not found in system password file. > > What am I missing???? Do you have SHADOW passwords enabled? if so there has to be the mating line in /etc/shadow. Its usually easiest to use the system "adduser" tool for creating the machine accounts. i.e?( on redhat 5.x "adduser -n mypdc$") (the "-n" turns off redhats "user private groups" which suck anyway) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From pburch at sccd.ctc.edu Fri Apr 9 15:01:26 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:04 2003 Subject: How to add machine accounts? Message-ID: <67DD2D8CC31BD111A8BB080009DDDED5CADC0A@nsccnta01.sccd.ctc.edu> Here is my add account perl script; hope it helps #!/usr/bin/perl $mname = shift(); ($mname eq "") && die("ERROR: No workstation name specified!\n"); print "Beginning Account Creation for $mname..\n"; (open(PASSWD, "/etc/passwd")) || die("Failed to open /etc/passwd\n"); while (){ @entry = split(/:/); $users{$entry[0]} = 1; $numbers{$entry[2]} = 1; } close PASSWD; foreach (keys(%users)){ ($_ eq $mname) && die("Account already exists!\n"); } # find first free uid (starting at 10010) $nuid = 10010; while(defined($numbers{$nuid})) { $nuid ++; } print "Adding Account $mname:$nuid.\n"; system("useradd -u $nuid -d /dev/null -g machines -s /bin/False -M $mname\$"); system("smbpasswd -a -m $mname"); print "Account: $mname Created.\n"; #END (I made a group for machines, you may not want the -g machines in useradd, you may also want to start at a lower number for user id's I just like to keep the machine accounts seperate) Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Andre Anneck [mailto:andre@anneck.de] Sent: Thursday, April 08, 1999 2:17 PM To: Multiple recipients of list Subject: Re: How to add machine accounts? Ok... I guess I didnt make myself clear enough. I have the trailing $ at the machine-accounts name wich is the username in the /etc/passwd... but when I run smbpasswd it still complains about the account would not be existend... ??!!!?!?... Here is what I do: 1. Edit /etc/passwd, add the following line: mypdc$:dummy:1001:1001:test:/dev/nul:/usr/sbin 2. Save /etc/passwd 3. Do at the prompt: /usr/local/samba/bin/smbpasswd -a -m mypdc And I get this response: User "mypdc$" was not found in system password file. What am I missing???? > > The users you add in /etc/passwd must be machine accounts. That is, if > your machine is called dilbert, the account in /etc/passwd must be > "dilbert$". > > Greg > > --------------------------------------------------------------------- Greg > Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) > 954-7171 greg@discreet.com > > > On Thu, 8 Apr 1999, Andre Anneck wrote: > > > Hi there, > > > > I am running FreeBSD 3.1, Samba 2.0.3, > > > > When I try to add a machine account it always gives me > > "bla does not exist in system password file" > > or something like this, sorry have my box not handy right now. > > > > I edited /etc/passwd > > And inserted some testusers, referring to those people who already did > > it... > > > > I try to add the account with > > /smbpasswd -a -m > > > > I have read several mails in the archive that claim that it would be as > > easy as that. Addin a line in /etc/passwd, then using smbpasswd with > > options a, m. > > > > I think I missed something so obvious I cant see it... please open my > > eyes... I would like to have the Samba Box to be my PDC... *sniff*. > > > > > > The UORMSS - Source Net > > http://www.anneck.de/rmss > > ------------------------------------- > > ICQ# 1339921 | Home: http://anneck.de > > > The UORMSS - Source Net http://www.anneck.de/rmss ------------------------------------- ICQ# 1339921 | Home: http://anneck.de From pburch at sccd.ctc.edu Fri Apr 9 15:05:12 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? Message-ID: <67DD2D8CC31BD111A8BB080009DDDED5CADC0B@nsccnta01.sccd.ctc.edu> Has anyone found a good way to change the local machine names on a 'lab' of NT workstations after cloning them? I have done some weird stuff with making batch files into services that call regedit and tweak the machine name settings but it really isn't efficient. Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Iain Rae [mailto:iainr@civ.hw.ac.uk] Sent: Friday, April 09, 1999 3:31 AM To: Multiple recipients of list Subject: Re: Joining an NT domain using the command line? On Fri, 9 Apr 1999, Matt Chapman wrote: > Iain Rae wrote: > > > > imagecast generates SID's ok and changes the hostname but won't > > postconfigure the domain appropriately. If we clone a PC which is already > > in the domain it will set everything up but in order to get logons working > > you have to mess with the control panel as described in the NTDOM FAQ. > > > > Try cloning a PC which is already in the domain and then cloning its > smbpasswd entry, so that the trust password is the same. > > There is nothing special about the process of "joining a domain"; it > just involves a synchronisation of secrets. > > Matt Now why didn't I think of that. Of course, it works. thanks > > > -- > Matt Chapman > m.chapman@student.unsw.edu.au > ---------------------------------------------------------------------------- --- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ---------------------------------------------------------------------------- --- From lkcl at switchboard.net Fri Apr 9 15:17:34 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:04 2003 Subject: localgroup map In-Reply-To: <370DAE97.C3D524BA@iu-vannes.fr> Message-ID: On Fri, 9 Apr 1999, Alexandre Lecuyer wrote: > I am trying to use the "local group map", running samba 2.1.0 prealpha > as a PDC. > > The NT workstations being french versions of NT, I have edited the > lib/util_pwdb.c > to change Administrators to Administrateurs, etc... > I have one line in localgroup.map : > inst=BUILTIN\Administrateurs > > When I try to login as user "localadm" > (uid=511(localadm) gid=1509(inst) groups=1509(inst)) > I get the following message from the station : "the system couldn't > open a session [..]" > > and in the samba logs, I have this message : > [1999/04/09 09:34:09, 0] passdb/sampassdb.c:pwdb_sam_map_names(740) > UNIX User localadm Primary Group is in the wrong domain! S-1-5-32-544 all users must be in a Domain Group. From dave at www.buffalostate.edu Fri Apr 9 15:32:03 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:04 2003 Subject: NIS + Domain In-Reply-To: <370DE957.A63778AF@edelmann.de> Message-ID: > We use a NT4.0 PDC and want use Samba PDC. You have to turn on password > encryption and unix password sync. But how to sync NT password and smbpasswd > first time? > > 1. Idee: Give everybody a new password in smbpasswd and let it change by the > user. > 2. Idee: Move NT password from regestrie to smbpasswd. But I don't know how > to do. Can anybody help? there used to be a utility on the samba ftp site, that dumped the SAM database on NT to an smb.conf file. I donno if it preserved the encrypted passwords though.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From krampen at usa.net Fri Apr 9 15:58:55 1999 From: krampen at usa.net (STEFAN KRAMPEN) Date: Tue Dec 2 02:26:04 2003 Subject: map valid nt but not valid unix users to guest, handle unix users correct Message-ID: <19990409155857.186.qmail@www0i.netaddress.usa.net> Please point me to the right place if the question is stupid: [global] debug level = 10 server string = CAx UNIX File Server with Samba %v sync always = no getwd cache = yes workgroup = DEKO_DEUTZD100 security = server #security = user encrypt passwords = yes password server = PODC002 domain master = no domain logons = no revalidate = False deadtime = 15 max connections = 200 follow symlinks = yes wide links = no wins support = yes wins server = podc001 netbios name = mr0058 now I want to map all users which are not (and only these) into the unix passwd(yp) to nobody. but ALL users should be authenticated with correct password with the NT server. the aim is to get correct user/group access for all common unix/nt users and give non unix users only read permission. the MAP TO GUEST option gives me only the opportunity to map all users (including NT-Password failing ones) Thanks in advance Stefan Krampen Engineering & Production Projects EDS Electronic Data Systems Fertigungsindustrie (Deutschland) GmbH c/o Deutz AG Ottostr 1 51149 Köln Fon: 0221 822 5496 Fax: 0221 822 4856 Cell: 0171 3364 855 eMail: krampen@usa.net ____________________________________________________________________ Get free e-mail and a permanent address at http://www.netaddress.com/?N=1 From happy at opf.slu.cz Fri Apr 9 16:33:32 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:04 2003 Subject: Samba PDC References: <67DD2D8CC31BD111A8BB080009DDDED5CADC0C@nsccnta01.sccd.ctc.edu> Message-ID: <370E2BDB.98CA1717@opf.slu.cz> And do you use it as a PDC? I mean, I don't had problems till I tried to use it as a PDC for my NT boxes.. Petr Stastny "Burch, Phil" wrote: > I can't tell you what your specific problem is but I have samba 2.0.3 > working great on RedHat 5.2 > > Phil Burch > Computing Services > North Seattle Community College > http://nsccux.sccd.ctc.edu > > -----Original Message----- > From: Petr Stastny [mailto:happy@opf.slu.cz] > Sent: Friday, April 09, 1999 5:14 AM > To: Multiple recipients of list > Subject: Samba PDC > > This is a multi-part message in MIME format. > --------------6A4C56EFBE818A2630235AE8 > Content-Type: text/plain; charset=iso-8859-2 > Content-Transfer-Encoding: 7bit > > Has anybody run successfully a Samba PDC on RedHat 5.2? > > I try to do it but it doesn't matter what I do, it still doesn't work. > Domain logons for Win9x work just grets, all declared shares are > accessible even to NT workstations, but no NT workstation can join the > Samba domain. When I try to join I get the "Unable to connect to the > domain controller..." error message. > > I did everything as described in the FAQ, I added a computer account for > my NT box, I issued "smbpasswd -a -m machine_name", but I get still the > same message. > > I think there is some problem related to the PAM authentication. This > might be specific problem of RedHat 5.2.. Any hints appreciated. > > Petr Stastny > > --------------6A4C56EFBE818A2630235AE8 > Content-Type: text/x-vcard; charset=iso-8859-2; > name="happy.vcf" > Content-Transfer-Encoding: 7bit > Content-Description: Card for Petr Stastny > Content-Disposition: attachment; > filename="happy.vcf" > > begin:vcard > n:Stastny;Petr > tel;cell:420-603-816625 > tel;home:420-659-712775 > tel;work:420-659-56224 > x-mozilla-html:FALSE > adr:;;;;;; > version:2.1 > email;internet:happy@opf.slu.cz > fn:Petr Stastny > end:vcard > > --------------6A4C56EFBE818A2630235AE8-- -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990409/279c2cf8/happy.vcf From pburch at sccd.ctc.edu Fri Apr 9 16:32:33 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:04 2003 Subject: Samba PDC Message-ID: <67DD2D8CC31BD111A8BB080009DDDED5CADC0D@nsccnta01.sccd.ctc.edu> yup, it is my PDC.. Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Petr Stastny [mailto:happy@opf.slu.cz] Sent: Friday, April 09, 1999 9:34 AM To: Burch, Phil; samba-ntdom@samba.org Subject: Re: Samba PDC And do you use it as a PDC? I mean, I don't had problems till I tried to use it as a PDC for my NT boxes.. Petr Stastny "Burch, Phil" wrote: > I can't tell you what your specific problem is but I have samba 2.0.3 > working great on RedHat 5.2 > > Phil Burch > Computing Services > North Seattle Community College > http://nsccux.sccd.ctc.edu > > -----Original Message----- > From: Petr Stastny [mailto:happy@opf.slu.cz] > Sent: Friday, April 09, 1999 5:14 AM > To: Multiple recipients of list > Subject: Samba PDC > > This is a multi-part message in MIME format. > --------------6A4C56EFBE818A2630235AE8 > Content-Type: text/plain; charset=iso-8859-2 > Content-Transfer-Encoding: 7bit > > Has anybody run successfully a Samba PDC on RedHat 5.2? > > I try to do it but it doesn't matter what I do, it still doesn't work. > Domain logons for Win9x work just grets, all declared shares are > accessible even to NT workstations, but no NT workstation can join the > Samba domain. When I try to join I get the "Unable to connect to the > domain controller..." error message. > > I did everything as described in the FAQ, I added a computer account for > my NT box, I issued "smbpasswd -a -m machine_name", but I get still the > same message. > > I think there is some problem related to the PAM authentication. This > might be specific problem of RedHat 5.2.. Any hints appreciated. > > Petr Stastny > > --------------6A4C56EFBE818A2630235AE8 > Content-Type: text/x-vcard; charset=iso-8859-2; > name="happy.vcf" > Content-Transfer-Encoding: 7bit > Content-Description: Card for Petr Stastny > Content-Disposition: attachment; > filename="happy.vcf" > > begin:vcard > n:Stastny;Petr > tel;cell:420-603-816625 > tel;home:420-659-712775 > tel;work:420-659-56224 > x-mozilla-html:FALSE > adr:;;;;;; > version:2.1 > email;internet:happy@opf.slu.cz > fn:Petr Stastny > end:vcard > > --------------6A4C56EFBE818A2630235AE8-- From jallison at cthulhu.engr.sgi.com Fri Apr 9 16:35:40 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:04 2003 Subject: NIS + Domain References: Message-ID: <370E2C5C.EFAF7063@engr.sgi.com> Dave J. Andruczyk wrote: > there used to be a utility on the samba ftp site, that > dumped the SAM database on NT to an smb.conf file. I donno > if it preserved the encrypted passwords though.. Still is, pwdump is the name. I've been thinking about updating it of late. It does preserve the encrypted password although it writes out an older smbpasswd file format. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Fri Apr 9 17:11:30 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: Message-ID: On Fri, 9 Apr 1999, Iain Rae wrote: > On Fri, 9 Apr 1999, Matt Chapman wrote: > > > Iain Rae wrote: > > > > > > imagecast generates SID's ok and changes the hostname but won't > > > postconfigure the domain appropriately. If we clone a PC which is already > > > in the domain it will set everything up but in order to get logons working > > > you have to mess with the control panel as described in the NTDOM FAQ. why? i just... *ah* i haven't done the "change account name" samr function yet (opcode 0x25). if you unjoin the wksta _and_ change its name (reboot) and change its name back _and_ re-join (reboot) it should work fine, i added the code to do the password change recently. From lkcl at switchboard.net Fri Apr 9 17:13:23 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:04 2003 Subject: NIS + Domain In-Reply-To: <370DE957.A63778AF@edelmann.de> Message-ID: On Fri, 9 Apr 1999, Gerhard Klein wrote: > We use a NT4.0 PDC and want use Samba PDC. You have to turn on password > encryption and unix password sync. But how to sync NT password and smbpasswd > first time? > > 1. Idee: Give everybody a new password in smbpasswd and let it change by the > user. > 2. Idee: Move NT password from regestrie to smbpasswd. But I don't know how > to do. Can anybody help? pwdump by jeremy allison OR the RESKIT equivalent tool that has been available with the NT srv distribution since NT first came out. From lkcl at switchboard.net Fri Apr 9 17:14:55 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: Message-ID: On Fri, 9 Apr 1999, Gerald W. Carter wrote: > On Fri, 9 Apr 1999, Matt Chapman wrote: > > > Try cloning a PC which is already in the domain and then cloning its > > smbpasswd entry, so that the trust password is the same. > > > > There is nothing special about the process of "joining a domain"; it > > just involves a synchronisation of secrets. > > Actually I was thinking about this the other day. The advantages of being > able to join a domain from a command line is that I could rshd into an NT > box (I have a rshd on every nt client) and rejoin, exit, etc... as long as > the machine was on the network. Very handy I think. > > My idea was that you would simply have to duplicate the the RPC made > when one used the network control panel. Sound right? i've done most of that, jerry: the only thing i haven't got is when you change the name of the workstation when it's still in the domain, this sends opcode 0x25 and would require some fiddly stuff in smbpasswd. luke From happy at opf.slu.cz Fri Apr 9 17:32:41 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:04 2003 Subject: Samba PDC References: <67DD2D8CC31BD111A8BB080009DDDED5CADC0D@nsccnta01.sccd.ctc.edu> Message-ID: <370E39B9.854BBF35@opf.slu.cz> you're lucky man. I spent already couple of hours trying to get it to work :-( Could you please describe me your configuration? And if you are so kind, send me also your smb.conf. Thanx, Petr Stastny "Burch, Phil" wrote: > yup, it is my PDC.. > > Phil Burch > Computing Services > North Seattle Community College > http://nsccux.sccd.ctc.edu > > -----Original Message----- > From: Petr Stastny [mailto:happy@opf.slu.cz] > Sent: Friday, April 09, 1999 9:34 AM > To: Burch, Phil; samba-ntdom@samba.org > Subject: Re: Samba PDC > > And do you use it as a PDC? I mean, I don't had problems till I tried to use > it as a PDC for my NT boxes.. > > Petr Stastny > > "Burch, Phil" wrote: > > > I can't tell you what your specific problem is but I have samba 2.0.3 > > working great on RedHat 5.2 > > > > Phil Burch > > Computing Services > > North Seattle Community College > > http://nsccux.sccd.ctc.edu > > > > -----Original Message----- > > From: Petr Stastny [mailto:happy@opf.slu.cz] > > Sent: Friday, April 09, 1999 5:14 AM > > To: Multiple recipients of list > > Subject: Samba PDC > > > > This is a multi-part message in MIME format. > > --------------6A4C56EFBE818A2630235AE8 > > Content-Type: text/plain; charset=iso-8859-2 > > Content-Transfer-Encoding: 7bit > > > > Has anybody run successfully a Samba PDC on RedHat 5.2? > > > > I try to do it but it doesn't matter what I do, it still doesn't work. > > Domain logons for Win9x work just grets, all declared shares are > > accessible even to NT workstations, but no NT workstation can join the > > Samba domain. When I try to join I get the "Unable to connect to the > > domain controller..." error message. > > > > I did everything as described in the FAQ, I added a computer account for > > my NT box, I issued "smbpasswd -a -m machine_name", but I get still the > > same message. > > > > I think there is some problem related to the PAM authentication. This > > might be specific problem of RedHat 5.2.. Any hints appreciated. > > > > Petr Stastny > > > > --------------6A4C56EFBE818A2630235AE8 > > Content-Type: text/x-vcard; charset=iso-8859-2; > > name="happy.vcf" > > Content-Transfer-Encoding: 7bit > > Content-Description: Card for Petr Stastny > > Content-Disposition: attachment; > > filename="happy.vcf" > > > > begin:vcard > > n:Stastny;Petr > > tel;cell:420-603-816625 > > tel;home:420-659-712775 > > tel;work:420-659-56224 > > x-mozilla-html:FALSE > > adr:;;;;;; > > version:2.1 > > email;internet:happy@opf.slu.cz > > fn:Petr Stastny > > end:vcard > > > > --------------6A4C56EFBE818A2630235AE8-- -------------- next part -------------- A non-text attachment was scrubbed... Name: happy.vcf Type: text/x-vcard Size: 201 bytes Desc: Card for Petr Stastny Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990409/51ec9a65/happy.vcf From Tom_McAnnally at compuware.com Fri Apr 9 17:13:18 1999 From: Tom_McAnnally at compuware.com (Tom McAnnally) Date: Tue Dec 2 02:26:04 2003 Subject: How to become an Administrator - Using Samba 2.0.3 PDC Message-ID: <009d01be82ac$43b42da0$203617ac@fh1301e.compuware.com> Hello All, I have set up Samba as a PDC version 2.0.3. I am able to log into the domain, but I have a few problems. I was using a version of Samba which I built from the CVS head branch a while back. Now I am using a version I DL'd pre built in rpm format. Previous to the upgrade, I had a roaming profile for myself which seems to have been whacked when I did the update? I have a copy of it on my local machine, and I would like to restore it if possible? Is is possible to turn off roaming profiles? How do I make myself a domain admin again. I had implemented this before, but now it doesn't work. Some things have changed in the format of smb.conf, but I can't seem to find the definitive answer to this question, and the things I have tried didn't work. I am running SAMBA under RedHat 5.2, and serving up Domain to 1 linux box, 1 Win98 box, and 2 NT Workstations. I have included any files that might help describe my config as it is now. Thanks, Tom McAnnally tom_mcannally@compuware.com smb.conf ---------------------------------------------------------- # Samba config file created using SWAT # from illusion.ic.net (192.168.1.2) # Date: 1999/04/09 00:41:43 # Global parameters workgroup = ILLUSION-NET server string = Samba Server encrypt passwords = Yes null passwords = Yes smb passwd file = /usr/local/samba/private/smbpasswd username map = /etc/smbusers password level = 10 username level = 10 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY domain admin group = adm domain admin users = TomNT domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No hosts allow = 192.168.1. 127. [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes -------------------------------------------- Groups list from my Linux Server: root bin daemon sys adm disk wheel From iainr at civ.hw.ac.uk Fri Apr 9 17:43:39 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: <67DD2D8CC31BD111A8BB080009DDDED5CADC0B@nsccnta01.sccd.ctc.edu> Message-ID: On Fri, 9 Apr 1999, Burch, Phil wrote: > Has anyone found a good way to change the local machine names on a 'lab' of > NT workstations after cloning them? I have done some weird stuff with making > batch files into services that call regedit and tweak the machine name > settings but it really isn't efficient. imagecast allows you to change the hostname and the domain (also to make arbitrary registry changes) immediately after cloning. It also has a client which allows you to reboot/psh images to hosts. If you're running ISC dhcpd (possibly if you're running any dhcpd) there's a program which checks to see if the hostname matches what dhcpd thinks your hostname should be and changes it f it's not. I've got it kicking about somewhere, e-mail me if you're interested. Of course if microsoft had a reasonable dhcp client there wouldn't be this problem :) > > Phil Burch > Computing Services > North Seattle Community College > http://nsccux.sccd.ctc.edu > > > -----Original Message----- > From: Iain Rae [mailto:iainr@civ.hw.ac.uk] > Sent: Friday, April 09, 1999 3:31 AM > To: Multiple recipients of list > Subject: Re: Joining an NT domain using the command line? > > > On Fri, 9 Apr 1999, Matt Chapman wrote: > > > Iain Rae wrote: > > > > > > imagecast generates SID's ok and changes the hostname but won't > > > postconfigure the domain appropriately. If we clone a PC which is > already > > > in the domain it will set everything up but in order to get logons > working > > > you have to mess with the control panel as described in the NTDOM FAQ. > > > > > > > Try cloning a PC which is already in the domain and then cloning its > > smbpasswd entry, so that the trust password is the same. > > > > There is nothing special about the process of "joining a domain"; it > > just involves a synchronisation of secrets. > > > > Matt > Now why didn't I think of that. > > Of course, it works. > > thanks > > > > > > > > > > > -- > > Matt Chapman > > m.chapman@student.unsw.edu.au > > > > > ---------------------------------------------------------------------------- > --- > | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never > in)| > | Computing Officer. | Any Opinions I am able to form are my own and in > no| > | Civil & Offshore Eng. | way reflect those of my employers. > | > | Heriot-Watt University.| Well that's my opinion anyway. > | > ---------------------------------------------------------------------------- > --- > ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From aperrin at demog.Berkeley.EDU Fri Apr 9 18:57:08 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:04 2003 Subject: How to add machine accounts? In-Reply-To: Message-ID: I believe it needs to be MYPDC$ not mypdc$ but I could be wrong. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 9 Apr 1999, Dave J. Andruczyk wrote: > > Ok... I guess I didnt make myself clear enough. > > I have the trailing $ at the machine-accounts name wich is the > > username in the /etc/passwd... > > but when I run smbpasswd it still complains about the account > > would not be existend... ??!!!?!?... > > > > Here is what I do: > > 1. Edit /etc/passwd, add the following line: > > mypdc$:dummy:1001:1001:test:/dev/nul:/usr/sbin > > 2. Save /etc/passwd > > 3. Do at the prompt: > > /usr/local/samba/bin/smbpasswd -a -m mypdc > > > > And I get this response: > > User "mypdc$" was not found in system password file. > > > > What am I missing???? > > Do you have SHADOW passwords enabled? if so there has to be the mating > line in /etc/shadow. Its usually easiest to use the system "adduser" tool > for creating the machine accounts. i.e?( on redhat 5.x "adduser -n > mypdc$") (the "-n" turns off redhats "user private groups" which suck > anyway) > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College > > > From cartegw at Eng.Auburn.EDU Fri Apr 9 19:26:56 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:04 2003 Subject: Joining an NT domain using the command line? In-Reply-To: <67DD2D8CC31BD111A8BB080009DDDED5CADC0B@nsccnta01.sccd.ctc.edu> Message-ID: On Sat, 10 Apr 1999, Burch, Phil wrote: > Has anyone found a good way to change the local machine names on a 'lab' of > NT workstations after cloning them? I have done some weird stuff with making > batch files into services that call regedit and tweak the machine name > settings but it really isn't efficient. Get the newsid utility from www.sysinternals.com Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From aryosukarno at earthlink.net Fri Apr 9 20:06:26 1999 From: aryosukarno at earthlink.net (Aryo K. Sukarno) Date: Tue Dec 2 02:26:04 2003 Subject: NIS + Domain In-Reply-To: Message-ID: <000101be82c4$72f87900$3eddf9d1@netliaison.com> Try pwdump.exe, it will convert to smbpasswd. Please let me know how you setup samba with nis+ Because mine always get an error while ./configure --with-nisplus Thank you Aryo > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Dave J. Andruczyk > Sent: Friday, April 09, 1999 8:39 AM > To: Multiple recipients of list > Subject: Re: NIS + Domain > > > > > We use a NT4.0 PDC and want use Samba PDC. You have to turn on password > > encryption and unix password sync. But how to sync NT password > and smbpasswd > > first time? > > > > 1. Idee: Give everybody a new password in smbpasswd and let it > change by the > > user. > > 2. Idee: Move NT password from regestrie to smbpasswd. But I > don't know how > > to do. Can anybody help? > > there used to be a utility on the samba ftp site, that > dumped the SAM database on NT to an smb.conf file. I donno > if it preserved the encrypted passwords though.. > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College > > > > From bican at metu.edu.tr Fri Apr 9 20:22:17 1999 From: bican at metu.edu.tr (Can Bican) Date: Tue Dec 2 02:26:05 2003 Subject: NIS + Domain References: <370DB288.2689DBF4@rorqual.cc.metu.edu.tr> <370DE957.A63778AF@edelmann.de> Message-ID: <370E6179.C831406A@rorqual.cc.metu.edu.tr> So, the problem is this: How can one migrate a UNIX style passwd file to an smbpasswd file? This seems like not a possible thing since I think there should be a decryption somewhere. But I think I discovered something: Please correct me if I am wrong. If you enable plain passwords in NT WS registry, and setup the samba server for plain passwords and password synchronization, then WS's can use shares with the existing UNIX passwords. But then the WS can't join to the domain, probably because there is something wrong with changing its machine password. I thought of two things: First is that the NT WS still tries to send encrypted password for the machine password. Second is that NT WS (or samba behalf of the NT WS) cannot change the password if its entry is at the UNIX style passwd file. Which one should be the right one? I am talking about 20,000 users. You can't give them all a new password, nor you can wait for all of them to change their passwords to fill up the empty fields in smbpasswd file. I wandered around the source for a short time, and did not observe different treatment to machine passwords and user passwords, but I might have missed... Any ideas? Gerhard Klein wrote: > > We use a NT4.0 PDC and want use Samba PDC. You have to turn on password > encryption and unix password sync. But how to sync NT password and smbpasswd > first time? > > 1. Idee: Give everybody a new password in smbpasswd and let it change by the > user. > 2. Idee: Move NT password from regestrie to smbpasswd. But I don't know how > to do. Can anybody help? > > Gerhard > Can Bican schrieb: > > > We are trying to use samba as a domain controller (just for > > passwords) for NT workstations. Our main concern is to be able to > > synchronize NIS passwords. If we turn off password encryption, machine > > accounts become unavailable. Conversely, if we turn on password > > encryption, we cannot use the existing passwords. Is there a way to > > overcome this? Can samba do the encrypted way for machines and the other > > way for users, or is it reasonable to patch samba for this? > > -- > http://www.edelmann.de > mailto:G.Klein@edelmann.de > Phone: +49 7321 340 368 > Fax: +49 7321 340 363 -- Can Bican Bilgi Islem Daire Baskanligi, ODTU METU Computer Center From brissing at vexcel.com Fri Apr 9 20:25:47 1999 From: brissing at vexcel.com (Dean Brissinger) Date: Tue Dec 2 02:26:05 2003 Subject: Software dist? Message-ID: Has anyone yet pioneered getting a software/OS distribution setup going from a Samba share? I'd be interested to know, as I really want all my PC's to be kept in sync. From florian at void.s.bawue.de Fri Apr 9 18:28:55 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:05 2003 Subject: localgroup map In-Reply-To: <370DAE97.C3D524BA@iu-vannes.fr>; from Alexandre Lecuyer on Fri, Apr 09, 1999 at 05:38:28PM +1000 References: <370DAE97.C3D524BA@iu-vannes.fr> Message-ID: <19990409182855.C380@void.s.bawue.de> On Fri, Apr 09, 1999 at 05:38:28PM +1000, Alexandre Lecuyer wrote: > I am trying to use the "local group map", running samba 2.1.0 prealpha > as a PDC. > > The NT workstations being french versions of NT, I have edited the > lib/util_pwdb.c > to change Administrators to Administrateurs, etc... > I have one line in localgroup.map : > inst=BUILTIN\Administrateurs > > When I try to login as user "localadm" > (uid=511(localadm) gid=1509(inst) groups=1509(inst)) > I get the following message from the station : "the system couldn't > open a session [..]" > > and in the samba logs, I have this message : > [1999/04/09 09:34:09, 0] passdb/sampassdb.c:pwdb_sam_map_names(740) > UNIX User localadm Primary Group is in the wrong domain! S-1-5-32-544 > > I have the same problems on german NT4SP4. If you move the Adminstrators group ('inst' for you) from the primary group in /etc/passwd to the secondary group machanism with usernames in /etc/group you can log in, but have no administrator rights on the NT machine. Any help? Thanks, Florian From mattyc at newcollege.unsw.edu.au Fri Apr 9 23:54:52 1999 From: mattyc at newcollege.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:26:05 2003 Subject: failed session request References: <370DB088.3C35319E@bioss.sari.ac.uk> Message-ID: <370E934C.89B8AF41@newcollege.unsw.edu.au> Janet Dickson wrote: > > failed session request > failed session request > cli_connect_serverlist: Domain password server not available. > get_member_domain_sid: unable to initialise client connection. > Can't setup password database vectors. > You need to be running smbd, as smbpasswd now talks to it during initialisation. Matt -- Matt Chapman New College UNSW From florian at void.s.bawue.de Sat Apr 10 00:40:12 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:05 2003 Subject: localgroup map In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Apr 10, 1999 at 01:18:56AM +1000 References: <370DAE97.C3D524BA@iu-vannes.fr> Message-ID: <19990410004012.A535@void.s.bawue.de> On Sat, Apr 10, 1999 at 01:18:56AM +1000, Luke Kenneth Casson Leighton wrote: > On Fri, 9 Apr 1999, Alexandre Lecuyer wrote: > > > and in the samba logs, I have this message : > > [1999/04/09 09:34:09, 0] passdb/sampassdb.c:pwdb_sam_map_names(740) > > UNIX User localadm Primary Group is in the wrong domain! S-1-5-32-544 > > all users must be in a Domain Group. > It didn't work for me even if the user was both in a Domain Group and a Local Group. Thanks, Florian From bryan.oshea at usa-emotron.com Sat Apr 10 18:14:51 1999 From: bryan.oshea at usa-emotron.com (Bryan O'Shea) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) Message-ID: <370F951B.451A8904@usa-emotron.com> running linux 2.2.5 samba 2.0.3 w/ 6 or so nt workstations 4.0 sp4 i have had all the computers join the domain and they can log into the domain and map drives etc... but everytime i log in it gives me this msg "Your roaming profile is not available, the operating system is attempting to log you in as your local profile" it does this every time i log in as the user and creates a new profile every time this is where i am not to keen at NT stuff... ;) i guess i don't have the privileges and so forth to change anything or tell it my path of my profile on the server when i am logged into the domain could someone point me in the right direction... i would like to do roaming profiles for each user in the domain but.. don't know where to start... or how do i tell each user of the domain where his/her profile is stored on the server etc.. any help would be appreciated ---Bryan From Jens.Skripczynski at studbox.uni-stuttgart.de Sat Apr 10 19:51:30 1999 From: Jens.Skripczynski at studbox.uni-stuttgart.de (Jens Skripczynski) Date: Tue Dec 2 02:26:05 2003 Subject: confused about samba cvs trees Message-ID: <19990410215130.A7932@shadowland.wh.uni-stuttgart.de> Hi, I'd like to have the newest NT Domain Controller Code. is "cvs ... co samba" the current development oder "cvs co nt_dom" ? Ciao Jens Skripczynski -- E-Mail: Jens.Skripczynski@studbox.uni-stuttgart.de From dlee at cse.fau.edu Sun Apr 11 02:04:02 1999 From: dlee at cse.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) In-Reply-To: <370F951B.451A8904@usa-emotron.com> Message-ID: you can do this from the smb.conf file, this is how i set it up: ************************************************************************************ # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\%U\ntlabprof ************************************************************************************* This puts it in the users unix home directory. hope this helps --==DOn==-- On Sun, 11 Apr 1999, Bryan O'Shea wrote: > running linux 2.2.5 samba 2.0.3 w/ 6 or so nt workstations 4.0 sp4 > > i have had all the computers join the domain and they can log into the > domain and map drives etc... > but everytime i log in it gives me this msg > > "Your roaming profile is not available, the operating system is > attempting to log you in as your local profile" > it does this every time i log in as the user and creates a new profile > every time > > this is where i am not to keen at NT stuff... ;) > > i guess i don't have the privileges and so forth to change anything or > tell it my path of my profile on the server when i am logged into the > domain > > could someone point me in the right direction... > i would like to do roaming profiles for each user in the domain but.. > don't know where to start... > or how do i tell each user of the domain where his/her profile is stored > > on the server etc.. > > any help would be appreciated > > ---Bryan > > > > > > > From gilf at tls.co.il Sun Apr 11 20:59:14 1999 From: gilf at tls.co.il (Gil Freund) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) References: Message-ID: <37110D22.6C90E955@tls.co.il> Two points: 1. The FAQ's warn about using the easy way out (the /home share) since windows maintains a link to that share, even when the user logs out. 2. The [profile] share (which I guess you are using) allows all users to browse all other users home directories. Not necessarily dangerous, but the is always a nosy one. Gil Donjuma Lee wrote: > > you can do this from the smb.conf file, this is how i set it up: > ************************************************************************************ > # Where to store roving profiles (only for Win95 and WinNT) > # %L substitutes for this servers netbios name, %U is username > # You must uncomment the [Profiles] share below > logon path = \\%L\%U\ntlabprof > > ************************************************************************************* > This puts it in the users unix home directory. > > hope this helps > > --==DOn==-- > > On Sun, 11 Apr 1999, Bryan O'Shea wrote: > > > running linux 2.2.5 samba 2.0.3 w/ 6 or so nt workstations 4.0 sp4 > > > > i have had all the computers join the domain and they can log into the > > domain and map drives etc... > > but everytime i log in it gives me this msg > > > > "Your roaming profile is not available, the operating system is > > attempting to log you in as your local profile" > > it does this every time i log in as the user and creates a new profile > > every time > > > > this is where i am not to keen at NT stuff... ;) > > > > i guess i don't have the privileges and so forth to change anything or > > tell it my path of my profile on the server when i am logged into the > > domain > > > > could someone point me in the right direction... > > i would like to do roaming profiles for each user in the domain but.. > > don't know where to start... > > or how do i tell each user of the domain where his/her profile is stored > > > > on the server etc.. > > > > any help would be appreciated > > > > ---Bryan > > > > > > > > > > > > > > From vector at cindy.fe.up.pt Mon Apr 12 02:23:41 1999 From: vector at cindy.fe.up.pt (Fernando Nunes) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) Message-ID: <3711592D.826C5F85@cindy.fe.up.pt> subscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: vector.vcf Type: text/x-vcard Size: 231 bytes Desc: Card for Fernando Nunes Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990412/f37cfc81/vector.vcf From tradergt at bigfoot.com Sun Apr 11 22:23:41 1999 From: tradergt at bigfoot.com (Jeff Smelser) Date: Tue Dec 2 02:26:05 2003 Subject: Samba as NT Message-ID: <371120ED.A0CB2E30@bigfoot.com> all, I have set up samba as NT correctly. LP works great and connecting to me drives I have set up. But I would not be writing if something was wrong! :) It always takes 2 times to connect, and connecting is VERY slow. Once its connected, no problems what so ever. I am running rh5.2 with the latest update they have sent out. i386 is that matters. Any ideas? From jrivas at ares.ipf.uvigo.es Mon Apr 12 10:13:09 1999 From: jrivas at ares.ipf.uvigo.es (José Luis Rivas López) Date: Tue Dec 2 02:26:05 2003 Subject: Change Permissions Message-ID: I have a linux machine with samba as PDC and 20 NTWORKSTATION. Now i would like to change permissions in a NT-WORKSTATION and i can't. Doesn't matter if i introduce a domain admin user or admin user, or if i use local administrator. How can i do it? Thanks, Esper -- José Luis Rivas López Area Ingenieria de los Procesos de Fabricación Dpto. de Diseño en Ingenieria E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO Campus Universitario s/n, 36200 Vigo, ESPAÑA Teléfono: +34 986 812 602 Fax: +34 986 812 180 e-mail: jrivas@ipf.uvigo.es Visite nuestras páginas: http://www.ipf.uvigo.es From tomek at is.fh-hamburg.de Mon Apr 12 08:53:26 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:05 2003 Subject: Few questions Message-ID: <3711B486.D45D40F9@is.fh-hamburg.de> Hello, I have few questions about samba pdc: 1.Which sourcecode should i use if i want to use PDC functionality - the last cvs or 2.0.2 ? What are your experience with 2.0.2 ? 