From VincentMorlot at csi.com Sun Dec 5 21:23:13 1999 From: VincentMorlot at csi.com (Vincent Morlot) Date: Tue Dec 2 02:27:23 2003 Subject: logon unique Message-ID: <384AD7C1.A9A8A994@csi.com> I'm using Linux (debian 2.1) with samba 2.05a PDC. My clients are windows NT4 Workstation with service pack 3. I'm using roaming profiles so a user is able to log on few workstations. But I'm looking for the way to block a second log when a user is already logon into the PDC. So that mean when the user A is connected using workstation A, he must not be able to log on the PDC using workstation B. Please help! Thanks -- Vincent Morlot(VincentMorlot@compuserve.com) From johanh at fusion.kth.se Wed Dec 1 09:39:56 1999 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:27:28 2003 Subject: Need guide for hacking Samba NT to understand AFS Message-ID: I need some guidance for a making Samba PDC understand AFS. I want to store the user key files on the local disk of the Samba server. I know this is not the best solution. Better solutions have been proposed by Allan Bjorklund, but I need something quick and dirty now. We mainly use Sun machines at our site and have only a few NT boxes. What I want to do is to read the key file as the user after the encrypted password is validated. I will also implement a alarm() call to renew the ticket. My questions are: * I need a hint of where to put this AFS login, i.e. where do put the routine that reads a file as a user after the forking and encrypted password validation is done. * How do I get the userid and user name (in order to prevent users from reading somebodys else key by symlinking to it). I imagine I need something like set_uid_to_user(...) /* How do I write this */ read_AFS_key_file(username) /* This I will write */ set_uid_back_to_root() /* How do I write this */ If everything works, I will submit my patches to the samba team. TIA Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From lluisma at osi-technologies.com Wed Dec 1 10:45:09 1999 From: lluisma at osi-technologies.com (lluisma) Date: Tue Dec 2 02:27:28 2003 Subject: Samba to the rescue Message-ID: <3844FC35.E44DB646@osi-technologies.com> We are a very big NT shop inside but using all Unix on Internet gateways and databases. We have numerous problems on our NT infrastracture and I was given the task of fixing problems related to NT authentication, browsing, name registration/resolution(WINS) and performance tuning. I'm thinking of making use of Samba to solve most of these problems or at least to introduce more reliability to our systems. We have several thousands of users but my area is about 800 users connected to layer 2 and layer 3 switches (VLAN) with servers using FastEthernet and win95/98 clients using 10baseT. We are a shared network configuration wherein about 13 subnets share a single VLAN with connection to one port (100mbit full duplex) in a high speed cisco router. This one port becomes the primary interface and the 13 subnets are secondaries(Note: communication between hosts on different subnets will have to go to the router. The layer 3 switches have some intelligence and only initial connections go to the router for communicating hosts connected to layer 3 switches.). The WINS server(NT) is located on the other side of the router(on a different VLAN) and it replicates with another WINS server somewhere. The PDC (also NT) is located on the same VLAN that the WINS server is. We use NT DHCP server(I'm replacing this with Linux using ISC DHCP). The problems I'm trying to fix involve browsing and WINS resolution. Our domain master browser is the NT PDC(we know they are using the same last byte<1B>). I can't replace the NT WINS with Samba because the latter doesn't replicate yet. I can't have a Samba BackupDomainController(BDC) because that is not supported either at this time. Also win98/95 systems can not become or contact a domain master browser(even if it is NT). This means I would need at least one NT server/workstation/Samba for each subnet to act as local master browsers that can server the browsing needs of win95/98 clients. This is what I intend to do and please let me know if I make sense or what is the best way to do it: Linux box will run Samba, ISC DHCP server, primary internal DNS(fake root), and many more. The Linux box(IBM Netfinity 7000 M10 quad Xeon 500, 2GB RAM) will have one IP address from each of the 13 subnets and aliased it to one or two primary IP addresses (100Mbit full duplex NIC). With Samba running I'll make this the local master browser for each of the 13 subnets and make it synchronize with the NT domain master browser on the other side of the router. My smb.conf should have something like: [global] wins server = x.x.x.x ==============> NT is doing WINS, not Samba wins proxy = yes dns proxy = yes wins support = no name resolve order = lmhosts wins hosts local master = yes preferred master = yes remote announce = y.y.y.y ========> IP address of NT PDC (Domain Master Browser) os level = 32 ======> to make sure it will not become Domain Master Browser? NT PDC is 33. To avoid broadcasting from win 95/98 clients (remember I have a shared network and broadcasts are bad for this) DHCP sets option netbios-node-type 2 ====> Netbios P-node. I'm not clear about the WINS proxy support. Can I let win 95/98 clients use Samba as a WINS proxy to a NT WINS server located on the other side of the router? If yes can I configure win 95/98 clients (via DHCP) to use the IP address of the Linux/Samba box as WINS server (something like a transparent proxy). Is this feature supported by Samba WINS proxy? Does this WINS proxy support in Samba means that it can pretend to be a WINS server although in reality it is actually acting as a proxy. Please help. Thanks. ESL From ksmelser at uindy.edu Wed Dec 1 07:50:39 1999 From: ksmelser at uindy.edu (Kelly S. Smelser) Date: Tue Dec 2 02:27:28 2003 Subject: Bug report w/ Intel Netcards Message-ID: I posted yesterday regarding problems setting up a 2nd samba server as a PDC on our campus network. It turns out that the problem appears to be more of a network card related issue. After testing the scenario out on multiple servers and having no luck, I realized that all of the server machines I was trying had Intel network cards. I then tried the same setup on my laptop with a 3com PCMCIA ethernet card and the PDC setup worked flawlessly. The machines that were not working properly were an Intel T440BX motherboard with integrated eepro 10/100 network interface and a machine with a PCI Intel EtherExpress 10/100 (i82555) card. Has anyone else noticed similar problems with this hardware? k "...kneel down and kiss the earth, and show me what this thought is worth." -Trey Anastasio/Tom Marshall (Phish) From cartegw at Eng.Auburn.EDU Wed Dec 1 15:44:16 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:28 2003 Subject: Bug report w/ Intel Netcards References: Message-ID: <38454250.D6E4CB19@eng.auburn.edu> > and a machine with a PCI Intel EtherExpress > 10/100 (i82555) card. Has anyone else noticed > similar problems with this hardware? Kelly, I believe I have seen reports of problems with these cards under Linux on the linux-net list. Can't remember further information. Sorry. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sollarsa at starofthesea.pvt.k12.or.us Wed Dec 1 16:34:41 1999 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:27:29 2003 Subject: Oregon City Event! Message-ID: <38454E21.13F474A7@starofthesea.pvt.k12.or.us> Dear all, What is the event that is going on in Oregon City Friday?? -------------- next part -------------- A non-text attachment was scrubbed... Name: sollarsa.vcf Type: text/x-vcard Size: 391 bytes Desc: Card for Anthony L. Sollars Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991201/06dc3e9e/sollarsa.vcf From Jon at document-solutions.com Wed Dec 1 17:25:54 1999 From: Jon at document-solutions.com (Jon Doyle) Date: Tue Dec 2 02:27:29 2003 Subject: Bug report w/ Intel Netcards Message-ID: I have noticed that Intel cards are not great under Linux. I do see that a new Driver for eepro has been posted. I have liked to use Intel in the past, particulary the Server Adapter with the i960 RISC Processor on board; but due to the problems under Linux I have moved to SMC & Netgear cards. Both of these work great under Linux. 3COM cards I have stayed away from because of the horror under Windows and on Switched Networks I have experienced in the past. I do know 3COM has fixed a lot of this in their drivers, but who wants to create three floppies for a driver anyway? Jon Jon R. Doyle Systems Administrator Document Solutions, Inc. 1611 Telegraph Avenue Ste. 1010 Oakland, Ca. 94612 510-986-0250 >>> "Kelly S. Smelser" 12/01/99 07:01AM >>> I posted yesterday regarding problems setting up a 2nd samba server as a PDC on our campus network. It turns out that the problem appears to be more of a network card related issue. After testing the scenario out on multiple servers and having no luck, I realized that all of the server machines I was trying had Intel network cards. I then tried the same setup on my laptop with a 3com PCMCIA ethernet card and the PDC setup worked flawlessly. The machines that were not working properly were an Intel T440BX motherboard with integrated eepro 10/100 network interface and a machine with a PCI Intel EtherExpress 10/100 (i82555) card. Has anyone else noticed similar problems with this hardware? k "...kneel down and kiss the earth, and show me what this thought is worth." -Trey Anastasio/Tom Marshall (Phish) From charris at sec.gov Wed Dec 1 19:04:53 1999 From: charris at sec.gov (Caleb Harris) Date: Tue Dec 2 02:27:29 2003 Subject: How to get file permissions... Message-ID: Not a statement, but a question: can you use smbclient to get the permissions on individual files and directories on an nt share? Caleb Harris From stan24 at hotmail.com Wed Dec 1 19:11:21 1999 From: stan24 at hotmail.com (Steven Tan) Date: Tue Dec 2 02:27:29 2003 Subject: subscribe Message-ID: <19991201191121.53217.qmail@hotmail.com> subscribe ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From brandtwr-samba at draaw.net Wed Dec 1 21:22:46 1999 From: brandtwr-samba at draaw.net (Bill Brandt) Date: Tue Dec 2 02:27:29 2003 Subject: slow printing. In-Reply-To: <3.0.6.32.19991201155214.01149790@pop.pacificnet.net>; from Steve Litt on Wed, Dec 01, 1999 at 03:52:14PM -0500 References: <3.0.6.32.19991130165403.00988180@pop.pacificnet.net> <19991130154841.A30621@draaw.net> <3.0.6.32.19991130165403.00988180@pop.pacificnet.net> <19991201144445.A23724@draaw.net> <3.0.6.32.19991201155214.01149790@pop.pacificnet.net> Message-ID: <19991201162246.B25889@draaw.net> Does anyone know if such a parameter exists in NTWS? The only tabs I see are: General Ports Scheduling Sharing Security Device Settings And none of those seem to have a setting for soft fonts except device settings which has a place to load soft fonts from a file. Bill On Wed, Dec 01, 1999 at 03:52:14PM -0500, Steve Litt wrote: >I'm not much of an NT guy. On w98, it's on the printer properties dialog >box, fonts tab. > >Steve >At 02:44 PM 12/01/1999 -0500, you wrote: >>Steve, >> >>Thanks for the help... It appears your correct when I copy a large txt >file it >>runs fine and the print files are coming out around 300K for a 2-3 page >>document. However, I'm on NTWS 4.0 and can't find the setting for soft >fonts in >>the printer properties. Any ideas where that setting is? >> >>Bill >> >>On Wed, Dec 01, 1999 at 08:56:11AM +1100, Steve Litt wrote: >>>I had that once. Turned out my W$ printer def was set to "download truetype >>>fonts as graphics", which blew up the size of the print file by a factor of >>>10. When I change to "download truetype fonts as soft fonts", my Laserjet >>>IIID printed at its specified 8 pages per minute -- no cooldown. >>> >>>Copy a large text file directly to it with >>> >>>copy bigfile.txt //servername/printername >>> >>>And see whether it still prints too slowly. If not, it's probably your >>>Windows client printer def. >>> >>>Steve Litt >>> >>>At 07:53 AM 12/01/1999 +1100, Bill Brandt wrote: >>>>I'm having an issue with a samba print server. I have the following in the >>>>smb.conf >>>> >>>>[global] >>>> workgroup = DOMAINNAME >>>> netbios name = SERVERNAME >>>> server string = Samba Server >>>> security = DOMAIN >>>> encrypt passwords = Yes >>>> password server = NTDOMAINPDC >>>> log file = /var/log/samba/log.%m >>>> max log size = 50 >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>> os level = 10 >>>> local master = No >>>> dns proxy = No >>>> wins server = #.#.#.# >>>> >>>>[printers] >>>> comment = All Printers >>>> path = /var/spool/samba >>>> guest ok = Yes >>>> print ok = Yes >>>> browseable = No >>>> >>>>The printer is a HP LaserJet 4M setup with redhat print-tool in lpd. Files >>>>print, but it appears that each page is sent separately to the printer with >>>>enough time between them for the printer to stop and sometimes even "cool >>>down". >>>>Has anyone experienced this issue? >>>> >>>>-- >>>>Bill Brandt >>>>brandtwr@draaw.net http://www.draaw.net/ >>>> >>> >> >>-- >>Liam >> >>Bill Brandt >>brandtwr@draaw.net http://www.draaw.net/ >> > -- Liam Bill Brandt brandtwr@draaw.net http://www.draaw.net/ From mike at psand.net Thu Dec 2 10:34:29 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:29 2003 Subject: Bug report w/ Intel Netcards References: Message-ID: <004a01bf3cb2$52b1ea20$0164a8c0@win981> This is a little worrying, just about to purchase a Dell PowerEdge for a webserver. The ones I've used previously have all had the Intel Pro 100+ PCI card but with 450NX and 440GX chipsets and they've worked like a dream (a nice one!). This next box has a 440BX chipset. Now Dell say they support RedHat 6.0 as an OS on these machines, so perhaps it's alright - though in the UK you can't buy it pre-installed :-(. Jon, do you have a URL for that patch? Mike Harris, Psand. ----- Original Message ----- From: Jon Doyle To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, December 01, 1999 6:31 PM Subject: Re: Bug report w/ Intel Netcards > I have noticed that Intel cards are not great under Linux. I do see that a new Driver for eepro has been posted. I have liked to use Intel in the past, particulary the Server Adapter with the i960 RISC Processor on board; but due to the problems under Linux I have moved to SMC & Netgear cards. Both of these work great under Linux. 3COM cards I have stayed away from because of the horror under Windows and on Switched Networks I have experienced in the past. I do know 3COM has fixed a lot of this in their drivers, but who wants to create three floppies for a driver anyway? > > > Jon > > Jon R. Doyle > Systems Administrator > Document Solutions, Inc. > 1611 Telegraph Avenue Ste. 1010 > Oakland, Ca. 94612 > 510-986-0250 > > >>> "Kelly S. Smelser" 12/01/99 07:01AM >>> > I posted yesterday regarding problems setting up a 2nd samba > server as a PDC on our campus network. It turns out that the problem > appears to be more of a network card related issue. After testing the > scenario out on multiple servers and having no luck, I realized that all > of the server machines I was trying had Intel network cards. I then tried > the same setup on my laptop with a 3com PCMCIA ethernet card and the PDC > setup worked flawlessly. The machines that were not working properly were > an Intel T440BX motherboard with integrated eepro 10/100 network interface > and a machine with a PCI Intel EtherExpress 10/100 (i82555) card. Has > anyone else noticed similar problems with this hardware? > > k > > "...kneel down and kiss the earth, and show me what this thought is > worth." -Trey Anastasio/Tom Marshall (Phish) > From darren at mylaptop.co.uk Thu Dec 2 11:12:13 1999 From: darren at mylaptop.co.uk (darren@mylaptop.co.uk) Date: Tue Dec 2 02:27:29 2003 Subject: Installation of PDC Message-ID: <136817220.944133133577.JavaMail.root@mx-a02.backend.funmail.co.uk> I currently have Samba 2.0.3 installed, and I wsih to install a PDC. I have been to the 'Samba-NTDocFaq' website, and I have downloaded the latest CVS. When I type in (from the NTfaq) ????????cvs -d :pserver:cvs@samba.org:/cvsroot login It says: Samba.org - Host not found. How can I update Samba to act as a PDC?? Thanks, Darren ------------------------------------------------------------------- yourname@0-0-7.co.uk or yourname@shaken-not-stirred.co.uk The domain's Bond, James Bond - only from www.funmail.co.uk From wallace at tfh-berlin.de Thu Dec 2 11:32:47 1999 From: wallace at tfh-berlin.de (Grant Wallace) Date: Tue Dec 2 02:27:29 2003 Subject: Installation of PDC References: <136817220.944133133577.JavaMail.root@mx-a02.backend.funmail.co.uk> Message-ID: <384658DF.962F7B81@tfh-berlin.de> Hi Darren, isn't the hostname cvs.samba.org ? Grant > When I type in (from the NTfaq) > > cvs -d :pserver:cvs@samba.org:/cvsroot login > > It says: Samba.org - Host not found. From matthias at waechter.wol.at Thu Dec 2 11:37:40 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:29 2003 Subject: Installation of PDC In-Reply-To: <136817220.944133133577.JavaMail.root@mx-a02.backend.funmail.co.uk> Message-ID: On Thu, 2 Dec 1999 darren@mylaptop.co.uk wrote: > When I type in (from the NTfaq) > > ????????cvs -d :pserver:cvs@samba.org:/cvsroot login > > It says: Samba.org - Host not found. samba.org actually _does_ exist. :-) I think, it's a problem with your internet connection. You can only cvs from a host which has direct access to the internet (no proxy) with an official IP address or by NAT. > How can I update Samba to act as a PDC?? Depending on the level of PDC functionality, you can also use Samba 2.0 >= 2.0.3a since it has basic PDC functionality. But be sure that not every line of the NT-Domain FAQ is valid for 2.0.x PDC (additional infos in the smb.conf.html file) and you will not have support in this ML. If you want to play with cvs PDC version, I think there are links where you can get the cvs version from if you cannot access the repository via cvs directly. I don't know it from mind - maybe look into the archives. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From hf at Melog.DE Thu Dec 2 11:45:04 1999 From: hf at Melog.DE (Hauke Fath) Date: Tue Dec 2 02:27:29 2003 Subject: Installation of PDC In-Reply-To: <384658DF.962F7B81@tfh-berlin.de> References: <136817220.944133133577.JavaMail.root@mx-a02.backend.funmail.co.uk> Message-ID: <4.2.2.19991202124337.00b90370@meloghost.melog.de> At 22:33 02.12.99 +1100, Grant Wallace wrote: >isn't the hostname cvs.samba.org ? "cvs@samba.org" is what the NTDOM FAQ says. MAybe someone should fix it? hauke -- Hauke Fath Tangro Software Components GmbH D-69115 Heidelberg hf@Tangro.DE Ruf +49-6221-13336-35, Fax -21 From Johannes.Weberhofer at ibm.net Thu Dec 2 12:13:35 1999 From: Johannes.Weberhofer at ibm.net (Johannes Weberhofer) Date: Tue Dec 2 02:27:29 2003 Subject: slow printing. In-Reply-To: <19991201162246.B25889@draaw.net> Message-ID: <19991202120745Z13075590-11511+24262@samba.anu.edu.au> Hi! Unfortunately I don't have a NTWS here, but if I remember right, you have to open the printer first, then you will find something like "job properties" in the file menu where you can do these settings. I think you have to have administrator rights to change these settings. Johannes On Thu, 2 Dec 1999 08:24:17 +1100, Bill Brandt wrote: >Does anyone know if such a parameter exists in NTWS? > >The only tabs I see are: > >General >Ports >Scheduling >Sharing >Security >Device Settings > >And none of those seem to have a setting for soft fonts except device settings >which has a place to load soft fonts from a file. > >Bill > >On Wed, Dec 01, 1999 at 03:52:14PM -0500, Steve Litt wrote: >>I'm not much of an NT guy. On w98, it's on the printer properties dialog >>box, fonts tab. >> >>Steve >>At 02:44 PM 12/01/1999 -0500, you wrote: >>>Steve, >>> >>>Thanks for the help... It appears your correct when I copy a large txt >>file it >>>runs fine and the print files are coming out around 300K for a 2-3 page >>>document. However, I'm on NTWS 4.0 and can't find the setting for soft >>fonts in >>>the printer properties. Any ideas where that setting is? >>> >>>Bill >>> >>>On Wed, Dec 01, 1999 at 08:56:11AM +1100, Steve Litt wrote: >>>>I had that once. Turned out my W$ printer def was set to "download truetype >>>>fonts as graphics", which blew up the size of the print file by a factor of >>>>10. When I change to "download truetype fonts as soft fonts", my Laserjet >>>>IIID printed at its specified 8 pages per minute -- no cooldown. >>>> >>>>Copy a large text file directly to it with >>>> >>>>copy bigfile.txt //servername/printername >>>> >>>>And see whether it still prints too slowly. If not, it's probably your >>>>Windows client printer def. >>>> >>>>Steve Litt >>>> >>>>At 07:53 AM 12/01/1999 +1100, Bill Brandt wrote: >>>>>I'm having an issue with a samba print server. I have the following in the >>>>>smb.conf >>>>> >>>>>[global] >>>>> workgroup = DOMAINNAME >>>>> netbios name = SERVERNAME >>>>> server string = Samba Server >>>>> security = DOMAIN >>>>> encrypt passwords = Yes >>>>> password server = NTDOMAINPDC >>>>> log file = /var/log/samba/log.%m >>>>> max log size = 50 >>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>>> os level = 10 >>>>> local master = No >>>>> dns proxy = No >>>>> wins server = #.#.#.# >>>>> >>>>>[printers] >>>>> comment = All Printers >>>>> path = /var/spool/samba >>>>> guest ok = Yes >>>>> print ok = Yes >>>>> browseable = No >>>>> >>>>>The printer is a HP LaserJet 4M setup with redhat print-tool in lpd. Files >>>>>print, but it appears that each page is sent separately to the printer with >>>>>enough time between them for the printer to stop and sometimes even "cool >>>>down". >>>>>Has anyone experienced this issue? >>>>> >>>>>-- >>>>>Bill Brandt >>>>>brandtwr@draaw.net http://www.draaw.net/ >>>>> >>>> >>> >>>-- >>>Liam >>> >>>Bill Brandt >>>brandtwr@draaw.net http://www.draaw.net/ >>> >> > >-- >Liam > >Bill Brandt >brandtwr@draaw.net http://www.draaw.net/ > ---------------------------------------------------------------------- Johannes Weberhofer >>> IT-Technologies Austria email: Johannes.Weberhofer@ibm.net tel: +43 (0)3178 - 3679 tel: +43 (0)1 - 204 28 65 ---------------------------------------------------------------------- From sellaro at lia.ufc.br Thu Dec 2 14:36:58 1999 From: sellaro at lia.ufc.br (Sellaro) Date: Tue Dec 2 02:27:29 2003 Subject: Active ports when serving as PDC Message-ID: Hi there folks I'm setting up a very strange firewall and I need to know what ports a PDC running Samba needs to wowrk properly. In fact, I would like to know if PDC uses TCP conection or just IPX. Thanks -- Sellaro Laboratorio do Mestrado em Ciencia da Computacao Network Administrator - Departamento de Computacao - UFC PGP Key Available Upon Request From skvidal at phy.duke.edu Thu Dec 2 14:23:30 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:29 2003 Subject: Active ports when serving as PDC In-Reply-To: Message-ID: > I'm setting up a very strange firewall and I need to know what ports a PDC > running Samba needs to wowrk properly. In fact, I would like to know if > PDC uses TCP conection or just IPX. it definitely does not use IPX. Do you want the PDC to be able to pass through the firewall? If so, why? But if yuou do you'll need at least 137 138 and 139 possibly more but thats all the ones I know of. Again why are you doing this: Most of PDC uses are LAN-centric and generally shouldn't be passed through firewalls. -sv From rad2921 at cup.edu Thu Dec 2 15:11:26 1999 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd In-Reply-To: <19991202120745Z13075590-11511+24262@samba.anu.edu.au> Message-ID: hi.. i'm new to this mailing list.. so if my answer has been answered before please dont get mad.. but.. my problem arises when i try to add the workstation_name$ to /etc/passwd and then i run /usr/local/samba/bin/smbpasswd -a -m workstation_name for some reason i always get the error "user not in system password file.. but i have added it to /etc/passwd .. i don't know what the exact problem is.. but i've gone through the Samba Online documents.. and i'm trying to have my NT Workstation to connect to my FreeBSD server using the latest version of samba.. the problem i get is the: "This machine account for this computer either does not exist or is not accessable." and samba won't recognize the added user i added in /etc/passwd.. if anyone has any suggestions please help.. thank you very much.. Tim Radigan From olivier.wegria at novactiongroup.com Thu Dec 2 15:28:28 1999 From: olivier.wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd Message-ID: <01BF3CE2.444C4DB0.olivier.wegria@novactiongroup.com> don't you forget the $ in /usr/local/samba/bin/smbpasswd -a -m workstation_name$ Olivier -----Message d'origine----- De: Tim Radigan [SMTP:rad2921@cup.edu] Date: jeudi 2 decembre 1999 16:08 A: Multiple recipients of list SAMBA-NTDOM Objet: problems with smbpasswd and freebsd hi.. i'm new to this mailing list.. so if my answer has been answered before please dont get mad.. but.. my problem arises when i try to add the workstation_name$ to /etc/passwd and then i run /usr/local/samba/bin/smbpasswd -a -m workstation_name for some reason i always get the error "user not in system password file.. but i have added it to /etc/passwd .. i don't know what the exact problem is.. but i've gone through the Samba Online documents.. and i'm trying to have my NT Workstation to connect to my FreeBSD server using the latest version of samba.. the problem i get is the: "This machine account for this computer either does not exist or is not accessable." and samba won't recognize the added user i added in /etc/passwd.. if anyone has any suggestions please help.. thank you very much.. Tim Radigan From dlee at cse.fau.edu Thu Dec 2 15:35:37 1999 From: dlee at cse.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd In-Reply-To: Message-ID: It is best to use rvipw to edit the password file. It will take tou to the shadow file, for which an entry is needed. Then it will make the changes to the system. If you just edited the /etc/passwd file. The system has not recognized the changes you have made. Remember any entry added to the passwd file must have a corresponding entry in the shadow file. --==Don==-- On Fri, 3 Dec 1999, Tim Radigan wrote: > hi.. i'm new to this mailing list.. so if my answer has been answered before > please dont get mad.. > > but.. my problem arises when i try to add the workstation_name$ to > /etc/passwd and then i run /usr/local/samba/bin/smbpasswd -a -m > workstation_name > > for some reason i always get the error "user not in system password file.. > but i have added it to /etc/passwd .. i don't know what the exact problem > is.. but i've gone through the Samba Online documents.. and i'm trying to > have my NT Workstation to connect to my FreeBSD server using the latest > version of samba.. the problem i get is the: "This machine account for this > computer either does not exist or is not accessable." > > and samba won't recognize the added user i added in /etc/passwd.. if anyone > has any suggestions please help.. thank you very much.. > > Tim Radigan > > From cartegw at Eng.Auburn.EDU Thu Dec 2 15:38:58 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd References: <01BF3CE2.444C4DB0.olivier.wegria@novactiongroup.com> Message-ID: <38469292.32456EF8@eng.auburn.edu> Olivier Wegria wrote: > > don't you forget the $ in /usr/local/samba/bin/smbpasswd > -a -m workstation_name$ Shouldn't matter. Last time I looked at the source at least. I wonder if this is some type of 8 character limit to username's maybe? Don't have a free BSD box around here to check. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mmt4q at ee.virginia.edu Thu Dec 2 15:47:52 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd References: <01BF3CE2.444C4DB0.olivier.wegria@novactiongroup.com> Message-ID: <384694A8.F7F9EC82@ee.virginia.edu> Tim, I don't believe Olivier is correct. You DO NOT put a $ at then end of the workstation name when using the smbpasswd -a -m command. For an example take a look at: http://socrates.mps.ohio-state.edu/~ccunning/samba.html Under the Add Machine Accounts section you'll see: Now you need to add a few accounts to your computer. In your /etc/passwd (and /etc/shadow if you use shadow passwords) create a user account for each Windows client that will be connecting to your samba server. Each username must be followed by a $, the shell, home directory, password, and all that don't matter, you just need the machine name and the UID. For example, my /etc/passwd contains: machine_1$:x:56:230:Welk:/dev/null:/ machine_2$:x:57:230:Hendrix:/dev/null:/ and my /etc/shadow: machine_1$:NP:6445:::::: machine_2$:NP:6445:::::: Now you'll need to create samba accounts for these machines. Go to your samba bin directory and run smbpasswd -a -m machine_1 for each machine. DO NOT put the $ at the end, the program will do that for you. Do this for each Windows client that will connect to your machine. At this point as well, it would be a good idea to test out your setup. Run the program testparm in the samba bin directory. It should give no errors, and list the shares available. I followed this example and it works fine in at my location but I'm using NIS so my entries are in /var/yp/passwd and /var/yp/shadow. Hope this helps, Melissa Olivier Wegria wrote: > don't you forget the $ in /usr/local/samba/bin/smbpasswd -a -m workstation_name$ > > Olivier > > -----Message d'origine----- > De: Tim Radigan [SMTP:rad2921@cup.edu] > Date: jeudi 2 decembre 1999 16:08 > A: Multiple recipients of list SAMBA-NTDOM > Objet: problems with smbpasswd and freebsd > > hi.. i'm new to this mailing list.. so if my answer has been answered before > please dont get mad.. > > but.. my problem arises when i try to add the workstation_name$ to > /etc/passwd and then i run /usr/local/samba/bin/smbpasswd -a -m > workstation_name > > for some reason i always get the error "user not in system password file.. > but i have added it to /etc/passwd .. i don't know what the exact problem > is.. but i've gone through the Samba Online documents.. and i'm trying to > have my NT Workstation to connect to my FreeBSD server using the latest > version of samba.. the problem i get is the: "This machine account for this > computer either does not exist or is not accessable." > > and samba won't recognize the added user i added in /etc/passwd.. if anyone > has any suggestions please help.. thank you very much.. > > Tim Radigan -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From aescalan at ifcsun1.ifisiol.unam.mx Thu Dec 2 16:51:13 1999 From: aescalan at ifcsun1.ifisiol.unam.mx (Ana Maria Escalante) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd In-Reply-To: Message-ID: Tim: I have just done that for my NT Wkstations and everything is working fine. First of all, be sure to use the workstation name plus a $ sign when you add the machine to the /etc/passwd file. Do not miss any of the fields of the /etc/passwd. It happened to me once that I missed one field and the system did not recognized the new account. Be sure that the account?s password is the workstation?s name all in lower case. If the smbpasswd -a -m WKstname tells you that the account does not exist, check your /etc/passwd once again. The problem must be there. I hope this may help. Regards Ana Maria Escalante On Fri, 3 Dec 1999, Tim Radigan wrote: > hi.. i'm new to this mailing list.. so if my answer has been answered before > please dont get mad.. > > but.. my problem arises when i try to add the workstation_name$ to > /etc/passwd and then i run /usr/local/samba/bin/smbpasswd -a -m > workstation_name > > for some reason i always get the error "user not in system password file.. > but i have added it to /etc/passwd .. i don't know what the exact problem > is.. but i've gone through the Samba Online documents.. and i'm trying to > have my NT Workstation to connect to my FreeBSD server using the latest > version of samba.. the problem i get is the: "This machine account for this > computer either does not exist or is not accessable." > > and samba won't recognize the added user i added in /etc/passwd.. if anyone > has any suggestions please help.. thank you very much.. > > Tim Radigan > From kiril at prima.mech.ru.acad.bg Thu Dec 2 16:56:35 1999 From: kiril at prima.mech.ru.acad.bg (Kiril Hristov) Date: Tue Dec 2 02:27:29 2003 Subject: problem with smbpasswd Message-ID: Hi, I tried to test the features "trusted domain" and "trusting domain". I've downloaded the last source code and compiled it. Now I receive the following message when I run the smbpasswd command: cli_connect_serverlist: Can't resolve address for ELMO cli_connect_serverlist: Domain password server not available. cli_net_use_addlist: connection failed Segmentation fault (core dumped) My Samba PDC has the name ELMO. These are my smb.conf parameters: # Global parameters workgroup = ELMOWG netbios name = netbios aliases = server string = Samba Server %v interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No server ntlmv2 = False client ntlmv2 = False use rhosts = No map to guest = Never null passwords = No password server = smb passwd file = /usr/local/samba/private/smbpasswd hosts equiv = root directory = / passwd program = /bin/passwd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No dfs map = log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes protocol = NT1 read bmpx = Yes read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = wins lmhosts bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 load printers = Yes printcap name = /etc/printcap printer driver file = /etc/printers.def nt forms file = /etc/ntforms.def nt printer driver = /etc strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes trusted domains = trusting domains = local group map = domain group map = builtin group map = builtin rid file = domain user map = machine password timeout = 604800 logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 32 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes dns proxy = No wins proxy = No wins server = 194.141.29.6 wins support = No kernel oplocks = Yes ole locking compatibility = Yes smbrun = /usr/bin/smbrun config file = preload = lock dir = /usr/var/locks default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = sysv print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = lpc stop %p queueresume command = lpc start %p printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes strict locking = No share modes = Yes copy = include = exec = postexec = root preexec = root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs option = [homes] comment = Home Directories read only = No browseable = No vfs option = [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No vfs option = [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes vfs option = =============================================================== Kiril D. Hristov, Student | Home address: Computer Technic | 19 z Maria Luisa str. University of Rousse | BG-7012 Rousse BG-7017 Rousse/ Bulgaria | Bulgaria ICQ: 10441225 | phone: +359 82 277 591 --------------------------------------------------------------- http://www.mech.ru.acad.bg/~kiril =============================================================== From gtm at oracom.com Thu Dec 2 18:06:03 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:29 2003 Subject: rpcclient Message-ID: <3846B50B.2EA54C7E@oracom.com> Hi all, What is the point of rpcclient? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From lisa at USNA.Navy.Mil Thu Dec 2 17:15:20 1999 From: lisa at USNA.Navy.Mil (Lisa Becktold {CADIG STAFF}) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd and freebsd Message-ID: <199912021715.MAA28163@leto16.usna.navy.mil> Date: Thu, 2 Dec 1999 11:13:42 -0500 (EST) From: Lisa Becktold {CADIG STAFF} Subject: Re: problems with smbpasswd and freebsd To: rad2921@cup.edu Cc: lisa@hermes.ewlab.usna.edu MIME-Version: 1.0 Content-MD5: urCFQmaHoZRN0PoC7p/RHw== Hi: I add the NT workstation name with a dollar sign at the end in /etc/passwd. My entry looks like this (not the real pc name or IDs): pc103$:*:5703:15555:NT-SAMBA machine {CADIG GUEST}:/dev/null:/bin/false But when I run smbpasswd, I do not put the dollar sign at the end. I was under the impression that the "-m" (machine) option does this for you. So the smbpasswd command I'd run for the above PC is: smbpasswd -a -m pc103 Are you using the dollar sign with smbpasswd? That might confuse matters.... Also, are you dealing with a local copy of /etc/passwd or an NIS copy? Are you making both the /etc/passwd and /usr/samba/smbpasswd entry on the same machine? Lisa > Originator: samba-ntdom@samba.org > From: "Tim Radigan" > To: Multiple recipients of list SAMBA-NTDOM > Subject: problems with smbpasswd and freebsd > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas > X-URL: http://lists.samba.org/ > X-Comment: Discussion of NT domain controller support in Samba > Date: Fri, 3 Dec 1999 02:07:21 +1100 > > hi.. i'm new to this mailing list.. so if my answer has been answered before > please dont get mad.. > > but.. my problem arises when i try to add the workstation_name$ to > /etc/passwd and then i run /usr/local/samba/bin/smbpasswd -a -m > workstation_name > > for some reason i always get the error "user not in system password file.. > but i have added it to /etc/passwd .. i don't know what the exact problem > is.. but i've gone through the Samba Online documents.. and i'm trying to > have my NT Workstation to connect to my FreeBSD server using the latest > version of samba.. the problem i get is the: "This machine account for this > computer either does not exist or is not accessable." > > and samba won't recognize the added user i added in /etc/passwd.. if anyone > has any suggestions please help.. thank you very much.. > > Tim Radigan > ---------------------------------------------------------- Lisa M. Becktold - lisa@usna.navy.mil, (410) 293-6480 United States Naval Academy - CADIG 590 Holloway Road, Rickover Hall, Annapolis, MD 21402-5000 ------------- End Forwarded Message ------------- ---------------------------------------------------------- Lisa M. Becktold - lisa@usna.navy.mil, (410) 293-6480 United States Naval Academy - CADIG 590 Holloway Road, Rickover Hall, Annapolis, MD 21402-5000 From siems at cck.uni-kl.de Thu Dec 2 17:46:18 1999 From: siems at cck.uni-kl.de (Sven Siems) Date: Tue Dec 2 02:27:29 2003 Subject: NT Terminal Server integrated in Samba-PDC controlled NT-Domain? Message-ID: <001301bf3ced$2371a7b0$4ec9f683@fbk42> Hi all, My NT-Terminal Server crashes when I want to login into a NT domain. The PDC (Samba Linux Server) works together with all other NT-Workstations but not with my Terminal Server. The NT Terminal Server is a stand alone server integrated "successfully" in my domain. Login local is no Problem. For domain users I set the login-rights a little bit different as described in the Samba NT-domain FAQ: "If using NT server to log in, run the User Manager for Domains, and grant "Everyone" (or "Authenticated Users assuming NT4SP3 or higher) the capability to Log in Locally , which you would have to do even if you were logging in to another NT PDC instead of a Samba PDC." granting "everyone" or "Authenticated Users" the capability to Log in Locally didn?t work, but granting to different users of the domain works. The password for the computer for smbpasswd is set and reset corectly (I hope so) Whats wrong? Is NT Teminal Server not able to work with a Samba NTdomain PDC? Sven Dipl.