2.Where should i store users profiles - in %U\profile or \\%N\profiles\%U ? 3.When user logins for the first time, should he have his own profile already in %U\profiles (or \\N%\profile\%U), it means for all users i should copy prepared profiles to profile location, or there is a possibilty to store ONE profile on the server, and it will be used and copied at first login, as it is on NT-Server ? 4. How should i prepare the profile (ntuser.dat) for other users ? 4. For PDC functionality i have to use smbpasswd. When i am creating smbpasswd, then all users has only XXXXXXXXXXXX as password, when they login for the first time they will be asked for the new password, or at first login will be used password from /etc/passwd or NIS ? 5. I created wsname accounts in the local /etc/passwd. Then i created smbpasswd for all users. In smbpasswd exists also wsname users. Do i have to repeat "smbpasswd -a -m wsname" for each workstation ? All the best, Tomek -- Have a nice day ! Tomek Jarosinski Unix & NT Systemadministration Fachhochschule Hamburg, Intranet Service E-Mail: tomek@is.fh-hamburg.de From janet at bioss.sari.ac.uk Mon Apr 12 08:49:32 1999 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:26:05 2003 Subject: failed session request Message-ID: <3711B39C.C9DEB24F@bioss.sari.ac.uk> Matt Chapman wrote: > > Janet Dickson wrote: > > > > failed session request > > failed session request > > cli_connect_serverlist: Domain password server not available. > > get_member_domain_sid: unable to initialise client connection. > > Can't setup password database vectors. > > > > You need to be running smbd, as smbpasswd now talks to it during > initialisation. Hi Matt I am running smbd (and nmdb). This version seems to run 3 smbd's and 2 nmbd's - is this right ? Janet ************************************************************************* Janet Dickson | http://www.bioss.sari.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.sari.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* From janet at bioss.sari.ac.uk Mon Apr 12 09:15:13 1999 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:26:05 2003 Subject: failed session request References: <19990410053243Z12860351-4937+4220@samba.anu.edu.au> Message-ID: <3711B9A1.8370BE17@bioss.sari.ac.uk> Hi Some further info on my problem with smbpasswd (cvs tree of April 9th) - smbd version 2.1.0-prealpha and Solaris 2.5.1 I've upped the logging to 10 and 'smbpasswd -a -m pcpearson' is giving : resolve_name: Attempting host lookup for name FISHER cli_establish_connection: FISHER<00> connecting to FISHER<20> (129.215.168.200) - [] Connecting to 129.215.168.200 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 1 size=1 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 failed session request cli_establish_connection: FISHER<00> connecting to *SMBSERVER<20> (129.215.168.200) - [] write_socket(4,76) write_socket(4,76) wrote 76Sent session request receive_smb: length < 0! client_receive_smb failed size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 failed session request cli_shutdown cli_connect_serverlist: Domain password server not available. cli_shutdown get_member_domain_sid: unable to initialise client connection. Can't setup password database vectors. Janet ************************************************************************* Janet Dickson | http://www.bioss.sari.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.sari.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* From cartegw at Eng.Auburn.EDU Mon Apr 12 12:45:41 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) In-Reply-To: <37110D22.6C90E955@tls.co.il> Message-ID: On Mon, 12 Apr 1999, Gil Freund wrote: > 2. The [profile] share (which I guess you are using) allows all users to > browse all other users home directories. Not necessarily dangerous, but > the is always a nosy one. Not necessarily. set force create mode = 0600 force directory mode = 0700 User could see other users' profile directory but not the contents. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From f.de.vries at fcroc.nl Mon Apr 12 14:05:50 1999 From: f.de.vries at fcroc.nl (Fre de Vries) Date: Tue Dec 2 02:26:05 2003 Subject: browsing References: Message-ID: <001701be84ed$9220eee0$66c4abc2@fre.nl> I have set up a samba2.0.3 server on RH52 The only thing I changed in smb.conf is the workgroup name. My Windows98 client is on the same subnet, in the same workgroup. I logged into windows as user root with the same password as root has on my linux server. I did not tell windows about a WINS server, but told him were our DNS server is. When browsing the network i can see my workgroup and the sambaserver in it. When i click the server it asks me for a password. Wich password does samba mean. The password on windows and linux is the same, so i thougt i would be able to login. Where did i (or windows or samba) go wrong???? Thanks Fr? From lkcl at switchboard.net Mon Apr 12 15:45:51 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:05 2003 Subject: localgroup map In-Reply-To: <19990410004012.A535@void.s.bawue.de> Message-ID: the user's primary group must be a domain group. S-1-5-0x21-xxx-yyy-xxx-NNNN where this maps to the unix primary group. could som1 expand this pls, put it in FAQ? thx luke On Sat, 10 Apr 1999, Florian Laws wrote: > On Sat, Apr 10, 1999 at 01:18:56AM +1000, Luke Kenneth Casson Leighton wrote: > > On Fri, 9 Apr 1999, Alexandre Lecuyer wrote: > > > > > and in the samba logs, I have this message : > > > [1999/04/09 09:34:09, 0] passdb/sampassdb.c:pwdb_sam_map_names(740) > > > UNIX User localadm Primary Group is in the wrong domain! S-1-5-32-544 > > > > all users must be in a Domain Group. > > > > It didn't work for me even if the user was both in a Domain Group > and a Local Group. > > Thanks, > > Florian > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From aperrin at demog.Berkeley.EDU Mon Apr 12 15:58:28 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) In-Reply-To: <37110D22.6C90E955@tls.co.il> Message-ID: I believe point 2. is only true if users' home directories are set up on the unix side to allow others to browse; if permissions are og-x on the home directories, I don't think samba allows browsing into them either. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 12 Apr 1999, Gil Freund wrote: > Two points: > > 1. The FAQ's warn about using the easy way out (the /home share) since > windows maintains a link to that share, even when the user logs out. > 2. The [profile] share (which I guess you are using) allows all users to > browse all other users home directories. Not necessarily dangerous, but > the is always a nosy one. > > Gil > > Donjuma Lee wrote: > > > > you can do this from the smb.conf file, this is how i set it up: > > ************************************************************************************ > > # Where to store roving profiles (only for Win95 and WinNT) > > # %L substitutes for this servers netbios name, %U is username > > # You must uncomment the [Profiles] share below > > logon path = \\%L\%U\ntlabprof > > > > ************************************************************************************* > > This puts it in the users unix home directory. > > > > hope this helps > > > > --==DOn==-- > > > > On Sun, 11 Apr 1999, Bryan O'Shea wrote: > > > > > running linux 2.2.5 samba 2.0.3 w/ 6 or so nt workstations 4.0 sp4 > > > > > > i have had all the computers join the domain and they can log into the > > > domain and map drives etc... > > > but everytime i log in it gives me this msg > > > > > > "Your roaming profile is not available, the operating system is > > > attempting to log you in as your local profile" > > > it does this every time i log in as the user and creates a new profile > > > every time > > > > > > this is where i am not to keen at NT stuff... ;) > > > > > > i guess i don't have the privileges and so forth to change anything or > > > tell it my path of my profile on the server when i am logged into the > > > domain > > > > > > could someone point me in the right direction... > > > i would like to do roaming profiles for each user in the domain but.. > > > don't know where to start... > > > or how do i tell each user of the domain where his/her profile is stored > > > > > > on the server etc.. > > > > > > any help would be appreciated > > > > > > ---Bryan > > > > > > > > > > > > > > > > > > > > > > From happy at opf.slu.cz Mon Apr 12 18:33:03 1999 From: happy at opf.slu.cz (happy@opf.slu.cz) Date: Tue Dec 2 02:26:05 2003 Subject: Samba PDC In-Reply-To: Message-ID: I apologize for any inconvenience caused by sending attachments. I only used Netscape Messenger and it automatically sends the vcard as attachment and I didn't realize it :-) It was my fault. I wonder sometimes when I received my message posted to the list back without the body.. On Mon, 12 Apr 1999, Luke Kenneth Casson Leighton wrote: > petr, > > please stop sending attachments your messages are not getting through. > > luke > From happy at opf.slu.cz Mon Apr 12 18:28:52 1999 From: happy at opf.slu.cz (happy@opf.slu.cz) Date: Tue Dec 2 02:26:05 2003 Subject: Samba PDC In-Reply-To: <67DD2D8CC31BD111A8BB080009DDDED5CADC1C@nsccnta01.sccd.ctc.edu> Message-ID: Phil Burch wrote: > Glad to hear your other problems were resolved, I too am using 2.0.3 from > RPM. I must correct myself: My problem wasn't that I was using a CVS' version of Samba, but it was that I didn't use the 'encrypt passwords = yes' directive in the smb.conf. Even with Samba 2.0.3 from the RPM I am unable to join the domain from a NT box if I don't have the directive 'encrypt passwords' in smb.conf.. That was the problem. Now I am able to use even the CVS' version and that is fine. I only wonder, that this isn't in the FAQ (the need for the 'encrypt password'). Because I was able to use the encrypted passwords without it, I didn't realize that this could be the cause of the curious behaviour when trying to join the domain from my NT boxes.. Regards, Petr From lkcl at switchboard.net Mon Apr 12 19:29:21 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:05 2003 Subject: (no subject) In-Reply-To: Message-ID: > I believe point 2. is only true if users' home directories are set up on > the unix side to allow others to browse; if permissions are og-x on the > home directories, I don't think samba allows browsing into them either. the stupid winlogon.exe process double-checks the individual path components including the share. if they do not exist it attempts to create them [the path components]. > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Mon, 12 Apr 1999, Gil Freund wrote: > > > Two points: > > > > 1. The FAQ's warn about using the easy way out (the /home share) since > > windows maintains a link to that share, even when the user logs out. this is a serious bug in windows (95 and nt) that microsoft has not been able to reproduce or fix yet (it's been there for years), see NTBUGTRAQ archives on NetWkstaUsers bug. because the connection is still open, the browsing is done on this share. because this share was opened by the previous user, the browsing is done as the previously logged in user. this is not good. combine this with the other point: if you do not allow r-x permissions to absolutely everybody then profiles will not work properly, because windows cannot see the profile path components [as the incorrcet user]. the solution is to have microsoft fix the damn problem, not compromise your unix security. luke From lkcl at switchboard.net Mon Apr 12 19:31:05 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:05 2003 Subject: Samba PDC In-Reply-To: Message-ID: On Mon, 12 Apr 1999 happy@opf.slu.cz wrote: > I apologize for any inconvenience caused by sending attachments. I only no need for an apology. i usually tell each and every individual from whom we get blank messages the same thing. we want to know what you were saying, that's all! > used Netscape Messenger and it automatically sends the vcard as attachment > and I didn't realize it :-) rule of least surprises: i wish they wouldn't. From abakun at reac.com Mon Apr 12 22:21:53 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:05 2003 Subject: windows maintains a link to that share, even when the user logs out References: Message-ID: <37127200.9C010E06@reac.com> Microsoft engineers are completely bogus if they can't reproduce this. I was working on a patch to samba to work around this by having smbd exit when it received a LOGOFF event... but this doesn't work because WinNT clients send the LOGOFF event and THEN update the profile, so I could get smbd to exit, but the client immediately reconnects to update the profile, and then sometimes the LOGOFF event is sent again after the profile is updated, and sometimes it's not, so not only should you not try to work around this, but it is completely impossible to do so. If microsoft engineers can't reproduce this, then they can come and check out my network, because it happens consistantly AT EVERY LOGOFF! It should be as easy as changing: - send logoff event - update profile to - update profile - send logoff event but apparently finding this in the NT source code is beyond the ability of the MS programmers. Anyway, I had also tried changing the deadtime value if a share designated as 'the profile share' was the only one open and a logoff event was received, so smbd would exit at the right time, but that wasn't reliable either. I seriously doubt MS is going to fix this. End of rant. Andy. Luke Kenneth Casson Leighton wrote: > > > Two points: > > > > > > 1. The FAQ's warn about using the easy way out (the /home share) since > > > windows maintains a link to that share, even when the user logs out. > > this is a serious bug in windows (95 and nt) that microsoft has not > been able to reproduce or fix yet (it's been there for years), see > NTBUGTRAQ archives on NetWkstaUsers bug. > > because the connection is still open, the browsing is done on this share. > because this share was opened by the previous user, the browsing is done > as the previously logged in user. > > this is not good. > > combine this with the other point: if you do not allow r-x permissions to > absolutely everybody then profiles will not work properly, because windows > cannot see the profile path components [as the incorrcet user]. > > the solution is to have microsoft fix the damn problem, not compromise > your unix security. > > luke From kaczor at ids.pl Tue Apr 13 06:38:52 1999 From: kaczor at ids.pl (Wiktor) Date: Tue Dec 2 02:26:05 2003 Subject: Machine Account problem In-Reply-To: <99040715360700.00448@fubar02> Message-ID: Hello, I get this message in logs: [1999/04/13 08:34:28, 0] passdb/smbpassfile.c:trust_get_passwd(294) domain_client_validate: unable to read the machine account password for machine WOTAN in domain PRACOWNIA. I use samba 2.0.3, WOTAN is my only one samba server and I have wotan$ account in /etc/passwd and smbpasswd. I tried with capital letters, but this nothing changes (ofcourse I added wotan$ with smbpasswd -am). Best regards, Wiktor Niesiobedzki From lkcl at switchboard.net Tue Apr 13 13:09:47 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:05 2003 Subject: windows maintains a link to that share, even when the user logs out In-Reply-To: <37127200.9C010E06@reac.com> Message-ID: On Tue, 13 Apr 1999, Andy Bakun wrote: > Microsoft engineers are completely bogus if they can't reproduce this. I was > working on a patch to samba to work around this by having smbd exit when it > received a LOGOFF event... but this doesn't work because WinNT clients send > the LOGOFF event and THEN update the profile, correct. have you tried the patch that was written by the same person that did the "restrict anonymous" patch? the solution is to refuse to allow the very first anonymous IPC$ connection, and the clients then make an authenticated IPC$ connection. because _this_ is the first authenticated connection, the [homes] connection is also properly authenticated, therefore the internal processes in nt&95 get it sorted out. part of the issue is that if resources are still open on a server, both the client and the server still think that the user is logged on. this is deliberate and by design. and broken. luke From nescau at akira.ucpel.tche.br Tue Apr 13 15:11:32 1999 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:26:05 2003 Subject: Restricting users to WStations In-Reply-To: Message-ID: Hi! I'm trying to restrict a user to a workstation, executing an auto logoff if he/she tries to logon on any other wstation. There's someone already doing such job? I can't figure how to logoff a user, how to close a session... I'm looking for some utility or some hint to put it on the login script or on the preexec script. Thanks for your help! Luis [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- MSc coming soon -- Gospel User ] [ Fault Tolerance - Linux - Real Time - Distributed Systems - C - IECLB ] [ LateNite Programmer -- http://atlas.ucpel.tche.br/~nescau -- IS 40:31 ] From abakun at reac.com Tue Apr 13 15:05:42 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:05 2003 Subject: windows maintains a link to that share, even when the userlogs out References: Message-ID: <37135D46.432AB0F8@reac.com> Luke Kenneth Casson Leighton wrote: > On Tue, 13 Apr 1999, Andy Bakun wrote: > > > Microsoft engineers are completely bogus if they can't reproduce this. I was > > working on a patch to samba to work around this by having smbd exit when it > > received a LOGOFF event... but this doesn't work because WinNT clients send > > the LOGOFF event and THEN update the profile, > > correct. > > have you tried the patch that was written by the same person that did the > "restrict anonymous" patch? I _am_ the person who wrote "restrict anonymous", Luke. :) Which patch are you refering to? The one that I described above? > the solution is to refuse to allow the very > first anonymous IPC$ connection, and the clients then make an > authenticated IPC$ connection. because _this_ is the first authenticated > connection, the [homes] connection is also properly authenticated, > therefore the internal processes in nt&95 get it sorted out. I don't think this is the problem I am describing. Since I wrote "restrict anonymous", of course I'm using it. Restricting anonymous connections doesn't keep the client from making a connection to a share even though they are not logged in, they just have to provide a valid username and password (or a connection token, I guess it is called) -- this is good because I want the machines that don't login to the domain (local accounts and win95 machines) to still access my samba domain as long as they have a username and password. In the patch I was working on to disconnect, this is how it worked: one new global parameter: disconnect at logoff = boolean If this was false, then the original behaviour would be used. If true, then smbd would attempt to exit when certain conditions were met, as described below. one new share parameter: profile storage = boolean You would set this in the definition for the share that is holding the profiles. In smbd/process.c, I would check to see if "disconnect at logoff" was true. If so, then I would check to see if the only share open was the one designated as "profile storage". If so, then when a LOGOFF event was received the deadtime was changed to between 3 and 12 seconds. This worked only some of the time, because the LOGOFF event isn't always sent by the client, and it's intermixed with the network connection being closed (so smbd exits, and we loose track of the state). I left off working on it trying to determine how long to set the deadtime to. Although, interestingly enough, looking at the audit logs for my samba machine shows that the client is sending a LOGOFF, then updating the profile, then sending a LOGOFF event again, for at least the past 2 or 3 months, so this might be a viable option again (SP4, perhaps?). Anyway, I found the patches, it's against 2.0beta5, if someone wants to take a look at them: http://www.reac.com/samba/older/samba-disconlogout.msg http://www.reac.com/samba/older/2.0beta5/samba-dal-2beta5.diff Andy. From lkcl at switchboard.net Tue Apr 13 15:58:38 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:05 2003 Subject: Restricting users to WStations In-Reply-To: Message-ID: lp_workstations() let me know if it works. From aperrin at demog.Berkeley.EDU Tue Apr 13 23:55:16 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:05 2003 Subject: Using remote announce w/ security=domain Message-ID: Greetings- We've got a nice, stable 1.9.19-prealpha-based Samba domain here, and wanted to sort of extend it to another building on campus. That is, we want our main server to be available in browselists of machines on another subnet. So we set up a server on that subnet running samba (1.9.18) and set the server here to remote announce = / At that point, our workgroup and server showed up in the network neighborhoods; so far, so good. However, when users clicked on the server's name, the machines gave an error message: "The network name could not be found." The solution seems to be to set the machines to use the main server as the WINS server. That is, the clients see it fine when they're set to use the WINS server in the main building. The problem is, we'd really like to be able to set a remote browse master in various buildings around campus and thereby have Win9X machines running on their subnets see our domain. Is there any way to do this? Thanks in advance- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From richardf at clarendon.ac.uk Wed Apr 14 10:41:36 1999 From: richardf at clarendon.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:05 2003 Subject: IRIX 6.5 PDC Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B13B99@ip250.clarendon.internal> I've managed to set up SAMBA 2.0.3 correctly as a PDC on IRIX 6.5. Win 95 machines connect fine. I've added the machine accounts for NT workstations and eventually got rid of the errors in the log.smb about the machine password not being correct. However I now get a session trust account error shown below: [1999/04/14 11:20:37, 0] smbd/reply.c:(418) session_trust_account: Trust Account 320_ADMIN$ - password failed What is a session trust account? When I try to join the domain I leave the Create computer account check box blank - is this correct as I have already a machine account in the correct places. Cheers From dave at www.buffalostate.edu Wed Apr 14 13:00:47 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:05 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: > remote announce = / > > At that point, our workgroup and server showed up in the network > neighborhoods; so far, so good. However, when users clicked on the > server's name, the machines gave an error message: "The network name could > not be found." > > The solution seems to be to set the machines to use the > main server as the WINS server. That is, the clients see it fine when > they're set to use the WINS server in the main building. The problem is, > we'd really like to be able to set a remote browse master in various > buildings around campus and thereby have Win9X machines running on their > subnets see our domain. Is there any way to do this? In EACH subnet should be a WINS server. they will(should) sync browse lists with each other. (though it can take up to 24-36 minutes to get a full browse list, due to the design of the system. (browse list updates happen roughly every 12 minutes, so syncing across multiple nets takes longer)). Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From gigiacom at unive.it Wed Apr 14 13:34:48 1999 From: gigiacom at unive.it (GIUSEPPE GIACOMINI) Date: Tue Dec 2 02:26:05 2003 Subject: printing problem Message-ID: <199904141334.PAA10272@helios.unive.it> I have a linux box with samba 2.0.3 acting as PDC and print server for 15 NT-Workstation. This is my problem: When I submit a print job from an NT-WS, samba writes in the spool directory the file to be printed in the form of: USERNAME.a29051 (for the files printed from an internet browser this name become the URL) Is it possible to obtain directly the real name of the file printed instead of USERNAME.a29051 (as it occurs when I print a file from a NT client to an NT-server) From Jean-Francois.Micouleau at dalalu.fr Wed Apr 14 13:43:02 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:05 2003 Subject: printing problem In-Reply-To: <199904141334.PAA10272@helios.unive.it> Message-ID: On Wed, 14 Apr 1999, GIUSEPPE GIACOMINI wrote: > I have a linux box with samba 2.0.3 acting as PDC and print server > for 15 NT-Workstation. > > This is my problem: > > When I submit a print job from an NT-WS, samba writes in the spool > directory the file to be printed in the form > of: USERNAME.a29051 (for the files printed from an internet browser > this name become the URL) > > Is it possible to obtain directly the real name of the file printed > instead of USERNAME.a29051 (as it occurs when I print a file from a NT > client to an NT-server) It will be possible soon. Probably only with LPRng. J.F. From bj at mcs.uts.edu.au Wed Apr 14 14:00:43 1999 From: bj at mcs.uts.edu.au (Benjamin Kuit) Date: Tue Dec 2 02:26:05 2003 Subject: printing problem In-Reply-To: <199904141334.PAA10272@helios.unive.it> from GIUSEPPE GIACOMINI at "Apr 14, 99 11:37:12 pm" Message-ID: <199904141400.AAA06765@thing.socs.uts.EDU.AU> > Is it possible to obtain directly the real name of the file printed > instead of USERNAME.a29051 (as it occurs when I print a file from a NT > client to an NT-server) I have currently got this running as a bit of a hackaround. I'm using the fact that most/all of the print drivers we're using in the Samba domain generate very informative postscript code. I have my print and print queue commands customed made, basically finding out the title of the file by `grep '^%%Title: ' %s`, recording this information along with the login of the person and the workstation they printed it from. My print queue command collects this information and prints it in a LPRng format. Our NT people are happy with it cuz they see all the information they want to see, and my UNIX administrator peers think i have too much free time. *shrug* Just no pleasing everyone. =) A more simplistic method of doing this is to just wrap the print command with looks for the %%Title pattern, then uses this as an arguement to your real print command, like 'lpr -T "$title"', or 'lp -t "$title"'. Bj +-------------------------------+--------------------------------------+ | Benjamin (Bj) Kuit | Faculty of Mathematical | | Systems Programmer | and Computing Sciences. | | Phone: 02 9514 1841 | University of Technology, Sydney | | Mobile: 0412 182 972 | bj@mcs.uts.edu.au | +-------------------------------+--------------------------------------+ From lkcl at switchboard.net Wed Apr 14 15:28:18 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: On Wed, 14 Apr 1999, Dave J. Andruczyk wrote: > > remote announce = / > > > > At that point, our workgroup and server showed up in the network > > neighborhoods; so far, so good. However, when users clicked on the > > server's name, the machines gave an error message: "The network name could > > not be found." > > > > The solution seems to be to set the machines to use the > > main server as the WINS server. That is, the clients see it fine when > > they're set to use the WINS server in the main building. The problem is, this is the correct solution. use of remote announce not recommended (only heard of one situation on a LAN where it really had to be used). > > we'd really like to be able to set a remote browse master in various > > buildings around campus and thereby have Win9X machines running on their > > subnets see our domain. Is there any way to do this? > > In EACH subnet should be a WINS server. why?? > they will(should) sync browse lists with each other. they will not. From dave at www.buffalostate.edu Wed Apr 14 15:32:47 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: > this is the correct solution. use of remote announce not recommended > (only heard of one situation on a LAN where it really had to be used). > > > > we'd really like to be able to set a remote browse master in various > > > buildings around campus and thereby have Win9X machines running on their > > > subnets see our domain. Is there any way to do this? > > > > In EACH subnet should be a WINS server. > > why?? Oops, I stand corrected. Was thinking in NT terms, as theire can be a "secondary WINS" server (similar to a BDC for load sharing). All machines no matter what the subnet thought should have their TCP/IP settings changed to point to the WINS server that DOES exist. The browse masters on each subnet that DOES NOT have a wins server should have a line saying "wins server = WINS_NETBIOS_NAME" where you replace WINS_NETBIOS_NAME with the netbios name of the WINS server (NT or samba). That way the browse masters will send their lists to the wins server. Correct me if I'm wrong.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From lkcl at switchboard.net Wed Apr 14 16:11:33 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: On Wed, 14 Apr 1999, Dave J. Andruczyk wrote: > > this is the correct solution. use of remote announce not recommended > > (only heard of one situation on a LAN where it really had to be used). > > > > > > we'd really like to be able to set a remote browse master in various > > > > buildings around campus and thereby have Win9X machines running on their > > > > subnets see our domain. Is there any way to do this? > > > > > > In EACH subnet should be a WINS server. > > > > why?? > > Oops, I stand corrected. Was thinking in NT terms, as theire can be a > "secondary WINS" server (similar to a BDC for load sharing). All machines > no matter what the subnet thought should have their TCP/IP settings > changed to point to the WINS server that DOES exist. think of it this way. adding an extra DNS server does nothing for your network neighbourhood, therefore why would adding an extra WINS server do anything? > The browse masters on each subnet that DOES NOT have a wins server should > have a line saying "wins server = WINS_NETBIOS_NAME" where you replace > WINS_NETBIOS_NAME with the netbios name of the WINS server (NT or samba). partially correct. think of the NN as a totally, utterly independent service from "name resolution", because it is. name resolution HAPPENS, in most environments, to be NetBIOS (including WINS). think of WINS as a dynamic form of DNS. being a Domain Master Browser, which is responsible for collating browse lists from Local Master Browsers, has nothing to do with resolution of the names that are IN the browse lists. this is why so many mis-configured sites run into problems. you need: - a CENTRALISED system to resolve names in the browse lists. this is USUALLY a single WINS server in a samba environment or USUALLY a group of replicating WINS servers in an nt environment. if your samba environment HAPPENS to have identical NetBIOS names as DNS names then you can enable "dns proxy = yes" and have multiple samba WINS servers. you will also need to add, in this case, static DOMAIN<1b> entries to the one samba WINS server that is NOT used by the DMBs on your network. ignore this paragraph if you're not sure what i mean. - every client to use the SAME centralised name resolution system. that means, non-local-master-browsers, LMBs on each and every subnet AND your DMB. - your DMB can HAPPEN to be running on the same host (or in the case of samba, in the same nmbd process) but even the DMB part of that nmbd process needs to use ITSELF as the WINS server just like every other browsing client. one other point: in order to minimise the amount of lookups it's best to specify ip address in wins server = not the netbios name. you end up with catch 22 otherwise. > That way the browse masters will send their lists to the wins server. definitely not. From jallison at cthulhu.engr.sgi.com Wed Apr 14 16:32:36 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain References: Message-ID: <3714C324.949C8A51@engr.sgi.com> Dave J. Andruczyk wrote: > > In EACH subnet should be a WINS server. they will(should) sync browse > lists with each other. (though it can take up to 24-36 minutes to get a > full browse list, due to the design of the system. (browse list updates > happen roughly every 12 minutes, so syncing across multiple nets takes > longer)). I'm sorry Dave, but this is completely wrong. Do *not* do this. Please read BROWSING.txt for full details as to how this should be set up. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From dave at www.buffalostate.edu Wed Apr 14 17:43:11 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: > > Oops, I stand corrected. Was thinking in NT terms, as theire can be a > > "secondary WINS" server (similar to a BDC for load sharing). All machines > > no matter what the subnet thought should have their TCP/IP settings > > changed to point to the WINS server that DOES exist. > > think of it this way. adding an extra DNS server does nothing for your > network neighbourhood, therefore why would adding an extra WINS server do > anything? well if it was on NT, I'd want as many backups as possible *grin*. If it was on samba, I'd sleep happily knowing only one was there... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From aperrin at demog.Berkeley.EDU Wed Apr 14 22:09:17 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: So, let me see if I understand the upshot here: what we're hoping to do on campus is (at least for now) not possible: that is, to plop samba servers in 'foreign' subnets where we are unable to control the configuration of the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP) and have users on those machines be able to view our server's shares and grab stuff off of them. 1.) Am I wrong that this is not possible? 