-Ing. Sven Siems Lehrstuhl f?r Fertigungstechnik und Betriebsorganisation Universit?t Kaiserslautern Abteilung Fertigungstechnologie Postfach 3049 67653 Kaiserslautern Fon: 0631/205-3387 Fax: 0631/205-3238 e-mail: siems@cck.uni-kl.de -------------- next part -------------- HTML attachment scrubbed and removed From darren at mylaptop.co.uk Thu Dec 2 18:13:23 1999 From: darren at mylaptop.co.uk (darren@mylaptop.co.uk) Date: Tue Dec 2 02:27:29 2003 Subject: PDC Message-ID: <137394834.944158403663.JavaMail.root@mx-a02.backend.funmail.co.uk> Hi, I couldn't install that CVS as I don't have an internet connection on the machine, like somebody said I need. I believe though, that Samba2.0.3 can be a PDC, I am having trouble though. I have set up the smb.conf file 'domain logons =yes', and the name of the domain. On my WinNT4 machine, I try and change the network config to look for the domain, and it says Cannot be found. Sometimes it says - You are alreasy connected to the domain, and I have to restart the WinNt machine to disconnect. Is this because I am using Samba2.0.3 or WinNt - or at the worst BOTH :(. When I check the properties of the Linux box, it does say Domain: Samba so I am unsure what is going on. Cheers, Darren -------------------------------------------------------------------------------- Get an email address that is @licensedtothrill.co.uk Only from http://www.funmail.co.uk From mike at psand.net Thu Dec 2 18:41:48 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:29 2003 Subject: Samba and NT Domain Group membership. Message-ID: <001f01bf3cf5$06e099a0$0164a8c0@win981> Am I correct in believing that Domain Group membership of users in NT makes absolutely no difference to a Samba server? For example: I have a network with an NT PDC, a Samba 2.0.6 server and an NT Workstation. The Samba server is configured with security=domain and password server=*. With this setting, the actual user account on the Samba server does not need to have a password set (as the authentication is passed-through to the NT PDC) and has it's login shell set to /dev/null for security. Home shares work fine this way :) I have a directory called /home/public which is my public share on my Samba server and an smb.conf snippet for this is: [public] path = /home/public valid users=@users admin users=@admin The directory /home/public is user=root, group=users with permissions set to 0750. In my smbusers file, I have two entries: users="Domain Users" admin="Domain Admins" with the hope that by adding a user account to the Domain Admins group on the PDC will give it 'passed-through' group access to the share and give the user super-user access, i.e. write access. Now this doesn't work, unless I add the user to the admin group in /etc/group. This implies that Domain Group membership has absolutely no effect on Samba as it's only interested in the UNIX group file. I think I'm completely barking up the wrong tree with this one, but could someone confirm this is the case for me? Or is there a way to make this work? Many thanks in advance, Mike Harris, Psand. From dgiroux at authentica.com Thu Dec 2 19:40:15 1999 From: dgiroux at authentica.com (David Giroux) Date: Tue Dec 2 02:27:29 2003 Subject: rpcclient References: <3846B50B.2EA54C7E@oracom.com> Message-ID: <3846CB1F.2736942D@authentica.com> Glenn MacGregor wrote: > Hi all, > > What is the point of rpcclient? > > Thanks > > Glenn I have used SMBLIB (circa 1997) but need to do things that are only in the CVS head of rpcclient. From a developers stand point, I feel it would be very most useful to have a library that can be incorporated at will into a multitude of different applications. >From a project management standpoint, I think it would be best to split rpcclient into app and library so that the resulting library is an integral part of the main SAMBA development effort and remains current. Of course, it be most useful to also have extensive documentation for this library. Are there any plans to revamp/upgrade SMBLIB so that it is current? Just Hoping. DG. From lkcl at samba.org Thu Dec 2 21:36:25 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:29 2003 Subject: rpcclient Message-ID: what is the point of rpcclient. does this example help? it shows how to join a workstation to a domain, and shows how to create a new user and then set that user's password. there is much more: this is only three of the 70 or so commands. [yes, the administrator's password really is "test" :-)] Script started on Thu Dec 2 16:23:04 1999 [root@steeleye source]# bin/rpcclient -S emery -U administrator%test -l log [administrator@EMERY]$ lsaq lsaq LSA Query Info Policy Domain Member - Domain: ROCKNROLL SID: S-1-5-21-639959114-323303692-99485923 Domain Controller - Domain: ROCKNROLL SID: S-1-5-21-639959114-323303692-99485923 [administrator@EMERY]$ createuser WORKSTATION$ -j createuser WORKSTATION$ -j SAM Create Domain User Domain: ROCKNROLL Name: WORKSTATION$ ACB: [W ] Create Domain User: OK Join WORKSTATION to Domain ROCKNROLL: OK [administrator@EMERY]$ createuser new_user createuser new_user SAM Create Domain User Domain: ROCKNROLL Name: new_user ACB: [U ] Create Domain User: OK [administrator@EMERY]$ samuserset new_user -p test_password samuserset new_user -p test_password SAM Set User Info: new_user Password: test_password Set User Info: OK [administrator@EMERY]$ enumusers enumusers SAM Enumerate Users User RID: 416 User Name: Adm!n User RID: 1f4 User Name: Administrator User RID: 414 User Name: BROOKFIELDS$ User RID: 1f5 User Name: Guest User RID: 3fe User Name: lkcl User RID: 47b User Name: new_user User RID: 478 User Name: NT5-1$ User RID: 463 User Name: REGENT$ User RID: 477 User Name: STEELEYE$ User RID: 3fd User Name: test User RID: 470 User Name: TEST$ User RID: 407 User Name: test1 User RID: 408 User Name: test2 User RID: 409 User Name: test3 User RID: 40a User Name: test5 User RID: 40c User Name: test6 User RID: 40e User Name: test7 User RID: 40f User Name: test8 User RID: 47a User Name: TESTWKS$ User RID: 479 User Name: TESTWKS1$ User RID: 404 User Name: VUSR_EMERY User RID: 47c User Name: WORKSTATION$ [administrator@EMERY]$ quit quit [root@steeleye source]# exit exit Script done on Thu Dec 2 16:24:10 1999 From lkcl at samba.org Thu Dec 2 21:40:38 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:29 2003 Subject: problem with smbpasswd Message-ID: Kiril, i no longer get the core dump, please obtain latest cvs. please remember, i commit _really_ frequently when i'm dealing with an area (four to six times a day is not uncommon). thx, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Thu Dec 2 21:43:19 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:29 2003 Subject: problems with smbpasswd Message-ID: by the way, the format for "trusted domains = " and "trusting domains =" is: trusting domains = "DOMAIN1=PDC, BDC1, BDC2" DOMAIN2=PDC2 etc. From lkcl at samba.org Thu Dec 2 21:48:31 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:29 2003 Subject: Active ports when serving as PDC Message-ID: hi, if you are considering running a PDC outside of a firewall, think again. if the PDC is samba or if the PDC is NT, doesn't matter. do you really want hackers to know all your usernames? do you want them to knnow when your users last logged in? do you want them to know which accounts hve administrator or other group rights? tell me you're not going to run a PDC outside your firewall, please :) best regards, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From chrisl at monmouth.com Thu Dec 2 22:49:37 1999 From: chrisl at monmouth.com (Chris Lubrecht) Date: Tue Dec 2 02:27:29 2003 Subject: No clue..SMBD question Message-ID: <020701bf3d17$82e21520$290dbfd1@noc3.monmouth.com> I am currently trying to set up the newest version of Samba on a BSDI machine. The BSDI release comes with version 1.9.18p10. I can get that version to run fine as both a stand alone Daemon and in inetd. The problem I have is when I try to run the latest version of smbd. The log files say smbd starts fine, but I cannot connect, and ps -aux returns that the process is not running.. The problem does not seem to be with smb.conf, as I can use the exact same smb.conf file with the old version and everything works fine. I can see nothing in the logs that says smbd is crashing or not starting..like I said.. it appears as if it is starting fine. Anyone experience the same problem or similar? Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ From skvidal at phy.duke.edu Thu Dec 2 22:58:25 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:29 2003 Subject: No clue..SMBD question In-Reply-To: <020701bf3d17$82e21520$290dbfd1@noc3.monmouth.com> Message-ID: set: debug level = 10 in your smb.conf see what the logs say then. -sv From chrisl at monmouth.com Thu Dec 2 23:08:11 1999 From: chrisl at monmouth.com (Chris Lubrecht) Date: Tue Dec 2 02:27:29 2003 Subject: No clue..SMBD question Message-ID: <020e01bf3d1a$1aabbd50$290dbfd1@noc3.monmouth.com> Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ > >set: > >debug level = 10 > >in your smb.conf >see what the logs say then. Well..I did that..but did not see anything conclusive. In fact... it says that smbd is started. if people do not mind the spam..I'll post a copy of the startup here...(smb.log) Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ From mgeddes at xavier.sa.edu.au Fri Dec 3 00:36:45 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:29 2003 Subject: Group Policies and Windows NT groups Message-ID: <3.0.5.32.19991203103645.007ad640@mail.xavier.sa.edu.au> I am running a Samba 2.0.5a Samba server. I'd like it to take over as PDC on our network (Windows NT is on it's way out ;-)). Is there any way of having Samba emulate the Windows NT groups, so that my group policies will still work? I couldn't find much in the FAQs. Matt From leisner at rochester.rr.com Fri Dec 3 03:33:16 1999 From: leisner at rochester.rr.com (Marty Leisner) Date: Tue Dec 2 02:27:29 2003 Subject: rpcclient In-Reply-To: Your message of "Fri, 03 Dec 1999 04:08:35 +1100." <3846B50B.2EA54C7E@oracom.com> Message-ID: <199912030333.WAA02602@rochester.rr.com> Another way to crash windows NT by naive users? ;-) Marty Leisner Glenn MacGregor writes on Fri, 03 Dec 1999 04:08:35 +1100 > Hi all, > > What is the point of rpcclient? > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > From breshear at eoni.com Fri Dec 3 05:23:35 1999 From: breshear at eoni.com (Doug Breshears) Date: Tue Dec 2 02:27:29 2003 Subject: Custom Domain groups in samba 2.0.6 Message-ID: <01a201bf3d4e$92a69f80$84cbe4d8@douglabr> I have found that ... "domain admin group = root" will get me Domain Admins group and upon looking at the CVS.log and source code there is another parameter "domain groups" but no info on how to use it properly. In the cvs.log it was mentioned that that you could use it like "domain groups = power_users" but upon trying this and experimenting with other options I can not cause any more Domain Groups to show up in the User Manager except the "Domain Admins". So, Does anybody know how to use "domain groups"? does it even work? Thanks. Doug Breshears breshear@eoni.com -------------- next part -------------- HTML attachment scrubbed and removed From snail_talk at yahoo.com Fri Dec 3 07:48:41 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:29 2003 Subject: No clue..SMBD question In-Reply-To: <020e01bf3d1a$1aabbd50$290dbfd1@noc3.monmouth.com> Message-ID: <000501bf3d62$d1661200$0200000a@workstation1> Hi, Please do. Set the log level to something like 10 or 20, then send in the debug file. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Chris Lubrecht Sent: Friday, December 03, 1999 7:08 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: No clue..SMBD question Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ > >set: > >debug level = 10 > >in your smb.conf >see what the logs say then. Well..I did that..but did not see anything conclusive. In fact... it says that smbd is started. if people do not mind the spam..I'll post a copy of the startup here...(smb.log) Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ From snail_talk at yahoo.com Fri Dec 3 07:48:43 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:29 2003 Subject: PDC In-Reply-To: <137394834.944158403663.JavaMail.root@mx-a02.backend.funmail.co.uk> Message-ID: <000601bf3d62$d260c5b0$0200000a@workstation1> Hi This is covered in the FAQ. Seems you are missing something. (1) you need to use encrypted passwords. You can hack the smb.conf file. You must also create the samba password file, and you can do that with mksmbpasswd.sh. try something like cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd (2) (3) You need to create an account for your machine in the /etc/passwd file. Remember to add the dollar sign $ after the machine name. For sake of security, set the shell to something like /bin/false (4) Add it with the smbpasswd file. Smbpasswd -a -m foo. Btw, the a stands for add account, m stands for machine account. (5) Try joining the domain from the nt workstation. You cannot use the create accoutn option yet because it doesn't work yet. You'll get a beatiful message saying welcome to xyz domain. (6) -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of darren@mylaptop.co.uk Sent: Friday, December 03, 1999 2:15 AM To: Multiple recipients of list SAMBA-NTDOM Subject: PDC Hi, I couldn't install that CVS as I don't have an internet connection on the machine, like somebody said I need. I believe though, that Samba2.0.3 can be a PDC, I am having trouble though. I have set up the smb.conf file 'domain logons =yes', and the name of the domain. On my WinNT4 machine, I try and change the network config to look for the domain, and it says Cannot be found. Sometimes it says - You are alreasy connected to the domain, and I have to restart the WinNt machine to disconnect. Is this because I am using Samba2.0.3 or WinNt - or at the worst BOTH :(. When I check the properties of the Linux box, it does say Domain: Samba so I am unsure what is going on. Cheers, Darren ---------------------------------------------------------------------------- ---- Get an email address that is @licensedtothrill.co.uk Only from http://www.funmail.co.uk From rohit at translogicsys.com Fri Dec 3 15:11:09 1999 From: rohit at translogicsys.com (Rohit Peyyeti) Date: Tue Dec 2 02:27:29 2003 Subject: Help Please! Message-ID: <00ac01bf3da0$a86ed240$6cc8c8c8@genetech> Hello: I have Red Hat Linux 6.0 running on my Intel machine. I have recently installed samba 2.0.3 to make shares on the linux machine visible on the Windows NT Nertwork. Most of my machines are Windows NT Workstations. My Question is...How to make samba start at the boot time. I usually start samba by calling /usr/sbin/samba start. This starts samba on my machine. I this to happen automatically at the boot time. I am quite new to Linux. Can you please give me step by step instructions on how to start samba at boot time. Any help will be appreciated. Thanks Rohit -------------- next part -------------- HTML attachment scrubbed and removed From giulioo at pobox.com Fri Dec 3 10:13:03 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:29 2003 Subject: Help Please! In-Reply-To: <00ac01bf3da0$a86ed240$6cc8c8c8@genetech> References: <00ac01bf3da0$a86ed240$6cc8c8c8@genetech> Message-ID: <19991203101244.8398F26F48@i3.golden.dom> On Fri, 3 Dec 1999 20:46:53 +1100, hai scritto: >I am quite new to Linux. Can you please give me step by step >instructions on how to start samba at boot time. # chkconfig smb on this adjusts the samba symlink in /etc/rc.d/rc3.d to make it start at boot. -- giulioo@pobox.com From glterp at bellsouth.net Fri Dec 3 13:31:36 1999 From: glterp at bellsouth.net (Gary Terpstra) Date: Tue Dec 2 02:27:29 2003 Subject: Problem with WinNT SP6 after Joining Samba Domain Message-ID: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> I am having a problem with WinNT SP6 after joining Samba Domain. I am able to join the domain successfully. After I join the domain, I am not able to assign rights from the domain to the WinNT machine. When I go to User Manager and try to add an individual or group from the domain I get this message "Unable to browse the selected domain because the following error occurred: The tag is invalid." Can anyone provide any help. Thanks Gary Terpstra 423-842-7501 glterp@bellsouth.net -------------- next part -------------- HTML attachment scrubbed and removed From kiril at mech.ru.acad.bg Fri Dec 3 11:53:20 1999 From: kiril at mech.ru.acad.bg (Kiril Hristov) Date: Tue Dec 2 02:27:29 2003 Subject: problem with smbpasswd References: Message-ID: <3847AF30.67D1E0ED@mech.ru.acad.bg> Hi, Luke, my problem is the following: When I type smbpasswd whitout any parameters it get me the message "Domain password server not available". My Samba is configured as PDC for the domain and there are no NTs in this domain. Security is USER. The parameter "password server" is not activated. I think my Samba must be the domain password server, but smbpasswd doesn't think so :) Bye =============================================================== Kiril D. Hristov, Student | Home address: Computer Technic | 19 z Maria Luisa str. University of Rousse | BG-7012 Rousse BG-7017 Rousse/ Bulgaria | Bulgaria ICQ: 10441225 | phone: +359 82 277 591 --------------------------------------------------------------- http://www.mech.ru.acad.bg/~kiril =============================================================== From norman at lithe.uark.edu Fri Dec 3 14:45:30 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:29 2003 Subject: Problem with WinNT SP6 after Joining Samba Domain References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> Message-ID: <3847D78A.F917E6D7@lithe.uark.edu> Gary Terpstra wrote: > I am having a problem with WinNT SP6 after joining Samba Domain. I am > able to join the domain successfully. After I join the domain, I am > not able to assign rights from the domain to the WinNT machine. When > I go to User Manager and try to add an individual or group from the > domain I get this message "Unable to browse the selected domain > because the following error occurred: The tag is invalid." Can anyone > provide any help. Thanks > Gary Terpstra > 423-842-7501 > glterp@bellsouth.net I am having the same problem with a SP6 machine. Of course, we just migrated machines recently, too (moved our Domain from an older PII 266 to a newer dual PIII 550. Works great guys!). I was wondering, when I moved the domain information from one system to another, I copied over all of the information (smb.conf, smbpasswd, passwd), and I also copied the MACHINE.SID. Now, all systems can still log in and are authenticated by the samba PDC (v2.0.6), but the other tech coordinator and myself had ourselves added to the individual computers as users with administrative rights. This no longer works real well. Should I not have copied the MACHINE.SID file? Is there anyway to create domain admin group with 2.0.6 (last I had read, the Domain admin and group files where only good for 2.1, I thought?)