2.) Does anyone have a suggestion for approximating this result? thanks- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 15 Apr 1999, Luke Kenneth Casson Leighton wrote: > On Wed, 14 Apr 1999, Dave J. Andruczyk wrote: > > > > this is the correct solution. use of remote announce not recommended > > > (only heard of one situation on a LAN where it really had to be used). > > > > > > > > we'd really like to be able to set a remote browse master in various > > > > > buildings around campus and thereby have Win9X machines running on their > > > > > subnets see our domain. Is there any way to do this? > > > > > > > > In EACH subnet should be a WINS server. > > > > > > why?? > > > > Oops, I stand corrected. Was thinking in NT terms, as theire can be a > > "secondary WINS" server (similar to a BDC for load sharing). All machines > > no matter what the subnet thought should have their TCP/IP settings > > changed to point to the WINS server that DOES exist. > > think of it this way. adding an extra DNS server does nothing for your > network neighbourhood, therefore why would adding an extra WINS server do > anything? > > > The browse masters on each subnet that DOES NOT have a wins server should > > have a line saying "wins server = WINS_NETBIOS_NAME" where you replace > > WINS_NETBIOS_NAME with the netbios name of the WINS server (NT or samba). > > partially correct. > > think of the NN as a totally, utterly independent service from "name > resolution", because it is. name resolution HAPPENS, in most > environments, to be NetBIOS (including WINS). > > think of WINS as a dynamic form of DNS. > > being a Domain Master Browser, which is responsible for collating browse > lists from Local Master Browsers, has nothing to do with resolution of the > names that are IN the browse lists. > > this is why so many mis-configured sites run into problems. you need: > > - a CENTRALISED system to resolve names in the browse lists. this is > USUALLY a single WINS server in a samba environment or USUALLY a group of > replicating WINS servers in an nt environment. > > if your samba environment HAPPENS to have identical NetBIOS names as DNS > names then you can enable "dns proxy = yes" and have multiple samba WINS > servers. you will also need to add, in this case, static DOMAIN<1b> > entries to the one samba WINS server that is NOT used by the DMBs on your > network. ignore this paragraph if you're not sure what i mean. > > - every client to use the SAME centralised name resolution system. that > means, non-local-master-browsers, LMBs on each and every subnet AND your > DMB. > > - your DMB can HAPPEN to be running on the same host (or in the case of > samba, in the same nmbd process) but even the DMB part of that nmbd > process needs to use ITSELF as the WINS server just like every other > browsing client. > > one other point: in order to minimise the amount of lookups it's best to > specify ip address in wins server = not the netbios name. you end up with > catch 22 otherwise. > > > > That way the browse masters will send their lists to the wins server. > > definitely not. > From mm at WHU-Koblenz.de Thu Apr 15 08:58:52 1999 From: mm at WHU-Koblenz.de (Maria M. Pinheiro de Castro Neves) Date: Tue Dec 2 02:26:06 2003 Subject: No subject Message-ID: <199904150858.KAA23291@obelix.WHU-Koblenz.de> Hello, I have Problems getting my Solaris 7 box to work as a domain controller for an NT 4 sp3 client using samba 2.0.3. I've followed exactly the instructions from the NT Domain FAQ. I can get the client to join the domain and then I get the welcome message, but after the reboot, when I try to logon to this domain, I allways get a message saying that the domain is not available. I've spent some days desperately trying to find out why, trying different configurations, looking at the logfiles and source code, searching the list archives. I've even moved the Solaris server to the client's subnet. But this behaviour didn't change. As a last test, just before giving up, I've tried to compile the same samba source code at my Linux workstation (RedHat 5.2, kernel 2.0.36), and used the same config file I've used with the Solaris box. and... guess what? It worked perfectly on the first try!!! But I need to get it working on my Sparc. Does someone have an Idea about where the problem is?? Should I try compiling it with another gcc version? The Linux box has gcc 2.7.2.3 and the Solaris gcc 2.8.1. Or maybe just set some options in the Makefile? On both machines I've just done "./configure; make". ... Or install Linux on the Sparc? Thanks in advance for your help Maria --------------------------------------------------------------------- Maria M. Pinheiro de Castro Neves - mm@whu-koblenz.de System and Network Administrator WHU Koblenz - Otto Beisheim Graduate School of Management Burgplatz 2, 56179 Vallendar, Germany - ++49 261 6509562 From ink at inconnu.isu.edu Thu Apr 15 14:31:22 1999 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:26:06 2003 Subject: SAMBA-NTDOM digest 762 In-Reply-To: <19990415054314Z12861089-13888+416@samba.anu.edu.au> Message-ID: > So, let me see if I understand the upshot here: what we're hoping to do on > campus is (at least for now) not possible: that is, to plop samba servers > in 'foreign' subnets where we are unable to control the configuration of > the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP) > and have users on those machines be able to view our server's shares and > grab stuff off of them. > > 1.) Am I wrong that this is not possible? You need to have a central WINS server in order to do this. Even if you were not using Samba, but NT Server or whatever, you would still have the same problem. -- The wheel is turning but the hamster is dead. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From aperrin at demog.Berkeley.EDU Thu Apr 15 15:32:44 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:06 2003 Subject: SAMBA-NTDOM digest 762 In-Reply-To: Message-ID: I have no problem with having a central WINS server -- it's having to require arbitrary Win95 machines 'out there' to point to it that I fear is going to scuttle the project. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 16 Apr 1999, Craig Kelley wrote: > > > So, let me see if I understand the upshot here: what we're hoping to do on > > campus is (at least for now) not possible: that is, to plop samba servers > > in 'foreign' subnets where we are unable to control the configuration of > > the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP) > > and have users on those machines be able to view our server's shares and > > grab stuff off of them. > > > > 1.) Am I wrong that this is not possible? > > You need to have a central WINS server in order to do this. Even if you > were not using Samba, but NT Server or whatever, you would still have the > same problem. > > -- > The wheel is turning but the hamster is dead. > Craig Kelley -- kellcrai@isu.edu > http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block > > > From lkcl at switchboard.net Thu Apr 15 15:29:07 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: On Wed, 14 Apr 1999, Andrew Perrin - Demography wrote: > So, let me see if I understand the upshot here: what we're hoping to do on > campus is (at least for now) not possible: that is, to plop samba servers > in 'foreign' subnets where we are unable to control the configuration of > the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP) > and have users on those machines be able to view our server's shares and > grab stuff off of them. basically correct. solutions: 1) poison their WINS server database (either by using it as _your_ WINS server or getting its admin to add an entry for your server OR by writing a small program to register the samba server's ip address in TWO WINS servers :-) :-) 2) sneak a samba server onto that subnet with "wins proxy = yes" where that samba server uses the same WINS server as the rest of _your_ samba servers+windows clients. 3) rely on the remote clients using dns, plus you using remote announce: this is one of the _only_ situations under which i would recommend the use of remote announce 4) hack into all of those machines on the remote network and put your samba server in their lmhosts files (not recommended :-) 5) _ask_ individual users who wish to access your samba servers to add an entry in the lmhosts file. samba servers as PDCs need to have that odd #PRE DOMAIN_NAME system in clients' lmhosts. From ink at inconnu.isu.edu Thu Apr 15 15:31:24 1999 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:26:06 2003 Subject: SAMBA-NTDOM digest 762 In-Reply-To: Message-ID: On Thu, 15 Apr 1999, Andrew Perrin - Demography wrote: > I have no problem with having a central WINS server -- it's having to > require arbitrary Win95 machines 'out there' to point to it that I fear is > going to scuttle the project. You will need to do that. DHCP makes it pretty easy, if you use it. From aperrin at demog.Berkeley.EDU Thu Apr 15 15:38:12 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:06 2003 Subject: SAMBA-NTDOM digest 762 In-Reply-To: Message-ID: Unfortunately it's not the technical difficulty but the political one -- we don't own the machines, nor are we in any way connected with the administrators of them; but various users of the machines have needs to see files on our server. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 15 Apr 1999, Craig Kelley wrote: > > On Thu, 15 Apr 1999, Andrew Perrin - Demography wrote: > > > I have no problem with having a central WINS server -- it's having to > > require arbitrary Win95 machines 'out there' to point to it that I fear is > > going to scuttle the project. > > You will need to do that. > > DHCP makes it pretty easy, if you use it. > > > From cartegw at Eng.Auburn.EDU Thu Apr 15 15:50:39 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:06 2003 Subject: SAMBA-NTDOM digest 762 References: Message-ID: <37160ACF.4F26741E@eng.auburn.edu> Andrew Perrin - Demography wrote: > > I have no problem with having a central WINS server -- it's > having to require arbitrary Win95 machines 'out there' to > point to it that I fear is going to scuttle the project. If you use DHCP for the clients, you can set this. From your comments, I'm thinking this is not an option. Have you played with the idea of setting up a Samba server on each subnet and enabling the 'wins proxy' parameter? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From martin at kuppinger.com Thu Apr 15 19:03:07 1999 From: martin at kuppinger.com (Kuppinger - Martin Kuppinger) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain Message-ID: <01BE8784.7AB508B0@STRNTPMK> 1) poison their WINS server database (either by using it as _your_ WINS server or getting its admin to add an entry for your server OR by writing a small program to register the samba server's ip address in TWO WINS servers :-) :-) [>] Had the same idea (just use their WINS-Server as your WINS-Server). Depends on the bandwidth between the subnets. 2) sneak a samba server onto that subnet with "wins proxy = yes" where that samba server uses the same WINS server as the rest of _your_ samba servers+windows clients. [>] Won't work, I think. The clients in the other subnet are pointing directly to their WINS Server and, if configured as H-node, won't use NetBIOS Broadcasts. And WINS-Proxy doesn't affect unicasts to a WINS-Server, but only NetBIOS-Broadcasts. 3) rely on the remote clients using dns, plus you using remote announce: this is one of the _only_ situations under which i would recommend the use of remote announce 4) hack into all of those machines on the remote network and put your samba server in their lmhosts files (not recommended :-) 5) _ask_ individual users who wish to access your samba servers to add an entry in the lmhosts file. samba servers as PDCs need to have that odd #PRE DOMAIN_NAME system in clients' lmhosts. [>] It's #PRE #DOM DOMAIN_NAME, but only if there's no domain controller (doesn't matter if PDC or BDC) in the local subnet of the client Some additional points: 1. In this thread some people said that you should usually have several NT WINS Servers when using NT? Why? I never had any problems in smaller environments with using just one WINS-Server and H-Nodes. Usually works fine. 2. Don't believe what Microsoft is telling on WINS configuration (especially replication). In most situations (especially on networks with small bandwidth WAN connections between), there might be better, more effective solutions using combinations of NetBIOS-Broadcasts, LMHOSTS and WINS if you need to use NetBIOS Name Resolution. From lkcl at switchboard.net Thu Apr 15 20:30:27 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain In-Reply-To: <01BE8784.7AB508B0@STRNTPMK> Message-ID: On Fri, 16 Apr 1999, Kuppinger - Martin Kuppinger wrote: > [>] Won't work, I think. yes it will, see below. > The clients in the other subnet are pointing > directly to their WINS Server and, if configured as H-node, won't use > NetBIOS Broadcasts. incorrect. only as P-node will a NetBIOS client not send out broadcasts. > And WINS-Proxy doesn't affect unicasts to a > WINS-Server, but only NetBIOS-Broadcasts. correct. therefore, when the H-node, M-node or B-node sends out broadcasts requests they will be picked up and answered by a host with "wins proxy" enabled, whether they be a ms or samba or other host. > [>] It's #PRE #DOM DOMAIN_NAME, thanx. > but only if there's no domain controller you mean, only if you cannot _resolve_ the ip address of the DC in the isolated subnet [isolated from all _other_ forms of ip address resolution from which the Domain's name would normally be obtained]. From Patrick at barmentlo.net Thu Apr 15 21:42:17 1999 From: Patrick at barmentlo.net (Patrick Barmentlo) Date: Tue Dec 2 02:26:06 2003 Subject: IDQ, IDA and HTX files cannot be placed on a network share ?? Message-ID: <004b01be8788$d5244aa0$86f326c3@barmentlo.net> I'm running Samba 2.03 on RedHat5.2 all goes well. Security is domain. I tried to run a front page web (virtual through IIS), data is on a samba share... Lot's of (in this case ) a forum web, options works ok.. but..: When I try to use the 'search' function of the web: I assume it wants to use the following file : disc1_srch.htm0.idq The error I get: "The file \\samba\www\_vti_bin\disc_srch.htm0.idq is on a network share. IDQ, IDA and HTX files cannot be placed on a network share." I do not know much about IDQ, IDA and HTX files , but is there a way to work around this..??? Regards, Patrick From aperrin at demog.Berkeley.EDU Fri Apr 16 00:05:16 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: Many thanks to all who've responded! Here's what we've done, which *seems* to be working quite nicely: 1.) Placed our machine in their subnet, a junker (Sparc 1, name anasazi) running Samba 1.9.18p10. (will upgrade it someday soon) This machine is the main browser for the DEMOGRAPHY workgroup in the remote subnet. It is set to wins proxy = yes and wins server = (our main wins server). The Win9x machines in the remote subnet do not have any wins server set up. 2.) Set up our main server with a netbios aliases=BARROWS-SVR and include=/usr/LOCAL/samba/lib/smb.conf.%L . Put most of the information - including security stuff and all shares - in the smb.conf.* files. 3.) Set remote announce=(anasazi's IP address) 4.) Set smb.conf.barrows-svr to map to guest = Bad User to allow unknown people to use the shares as guest. It appears as if, eventually, the remote subnet gets the whole local browselist, not just the machines that are set to remote announce, which puzzles me; otherwise, it seems to work well. Cheers, Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 16 Apr 1999, Luke Kenneth Casson Leighton wrote: > On Wed, 14 Apr 1999, Andrew Perrin - Demography wrote: > > > So, let me see if I understand the upshot here: what we're hoping to do on > > campus is (at least for now) not possible: that is, to plop samba servers > > in 'foreign' subnets where we are unable to control the configuration of > > the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP) > > and have users on those machines be able to view our server's shares and > > grab stuff off of them. > > basically correct. > > solutions: > > 1) poison their WINS server database (either by using it as _your_ WINS > server or getting its admin to add an entry for your server OR by writing > a small program to register the samba server's ip address in TWO WINS > servers :-) :-) > > 2) sneak a samba server onto that subnet with "wins proxy = yes" where > that samba server uses the same WINS server as the rest of _your_ samba > servers+windows clients. > > 3) rely on the remote clients using dns, plus you using remote announce: > this is one of the _only_ situations under which i would recommend the use > of remote announce > > 4) hack into all of those machines on the remote network and put your > samba server in their lmhosts files (not recommended :-) > > 5) _ask_ individual users who wish to access your samba servers to add an > entry in the lmhosts file. > > samba servers as PDCs need to have that odd #PRE DOMAIN_NAME system in > clients' lmhosts. > From chrisp at global.co.za Fri Apr 16 10:32:38 1999 From: chrisp at global.co.za (chrisp@global.co.za) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain Message-ID: Hi I am trying to log on to our NT domain I am using the samba-2.0.3-19990228 rpm I have a computer account on the domain Here is a transcript of what happens pterodactyl:~# smbpasswd -j GIA cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine JHBPDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 1999/04/16 12:31:12 : change_trust_account_password: Failed to change password for domain GIA. Unable to join domain GIA. Any hints would be appreciated Thanks Chris Picton chrisp@gia.co.za From e8903122 at student.tuwien.ac.at Thu Apr 15 23:26:31 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: Hallo ! On Fri, 16 Apr 1999, Luke Kenneth Casson Leighton wrote: > solutions: > > 1) poison their WINS server database (either by using it as _your_ WINS ... > 2) sneak a samba server onto that subnet with "wins proxy = yes" where ... > 3) rely on the remote clients using dns, plus you using remote announce: ... > 4) hack into all of those machines on the remote network and put your ... > 5) _ask_ individual users who wish to access your samba servers to add an > entry in the lmhosts file. 6) Write a small description for the users how they can create a link to the samba share on their desktop using the DNS name or IP-Adress of the samba server. With some luck, the *.lnk file is copyable. If it is, users can share them via 'officially' available file space or get them via ftp. Kind regards, Richard ------ The world is a jungle in general, and the networking game contributes many animals. ---- David C. Plummer, RFC 826 From e8903122 at student.tuwien.ac.at Thu Apr 15 23:56:14 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain In-Reply-To: <01BE8784.7AB508B0@STRNTPMK> Message-ID: Hello ! On Fri, 16 Apr 1999, Kuppinger - Martin Kuppinger wrote: > 1. In this thread some people said that you should usually have several > NT WINS Servers when using NT? Why? I never had any problems in smaller > environments with using just one WINS-Server and H-Nodes. Usually works > fine. If you want reliable services, you need more than one NT server. Take just a small look on BUGTRAQ and you see where NT is broken. If you want to install a new mouse on you WINS server you disrupt the service for all your users (reboot !). Therefore you need a couple of NT boxes. > 2. Don't believe what Microsoft is telling on WINS configuration > (especially replication). In most situations (especially on networks > with small bandwidth WAN connections between), there might be better, > more effective solutions using combinations of NetBIOS-Broadcasts, > LMHOSTS and WINS if you need to use NetBIOS Name Resolution. This is not a good idea. LMHOSTS is evil, because it has to be maintained on all machines on your network. In practice, the LMHOSTS update will be done only on machines which need immediatly access to a particular ressouce. Then, two days later your telephone rings... Broadcasts are also not the best idea, because they don't scale, they can produce a lot of network traffic. They also breaks location transparency on you network, making things more difficult then they have to be. Kind regards, Richard ------ The world is a jungle in general, and the networking game contributes many animals. ---- David C. Plummer, RFC 826 From cartegw at Eng.Auburn.EDU Fri Apr 16 12:51:14 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain References: Message-ID: <37173242.10203827@eng.auburn.edu> chrisp@global.co.za wrote: > > Hi > > I am trying to log on to our NT domain > I am using the samba-2.0.3-19990228 rpm > > I have a computer account on the domain > > Here is a transcript of what happens > > pterodactyl:~# smbpasswd -j GIA > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do you have encrypt passwords = yes? Are you sure you created the trust account on the PDC? > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > JHBPDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 1999/04/16 12:31:12 : change_trust_account_password: Failed to change > password for domain GIA. > Unable to join domain GIA. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From chrisp at global.co.za Fri Apr 16 12:57:16 1999 From: chrisp at global.co.za (chrisp@global.co.za) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain In-Reply-To: <37173242.10203827@eng.auburn.edu> Message-ID: On Fri, 16 Apr 1999, Gerald Carter wrote: > chrisp@global.co.za wrote: > > > > Hi > > > > I am trying to log on to our NT domain > > I am using the samba-2.0.3-19990228 rpm > > > > I have a computer account on the domain > > > > Here is a transcript of what happens > > > > pterodactyl:~# smbpasswd -j GIA > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Do you have encrypt passwords = yes? Yes > Are you sure you created the trust account on the PDC? Yep - It was originally created when I installed NT on my machine (dual-boot). The netbios name for both NT and linux is the same. Under NT, it logs onto the network fine. Chris > > > cli_nt_setup_creds: auth2 challenge failed > > modify_trust_password: unable to setup the PDC credentials to machine > > JHBPDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > 1999/04/16 12:31:12 : change_trust_account_password: Failed to change > > password for domain GIA. > > Unable to join domain GIA. > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From cartegw at Eng.Auburn.EDU Fri Apr 16 13:06:57 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain References: Message-ID: <371735F1.D357B309@eng.auburn.edu> Richard Kail wrote: > > LMHOSTS is evil, because it has to be maintained on > all machines on your network. Actually, there is a way around this. Consider the two files lmhosts.local---------------------- aaa.bbb.ccc.54 ivy #PRE #INCLUDE \\ivy\scripts\lmhosts lmhosts.server--------------------- aaa.bbb.ccc.48 keating #PRE #DOM:ENG-NT aaa.bbb.ccc.43 kudzu #PRE #DOM:ENG aaa.bbb.ccc.126 lab1 #PRE This way you only need to change the lmhosts file in \\ivy\scripts. cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Fri Apr 16 13:10:34 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain References: Message-ID: <371736CA.E1E40E1@eng.auburn.edu> chrisp@global.co.za wrote: > > > Are you sure you created the trust account on the PDC? > Yep - It was originally created when I installed NT on > my machine (dual-boot). The netbios name for both NT and > linux is the same. Under NT, it logs onto the network > fine. Ah! Well that won't work. When a client attempts to join a domain, it expects the trust account to have a known value (the client's netbios name append with a '$' character). Once it successfully joins the domain, it will change this password. Therefore, you will need to use a different netbios name on either Linux or NT and add both names (computers) to the PDC. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Fri Apr 16 14:07:49 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: > 6) Write a small description for the users how they can create a link to > the samba share on their desktop using the DNS name or IP-Adress of the > samba server. hi richard, this only works if you can resolve the dns name or ip address. this therefore only works on nt, not 95. you _can_ however put an entry in hosts (not lmhosts) file on 95 to get round this limitation. > With some luck, the *.lnk file is copyable. yes. From lkcl at switchboard.net Fri Apr 16 14:09:51 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain In-Reply-To: Message-ID: > > 2. Don't believe what Microsoft is telling on WINS configuration > > (especially replication). In most situations (especially on networks > > with small bandwidth WAN connections between), there might be better, > > more effective solutions using combinations of NetBIOS-Broadcasts, > > LMHOSTS and WINS if you need to use NetBIOS Name Resolution. > > This is not a good idea. > > LMHOSTS is evil, because it has to be maintained on all machines on your > network. In practice, the LMHOSTS update will be done only on machines > which need immediatly access to a particular ressouce. Then, two days > later your telephone rings... worse, when you move the PDC for a network, either ip address or even name, you run into "i can't find the network" problems. at that point, admins seriously consider remote access to hosts and blanket-removing all lmhosts files... From skirks at coxnet.org Fri Apr 16 14:25:58 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain Message-ID: First post, be gentle.... Would the SID in the file on the samba side be different than the SID you created when your NT side joined the domain? Steve -----Original Message----- From: chrisp@global.co.za [mailto:chrisp@global.co.za] Sent: Friday, April 16, 1999 8:01 AM To: Multiple recipients of list Subject: Re: Cannot log on to domain On Fri, 16 Apr 1999, Gerald Carter wrote: > chrisp@global.co.za wrote: > > > > Hi > > > > I am trying to log on to our NT domain > > I am using the samba-2.0.3-19990228 rpm > > > > I have a computer account on the domain > > > > Here is a transcript of what happens > > > > pterodactyl:~# smbpasswd -j GIA > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Do you have encrypt passwords = yes? Yes > Are you sure you created the trust account on the PDC? Yep - It was originally created when I installed NT on my machine (dual-boot). The netbios name for both NT and linux is the same. Under NT, it logs onto the network fine. Chris > > > cli_nt_setup_creds: auth2 challenge failed > > modify_trust_password: unable to setup the PDC credentials to machine > > JHBPDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > 1999/04/16 12:31:12 : change_trust_account_password: Failed to change > > password for domain GIA. > > Unable to join domain GIA. > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com From lkcl at switchboard.net Fri Apr 16 14:34:36 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain In-Reply-To: Message-ID: On Fri, 16 Apr 1999 chrisp@global.co.za wrote: > > > On Fri, 16 Apr 1999, Gerald Carter wrote: > > > chrisp@global.co.za wrote: > > > > > > Hi > > > > > > I am trying to log on to our NT domain > > > I am using the samba-2.0.3-19990228 rpm > > > > > > I have a computer account on the domain > > > > > > Here is a transcript of what happens > > > > > > pterodactyl:~# smbpasswd -j GIA > > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Do you have encrypt passwords = yes? > Yes > > > Are you sure you created the trust account on the PDC? > Yep - It was originally created when I installed NT on my machine > (dual-boot). The netbios name for both NT and linux is the same. Under > NT, it logs onto the network fine. som1 want 2 xpln why u can't do this? luke From chrisp at global.co.za Fri Apr 16 14:32:43 1999 From: chrisp at global.co.za (chrisp@global.co.za) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain In-Reply-To: Message-ID: On Fri, 16 Apr 1999, Steven Kirks wrote: > First post, be gentle.... > > Would the SID in the file on the samba side be different than the SID you > created when your NT side joined the domain? I have subsequently removed the computer account from the PDC and recreated it. This still didnt help... Chris > > Steve > > -----Original Message----- > From: chrisp@global.co.za [mailto:chrisp@global.co.za] > Sent: Friday, April 16, 1999 8:01 AM > To: Multiple recipients of list > Subject: Re: Cannot log on to domain > > > > > On Fri, 16 Apr 1999, Gerald Carter wrote: > > > chrisp@global.co.za wrote: > > > > > > Hi > > > > > > I am trying to log on to our NT domain > > > I am using the samba-2.0.3-19990228 rpm > > > > > > I have a computer account on the domain > > > > > > Here is a transcript of what happens > > > > > > pterodactyl:~# smbpasswd -j GIA > > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Do you have encrypt passwords = yes? > Yes > > > Are you sure you created the trust account on the PDC? > Yep - It was originally created when I installed NT on my machine > (dual-boot). The netbios name for both NT and linux is the same. Under > NT, it logs onto the network fine. > > Chris > > > > > > cli_nt_setup_creds: auth2 challenge failed > > > modify_trust_password: unable to setup the PDC credentials to machine > > > JHBPDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > > 1999/04/16 12:31:12 : change_trust_account_password: Failed to change > > > password for domain GIA. > > > Unable to join domain GIA. > > > > > > > > > > Cheers, > > jerry > > ________________________________________________________________________ > > Gerald ( Jerry ) Carter > > Engineering Network Services Auburn University > > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > > > "...a hundred billion castaways looking for a home." > > - Sting "Message in a Bottle" ( 1979 ) > > > > > ------------------------------------------------------------------------- > This email server is running an evaluation copy of the MailShield anti- > spam software. Please contact your email administrator if you have any > questions about this message. MailShield product info: www.mailshield.com > From rdab100 at cam.ac.uk Fri Apr 16 15:10:42 1999 From: rdab100 at cam.ac.uk (Dominic Baines) Date: Tue Dec 2 02:26:06 2003 Subject: WINS on a Samba Server - Backup of the WINS database. Message-ID: <371752F1.8A589E7A@cam.ac.uk> OK so Samba WINS does not support MS-WINS replication. But....... This may be a really simple one but how do you backup the WINS database on a 'RUNNING' Samba Server in case of failure ? In MS's NT you'd be able to set up replication partners etc... a failed WINS server would soon regenerate a list of NetBIOS to IP's from periodic announcements but is there an alternative mode of operation possible ? I've been through the BROWSING* docs and most others but can't find anything obvious. Dominic From e8903122 at student.tuwien.ac.at Fri Apr 16 14:30:44 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain In-Reply-To: <371735F1.D357B309@eng.auburn.edu> Message-ID: Hello ! On Fri, 16 Apr 1999, Gerald Carter wrote: > > LMHOSTS is evil, because it has to be maintained on > > all machines on your network. > > Actually, there is a way around this. Consider the two files > > lmhosts.local---------------------- > aaa.bbb.ccc.54 ivy #PRE > #INCLUDE \\ivy\scripts\lmhosts > lmhosts.server--------------------- > This way you only need to change the lmhosts file > in \\ivy\scripts. Hmhm. No question, this works, but this way, the IP-Adress of one server is fixed. Do you know Mr. Murphy and his laws ? "ring ring klick 'Richard, we want to move ivy from subnet A to subnet B for some weeks because of some bricklaying(*).'". Kind regards, Richard (*) I don't know if this is the right english word. But you know the people making the dust which kills every fan in 30 Meters distance more or less immediatly. *ggg* ------ The world is a jungle in general, and the networking game contributes many animals. ---- David C. Plummer, RFC 826 From e8903122 at student.tuwien.ac.at Fri Apr 16 14:20:16 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: Hello ! On Fri, 16 Apr 1999, Luke Kenneth Casson Leighton wrote: > this only works if you can resolve the dns name or ip address. this > therefore only works on nt, not 95. you _can_ however put an entry in > hosts (not lmhosts) file on 95 to get round this limitation. Hm. I have some knowledge problems with Win95, because I made 1995 the decision not to touch Win95 at all. So, I installed it since then only once, only to give a old laptop some months of additional life running winword without a network... My question: Are \\192.168.1.2\myshare UNC-Paths only working on Windows NT ? Kind regards, Richard ------ The world is a jungle in general, and the networking game contributes many animals. ---- David C. Plummer, RFC 826 From jallison at cthulhu.engr.sgi.com Fri Apr 16 16:43:43 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain References: Message-ID: <371768BF.6F9F030@engr.sgi.com> chrisp@global.co.za wrote: > > > Are you sure you created the trust account on the PDC? > Yep - It was originally created when I installed NT on my machine > (dual-boot). The netbios name for both NT and linux is the same. Under > NT, it logs onto the network fine. Ah, that's you problem. You cannot do this under the same name for the NT box. The reason is that when you rebooted the NT box after joining the domain the NT box changed the domain password. The password that smbpasswd is trying to change has already been changed. You could extract the NT password from the PDC SAM or the LSA secrects area on your NT workstation, but sooner or later either Samba or the NT box will change it again and everything will break. You need to add the Samba server under a different name and use the "netbios name" parameter in smb.conf. Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From dave at www.buffalostate.edu Fri Apr 16 17:05:45 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain In-Reply-To: Message-ID: > > > Are you sure you created the trust account on the PDC? > > Yep - It was originally created when I installed NT on my machine > > (dual-boot). The netbios name for both NT and linux is the same. Under > > NT, it logs onto the network fine. > > som1 want 2 xpln why u can't do this? luke > Uhh. I thought the workstation will change the machine's password on the PDC when it FIRST connects to the domain. If when rebooting to Linux from Nt wkstation, and attempting to join the domain, the password is now different than what it expects and thus fails. Am i right? Dave From lkcl at switchboard.net Fri Apr 16 17:16:36 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: On Fri, 16 Apr 1999, Richard Kail wrote: > My question: Are \\192.168.1.2\myshare UNC-Paths only working on Windows > NT ? correct. the ip resolver in 95 does not have full dns capabilities. From cartegw at Eng.Auburn.EDU Fri Apr 16 17:33:14 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:06 2003 Subject: WINS on a Samba Server - Backup of the WINS database. References: <371752F1.8A589E7A@cam.ac.uk> Message-ID: <3717745A.356D6163@eng.auburn.edu> There is no way at the moment. But I run a single Samba server for WINS to about 500 PC's with no problems. Solid as a rock. :) jerry Dominic Baines wrote: > > > This may be a really simple one but how do you backup > the WINS database on a 'RUNNING' Samba Server in case of failure ? > ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Fri Apr 16 17:55:43 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: WINS on a Samba Server - Backup of the WINS database. In-Reply-To: <371752F1.8A589E7A@cam.ac.uk> Message-ID: On Sat, 17 Apr 1999, Dominic Baines wrote: > OK so Samba WINS does not support MS-WINS replication. > > But....... > > > This may be a really simple one but how do you backup > the WINS database on a 'RUNNING' Samba Server in case of failure ? > cp /usr/local/samba/lib/private/wins.dat wins.dat.backup. until som1 creates an ldap or mysql version, that is :) if you want to restore, you have to terminate nmbd briefly, copy file over and restart nmbd. if nmbd has been written properly, it should notice that the expiry time has elapsed on rather a lot of the entries, and so marks them as expired. it will also, if som1 attempts to register a name that is marked as being owned by an older ip address, double-check with the old ip b4 allocating the name to the new requester. > In MS's NT you'd be able to set up replication partners etc... a failed > WINS server would soon regenerate a list of NetBIOS to IP's from > periodic > announcements 15 mins. From jan.van.rensburg at us.epiuse.com Fri Apr 16 18:12:43 1999 From: jan.van.rensburg at us.epiuse.com (jan van rensburg) Date: Tue Dec 2 02:26:06 2003 Subject: AW: Using remote announce w/ security=domain Message-ID: <004b01be8834$bd4141c0$1501050a@helena.us.epiuse.com> sure, what you say is true, but the same is true for wins, dns etc, unless you use dhcp. --jan van rensburg -----Original Message----- From: Richard Kail To: Multiple recipients of list Date: 16 April 1999 02:02 Subject: Re: AW: Using remote announce w/ security=domain >Hello ! > >On Fri, 16 Apr 1999, Gerald Carter wrote: > >> > LMHOSTS is evil, because it has to be maintained on >> > all machines on your network. >> >> Actually, there is a way around this. Consider the two files >> >> lmhosts.local---------------------- >> aaa.bbb.ccc.54 ivy #PRE >> #INCLUDE \\ivy\scripts\lmhosts > >> lmhosts.server--------------------- > >> This way you only need to change the lmhosts file >> in \\ivy\scripts. > >Hmhm. No question, this works, but this way, the IP-Adress of one server >is fixed. Do you know Mr. Murphy and his laws ? > >"ring ring klick 'Richard, we want to move ivy from subnet A to subnet B >for some weeks because of some bricklaying(*).'". > >Kind regards, > >Richard > >(*) I don't know if this is the right english word. But you know the >people making the dust which kills every fan in 30 Meters distance more or >less immediatly. *ggg* > >------ >The world is a jungle in general, and the networking game >contributes many animals. ---- David C. Plummer, RFC 826 From dave at www.buffalostate.edu Fri Apr 16 19:29:19 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:06 2003 Subject: Using remote announce w/ security=domain In-Reply-To: Message-ID: > Hm. I have some knowledge problems with Win95, because I made 1995 the > decision not to touch Win95 at all. So, I installed it since then only > once, only to give a old laptop some months of additional life running > winword without a network... > > My question: Are \\192.168.1.2\myshare UNC-Paths only working on Windows > NT ? yes, (sort of). If you add "192.168.1.2 somehost" to your c:\windows\hosts file then you should be able to do it. (I have NOT verified this, but someone else said it works) On NT you can just use the IP (the way it should be IMHO) dave From lkcl at switchboard.net Fri Apr 16 19:46:26 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:06 2003 Subject: Cannot log on to domain In-Reply-To: Message-ID: On Sat, 17 Apr 1999, Dave J. Andruczyk wrote: > > > > Are you sure you created the trust account on the PDC? > > > Yep - It was originally created when I installed NT on my machine > > > (dual-boot). The netbios name for both NT and linux is the same. Under > > > NT, it logs onto the network fine. > > > > som1 want 2 xpln why u can't do this? luke > > > > Uhh. I thought the workstation will change the machine's password on the > PDC when it FIRST connects to the domain. only added this very recently (2 wks ago) to cvs main. it's set to default value (wks name in lower case). > If when rebooting to Linux from > Nt wkstation, and attempting to join the domain, the password is now > different than what it expects and thus fails. Am i right? you are correct.... ONLY if one user has NOT been logged on from the nt wks since it was joined to the domain OR if smbpasswd -j does not set password to a random value but sets to "wks name in lower case" too. when 1st usr logs in from nt wks, NetrServerPasswordSet is sent, changing wks dflt val to random one. in other words, you can only really have ONE wks with synchronised wks trust pwd and therefore only one wks per netbios name (and one netbios name per wks, whatever way you want to look at it). From dustin at pcparts.net Fri Apr 16 22:02:52 1999 From: dustin at pcparts.net (dustin) Date: Tue Dec 2 02:26:06 2003 Subject: WINS on a Samba Server - Backup of the WINS database. In-Reply-To: <3717745A.356D6163@eng.auburn.edu> Message-ID: <000601be8854$df726880$7de39cce@discodeath> Is there anything else that you need to do to get wins to work other than put in win support = yes in the global section?? -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Gerald Carter Sent: Friday, April 16, 1999 12:35 PM To: Multiple recipients of list Subject: Re: WINS on a Samba Server - Backup of the WINS database. There is no way at the moment. But I run a single Samba server for WINS to about 500 PC's with no problems. Solid as a rock. :) jerry Dominic Baines wrote: > > > This may be a really simple one but how do you backup > the WINS database on a 'RUNNING' Samba Server in case of failure ? > ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jjm at iname.com Sat Apr 17 01:14:14 1999 From: jjm at iname.com (Johan Meiring) Date: Tue Dec 2 02:26:06 2003 Subject: SAMBA-NTDOM digest 765 In-Reply-To: <19990416174641Z12860327-4455+1268@samba.anu.edu.au> Message-ID: <000001be886f$9b89cf80$644a48a6@sandra> HI, If you install the Winsock2 update from MS for Win 95, it can connect unsing ip address. \\192.168.1.1\share will then work. It is at http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetwo rkingtools/w95sockets2/default.asp? Johan >Date: Fri, 16 Apr 1999 18:16:36 +0100 (BST) >From: Luke Kenneth Casson Leighton >To: Richard Kail >Subject: Re: Using remote announce w/ security=domain >Message-ID: > >On Fri, 16 Apr 1999, Richard Kail wrote: > >> My question: Are \\192.168.1.2\myshare UNC-Paths only working on Windows >> NT ? > >correct. the ip resolver in 95 does not have full dns capabilities. From K.Conlisk at worldnet.att.net Sun Apr 18 02:57:18 1999 From: K.Conlisk at worldnet.att.net (Keith Conlisk) Date: Tue Dec 2 02:26:07 2003 Subject: wish to know more about using Samba as an NT PDC Message-ID: <001101be8947$2ff018a0$0201a8c0@keith> wish to know more about using Samba as an NT PDC -------------- next part -------------- HTML attachment scrubbed and removed From whn at topelo.lopi.com Sun Apr 18 11:13:19 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:26:07 2003 Subject: wish to know more about using Samba as an NT PDC In-Reply-To: Your message of Sun, 18 Apr 1999 13:00:14 +1000. <001101be8947$2ff018a0$0201a8c0@keith> Message-ID: <19990418111320.9151.qmail@topelo.lopi.com> Howdy Keith, Samba as PDC is pre-alpha, pre-release software - use at your own risk. It changes daily if not hourly at times. It is not fully featured yet but it is quickly getting there. Have you read the documentation on the web site www.samba.org? Read all of the files in http://us1.samba.org/samba/docs/ Also read http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html again. If you have not used samba before not being an PDC then I suggest you first get that going. Read all the documentation that is included two or three times to really understand it - you have a steep learning curve. If things aren't working then follow the directions in http://us1.samba.org/samba/docs/DIAGNOSIS.html to the letter - it is your friend. If you don't know anything about configuring a PDC then I suggest you read the last 4 or 5 months of the samba-dom archive because you'll need the concepts that are discussed and more. Also be comfortable with running and configuring normal samba first. You have an even steeper learning curve here. Be prepared to experiment - heavily. BTW - this list hates HTML email messages so please do not use it. Good luck, Bill On Sunday, Apr 18 1999 at 13:00:14, "Keith Conlisk" wrote: >This is a multi-part message in MIME format. > >------=_NextPart_000_000E_01BE8925.A4F0EAC0 >Content-Type: text/plain; > charset="iso-8859-1" >Content-Transfer-Encoding: quoted-printable > >wish to know more about using Samba as an NT PDC=20 > >------=_NextPart_000_000E_01BE8925.A4F0EAC0 >Content-Type: text/html; > charset="iso-8859-1" >Content-Transfer-Encoding: quoted-printable > > > >http-equiv=3DContent-Type> > > > > >
wish to know more about using Samba as an NT PDC=20 >
> >------=_NextPart_000_000E_01BE8925.A4F0EAC0-- > From Patrick at barmentlo.net Sun Apr 18 13:37:05 1999 From: Patrick at barmentlo.net (Patrick Barmentlo) Date: Tue Dec 2 02:26:07 2003 Subject: samba 2.03, NT4/pack4/ IIs, virtual hosting . Message-ID: <017901be89a0$8c3fd9c0$86f326c3@barmentlo.net> Hai, I tried to setup virtual hosts in IIS I use samba 2.03 Tried all 'server modes' (share/user/domain), but can't get it work well.. The closed .. samba server in share mode.. problem: could not get it public accessed throe IIS Some where I saw something about the NT iis guest user IUSR , about security, can't go further then one hop. ( is that so ?) Also I tried to work around the 'currently supplied credentials conflicts with existing...' with force user / group. but. then all security is gone !! Is it me , I just don't get it, or is it Samba, just not yet being able to serve such services as I want ?? By the way , file and printer sharing etc.. works perfect in Microsoft user environment, as long as you don't want to connect to the same (samba) host with diff user id.. Any reply will be appreciated Regards, Patrick Barmentlo From martin at kuppinger.com Sun Apr 18 20:02:17 1999 From: martin at kuppinger.com (Kuppinger - Martin Kuppinger) Date: Tue Dec 2 02:26:07 2003 Subject: AW: AW: Using remote announce w/ security=domain Message-ID: <01BE89E9.0E107F20@STRNTPMK> > 1. In this thread some people said that you should usually have several > NT WINS Servers when using NT? Why? I never had any problems in smaller > environments with using just one WINS-Server and H-Nodes. Usually works > fine. If you want reliable services, you need more than one NT server. Take just a small look on BUGTRAQ and you see where NT is broken. [>] If you want reliable services, you need always more than one server (even with AIX, even with an IBM 390). And Richard, like you should know, I'm very aware of the shortcomings of Windows NT. But if I look at the reality, the most important thing isn't the operating system, but the administrator. But let's stop this discussion here - it's not the right place for operating systems discussions. If you want to install a new mouse on you WINS server you disrupt the service for all your users (reboot !). [>] When do I need to do this? But you're right: You have to reboot NT in by far to much situations today. Therefore you need a couple of NT boxes. > 2. Don't believe what Microsoft is telling on WINS configuration > (especially replication). In most situations (especially on networks > with small bandwidth WAN connections between), there might be better, > more effective solutions using combinations of NetBIOS-Broadcasts, > LMHOSTS and WINS if you need to use NetBIOS Name Resolution. This is not a good idea. LMHOSTS is evil, because it has to be maintained on all machines on your network. In practice, the LMHOSTS update will be done only on machines which need immediatly access to a particular ressouce. Then, two days later your telephone rings... [>] I think that's primarily a matter of planning. And in more centralized networks there are several technologies to do that job (login scripts and so on). In my practice, when LMHOSTS is used, then with updates in a very centralized manner. Broadcasts are also not the best idea, because they don't scale, they can produce a lot of network traffic. They also breaks location transparency on you network, making things more difficult then they have to be. [>] Yes and no. Broadcasts aren't the best way. But if you look at real world situations, there are a lot of companies (especially here in Europe) where WINS replication over small bandwidth links isn't the best way. And the name resolution broadcasts don't produce very much traffic. WINS is an easy way. But it's definitely not always the right solution. [>] Kind regards, Martin From martin at kuppinger.com Sun Apr 18 20:06:28 1999 From: martin at kuppinger.com (Kuppinger - Martin Kuppinger) Date: Tue Dec 2 02:26:07 2003 Subject: AW: AW: Using remote announce w/ security=domain Message-ID: <01BE89E9.0F94AE20@STRNTPMK> Richard Kail wrote: > > LMHOSTS is evil, because it has to be maintained on > all machines on your network. Actually, there is a way around this. Consider the two files lmhosts.local---------------------- aaa.bbb.ccc.54 ivy #PRE #INCLUDE \\ivy\scripts\lmhosts lmhosts.server--------------------- aaa.bbb.ccc.48 keating #PRE #DOM:ENG-NT aaa.bbb.ccc.43 kudzu #PRE #DOM:ENG aaa.bbb.ccc.126 lab1 #PRE This way you only need to change the lmhosts file in \\ivy\scripts. [>] Yes. But you should work with #PRE in the included file, otherwise this file will be loaded every few minutes from the server (how to produce unnecessary network traffic ;-) ). And you have to allow access to the share used by #include for anonymous users, because the command is executed when loading the IP stack and therefore before authentication. And you'll have to change the size of the NetBIOS name cache to hold all entries. From martin at kuppinger.com Sun Apr 18 19:51:48 1999 From: martin at kuppinger.com (Kuppinger - Martin Kuppinger) Date: Tue Dec 2 02:26:07 2003 Subject: AW: AW: Using remote announce w/ security=domain Message-ID: <01BE89E8.FB183C00@STRNTPMK> > [>] Won't work, I think. yes it will, see below. > The clients in the other subnet are pointing > directly to their WINS Server and, if configured as H-node, won't use > NetBIOS Broadcasts. incorrect. only as P-node will a NetBIOS client not send out broadcasts. [>] Right. He will broadcast because the WINS (usually in this case) won't be able to resolve the query. He unicasts first, but without answer... From mm at WHU-Koblenz.de Mon Apr 19 14:47:39 1999 From: mm at WHU-Koblenz.de (Maria M. Pinheiro de Castro Neves) Date: Tue Dec 2 02:26:07 2003 Subject: Different behaviour Linux - Solaris??? Message-ID: <199904191447.QAA15102@obelix.WHU-Koblenz.de> Hi, The first mail I wrote to the list got accidentally out without subject. I'm sorry for that, and I hope I won't nerve you much if I post it again, this time with subject and some lines from my logfiles :-) I have Problems getting my Solaris 7 server to work as a domain controller for an NT 4 sp3 client using samba 2.0.3. I've followed exactly the instructions from the NT Domain FAQ. I can get the client to join the domain and then I get the welcome message, but after the reboot, when I try to logon to this domain, I allways get a message saying that the domain is not available. I've spent some days desperately trying to find out why, trying different configurations, looking at the logfiles and source code, searching the list archives. I've even moved the Solaris server to the client's subnet. But this behaviour didn't change. As a last test, just before giving up, I've tried to compile the same samba source code at my Linux workstation (RedHat 5.2, kernel 2.0.36), and used the same config file I've used with the Solaris box. and... guess what? It worked perfectly on the first try!!! I've compared both logfiles, and I'm copying here the lines where they start to differ: --> LINUX - works :-) [1999/04/19 13:18:19, 3] smbd/process.c:process_smb(565) Transaction 10 of length 152 [1999/04/19 13:18:19, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 11070) [1999/04/19 13:18:19, 3] smbd/ipc.c:reply_trans(3625) trans <\PIPE\> data=72 params=0 setup=2 [1999/04/19 13:18:19, 3] smbd/ipc.c:named_pipe(3480) named pipe command on <> name [1999/04/19 13:18:19, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "NETLOGON" (pnum 7009)api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [1999/04/19 13:18:19, 3] smbd/process.c:process_smb(565) Transaction 11 of length 332 [1999/04/19 13:18:19, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 11070) [1999/04/19 13:18:19, 3] smbd/ipc.c:reply_trans(3625) trans <\PIPE\> data=252 params=0 setup=2 [1999/04/19 13:18:19, 3] smbd/ipc.c:named_pipe(3480) named pipe command on <> name [1999/04/19 13:18:19, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "NETLOGON" (pnum 7009)Doing \PIPE\NETLOGON [1999/04/19 13:18:19, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: NET_SAMLOGON ---> SOLARIS - doesn't work :-( [1999/04/19 12:48:26, 3] smbd/process.c:process_smb(565) Transaction 10 of length 152 [1999/04/19 12:48:26, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 4506) [1999/04/19 12:48:26, 3] smbd/ipc.c:reply_trans(3625) trans <\PIPE\> data=72 params=0 setup=2 [1999/04/19 12:48:26, 3] smbd/ipc.c:reply_trans(3635) trans <\PIPE\> data=72 params=0 setup=2 [1999/04/19 12:48:26, 3] smbd/ipc.c:named_pipe(3480) named pipe command on <> name [1999/04/19 12:48:26, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "NETLOGON" (pnum 7021)api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [1999/04/19 12:48:26, 3] smbd/process.c:process_smb(565) Transaction 11 of length 168 [1999/04/19 12:48:26, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 4506) [1999/04/19 12:48:26, 3] smbd/ipc.c:reply_trans(3625) trans <\PIPE\> data=88 params=0 setup=2 [1999/04/19 12:48:26, 3] smbd/ipc.c:reply_trans(3635) trans <\PIPE\> data=88 params=0 setup=2 [1999/04/19 12:48:26, 3] smbd/ipc.c:named_pipe(3480) named pipe command on <> name [1999/04/19 12:48:26, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "NETLOGON" (pnum 7021)Doing \PIPE\NETLOGON [1999/04/19 12:48:26, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: NET_REQCHAL [1999/04/19 12:48:26, 0] rpc_server/srv_netlog.c:get_md4pw(266) get_md4pw: Workstation $: no account in domain But I need to get it working on my Sparc. Does someone have an Idea about where the problem is?? Should I try compiling it with another gcc version? The Linux box has gcc 2.7.2.3 and the Solaris gcc 2.8.1. Or maybe just set some options in the Makefile? On both machines I've just done "./configure; make". .. Or install Linux on the Sparc? Thanks in advance for your help Maria - --------------------------------------------------------------------- Maria M. Pinheiro de Castro Neves - mm@whu-koblenz.de System and Network Administrator WHU Koblenz - Otto Beisheim Graduate School of Management Burgplatz 2, 56179 Vallendar, Germany - ++49 261 6509562 From Chad.Campbell at innovision.com Mon Apr 19 16:31:39 1999 From: Chad.Campbell at innovision.com (Chad Campbell) Date: Tue Dec 2 02:26:07 2003 Subject: Different behaviour Linux - Solaris??? References: <199904191447.QAA15102@obelix.WHU-Koblenz.de> Message-ID: <371B5A6B.408972E2@innovision.com> > Should I try compiling it with another gcc version? The Linux box has > gcc 2.7.2.3 and the Solaris gcc 2.8.1. > Or maybe just set some options in the Makefile? On both machines I've > just done "./configure; make". My experience with 2.8.1 has been bad on all architectures. I use egcs 1.1.2 on Linux and Solaris with no problems. Chad -- Chad Campbell Software Engineer, Innovision Corporation Chad.Campbell@innovision.com (913)226-8700 From randy.omeara at lmco.com Mon Apr 19 18:20:16 1999 From: randy.omeara at lmco.com (OMeara, Randy) Date: Tue Dec 2 02:26:07 2003 Subject: Samba Article Message-ID: <51D12B40ECC6D111A2670000F8052ADF035814F1@emss01m03.ems.lmco.com> I read the specified article and learned that: "Samba can be configured to create the required Linux users on demand, allowing an NT domain to use a Linux server with minimal setup (just the networking parameters)." Does anyone have an example of how to do this? I've been stumbling over the need to have pre-existing Unix accounts for all users (except guest). I would be grateful if anyone could provide details for this configuration. _The article may be found at : _ _http://www.mcpmag.com/members/current/fea1main.asp _ _Cheers, _ _ Jeremy Allison, _ Samba Team. --- Randy O'Meara Information Systems IT Implementation Lockheed Martin, Santa Cruz Facility -- mailto:Randy.OMeara@LMCO.com From brwillia at ksumail.kennesaw.edu Mon Apr 19 19:07:46 1999 From: brwillia at ksumail.kennesaw.edu (Brent Williams) Date: Tue Dec 2 02:26:07 2003 Subject: Samba instead of NT Message-ID: <001401be8a97$e94599a0$50b9da82@Kennesaw.EDU> Ok, I'm new to Samba and investigating its usefulness for school systems across the state of Georgia. I have read numerous articles and docs on Samba and the book Samba by John Blair. Comments on the following please: Scenario: School with Samba server as only SMB server. Wishes to use encrypted logins. To create accounts: 1. Create unix accounts (linuxconf) 2. Convert unix account to smbpasswd file using mksmbpasswd.sh 3. Use smbpasswd utility to create an encrypted password for each user. Ok so far? Now the school wants to add 50 additional student accounts. 1. Create unix accounts (linuxconf) 2. Can't convert because existing smbpasswd file will be overwritten (thus existing encrypted passwords are lost. 3. So, enter account information manually into the smbpasswd file 4. Use smbpasswd utility to enter an encrypted password for each user. Am I way off, or is this the way it is done? (I hope I'm way off!) Thanks for any help. Brent Brent Williams CNE, MCSE, A+ Educational Technology Center Kennesaw State University 770-423-6573 brwillia@ksumail.kennesaw.edu -------------- next part -------------- HTML attachment scrubbed and removed From yan at cardinalengineering.com Mon Apr 19 19:25:03 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:26:07 2003 Subject: Attrib problem Message-ID: <371B830E.CD3892F5@cardinalengineering.com> I have an NT application that shares data in client-server mode. When the server makes a change that one of the clients needs to know about, a message box is supposed to pop up on the client. This has not been happening. The files are updated, but the clients are not notifying the users. After several weeks of reverse engineering this particular app, I've come to the conclusion that the server toggles the archive bit on one particular file in the client directory to let the client know the file has changed. Samba, knowing nothing about DOS attribs, blithely ignores this, and always leaves the archive bit set. Attempts to toggle the bit fail. Any idea on how to let a windows app toggle the archive bit of a file on a samba server? Thanks, Yan BTW, is there a more appropriate list for these types of questions that do not pertain directly to NT domain servers? From nescau at akira.ucpel.tche.br Mon Apr 19 20:37:10 1999 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:26:07 2003 Subject: Samba instead of NT In-Reply-To: <001401be8a97$e94599a0$50b9da82@Kennesaw.EDU> Message-ID: Pine instead of MS-Outlook ;] Luis [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- MSc coming soon -- Gospel User ] [ Fault Tolerance - Linux - Real Time - Distributed Systems - C - IECLB ] [ LateNite Programmer -- http://atlas.ucpel.tche.br/~nescau -- IS 40:31 ] From heinig at hdz-ima.rwth-aachen.de Mon Apr 19 20:14:43 1999 From: heinig at hdz-ima.rwth-aachen.de (Gerald Heinig) Date: Tue Dec 2 02:26:07 2003 Subject: site poll. (sorry it's late :-( ) References: Message-ID: <371B8EB3.5D1A6571@hdz-ima.rwth-aachen.de> Luke Kenneth Casson Leighton wrote: > > occasionally i feel like i and other people would like to know how samba > is being used. if you feel so inclined, could people kindly let us know > some of the things below (pick one or more or all), such as: > > - a brief description of your organisation. > > - what you use samba for (e.g as file servers; login servers; backup > purposes or remote admin with smbclient or rpcclient). NT PDC login/file server (primary site) and file server for Win 95 (secondary site) > > - what version(s) of samba you are using. if using a version from cvs > please include date and tag. Primary site: 2.0.3 Secondary: 1.9.19 (I think...) > > - what server(s), including the specification (OS, ram, hdd, network, > rough estimate of mb/s throughput at peak load would be excellent if you > can get it) Primary: Solaris 2.6, Sparcstation 20 2x50 MHz CPU, 128 Mb, 16 Gb RAID + 4 Gb internal, 100 Mbps connection to 10baseT switched network (3COM Superstack 1000 and 3000). I'll try and get a rough idea of our peak throughput. Secondary: Solaris 2.6, Enterprise 450 128Mb, 18 Gb RAID + 4Gb in SPARC 10 (legacy machine :-) ). Again, 100 Mbps 10baseT switched with above switches. > > - how many users and in what database (private/smbpasswd; LDAP; MYSQL) and > how many simultaneous users. Primary: 180 in NIS+/smbpasswd, simultaneous ~40 or so on a busy day. Secondary: ~700 in NIS+/YP emulation. up to 50 simultaneously, and that frequently (3-4 hours a day, 5 days a week). > > - what sort of hosts connect to your servers. Primary: exclusively NT 4 SP 3, mostly 486, a few P-133s Secondary: exclusively P-233 Win95/Linux (alternately bootable) Keep up the great work. The mailing list is excellent as well. Signal to noise ratio is so good, it makes my HiFi sound like a waterfall in comparison :-) :-) Cheers, Gerald -- "Would you like to buy an encyclopaedia to help your child get to college?" "He doesn't need it. He takes the bus!" From daniel at med.up.pt Mon Apr 19 21:11:04 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:26:07 2003 Subject: Attrib problem In-Reply-To: <371B830E.CD3892F5@cardinalengineering.com> Message-ID: On Tue, 20 Apr 1999, Yan Seiner wrote: > I have an NT application that shares data in client-server mode. > > When the server makes a change that one of the clients needs to know > about, a message box is supposed to pop up on the client. This has not > been happening. The files are updated, but the clients are not notifying > the users. > > After several weeks of reverse engineering this particular app, I've > come to the conclusion that the server toggles the archive bit on one > particular file in the client directory to let the client know the file > has changed. > > Samba, knowing nothing about DOS attribs, blithely ignores this, and > always leaves the archive bit set. Attempts to toggle the bit fail. > > Any idea on how to let a windows app toggle the archive bit of a file on > a samba server? I think what we're looking at is the excellent "map archive" smb.conf directive here, which maps certain UNIX permissions to DOS style attributes. Try man smb.conf(5) and search for the map xxx directives. There's the "map archive", "map hidden" and "map system". I too needed this when IExploder wouldn't set the profile if the directory wouldn't be of type system or something like that. It's all in the man page - I hope you know a little bit about file permissions and umasks, etc. Hope to help, Daniel Fonseca From a.schaefer at uwt.mb.uni-siegen.de Tue Apr 20 10:20:32 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:26:07 2003 Subject: Samba to work in NT domain Message-ID: <511FDFACA857D211A0E10060084D48123F6B@intranet> Hello, I am not a member of this mailing-list, but I hope, that someone is able and willing to help me. Situation: I am running a WinNT (ServicePack 4) based network with direct connection to the internet. To secure the my network and provide a stable file-server I have added a Linux machine to the network. This machine is working as a router and is running Samba. NT is running WINS, Samba is working as WINS-Proxy. Configuration: Samba is configured to work in my domain security = domain password server = [NT-Server] encrypt passwords = yes domain master = no local master = no preferred master = no. I have followed the instructions and added Samba as a Server in my NT domain and launched smbpasswd (the MAC-file exists). Guest account enabled and mapped to our public space default service = public map to guest = Bad User Problems: 1) Sometimes Samba is running, but can't find it in my network. 2) Sometimes it happens, that I can't connect to Samba. He shows the computer in my network, but he won't show the "shares". Then there are two possibilities: - either Windows tells me, that there are no shares - or he requests a username and a password, but nothing works (I have tried some NT accounts, the root-account (only on Linux) and my own account (identical on NT and Linux), but nothing works. 3) And again sometimes, I can't find the Samba-PC in my PC-list, but I can connect to him "manually". 4) And finally sometimes everything runs smoothly. I suppose, the different behavior could have something to do with restarts of (a) the NT-Server and (b) Linux. Once the NT-Server is restartet alone, the errors occure. Once the Linux-PC is restarted after the NT-Server, it works fine. That is what I found out yesterday. Don't know, whether it is true and why. Has anyone of you an answer for this behaviour? Please help! Axel Schaefer Dipl.-Wirt.Ing. Axel Schaefer Universit?t-GH-Siegen Tel.: +49-271-740 2384 FB 11, Institut fuer Systemtechnik Fax: +49-271-740 2790 Umwelttechnik Mobil: +49-172-2558520 Paul-Bonatz-Str. 9-11 Sekretariat: +49-271-740 2630 57068 Siegen WWW: http://www.mb.uni-siegen.de/d/ist3 Email: A.Schaefer@uwt.mb.uni-siegen.de From yan at cardinalengineering.com Tue Apr 20 11:17:48 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:26:07 2003 Subject: Attrib problem References: Message-ID: <371C625C.3B29017B@cardinalengineering.com> OOPS! The law of mailing lists... One finds the solution a few minutes AFTER posting the query..... Turned out to be a file OWNERSHIP problem; the permissions weren't getting changed because the owner was not correct. Sorry. Anyway, thanks for a great product. Yan Daniel Fonseca wrote: > On Tue, 20 Apr 1999, Yan Seiner wrote: > > > I have an NT application that shares data in client-server mode. > > > > When the server makes a change that one of the clients needs to know > > about, a message box is supposed to pop up on the client. This has not > > been happening. The files are updated, but the clients are not notifying > > the users. > > > > After several weeks of reverse engineering this particular app, I've > > come to the conclusion that the server toggles the archive bit on one > > particular file in the client directory to let the client know the file > > has changed. > > > > Samba, knowing nothing about DOS attribs, blithely ignores this, and > > always leaves the archive bit set. Attempts to toggle the bit fail. > > > > Any idea on how to let a windows app toggle the archive bit of a file on > > a samba server? > > I think what we're looking at is the excellent "map archive" smb.conf > directive here, which maps certain UNIX permissions to DOS style > attributes. Try man smb.conf(5) and search for the map xxx directives. > > There's the "map archive", "map hidden" and "map system". I too needed > this when IExploder wouldn't set the profile if the directory wouldn't be > of type system or something like that. It's all in the man page - I hope > you know a little bit about file permissions and umasks, etc. > > Hope to help, > > Daniel Fonseca From dlee at cse.fau.edu Tue Apr 20 15:25:20 1999 From: dlee at cse.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:07 2003 Subject: samba PDC FreeBSD Message-ID: How do i patch the CVS code fo use on FreeBSD? It has a problem with PAM. --==Don==-- From akaplan at tai.com.tr Mon Apr 19 16:06:59 1999 From: akaplan at tai.com.tr (Alpaslan Kaplan) Date: Tue Dec 2 02:26:07 2003 Subject: Printer Security! Message-ID: <000301be8a7e$a783d5e0$160110ac@alpaslan> Hello everyone! This is my problem: I succeeded to share the printers connected to printservers with 'security = share' but there is a problem. All of the users seem to be the owner of every job on the printer and they are able to cancel the job. Also, the job names appear as 'computername.a12345'. There is already an NT Server which the users must logon, so I can't use 'security = server'. I tried setting the security to "security = domain" to use an existing domain and created the same users in my RedHat 5.2. But when I click the Samba Server in the Network Neighborhood of a client (Win95 or NT Workstation), a password is requested although the password is the same for both NT Domain and RedHat and when I enter the password, it says the password is incorrect. Here is my question: Does setting 'security = domain' solve my problem(s) and if so, can anyone send a sample smb.conf file to akaplan@tai.com.tr? Alpaslan KAPLAN Computer Operation Specialist TAI - Turkish Aerospace Industries Inc. From pgmtekn at algonet.se Tue Apr 20 16:35:06 1999 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:26:07 2003 Subject: Samba instead of NT Message-ID: <003b01be8b4b$c149cd40$0300a8c0@pippi.emil.pgmt> Hello, >Ok, I'm new to Samba and investigating its usefulness for school systems >across the state of Georgia. I have read numerous articles and docs on >Samba and the book Samba by John Blair. > >Comments on the following please: > >Scenario: School with Samba server as only SMB server. Wishes to use >encrypted logins. > >To create accounts: > 1. Create unix accounts (linuxconf) > 2. Convert unix account to smbpasswd file using mksmbpasswd.sh > 3. Use smbpasswd utility to create an encrypted password for each user. > >Ok so far? > >Now the school wants to add 50 additional student accounts. > 1. Create unix accounts (linuxconf) > 2. Can't convert because existing smbpasswd file will be overwritten >(thus existing encrypted passwords are lost. > 3. So, enter account information manually into the smbpasswd file > 4. Use smbpasswd utility to enter an encrypted password for each user. > >Am I way off, or is this the way it is done? (I hope I'm way off!) I should imagine that you would rather put the new users, their passwords etc in a file and make a script/program that would add the unix users as well as the samba entries automagically. This, as you're in a school system, should also provide lists that can be used when the students leave school to remove their accounts. Such a program might iterate the lines in a line based file like below: usernamepasswordanything... ... To write a program that iterates such a file is quite easy (assuming that all necessary options can be privided on the command line to your adduser/linuxconf program). The program could then call adduser (options based on your policy) and the smbpasswd program (smbpasswd -a ). You would of course need to run the program as root and should be careful about other users with a shell account on the samba server at the time the program is run. The passwords could be visible, through the ps command, to them while the program is running. Finally I should point out that I don't have such a program today, but that this is how I would do it if I administered a school and that it should not be more than 4+ hours of work depending on how many extra features you'd like. Best regards Michael Stockman pgmtekn-micke@algonet.se From cartegw at Eng.Auburn.EDU Tue Apr 20 19:22:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:07 2003 Subject: Printer Security! References: <000301be8a7e$a783d5e0$160110ac@alpaslan> Message-ID: <371CD3DB.D47B460D@eng.auburn.edu> Alpaslan Kaplan wrote: > > Here is my question: Does setting 'security = domain' solve > my problem(s) and if so, can anyone send a sample smb.conf > file to akaplan@tai.com.tr? Have you read the instructions in docs/textdocs/DOMAIN_MEMBER.txt? If so, could you provide details as to the problem with joining the NT domain? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From bmacy at sunshinecomputing.com Tue Apr 20 22:12:57 1999 From: bmacy at sunshinecomputing.com (Brian Macy) Date: Tue Dec 2 02:26:07 2003 Subject: Samba as PDC; NT as BDC... References: Message-ID: <005101be8b7a$f25ec280$020210ac@paso.atasd.com> I noticed the FAQ says this isn't working but I don't know how out of date it is. I'm using the latest code out of CVS and am wondering if this is supposed to be working. Brian Macy From lkcl at switchboard.net Tue Apr 20 22:28:03 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:07 2003 Subject: WANTED: Technical NT Security Info Message-ID: NT uses proprietary encryption mechanisms to protect passwords and to authenticate users. There is no one source of information on these schemes outside of Microsoft. If anyone has any information on any of the following or any other topics that they would like to see published as a White Paper, please contact lkcl@iss.net. The paper will include as comprehensive a list of these mechanisms as possible, and will include a review of their weaknesses and strengths. Known, documented mechanisms ---------------------------- - LM 16 byte cleartext-equivalent password hashes. - NT 16 byte cleartext-equivalent password hashes. - SMB NTLM 8-byte random challenge / 24-byte LM and NT response. - DCE/RPC NETLOGON pipe "Interactive" and "Netlogon" credential chain system. Uses Trust Accounts (Workstation, Inter-Domain and Server). NT 4.0 Service Pack 3 and below only. Known, coded (but undocumented) mechanisms ------------------------------------------ - DCE/RPC encryption (sign and seal) NTLMSSP version 1, 40-bit only. - DCE/RPC SAM database password updates (SamrSetInformationUser). - DCE/RPC lsarpc secret info (LsaQuerySecretInfo). Unknown, undocumented mechanisms -------------------------------- - SMB NTLMv2 8-byte random challenge / NTLMv2 variable-length responses. added to NT 4.0 Service Pack 4 but not NT 5.0 beta 3 :-) - DCE/RPC encryption (sign and seal) NTLMSSP version 1, 128-bit and "session key negotiation". - DCE/RPC encryption (sign and seal) NTLMSSP version 2. added to NT 4.0 Service Pack 4 and above. - DCE/RPC NETLOGON "Secured Channel". added to NT 4.0 Service Pack 4 and above. - DCE/RPC PDC <-> BDC SAM database replication. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From mvunk at grol.com Wed Apr 21 02:47:04 1999 From: mvunk at grol.com (Michael Vunk) Date: Tue Dec 2 02:26:07 2003 Subject: subscribe Message-ID: subscribe From richardf at clarendon.ac.uk Wed Apr 21 07:53:24 1999 From: richardf at clarendon.