? Also, we use Publisher on our NT Workstations. Recently, someone had moved her stuff to her home directory, including all of her publisher files. When she tried to open and edit the file, it worked, but when she tried to save the file, Publisher reported an error stating that the disk is full or write protected, or that there is insufficient memory to perform the action. Well, we tried saving on the server and to her local machine, and neither way did it work. Finally, after losing all of her changes, I had her copy the file to the local machine and work on it there, upon which it opened, editted, and saved fine. Before, it also seemed to have corrupted her working copy (within Publisher) whenever she was working on it from the server. Has anyone else noticed this? This is Publisher 98 that caused the problem. I know this is long, but if anyone could point me into a right direction, I would greatly appreciate it. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From chrisl at monmouth.com Fri Dec 3 14:57:41 1999 From: chrisl at monmouth.com (Chris Lubrecht) Date: Tue Dec 2 02:27:30 2003 Subject: No clue..SMBD question Message-ID: <002f01bf3d9e$c057f460$290dbfd1@noc3.monmouth.com> Ok..I clipped most of the first part (I did the log at 10)...I post from a few lines before the line where it says smbd is started....which then leaves us with the loading of the smb.conf file.. If you need the full thing..I'll send it .. Note..testparm shows no problem with smb.conf...and I can get ver 1.9.18p10 to work with the same smb.conf file...:) Lastly.. I removed stuff in the smb.conf file to get rid of the printer erros at the end.. but it did not affect the problem... Thanks in advance for the help... [1999/12/02 18:04:08, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/ramir0h. [1999/12/02 18:04:08, 5] lib/doscalls.c:dos_GetWd(467) dos_GetWd /usr/local/samba/bin, inode 65777, dev 3145735 [1999/12/02 18:04:08, 3] lib/doscalls.c:dos_ChDir(336) dos_ChDir to /usr/local/samba/bin [1999/12/02 18:04:08, 1] smbd/server.c:main(643) smbd version 2.0.6 started. Copyright Andrew Tridgell 1992-1998 [1999/12/02 18:04:08, 2] smbd/server.c:main(647) uid=0 gid=0 euid=0 egid=0 [1999/12/02 18:04:08, 3] param/loadparm.c:init_globals(867) Initialising global parameters [1999/12/02 18:04:08, 3] param/params.c:pm_process(538) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [1999/12/02 18:04:08, 3] param/loadparm.c:do_section(2283) Processing section "[global]" doing parameter workgroup = (Removed before posting) doing parameter server string = (Removed before posting doing parameter netbios name = (Removed before posting) doing parameter hosts allow = (Removed before posting/255.255.255.0 doing parameter printcap name = /etc/printcap doing parameter printing = bsd doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter socket options = TCP_NODELAY doing parameter dns proxy = no [1999/12/02 18:04:08, 2] param/loadparm.c:do_section(2300) Processing section "[homes]" doing parameter comment = Home Directories doing parameter browseable = no doing parameter writable = yes [1999/12/02 18:04:08, 2] param/loadparm.c:do_section(2300) Processing section "[chris]" doing parameter comment = Chris' Service doing parameter path = /usr/home/chris doing parameter valid users = chris, chrisl doing parameter public = no doing parameter writable = yes doing parameter printable = no [1999/12/02 18:04:08, 2] param/loadparm.c:do_section(2300) Processing section "[printers]" doing parameter comment = All Printers doing parameter path = /usr/local/samba/var doing parameter browseable = no doing parameter guest ok = no doing parameter writable = no doing parameter printable = yes [1999/12/02 18:04:08, 3] param/loadparm.c:lp_load(2622) pm_process() returned Yes [1999/12/02 18:04:08, 3] param/loadparm.c:lp_add_ipc(1566) adding IPC service [1999/12/02 18:04:08, 7] param/loadparm.c:lp_servicenumber(2714) lp_servicenumber: couldn't find lp [1999/12/02 18:04:08, 3] param/loadparm.c:lp_add_printer(1601) adding printer service lp [1999/12/02 18:04:08, 7] param/loadparm.c:lp_servicenumber(2714) lp_servicenumber: couldn't find lj [1999/12/02 18:04:08, 3] param/loadparm.c:lp_add_printer(1601) adding printer service lj [1999/12/02 18:04:08, 7] param/loadparm.c:lp_servicenumber(2714) lp_servicenumber: couldn't find PostScript [1999/12/02 18:04:08, 3] param/loadparm.c:lp_add_printer(1601) adding printer service PostScript Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ -----Original Message----- From: Geoffrey Lee To: Multiple recipients of list SAMBA-NTDOM Date: Friday, December 03, 1999 2:56 AM Subject: RE: No clue..SMBD question >Hi, > >Please do. > >Set the log level to something like 10 or 20, then send in the debug file. > >-----Original Message----- >From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of >Chris Lubrecht >Sent: Friday, December 03, 1999 7:08 AM >To: Multiple recipients of list SAMBA-NTDOM >Subject: Re: No clue..SMBD question > > >Chris Lubrecht >Network Engineering >Monmouth Internet >Red Bank, NJ > > >> >>set: >> >>debug level = 10 >> >>in your smb.conf >>see what the logs say then. > > > >Well..I did that..but did not see anything conclusive. In fact... it says >that smbd is started. if people do not mind the spam..I'll post a copy of >the startup here...(smb.log) > > >Chris Lubrecht >Network Engineering >Monmouth Internet >Red Bank, NJ > > > > From mmt4q at ee.virginia.edu Fri Dec 3 15:53:51 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> <3847D78A.F917E6D7@lithe.uark.edu> Message-ID: <3847E78F.885EEC87@ee.virginia.edu> Hi. Okay. I have Samba PDC 2.0.5a working (Solaris 2.6 NIS) and have a user logging in getting his roaming profile. However he needs to install software on his local machine which requires Administrative privileges. In samba I have the UNIX "staff" group (me and my coworker) setup to be domain administrators with the entry: domain admin group = @staff This works fine. But I don't want to add this individual user to this group because then he'll have Admin privileges on all the pcs who are members of the PDC. Is my only option to create a "local" profile on his machine and give him administrative privileges? But then he'll have two separate profiles, and it's likely they won't both be kept in sync. Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From mmt4q at ee.virginia.edu Fri Dec 3 16:14:33 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> <3847D78A.F917E6D7@lithe.uark.edu> <3847E78F.885EEC87@ee.virginia.edu> Message-ID: <3847EC69.7A884731@ee.virginia.edu> Oops, I should have been more specific. I tried adding the user's domain account to the LOCAL administrator's group, but I cannot see any USERs in the DOMAIN. I receive the following message: Unable to browse the selected domain because the following error occurred: The tag is invalid. This happens whether I log in as Administrator on the local machine or login as myself with domain admin privileges into the domain on that machine. It could be that this feature is not working in the MAIN branch but only with the HEAD/cvs branch? or maybe I don't have something set correctly in smb.conf or NTconfig.pol? Melissa Thrush wrote: > Hi. > > Okay. I have Samba PDC 2.0.5a working (Solaris 2.6 NIS) and have > a user logging in getting his roaming profile. However he > needs to install software on his local machine which requires > Administrative privileges. In samba I have the UNIX "staff" group > (me and my coworker) setup to be domain administrators with the entry: > > domain admin group = @staff > > This works fine. But I don't want to add this individual user to > this group because then he'll have Admin privileges on all the pcs > who are members of the PDC. > > Is my only option to create a "local" profile on his machine and give > him administrative privileges? But then he'll have two separate profiles, > and it's likely they won't both be kept in sync. Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From frlord at webmethods.com Fri Dec 3 16:48:36 1999 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:27:30 2003 Subject: Group Mapping References: Message-ID: <3847F464.228B5C61@webmethods.com> I have a quick question about domain group map. I have several unix groups on a linux box running as a PDC, and I am wondering if I can map mulitple unix groups to a single domain group using domain group map (which I haven't used yet, and don't really understand). Something such as.... acct="Domain Users" admin="Domain Users" devel="Domain Users" Has anyone tried/been successful with this? Any tips or tricks? -- frl From fheinz at earning.com.ar Fri Dec 3 16:43:54 1999 From: fheinz at earning.com.ar (Federico Heinz) Date: Tue Dec 2 02:27:30 2003 Subject: Need advise on which version to use Message-ID: <3847F32F.B137BDB7@earning.com.ar> I am trying to get rid of NT as a domain server. The network I'm trying to set up consist of: several Linux boxes (one of them running SaMBa), about 10 Windoze clients, and one NT 3.51-based Citrix application server (just in case: the Citrix server allows users to log in remotely to the machine using a client application that gives them access to all apps as if they were sitting at the server's console somewhat like using X to remotely execute applications). Users should be able to log both into the Windoze clients and the Citrix server with their Linux login, and use the shared ressources exported from the SaMBa server. The Citrix server does not export any resources whatsoever except for the ability to log into it. I tried to get this setup working with SaMBa 2.0.6, and failed. I did manage to get it working with a version checked out from the HEAD version, but with the usual problems: not everything works every time. I would like to know whether SaMBa 2.0.6 should have been able to do the job (and I just was too stupid to configure it correctly), or whether I'm stuck with the development version if I want it to work at all. Thank you in advance, Federico Heinz From skvidal at phy.duke.edu Fri Dec 3 17:03:41 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:30 2003 Subject: Need advise on which version to use In-Reply-To: <3847F32F.B137BDB7@earning.com.ar> Message-ID: > I tried to get this setup working with SaMBa 2.0.6, and failed. I did > manage to get it working with a version checked out from the HEAD > version, but with the usual problems: not everything works every time. I > would like to know whether SaMBa 2.0.6 should have been able to do the > job (and I just was too stupid to configure it correctly), or whether > I'm stuck with the development version if I want it to work at all. domain control of NT machines should NOT work under 2.0.6. -sv From harshadeep at usa.net Fri Dec 3 17:05:28 1999 From: harshadeep at usa.net (Harshadeep Srinivasa) Date: Tue Dec 2 02:27:30 2003 Subject: No subject Message-ID: <19991203170536.21647.qmail@www0s.netaddress.usa.net> I am running "samba" on my Unix machine to access my Unix file system on my Windows NT machine. I am running Windows NT Server for with Service Pack 3, and my Unix OS is Solaris 2.5.1 I keep getting the message that wrong username or password, eventhough every thing is fine. Surprisingly, I can connect without any problem from other Win NT machines. Any pointer? ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From mmiller at vermeermfg.com Fri Dec 3 17:18:16 1999 From: mmiller at vermeermfg.com (Matthew Miller) Date: Tue Dec 2 02:27:30 2003 Subject: Problem with WinNT SP6 after Joining Samba Domain References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> <3847D78A.F917E6D7@lithe.uark.edu> Message-ID: <3847FB58.C7CAE12D@vermeermfg.com> We're investigating the SP6 issue for WIN NT. According to PCWeek, SP6 has some problems with upper TCP ports. More specifically, only users with Admin rights are able to access them. This was made public with Lotus Notes, since it uses TCP port 1352. My advice: Test all your apps before upgrading your production servers. We're doing that in-house right now. SP6 is a valuable upgrade since it patches many many security holes (identified in the MS advisories). Unfortunately, we're holding off till we're sure we'll be okay. Just some advice from a closet MCP :) Norman Weathers wrote: > Gary Terpstra wrote: > > > I am having a problem with WinNT SP6 after joining Samba Domain. I am > > able to join the domain successfully. After I join the domain, I am > > not able to assign rights from the domain to the WinNT machine. When > > I go to User Manager and try to add an individual or group from the > > domain I get this message "Unable to browse the selected domain > > because the following error occurred: The tag is invalid." Can anyone > > provide any help. Thanks > > Gary Terpstra > > 423-842-7501 > > glterp@bellsouth.net > > I am having the same problem with a SP6 machine. Of course, we just > migrated machines > recently, too (moved our Domain from an older PII 266 to a newer dual > PIII 550. Works > great guys!). I was wondering, when I moved the domain information from > one system to > another, I copied over all of the information (smb.conf, smbpasswd, > passwd), and I also > copied the MACHINE.SID. Now, all systems can still log in and are > authenticated by the > samba PDC (v2.0.6), but the other tech coordinator and myself had > ourselves added to the > individual computers as users with administrative rights. This no > longer works real well. > Should I not have copied the MACHINE.SID file? Is there anyway to > create domain admin > group with 2.0.6 (last I had read, the Domain admin and group files > where only good for > 2.1, I thought?)? > > Also, we use Publisher on our NT Workstations. Recently, someone had > moved her stuff > to her home directory, including all of her publisher files. When she > tried to open and edit > the file, it worked, but when she tried to save the file, Publisher > reported an error stating > that the disk is full or write protected, or that there is insufficient > memory to perform the > action. Well, we tried saving on the server and to her local machine, > and neither way did > it work. Finally, after losing all of her changes, I had her copy the > file to the local machine > and work on it there, upon which it opened, editted, and saved fine. > Before, it also seemed > to have corrupted her working copy (within Publisher) whenever she was > working on > it from the server. Has anyone else noticed this? This is Publisher 98 > that caused the > problem. > > I know this is long, but if anyone could point me into a right > direction, I would greatly > appreciate it. > > -- > > ------------------------------------------------------------------- > Norman Weathers > Technology Coordinator ETS > University of Arkansas, Fayetteville > > phone: (501) 575-3553 or (501) 575-4344 > email: nweathe@comp.uark.edu or norman@lithe.uark.edu > > "It's not that I 'prefer' to do this without an NT server.... I > just 'prefer' to do it where it will work..." > ------------------------------------------------------------------- From abakun at reac.com Fri Dec 3 17:30:57 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:27:30 2003 Subject: Problem with WinNT SP6 after Joining Samba Domain References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> <3847D78A.F917E6D7@lithe.uark.edu> <3847FB58.C7CAE12D@vermeermfg.com> Message-ID: <3847FE51.D5495FEC@reac.com> Matthew Miller wrote: > We're investigating the SP6 issue for WIN NT. According to PCWeek, SP6 has > some problems with upper TCP ports. More specifically, only users with > Admin rights are able to access them. This was made public with Lotus > Notes, since it uses TCP port 1352. My advice: Test all your apps before > upgrading your production servers. We're doing that in-house right now. > SP6 is a valuable upgrade since it patches many many security holes > (identified in the MS advisories). Unfortunately, we're holding off till > we're sure we'll be okay. > > Just some advice from a closet MCP :) There is a service pack SP6a, which is SP6 + the fix for this. According to MSKB, if you already have SP6 installed, obtain Q245678i.exe, which is just the hot fix for the above problem. By the way, Service Pack information was much easier to find on www.windrivers.com rather than trying to search through MS's site (but then, perhaps I don't know how to search MS's site correctly, and it's dog slow besides). Andy. From darren at mylaptop.co.uk Fri Dec 3 18:37:10 1999 From: darren at mylaptop.co.uk (darren@mylaptop.co.uk) Date: Tue Dec 2 02:27:30 2003 Subject: Thanks Message-ID: <136880915.944246231003.JavaMail.root@mx-a02.backend.funmail.co.uk> Hi, I eventually got the PDC working. Thanks for everyones help, Cheers, Darren -------------------------------------------------------------------------------- Get an email address that is @licensedtothrill.co.uk Only from http://www.funmail.co.uk From lkcl at samba.org Fri Dec 3 18:43:18 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:30 2003 Subject: Group Mapping Message-ID: hi ross, the "domain group/user/alias map" options are monotonic and unique mappings between users, groups and aliases in any NT domain or on any NT workstation to local unix users and groups. local to your unix box means it could be different unix users or groups on a per-unix+samba box basis). you know, people always worried about how to make unix boxes span large corporations, when the underlying password database has to conform to a flat model. by using samba, i hope to eliminate that problem, although you of course would have to have your unix box look like NT in order to do it :-) to answer your question: you will have to create a separate unix group in which all of the users that are also in the three groups acct, admin and devel, and then have that group mapped to "Domain Users". From wallace at tfh-berlin.de Fri Dec 3 18:49:44 1999 From: wallace at tfh-berlin.de (Grant Wallace) Date: Tue Dec 2 02:27:30 2003 Subject: Cant compile source code 2.1.0-prealpha Message-ID: <384810C8.F69CABAB@tfh-berlin.de> Hi, I?ve tried several times, but always get the same error rpcclient/rpcclient.c In function 'process' : rpcclient/rpcclient.c:784: 'promptline" undeclared (first use in function) (Each undeclared identifier is reported only once for every function it appears in make *** [rcpclient/rpcclient.o] Error ! is this a common problem, or is this just me? I took the code from cvs.samba.org Grant From mike at psand.net Fri Dec 3 19:03:55 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:30 2003 Subject: Problem with WinNT SP6 after Joining Samba Domain References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> <3847D78A.F917E6D7@lithe.uark.edu> <3847FB58.C7CAE12D@vermeermfg.com> <3847FE51.D5495FEC@reac.com> Message-ID: <006501bf3dc1$28a752a0$0164a8c0@win981> Perhaps if Microsoft we using Linux, Apache and Samba, they might be able to provide a better web service eh? ;-) ----- Original Message ----- From: Andy Bakun To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, December 03, 1999 6:33 PM Subject: Re: Problem with WinNT SP6 after Joining Samba Domain > Matthew Miller wrote: > > > We're investigating the SP6 issue for WIN NT. According to PCWeek, SP6 has > > some problems with upper TCP ports. More specifically, only users with > > Admin rights are