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:07 2003 Subject: Samba PDC will not accept NT login Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B122261B@ip250.clarendon.internal> I've added the NT Workstation machine account to /etc/passwd and smbpasswd and recieved the message Welcome to the SAMBA domain when I join the workstation. When I try to logon with a valid username I get the message "The SAMBA domain is not available". My 95 clients connect OK and use printers and stuff so I know that the user names are valid and the PDC is accepting logons. I've had a look at the last few entries in the log.smb and find: [1999/04/19 13:14:09, 0] rpc_server/srv_netlog.c:(266) get_md4pw: Workstation $: no account in domain My NT Workstation is called VIS_ADMIN and not Workstation and I can't understand where this Workstation $ account it's looking for is comming from. Please, can anyone offer a few pointers? From daniel at med.up.pt Wed Apr 21 10:12:17 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:26:07 2003 Subject: OFFTOPIC: Benchmarking hype In-Reply-To: Message-ID: Hi there! I know this is way off-topic by I should consider this a must-non-to-be-missed reading for everyone involved in here. Tremendous. Great stuff Jeremy!!! A Samba-eye view of the recent Mindcraft NT vs Linux benchmark: Trust no one In "Trust no one," Samba developer Jeremy Allison details his objections to the recent Microsoft-sponsored benchmark which found Windows NT is 2.5 times faster than Linux/Samba as a file server, and 3.7 times faster than Apache/Linux as a Web server. While, as Jeremy points out, the Mindcraft whitepaper gives excellent administrative tips on how best to fine-tune an NT file server, the Linux machine in the benchmark was completely untuned. Jeremy's response, "Trust no one," describes a few of the ways you (and Mindcraft) can get better performance from Samba. http://www.linuxworld.com/linuxworld/lw-1999-04/lw-04-mindcraft.html?04-21 From duesing at fachschaft.informatik.fh-muenchen.de Wed Apr 21 11:48:35 1999 From: duesing at fachschaft.informatik.fh-muenchen.de (Lars Duesing) Date: Tue Dec 2 02:26:07 2003 Subject: Domain-Administrator? Message-ID: Hi, I do have a problem. I've taken over a network, using Samba as PDC. But I don't know how to create an Domain-Administrator-Account. (using german WinNT4 WS) thanks, Lars! From sansdrap at hedy.ucl.ac.be Wed Apr 21 13:20:39 1999 From: sansdrap at hedy.ucl.ac.be (Jacques Sansdrap) Date: Tue Dec 2 02:26:07 2003 Subject: Home dir on a share Message-ID: <371DD0A6.CBCD4CA1@hedy.ucl.ac.be> Using the HEAD branch. While calling NetUserGetInfo my program receives a USER_INFO_3 structure. It seems that the entry usri3_home_dir returned by the SAMBA PDC is in error for some cases. If the Home directory of a user is on a local disk, this entry should be (and is) a path such as: "c:\users\xxx". If the Home directory is on a share, this entry shoud be in UNC notation: "\\SERVER\xxx". But the SAMBA server returns "\\SERVER\[what is in smb.conf for the home]". Example: I have defined in smb.conf the "home" share as %H/NT. The Unix home directory of user xxx is /home/xxx (which is not a share). His Windows home (mounted as z:\) is on /home/xxx/NT. But the entry that SAMBA returns points to /home/xxx/NT/NT ! I have a program that shows this if someone is interested but there is no need for it to show the problem: HOMEPATH is in the environment and show the same feature. Jacques Sansdrap From abs at maunsell.co.uk Wed Apr 21 14:29:38 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:07 2003 Subject: frame and large directories Message-ID: <19990421152938.24940@maunsell.co.uk> Hi, We have been using a build from cvs head branch for some time now very successfully, running on sun sparc/solaris 2.5.1 as both PDC and file/print server to exclusively NT4/sp3 clients. We have recently migrated our publicity unit, they were previously using nfs for file access. Mostly when we migrated the CAD units from nfs to samba, there was a performance gain, but this migration has not been greeted favourably :-( I have isolated the problem to their method of working I think, as an example, they typically have a directory structure like this :- frame +--------+------+-----+--------+ ...... sheets pics1 pics2 pics3 where 'sheets' contains framemaker documents which load images from ..\pics1, ..\pics2 and so on. The 'sheets' directory is quite small, but the pics directories each have typically 500 images (assorted jpeg, eps, gif), and there are maybe 20 or so of them. Each framemaker document references no more than 8 images, and the problem is that with samba, loading and subsequently manipulating the document is painfully slow. If the drive is disconnected, and re-attached with nfs, all is well again, but there are other reasons for needing to ditch nfs, so that is no answer. Moreover, back with samba, if I reconstruct this hierachy, and empty the pics directories of all but the required 8 images, framemaker is well again (and we see the performance gain I was expecting). I have tried the obvious things like getwd cache, wide links, but nothing seems to improve things dramatically. I should point out maybe that there are probably 150 people loading this share now (though probably only 20 people active) and the server is a 64MB SS10 though smbstatus gives me this :- Share mode memory usage (bytes): 94896(92%) free + 6256(6%) used + 1248(1%) overhead = 102400(100%) total Has anyone seen this sort of thing with framemaker before? Has anyone got any other ideas I can try to improve performance. thanks in advance. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From dave at www.buffalostate.edu Wed Apr 21 15:00:41 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:07 2003 Subject: Samba PDC will not accept NT login In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B122261B@ip250.clarendon.internal> Message-ID: > I've added the NT Workstation machine account to /etc/passwd and smbpasswd > and recieved the message Welcome to the SAMBA domain when I join the > workstation. When I try to logon with a valid username I get the message > "The SAMBA domain is not available". My 95 clients connect OK and use > printers and stuff so I know that the user names are valid and the PDC is > accepting logons. > > I've had a look at the last few entries in the log.smb and find: > > [1999/04/19 13:14:09, 0] rpc_server/srv_netlog.c:(266) > get_md4pw: Workstation $: no account in domain > > My NT Workstation is called VIS_ADMIN and not Workstation and I can't > understand where this Workstation $ account it's looking for is comming > from. > > Please, can anyone offer a few pointers? Try using a workstation name of 7 chars or less. (the "$" at the end will make it eight). many unixes don't work properly with greater than 8 char usernames (or passwords on some systems). dave From richardf at clarendon.ac.uk Wed Apr 21 15:09:19 1999 From: richardf at clarendon.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:07 2003 Subject: Samba PDC will not accept NT login Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B122261C@ip250.clarendon.internal> Thanks for the reply Maria. I'm running Samba version 2.0.3 on an SGI IRIX 6.5 machine. After I've logged into the NT Workstation locally I can then connect so I'll do that until I can download the latest CVS. -----Original Message----- From: Maria M. Pinheiro de Castro Neves To: richardf@clarendon.ac.uk Sent: 4/21/99 9:33 AM Subject: Re: Samba PDC will not accept NT login Hello, > I've added the NT Workstation machine account to /etc/passwd and smbpasswd > and recieved the message Welcome to the SAMBA domain when I join the > workstation. When I try to logon with a valid username I get the message > "The SAMBA domain is not available". My 95 clients connect OK and use > printers and stuff so I know that the user names are valid and the PDC is > accepting logons. I have the same problem. On which machine qre you running samba? And which version of samba? I've tried Samba on Solaris (Sparc) and Linux, on Solaris I've got the same results you got, and on Linux it worked. Someone told me that Samba 2.0.3 doesn't work as PDC on Sparcs, and I should try the CVS 2.1 alpha version. I hope it helps, Maria -- --------------------------------------------------------------------- Maria M. Pinheiro de Castro Neves - mm@whu-koblenz.de System and Network Administrator WHU Koblenz - Otto Beisheim Graduate School of Management Burgplatz 2, 56179 Vallendar, Germany - ++49 261 6509562 From mmt4q at ee.virginia.edu Wed Apr 21 16:02:11 1999 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:26:07 2003 Subject: Help! Network Neighborhood Vanished Message-ID: We have Samba 2.0.2 running on a Solaris 2.6 machine (not using PDC yet, but in progress). All was working fine when after a weekend reboot the Samba server failed to appear in Network Neighborhood. We tried stopping and restarting samba but nmbd won't start. I get the following in the log.nmb: [1999/04/21 11:13:57, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 12864 (2.0.2) Please read the file BUGS.txt in the distribution [1999/04/21 11:13:57, 0] lib/fault.c:fault_report(43) =============================================================== [1999/04/21 11:13:57, 0] lib/util.c:smb_panic(2383) PANIC: internal error [1999/04/21 11:31:42, 1] nmbd/nmbd.c:main(672) Netbios nameserver version 2.0.2 started. Copyright Andrew Tridgell 1994-1998 [1999/04/21 11:31:42, 0] lib/fault.c:fault_report(40) A core file was created but I deleted before I could try using dbx nmbd core. Any ideas? Clients are WinNT4.0SP3 and Win95. Can map to \\samba through command prompt on both clients (Win95 have to have samba IP listed as WINS). nmbd process root 13255 1 0 11:31:42 ? 0:00 /usr/local/samba/bin/nmbd -D Thanks, Melissa From mmt4q at ee.virginia.edu Wed Apr 21 17:23:35 1999 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:26:07 2003 Subject: Help! Network Neighborhood Vanished In-Reply-To: Message-ID: J.F. Thanks for the reply. > > Any ideas? Clients are WinNT4.0SP3 and Win95. Can map to \\samba > > through command prompt on both clients (Win95 have to have samba IP > > listed as WINS). > > kill nmbd. rename the files browse.dat and wins.dat located in > /usr/local/samba/var/locks. restart nmbd I killed nmbd. Then I renamed browse.dat & wins.dat to browse.orig and wins.orig. Finally I restarted /usr/local/samba/bin/nmbd -D A core file was created again and I get the following message in log.nmb [1999/04/21 13:17:56, 1] nmbd/nmbd.c:main(672) Netbios nameserver version 2.0.2 started. Copyright Andrew Tridgell 1994-1998 [1999/04/21 13:17:56, 0] lib/fault.c:fault_report(40) =============================================================== [1999/04/21 13:17:56, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14461 (2.0.2) Please read the file BUGS.txt in the distribution [1999/04/21 13:17:56, 0] lib/fault.c:fault_report(43) =============================================================== [1999/04/21 13:17:56, 0] lib/util.c:smb_panic(2383) PANIC: internal error The following is the output from a "where" using dbx: (dbx) where =>[1] _kill(0x0, 0x6, 0xef622e54, 0x0, 0xffffffff, 0x0), at 0xef607fac [2] abort(0xef622e54, 0x6c818, 0x6e590, 0x94f, 0x6c750, 0x2b), at 0xef5ba4e0 [3] smb_panic(0x6c818, 0x6c740, 0x6c750, 0x2b, 0x0, 0x0), at 0x565e0 [4] fault_report(0xb, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x47694 [5] sig_fault(0xb, 0x0, 0xefffd900, 0x0, 0x0, 0x0), at 0x476e8 ---- called from signal handler with signal 11 (SIGSEGV) ------ [6] vfprintf(), at 0xef5e36bc [7] Debug1(0x6c728, 0x2, 0x83400, 0x59940, 0x599c0, 0x96), at 0x472fc [8] dbghdr(0x0, 0x59940, 0x599c0, 0x96, 0xef622e54, 0x1dbe0), at 0x474f0 [9] start_async_dns(0x94688, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x1dc0c [10] initialise_wins(0x1, 0x86844, 0x7f, 0x2a0, 0xef625960, 0xef625bec), at 0x2f90c [11] main(0x1, 0xeffffacc, 0xeffffad8, 0x8e6ec, 0x0, 0x0), at 0x1f37c (dbx) Thanks, Melissa From sinnamon at usq.edu.au Thu Apr 22 01:27:07 1999 From: sinnamon at usq.edu.au (James Sinnamon) Date: Tue Dec 2 02:26:07 2003 Subject: Apache mod_auth_smb module : need example httpd.conf, .htaccess e tc files Message-ID: <29FD27CEE49ED2118954006008BFD2551C08E4@dec02.usq.edu.au> Dear Samba users/developers, I need to run Samba authentication on apache running on RedHat 5.2 Linux in a NT network. I (believe that I) have been able to successfully compile the module into apache ver 1.3.4, but I am having problems in making authentication work properly. In fact I am not sure that I can get any authentication to work, let alone NT authentication. Would anyone know where I might find examples of a httpd configuration files and .htaccess files on an apache server that does work? Thank you James Sinnamon From sinnamon at usq.edu.au Thu Apr 22 01:37:08 1999 From: sinnamon at usq.edu.au (James Sinnamon) Date: Tue Dec 2 02:26:07 2003 Subject: What are the most commonly used means to Authenticate web users f rom NT domains? Message-ID: <29FD27CEE49ED2118954006008BFD2551C08E5@dec02.usq.edu.au> For those who may not have read my previous e-mail, I am trying to set up authentication on a Linux server running apache in an NT network. I am in the process of trying to set up either the mod_auth_smb or else one of the perl apache perl authentication modules, Apache::AuthenSmb and Apache::AuthenN2 Would someone out there be able to tell me if any of these modules are the most widely used means of setting up NT based authentication on Apache web servers, or is there something else out there, which I may have missed? Thank you James Sinnamon From aperrin at demog.Berkeley.EDU Thu Apr 22 02:13:10 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:07 2003 Subject: Major new profile problems Message-ID: Greetings- We came in this morning to reports of a variety of problems that, eventually, boiled down to the fact that many users were unable to get entries in the HKEY_USERS. Here's my best stab at what seems to be happening: - Until last week, our setup was: Samba PDC running on 1.9.19-prealpha (because it was stable) Samba main server running same version both on Solaris 7 (Sparc) Lots of NT Workstation 4.0 SP3 machines in the domain. - Last week, we upgraded the main server to 2.0.3 in order to use the map to guest functionality, which seemed to work fine. - NOW, after one person has logged into a 'fresh' NT workstation, the second person to do so cannot create his/her HKEY_USERS hive. Login and file service works fine; however, profile-related functions such as default printer, Office file location settings, etc., return errors and are not maintained per user. This can be 'reset' by either re-joining the domain, or deleting the roaming profiles of the users in question. Thereafter, the first user to login works great; subsequent users are treated as above. - We tried reverting the main server back to 1.9.19 prealpha (make revert), and things got worse: no file service at all, lots of complaints in the log of 'malformed SMB entries - incorrect length.' So we gave up on that avenue. - We tried upgrading the PDC to the current CVS code and joining the workstations & main server to the 'new' domain. The joins worked fine, but all attempts to login from PCs produced 'panic' errors in smbd and 'incorrect trust password' errors on the NT side. If anybody has any idea what's going on, or, even better, advice on what to do about it, I'll be most grateful. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From D.Bannon at latrobe.edu.au Thu Apr 22 02:50:23 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:07 2003 Subject: What are the most commonly used means to Authenticate web users f In-Reply-To: <29FD27CEE49ED2118954006008BFD2551C08E5@dec02.usq.edu.au> Message-ID: <3.0.3.32.19990422125023.007520cc@bioserve.biochem.latrobe.edu.au> At 11:39 AM 22/04/1999 +1000, James Sinnamon wrote: >For those who may not have read my previous e-mail, I am trying to set up >authentication on a Linux server >running apache in an NT network. I don't think this has anything to do with samba or NT. If its apache that you want to authenticate then that is pretty easy. The apache docs are good, read them. Basicly you have a file in protected directories (.htaccess) that specifies who can access the files there and it also specifies where the passwd and group files are. The .htpasswd file contain user names and encrypted passwds and .htgroup contains a list of users in particular groups. I generate the .htpasswd files from a script that gets particular users from /etc/passwd and creates the .htpasswd file. Is that what you are asking ??? Authenticating via samba sounds cute but how safe would it be ? Apache's .htpasswd file is expected to contain unix encrypted passwds, the info stored in smbpasswd would be of no use. David > >I am in the process of trying to set up either the mod_auth_smb or else one >of the perl apache perl authentication >modules, Apache::AuthenSmb and Apache::AuthenN2 > >Would someone out there be able to tell me if any of these modules are the >most widely used means of setting up >NT based authentication on Apache web servers, or is there something else >out there, which I may have missed? > >Thank you > >James Sinnamon > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From m.brodbelt at acu.ac.uk Thu Apr 22 11:07:42 1999 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:26:07 2003 Subject: Samba Performance Message-ID: <371F02FE.D1C27FEC@acu.ac.uk> Hi, I apologize if this is a little off-topic for the NTDOM list, but I was hoping the network experience around here could help me out.... I have an aging Novell server, which I am currently using as the main fileserver for my network. I plan to replace this server with a SAMBA server, but I'm having real problems with performance in a few areas. I'm not convinced that the performance problems are Samba related, but I'm hoping someone on this list can give me some pointers. My network is a horrible collection of coax segments, so all performance will be relatively bad, but here are the results of a few tests I've conducted. All tests use the same file, which was 7093877 bytes in size. SERVER CLIENT XFER RATE METHOD ====== ====== ========= ====== A (Linux) B (Linux) 144 kb/s FTP (CLI ftp client) A (Linux) B (Linux) 169 kb/s SMB (smbclient) A (Linux) C (NTWS) 69 kb/s SMB (NT Explorer) D (Netware) C (NTWS) 692 kb/s NCP (NT Explorer) E (NTSRV) C (NTWS) 157 kb/s SMB (NT Explorer) All the results above involve copying a file from server to client - Samba is noticeably faster on the write (but still slow). Using box B as a Samba server shows a similar result, so it's definitely not only a problem with box A. Something is really wrong here - the Netware server is using IPX, and I can accept that there will be speed differences, but this is a 10Mb LAN, albeit a poor quality one at the moment. Transfer seems to fall into 3 categories - The Netware server performs at the kind of rate I'd expect for the network, using about 6 Mbps of bandwidth, which, on a 10base2 network like this one is acceptable. SMB transfers seem to only manage about 1.3 -1.5 Mbps, which is terrible, and the test from a NTWS client to the Linux server, which is the one I really care about, it absolutely dire at approx 0.6 Mbps. I can't belive that SMB over TCP/IP is *that* much slower than NCP over IPX. Oh, and to add insult to injury, the Netware box is the lowest specified, in terms of hardware (p100, 64Mb, scsi disk), whereas the linux box (A) is a p2-350 with 256Mb RAM, and a HW RAID array. I'd be most grateful if some kind soul could enlighten me as to what the hell is going on, and give me some ideas as to what I might be able to do to increase performance, or possibly even to a more appropriate forum for asking these questions. I'm appending most of my smb.conf to this mail. TIA, Mike. # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 1999/04/22 12:02:29 # Global parameters workgroup = MILKY-WAY server string = Castor Samba Server security = DOMAIN encrypt passwords = Yes password server = betelgeuse username map = /etc/smb.map log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY dns proxy = No hosts allow = 192.168.1. 127. [html] comment = WWW documents path = /usr/local/apache/htdocs valid users = @www force group = www read only = No create mask = 0644 [home] comment = User Home directories path = /home/%u/shared read only = No [software] comment = Software Install trees path = /usr/local/filestore/software valid users = @everyone read only = No create mask = 0774 From krille at c-systems.org Thu Apr 22 12:35:53 1999 From: krille at c-systems.org (krille) Date: Tue Dec 2 02:26:07 2003 Subject: *Big Mail* 2.0.3 PDC...*Big Problem* Message-ID: <371F17A8.331DF562@c-systems.org> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2515 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990422/41759577/smime.bin From patrice.bruhat at pcotech.fr Thu Apr 22 13:40:33 1999 From: patrice.bruhat at pcotech.fr (Patrice Bruhat) Date: Tue Dec 2 02:26:07 2003 Subject: Why users can't change their passwd on NT ? Message-ID: <371F26D1.805E121F@pcotech.fr> I run Samba 2.0.2 on Solaris 2.5 as a PDC. Why users can't change their password on NT workstations, they have the message: the password or the username doesn't match. (of course all is matching !) Is it still unsupported in Samba 2.0.2 ? Thanks Patrice Bruhat From hulet at ittc.ukans.edu Thu Apr 22 13:59:08 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:26:07 2003 Subject: Major new profile problems In-Reply-To: Message-ID: Did you make a copy of samba/private before you upgraded? We have been warned several times to do this before upgrading. If your domain SID changed, all your users profiles are inaccessible. They are owned by the old domain SID/user so the users can no longer make changes to their profiles. I had to delete the old profiles and create new ones. Another problem was if a user had a cached profile on the machine, sometimes that profile would be used and then saved to the roaming profile. This would result in the profile being unusuable again. There were also several "saving profiles" ideas posted on the mailing list. Michael Hulet Network System Administrator ITTC, University of Kansas On Thu, 22 Apr 1999, Andrew Perrin - Demography wrote: > Greetings- > > We came in this morning to reports of a variety of problems that, > eventually, boiled down to the fact that many users were unable to get > entries in the HKEY_USERS. Here's my best stab at what seems to be > happening: > > - Until last week, our setup was: > Samba PDC running on 1.9.19-prealpha (because it was stable) > Samba main server running same version > both on Solaris 7 (Sparc) > Lots of NT Workstation 4.0 SP3 machines in the domain. > > - Last week, we upgraded the main server to 2.0.3 in order to use the map > to guest functionality, which seemed to work fine. > > - NOW, after one person has logged into a 'fresh' NT workstation, the > second person to do so cannot create his/her HKEY_USERS hive. Login and > file service works fine; however, profile-related functions such as > default printer, Office file location settings, etc., return errors and > are not maintained per user. This can be 'reset' by either re-joining the > domain, or deleting the roaming profiles of the users in question. > Thereafter, the first user to login works great; subsequent users are > treated as above. > > - We tried reverting the main server back to 1.9.19 prealpha (make > revert), and things got worse: no file service at all, lots of complaints > in the log of 'malformed SMB entries - incorrect length.' So we gave up > on that avenue. > > - We tried upgrading the PDC to the current CVS code and joining the > workstations & main server to the 'new' domain. The joins worked fine, but > all attempts to login from PCs produced 'panic' errors in smbd and > 'incorrect trust password' errors on the NT side. > > If anybody has any idea what's going on, or, even better, advice on what > to do about it, I'll be most grateful. > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > From ranjan.bagchi at pobox.com Thu Apr 22 14:03:46 1999 From: ranjan.bagchi at pobox.com (Ranjan Bagchi) Date: Tue Dec 2 02:26:07 2003 Subject: Really slow logouts In-Reply-To: <19990422031840Z12886529-13888+7556@samba.anu.edu.au> Message-ID: <000101be8cc8$f00686e0$010010ac@tripp.frotz.bogus> Hi everyone, I'm running 2.0.2 on Slackware 3.5 and my NT machines are NT4SP3. I'm noticing that when I log out of an NT session, it takes a really long time [like ten minutes] to finish. When I look in the profiles directory on the linux box, it's around 100 megs [which is normal], and according to the timestamps it looks like NT copied the whole mess to linux. I've got a 100mps lan here, though, so it still should only be a few seconds to copy all that stuff. Do I have something tuned wrong? Thanks for any help, -rj Config stuff: # Global parameters workgroup = FROTZ encrypt passwords = Yes log file = /usr/local/samba/log.%m domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes [netlogon] path = /usr/local/samba/lib/netlogon guest ok = Yes share modes = No [Profiles] path = /usr/local/samba/profiles guest ok = Yes browseable = No From aperrin at demog.Berkeley.EDU Thu Apr 22 15:53:47 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:07 2003 Subject: Major new profile problems In-Reply-To: Message-ID: Yes, we did that, and replaced the DEMOGRAPHY.SID file from the backups, so I don't think it's a straight SID problem; Jean-Francois has given me a direction to go in, and I will let the list know if/when it works. Thanks! ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 22 Apr 1999, Michael S. Hulet wrote: > Did you make a copy of samba/private before you upgraded? We have been > warned several times to do this before upgrading. If your domain > SID changed, all your users profiles are inaccessible. They are owned by > the old domain SID/user so the users can no longer make changes to their > profiles. I had to delete the old profiles and create new ones. Another > problem was if a user had a cached profile on the machine, sometimes that > profile would be used and then saved to the roaming profile. This would > result in the profile being unusuable again. There were also several > "saving profiles" ideas posted on the mailing list. > > > Michael Hulet > Network System Administrator > ITTC, University of Kansas > > > On Thu, 22 Apr 1999, Andrew Perrin - Demography wrote: > > > Greetings- > > > > We came in this morning to reports of a variety of problems that, > > eventually, boiled down to the fact that many users were unable to get > > entries in the HKEY_USERS. Here's my best stab at what seems to be > > happening: > > > > - Until last week, our setup was: > > Samba PDC running on 1.9.19-prealpha (because it was stable) > > Samba main server running same version > > both on Solaris 7 (Sparc) > > Lots of NT Workstation 4.0 SP3 machines in the domain. > > > > - Last week, we upgraded the main server to 2.0.3 in order to use the map > > to guest functionality, which seemed to work fine. > > > > - NOW, after one person has logged into a 'fresh' NT workstation, the > > second person to do so cannot create his/her HKEY_USERS hive. Login and > > file service works fine; however, profile-related functions such as > > default printer, Office file location settings, etc., return errors and > > are not maintained per user. This can be 'reset' by either re-joining the > > domain, or deleting the roaming profiles of the users in question. > > Thereafter, the first user to login works great; subsequent users are > > treated as above. > > > > - We tried reverting the main server back to 1.9.19 prealpha (make > > revert), and things got worse: no file service at all, lots of complaints > > in the log of 'malformed SMB entries - incorrect length.' So we gave up > > on that avenue. > > > > - We tried upgrading the PDC to the current CVS code and joining the > > workstations & main server to the 'new' domain. The joins worked fine, but > > all attempts to login from PCs produced 'panic' errors in smbd and > > 'incorrect trust password' errors on the NT side. > > > > If anybody has any idea what's going on, or, even better, advice on what > > to do about it, I'll be most grateful. > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > From florian at void.s.bawue.de Fri Apr 23 06:00:15 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:07 2003 Subject: frame and large directories In-Reply-To: <19990421152938.24940@maunsell.co.uk>; from Andy Smith on Thu, Apr 22, 1999 at 12:32:45AM +1000 References: <19990421152938.24940@maunsell.co.uk> Message-ID: <19990423080015.A243@void.s.bawue.de> On Thu, Apr 22, 1999 at 12:32:45AM +1000, Andy Smith wrote: > We have been using a build from cvs head branch for some time now very > successfully, running on sun sparc/solaris 2.5.1 as both PDC and file/print > server to exclusively NT4/sp3 clients. > > We have recently migrated our publicity unit, they were previously > using nfs for file access. Mostly when we migrated the CAD units from > nfs to samba, there was a performance gain, but this migration has not > been greeted favourably :-( > [...] > > where 'sheets' contains framemaker documents which load images from > .\pics1, ..\pics2 and so on. The 'sheets' directory is quite small, > but the pics directories each have typically 500 images (assorted > jpeg, eps, gif), and there are maybe 20 or so of them. Each framemaker > document references no more than 8 images, and the problem is that with > samba, loading and subsequently manipulating the document is painfully > slow. If the drive is disconnected, and re-attached with nfs, all is > well again, but there are other reasons for needing to ditch nfs, so > that is no answer. Moreover, back with samba, if I reconstruct this > hierachy, and empty the pics directories of all but the required 8 > images, framemaker is well again (and we see the performance gain I was > expecting). I've experienced similiar problems with the I386 directory of an NT4WKS Installation CD mirrored on one Samba share on Linux/x86, Samba CVS from yesterday I guessed it was an ext2fs weakness on large directories, but since you run Solaris and have no problems when sharing with NFS, perhaps there are some strange interactions between Samba and the filesystem, that cripple performance. (wild guessing :-) I'm interested what the developers say. Thanks, Florian From mattyc at newcollege.unsw.edu.au Fri Apr 23 15:44:11 1999 From: mattyc at newcollege.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:26:07 2003 Subject: Samba as PDC; NT as BDC... References: <005101be8b7a$f25ec280$020210ac@paso.atasd.com> Message-ID: <3720954B.7B33E3B7@newcollege.unsw.edu.au> Brian Macy wrote: > > I noticed the FAQ says this isn't working but I don't know how out of date > it is. I'm using the latest code out of CVS and am wondering if this is > supposed to be working. Samba PDC, NT BDC - not yet. The other way around (NT PDC, Samba BDC) will be working soon. The problem is that an NT BDC receives much of its security configuration from the PDC - not just a list of accounts - so that is going to take longer to work out. Matt -- Matt Chapman New College UNSW From emercer at cis.upenn.edu Fri Apr 23 19:49:13 1999 From: emercer at cis.upenn.edu (Eric Mercer) Date: Tue Dec 2 02:26:08 2003 Subject: Downloading Profiles/Policies (slow connection) References: Message-ID: <3720CEB9.B42FAE15@cis.upenn.edu> Luke Kenneth Casson Leighton wrote: > > On Mon, 1 Mar 1999, Dejan Ilic wrote: > > > On Mon, 1 Mar 1999, Wolfgang Ratzka wrote: > > > > > Nuno Loureiro wrote: > > > > > > > > But in my case is 10BaseT, so we should never get this message :/ > > > > > > I get the message when I store user profiles on a samba server. > > > My interpretation is that the authentication process is taking > > > very long (we have ~9000 users in /etc/passwd) and therefore > > > samba has a slow start, which leads NT to expect (quite wrongly ;-) > > > overal slow performance.. > > > > Suspecting the same problem here. About 17000 accounts on samba. > > well, you could always use Benjamin Kuit's new mysql code!!! This may be a dead issue, but I may have some information to add. We were experiencing this problem with about 8 of 16 NT workstations. The PDC is an Ultra Enterprise 2 running Solaris 2.5.1 and Samba downloaded via CVS on September 22nd. Although we only have 95 users, we tried reducing the size of the smbpasswd file. That made no difference. We continued having the trouble until one of the administrators noticed a lot of browser elections. We found that several of the newer NT machines had been added to the domain with Netware installed. They have been electing themselves master browsers on their little IPX network. After removing the Client Service for Netware and the NWLink IPX/SPX Transport, the "slow connection" problem has disappeared. I didn't see anyone mention this as a possible solution to this problem. If anyone is still experiencing this, you might want to check to see if any of the "slow" clients have more than TCP/IP installed. Only our domain clients with Netware installed had this problem. This is explained in BROWSING-Config.txt, but it was hard to make the leap from "slow connection" to BROWSING-Config.txt. From mark at hoist.nlcomm.com Fri Apr 23 19:58:12 1999 From: mark at hoist.nlcomm.com (mark@hoist.nlcomm.com) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? Message-ID: <199904231958.PAA06302@hoist.nlcomm.com> Hello there! I have three subnets, each connected to a "backbone" via routers. I have a Linux system, running Samba as an NT domain controller, on the backbone. However, the workstations on the subnets cannot login to the domain; the domain logins work only on the same subnet as the Samba machine. Could a kind soul please give me a few quick email replies on how to set this up? I have been administrating Samba for about two years so I know how it works quite well; it is just the crossing of subnets that has me puzzled. I definitely want to avoid LMHOSTS if at all possible. Thanks! Mark From eduardo at soteica.com.ar Fri Apr 23 19:58:11 1999 From: eduardo at soteica.com.ar (Eduardo F. Chao) Date: Tue Dec 2 02:26:08 2003 Subject: Changing password remotely. Message-ID: Hi, this is my first question in this lists so I apologize if it is obvious but I've read the related documentation and I still have doubts. In Encryption.txt it is suggested to allow the users change their passwords with smbpasswd putting null passwords=yes in the smb.conf file. Is it true that the superuser in the SAMBA host will need to sincronize the /etc/passwd file with the /etc/smbpasswd file changing the UNIX user account's password according to the new smbpassword? I think it's true. So, I don't see the usefulness in letting these remote password changes unless the users can remotely change their UNIX password too (eg with telnet). Is there any other means for changing the passwords remotely? I have SAMBA 2.0.2-19990209 on Linux 2.0.36 on a Pentium II with 128 MB RAM. Thanks, Eduardo F. Chao Gerente de Sistemas Soteica S.R.L. Tel: +54(11)4555-5703 (x236) Fax: +54(11)4551-0751 From lkcl at switchboard.net Fri Apr 23 20:03:17 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:08 2003 Subject: Downloading Profiles/Policies (slow connection) In-Reply-To: <3720CEB9.B42FAE15@cis.upenn.edu> Message-ID: On Sat, 24 Apr 1999, Eric Mercer wrote: > Luke Kenneth Casson Leighton wrote: > > > > On Mon, 1 Mar 1999, Dejan Ilic wrote: > > > > > On Mon, 1 Mar 1999, Wolfgang Ratzka wrote: > > > > > > > Nuno Loureiro wrote: > > > > > > > > > > But in my case is 10BaseT, so we should never get this message :/ > > > > > > > > I get the message when I store user profiles on a samba server. > > > > My interpretation is that the authentication process is taking > > > > very long (we have ~9000 users in /etc/passwd) and therefore > > > > samba has a slow start, which leads NT to expect (quite wrongly ;-) > > > > overal slow performance.. > > > > > > Suspecting the same problem here. About 17000 accounts on samba. > > > > well, you could always use Benjamin Kuit's new mysql code!!! > > This may be a dead issue, but I may have some information to add. > > We were experiencing this problem with about 8 of 16 NT workstations. > The PDC is an Ultra Enterprise 2 running Solaris 2.5.1 and Samba > downloaded via CVS on September 22nd. Although we only have 95 users, > we tried reducing the size of the smbpasswd file. That made no > difference. We continued having the trouble until one of the > administrators noticed a lot of browser elections. > > We found that several of the newer NT machines had been added to the > domain with Netware installed. They have been electing themselves > master browsers on their little IPX network. After removing the Client > Service for Netware and the NWLink IPX/SPX Transport, the "slow > connection" problem has disappeared. you only had to disable "NetBIOS over IPX/SPX" that would do it. yes, IPX/SPX NetBIOS is _dog_ slow, and causes delays of up to a minute in resolving names etc. ONE machine on the entire WAN becomes a LOCAL master browser and resolution of names is done by multicast. absolutely horrible *shudder*. From greg at discreet.com Fri Apr 23 20:14:16 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904231958.PAA06302@hoist.nlcomm.com> Message-ID: 2 words -> Use WINS. Otherwise the stations do subnet broadcast to find the PDC which won't work thru your router unless you "help" it. hope this helps, Greg On 23-Apr-99 mark@hoist.nlcomm.com wrote: > > Hello there! > > I have three subnets, each connected to a "backbone" via routers. I > have a Linux system, running Samba as an NT domain controller, on the > backbone. > > However, the workstations on the subnets cannot login to the domain; > the domain logins work only on the same subnet as the Samba machine. > > Could a kind soul please give me a few quick email replies on how to > set this up? I have been administrating Samba for about two years so > I know how it works quite well; it is just the crossing of subnets > that has me puzzled. > > I definitely want to avoid LMHOSTS if at all possible. > > Thanks! > Mark --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Fri Apr 23 20:19:25 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904231958.PAA06302@hoist.nlcomm.com> Message-ID: On Sat, 24 Apr 1999 mark@hoist.nlcomm.com wrote: > > Hello there! > > I have three subnets, each connected to a "backbone" via routers. I > have a Linux system, running Samba as an NT domain controller, on the > backbone. > > I definitely want to avoid LMHOSTS if at all possible. You will need to use WINS. Both NT Server and Samba can act as a WINS server. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mark at hoist.nlcomm.com Fri Apr 23 20:26:27 1999 From: mark at hoist.nlcomm.com (mark@hoist.nlcomm.com) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: (message from Greg Dickie on Fri, 23 Apr 1999 16:14:16 -0400 (EDT)) References: Message-ID: <199904232026.QAA06417@hoist.nlcomm.com> Thanks - this is exactly what I needed. Now off to RTFM. 8) Mark From jduhamel at tibco.com Fri Apr 23 22:56:10 1999 From: jduhamel at tibco.com (Joe Duhamel) Date: Tue Dec 2 02:26:08 2003 Subject: PDC Domain name / Netapp confusion. Message-ID: <000501be8ddc$7aa444e0$fa1b65a0@hades.tibco.com> Hi, I have a Samba 2.0.3 server running on the same subnet as a netapp filer (740). The trouble I'm having is that my domain name needs to be exactly the same as my hostname in order to have "cifs setup" on the netapp work. Is this really necessary? -Joe From gilf at tls.co.il Sat Apr 24 09:06:52 1999 From: gilf at tls.co.il (Gil Freund) Date: Tue Dec 2 02:26:08 2003 Subject: NT member server with Samba Message-ID: <372189AC.BCF0B8FE@tls.co.il> Hi We are setting up a shop with linux as PDC for windows NT and 95 workstations. We plan to remove the old PDC (NT SBS). As far as workstations are concerned, it is moving rather nicely. However, we have two applications that require NT server (MS-SQL and Backup Exec). Does anyone have any experience setting an NT server as a Standalone server in a SAMBA domain. The only issue I can see it setting up a DOMAIN ADMIN group (needed for backup exec agent support), via the map admin group parameter. Anything I might be missing? Gil Freund TLS From jmeff at engsoc.queensu.ca Sat Apr 24 21:10:03 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:26:08 2003 Subject: smbpasswd fails Message-ID: <000001be8e96$d25e8140$0245a8c0@cgocable.net> Hi there, I'm having trouble getting an ordinary user to change their samba/unix password using smbpasswd, which fails everytime on random (good) passwords. I've got unix password sync enabled, and the standard setup on the ntdom faq, using Redhat 5.2 linux. This goes for both samba2.0.3 and samba2.1.prealpha (march 25th CVS). Oddly, it may work the odd time when the password's changed from an NT workstation, but not via SWAT and not reliably by any method. Can anyone suggest what may be wrong with my smb.conf/samba/linux setup? I've copied my config and the error messages + debug 100 logs below. I'm trying to get this working this weekend to handle many password changes on Monday, so a quick response would be very much appreciated ;) Thanks in advance for any help. - Jamie smb.conf: unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* encrypt passwords = yes hosts allow = 192.168.69. 127.0.0.1 Logged on by telnet, [jmeff@moseisley jmeff]$ smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : The specified passwo rd is invalid. Failed to change password for jmeff smbpasswd (samba 2.0 format): jmeff:502:18FD4289FE4747BF695109AB020E401C:524203E0438ED26DE999C144E6F88FEC: :/ho me/jmeff:/bin/bash log.samba_server : [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:chgpasswd(394) Password change for user: jmeff [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:findpty(89) pty: try to open ptya0, line was /dev/ptyXX [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:findpty(93) pty: opened /dev/ptya0 [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:chat_with_program(369) Dochild for user jmeff (uid=0,gid=0) [1999/04/24 16:18:37, 10] smbd/chgpasswd.c:dochild(189) Invoking '/usr/bin/passwd jmeff' as password change program. [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*password*] responsebuf=[New UNIX password: ] [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[1a2s3d4f ] [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*password*] responsebuf=[ Retype new UNIX password: ] [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[1a2s3d4f ] [1999/04/24 16:18:42, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*successfull*] responsebuf=[] [1999/04/24 16:18:42, 3] smbd/chgpasswd.c:talktochild(266) response 3 incorrect [1999/04/24 16:18:42, 3] smbd/chgpasswd.c:chat_with_program(316) Child failed to change password: jmeff [1999/04/24 16:18:42, 3] smbd/chgpasswd.c:chat_with_program(347) The process exited while we were waiting [1999/04/24 16:18:42, 5] smbd/ipc.c:copy_trans_params_and_data(150) copy_trans_params_and_data: params[0..2] data[0..0] From mark at hoist.nlcomm.com Sat Apr 24 21:32:12 1999 From: mark at hoist.nlcomm.com (mark@hoist.nlcomm.com) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: (cartegw@eng.auburn.edu) References: Message-ID: <199904242132.RAA09398@hoist.nlcomm.com> On Sat, 24 Apr 1999 mark@hoist.nlcomm.com wrote: > > Hello there! > > I have three subnets, each connected to a "backbone" via routers. I > have a Linux system, running Samba as an NT domain controller, on the > backbone. > > I definitely want to avoid LMHOSTS if at all possible. You will need to use WINS. Both NT Server and Samba can act as a WINS server. OK, I have WINS enabled in samba, dhcp, and in the Windows 95 control panel but still can't log into the domain from another subnet. Here is a summary of my config options in smb.conf: os level = 34 domain master = yes domain logons = yes wins support = yes How can I test the WINS server? wins information is randomly scattered throughout the samba documentation and all that is ever said about it is that it is a Good Thing. Thanks, Mark From matthew at janus.law.usyd.edu.au Sat Apr 24 22:32:20 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904231958.PAA06302@hoist.nlcomm.com> from "mark@hoist.nlcomm.com" at Apr 24, 99 06:00:47 am Message-ID: <199904242232.IAA19789@janus.law.usyd.edu.au> > I have three subnets, each connected to a "backbone" via routers. I > have a Linux system, running Samba as an NT domain controller, on the > backbone. Have a similar problem - only 1 remote subnet. > However, the workstations on the subnets cannot login to the domain; > the domain logins work only on the same subnet as the Samba machine. But I do have this working fine. :-) Win95 worked perfectly after the 'WINS' settings were filled out. However no combination of LMHOSTS or wins settings would work for wfw 3.11 for me. Then after the network guys VLANed all my stuff away from all the other junk on the network in the remote building, they turned on 'ip-helper' in the CISCO router and then the Wfw 3.11 machines started working fine. Being able to forward the WINS broadcasts back to your server seems to make the M$ machines happy. From jmeff at engsoc.queensu.ca Sun Apr 25 02:39:24 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:26:08 2003 Subject: smbpasswd fails In-Reply-To: <000001be8e96$d25e8140$0245a8c0@cgocable.net> Message-ID: <000301be8ec4$d4686c20$0245a8c0@cgocable.net> Updated the latest CVS today (april 24) and got new behaviour.. In log.samba_server : [1999/04/24 21:39:55, 3] smbd/chgpasswd.c:chgpasswd(381) Password change for user: jmeff [1999/04/24 21:39:55, 0] lib/fault.c:fault_report(40) =============================================================== [1999/04/24 21:39:55, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 1002 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/04/24 21:39:55, 0] lib/fault.c:fault_report(43) =============================================================== [1999/04/24 21:39:55, 0] lib/util.c:smb_panic(2538) PANIC: internal error This happens by setting these options: unix passwd sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* No problems though if I set unix passwd sync = no Looks like the 'unix passwd sync' feature is broken. Both smbpasswd and SWAT will report "success" changing a user's password, but the password doesn't actually change. You'll notice the passwd hash doesn't change in the smbpasswd file. I'm not affluent enough to code a fix, so I'll post this as a bug report. Running redhat 5.2 kernel 2.2, and tested on a stock Redhat 5.2 machine too. If someone does post a fix, please copy a message to this list. Cheers, Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Jamie ffolliott > Sent: Saturday, April 24, 1999 5:11 PM > To: Multiple recipients of list > Subject: smbpasswd fails > > > Hi there, > > I'm having trouble getting an ordinary user to change their samba/unix > password using smbpasswd, which fails everytime on random (good) > passwords. > I've got unix password sync enabled, and the standard setup on the ntdom > faq, using Redhat 5.2 linux. This goes for both samba2.0.3 and > samba2.1.prealpha (march 25th CVS). Oddly, it may work the odd time when > the password's changed from an NT workstation, but not via SWAT and not > reliably by any method. Can anyone suggest what may be wrong with my > smb.conf/samba/linux setup? I've copied my config and the error > messages + > debug 100 logs below. > > I'm trying to get this working this weekend to handle many > password changes > on Monday, so a quick response would be very much appreciated ;) > Thanks in > advance for any help. > - Jamie > > smb.conf: > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *password* %n\n *password* %n\n *successfull* > encrypt passwords = yes > hosts allow = 192.168.69. 127.0.0.1 > > Logged on by telnet, > [jmeff@moseisley jmeff]$ smbpasswd > Old SMB password: > New SMB password: > Retype new SMB password: > machine 127.0.0.1 rejected the password change: Error was : The specified > passwo > rd is invalid. > Failed to change password for jmeff > > smbpasswd (samba 2.0 format): > jmeff:502:18FD4289FE4747BF695109AB020E401C:524203E0438ED26DE999C14 > 4E6F88FEC: > :/ho > me/jmeff:/bin/bash > > log.samba_server : > [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:chgpasswd(394) > Password change for user: jmeff > [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:findpty(89) > pty: try to open ptya0, line was /dev/ptyXX > [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:findpty(93) > pty: opened /dev/ptya0 > [1999/04/24 16:18:37, 3] smbd/chgpasswd.c:chat_with_program(369) > Dochild for user jmeff (uid=0,gid=0) > [1999/04/24 16:18:37, 10] smbd/chgpasswd.c:dochild(189) > Invoking '/usr/bin/passwd jmeff' as password change program. > [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*password*] responsebuf=[New UNIX password: ] > [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(276) > talktochild: sendbuf=[1a2s3d4f > ] > [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*password*] responsebuf=[ > Retype new UNIX password: ] > [1999/04/24 16:18:38, 100] smbd/chgpasswd.c:talktochild(276) > talktochild: sendbuf=[1a2s3d4f > ] > [1999/04/24 16:18:42, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*successfull*] responsebuf=[] > [1999/04/24 16:18:42, 3] smbd/chgpasswd.c:talktochild(266) > response 3 incorrect > [1999/04/24 16:18:42, 3] smbd/chgpasswd.c:chat_with_program(316) > Child failed to change password: jmeff > [1999/04/24 16:18:42, 3] smbd/chgpasswd.c:chat_with_program(347) > The process exited while we were waiting > [1999/04/24 16:18:42, 5] smbd/ipc.c:copy_trans_params_and_data(150) > copy_trans_params_and_data: params[0..2] data[0..0] > From mg at plum.de Sun Apr 25 17:04:53 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:08 2003 Subject: Disk space reported by NT Message-ID: <003901be8f3d$bd0f34e0$0a4e4dc2@sumo.plum.de> Hi, I'm using today's head-CVS as NTDOM controller. Works very well. Only diskspace is computed wrong. On Disks with user quota enabled, it works fine, but on other disk it allways shows 4 gb. (Type is NTFS) Playing with smbclient shows 64k x 64k blocks (=4 gb:). I'm using Linux 2.2.6 SMP on a intel platform, can that be the reason ? (most of the 64 bit file functions fail in the configure script) regards, Michael -------------- next part -------------- HTML attachment scrubbed and removed From akaplan at tai.com.tr Sun Apr 25 17:11:06 1999 From: akaplan at tai.com.tr (Alpaslan Kaplan (akaplan@tai.com.tr)) Date: Tue Dec 2 02:26:08 2003 Subject: Can't print while an NT Domain Member! Message-ID: <31B55D38544ED211B9B900805FB6630303F44C@10.170.0.tai-net.0.170.10.in-addr.arpa> I used to share the printers successfully when security was share level, but when I set the security to domain, I had problems with printers connected to printservers. Does anyone have any idea? From mark at hoist.nlcomm.com Sun Apr 25 17:24:34 1999 From: mark at hoist.nlcomm.com (mark@hoist.nlcomm.com) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904242232.IAA19789@janus.law.usyd.edu.au> (message from Matthew Geier on Sun, 25 Apr 1999 08:32:20 +1000 (EST)) References: <199904242232.IAA19789@janus.law.usyd.edu.au> Message-ID: <199904251724.NAA11447@hoist.nlcomm.com> > I have three subnets, each connected to a "backbone" via routers. I > have a Linux system, running Samba as an NT domain controller, on the > backbone. Have a similar problem - only 1 remote subnet. > However, the workstations on the subnets cannot login to the domain; > the domain logins work only on the same subnet as the Samba machine. But I do have this working fine. :-) Win95 worked perfectly after the 'WINS' settings were filled out. However no combination of LMHOSTS or wins settings would work for wfw 3.11 for me. I only have Win95 machines; but cannot log in. I suspect that it is a problem with Wins though. Does your NT Domain have to match your host name or anything? I tried to do nmbd -h hdplus (the NT domain is HDPLUS) but then the Win 95 machines gave the message "incorrect parameter". I am stuck!! back to having the samba machine also be the router (yuck). Would it be easy to send me the first half of your smb.conf file? (not the shares; just the wins, domain name, sections) Any ideas how to debug the WINS part of samba? Documentation in the "browsing" help files just says to enable it in smb.conf and everything will magically be fine. Thanks!! Mark From cartegw at Eng.Auburn.EDU Mon Apr 26 03:33:13 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? References: <199904242232.IAA19789@janus.law.usyd.edu.au> <199904251724.NAA11447@hoist.nlcomm.com> Message-ID: <3723DE79.85A2FE5C@eng.auburn.edu> mark@hoist.nlcomm.com wrote: > > I only have Win95 machines; but cannot log in. I suspect that it is a > problem with Wins though. Does your NT Domain have to match your host > name or anything? I tried to do nmbd -h hdplus (the NT domain is > HDPLUS) but then the Win 95 machines gave the message "incorrect > parameter". You workgroup name **cannot** be the same as the netbios name on the Samba server. In other words, the following settings are in valid (for domain logons at least) workgroup = SAMBA netbios name = SAMBA Hopes this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From roos at byggdok.se Mon Apr 26 12:06:35 1999 From: roos at byggdok.se (Johan Roos) Date: Tue Dec 2 02:26:08 2003 Subject: samba/smbmount/NT-PDC/2.0.x/2.2.x Message-ID: This is to much. :( I have: 1 sambaserver (2.0.2) authenticating to a WinNT PDC. 1 Redhat5.2/intel workstation with kernel 2.2.x and smbmount 2.0.3 connecting to the sambaserver. Working perfectly. 1 Redhat5.2/intel workstation with kernel 2.0.x and smbmount 2.0.1 connecting to the WinNT PDC. Working perfectly. But... As I try to connect to the sambaserver from the 2.0.x machine i get this: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) I am totally confused. Please unconfuse me. I have tested with differnt users and the pattern is always as above. ________________________________________________________________________________ Mail: Johan Roos | Phone: +46(0)708953197, +46(0)86177456 From mark at hoist.nlcomm.com Mon Apr 26 12:14:53 1999 From: mark at hoist.nlcomm.com (mark@hoist.nlcomm.com) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <3723DE79.85A2FE5C@eng.auburn.edu> (message from Gerald Carter on Sun, 25 Apr 1999 22:33:13 -0500) References: <199904242232.IAA19789@janus.law.usyd.edu.au> <199904251724.NAA11447@hoist.nlcomm.com> <3723DE79.85A2FE5C@eng.auburn.edu> Message-ID: <199904261214.IAA13509@hoist.nlcomm.com> mark@hoist.nlcomm.com wrote: > > I only have Win95 machines; but cannot log in. I suspect that it is a > problem with Wins though. Does your NT Domain have to match your host > name or anything? I tried to do nmbd -h hdplus (the NT domain is > HDPLUS) but then the Win 95 machines gave the message "incorrect > parameter". You workgroup name **cannot** be the same as the netbios name on the Samba server. In other words, the following settings are in valid (for domain logons at least) workgroup = SAMBA netbios name = SAMBA This sure does help. I will make absolutely sure that I'm not doing this. I just left the "netbios name" out; so it is at the default value, whatever that is. Thanks!! Mark From greg at discreet.com Mon Apr 26 12:15:38 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904251724.NAA11447@hoist.nlcomm.com> Message-ID: Hi again Mark, Are you sure that all your Win95 machines are pointing to the samba WINS server? Turn up the logging level a bit and check the nmbd log to make sure the hosts are registering properly. This should work fine. Greg On 25-Apr-99 mark@hoist.nlcomm.com wrote: > > > I have three subnets, each connected to a "backbone" via routers. I > > have a Linux system, running Samba as an NT domain controller, on the > > backbone. > > Have a similar problem - only 1 remote subnet. > > > However, the workstations on the subnets cannot login to the domain; > > the domain logins work only on the same subnet as the Samba machine. > > But I do have this working fine. :-) > > > Win95 worked perfectly after the 'WINS' settings were filled out. However > no combination of LMHOSTS or wins settings would work for wfw 3.11 for me. > > > I only have Win95 machines; but cannot log in. I suspect that it is a > problem with Wins though. Does your NT Domain have to match your host > name or anything? I tried to do nmbd -h hdplus (the NT domain is > HDPLUS) but then the Win 95 machines gave the message "incorrect > parameter". I am stuck!! back to having the samba machine also be > the router (yuck). > > Would it be easy to send me the first half of your smb.conf file? > (not the shares; just the wins, domain name, sections) Any ideas > how to debug the WINS part of samba? Documentation in the "browsing" > help files just says to enable it in smb.conf and everything will > magically be fine. > > Thanks!! > Mark --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Mon Apr 26 12:30:35 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904261214.IAA13509@hoist.nlcomm.com> Message-ID: On 26-Apr-99 mark@hoist.nlcomm.com wrote: > > mark@hoist.nlcomm.com wrote: > > > > I only have Win95 machines; but cannot log in. I suspect that it is a > > problem with Wins though. Does your NT Domain have to match your host > > name or anything? I tried to do nmbd -h hdplus (the NT domain is > > HDPLUS) but then the Win 95 machines gave the message "incorrect > > parameter". > > You workgroup name **cannot** be the same as the netbios name > on the Samba server. In other words, the following settings > are in valid (for domain logons at least) > > workgroup = SAMBA > netbios name = SAMBA > > > This sure does help. I will make absolutely sure that I'm not > doing this. I just left the "netbios name" out; so it is at the > default value, whatever that is. > > Thanks!! > Mark > The default value is the hostname of your machine. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From dave at www.buffalostate.edu Mon Apr 26 13:04:20 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904251724.NAA11447@hoist.nlcomm.com> Message-ID: > I only have Win95 machines; but cannot log in. I suspect that it is a > problem with Wins though. Does your NT Domain have to match your host > name or anything? I tried to do nmbd -h hdplus (the NT domain is > HDPLUS) but then the Win 95 machines gave the message "incorrect > parameter". I am stuck!! back to having the samba machine also be > the router (yuck). According to M$ docs, when using windows 9x machines in an NT (or samba) domain setup, the WORKGROUP and DOMAIN (under winblows) MUST BE IDENTICAL, and with NO SPACES. Windows 9x will allow spaces in the domain/workgroup, but NT won't. I found out the hard way with spaces in the workgroup name... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From duesing at fachschaft.informatik.fh-muenchen.de Mon Apr 26 13:23:06 1999 From: duesing at fachschaft.informatik.fh-muenchen.de (Lars Duesing) Date: Tue Dec 2 02:26:08 2003 Subject: Administrator - Account? Message-ID: Hi! I do have some troubles with Samba. I try to login via smbclient as Administrator (Account "lars", group root) And I get the following things: =========================cut smb.err============================= doing parameter encrypt passwords = yes doing parameter deadtime = 15 doing parameter keep alive = 30 doing parameter security = user doing parameter printing = bsd doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter interfaces = 10.1.1.1/24 doing parameter domain logons = yes doing parameter wins support = yes doing parameter logon drive = H: doing parameter logon path = \\%N\domain\usr\%U\%m doing parameter logon script = scripts\%m.bat doing parameter domain master = yes doing parameter local master = yes doing parameter preferred master = yes doing parameter os level = 65 doing parameter usernamemap = /etc/domainusers.map doing parameter Domain Admin Group = root doing parameter Domain Admin Users = lars pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=10.1.1.1 bcast=10.1.1.255 nmask=255.255.255.0 Client started (version 2.0.1). resolve_name: Attempting lmhosts lookup for name main<0x20> getlmhostsent: lmhost entry: 10.1.1.1 STUDV1 getlmhostsent: lmhost entry: 10.1.1.2 STUDV2 getlmhostsent: lmhost entry: 10.1.1.3 STUDV3 getlmhostsent: lmhost entry: 10.1.1.100 HIGHLANDER getlmhostsent: lmhost entry: 10.1.1.101 HEATHER getlmhostsent: lmhost entry: 10.1.1.102 MILAMBER resolve_name: Attempting host lookup for name main<0x20> Connecting to 10.1.1.1 at port 139 write_socket(3,76) write_socket(3,76) wrote 76 Sent session request got smb length of 0 size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 session request ok write_socket(3,168) write_socket(3,168) wrote 168 got smb length of 89 size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=14287 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=53248 (0xD000) smb_vwv[8]=55 (0x37) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=0 (0x0) smb_vwv[12]=20465 (0x4FF1) smb_vwv[13]=54326 (0xD436) smb_vwv[14]=48783 (0xBE8F) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=2303 (0x8FF) smb_bcc=20 [000] 8D 38 E9 46 B0 CA B6 F0 53 50 52 45 43 48 45 52 .8.F.... SPRECHER [010] 52 41 54 00 RAT. size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=14287 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=53248 (0xD000) smb_vwv[8]=55 (0x37) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=0 (0x0) smb_vwv[12]=20465 (0x4FF1) smb_vwv[13]=54326 (0xD436) smb_vwv[14]=48783 (0xBE8F) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=2303 (0x8FF) smb_bcc=20 [000] 8D 38 E9 46 B0 CA B6 F0 53 50 52 45 43 48 45 52 .8.F.... SPRECHER [010] 52 41 54 00 RAT. write_socket(3,141) write_socket(3,141) wrote 141 got smb length of 70 size=70 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=14287 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_bcc=29 [000] 55 6E 69 78 00 53 61 6D 62 61 20 32 2E 30 2E 31 Unix.Sam ba 2.0.1 [010] 00 53 50 52 45 43 48 45 52 52 41 54 00 .SPRECHE RRAT. size=70 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=14287 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_bcc=29 [000] 55 6E 69 78 00 53 61 6D 62 61 20 32 2E 30 2E 31 Unix.Sam ba 2.0.1 [010] 00 53 50 52 45 43 48 45 52 52 41 54 00 .SPRECHE RRAT. Domain=[SPRECHERRAT] OS=[Unix] Server=[Samba 2.0.1] session setup ok write_socket(3,68) write_socket(3,68) wrote 68 got smb length of 35 size=35 smb_com=0x75 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=14287 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) ==============================cut============================================ Hmm, what's going wrong? bye Lars From mark at hoist.nlcomm.com Mon Apr 26 13:35:39 1999 From: mark at hoist.nlcomm.com (mark@hoist.nlcomm.com) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: (dave@www.buffalostate.edu) References: Message-ID: <199904261335.JAA13704@hoist.nlcomm.com> > I only have Win95 machines; but cannot log in. I suspect that it is a > problem with Wins though. Does your NT Domain have to match your host > name or anything? I tried to do nmbd -h hdplus (the NT domain is > HDPLUS) but then the Win 95 machines gave the message "incorrect > parameter". I am stuck!! back to having the samba machine also be > the router (yuck). According to M$ docs, when using windows 9x machines in an NT (or samba) domain setup, the WORKGROUP and DOMAIN (under winblows) MUST BE IDENTICAL, and with NO SPACES. Windows 9x will allow spaces in the domain/workgroup, but NT won't. I found out the hard way with spaces in the workgroup name... Thanks for the suggestion. I found this out the hard way too back in the 1.8.x days! Unfortunately I still can't get this cross-subnet login to work. How can I debug this? Is there a way to see what Windows is thinking? Or, even better, is it possible to simulate the WINS domain login with the Unix samba tools? Thanks, Mark From greg at discreet.com Mon Apr 26 13:56:29 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:08 2003 Subject: domain login across subnet - how? In-Reply-To: <199904261335.JAA13704@hoist.nlcomm.com> Message-ID: Hi Mark, The only thing Windoze should be doing with WINS is finding the IP address if the samba PDC therefore IFF the workgroup/domain name of the WIn95 machine matches the name on the samba PDC then the W95 machine should simply ask WINS to resolve the PDC for that domain and then do a netlogon to that machine. Greg On 26-Apr-99 mark@hoist.nlcomm.com wrote: > > > I only have Win95 machines; but cannot log in. I suspect that it is a > > problem with Wins though. Does your NT Domain have to match your host > > name or anything? I tried to do nmbd -h hdplus (the NT domain is > > HDPLUS) but then the Win 95 machines gave the message "incorrect > > parameter". I am stuck!! back to having the samba machine also be > > the router (yuck). > > According to M$ docs, when using windows 9x machines in an NT (or samba) > domain setup, the WORKGROUP and DOMAIN (under winblows) MUST BE IDENTICAL, > and with NO SPACES. Windows 9x will allow spaces in the domain/workgroup, > but NT won't. I found out the hard way with spaces in the workgroup > name... > > Thanks for the suggestion. I found this out the hard way too back in > the 1.8.x days! > > Unfortunately I still can't get this cross-subnet login to work. > > How can I debug this? Is there a way to see what Windows is thinking? > Or, even better, is it possible to simulate the WINS domain login with > the Unix samba tools? > > Thanks, > Mark --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From abakun at reac.com Mon Apr 26 14:54:46 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:08 2003 Subject: NT member server with Samba References: <372189AC.BCF0B8FE@tls.co.il> Message-ID: <37247E36.90AE4CA6@reac.com> I have two NT servers that are domain members. One is the print server, and the other hosts the company-wide calandar program. Just make them members of the domain like any other workstation. The only NT backup program I have samba domain experience with is ArcServe. To get it to backup samba shares, there needs to be an admin$ share on the machine -- then ArcServe sees the samba machine as an NT machine, and it works fine. I just made admin$ point to /tmp. Gil Freund wrote: > We are setting up a shop with linux as PDC for windows NT and 95 > workstations. We plan to remove the old PDC (NT SBS). > As far as workstations are concerned, it is moving rather nicely. > However, we have two applications that require NT server (MS-SQL and > Backup Exec). Does anyone have any experience setting an NT server as a > Standalone server in a SAMBA domain. The only issue I can see it setting > up a DOMAIN ADMIN group (needed for backup exec agent support), via the > map admin group parameter. > Anything I might be missing? From aperrin at demog.Berkeley.EDU Mon Apr 26 15:52:20 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:08 2003 Subject: samba/smbmount/NT-PDC/2.0.x/2.2.x In-Reply-To: Message-ID: We're going to need more information to diagnose the problem - an smb.conf would be a good start, as would samba logs. All the error you sent says is "I didn't like the username and/or password I was sent." --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 26 Apr 1999, Johan Roos wrote: > This is to much. :( > > I have: > 1 sambaserver (2.0.2) authenticating to a WinNT PDC. > > 1 Redhat5.2/intel workstation with kernel 2.2.x and smbmount 2.0.3 connecting to > the sambaserver. Working perfectly. > > 1 Redhat5.2/intel workstation with kernel 2.0.x and smbmount 2.0.1 connecting > to the WinNT PDC. Working perfectly. > > But... > As I try to connect to the sambaserver from the 2.0.x machine i get this: > ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or > Session Setup are invalid.) > > I am totally confused. Please unconfuse me. > > I have tested with differnt users and the pattern is always as above. > ________________________________________________________________________________ > Mail: Johan Roos | Phone: +46(0)708953197, +46(0)86177456 > From jewa at force.de Mon Apr 26 17:03:04 1999 From: jewa at force.de (Jens-Uwe Walther) Date: Tue Dec 2 02:26:08 2003 Subject: Different behaviour Linux - Solaris??? Message-ID: <37249C48.C235D3F6@force.de> Hi Maria, I have the same problems with Solaris 2.6 SPARC and Samba => 2.0.2 using GCC 2.8.1 and EGCS 2.91.66 (Chad Campbell's recommandation doesn't help). It works with Solaris 2.6 and Samba 2.0.0 and current 2.1 pre-alpha releases. So you have to use one of these versions at the moment or have to wait for a future release 2.0.x which incorporates these feature again for Solaris 2.6 machines. Jens-Uwe Walther Systems and Network Administrator FORCE Computers GmbH jewa@force.de From aescalan at ifcsun1.ifisiol.unam.mx Mon Apr 26 06:55:45 1999 From: aescalan at ifcsun1.ifisiol.unam.mx (Ana Maria Escalante) Date: Tue Dec 2 02:26:08 2003 Subject: Changing password remotely. In-Reply-To: Message-ID: Hi Eduardo: I am not sure if I understood your question, but absolutely there is another way for changing the samba password remotely. From a Windows 95 client you can change your samba password from the Control Panel --> Passwords --> Change other Passwords option. The problem I have with this is that if I syncronize my linux and samba passwords (in smb.conf), as linux restricts more the passwords than samba, if the user chooses a trivial password, samba takes the new password, but linux refuses the change. By the way, I think that the sincronization is not mandatory. You must have the users in both files, but the passwords do not need to be the same. On Sat, 24 Apr 1999, Eduardo F. Chao wrote: > Hi, this is my first question in this lists so I apologize if it is > obvious but I've read the related documentation and I still have doubts. > > In Encryption.txt it is suggested to allow the users change their > passwords with smbpasswd putting null passwords=yes in the smb.conf > file. Is it true that the superuser in the SAMBA host will need to > sincronize the /etc/passwd file with the /etc/smbpasswd file changing > the UNIX user account's password according to the new smbpassword? I > think it's true. So, I don't see the usefulness in letting these remote > password changes unless the users can remotely change their UNIX > password too (eg with telnet). > > Is there any other means for changing the passwords remotely? > > I have SAMBA 2.0.2-19990209 on Linux 2.0.36 on a Pentium II with 128 MB > RAM. > > Thanks, > > Eduardo F. Chao > Gerente de Sistemas > Soteica S.R.L. > Tel: +54(11)4555-5703 (x236) > Fax: +54(11)4551-0751 > > From tas at microdisplay.com Mon Apr 26 23:14:51 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:08 2003 Subject: Weirdness: MS Access Files on Samba NT Dom Message-ID: <3724F36B.D701560F@microdisplay.com> Hi, This is the latest update. I get MS Access to get this far (up from a blank MS Access Screen) The message: ! The Microsoft Jet database engine cannot open the file ". It is already opened exclusively by another user, or you need permission to view its data. This is the smb.conf entry for the /dbdie directory in which the file test.lbd gets written for test.mdb [dbdie] comment = MDC DIE Tracking Database path = /testing1/dbdie public = yes writable = yes create mask = 0775 valid users = @users write list = @users force group = users fake oplocks = yes force create mode = 0000 force directory mode = 0000 (the force create and directory modes were recently added without more progress) -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From rw at times-square.net Tue Apr 27 00:10:20 1999 From: rw at times-square.net (Rupert Weber-Henschel) Date: Tue Dec 2 02:26:08 2003 Subject: Weirdness: MS Access Files on Samba NT Dom References: <3724F36B.D701560F@microdisplay.com> Message-ID: <3725006C.8A5F21AA@times-square.net> Hi, I see these MS Access problems popping up on the list again and again. Never really bothered to read them carefully, as I didn't have that problem ;) So I don't know if the cause or a solution are already known. But I got this exact error message recently on a NetWare server. (NT 4.0 SP3 using an MS Access database (ca. 12MB) on NetWare 3.11 server, no other station using Access) It happened in the middle of a lengthy update procedure, there shouldn't have been any 'open' call at that time. The problem did go away by simply trying a couple of times, quitting and restarting Access. (and restoring the half-updated db from a backup...) So maybe Access is just allergic to non-MS products? If you want more details, let me know. Cheers, Rupert Todd Stiers wrote: [...] > > ! The Microsoft Jet database engine cannot open the file ". It is > already opened > exclusively by another user, or you need permission to view its data. > [...] -- Rupert Weber-Henschel E-Mail: rw@times-square.net Fax: +49-89-34023886 PGP Public Key: http://www.cip.physik.uni-muenchen.de/~weber From jallison at cthulhu.engr.sgi.com Tue Apr 27 01:19:54 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:08 2003 Subject: Weirdness: MS Access Files on Samba NT Dom References: <3724F36B.D701560F@microdisplay.com> Message-ID: <372510BA.6DAE419D@engr.sgi.com> Todd Stiers wrote: > > Hi, > > This is the latest update. I get MS Access to get this far (up from a > blank MS Access > Screen) > > The message: > > ! The Microsoft Jet database engine cannot open the file ". It is > already opened > exclusively by another user, or you need permission to view its data. > Are you using a 32 bit system (such as Linux) or versions of Solaris earlier than 2.7 ? If so then I have just added some code to Samba 2.0.4 to get around this problem (which is actually an NT bug). The problem is that NT clients insist on sending 64 bit lock ranges to 32 bit systems, despite smbd on a 32 bit system correctly setting the "I don't support 64 bit file access" bit in the negotiated capabilities. I have added a parameter "mangle locks" that tries to map these locks into valid POSIX 31-bit locks (all that a 32 bit system can support via the POSIX spec.) and am looking for someone who has anonymous CVS access (check out the SAMBA_2_0 branch) to test this. If you're on a 64 bit platform (IRIX, Solaris 2.7 etc.) then this isn't the problem. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From stefan.speckenheuer at menzel-woelke.de Tue Apr 27 07:22:07 1999 From: stefan.speckenheuer at menzel-woelke.de (Stefan Speckenheuer) Date: Tue Dec 2 02:26:08 2003 Subject: Samba disabled in server manager Message-ID: <000301be907e$a836df40$0600a8c0@WS020.mw.dom> I just installed Samba with 'security=domain' in an NT controlled domain with the orginal samba NT documentation. All works fine but the Samba can't get a connection to the server manager on the PDC (icon is grey) and it can't be found in the network neighbourhood of all computers. I read some FAQs and newsgroups without finding a helping hint. Any suggestions? My SMB.CONF: '# Samba config file created using SWAT # from 192.168.0.6 (192.168.0.6) # Date: 1999/04/27 02:57:00 # Global parameters workgroup = MWDOM netbios name = LINUX01 server string = MW Samba 2.0.3 Fileserver interfaces = 192.168.0.1/255.255.255.0 security = DOMAIN encrypt passwords = Yes password server = MWNT01 MWNT02 keepalive = 30 socket options = TCP_NODELAY os level = 2 local master = No wins server = 192.168.0.3 hosts allow = 127. 