able to access them. This was made public with Lotus > > Notes, since it uses TCP port 1352. My advice: Test all your apps before > > upgrading your production servers. We're doing that in-house right now. > > SP6 is a valuable upgrade since it patches many many security holes > > (identified in the MS advisories). Unfortunately, we're holding off till > > we're sure we'll be okay. > > > > Just some advice from a closet MCP :) > > There is a service pack SP6a, which is SP6 + the fix for this. According to > MSKB, if you already have SP6 installed, obtain Q245678i.exe, which is just the > hot fix for the above problem. > By the way, Service Pack information was much easier to find on > www.windrivers.com rather than trying to search through MS's site (but then, > perhaps I don't know how to search MS's site correctly, and it's dog slow > besides). > > Andy. > From mmt4q at ee.virginia.edu Fri Dec 3 19:48:08 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:30 2003 Subject: Problem with WinNT SP6 after Joining Samba Domain References: <002001bf3d92$c6e3ca40$0201a8c0@mainterp> <3847D78A.F917E6D7@lithe.uark.edu> <3847FB58.C7CAE12D@vermeermfg.com> <3847FE51.D5495FEC@reac.com> Message-ID: <38481E78.55B28045@ee.virginia.edu> Help, I get the "invalid tag" error on both SP3 and SP6 WinNT clients when running Samba 2.0.5a as a PDC on a Solaris 2.6 NIS master. Does the User Manager for Domains or the ability to add domain users to local groups only work with the CVS/HEAD branch and not with the MAIN branch? Thanks, Melissa Andy Bakun wrote: > Matthew Miller wrote: > > > We're investigating the SP6 issue for WIN NT. According to PCWeek, SP6 has > > some problems with upper TCP ports. More specifically, only users with > > Admin rights are able to access them. This was made public with Lotus > > Notes, since it uses TCP port 1352. My advice: Test all your apps before > > upgrading your production servers. We're doing that in-house right now. > > SP6 is a valuable upgrade since it patches many many security holes > > (identified in the MS advisories). Unfortunately, we're holding off till > > we're sure we'll be okay. > > > > Just some advice from a closet MCP :) > > There is a service pack SP6a, which is SP6 + the fix for this. According to > MSKB, if you already have SP6 installed, obtain Q245678i.exe, which is just the > hot fix for the above problem. > By the way, Service Pack information was much easier to find on > www.windrivers.com rather than trying to search through MS's site (but then, > perhaps I don't know how to search MS's site correctly, and it's dog slow > besides). > > Andy. -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From tavis at mahler.econ.columbia.edu Fri Dec 3 22:50:57 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users In-Reply-To: <3847EC69.7A884731@ee.virginia.edu> Message-ID: You need to upgrade to the HEAD branch in order for local workstations to be able to see domain users and groups in the user manager and in Explorer. Good luck, Tavis On Sat, 4 Dec 1999, Melissa Thrush wrote: > Oops, > > I should have been more specific. > > I tried adding the user's domain account to the LOCAL administrator's group, > but I cannot see any USERs in the DOMAIN. I receive the following > message: > > Unable to browse the selected domain because the following error occurred: > > The tag is invalid. > > This happens whether I log in as Administrator on the local machine or login > as > myself with domain admin privileges into the domain on that machine. > > It could be that this feature is not working in the MAIN branch but only with > the HEAD/cvs > branch? or maybe I don't have something set correctly in smb.conf or > NTconfig.pol? > > Melissa Thrush wrote: > > > Hi. > > > > Okay. I have Samba PDC 2.0.5a working (Solaris 2.6 NIS) and have > > a user logging in getting his roaming profile. However he > > needs to install software on his local machine which requires > > Administrative privileges. In samba I have the UNIX "staff" group > > (me and my coworker) setup to be domain administrators with the entry: > > > > domain admin group = @staff > > > > This works fine. But I don't want to add this individual user to > > this group because then he'll have Admin privileges on all the pcs > > who are members of the PDC. > > > > Is my only option to create a "local" profile on his machine and give > > him administrative privileges? But then he'll have two separate profiles, > > and it's likely they won't both be kept in sync. > > Melissa > -- > Melissa Thrush > Dept. of Electrical Engineering > University of Virginia > Thornton Hall - C213 > Phone: 804-924-6072 > Fax: 804-924-8818 > > > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From giovanni.affuso at almaitalia.it Sat Dec 4 12:06:58 1999 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users In-Reply-To: References: <3847EC69.7A884731@ee.virginia.edu> Message-ID: <4.2.0.58.19991204130303.00adf650@10.0.0.1> Hi, I have installed the last version of samba and I want use the administrative privileges for user, I have add in smb.conf the sequent line: ; domain group map = /usr/local/samba/lib/domaingroup.map ; local group map = /usr/local/samba/lib/localgroup.map ; domain user map = /usr/local/samba/lib/domainuser.map but if I run "testparm" I have the seguent msg of error: Unknown parameter encountered: "domain group map" Ignoring unknown parameter "domain group map" have you the solution to my problem? Thanks Giovanni Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From snail_talk at yahoo.com Sat Dec 4 14:13:51 1999 From: snail_talk at yahoo.com (geoff) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users References: <3847EC69.7A884731@ee.virginia.edu> <4.2.0.58.19991204130303.00adf650@10.0.0.1> Message-ID: <3849219F.B0C332FA@yahoo.com> hello, which version did you get ? the head branch or the released version ? try the domain admin users or domain adming group parameter... then it should work. hope this helps. Affuso Giovanni wrote: > > Hi, > I have installed the last version of samba and I want use the > administrative privileges for user, > I have add in smb.conf the sequent line: > > ; domain group map = /usr/local/samba/lib/domaingroup.map > ; local group map = /usr/local/samba/lib/localgroup.map > ; domain user map = /usr/local/samba/lib/domainuser.map > > but if I run "testparm" I have the seguent msg of error: > > Unknown parameter encountered: "domain group map" > Ignoring unknown parameter "domain group map" > > have you the solution to my problem? > Thanks > Giovanni > > Giovanni Affuso > Alma Italia S.r.l. > c.so Vercelli 387, Torino > tel. 0112620388 fax. 0112624308 > mailto:giovanni.affuso@almaitalia.it From giovanni.affuso at almaitalia.it Sat Dec 4 14:24:51 1999 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users In-Reply-To: <3849219F.B0C332FA@yahoo.com> References: <3847EC69.7A884731@ee.virginia.edu> <4.2.0.58.19991204130303.00adf650@10.0.0.1> Message-ID: <4.2.0.58.19991204152303.00adfbd0@10.0.0.1> Hi what's the head branch? My version of samba is 2.0.0.6............ Ciao Giovanni, At 01.07 05/12/99 +1100, you wrote: >hello, > >which version did you get ? the head branch or the released version ? > >try the domain admin users or domain adming group parameter... > >then it should work. > >hope this helps. > >Affuso Giovanni wrote: > > > > Hi, > > I have installed the last version of samba and I want use the > > administrative privileges for user, > > I have add in smb.conf the sequent line: > > > > ; domain group map = /usr/local/samba/lib/domaingroup.map > > ; local group map = /usr/local/samba/lib/localgroup.map > > ; domain user map = /usr/local/samba/lib/domainuser.map > > > > but if I run "testparm" I have the seguent msg of error: > > > > Unknown parameter encountered: "domain group map" > > Ignoring unknown parameter "domain group map" > > > > have you the solution to my problem? > > Thanks > > Giovanni > > > > Giovanni Affuso > > Alma Italia S.r.l. > > c.so Vercelli 387, Torino > > tel. 0112620388 fax. 0112624308 > > mailto:giovanni.affuso@almaitalia.it Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From giovanni.affuso at almaitalia.it Sat Dec 4 14:51:37 1999 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users Message-ID: <4.2.0.58.19991204155119.00ae8320@10.0.0.1> Hi what's the head branch? My version of samba is 2.0.6............ Ciao Giovanni, At 01.07 05/12/99 +1100, you wrote: >hello, > >which version did you get ? the head branch or the released version ? > >try the domain admin users or domain adming group parameter... > >then it should work. > >hope this helps. > >Affuso Giovanni wrote: > > > > Hi, > > I have installed the last version of samba and I want use the > > administrative privileges for user, > > I have add in smb.conf the sequent line: > > > > ; domain group map = /usr/local/samba/lib/domaingroup.map > > ; local group map = /usr/local/samba/lib/localgroup.map > > ; domain user map = /usr/local/samba/lib/domainuser.map > > > > but if I run "testparm" I have the seguent msg of error: > > > > Unknown parameter encountered: "domain group map" > > Ignoring unknown parameter "domain group map" > > > > have you the solution to my problem? > > Thanks > > Giovanni > > > > Giovanni Affuso > > Alma Italia S.r.l. > > c.so Vercelli 387, Torino > > tel. 0112620388 fax. 0112624308 > > mailto:giovanni.affuso@almaitalia.it Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From darren at mylaptop.co.uk Sat Dec 4 16:23:42 1999 From: darren at mylaptop.co.uk (darren@mylaptop.co.uk) Date: Tue Dec 2 02:27:30 2003 Subject: Me again :-) Message-ID: <135101776.944324623177.JavaMail.root@mx-a02.backend.funmail.co.uk> Hi, Like in my previous post I got the PDC working. Now - I want to use User Manager for Domains under 95. I have downloaded the W95Nexus (Server tools) When I open USD and select my domain, I get the message - 'The remote procdure call failed' How can I fix this prob? Samba version is 2.0.3 Thanks, Darren ------------------------------------------------------------------- yourname@0-0-7.co.uk or yourname@shaken-not-stirred.co.uk The domain's Bond, James Bond - only from www.funmail.co.uk From giovanni.affuso at almaitalia.it Sat Dec 4 16:36:20 1999 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:27:30 2003 Subject: Download the CVS version Message-ID: <4.2.0.58.19991204173507.00ae0440@10.0.0.1> Hi, do You have the site for downloading the last vesion of CVS-samba that support the administrator group users? Thanks Giovanni Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From darren at mylaptop.co.uk Sat Dec 4 22:00:26 1999 From: darren at mylaptop.co.uk (darren@mylaptop.co.uk) Date: Tue Dec 2 02:27:30 2003 Subject: Again :) Message-ID: <135878917.944344827225.JavaMail.root@mx-a02.backend.funmail.co.uk> Hi, Thanks - I now have Samba 2.0.6. I have got a bit further but not far enough. Now - I get the error message: 'A remote procedure call (RPC) protocol error occurred' ANy ideas? Sorry for a lot of posts, but as you can probably guess, I need this PDC to be working. Cheers, Darren -------------------------------------------------------------------------------- Get an email address that is @licensedtothrill.co.uk Only from http://www.funmail.co.uk From tavis at mahler.econ.columbia.edu Sun Dec 5 01:45:17 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:30 2003 Subject: Download the CVS version In-Reply-To: <4.2.0.58.19991204173507.00ae0440@10.0.0.1> Message-ID: See http://samba.org/cvs.html On Sun, 5 Dec 1999, Affuso Giovanni wrote: > Hi, > do You have the site for downloading the last vesion of CVS-samba that > support the administrator group users? > > Thanks > Giovanni > > > > Giovanni Affuso > Alma Italia S.r.l. > c.so Vercelli 387, Torino > tel. 0112620388 fax. 0112624308 > mailto:giovanni.affuso@almaitalia.it > > > > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From snail_talk at yahoo.com Sun Dec 5 11:46:10 1999 From: snail_talk at yahoo.com (geoff) Date: Tue Dec 2 02:27:30 2003 Subject: Help with Administrative privileges for users References: <4.2.0.58.19991204155119.00ae8320@10.0.0.1> <4.2.0.58.19991204172112.00ae6780@10.0.0.1> Message-ID: <384A5082.DF5F577D@yahoo.com> hi, you can always find the cvs code in ..oh well someone has alreasdy given you the address. but the point is that you don't need the cvs for admin support in samba. as i said, in the cvs code, it's domain admin map (nnever mind couldnt remember the parameter..) but in the releaser code it's not. it's domian admin group and domain admin user. you'll might find the cvs code nice because there is a lot more support for nt pdc but it's not yet stable, and cvs source code checkins are often ...so ... unless you need some functinaltiy that 's only offered in the cvs code i suggest you stick with 2.0.6 and the domain admin group parameter. hope this helps. Affuso Giovanni wrote: > > For download the cvs code ? > > At 00.14 05/12/99 +0800, you wrote: > >The cvs code... > > > > > >I have not installed 2.0.6 yet but do try out the domain admin users and > >domain admin groups parameter, and let me know how that works out.l > > > >-----Original Message----- > >From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of > >Affuso Giovanni > >Sent: Saturday, December 04, 1999 10:55 PM > >To: Multiple recipients of list SAMBA-NTDOM > >Subject: Re: Help with Administrative privileges for users > > > >Hi > >what's the head branch? > >My version of samba is 2.0.6............ > >Ciao > >Giovanni, > >At 01.07 05/12/99 +1100, you wrote: > > >hello, > > > > > >which version did you get ? the head branch or the released version ? > > > > > >try the domain admin users or domain adming group parameter... > > > > > >then it should work. > > > > > >hope this helps. > > > > > >Affuso Giovanni wrote: > > > > > > > > Hi, > > > > I have installed the last version of samba and I want use the > > > > administrative privileges for user, > > > > I have add in smb.conf the sequent line: > > > > > > > > ; domain group map = /usr/local/samba/lib/domaingroup.map > > > > ; local group map = /usr/local/samba/lib/localgroup.map > > > > ; domain user map = /usr/local/samba/lib/domainuser.map > > > > > > > > but if I run "testparm" I have the seguent msg of error: > > > > > > > > Unknown parameter encountered: "domain group map" > > > > Ignoring unknown parameter "domain group map" > > > > > > > > have you the solution to my problem? > > > > Thanks > > > > Giovanni > > > > > > > > Giovanni Affuso > > > > Alma Italia S.r.l. > > > > c.so Vercelli 387, Torino > > > > tel. 0112620388 fax. 0112624308 > > > > mailto:giovanni.affuso@almaitalia.it > > > > > > > > > >Giovanni Affuso > >Alma Italia S.r.l. > >c.so Vercelli 387, Torino > >tel. 0112620388 fax. 0112624308 > >mailto:giovanni.affuso@almaitalia.it > > Giovanni Affuso > Alma Italia S.r.l. > c.so Vercelli 387, Torino > tel. 0112620388 fax. 0112624308 > mailto:giovanni.affuso@almaitalia.it From snail_talk at yahoo.com Sun Dec 5 11:47:32 1999 From: snail_talk at yahoo.com (geoff) Date: Tue Dec 2 02:27:30 2003 Subject: Me again :-) References: <135101776.944324623177.JavaMail.root@mx-a02.backend.funmail.co.uk> Message-ID: <384A50D4.FC622EA3@yahoo.com> hello, i could be wrong on this but as far as i remember you need the cvs for that. i've been getting the same problem with my samba too. darren@mylaptop.co.uk wrote: > > Hi, > > Like in my previous post I got the PDC working. > Now - I want to use User Manager for Domains under 95. > I have downloaded the W95Nexus (Server tools) > > When I open USD and select my domain, I get the message - > > 'The remote procdure call failed' > > How can I fix this prob? > > Samba version is 2.0.3 > > Thanks, > Darren > > ------------------------------------------------------------------- > yourname@0-0-7.co.uk or yourname@shaken-not-stirred.co.uk > The domain's Bond, James Bond - only from www.funmail.co.uk > > From detlef at maurel.de Sun Dec 5 11:03:26 1999 From: detlef at maurel.de (Detlef Maurel) Date: Tue Dec 2 02:27:30 2003 Subject: Me again :-) References: <135101776.944324623177.JavaMail.root@mx-a02.backend.funmail.co.uk> Message-ID: <384A467E.9466A027@maurel.de> darren@mylaptop.co.uk wrote: > 'The remote procdure call failed' > > How can I fix this prob? by updating to version 2.1.0. Most remote procedure calls only work with this version. > > Samba version is 2.0.3 -- mfg/regards Detlef -- From dmd17 at cornell.edu Sun Dec 5 15:40:56 1999 From: dmd17 at cornell.edu (Dan Mihai Dumitriu) Date: Tue Dec 2 02:27:30 2003 Subject: smbpasswd in samba 2.1 alpha Message-ID: <003901bf3f37$1fc41ac0$8200a8c0@ARMAGEDDON> I am having problems adding users with smbpasswd. I have downloaded the latest cvs sources, today. I am using RedHat 6.1, kernel 2.2.12. I am trying to use the PDC support in Samba for a small NT domain with Windows 2000, build 2128 workstations. The error I get when executing smbpasswd -a , is: Domain password server not available. Can't setup password database vectors. The following is my smb.conf file: [global] workgroup = CHEESE server string = Cheese Samba Server ; hosts allow = 192.168.1. 192.168.2. 127. printcap name = /etc/printcap load printers = yes ; printing = bsd ; guest account = pcguest log file = /usr/local/samba/var/log.