192.168.0. [homes] comment = Eigene Dateien path = /md0/pchome/%S read only = No create mask = 0750 browseable = No [programs] ... ' Best regards, Stefan Speckenheuer Menzel & Woelke GmbH - Datentechnik Lanfer 45 59581 Warstein-Belecke Germany EMail: stefan.speckenheuer@menzel-woelke.de Phone: +49 2902 807050 Fax: +49 2902 807059 From bpowell at osc.edu Tue Apr 27 12:11:02 1999 From: bpowell at osc.edu (Brian Powell) Date: Tue Dec 2 02:26:08 2003 Subject: Any more progress on Citrix Metaframe vs. Samba PDC? Message-ID: Hello all, I know that some time ago Andy Polyakov posted the very useful "Citrix Metaframe demystified" message to this list with his patch to make Samba PDC work with NT Terminal Server (Citrix Metaframe). We've been running the Samba PDC code with that patch since then and our NT-TS system does, indeed work, but the problem remains of logins to it taking a *LONG* time. Domain logins (through Samba) on our regular NT workstations only take about 10-20 seconds or so which is wonderful, but all logins to the TS take about 2 minutes from the password prompt to your desktop (non domain logins to the same system take about 5 seconds). This must have to do with some kind of timeouts on the registry queries to Samba. My question - is there any way to keep the current functionality, but circumvent the timeouts somehow? I'm asking for anything like full registry support, just some "kludge" to speed up these TS logins... -- Brian Powell http://www.osc.edu/~bpowell/ Senior Programmer/Analyst, The Ohio Supercomputer Center PGP public key at: "finger -l bpowell@osc.edu" or at the above URL From Alexandre.Lecuyer at iu-vannes.fr Tue Apr 27 14:05:17 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:26:08 2003 Subject: random, urandom ? Message-ID: <3725C41D.23F2D1AB@iu-vannes.fr> Hi, I have set up samba (prealpha) on a linux server (RH 5.2 + updates, kernel 2.2.6) and experienced a weird problem : when I launch smbd, it freezes, and "strace" shows that it happens when it tries to read /dev/random . this is a problem with the system, and I haven't found a solution yet. (/dev/random doesn't output anything!) Since we really need this running, I have changed /dev/random to /dev/urandom in genlib.c and it seems to work OK... Anyone has a better idea ? Could it be a problem with the hardware ? the machine is a proliant 3000 with a smart-2 SCSI controller. -- Alexandre L?cuyer CCRI IUT-IUP de Vannes From rchatfie at cemrc.org Tue Apr 27 14:27:25 1999 From: rchatfie at cemrc.org (Randy Chatfield) Date: Tue Dec 2 02:26:08 2003 Subject: Weirdness: MS Access Files on Samba NT Dom In-Reply-To: <3724F36B.D701560F@microdisplay.com> Message-ID: Check permissions on your system.mda or system.mdw file if you are using security. Randy Chatfield Programmer Analyst Carlsbad Environmental Monitoring & Research Center 505-234-5534 rchatfie@cemrc.org Carlsbad, NM > Date: Tue, 27 Apr 1999 09:16:39 +1000 > From: Todd Stiers > To: Multiple recipients of list > Subject: Re: Weirdness: MS Access Files on Samba NT Dom > > Hi, > > This is the latest update. I get MS Access to get this far (up from a > blank MS Access > Screen) > > The message: > > ! The Microsoft Jet database engine cannot open the file ". It is > already opened > exclusively by another user, or you need permission to view its data. > > > This is the smb.conf entry for the /dbdie directory in which the file > test.lbd gets written > for test.mdb > > [dbdie] > comment = MDC DIE Tracking Database > path = /testing1/dbdie > public = yes > writable = yes > create mask = 0775 > valid users = @users > write list = @users > force group = users > fake oplocks = yes > force create mode = 0000 > force directory mode = 0000 > > > (the force create and directory modes were recently added without more > progress) > > -Todd > > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] > > From greg at discreet.com Tue Apr 27 15:39:10 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:08 2003 Subject: minor problem with yesterday's CVS Message-ID: >From yesterday's CVS: I have a small problem with rpcclient which BTW is SOOOO COOL! smb: \> svcenum svcenum SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be returned.) Services -------- Albd: Atria Location Broker Alerter: Alerter An Electric Arc Teleffect Service: Teleffect Browser: Computer Browser ClipSrv: ClipBook Server DHCP: DHCP Client EventLog: EventLog LanmanServer: Server LanmanWorkstation: Workstation LmHosts: TCP/IP NetBIOS Helper LockMgr: Atria Lock Manager Messenger: Messenger NetDDE: Network DDE NetDDEdsdm: Network DDE DSDM Netlogon: Net Logon NtLmSsp: NT LM Security Support Provider PlugPlay: Plug and Play ProtectedStorage: Protected Storage Replicator: Directory Replicator RPCLOCATOR: Remote Procedure Call (RPC) Locator RpcSs: Remote Procedure Call (RPC) Service rshd: RSH Daemon Schedule: Schedule Spooler: Spooler TapiSrv: Telephony Service UPS: UPS NAV Alert: NAV Alert Norton Program Scheduler: Norton Program Scheduler NAV Auto-Protect: NAV Auto-Protect Also: Is there any way with samba to get the time of the machine? TIA, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From tas at microdisplay.com Tue Apr 27 16:38:16 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:08 2003 Subject: Weirdness: MS Access Files on Samba NT Dom References: <3724F36B.D701560F@microdisplay.com> <372510BA.6DAE419D@engr.sgi.com> Message-ID: <3725E7F8.D3808D53@microdisplay.com> I am using Linux, so I will try your fix (grab the newest CVS). Thanks! -Todd Jeremy Allison wrote: > Todd Stiers wrote: > > > > Hi, > > > > This is the latest update. I get MS Access to get this far (up from a > > blank MS Access > > Screen) > > > > The message: > > > > ! The Microsoft Jet database engine cannot open the file ". It is > > already opened > > exclusively by another user, or you need permission to view its data. > > > > Are you using a 32 bit system (such as Linux) or > versions of Solaris earlier than 2.7 ? > > If so then I have just added some code to Samba 2.0.4 > to get around this problem (which is actually an > NT bug). > > The problem is that NT clients insist on sending 64 bit lock > ranges to 32 bit systems, despite smbd on a 32 bit > system correctly setting the "I don't support 64 > bit file access" bit in the negotiated capabilities. > > I have added a parameter "mangle locks" that tries > to map these locks into valid POSIX 31-bit locks > (all that a 32 bit system can support via the POSIX > spec.) and am looking for someone who has anonymous CVS > access (check out the SAMBA_2_0 branch) to test this. > > If you're on a 64 bit platform (IRIX, Solaris 2.7 etc.) > then this isn't the problem. > > Cheers, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From yan at cardinalengineering.com Tue Apr 27 17:39:30 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:26:08 2003 Subject: minor problem with yesterday's CVS References: Message-ID: <3725F652.692B7D84@cardinalengineering.com> I downloaded today's CVS and tried rpcclient: [root@portia bin]# ./rpcclient -S yyyy -Uxxxx Added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 Enter Password: smb: \> svcenum svcenum SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be returned.) Memory allocation error: failed to expand to 1861484544 bytes svc_io_r_enum_svcs_status: Realloc failed smb: \> q Also, rpcclient devours about 60-80% of my CPU cycles (p5/166) just sitting there at the smb: prompt. Let me know if you need logs or anything else. Yan Greg Dickie wrote: > > >From yesterday's CVS: > > I have a small problem with rpcclient which BTW is SOOOO COOL! > > smb: \> svcenum > svcenum > > SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be returned.) > Services > -------- > Albd: Atria Location Broker > Alerter: Alerter > An Electric Arc Teleffect Service: Teleffect > Browser: Computer Browser > ClipSrv: ClipBook Server > DHCP: DHCP Client > EventLog: EventLog > LanmanServer: Server > LanmanWorkstation: Workstation > LmHosts: TCP/IP NetBIOS Helper > LockMgr: Atria Lock Manager > Messenger: Messenger > NetDDE: Network DDE > NetDDEdsdm: Network DDE DSDM > Netlogon: Net Logon > NtLmSsp: NT LM Security Support Provider > PlugPlay: Plug and Play > ProtectedStorage: Protected Storage > Replicator: Directory Replicator > RPCLOCATOR: Remote Procedure Call (RPC) Locator > RpcSs: Remote Procedure Call (RPC) Service > rshd: RSH Daemon > Schedule: Schedule > Spooler: Spooler > TapiSrv: Telephony Service > UPS: UPS > NAV Alert: NAV Alert > Norton Program Scheduler: Norton Program Scheduler > NAV Auto-Protect: NAV Auto-Protect > > Also: Is there any way with samba to get the time of the machine? > > TIA, > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com From lkcl at switchboard.net Tue Apr 27 17:51:02 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:08 2003 Subject: minor problem with yesterday's CVS In-Reply-To: <3725F652.692B7D84@cardinalengineering.com> Message-ID: ok, yan, greg: can you load up copies with the -D "date" option and narrow it down to which version works and which does not? thx. On Wed, 28 Apr 1999, Yan Seiner wrote: > I downloaded today's CVS and tried rpcclient: > > [root@portia bin]# ./rpcclient -S yyyy -Uxxxx > Added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 > Enter Password: > smb: \> svcenum > svcenum > > SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be > returned.) > Memory allocation error: failed to expand to 1861484544 bytes > svc_io_r_enum_svcs_status: Realloc failed > smb: \> q > > Also, rpcclient devours about 60-80% of my CPU cycles (p5/166) just > sitting there at the smb: prompt. > > Let me know if you need logs or anything else. > > Yan > > Greg Dickie wrote: > > > > >From yesterday's CVS: > > > > I have a small problem with rpcclient which BTW is SOOOO COOL! > > > > smb: \> svcenum > > svcenum > > > > SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be returned.) > > Services > > -------- > > Albd: Atria Location Broker > > Alerter: Alerter > > An Electric Arc Teleffect Service: Teleffect > > Browser: Computer Browser > > ClipSrv: ClipBook Server > > DHCP: DHCP Client > > EventLog: EventLog > > LanmanServer: Server > > LanmanWorkstation: Workstation > > LmHosts: TCP/IP NetBIOS Helper > > LockMgr: Atria Lock Manager > > Messenger: Messenger > > NetDDE: Network DDE > > NetDDEdsdm: Network DDE DSDM > > Netlogon: Net Logon > > NtLmSsp: NT LM Security Support Provider > > PlugPlay: Plug and Play > > ProtectedStorage: Protected Storage > > Replicator: Directory Replicator > > RPCLOCATOR: Remote Procedure Call (RPC) Locator > > RpcSs: Remote Procedure Call (RPC) Service > > rshd: RSH Daemon > > Schedule: Schedule > > Spooler: Spooler > > TapiSrv: Telephony Service > > UPS: UPS > > NAV Alert: NAV Alert > > Norton Program Scheduler: Norton Program Scheduler > > NAV Auto-Protect: NAV Auto-Protect > > > > Also: Is there any way with samba to get the time of the machine? > > > > TIA, > > Greg > > > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From tas at microdisplay.com Tue Apr 27 18:10:35 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:08 2003 Subject: Weirdness: MS Access Files on Samba NT Dom References: <3724F36B.D701560F@microdisplay.com> <372510BA.6DAE419D@engr.sgi.com> Message-ID: <3725FD9B.113B0BB9@microdisplay.com> Hi, Yes, the newest SAMBA_2_0 branch fixed the problem. Thank you very much, -Todd Jeremy Allison wrote: > Todd Stiers wrote: > > > > Hi, > > > > This is the latest update. I get MS Access to get this far (up from a > > blank MS Access > > Screen) > > > > The message: > > > > ! The Microsoft Jet database engine cannot open the file ". It is > > already opened > > exclusively by another user, or you need permission to view its data. > > > > Are you using a 32 bit system (such as Linux) or > versions of Solaris earlier than 2.7 ? > > If so then I have just added some code to Samba 2.0.4 > to get around this problem (which is actually an > NT bug). > > The problem is that NT clients insist on sending 64 bit lock > ranges to 32 bit systems, despite smbd on a 32 bit > system correctly setting the "I don't support 64 > bit file access" bit in the negotiated capabilities. > > I have added a parameter "mangle locks" that tries > to map these locks into valid POSIX 31-bit locks > (all that a 32 bit system can support via the POSIX > spec.) and am looking for someone who has anonymous CVS > access (check out the SAMBA_2_0 branch) to test this. > > If you're on a 64 bit platform (IRIX, Solaris 2.7 etc.) > then this isn't the problem. > > Cheers, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From aperrin at demog.Berkeley.EDU Tue Apr 27 18:28:16 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:08 2003 Subject: More profile problems Message-ID: Hey folks- A week or so ago we had a profile problem related to the Domain SID bug; we ended up wiping out all roaming profiles and upgrading all samba servers to 2.0.3 to fix it. It seemed like it worked -- however this morning the same behavior is happening, at least to certain users: - Login authentication works fine - Drive mapping works fine - Registry bombs. That is, Office applications as well as basic preferences stuff (explorer settings, start/run history, etc.) can't write to the hkey_users registry hive. They complain about this. Running Regedit and opening the hkey_users hive shows the user's tree as a single key, not the whole tree it should normally be. Clicking on the user's key generates the wonderfully informative 'error opening registry key.' the problem is solved only by wiping out the user's roaming profile *and* their locally cached profile, then having them log back in. We are running Samba 2.0.3 everywhere, patched with Jeremy's big-endian patch, and Windows NT Workstation 4.0 SP3. Any ideas what's going on? There's nothing at all suspicious in the logs. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From aperrin at demog.Berkeley.EDU Tue Apr 27 18:38:35 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:08 2003 Subject: Remote browsing problems Message-ID: Hello again. We're trying to get a remote subnet, whose PC's we don't control, to be able to see our Samba network. The goal is to share some utilities to users over there without the direct cooperation of the remote sysadmins :). Here's what we've got now: 1.) BOSERUP - our PDC, master browser for domain DEMOGRAPHY 2.) BARROWS-SVR - server on our network sharing the stuff we want them to have. Set for remote announce = IP of NEWSNOWY (see below). 3.) POPULATION - another server on our network, doing WINS duty. 4.) NEWSNOWY - server on the remote network, set for wins proxy = yes, wins server = , preferred master = yes, os level = 100. This is the only samba server on that subnet. BOSERUP, BARROWS-SVR, and POPULATION are all Solaris 7 running Samba 2.0.3 patched with Jeremy's patch. NEWSNOWY is the same but Solaris 2.6. Basically, the Win95 machines in the remote subnet can use BARROWS-SVR with no problem, but they can't browse it. The NetworkNeighborhood simply doesn't show them. Additional information: - The remote PC's are running Novell as well as TCP/IP/Netbios (ugh). - The remote PC's are on the same subnet as NEWSNOWY but are in a different workgroup (SSCL). - Although NEWSNOWY wins the election on the subnet, there is no listing in its browse.dat for the SSCL workgroup; there are listings for other workgroups on the subnet. - At some (unfortunately undocumented) point in the last 3 weeks, we have made this work, that is, seen a machine configured similarly to NEWSNOWY available in the remote PCs' browselists under Entire Network -> Microsoft Windows Network -> Demography. Any ideas? thanks - Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From Jean-Francois.Micouleau at dalalu.fr Tue Apr 27 18:40:04 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:09 2003 Subject: minor problem with yesterday's CVS In-Reply-To: Message-ID: On Wed, 28 Apr 1999, Greg Dickie wrote: > Also: Is there any way with samba to get the time of the machine? should be easy to add to rpcclient. The parsing code is there since June'98. the server code is in srv_srvsvc.c, cut-and-paste-and-change api_srv_net_remote_tod to build the client function. J.F. From dave at www.buffalostate.edu Tue Apr 27 18:56:00 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:09 2003 Subject: Remote browsing problems In-Reply-To: Message-ID: > We're trying to get a remote subnet, whose PC's we don't control, to be > able to see our Samba network. The goal is to share some utilities to > users over there without the direct cooperation of the remote sysadmins > :). > > Here's what we've got now: > 1.) BOSERUP - our PDC, master browser for domain DEMOGRAPHY > 2.) BARROWS-SVR - server on our network sharing the stuff we want them to > have. Set for remote announce = IP of NEWSNOWY (see below). > 3.) POPULATION - another server on our network, doing WINS duty. > 4.) NEWSNOWY - server on the remote network, set for wins proxy = yes, > wins server = , preferred master = yes, os level > = 100. This is the only samba server on that subnet. > > BOSERUP, BARROWS-SVR, and POPULATION are all Solaris 7 running Samba 2.0.3 > patched with Jeremy's patch. NEWSNOWY is the same but Solaris 2.6. > > Basically, the Win95 machines in the remote subnet can use BARROWS-SVR > with no problem, but they can't browse it. The NetworkNeighborhood simply > doesn't show them. > > Additional information: > - The remote PC's are running Novell as well as TCP/IP/Netbios (ugh). > - The remote PC's are on the same subnet as NEWSNOWY but are in a > different workgroup (SSCL). > - Although NEWSNOWY wins the election on the subnet, there is no listing > in its browse.dat for the SSCL workgroup; there are listings for other > workgroups on the subnet. > - At some (unfortunately undocumented) point in the last 3 weeks, we have > made this work, that is, seen a machine configured similarly to NEWSNOWY > available in the remote PCs' browselists under Entire Network -> Microsoft > Windows Network -> Demography. > > Any ideas? have the machine in the remote subnet (NEWSNOWY) announce itself under the other workgroup name. (remote announce= BROADCAST_ADDY/WORKGROUP_NAME) so in other words, on NEWSNOWY add this line and edit to taste: remote announce = 192.168.1.255/SSCL just replace the IP with the BROADCAST ADDRESS of the subnet in which you want the other machines to see it. You might also try that same line on the wins server.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From gilf at tls.co.il Tue Apr 27 20:20:43 1999 From: gilf at tls.co.il (Gil Freund) Date: Tue Dec 2 02:26:09 2003 Subject: More profile problems References: Message-ID: <37261C1B.DAECC66D@tls.co.il> Had a similar problem. Turned out to be a fault network wire. Windows is very touchy about timing (unlike NFS) and if it does not get the response from the server in time, strange thing happen. I got several RPC errors on the stations with no apparent problem on the server. Replaced wire, and everything is fine. Mind you, we suspected this cable for quite a while. Gil Andrew Perrin - Demography wrote: > > Hey folks- > > A week or so ago we had a profile problem related to the Domain SID bug; > we ended up wiping out all roaming profiles and upgrading all samba > servers to 2.0.3 to fix it. It seemed like it worked -- however this > morning the same behavior is happening, at least to certain users: > > - Login authentication works fine > - Drive mapping works fine > - Registry bombs. That is, Office applications as well as basic > preferences stuff (explorer settings, start/run history, etc.) can't write > to the hkey_users registry hive. They complain about this. Running > Regedit and opening the hkey_users hive shows the user's tree as a single > key, not the whole tree it should normally be. Clicking on the user's key > generates the wonderfully informative 'error opening registry key.' > > the problem is solved only by wiping out the user's roaming profile *and* > their locally cached profile, then having them log back in. > > We are running Samba 2.0.3 everywhere, patched with Jeremy's big-endian > patch, and Windows NT Workstation 4.0 SP3. > > Any ideas what's going on? There's nothing at all suspicious in the logs. > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From greg at discreet.com Tue Apr 27 19:53:28 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:09 2003 Subject: minor problem with yesterday's CVS In-Reply-To: Message-ID: Well the problem is I'm not sure it ever worked, I don't think I tried it before but today I was goofing around with the at option (which will help me immensely) and I tried srvconnections and svcenum for fun. thx, Greg On 27-Apr-99 Luke Kenneth Casson Leighton wrote: > ok, yan, greg: can you load up copies with the -D "date" option and narrow > it down to which version works and which does not? > > thx. > > On Wed, 28 Apr 1999, Yan Seiner wrote: > >> I downloaded today's CVS and tried rpcclient: >> >> [root@portia bin]# ./rpcclient -S yyyy -Uxxxx >> Added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 >> Enter Password: >> smb: \> svcenum >> svcenum >> >> SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be >> returned.) >> Memory allocation error: failed to expand to 1861484544 bytes >> svc_io_r_enum_svcs_status: Realloc failed >> smb: \> q >> >> Also, rpcclient devours about 60-80% of my CPU cycles (p5/166) just >> sitting there at the smb: prompt. >> >> Let me know if you need logs or anything else. >> >> Yan >> >> Greg Dickie wrote: >> > >> > >From yesterday's CVS: >> > >> > I have a small problem with rpcclient which BTW is SOOOO COOL! >> > >> > smb: \> svcenum >> > svcenum >> > >> > SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be >> > returned.) >> > Services >> > -------- >> > Albd: Atria Location Broker >> > Alerter: Alerter >> > An Electric Arc Teleffect Service: Teleffect >> > Browser: Computer Browser >> > ClipSrv: ClipBook Server >> > DHCP: DHCP Client >> > EventLog: EventLog >> > LanmanServer: Server >> > LanmanWorkstation: Workstation >> > LmHosts: TCP/IP NetBIOS Helper >> > LockMgr: Atria Lock Manager >> > Messenger: Messenger >> > NetDDE: Network DDE >> > NetDDEdsdm: Network DDE DSDM >> > Netlogon: Net Logon >> > NtLmSsp: NT LM Security Support Provider >> > PlugPlay: Plug and Play >> > ProtectedStorage: Protected Storage >> > Replicator: Directory Replicator >> > RPCLOCATOR: Remote Procedure Call (RPC) Locator >> > RpcSs: Remote Procedure Call (RPC) Service >> > rshd: RSH Daemon >> > Schedule: Schedule >> > Spooler: Spooler >> > TapiSrv: Telephony Service >> > UPS: UPS >> > NAV Alert: NAV Alert >> > Norton Program Scheduler: Norton Program Scheduler >> > NAV Auto-Protect: NAV Auto-Protect >> > >> > Also: Is there any way with samba to get the time of the machine? >> > >> > TIA, >> > Greg >> > >> > --------------------------------------------------------------------- >> > Greg Dickie >> > Just A Guy* >> > *from discreet (the logic is gone) >> > Montreal >> > (514) 954-7171 >> > greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Tue Apr 27 19:58:20 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:09 2003 Subject: minor problem with yesterday's CVS In-Reply-To: Message-ID: it works on systems with small num of services. when i wrote it. On Tue, 27 Apr 1999, Greg Dickie wrote: > > Well the problem is I'm not sure it ever worked, I don't think I tried it > before but today I was goofing around with the at option (which will help me > immensely) and I tried srvconnections and svcenum for fun. > > thx, > Greg > > On 27-Apr-99 Luke Kenneth Casson Leighton wrote: > > ok, yan, greg: can you load up copies with the -D "date" option and narrow > > it down to which version works and which does not? > > > > thx. > > > > On Wed, 28 Apr 1999, Yan Seiner wrote: > > > >> I downloaded today's CVS and tried rpcclient: > >> > >> [root@portia bin]# ./rpcclient -S yyyy -Uxxxx > >> Added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 > >> Enter Password: > >> smb: \> svcenum > >> svcenum > >> > >> SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be > >> returned.) > >> Memory allocation error: failed to expand to 1861484544 bytes > >> svc_io_r_enum_svcs_status: Realloc failed > >> smb: \> q > >> > >> Also, rpcclient devours about 60-80% of my CPU cycles (p5/166) just > >> sitting there at the smb: prompt. > >> > >> Let me know if you need logs or anything else. > >> > >> Yan > >> > >> Greg Dickie wrote: > >> > > >> > >From yesterday's CVS: > >> > > >> > I have a small problem with rpcclient which BTW is SOOOO COOL! > >> > > >> > smb: \> svcenum > >> > svcenum > >> > > >> > SVC_ENUM_SVCS_STATUS: ERRDOS - ERRmoredata (There is more data to be > >> > returned.) > >> > Services > >> > -------- > >> > Albd: Atria Location Broker > >> > Alerter: Alerter > >> > An Electric Arc Teleffect Service: Teleffect > >> > Browser: Computer Browser > >> > ClipSrv: ClipBook Server > >> > DHCP: DHCP Client > >> > EventLog: EventLog > >> > LanmanServer: Server > >> > LanmanWorkstation: Workstation > >> > LmHosts: TCP/IP NetBIOS Helper > >> > LockMgr: Atria Lock Manager > >> > Messenger: Messenger > >> > NetDDE: Network DDE > >> > NetDDEdsdm: Network DDE DSDM > >> > Netlogon: Net Logon > >> > NtLmSsp: NT LM Security Support Provider > >> > PlugPlay: Plug and Play > >> > ProtectedStorage: Protected Storage > >> > Replicator: Directory Replicator > >> > RPCLOCATOR: Remote Procedure Call (RPC) Locator > >> > RpcSs: Remote Procedure Call (RPC) Service > >> > rshd: RSH Daemon > >> > Schedule: Schedule > >> > Spooler: Spooler > >> > TapiSrv: Telephony Service > >> > UPS: UPS > >> > NAV Alert: NAV Alert > >> > Norton Program Scheduler: Norton Program Scheduler > >> > NAV Auto-Protect: NAV Auto-Protect > >> > > >> > Also: Is there any way with samba to get the time of the machine? > >> > > >> > TIA, > >> > Greg > >> > > >> > --------------------------------------------------------------------- > >> > Greg Dickie > >> > Just A Guy* > >> > *from discreet (the logic is gone) > >> > Montreal > >> > (514) 954-7171 > >> > greg@discreet.com > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > > > ===================================================================== > > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > > ISS Connect - International User Conference - May '99 > > ===================================================================== > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From tas at microdisplay.com Tue Apr 27 22:28:51 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:09 2003 Subject: HELP! Samba 2.0.4 upgrade broke everything Message-ID: <37263A22.24EB2F26@microdisplay.com> Hi, This morning I performed an upgrade to Samba 2.0.4 from 2.0pre something. I used SAMBA_2_0 branch rather than the head branch that I normally use. Anyway, sharing between NT workstations was the first symptom (SID error). I re-entered my machine into the NT domain and then my profiles were broken! These critical components are missing from 2.0.4 according to the log: domain admin group map local group map domain admin users map Are there replacements? I can't assign users to have admin power, which breaks the profiles on the machine. Is SAMBA_2_0 the latest and greatest? It fixed by MS Access but has broken everything else in the meantime. -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From tas at microdisplay.com Tue Apr 27 22:44:58 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:09 2003 Subject: HEAD versus SAMBA_2_0 Message-ID: <37263DE9.29E09F13@microdisplay.com> Sorry, I'll be more clear. HEAD is newer than SAMBA_2_0? I get "Ignoring unknown parameter" for "domain group map", "local group map" and "domain user map". Should I go back to HEAD for my main NT domain host if I need these to work? Sharing between NT hosts is broken, as are use profiles if I dare re-introduce a machine to the domain. Thanks -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From jallison at cthulhu.engr.sgi.com Tue Apr 27 22:53:53 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:09 2003 Subject: HEAD versus SAMBA_2_0 References: <37263DE9.29E09F13@microdisplay.com> Message-ID: <37264001.5CE8EC5C@engr.sgi.com> Todd Stiers wrote: > > Sorry, I'll be more clear. > > HEAD is newer than SAMBA_2_0? For PDC support, HEAD is better than 2.0.x. For file serving, 2.0.x is better than HEAD. This will get fixed in the 2.1.x -> 2.2.x timeframe when the two code branches are merged. Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From aryosukarno at earthlink.net Tue Apr 27 23:12:16 1999 From: aryosukarno at earthlink.net (Aryo K. Sukarno) Date: Tue Dec 2 02:26:09 2003 Subject: Compiling Error Message-ID: <000401be9103$64006730$3eddf9d1@netliaison.com> I'm trying to build samba to be a PDC by: ./configure --prefix=/usr/local/samba-new Then I got this error after typing make: Can someone tell me how to fix this? The system is Solaris 7 x86. Thank you using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DSMBLOGFILE="/usr/local/samba-new/var/log.smb" -DNMBLOGFILE="/usr/local/samba-new/var/log.nmb" -DCONFIGFILE="/usr/local/samba-new/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba-new/lib/lmhosts" -DSWATDIR="/usr/local/samba-new/swat" -DSBINDIR="/usr/local/samba-new/bin" -DLOCKDIR="/usr/local/samba-new/var/locks" -DSMBRUN="/usr/local/samba-new/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba-new/lib/codepages" -DDRIVERFILE="/usr/local/samba-new/lib/printers.def" -DBINDIR="/usr/local/samba-new/bin" -DFORMSFILE="/usr/local/samba-new/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba-new/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba-new/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba-new/private/smbpasswd" -DSMB_PASSGRP_FILE="/usr/local/samba-new/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba-new/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba-new/private/smbalias" Using LIBS = -lsec -lsocket -lnsl -ldl -lpam Compiling passdb/pass_check.c passdb/pass_check.c:93: warning: initialization from incompatible pointer type passdb/pass_check.c:93: parse error before `;' make: *** [passdb/pass_check.o] Error 1 From kestanol at ti.l-3com.com Wed Apr 28 01:00:43 1999 From: kestanol at ti.l-3com.com (Keith Estanol) Date: Tue Dec 2 02:26:09 2003 Subject: FAQ Message-ID: <199904280100.SAA20849@frank.ti.l-3com.com> Where is the FAQ for making NT domain authentication work for samba? Thanks. -- keith x4090 From John_Young at sp.gap.com Wed Apr 28 01:10:49 1999 From: John_Young at sp.gap.com (John Young) Date: Tue Dec 2 02:26:09 2003 Subject: Any more progress on Citrix Metaframe vs. Samba PDC? Message-ID: <199904280110.SAA27163@wizard.sp.gap.com> Brian Powell mentioned: > We've been running the Samba PDC code with that patch since then and > our NT-TS system does, indeed work, but the problem remains of logins > to it taking a *LONG* time. Domain logins (through Samba) on our > regular NT workstations only take about 10-20 seconds or so which is > wonderful, but all logins to the TS take about 2 minutes from the > password prompt to your desktop (non domain logins to the same system > take about 5 seconds). I don't have anything to add other than to confirm Brian's findings. We get at least a sixty second delay authenticating through our Samba PDC (Solaris 2.6 on dual 300MHz Sun Ultra2) with Windoze Terminal Illness Edition. The Windows boxes are no slouches, either (dual 450MHz Intergraph's), and the network is fully switched 100baseT. I am running head branch from late January. I plan to make that a little more current very soon, although we're having to make changes very, very carefully. Hopefully one of these days I can get in a trace it a little further. -John ________________________________________________________________ John Young Voice 650 874 4198 Director, Corporate Architecture I.S. Fax 650 874 4224 Gap, Inc. john_young@sp.gap.com From xmj at cypress.com Wed Apr 28 01:39:06 1999 From: xmj at cypress.com (Matthew Jamison) Date: Tue Dec 2 02:26:09 2003 Subject: Browsing question Message-ID: <000801be9117$e77607a0$453d54c0@melchizedek.Miss.Cypress.Com> There have been a couple of browsing questions here recently so I will add mine in. I run a smbclient -L on my samba server and at the end of the output I have the following lines Workgroup Master --------- -------- CSDC MISSISSIPPI KYCC HERA SAMBA NEWYORK The KYCC workgroup is on another subnet. When I am on my MS Win98 box I can see the workgroup but when I double click in the workgroup is tells me that the Workgroup is inaccessible. I can do a find computer on HERA and then see the system as well as access it's shares. Any thoughts? -------------------------------------------- Matthew Jamison xmj@cypress.com System Administrator Cypress Semiconductor 601-324-4609 (CSDC) -------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: Matthew Jamison.vcf Type: application/octet-stream Size: 569 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990427/d6836104/MatthewJamison.obj From tridge at samba.org Wed Apr 28 01:58:08 1999 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:26:09 2003 Subject: random, urandom ? In-Reply-To: <3725C41D.23F2D1AB@iu-vannes.fr> (message from Alexandre Lecuyer on Wed, 28 Apr 1999 00:06:01 +1000) References: <3725C41D.23F2D1AB@iu-vannes.fr> Message-ID: <19990428015822Z12876724-13888+13833@samba.anu.edu.au> > Since we really need this running, I have changed /dev/random to > /dev/urandom in genlib.c and it seems to work OK... That's the right fix. That fix went into the 2.0 branch a while back but hasn't been propogated to the head branch. > Could it be a problem with the hardware ? the machine is a proliant > 3000 with a smart-2 SCSI controller. nope. the problem is that you are running out of entropy in /dev/random. Your box isn't active enough to generate enough entropy to satisfy the needs of smbd. Using /dev/urandom is quite appropriate for the way in which the numbers are used in the smbd challenges and it solves the entropy problem. From captain at seiner.com Wed Apr 28 02:32:54 1999 From: captain at seiner.com (Captain Dondo) Date: Tue Dec 2 02:26:09 2003 Subject: random, urandom ? References: <3725C41D.23F2D1AB@iu-vannes.fr> <19990428015822Z12876724-13888+13833@samba.anu.edu.au> Message-ID: <37267356.E340550E@seiner.com> That is one of the funniest things I'd ever heard. My thermo prof would bust a gut if he heard that! Sorry, just a random comment.... Yan Andrew Tridgell wrote: > the problem is that you are running out of entropy in > /dev/random. Your box isn't active enough to generate enough entropy > to satisfy the needs of smbd. From cartegw at Eng.Auburn.EDU Wed Apr 28 13:50:14 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:09 2003 Subject: FAQ References: <199904280100.SAA20849@frank.ti.l-3com.com> Message-ID: <37271216.FCD6E24D@eng.auburn.edu> Keith Estanol wrote: > > Where is the FAQ for making NT domain authentication work for samba? > Thanks. It linked off the documentation page on any of the Samba mirrors (http://samba.org) Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From spd at gtc1.cps.unizar.es Wed Apr 28 15:52:59 1999 From: spd at gtc1.cps.unizar.es (J.A. Gutierrez) Date: Tue Dec 2 02:26:09 2003 Subject: MIME (was Re: Browsing question) (off-topic) In-Reply-To: <000801be9117$e77607a0$453d54c0@melchizedek.Miss.Cypress.Com> from "Matthew Jamison" at Apr 28, 99 11:40:59 am Message-ID: <199904281552.RAA00141@gtc1.cps.unizar.es> > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0009_01BE90ED.FE9FFFA0 Hi sorry for being so off-topic, but lately I'm seeing lots of bad MIME messages on this list. I guess it's a problem with Microsoft Outlook (or maybe a problem with the MetaMail I'm using?) For instance, the > Content-Type: multipart/mixed; line on the message I'm replying to, should be > Content-Type: multipart/mixed; boundary=----=_NextPart_000_0009_01BE90ED.FE9FFFA0 > ------=_NextPart_000_0009_01BE90ED.FE9FFFA0 > Content-Type: application/octet-stream; > > BEGIN:VCARD and this one should be text/x-vcard, not application/octet-stream, I guess. so standard mailcap entry for vcards text/x-vcard; cat '%s' > /dev/null :-) will work again. -- finger spd@gtc1.cps.unizar.es for PGP / So be easy and free .mailcap tip of the day: / when you're drinking with me application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day text/x-vcard; cat '%s' > /dev/null / (the pogues) From dlee at cse.fau.edu Wed Apr 28 16:31:02 1999 From: dlee at cse.