%m max log size = 50 security = user ; password server = password level = 0 encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd unix password sync = yes passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* ; username map = /etc/smbusers ; include = /etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; interfaces = 192.168.12.2/24 192.168.13.2/24 ; remote browse sync = 192.168.3.25 192.168.5.255 ; remote announce = 192.168.1.255 192.168.2.44 ; local master = no os level = 30 domain master = yes preferred master = no ; domain controller = domain logons = yes logon script = login.bat logon path = \\%L\Profiles\%U ; name resolve order = wins lmhosts bcast wins support = yes ; wins server = w.x.y.z ; wins proxy = yes dns proxy = no map to guest = never null passwords = no dead time = 0 ; preserve case = no ; short preserve case = no ; default case = lower ; case sensitive = no [homes] comment = Home Directories browseable = no writable = yes public = no only user = no # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /home/profiles browseable = no public = yes guest only = no writable = no only user = no create mode = 744 directory mode = 755 # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print public = no writable = no printable = yes This smb.conf file works perfectly well with Samba 2.0.6, in which I am able to add users with smbpasswd. Any help would be appreciated. Dan From jon at bugjr.com Sun Dec 5 16:08:14 1999 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:30 2003 Subject: User lists in 2.0.6 Message-ID: <000001bf3f3a$ef75efc0$0200a8c0@main> If it is possible ( I am new to Samba ) to have the Samba Server (2.0.6) send a user list for user level access to a Win9x machine, what options do I need to put in my smb.conf file. If any one has some advice or a good doc. online I'd appreciate it. I'm also interested in setting up roaming profiles, but the userlevel access is top on my list. Thanks, Jon Westfall Greatful Newbie ================ Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Sun Dec 5 18:11:25 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:30 2003 Subject: User lists in 2.0.6 References: <000001bf3f3a$ef75efc0$0200a8c0@main> Message-ID: <005801bf3f4c$29c7fd60$0164a8c0@win981> Jon, Sounds like you want to use your Samba server to control logins to your Win9x machines ? You will need to configure Samba with security=USER and domain logins=YES. Also, remember you need 'encrypt passwords=yes' in your smb.conf to work with any Win95 OPL2 or Win98 clients. Then point the Win 9x machines at the Samba server in 'User Level Access Control' in the 'Access Control' tab of the Network properties dialog under Windows. I believe you also need to set the 'Logon to NT domain' as well in the properties for 'Client for Microsoft Networks'. You then create UNIX user accounts and the /etc/passwd file on your Samba server then becomes the user list and access control for your Windows 9x machines. If you want to set-up roaming profiles, then create a netlogon share on the Samba server and create a CONFIG.POL file with the information there. Under standard operation, user profiles will be saved under the homes share on the Samba server. This is not always a desired thing as users can then see their profiles (and delete them!). Most people prefer to create a profiles$ hidden share on the Samba server and point to this in the CONFIG.POL file, using the Windows System Policy Editor. ** Note you shouldn't be making the Samba server your login server, domain master or wins master if you're already running an NT PDC or WINS Server in your network. If you are, let it do the job. If you run with wins support = yes in smb.conf, make sure you point your Windows machines at your Samba server for WINS resolution. The following smb.conf snippet contains a list of the Samba parameters you should look at to do what you want to do. The manual page for smb.conf should contain sufficient information to elaborate on them more, a good idea is to run SWAT (http://your.samba.server:901) which allows you a web-based view of the parameters and easy reference to the man pages. I can't suggest better documentation that that which comes with Samba, which although detailed will help you understand what's going on. There are also some very good books available. Hope that helps? Mike Harris, Psand Espa?a. [global] security = user domain master = yes domain logons = yes preferred master = yes encrypt passwords = yes logon path = \\%L\netlogon workgroup = DOMAIN logon script = %U.bat logon home = \\%L\%U local master = yes os level = 34 wins support = yes [homes] browseable = no writeable = yes [netlogon] path = /home/samba/netlogon guest ok = no writeable = no browseable = yes preserve case = yes case sensitive = no default case = yes [profiles$] path = /home/samba/profiles/%U root preexec = /bin/mkdir /home/samba/profiles/%U; \ /bin/chown %U /home/samba/profiles/%U; \ /bin/chmod 700 /home/samba/profiles/%U browseable = yes guest ok = yes create mode = 0600 directory mode = 0700 writeable = yes ----- Original Message ----- From: Jon Westfall To: Multiple recipients of list SAMBA-NTDOM Sent: Sunday, December 05, 1999 5:14 PM Subject: User lists in 2.0.6 If it is possible ( I am new to Samba ) to have the Samba Server (2.0.6) send a user list for user level access to a Win9x machine, what options do I need to put in my smb.conf file. If any one has some advice or a good doc. online I'd appreciate it. I'm also interested in setting up roaming profiles, but the userlevel access is top on my list. Thanks, Jon Westfall Greatful Newbie ================ Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 -------------- next part -------------- HTML attachment scrubbed and removed From gerard.leymarie at epita.fr Sun Dec 5 22:39:51 1999 From: gerard.leymarie at epita.fr (Gerard LEYMARIE) Date: Tue Dec 2 02:27:30 2003 Subject: netlogon & admin rights Message-ID: <00a301bf3f73$e99c8080$3d2b05a3@epita.fr> All, How can I do into netlogon.bat (the same for everybody) to give admin rights to the differents actions. ex: I want to copy winnt256.bmp to c:\winnt with overwriting the oldest one. For 'normal' users this is not allowed. Is it possible to run netlogon.bat with admin rights?? Many Thks From a8903122 at unet.univie.ac.at Sun Dec 5 22:54:27 1999 From: a8903122 at unet.univie.ac.at (Richard Kail) Date: Tue Dec 2 02:27:30 2003 Subject: Memory Problems In-Reply-To: <000801bf3b43$0c385810$1900a8c0@joslyn.org> Message-ID: Hello ! On Wed, 1 Dec 1999, Chris Tooley wrote: > I have a Samba server running on RedHat 6.0 (Samba 2.0.5a). The server is a > dual 233 with 192 meg of RAM and it is constantly choking on memory. It is > running several other servers (sendmail, apache, mysql, openldap, and Knox's > Arkeia Backup Server) but if samba isn't running I max out at about 50-58 > meg of memory used, but if smbd and nmbd are running it hits about 185-188 > meg of memory used, with about 45 meg of that being cached memory. As far as I understand, this is quite normal in this situation. Linux tries to use all the memory available. If there are not enought processes to fill up the memory, it will use the memory as disc and page cache. This is what you see als 45MB cached memory. Even if your box is swapping some pages out, this shouldn't worry you. Cache Pages have not the lowest priority. If there are some totaly unused pages lurking somewhere, Linux will swap them out and use the so freed memory as cache. Try to analyse the "ps axm" output and look at the output from "vmstat 1". You have a memory problem, if you get substantial si/so values from vmstat when running under full load. You have also a memory problem if your box can't use a substantial part of the memory as cache/buffer, lets say 20% for your case. You have too much memory, if you get a substancial free-value, as seen with top or "free". This means that your system isn't able to use all the memory you plugged in. You have not too much, but also not too less memory, if you get cached/buffered values in a good range (this is very dependend what you are running on the machine), only a small percentage of the whole used virtual memory is on disk (swap) and you have no substancial exchange between RAM and Swap, as seen with vmstat. You have too less memory, if you get small cached/buffered values, much swap space is used /and/ you see substancial exchange between RAM and Swap, seen with vmstat. Kind regards, Richard -- "Either gravity is different than we think it is or time is messed up somehow" -- Michael Nieto, about the unexpected slowdown of space probes. From lkcl at samba.org Sun Dec 5 22:57:45 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:30 2003 Subject: trace required of w9x to nt pdc (domain controller) Message-ID: hi, samba latest cvs, as of last month, no longer can be connected to as a pdc by lose9x, because the UDP "GetDC" request is not longer suited to 9x. personally, i couldn't care less if 9x can't talk to samba, however i understand that others may not feel the same way about 9x that i do. that doesn't mean that i'm going to install 9x or even go near it. so :) that means that some kind soul needs to make a network trace, preferably with netmon, of a win9x host "discovering" an NT pdc, and then sending me the UDP 138 traffic portions so that i can compare and then code... if you have an invested interest in this (e.g you are running 9x) and want to run future versions of samba, this is your opportunity to make sure that you can. thx ppl. luke From jason at bertke.net Sun Dec 5 23:25:34 1999 From: jason at bertke.net (Jason A. Diegmueller) Date: Tue Dec 2 02:27:30 2003 Subject: smbpasswd in samba 2.1 alpha Message-ID: I too am having the exact same problem on a formerly working setup. Only change was a CVS update, rebuild, and reload of SAMBA. Per chance are there images of the prealpha-2.1.0 CVS tree that people have archived, in which case smbpasswd would work? I have a client who is expecting this to work [again] tomorrow morning, and I'm running short on time. I spent about 6 hours today trying EVERYTHING I could to get things working again, it's nice to know it's not just me/I'm not actually crazy. This was working fine a month ago; are there snapshots of the CVS repository taken occasionaly and set aside? Or is there a way to tell CVS to pull down the image that's about a month old? At least it worked for me. Thanks. | I am having problems adding users with smbpasswd. I have | downloaded the | latest cvs sources, today. I am using RedHat 6.1, kernel | 2.2.12. I am | trying to use the PDC support in Samba for a small NT domain | with Windows | 2000, build 2128 workstations. | | The error I get when executing smbpasswd -a , is: | | Domain password server not available. | Can't setup password database vectors. | | The following is my smb.conf file: | | [global] | workgroup = CHEESE | server string = Cheese Samba Server | ; hosts allow = 192.168.1. 192.168.2. 127. | printcap name = /etc/printcap | load printers = yes | ; printing = bsd | ; guest account = pcguest | log file = /usr/local/samba/var/log.%m | max log size = 50 | security = user | ; password server = | password level = 0 | encrypt passwords = yes | smb passwd file = /usr/local/samba/private/smbpasswd | unix password sync = yes | passwd chat = *New*UNIX*password* %n\n | *ReType*new*UNIX*password* %n\n | *passwd:*all*authentication*tokens*updated*successfully* | ; username map = /etc/smbusers | ; include = /etc/smb.conf.%m | socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 | ; interfaces = 192.168.12.2/24 192.168.13.2/24 | ; remote browse sync = 192.168.3.25 192.168.5.255 | ; remote announce = 192.168.1.255 192.168.2.44 | ; local master = no | os level = 30 | domain master = yes | preferred master = no | ; domain controller = | domain logons = yes | logon script = login.bat | logon path = \\%L\Profiles\%U | ; name resolve order = wins lmhosts bcast | wins support = yes | ; wins server = w.x.y.z | ; wins proxy = yes | dns proxy = no | map to guest = never | null passwords = no | dead time = 0 | ; preserve case = no | ; short preserve case = no | ; default case = lower | ; case sensitive = no | | [homes] | comment = Home Directories | browseable = no | writable = yes | public = no | only user = no | | # Un-comment the following and create the netlogon directory | for Domain | Logons | [netlogon] | comment = Network Logon Service | path = /home/netlogon | guest ok = yes | writable = no | share modes = no | | # Un-comment the following to provide a specific roving profile share | # the default is to use the user's home directory | [Profiles] | path = /home/profiles | browseable = no | public = yes | guest only = no | writable = no | only user = no | create mode = 744 | directory mode = 755 | | # NOTE: If you have a BSD-style print system there is no need to | # specifically define each individual printer | [printers] | comment = All Printers | path = /var/spool/samba | browseable = no | # Set public = yes to allow user 'guest account' to print | public = no | writable = no | printable = yes | | This smb.conf file works perfectly well with Samba 2.0.6, in | which I am able | to add users with smbpasswd. Any help would be appreciated. | | Dan | | From D.Bannon at latrobe.edu.au Sun Dec 5 23:42:49 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd in samba 2.1 alpha In-Reply-To: Message-ID: <3.0.6.32.19991206104249.008b4910@bioserve.latrobe.edu.au> At 10:30 AM 06/12/1999 +1100, Jason A. Diegmueller wrote: >I too am having the exact same problem on a formerly working >setup. Only change was a CVS update, rebuild, and reload of >SAMBA. > >Per chance are there images of the prealpha-2.1.0 CVS tree..... try cvs -t co -D "two days ago" etc. I have successfully gone back "thirty days ago" David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From wallace at tfh-berlin.de Mon Dec 6 00:10:24 1999 From: wallace at tfh-berlin.de (Grant Wallace) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd in samba 2.1 alpha References: <003901bf3f37$1fc41ac0$8200a8c0@ARMAGEDDON> Message-ID: <384AFEF0.B2D3CCD0@tfh-berlin.de> Hi Dan, Dan Mihai Dumitriu schrieb: > > > Domain password server not available. > Can't setup password database vectors. > My problem is exactly the same. I compiled this yesterday too. Did you solve the problem? Grant From mgeddes at xavier.sa.edu.au Mon Dec 6 00:38:59 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:31 2003 Subject: References: <19991203170536.21647.qmail@www0s.netaddress.usa.net> Message-ID: <384B05A3.A2619D5@xavier.sa.edu.au> Harshadeep Srinivasa wrote: > I am running "samba" on my Unix machine to access my Unix file system on my > Windows NT machine. I am running Windows NT Server for with Service Pack 3, > and my Unix OS is Solaris 2.5.1 > > I keep getting the message that wrong username or password, eventhough every > thing is fine. Surprisingly, I can connect without any problem from other Win > NT machines. Any pointer? > > ____________________________________________________________________ > Get free email and a permanent address at http://www.netaddress.com/?N=1 It looks like a problem with encrypted passwords (mostly?). Try looking in the Encryption.txt file in the Samba documentation. It explains it better than I could.... Matt From jason at bertke.net Mon Dec 6 03:14:01 1999 From: jason at bertke.net (Jason A. Diegmueller) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd in samba 2.1 alpha Message-ID: | Dan Mihai Dumitriu schrieb: | > | > | > Domain password server not available. | > Can't setup password database vectors. | > | | My problem is exactly the same. | | I compiled this yesterday too. Did you solve the problem? Upon the suggestion of David Bannon, I did a: cvs checkout -D "21 days ago" smbpasswd once again works as expected. From valankar at cse.fau.edu Mon Dec 6 03:57:24 1999 From: valankar at cse.fau.edu (Viraj Alankar) Date: Tue Dec 2 02:27:31 2003 Subject: Question on RPC error and samba error message Message-ID: Hello, We are running an older Samba PDC version (circa February 1999) that up until now was going very smoothly. We have one NT workstation which is part of the samba domain and acts as print server for the domain. Clients also part of the domain map network print shares from that print server. Just recently we have been having problems printing, and clients are getting the message: RPC Service Unavailable The printer is basically inaccessible at that point. Rebooting the print server, or even just waiting awhile, seems to fix it. Now this does not seem Samba related to me, but I want to make sure. I don't see any errors reported by samba when this happens. We have been recently adding more and more users to the domain so I'm wondering if it could be samba related. Anyone know what could be going wrong? Apparently unrelated to this, we also receive many of the following error messages from samba: smbd/open.c:check_access_allowed_for_current_user(203) check_access_allowed_for_current_user: The process is no longer waiting! I read somewhere this is a waitpid() failing. Is this something we should worry about? Thanks for any help. Viraj. From kiril at mech.ru.acad.bg Mon Dec 6 08:07:23 1999 From: kiril at mech.ru.acad.bg (Kiril Hristov) Date: Tue Dec 2 02:27:31 2003 Subject: [Fwd: Re: problem with smbpasswd] Message-ID: <384B6EBB.286CE0FB@mech.ru.acad.bg> -------- Original Message -------- Subject: Re: problem with smbpasswd Date: Sat, 4 Dec 1999 23:41:37 -0500 From: "Dan Mihai Dumitriu" To: I've had the same problem with smbpasswd, on samba-2.1 alpha. Have you found a solution yet? Thanks. Dan >Hi, Luke, >my problem is the following: >When I type smbpasswd whitout any parameters it get me the message "Domain >password server not available". My Samba is configured as PDC for the domain >and there are no NTs in this domain. Security is USER. The parameter "password >server" is not activated. I think my Samba must be the domain password server, >but smbpasswd doesn't think so :) >Bye From jon at bugjr.com Mon Dec 6 10:47:10 1999 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:31 2003 Subject: Can't Find Test Code Error Message-ID: <000001bf3fd7$3fdb04e0$0200a8c0@main> First of all, thanks for the replies to my question yesturday, they helped a lot. I'm trying to compile samba (from CVS) and when i run configure I get the error: configure: error: cant find test code. Aborting Config I poked around in the code and found references to conftest.c (or .h, i don't remember), and since i didn't have it on my sys I downloaded it and put it in the source dir (2 copies, one extension .c other .h) I don't know too much about C programming (I'm more of a pascal person) so if anyone has had this problem in the past I'd appreciate any help. Thanks, Jon Westfall ================ Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 -------------- next part -------------- HTML attachment scrubbed and removed From Stanley.Skidmore at PSS.Boeing.com Mon Dec 6 15:38:50 1999 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:31 2003 Subject: Cannot find domain primary controller Message-ID: Good morning, I have Samba 2.0.6 installed on Redhat Linux 6.1. When I attempt to join the domain I receive a message that states the the primary domain contraoller cannot be located. I have created the encrypted smbpasswd file, added my machine name (client$) to smbpasswd with smbpasswd -a -m client. Server manager on the NT side shows Samba as a PDC. Communications between both machines is good with ping's by name and i.p. address working fine. I can also map drive drives on Samba but cannot join the domain. Does anyone have any idea what might be causing this? From marco at ec.ucdb.br Mon Dec 6 17:14:18 1999 From: marco at ec.ucdb.br (Marco A. Alvarez) Date: Tue Dec 2 02:27:31 2003 Subject: Cannot find domain primary controller In-Reply-To: Message-ID: encrypt passwords = yes On Tue, 7 Dec 1999, Skidmore, Stanley G wrote: > Good morning, > I have Samba 2.0.6 installed on Redhat Linux 6.1. When I attempt to join the domain I receive a message that states the the primary domain contraoller cannot be located. > > I have created the encrypted smbpasswd file, added my machine name (client$) to smbpasswd with smbpasswd -a -m client. Server manager on the NT side shows Samba as a PDC. Communications between both machines is good with ping's by name and i.p. address working fine. > > I can also map drive drives on Samba but cannot join the domain. > > Does anyone have any idea what might be causing this? > > ------------------------------------- Marco A. Alvarez (marco@ec.ucdb.br) Departamento de Eng. de Computacao Universidade Catolica Dom Bosco ------------------------------------- "Todo trabalho nobre ... ... parece impossivel ao inicio" (Tomas Carlyle, ensaista escoces) ------------------------------------- From mmt4q at ee.virginia.edu Mon Dec 6 16:26:54 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:31 2003 Subject: Upgrading from 2.0.5a to CVS for User Mgr. for Domains References: Message-ID: <384BE3CE.8E55F11@ee.virginia.edu> Since I need to use User Manager for Domains and this feature is only working in the CVS/HEAD code I need to "upgrade" from Samba 2.0.5a to CVS. If I switch to the CVS code ( I have a download from late October ready to go.) is there anything I have to do with the MACHINE.SID? I know when I've upgraded to newer versions of 2.0.x I had to copy the original MACHINE.SID into the new install tree. With the CVS code isn't it DOMAIN.SID and is this created automatically or do I need to copy my MACHINE.SID from 2.0.x and rename it. Also, any known reason I should use a "newer" cvs code than the one I have downloaded from Oct 28th? Thanks to all, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From mmt4q at ee.virginia.edu Mon Dec 6 16:28:37 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:31 2003 Subject: Upgrading from Samba 2.0.5a to CVS/Head for User Mgr. for Domains References: Message-ID: <384BE434.8EEF0605@ee.virginia.edu> Since I need to use User Manager for Domains I need to "upgrade" from Samba 2.0.5a to the CVS/HEAD code. If I switch to the CVS code ( I have a download from late October ready to go.) is there anything I have to do with the MACHINE.SID? I know when I've upgraded to newer versions of 2.0.x I had to copy the original MACHINE.SID into the new install tree. With the CVS code isn't it DOMAIN.SID and is this created automatically or do I need to copy my MACHINE.SID from 2.0.x and rename it. Also, any known reason I should use a "newer" cvs code than the one I have downloaded from Oct 28th? Thanks to all, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From Stanley.Skidmore at PSS.Boeing.com Mon Dec 6 16:32:42 1999 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:31 2003 Subject: Cannot find domain primary controller Message-ID: I have set passwords to be encrypted and have also set up Samba to be a WINS server. > ---------- > From: Marco A. Alvarez[SMTP:marco@ec.ucdb.br] > Sent: 12/6/99 9:14 > To: Skidmore, Stanley G > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Cannot find domain primary controller > > > encrypt passwords = yes > > On Tue, 7 Dec 1999, Skidmore, Stanley G wrote: > > > Good morning, > > I have Samba 2.0.6 installed on Redhat Linux 6.1. When I attempt to join the domain I receive a message that states the the primary domain contraoller cannot be located. > > > > I have created the encrypted smbpasswd file, added my machine name (client$) to smbpasswd with smbpasswd -a -m client. Server manager on the NT side shows Samba as a PDC. Communications between both machines is good with ping's by name and i.p. address working fine. > > > > I can also map drive drives on Samba but cannot join the domain. > > > > Does anyone have any idea what might be causing this? > > > > > > ------------------------------------- > Marco A. Alvarez (marco@ec.ucdb.br) > Departamento de Eng. de Computacao > Universidade Catolica Dom Bosco > ------------------------------------- > "Todo trabalho nobre ... > ... parece impossivel ao inicio" > (Tomas Carlyle, ensaista escoces) > ------------------------------------- > From dmd17 at cornell.edu Mon Dec 6 17:19:30 1999 From: dmd17 at cornell.edu (Dan Mihai Dumitriu) Date: Tue Dec 2 02:27:31 2003 Subject: today's CVS does not build References: Message-ID: <009101bf400e$0eca1df0$20df5480@galaxy.cs.cornell.edu> I tried to build today's CVS tree and I get the following error. Using FLAGS -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLSARPCLOGFILE="/usr/lo cal/samba/var/log.lsarpc" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBL OGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb .conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/ samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var /locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/sam ba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR= "/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntforms.def" -DNTDR IVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/pas swd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSMB_PASSWD_FILE ="/usr/local/samba/private/smbpasswd" -DSMB_PASSGRP_FILE="/usr/local/samba/p rivate/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" -DSM B_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses Linking bin/testparm lib/passcheck.o: In function `smb_pwd_check_ntlmv1': lib/passcheck.o(.text+0x59): undefined reference to `SMBOWFencrypt' lib/passcheck.o(.text+0x69): undefined reference to `SMBsesskeygen_ntv1' lib/passcheck.o: In function `smb_pwd_check_ntlmv2': lib/passcheck.o(.text+0xec): undefined reference to `ntv2_owf_gen' lib/passcheck.o(.text+0x109): undefined reference to `SMBOWFencrypt_ntv2' lib/passcheck.o(.text+0x118): undefined reference to `SMBsesskeygen_ntv2' collect2: ld returned 1 exit status make: *** [bin/testparm] Error 1 Dan From rajeeva at research.bell-labs.com Mon Dec 6 19:32:22 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:31 2003 Subject: security=? References: <38147210.8C0BE2B@research.bell-labs.com> Message-ID: <384C0F46.67B2916E@research.bell-labs.com> I am using samba 2.1-prealpha to test printing from NT. I need a setup where only users I add in smbpasswd file gets access as root and rest of them map to nobody. I have security=user set in my smb.conf. When I run smbpasswd to add accounts, it core dumps on me. I am running samab on a linux box running redhat 6.1. [root@printm bin]# ./smbpasswd doing parameter case sensitive = no doing parameter map to guest = bad password doing parameter smb passwd file = /LPRng/samba/private/smbpasswd doing parameter printcap name = /LPRng/lpd_printcap doing parameter print command = /LPRng/current/bin/lpr -P%p -Zhost=%m -r %s doing parameter lpq command = /LPRng/current/bin/lpq -P%p doing parameter lprm command = /LPRng/current/bin/lprm -P%p %j doing parameter load printers = yes doing parameter guest account = nobody doing parameter browseable = yes doing parameter log file = /LPRng/samba/var/log.%m doing parameter max log size = 50 doing parameter locking = yes doing parameter lock directory = /LPRng/samba/var/locks doing parameter share modes = yes doing parameter security = user doing parameter name resolve order = host wins doing parameter nt forms file = /LPRng/samba/lib/nt/ntforms.def doing parameter nt printer driver = /LPRng/samba/lib/nt doing parameter socket options = TCP_NODELAY doing parameter os level = 64 doing parameter preferred master = no doing parameter domain master = no doing parameter local master = no doing parameter wins support = no doing parameter wins server = 135.104.26.122 doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter encrypt passwords = yes pm_process() returned Yes Derived broadcast address 127.255.255.255 Added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 cli_connect_serverlist: Domain password server not available. Segmentation fault (core dumped) If I add a line password server = localhost Then running smbpasswd does not core dumps, but complains that addition/change of password entry failed. Please let me know, how do I go about setting it up. What I want is that, a few users whom I add in smbpasswd file, should get root access on the machine through samba and anybody not in smbpasswd file should connect as nobody. TIA, rajeev From mike at psand.net Mon Dec 6 19:47:21 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:31 2003 Subject: Cannot find domain primary controller References: Message-ID: <004f01bf4022$b85e0b60$0164a8c0@win981> Marco, Hang on. You're running the Samba server as a PDC and joining the domain from an NT or Samba box, right? Remember that you have to add a UNIX user account (with the $ sign), for RHL6.x, something like: % useradd client$ -c "My Client Machine" -s /dev/null -n -M The -s, -n and -M parameters are useful for a non-login UNIX account and good for security :-). Then use smbpasswd to add the machine without the $ sign, like: % smbpasswd -a -m client Hope this helps, Mike Harris, Psand Espa?a. ----- Original Message ----- From: Marco A. Alvarez To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 06, 1999 5:11 PM Subject: Re: Cannot find domain primary controller > > encrypt passwords = yes > > On Tue, 7 Dec 1999, Skidmore, Stanley G wrote: > > > Good morning, > > I have Samba 2.0.6 installed on Redhat Linux 6.1. When I attempt to join the domain I receive a message that states the the primary domain contraoller cannot be located. > > > > I have created the encrypted smbpasswd file, added my machine name (client$) to smbpasswd with smbpasswd -a -m client. Server manager on the NT side shows Samba as a PDC. Communications between both machines is good with ping's by name and i.p. address working fine. > > > > I can also map drive drives on Samba but cannot join the domain. > > > > Does anyone have any idea what might be causing this? > > > > > > ------------------------------------- > Marco A. Alvarez (marco@ec.ucdb.br) > Departamento de Eng. de Computacao > Universidade Catolica Dom Bosco > ------------------------------------- > "Todo trabalho nobre ... > ... parece impossivel ao inicio" > (Tomas Carlyle, ensaista escoces) > ------------------------------------- From mike at psand.net Mon Dec 6 20:30:08 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:31 2003 Subject: security=? References: <38147210.8C0BE2B@research.bell-labs.com> <384C0F46.67B2916E@research.bell-labs.com> Message-ID: <009701bf4028$b2406f60$0164a8c0@win981> password server = localhost will effectively endlessly loop your login authentication around the same server - don't do it, it's only for remote 'pass-through' authentication by another box, Samba PDC or NT PDC. Have you tried the version 2.0.6, it'll be more stable? Are you running Samba as a PDC ? Do you have an smbpasswd file ? Also, you could look at the following parameters, they might help: valid users = @admin admin users = @admin to get root access to the share for users in the UNIX group admin. You could use the smbusers to map all other user accounts to nobody. Or perhaps place the users in the group nobody in the /etc/group file. Another useful few parameters to look at are: force group = create mask = directory mask = Just some thoughts, not really a solution. Good Luck! Mike Harris, Psand Espa?a. ----- Original Message ----- From: Rajeev Agrawala To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 06, 1999 8:35 PM Subject: security=? > I am using samba 2.1-prealpha to test printing from NT. I need a setup > where only users I add in smbpasswd file gets access as root and rest of > them map to nobody. I have security=user set in my smb.conf. When I run > smbpasswd to add accounts, it core dumps on me. I am running samab on a > linux box running redhat 6.1. > > > [root@printm bin]# ./smbpasswd > doing parameter case sensitive = no > doing parameter map to guest = bad password > doing parameter smb passwd file = /LPRng/samba/private/smbpasswd > doing parameter printcap name = /LPRng/lpd_printcap > doing parameter print command = /LPRng/current/bin/lpr -P%p -Zhost=%m > -r %s > doing parameter lpq command = /LPRng/current/bin/lpq -P%p > doing parameter lprm command = /LPRng/current/bin/lprm -P%p %j > doing parameter load printers = yes > doing parameter guest account = nobody > doing parameter browseable = yes > doing parameter log file = /LPRng/samba/var/log.%m > doing parameter max log size = 50 > doing parameter locking = yes > doing parameter lock directory = /LPRng/samba/var/locks > doing parameter share modes = yes > doing parameter security = user > doing parameter name resolve order = host wins > doing parameter nt forms file = /LPRng/samba/lib/nt/ntforms.def > doing parameter nt printer driver = /LPRng/samba/lib/nt > doing parameter socket options = TCP_NODELAY > doing parameter os level = 64 > doing parameter preferred master = no > doing parameter domain master = no > doing parameter local master = no > doing parameter wins support = no > doing parameter wins server = 135.104.26.122 > doing parameter preserve case = yes > doing parameter short preserve case = yes > doing parameter encrypt passwords = yes > pm_process() returned Yes > Derived broadcast address 127.255.255.255 > Added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > cli_connect_serverlist: Domain password server not available. > Segmentation fault (core dumped) > > > If I add a line > password server = localhost > > Then running smbpasswd does not core dumps, but complains that > addition/change of password entry failed. > > Please let me know, how do I go about setting it up. What I want is > that, a few users whom I add in smbpasswd file, should get root access > on the machine through samba and anybody not in smbpasswd file should > connect as nobody. > > TIA, > > rajeev From rajeeva at research.bell-labs.com Mon Dec 6 21:05:20 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:31 2003 Subject: security=? References: <38147210.8C0BE2B@research.bell-labs.com> <384C0F46.67B2916E@research.bell-labs.com> <009701bf4028$b2406f60$0164a8c0@win981> Message-ID: <384C2510.F1696AA9@research.bell-labs.com> Mike Harris wrote: > > password server = localhost will effectively endlessly loop your login > authentication around the same server - don't do it, it's only for remote > 'pass-through' authentication by another box, Samba PDC or NT PDC. I understand that. The point I was trying to make, is that the smbpasswd program does not core dumps if I add this line. > > Have you tried the version 2.0.6, it'll be more stable? > No. I want to try 2.1.prealpha, because it supports printing from NT, including drivers download to NT machines. > Are you running Samba as a PDC ? > No. My security setting is security = user. Does it have to be PDC to use smbpasswd file ? > Do you have an smbpasswd file ? > Yes I do. I created the file using cat /etc/passwd | mksmbpasswd.sh >smbpasswd Thanks, rajeev From mgeddes at xavier.sa.edu.au Mon Dec 6 21:48:32 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:31 2003 Subject: User manager for Domains / Graphical Samba Tools Message-ID: <384C2F30.2EC4B745@xavier.sa.edu.au> I have noticed that a great deal of people are looking to run User Manager for Domains under Samba, but are having problems. Whilst I can't help with these problems, I recommend looking at a tool called Webmin (http://www.webmin.com/ - I think). For those that don't know, webmin is a bunch of perl scripts which allow you to configure your Unix box via http. It appears quite secure and it is very functional. One of the included modules is for configuring Samba and making account changes. Maybe some of you might find this useful for the time being? Matt From chrisl at monmouth.com Mon Dec 6 22:02:09 1999 From: chrisl at monmouth.com (Chris Lubrecht) Date: Tue Dec 2 02:27:31 2003 Subject: Trapdoor? Message-ID: <016d01bf4035$8b1ab190$290dbfd1@noc3.monmouth.com> Well..I solved my old problem, but gained a new one. I am using BSDI and run into the following when my NT machine tries to connect.. (from the connection log) [1999/12/06 16:25:27, 0] smbd/uid.c:become_gid(105) Couldn't set effective gid to 101 currently set to (real=0,eff=101) [1999/12/06 16:25:27, 0] smbd/service.c:make_connection(463) Can't become connected user! security is set to user and passwords are encrypted Is this happening because BSDI is a trapdoor gid/uid OS Is there a fix other than another OS :) Chris Lubrecht Network Engineering Monmouth Internet Red Bank, NJ From D.Bannon at latrobe.edu.au Mon Dec 6 22:57:28 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:31 2003 Subject: Cannot find domain primary controller In-Reply-To: <004f01bf4022$b85e0b60$0164a8c0@win981> References: Message-ID: <3.0.6.32.19991207095728.0088c280@bioserve.latrobe.edu.au> At 07:00 AM 07/12/1999 +1100, Mike Harris wrote: >Marco, > >Hang on. You're running the Samba server as a PDC and joining the domain >from an NT or Samba box, right? > >Remember that you have to add a UNIX user account (with the $ sign), for >RHL6.x, something like: > >% useradd client$ -c "My Client Machine" -s /dev/null -n -M > er, should that be : useradd -c "My Client Machine" -s /bin/false -n -d /dev/null -g machines client$ ? -s being shell -d being home directory -n don't make a self named group -g set primary group (which must exist) David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Loo at littongcs.com Mon Dec 6 23:38:43 1999 From: Loo at littongcs.com (Loo, Joseph) Date: Tue Dec 2 02:27:31 2003 Subject: Connecting to NT PDC Message-ID: <9DD60A65AD75D211816700A0C9E93F910278FD8C@whntmail1.littongcs.com> I am relatively new at Samba. I am trying to connect a Samba server to the NT domain within my company. I have been experencing several problems with the server: 1. It takes about 2 days before the PDC recognize the samba server. I am not sure what I am doing wrong. 2. The system intermittenly connects to the system. If I connect on NT (plain word password) under homes first, it will connect with no problem. If I try to connect to MFG_Docs, then it keeps crumbling with bad password. 3. I created a share, MFG_Docs. It is suppose to be open to anyone for read. If I do a direct connect from any user not connected to the system it keeps asking for a user/password. This seemed to work on a Samba machine not connected to the PDC. This is running Samba 2.0.6 on Solaris 2.6. It was compiled with GNU 2.8.1 using the following configuration: ./configure --prefix=/opt/misc/samba-2.0.6 --with-automount --with-nisplus --with-nisplus-home The smb file is: # Samba config file created using SWAT # from loo (159.201.125.21) # Date: 1999/12/06 13:56:59 # Global parameters [global] workgroup = GCSNT netbios name = STRANGE1 security = DOMAIN encrypt passwords = Yes map to guest = Bad User password server = * smb passwd file = /opt/misc/samba/lib/private/smbpasswd passwd chat debug = Yes username map = /opt/misc/samba/lib/users.map printcap name = /opt/misc/samba/lib/printcap preload = Mfg_Docs Color_Nor Homes guest account = guest print command = /usr/bin/lp -d %p %s lprm command = /usr/ucb/lprm -P%p %j oplocks = No [homes] read only = No [printers] comment = All Printers path = /tmp create mask = 0700 guest ok = Yes print ok = Yes browseable = No [color] path = /tmp read only = No create mask = 0700 guest ok = Yes print ok = Yes print command = /usr/bin/lp -o nobanner -o nofilebreak -d %p %s printer name = color share modes = No [Apex_Info] comment = Apex Requirements Data path = /home/apex/share write list = loo,ibrahim,weekley,bremerb force user = apex [Mfg_Docs] comment = Directory containing manufacturing documents path = /home/docs/mfg guest account = pdfrd write list = valdez guest ok = Yes [color_nor] path = /tmp guest ok = Yes print ok = Yes print command = /usr/bin/lp -o nobanner -o nofilebreak -d %p %s printer name = color_nor Joseph Loo Litton Guidance & Control 5500 Canoga Ave Woodland Hills, CA 91367-6698 Phone #: (818) 715-2961 Fax #: (818) 715-2752 From rad2921 at cup.edu Tue Dec 7 01:25:02 1999 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:27:31 2003 Subject: New CVS Update giving errors.. In-Reply-To: <9DD60A65AD75D211816700A0C9E93F910278FD8C@whntmail1.littongcs.com> Message-ID: i just used cvs to update the samba source so i could test a couple of things out.. but when i 'make install', samba gives me these compile errors when compiling server.c: In file included from include/includes.h:58, from smbd/server.c:22: /usr/include/sys/un.h:41: parse error before `u_char' /usr/include/sys/un.h:41: warning:no semicolon at end of struct or union /usr/include/sys/un.h:42: warning: data definition has no type or storage class /usr/include/sys/un.h:44: parse error before `}' *** Error Code 1 when i checked the header file, i didn't see anything wrong.. but then again i'm only human and i might have missed it.. but here is the beginning code of /usr/include/sys/un.h: #ifndef _SYS_UN_H_ #define _SYS_UN_H_ struct sockaddr_un { u_char sun_len; u_char sun_family; char sun_path[104]; }; those are lines 37 - 44.. right at the beginning of the header file after the comment.. if anyone can help, it'd be appreciated.. From karl.wolny at pro-inform.de