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:09 2003 Subject: logon/logout Message-ID: I tried to use the latest CVS code(4-26-99). I have a FreeBSD 3.1-STABLE server going. I tried two methods for getting the code to work on the server. One I used the BSD ports collection to patch the samba code for use on FreeBSD (PAM problems). I also tried commenting out any #define PAM in the samba/source/include/config.h file. Samba worked as a file server but when i tried to logon It initially logs into the machine then before the desktop comes up it logs me back out. These are WinNT 4.0 SP4 machines. So now I am back to the 2.0.3 code. Any thoughts? --==Don==-- From randy.omeara at lmco.com Wed Apr 28 17:40:53 1999 From: randy.omeara at lmco.com (OMeara, Randy) Date: Tue Dec 2 02:26:09 2003 Subject: Transparent Samba Account Creation/Authentication using NT DC Message-ID: <51D12B40ECC6D111A2670000F8052ADF03581521@emss01m03.ems.lmco.com> My approach to configuring Samba was that I refused to duplicate the effort required to manage user accounts under NT. My resource domain already had the accounts. I did everything I could to stay away from manual (or even programmatic) manipulation of the smbpasswd file. The smbpasswd file is not used or required in the following scenario. There have been some very important Samba innovations recently, and more are coming in the very near future. With 'security = domain' and some simple scripting via 'add user script = some_script', it is possible to create *local* Unix accounts on-the-fly. Passwords are not stored on the Samba server and authentication is provided by an NT DC. Voila! No effort is required to keep accounts/passwords synced with NT! Of course it's not quite as simple as this, but very near ;-) You could move these auto-created accounts to your NIS database if you wish, but since there are no Unix-stored passwords, you never have to worry about syncing passwords to Unix. The very act of 'browsing' your Samba server can (under your control, of course) create a local (Samba-only) user account, create a user directory, mount that directory (the share appears as the user's name), establish a disk use quota, and email a message to you that the account was created. I think that's pretty slick! And it's quick! I have included with this message my samba_add_user Perl script and excerpts from smb.conf. The key elements of the smb.conf file are: 'security = domain', and 'add user script = .../samba_add_user %u'. I hope this is useful to you, or at least points the way for you to refine what I have done. I am interested in hearing about your experiences with this. I have not (yet) checked to see how NT domain groups play into the way that Samba requests authentication from the NT DC. I assume that *any* valid NT domain username/password will pass this authentication successfully. One caveat: if you have specified Logon Workstations restrictions for an NT account under NT's User Manager (User Properties, Logon Workstations), then Samba's method of requesting authentication of that account from the DC will fail unless the Samba server's netbios name appears in the list of workstation restrictions. Why? I don't know. I would guess that the Samba server provides its own name to NT rather than the originating workstation. This may be (probably is) a bug in Samba. This is all based on Linux 2.2.3 with Samba 2.0.3. Enjoy! --- Randy O'Meara Information Systems IT Implementation Lockheed Martin, Santa Cruz Facility ************smb.conf # Samba config file created using SWAT # Global parameters workgroup = DOM server string = DOM,SMB,NFS security = DOMAIN encrypt passwords = Yes map to guest = Bad User password server = DOMDC DOMBDC1 DOMBDC2 DOMBDC3 log file = /var/log/samba/%m max log size = 50 lpq cache time = 0 socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 add user script = /usr/local/samba/bin/samba_add_user %u wins server = 111.222.333.444 lock dir = /var/lock/smb default service = reference guest account = ftp invalid users = root admin users = su mangle case = Yes [tmp] comment = ONE WEEK Max Storage Period! path = /x/tmp read only = No create mask = 0777 guest ok = Yes [transfer] comment = TWO WEEKS Max Storage Period! path = /x/transfer read only = No create mask = 0777 guest ok = Yes [homes] comment = home directories read only = No create mask = 0700 browseable = No [cdrom] comment = Internal CD-ROM path = /cdrom guest ok = Yes locking = No [printers] comment = All Printers path = /usr/spool/samba print ok = Yes browseable = No [softlib] comment = Software Repository path = /x/softlib write list = @slib_rw read only = No [admin$] comment = Fake NT Admin$ Share path = /x/tmp ************end smb.conf ************samba_add_user #!/usr/bin/perl # # Script to add Samba User to local account database. # rmo -- 4/19/99 # # This script is invoked from smbd (AS ROOT) when smb.conf: # 1. 'security' = server OR domain # 2. smbd is able to authenticate current user via 'password server' # 3. no local or NIS account exists for the presently connecting user # 4. 'add user script' specifies this script # # invoked as: samba_add_user %u # where %u is current user name # # This script performs the following actions: # 1. creates %u local account and home directory via useradd(8). # 2. establishes user disk quotas via edquota(8). # 3. logs success/failure via logger(1). # 4. reports success/failure to 'root' via mail(1). # Log Options (logger) $LOG_LEVEL = "auth.notice"; # Syslog facility.level # Account Creation Options (useradd) # $CMNT = "created by samba_add_user"; # Comment passwd field $HOME = "-m"; # Make home directory $SHL = "/bin/false "; # Default shell # Quota Options (edquota) # $QUOTA_PROFILE = "qusr1"; # Quota profile sub dolog { # Enter message into syslog my $msg = shift; my $LOGGER="/usr/bin/logger -t samba_add_user -i -p $LOG_LEVEL"; `$LOGGER $msg`; } sub domail { # Report success/failure to 'root' via mail my $acct = shift; my $sta = shift; my $host = `hostname`;chop($host); my $fail = ""; my $msg = "Account: [$acct]\n". "Host: $host\n". "Cmd: $0\n". "Quota Profile: $QUOTA_PROFILE\n". "\n"; if ( $sta eq "ok" ) { # Success $msg .= "Account was auto-created when the smbd daemon received\n". "a connection request. The account did not exist and was\n". "created automatically.\n". "\n". "Please review this new account for rights, groups, and\n". "quota at your earliest convenience.\n". "\n". "Have a pleasant day!\n"; } else { # Failure $fail = " FAILED!"; $msg .= "Results: $sta\n\n"; $msg .= "Account auto-creation FAILED when the smbd daemon received\n". "a connection request. The account did not exist and was\n". "NOT created automatically.\n". "\n". "Please review the Host syslog and determine the fault at\n". "your earliest convenience.\n". "\n". "Have a (almost) pleasant day!"; } my $ml = open(MAIL,"| mail root -s \"Samba Account Creation [$acct]$fail\""); if ( $ml ) { print MAIL $msg; close( MAIL ); } else { dolog( "Failed to open mail pipe!" ); } } sub doacct { # Create account # my $usr = shift; my $cmd="/usr/sbin/useradd -c '$CMNT' $HOME -s $SHL $usr 2>&1"; my @res=`$cmd`; my $sta=$?; if ( $sta != 0 ) { domail( $usr, join(" ",@res) ); dolog( "[$usr] creation Failure in doacct" ); exit 1; } } sub doquota { # Establish small Quota my $usr = shift; my $cmd = "/usr/sbin/edquota -p $QUOTA_PROFILE $usr 2>&1"; my @res = `$cmd`; my $sta = $?; if ( $sta == 0 ) { domail( $usr, "ok" ); dolog( "[$usr] creation Success" ); } else { domail( $usr, join(" ",@res) ); dolog( "[$usr] creation Failure in doquota" ); exit 2; } } # The Main Stuff # my $usr = shift; dolog( "add [$usr]" ); doacct( $usr ); doquota( $usr ); ************end samba_add_user From it-samba at computerbild.de Wed Apr 28 18:50:01 1999 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:26:09 2003 Subject: Samba does not register with WINS Message-ID: <004b01be91a7$ebe67eb0$7400a8c0@dukat.combi.de> Hi, Linux: pretty plain RH Linux 5.2 (2.0.36 kernel) on P133/64MB. Samba: plain 2.0.3 PDC and WINS server on 192.168.0.2 running NT 4.0 SP4 smb.conf: wins server = 192.168.0.2 Alas, the Samba server does not register with the WINS server. Any ideas? Cheers, Ingo From xmj at cypress.com Wed Apr 28 20:11:47 1999 From: xmj at cypress.com (Matthew Jamison) Date: Tue Dec 2 02:26:09 2003 Subject: Please tell me if it can be done. Message-ID: <003601be91b3$581e3220$453d54c0@melchizedek.Miss.Cypress.Com> For the last month or so I have been working to get cross subnet browsing to work. I only get about 1-2h a week to mess with it so I have not been able to get it working. I am now at a Point were I don't think it can do what I want it to do. What I want it to do for Windows Boxes Windows systems and Samba server in workgroup CSDC on subnet A Windows systems and Samba server in Workgroup KYCC on subnet B >From a windows system in the CSDC workgroup I want to be able to double click on "Network Neighborhood" --> "Entire Network" --> "KYCC" and get a browse list of the systems in the KYCC workgroup. Can this be done? If so Can it be done for 10 different workgroups. Matthew -------------------------------------------- Matthew Jamison xmj@cypress.com System Administrator Cypress Semiconductor 601-324-4609 (CSDC) -------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: Matthew Jamison.vcf Type: application/octet-stream Size: 569 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990428/42dc3c97/MatthewJamison.obj From rolando at sensenet.com Wed Apr 28 21:18:13 1999 From: rolando at sensenet.com (Rolando Berrios) Date: Tue Dec 2 02:26:09 2003 Subject: security = domain & security = user mixing.... Is it possible? Message-ID: Hey all, I've read through the documentation and (unless I'm an idiot) I can't find a resolution to this problem. I'm trying to move from a workstation style setting, using pretty much only NT desktop machines, to a NT domain style network. The problem is that we have a few people who won't be joining the domain and will need to access the SAMBA shared (file/print)server that is running in the security = domain setting. After wondering to myself why the users weren't able to log onto the Linux box running SAMBA, I tried looking at the log files and I got this: .....[snip] [1999/04/28 17:11:33, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) cli_net_sam_logon: NT_STATUS_NO_SUCH_USER [1999/04/28 17:11:33, 0] smbd/password.c:domain_client_validate(1365) domain_client_validate: unable to validate password for user rberrios in domain NT-TESTDOMAIN to Domain controller TESTDOMAINCONTROLLER. Error was NT_STATUS_NO_SUCH_USER. .....[snip] After that it attempted to find the user on the SAMBA server in the smb_passwd file, of which there was no such user. When I try to connect to an NT server that's part of the domain and the account I'm using is not a domain account, but a local one, I don't run into any errors - I simply have to enter the domain account username and password pair and I'm in. Is this functionality not supported? Or are there some configuration options that I've screwed up? Any help would be very much appreciated. From lkcl at switchboard.net Wed Apr 28 21:25:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:09 2003 Subject: Please tell me if it can be done. In-Reply-To: <003601be91b3$581e3220$453d54c0@melchizedek.Miss.Cypress.Com> Message-ID: if you send us a message without attachments then we can try. From xmj at cypress.com Wed Apr 28 22:02:41 1999 From: xmj at cypress.com (Matthew Jamison) Date: Tue Dec 2 02:26:09 2003 Subject: Resend without attachment. (Please tell me if it can be done.) Message-ID: <003b01be91c2$d5da77a0$453d54c0@melchizedek.Miss.Cypress.Com> For the last month or so I have been working to get cross subnet browsing to work. I only get about 1-2h a week to mess with it so I have not been able to get it working. I am now at a Point were I don't think it can do what I want it to do. What I want it to do for Windows Boxes Windows systems and Samba server in workgroup CSDC on subnet A Windows systems and Samba server in Workgroup KYCC on subnet B >From a windows system in the CSDC workgroup I want to be able to double click on "Network Neighborhood" --> "Entire Network" --> "KYCC" and get a browse list of the systems in the KYCC workgroup. Can this be done? If so Can it be done for 10 different workgroups. Matthew -------------------------------------------- Matthew Jamison xmj@cypress.com System Administrator Cypress Semiconductor 601-324-4609 (CSDC) -------------------------------------------- From abakun at reac.com Wed Apr 28 22:01:06 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:09 2003 Subject: security = domain & security = user mixing.... Is it possible? References: Message-ID: <37278522.C96CA445@reac.com> I had a similar setup when I converted our network over from an NT PDC to a samba PDC. You need to use netbios aliases. Say your machine is named SAMBA. Put the following in the smb.conf file: netbios aliases = DOMMEMBER Then, create two configuration files, one named smb.conf.SAMBA and one named smb.conf.DOMMEMBER In smb.conf.SAMBA, put your security = user line and any other lines related to security = user (like the path to smbpasswd, etc). In smb.conf.DOMMEMBER, put security = domain and other parameters related to security = domain, like password server =, etc. The people who access the machine as \\DOMMEMBER from their workstations will be authed via the password server, and those who access it via \\SAMBA will be authed against the smbpasswd file. Ideally, all the share definitions will be shared between both "virtual servers", so no matter if the users access it as \\SAMBA or as \\DOMMEMBER, they should see the same shares. You'll still need to create accounts on the samba machine for those security = server accounts, or you can use the user name map file to map them all to a common account, I guess, but I never tried this). Rolando Berrios wrote: > Hey all, > > I've read through the documentation and (unless I'm an idiot) I can't find > a resolution to this problem. I'm trying to move from a workstation style > setting, using pretty much only NT desktop machines, to a NT domain style > network. > > The problem is that we have a few people who won't be joining the domain > and will need to access the SAMBA shared (file/print)server that is > running in the security = domain setting. After wondering to myself why > the users weren't able to log onto the Linux box running SAMBA, I tried > looking at the log files and I got this: > > ....[snip] > [1999/04/28 17:11:33, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) > cli_net_sam_logon: NT_STATUS_NO_SUCH_USER > [1999/04/28 17:11:33, 0] smbd/password.c:domain_client_validate(1365) > domain_client_validate: unable to validate password for user rberrios in > domain NT-TESTDOMAIN to Domain controller TESTDOMAINCONTROLLER. Error was > NT_STATUS_NO_SUCH_USER. > ....[snip] > > After that it attempted to find the user on the SAMBA server in the > smb_passwd file, of which there was no such user. > > When I try to connect to an NT server that's part of the domain and the > account I'm using is not a domain account, but a local one, I don't run > into any errors - I simply have to enter the domain account username and > password pair and I'm in. > > Is this functionality not supported? Or are there some configuration > options that I've screwed up? > > Any help would be very much appreciated. From aperrin at demog.Berkeley.EDU Wed Apr 28 22:43:18 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:09 2003 Subject: Resend without attachment. (Please tell me if it can be done.) In-Reply-To: <003b01be91c2$d5da77a0$453d54c0@melchizedek.Miss.Cypress.Com> Message-ID: We have been recently trying to do something very similar. I think you can do it this way: - Set all PCs in both workgroups to use one of your samba servers as their WINS server. - Add a remote announce line to each smb.conf: Server A: remote browse sync=/CSDC Server B: remote browse sync=/KYCC --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 29 Apr 1999, Matthew Jamison wrote: > For the last month or so I have been working to get cross subnet browsing to > work. I only get about 1-2h a week to mess with it so I have not been able > to get it working. I am now at a Point were I don't think it can do what I > want it to do. > > What I want it to do for Windows Boxes > > Windows systems and Samba server in workgroup CSDC on subnet A > > Windows systems and Samba server in Workgroup KYCC on subnet B > > >From a windows system in the CSDC workgroup I want to be able to double > click on "Network Neighborhood" --> "Entire Network" --> "KYCC" and get a > browse list of the systems in the KYCC workgroup. > > Can this be done? If so Can it be done for 10 different workgroups. > > Matthew > > > > > -------------------------------------------- > Matthew Jamison xmj@cypress.com > System Administrator Cypress Semiconductor > 601-324-4609 (CSDC) > -------------------------------------------- > From rolando at sensenet.com Wed Apr 28 23:19:44 1999 From: rolando at sensenet.com (Rolando Berrios) Date: Tue Dec 2 02:26:09 2003 Subject: security = domain & security = user mixing.... Is it possible? In-Reply-To: <37278522.C96CA445@reac.com> Message-ID: It sounds like that'll work, and I appreciate the advice - I haven't had a chance to test it, but shouldn't SAMBA validate the users correctly? It seems like the DOMAIN that isn't being validated on the SAMBA server is the DOMAIN I'm logging in as, in this case the local hostname. When I try with an NT machine, I'm validated fine, and I get the correct shares as well. Is this a difficiency in SAMBA? On Thu, 29 Apr 1999, Andy Bakun wrote: > Date: Thu, 29 Apr 1999 08:23:32 +1000 > From: Andy Bakun > To: Multiple recipients of list > Subject: Re: security = domain & security = user mixing.... Is it possible? > > I had a similar setup when I converted our network over from an NT PDC to a > samba PDC. > > You need to use netbios aliases. Say your machine is named SAMBA. Put the > following in the smb.conf file: > > netbios aliases = DOMMEMBER > > Then, create two configuration files, one named smb.conf.SAMBA and one named > smb.conf.DOMMEMBER > > In smb.conf.SAMBA, put your > > security = user > > line and any other lines related to security = user (like the path to > smbpasswd, etc). > In smb.conf.DOMMEMBER, put > > security = domain > > and other parameters related to security = domain, like password server =, > etc. > > The people who access the machine as \\DOMMEMBER from their workstations will > be authed via the password server, and those who access it via \\SAMBA will be > authed against the smbpasswd file. Ideally, all the share definitions will be > shared between both "virtual servers", so no matter if the users access it as > \\SAMBA or as \\DOMMEMBER, they should see the same shares. > > You'll still need to create accounts on the samba machine for those security = > server accounts, or you can use the user name map file to map them all to a > common account, I guess, but I never tried this). > > Rolando Berrios wrote: > > > Hey all, > > > > I've read through the documentation and (unless I'm an idiot) I can't find > > a resolution to this problem. I'm trying to move from a workstation style > > setting, using pretty much only NT desktop machines, to a NT domain style > > network. > > > > The problem is that we have a few people who won't be joining the domain > > and will need to access the SAMBA shared (file/print)server that is > > running in the security = domain setting. After wondering to myself why > > the users weren't able to log onto the Linux box running SAMBA, I tried > > looking at the log files and I got this: > > > > ....[snip] > > [1999/04/28 17:11:33, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) > > cli_net_sam_logon: NT_STATUS_NO_SUCH_USER > > [1999/04/28 17:11:33, 0] smbd/password.c:domain_client_validate(1365) > > domain_client_validate: unable to validate password for user rberrios in > > domain NT-TESTDOMAIN to Domain controller TESTDOMAINCONTROLLER. Error was > > NT_STATUS_NO_SUCH_USER. > > ....[snip] > > > > After that it attempted to find the user on the SAMBA server in the > > smb_passwd file, of which there was no such user. > > > > When I try to connect to an NT server that's part of the domain and the > > account I'm using is not a domain account, but a local one, I don't run > > into any errors - I simply have to enter the domain account username and > > password pair and I'm in. > > > > Is this functionality not supported? Or are there some configuration > > options that I've screwed up? > > > > Any help would be very much appreciated. > From webber at sj.univali.rct-sc.br Thu Apr 29 01:40:59 1999 From: webber at sj.univali.rct-sc.br (Celso Kopp Webber) Date: Tue Dec 2 02:26:09 2003 Subject: Slow performance Message-ID: Hi all. Sorry if I'm asking this again, but I've noticed a BIG performance penalty on recent CVSed versions of Samba (head branch). For instance, I have a machine with a smbpasswd file containing exactly 945 entries. If I install a "standard" version such as 1.9.18, when I type: $ smbclient -L my_server -U my_username I instantly get a browse list after I type my password. If I instead use a recent version from the head branch and issue the same command, it takes about 3 to 5 seconds to give me the browse list. The problem is that the "standard" versions are do not include interesting fetaures, such as creating accounts on the fly, the "domain admin group" and similar options, and so on. Will this issue be resolved soon? Thanks for your time, and congratulations for the best SMB server we have. Prof. Celso Kopp Webber mailto://webber@sj.univali.rct-sc.br Universidade do Vale do Itajai' - UNIVALI Campus Sao Jose - Sao Jose, SC Administracao de Redes Rod. SC 407, Km. 4 88122-000 Sao Jose-SC Brazil Fone: +55 (48) 281-1505 Fax: +55 (48) 281-1506 From it at computerbild.de Thu Apr 29 02:48:04 1999 From: it at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:26:09 2003 Subject: Samba does not register with WINS Message-ID: <028101be91ea$b43835b0$7400a8c0@dukat.combi.de> >Make samba the wins server. Works great. Sorry, this is not an option. We're talking about a 150 machine production NT-Domain. At this stage, Samba is the test machine. (But of course I plan to change this;-). And while Samba as WINS might work great I'd still like to know if I did s.th. wrong or if I stumbled over a bug. Ingo From Jens.Skripczynski at studbox.uni-stuttgart.de Wed Apr 28 14:13:00 1999 From: Jens.Skripczynski at studbox.uni-stuttgart.de (Jens Skripczynski) Date: Tue Dec 2 02:26:09 2003 Subject: HEAD versus SAMBA_2_0 In-Reply-To: <37264001.5CE8EC5C@engr.sgi.com>; from Jeremy Allison on Wed, Apr 28, 1999 at 08:55:56AM +1000 References: <37263DE9.29E09F13@microdisplay.com> <37264001.5CE8EC5C@engr.sgi.com> Message-ID: <19990428161300.A29189@shadowland.wh.uni-stuttgart.de> Jeremy Allison: > For PDC support, HEAD is better than 2.0.x. > > For file serving, 2.0.x is better than HEAD. > > This will get fixed in the 2.1.x -> 2.2.x timeframe > when the two code branches are merged. *Argh* I think it would be great if both branches would be merged earlier, as I (and I think others to) do need the PDC support _and_ the file serving. Anyway I thought that the 2.1 Tree is the experimental tree and the 2.0 tree consists of stable code chosen from the 2.1 branch. Ciao Jens Skripczynski -- E-Mail: Jens.Skripczynski@studbox.uni-stuttgart.de From sinnamon at usq.edu.au Thu Apr 29 08:23:38 1999 From: sinnamon at usq.edu.au (James Sinnamon) Date: Tue Dec 2 02:26:09 2003 Subject: FW: apache autheticates through pam/samba, but I get "User accoun t has expired message" Message-ID: <29FD27CEE49ED2118954006008BFD2551C08F4@dec02.usq.edu.au> Dear Samba Developers/Users (I trust that the following does relate to this list. If not, please accept my apologies) I am running apache ver 1.3.4 with RedHat Linux ver 5.2, and I wish to have users logged on to the local NT network be able to authenticate themselves from the NT Domain Controllers. To do this, I have done the following : 1. compiled mod_auth_pam into apache 2. Put the following directives into httpd.conf: AuthPAM_enabled on Options FollowSymLinks AllowOverride All 2. Put the following .htaccess file in .../htdocs/test from which I wish to test the authentication : AuthName "Test Authentication" AuthType Basic require valid-user 3. compiled and installed /lib/security/pam_smb_auth.so 4. Created the following /etc/pam.d/httpd file : auth required /lib/security/pam_smb_auth.so debug I supply my username and password when prompted to do so by Netscape Navigator. The file /var/log/secure shows the following: Apr 29 17:44:11 turing httpd: pam_smb: Correct NT username/password pair ... this indicates that I have been authenticated by the NT PDC, however I still get the 'authorization failed' message. When I examined the error_log file, I saw the following message: httpd: [Thu Apr 29 17:52:01 1999] [error] access to /test/ failed for \ 139.96.38.159, reason: User account has expired >From examining mod_auth_pam.c, I gather that a call to pam_authenticate() has succeeded, but the subsequent call to pam_acct_mgmt() has failed. ... does anyone out there know what is going on here? Is there anything that I can do at the Linux end to fix this, or does something need to be done with the NT Domain Controllers? Thank you James Sinnamon From ngeldenhuys at rmbam.co.za Thu Apr 29 08:49:34 1999 From: ngeldenhuys at rmbam.co.za (Nardus Geldenhuys) Date: Tue Dec 2 02:26:09 2003 Subject: security = domain & security = user mixing.... Is it possible? References: <37278522.C96CA445@reac.com> Message-ID: <37281D1E.E6158C0A@rmbam.co.za> Hi Andy Got the same problem as Roland. I have an NT PDC and we want to use my samba server as the file server. It works fine, until you want to connect a person that is not of the NT domain :( I tried your idea. It seems that the samba server uses the DOMAIN security every time. It looks like it will work. How does your main smb.conf file look like ? I think my problem might lay there. What kind of "security= ???" do you use in the main smb.conf file or does it matter. Thanks a million Nardus Geldenhuys South Africa Andy Bakun wrote: > > I had a similar setup when I converted our network over from an NT PDC to a > samba PDC. > > You need to use netbios aliases. Say your machine is named SAMBA. Put the > following in the smb.conf file: > > netbios aliases = DOMMEMBER > > Then, create two configuration files, one named smb.conf.SAMBA and one named > smb.conf.DOMMEMBER > > In smb.conf.SAMBA, put your > > security = user > > line and any other lines related to security = user (like the path to > smbpasswd, etc). > In smb.conf.DOMMEMBER, put > > security = domain > > and other parameters related to security = domain, like password server =, > etc. > > The people who access the machine as \\DOMMEMBER from their workstations will > be authed via the password server, and those who access it via \\SAMBA will be > authed against the smbpasswd file. Ideally, all the share definitions will be > shared between both "virtual servers", so no matter if the users access it as > \\SAMBA or as \\DOMMEMBER, they should see the same shares. > > You'll still need to create accounts on the samba machine for those security = > server accounts, or you can use the user name map file to map them all to a > common account, I guess, but I never tried this). > > Rolando Berrios wrote: > > > Hey all, > > > > I've read through the documentation and (unless I'm an idiot) I can't find > > a resolution to this problem. I'm trying to move from a workstation style > > setting, using pretty much only NT desktop machines, to a NT domain style > > network. > > > > The problem is that we have a few people who won't be joining the domain > > and will need to access the SAMBA shared (file/print)server that is > > running in the security = domain setting. After wondering to myself why > > the users weren't able to log onto the Linux box running SAMBA, I tried > > looking at the log files and I got this: > > > > ....[snip] > > [1999/04/28 17:11:33, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) > > cli_net_sam_logon: NT_STATUS_NO_SUCH_USER > > [1999/04/28 17:11:33, 0] smbd/password.c:domain_client_validate(1365) > > domain_client_validate: unable to validate password for user rberrios in > > domain NT-TESTDOMAIN to Domain controller TESTDOMAINCONTROLLER. Error was > > NT_STATUS_NO_SUCH_USER. > > ....[snip] > > > > After that it attempted to find the user on the SAMBA server in the > > smb_passwd file, of which there was no such user. > > > > When I try to connect to an NT server that's part of the domain and the > > account I'm using is not a domain account, but a local one, I don't run > > into any errors - I simply have to enter the domain account username and > > password pair and I'm in. > > > > Is this functionality not supported? Or are there some configuration > > options that I've screwed up? > > > > Any help would be very much appreciated. From ertl at edupsy.uni-muenchen.de Thu Apr 29 11:36:24 1999 From: ertl at edupsy.uni-muenchen.de (Bernhard Ertl) Date: Tue Dec 2 02:26:10 2003 Subject: NT Explorer restarts while retrieving userlist for security permissions Message-ID: <37284438.475ECE44@edupsy.uni-muenchen.de> Hi, I'm using NT4SP4 and Samba 2.0.2 (or 3) the Samba Machine is the Domainserver and the machines log into the domain. I now I try to set access permissions for files then (when I try to add users) Dr. Watson comes up and the NT Explorer restarts. If I disable the NT pipe support Then I'm able to browse local users on the machine, but still noone from the Server. And I also Can't log into domain anymore. Does anyone know sth about? Thanx Be -------------- next part -------------- A non-text attachment was scrubbed... Name: ertl.vcf Type: text/x-vcard Size: 362 bytes Desc: Card for Bernhard Ertl Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990429/e68cda58/ertl.vcf From wam at HiWAAY.net Thu Apr 29 14:19:01 1999 From: wam at HiWAAY.net (William A. Mahaffey III) Date: Tue Dec 2 02:26:10 2003 Subject: [Fwd: PR 15909, Getting going ....] Message-ID: <37286A55.41C6@HiWAAY.net> An embedded message was scrubbed... From: "William A. Mahaffey III" Subject: PR 15909, Getting going .... Date: Wed, 28 Apr 1999 17:11:09 -0500 Size: 1577 Url: http://lists.samba.org/archive/samba-ntdom/attachments/19990429/dd0ce929/attachment.eml From abakun at reac.com Thu Apr 29 14:57:10 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:10 2003 Subject: security = domain & security = user mixing.... Is it possible? References: <37278522.C96CA445@reac.com> <37281D1E.E6158C0A@rmbam.co.za> Message-ID: <37287346.AC9E34FD@reac.com> Nardus Geldenhuys wrote: > Hi Andy > > Got the same problem as Roland. I have an NT PDC and we want to use my > samba server as the file server. It works fine, until you want to > connect a person that is not of the NT domain :( > > I tried your idea. It seems that the samba server uses the DOMAIN > security every time. > It looks like it will work. How does your main smb.conf file look like ? > I think my problem might lay there. What kind of "security= ???" do you > use in the main smb.conf file or does it matter. I don't use this setup anymore, because I was using it during the migration stage from an NT PDC to a samba PDC. My setup actually included an NT PDC for the domain REAC, and my samba PDC was in the domain REACNET. People would open up network neighorhood and see two entries (in different domains/workgroups) for the same machine). The client machines that I had moved over to the REACNET domain would use the samba PDC -- for political reasons, I couldn't move all machines from the REAC domain to the REACNET domain immediately, and had to do it over a number of weeks. Anyway, this was my conf file setup (I'm on Redhat, so my paths may be different than yours). These aren't exact, I've edited them for brevity and removed the options that didn't have to do with the focus here. DO NOT USE THESE FILES EXACTLY -- they most likely won't work. --------- /etc/smb.conf file starts here --------- [global] message command = rm %s log file = /var/log/samba/samba-%L.%m ; performance options read size = 32768 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 deadtime = 180 ; networking options remote announce = 192.168.1.3/REAC netbios name = JUPITER netbios aliases = URANUS include = /etc/smb.conf.%L --------- /etc/smb.conf file ends here --------- Any other GLOBAL parameters, that you want shared between the two virtual file servers should be in here also. Stick some share definitions in there if you want. That 'remote announce' option was important... it made sure that both virtual servers (jupiter and uranus) showed up in network neighborhood of the machines that were in the REAC domain. Now, in this setup, JUPITER is the PDC of REACNET (security = user), and URANUS is the domain member of REAC (security = server). Note the last line, which includes a conf file dependant on the name that the client accessed smbd as. There are two other conf files: --------- /etc/smb.conf.uranus file starts here --------- security = server password server = mercury.reac.com username map = /etc/smb.usermap workgroup = REAC encrypt passwords = yes # other share definitions follow --------- /etc/smb.conf.uranus file ends here --------- mercury.reac.com was the NT PDC for the REAC domain. username map is important if you don't have accounts for everyone (yet or otherwise) on your samba server! I believe the format or existance of the 'username map' parameter may have changed since the samba-2.0prealpha days so you may want to check the documentation on that one. --------- /etc/smb.conf.jupiter file starts here --------- security = user domain admin group = domadmin wins support = yes os level = 45 workgroup = REACNET domain logons = yes logon script = scripts/logon.bat logon path = \\%N\profile\%U\NTprofile logon drive = h: encrypt passwords = yes null passwords = yes --------- /etc/smb.conf.jupiter file ends here --------- Here, I've put the parameters that have to do with being a samba PDC. Your milage may vary. My requirements were a little different than what you want, but this should still work anyway for you. Once I had put client machines into the REACNET domain, users of those machines could still access \\mercury by using their "username and password from the old network" (users seemed to understand that :) ). The client machines that were still part of the NT controlled REAC domain needed to get to the files on the new samba server, so they would open up \\uranus, and it wouldn't prompt for a password (because the virtual samba server uranus is using server security). Users in the REACNET domain would access the same files on uranus with \\jupiter. If they used \\uranus, they would have been prompted for the username and password for the NT REAC domain. I'm having trouble explaining this, actually. I think your problem, Nardus, may be that you had a 'security=' line in the smb.conf file, not just in the both the smb.conf.xxxxx files. > Thanks a million Hope this helps. Andy. From yann.foissac at prostgrandprix.fr Thu Apr 29 15:20:00 1999 From: yann.foissac at prostgrandprix.fr (yann.foissac) Date: Tue Dec 2 02:26:10 2003 Subject: Domain Controller not available Message-ID: <002001be9253$bfd96970$1600a8c0@ple.local.prostgrandprix.fr> I'm running Samba version 2.1.0 prealpha on linux Redhat 5.2 version I add my workstaion in the /etc/passwd and in the smbpasswd I add users too I joined the new Domain but when I try to logon the message is "Your Domain Controller is not available" I find the same problem in the archives but no solutions -------------- next part -------------- HTML attachment scrubbed and removed From samba at artschool.com Thu Apr 29 22:02:33 1999 From: samba at artschool.com (samba@artschool.com) Date: Tue Dec 2 02:26:10 2003 Subject: Home directories on different servers Message-ID: Is there a way to set some user's home directories to be on one server and some on another? That is, something like user1's home directory is found on \\samba-a\user1 and user2's home directory is found on \\samba-b\user2, where all users are members of one domain only? I know with a PDC one would merely set the home path accordingly, however with smb.conf I am only aware of the "logon home" and "logon drive" options. Thanks, Eric Wong From seastar at seasurf.net Fri Apr 30 16:29:50 1999 From: seastar at seasurf.net (Anthony L. Sollars) Date: Tue Dec 2 02:26:10 2003 Subject: Home directories on different servers References: Message-ID: <3729DA80.189@seasurf.net> To Eric, Message-ID: <372A0C8F.F61DF0F8@gmx.de> > Is there a way to set some user's home directories to be on one server and > some on another? > > That is, something like user1's home directory is found on \\samba-a\user1 > and user2's home directory is found on \\samba-b\user2, where all users > are members of one domain only? I know with a PDC one would merely set > the home path accordingly, however with smb.conf I am only aware of the > "logon home" and "logon drive" options. > If you are using Linux 'homer' (part of 'userfs') may help. Ciao Mathias -- WWW: http://www.arco.de/~mhasselm/ http://www.dominanz-haus.de/ PGP-Fingerprint: 4D15 89ED 7299 6428 FEE6 C66F 5D40 6504 55E5 72F3 From p.grimmerink at home.nl Thu Apr 15 12:03:41 1999 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:29:27 2003 Subject: Cannot login In-Reply-To: <38F7687B.C5C60515@steinmetznet.com> Message-ID: > Try to login to the domain as trevor and get a message that > "The system cannot log you in (c000019b) Please try again or consult > your system adminstrator". Same for me, I'm running samba-tng 2.4 as PDC, and winnt 4 server as a domainmember (joined successfully) Best regards, Pieter Grimmerink