Sun Dec 5 15:33:03 1999 From: karl.wolny at pro-inform.de (karl.wolny@pro-inform.de) Date: Tue Dec 2 02:27:31 2003 Subject: subscribe Message-ID: -------------- next part -------------- HTML attachment scrubbed and removed From fancieryu at hotmail.com Tue Dec 7 21:06:22 1999 From: fancieryu at hotmail.com (Frank Yu) Date: Tue Dec 2 02:27:31 2003 Subject: Unable to connect after changing NT PDC's name Message-ID: <19991207070622.84742.qmail@hotmail.com> I had set up an samba (2.0.5a) on a solaris 2.5.1 box in domain mode on an NT domain and it worked well. Later, I get a new server and decided to replace the old PDC named as cat_svr and move all the shared files from old PDC to the new server. I installed the new server as cat_new_svr as a BDC. Later I upgraded the BDC to PDC and shutdown the original PDC. Then I change the new server's name to the original PDC name cat_svr. After that, my windoze 95 box works happily but my samba refused to work ever since, it shows "server cat_svr refused to connect". I deleted and re-created the samba machine account on PDC and try "smbpasswd -j domain" the PDC still refuse to connect. Does any people know the reason any any way out for this problem thanks in advance. Frank Yu ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From hanak at IRIS.osu.cz Tue Dec 7 09:39:33 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:31 2003 Subject: profiles in home Message-ID: Hi, i have only one question. I red (in docs) that there is a problem with profiles located in home dirs, cause some strange problems appear after few logins and logouts. Is this problem already solved or it's still recommended to have profiles in other location than user's homes? Thanks for any comment. Ondrej From rbrand at esg-gmbh.de Tue Dec 7 10:34:43 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:27:31 2003 Subject: NT services Message-ID: <41256840.00399638.00@lns002ext.esg-gmbh.de> Hello, I'm using samba as PDC. Now I have the following problems : I would like to use the "at" command from Windows-NT for batch programming. In the logfile I get a message like "wrong password, login failed", nothing happened. A similar problem is that I have a programm (clearcase from rational), which would like to create a user on my NT-domain during setup ! I got the same messages in the logfile. What do I have to set in the smb.conf that nt-services can act ?! Does anyone know something about this services ? Do I have to include them in the /etc/passwd, /etc/group ? do they need special rights ? Thank you in advanced R. Brand From greg at discreet.com Tue Dec 7 11:08:59 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:31 2003 Subject: NT services In-Reply-To: <41256840.00399638.00@lns002ext.esg-gmbh.de> Message-ID: Hi, What version of samba are you using? I believe in order to use AT you need to use an account with local admin privilege, or did you change the service to run as another user? We use ClearCase here but we run the clearcase_albd account as a local account since CC does not seem to like some of the responses it gets back from the samba PDC when it checks out a domain account. The service actually starts but then stops a minute later, is this what is happening to you? Greg On 07-Dec-99 rbrand@esg-gmbh.de wrote: > Hello, > > I'm using samba as PDC. Now I have the following problems : > > I would like to use the "at" command from Windows-NT for > batch programming. In the logfile I get a message like "wrong password, > login failed", > nothing happened. > > A similar problem is that I have a programm (clearcase from rational), > which would > like to create a user on my NT-domain during setup ! I got the same > messages in the logfile. > > What do I have to set in the smb.conf that nt-services can act ?! Does > anyone know something > about this services ? Do I have to include them in the /etc/passwd, > /etc/group ? do they need > special rights ? > > Thank you in advanced > > R. Brand > ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From mike at psand.net Tue Dec 7 11:05:45 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:31 2003 Subject: Cannot find domain primary controller References: <3.0.6.32.19991207095728.0088c280@bioserve.latrobe.edu.au> Message-ID: <005801bf40a5$35bfb180$0164a8c0@win981> Well yes and no, depends on what you want .... Under RedHat: -s /dev/null - always exists and always works well as a null login shell. -M - doesn't create a home directory, leave out if needed. - g - RedHat automatically puts new users into users. It's a question of preference and what you are doing, I suggest the man pages ...... Mike. ----- Original Message ----- From: David Bannon To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 06, 1999 11:59 PM Subject: RE: Cannot find domain primary controller > At 07:00 AM 07/12/1999 +1100, Mike Harris wrote: > >Marco, > > > >Hang on. You're running the Samba server as a PDC and joining the domain > >from an NT or Samba box, right? > > > >Remember that you have to add a UNIX user account (with the $ sign), for > >RHL6.x, something like: > > > >% useradd client$ -c "My Client Machine" -s /dev/null -n -M > > > > er, should that be : > > useradd -c "My Client Machine" -s /bin/false -n -d /dev/null -g machines > client$ > ? > > -s being shell > -d being home directory > -n don't make a self named group > -g set primary group (which must exist) > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! From mmt4q at ee.virginia.edu Tue Dec 7 12:58:17 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:31 2003 Subject: Upgrading from Samba 2.0.5a to CVS/Head for User Mgr. for Domains References: <0846B011B9A4D111A1EE006097DA4FCE02F8125B@icex1.cc.ic.ac.uk> Message-ID: <384D0469.611E067A@ee.virginia.edu> Phil, If this is the case then you are correct, the CVS/Head branch is useless to me. I want to be able to add a Domain User to a Local group on an individual WinNT SP6a client. Thank you for the info, Melissa "Mayers, P J" wrote: > I hate to tell you this, but User Manager for Domains does not "work" in the > HEAD branch fully. It will let you *view* information fine, but you can't > set anything - no create users, no reset passwords, no add users to groups. > > I suspect this means it's of little use to you. > > Cheers, > Phil > > -----Original Message----- > From: Melissa Thrush > To: Multiple recipients of list SAMBA-NTDOM > Sent: 12/6/99 4:58 PM > Subject: Upgrading from Samba 2.0.5a to CVS/Head for User Mgr. for Domains > > Since I need to use User Manager for Domains I need > to "upgrade" from Samba 2.0.5a to the CVS/HEAD code. > > If I switch to the CVS code ( I have a download > from late October ready to go.) is there anything I have to do with the > MACHINE.SID? I know when I've upgraded to newer versions of > 2.0.x I had to copy the original MACHINE.SID into the new install > tree. With the CVS code isn't it DOMAIN.SID and is this created > automatically or do I need to copy my MACHINE.SID from 2.0.x > and rename it. > > Also, any known reason I should use a "newer" cvs code than the one > I have downloaded from Oct 28th? > > Thanks to all, > > Melissa > -- > Melissa Thrush > Dept. of Electrical Engineering > University of Virginia > Thornton Hall - C213 > Phone: 804-924-6072 > Fax: 804-924-8818 -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From brandtwr-samba at draaw.net Tue Dec 7 13:01:53 1999 From: brandtwr-samba at draaw.net (Bill Brandt) Date: Tue Dec 2 02:27:31 2003 Subject: slow printing. In-Reply-To: ; from Johannes Weberhofer on Thu, Dec 02, 1999 at 01:13:35PM +0100 References: <19991201162246.B25889@draaw.net> Message-ID: <19991207080153.B4088@draaw.net> I'm not totally sure why, but the printer worked fine with the MS and HP standard drivers when it was on the NT Server. I think the issue has something to do with the Redhat print filter for HP4M that I had to apply to get graphics to work. Anyway, when I switched to HP4M Postscript a 42 page graphic/text mixed file that used to be created as a 20MB print file (~ 500KB/page) on the NTWS is now coming through as an 800KB file (~ 20KB) and is printing at normal speeds. Perhaps someone can explain it, but the only thing that makes sense to me is that NT (non-PS) driver cannot be set to use soft fonts and the RH filter was actually doing the correct filtering to allow PS. On another printing note... Are there any plans to allow for filenames that match the document? The current filename in the spools is a randomly generated tempfile name. Even if the document name was a mixture of the two... like: sEYUhen. it would probably be better. Bill On Thu, Dec 02, 1999 at 01:13:35PM +0100, Johannes Weberhofer wrote: >>On Wed, Dec 01, 1999 at 03:52:14PM -0500, Steve Litt wrote: >>>I'm not much of an NT guy. On w98, it's on the printer properties dialog >>>box, fonts tab. >>> >>>Steve >>>At 02:44 PM 12/01/1999 -0500, you wrote: >>>>Steve, >>>> >>>>Thanks for the help... It appears your correct when I copy a large txt >>>file it >>>>runs fine and the print files are coming out around 300K for a 2-3 page >>>>document. However, I'm on NTWS 4.0 and can't find the setting for soft >>>fonts in >>>>the printer properties. Any ideas where that setting is? >>>> >>>>Bill >>>> >>>>On Wed, Dec 01, 1999 at 08:56:11AM +1100, Steve Litt wrote: >>>>>I had that once. Turned out my W$ printer def was set to "download truetype >>>>>fonts as graphics", which blew up the size of the print file by a factor of >>>>>10. When I change to "download truetype fonts as soft fonts", my Laserjet >>>>>IIID printed at its specified 8 pages per minute -- no cooldown. >>>>> >>>>>Copy a large text file directly to it with >>>>> >>>>>copy bigfile.txt //servername/printername >>>>> >>>>>And see whether it still prints too slowly. If not, it's probably your >>>>>Windows client printer def. >>>>> >>>>>Steve Litt >>>>> >>>>>At 07:53 AM 12/01/1999 +1100, Bill Brandt wrote: >>>>>>I'm having an issue with a samba print server. I have the following in the >>>>>>smb.conf >>>>>> >>>>>>[global] >>>>>> workgroup = DOMAINNAME >>>>>> netbios name = SERVERNAME >>>>>> server string = Samba Server >>>>>> security = DOMAIN >>>>>> encrypt passwords = Yes >>>>>> password server = NTDOMAINPDC >>>>>> log file = /var/log/samba/log.%m >>>>>> max log size = 50 >>>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>>>> os level = 10 >>>>>> local master = No >>>>>> dns proxy = No >>>>>> wins server = #.#.#.# >>>>>> >>>>>>[printers] >>>>>> comment = All Printers >>>>>> path = /var/spool/samba >>>>>> guest ok = Yes >>>>>> print ok = Yes >>>>>> browseable = No >>>>>> >>>>>>The printer is a HP LaserJet 4M setup with redhat print-tool in lpd. Files >>>>>>print, but it appears that each page is sent separately to the printer with >>>>>>enough time between them for the printer to stop and sometimes even "cool >>>>>down". >>>>>>Has anyone experienced this issue? >>>>>> >>>>>>-- >>>>>>Bill Brandt >>>>>>brandtwr@draaw.net http://www.draaw.net/ >>>>>> >>>>> >>>> >>>>-- >>>>Liam >>>> >>>>Bill Brandt >>>>brandtwr@draaw.net http://www.draaw.net/ >>>> >>> >> >>-- >>Liam >> >>Bill Brandt >>brandtwr@draaw.net http://www.draaw.net/ >> > >---------------------------------------------------------------------- >Johannes Weberhofer >>> IT-Technologies >Austria > >email: Johannes.Weberhofer@ibm.net >tel: +43 (0)3178 - 3679 >tel: +43 (0)1 - 204 28 65 >---------------------------------------------------------------------- > > -- Liam Bill Brandt brandtwr@draaw.net http://www.draaw.net/ From mmt4q at ee.virginia.edu Tue Dec 7 13:15:32 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:31 2003 Subject: Upgrading from Samba 2.0.5a to CVS/Head for User Mgr. for Domains References: <0846B011B9A4D111A1EE006097DA4FCE02F8125F@icex1.cc.ic.ac.uk> Message-ID: <384D0874.417369BB@ee.virginia.edu> Phil, Thanks so much for your reply and clarifying what works! I'll give it a go before folks come to work tomorrow morning hopefully. Melissa "Mayers, P J" wrote: > Well, *that* will work - the domain users list only needs to be readable for > that. In fact, I have the same thing working here. An "admins" NT group > (also a unix group using unified logons with LDAP ) contains the global > admins, and that group is part of the local "Administrators" group. Also, > individual users are made part of the Administrators group on their own > machine (or Power Users). > > So if that's all you need to do, that will work fine. > > Cheers, > Phil > > -----Original Message----- > From: Melissa Thrush > To: Mayers, P J; samba-ntdom@samba.org > Sent: 12/7/99 12:58 PM > Subject: Re: Upgrading from Samba 2.0.5a to CVS/Head for User Mgr. for > Domains > > Phil, > > If this is the case then you are correct, the CVS/Head branch is useless > to me. > I want to be able to add a Domain User to a Local group on an individual > WinNT > SP6a > client. > > Thank you for the info, > > Melissa > > "Mayers, P J" wrote: > > > I hate to tell you this, but User Manager for Domains does not "work" > in the > > HEAD branch fully. It will let you *view* information fine, but you > can't > > set anything - no create users, no reset passwords, no add users to > groups. > > > > I suspect this means it's of little use to you. > > > > Cheers, > > Phil > > > > -----Original Message----- > > From: Melissa Thrush > > To: Multiple recipients of list SAMBA-NTDOM > > Sent: 12/6/99 4:58 PM > > Subject: Upgrading from Samba 2.0.5a to CVS/Head for User Mgr. for > Domains > > > > Since I need to use User Manager for Domains I need > > to "upgrade" from Samba 2.0.5a to the CVS/HEAD code. > > > > If I switch to the CVS code ( I have a download > > from late October ready to go.) is there anything I have to do with > the > > MACHINE.SID? I know when I've upgraded to newer versions of > > 2.0.x I had to copy the original MACHINE.SID into the new install > > tree. With the CVS code isn't it DOMAIN.SID and is this created > > automatically or do I need to copy my MACHINE.SID from 2.0.x > > and rename it. > > > > Also, any known reason I should use a "newer" cvs code than the one > > I have downloaded from Oct 28th? > > > > Thanks to all, > > > > Melissa > > -- > > Melissa Thrush > > Dept. of Electrical Engineering > > University of Virginia > > Thornton Hall - C213 > > Phone: 804-924-6072 > > Fax: 804-924-8818 > > -- > Melissa Thrush > Dept. of Electrical Engineering > University of Virginia > Thornton Hall - C213 > Phone: 804-924-6072 > Fax: 804-924-8818 -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From kkappel at sha2000.de Tue Dec 7 13:16:05 1999 From: kkappel at sha2000.de (Klaus Kappel) Date: Tue Dec 2 02:27:31 2003 Subject: Connecting to NT PDC References: <9DD60A65AD75D211816700A0C9E93F910278FD8C@whntmail1.littongcs.com> Message-ID: <384D0895.8B2699EE@mail.novalisa> "Loo, Joseph" schrieb: > I am relatively new at Samba. I am trying to connect a Samba server to > the NT domain within my company. I have been experencing several > problems with the server: > 1. It takes about 2 days before the PDC recognize the samba > server. I am not sure what I am doing wrong. Typically, WINS server conflicts! TTL of WINS records is about 2-5 days. You should make sure, that there is only one WINS server in your network. > 2. The system intermittenly connects to the system. If I connect > on NT (plain word password) under homes You should have encrypted passwords and workstation accounts: 1. workstation$ in /etc/passwd 2. workstation in smbpasswd > 3. I created a share, MFG_Docs. It is suppose to be open to > anyone for read. If I do a direct connect > from any user not connected to the system it keeps asking for > user/password. > > [Mfg_Docs] > comment = Directory containing manufacturing documents > path = /home/docs/mfg > guest account = pdfrd > write list = valdez > guest ok = Yes Write list overrides guest ok. AFAIK > encrypt passwords = Yes ??? > password server = * you could point to your PDC by NETBIOS name cu, Klaus -------------- next part -------------- A non-text attachment was scrubbed... Name: kkappel.vcf Type: text/x-vcard Size: 295 bytes Desc: Visitenkarte für Klaus Kappel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991207/d15dd5ea/kkappel.vcf From ksmelser at uindy.edu Tue Dec 7 13:53:12 1999 From: ksmelser at uindy.edu (Kelly S. Smelser) Date: Tue Dec 2 02:27:31 2003 Subject: Profiles (Locking Profiles) Message-ID: I thought I had read somewhere on the list in the past about locking user profiles on the Samba server, but I can't seem to find it now. If this is possible, I think it would be a good way to deal with the big profile problem associated with IE caching. Does anyone have some info on locking profiles that could help me out? k "...kneel down and kiss the earth, and show me what this thought is worth." -Trey Anastasio/Tom Marshall (Phish) From skvidal at phy.duke.edu Tue Dec 7 14:17:48 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:31 2003 Subject: Profiles (Locking Profiles) In-Reply-To: Message-ID: > I thought I had read somewhere on the list in the past about > locking user profiles on the Samba server, but I can't seem to find it > now. If this is possible, I think it would be a good way to deal with the > big profile problem associated with IE caching. Does anyone have some > info on locking profiles that could help me out? rename ntuser.dat to ntuser.man locked profile. Also change your registry settings so your temporary internet cache is somwhere on the local drive that gets deleted at login and you don't have that problem. -sv From jens.skripczynski at igd.fhg.de Tue Dec 7 14:19:42 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:31 2003 Subject: profiles in home In-Reply-To: ; from hanak@IRIS.osu.cz on Tue, Dec 07, 1999 at 08:36:30PM +1100 References: Message-ID: <19991207151942.A1731@pclinux.igd.fhg.de> Ondrej Hanak: > Hi, > i have only one question. I red (in docs) that there is a problem with > profiles located in home dirs, cause some strange problems appear after > few logins and logouts. Is this problem already solved or it's still > recommended to have profiles in other location than user's homes? As far as I have understood the problem is not on the serverside, but on the client side (NT or 95). So this Problem cannot be solved by samba... Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From skvidal at phy.duke.edu Tue Dec 7 14:31:15 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:31 2003 Subject: profiles in home In-Reply-To: <19991207151942.A1731@pclinux.igd.fhg.de> Message-ID: > > Hi, > > i have only one question. I red (in docs) that there is a problem with > > profiles located in home dirs, cause some strange problems appear after > > few logins and logouts. Is this problem already solved or it's still > > recommended to have profiles in other location than user's homes? > As far as I have understood the problem is not on the serverside, but on the > client side (NT or 95). > > So this Problem cannot be solved by samba... well it sort of can. just make a separate profile share on your samba server and wa-la the problem is gone. -sv From jmartin at css.tayloru.edu Tue Dec 7 14:41:15 1999 From: jmartin at css.tayloru.edu (kanaka) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd not finding smbpasswd file Message-ID: I'm running the following command # smbpasswd -a -m JERUSALEM to add the computer JERUSALEM to the smbpasswd file. It gives me the following: Domain password server not available. Can't setup password database vectors. Is it not finding the smbpasswd file? How does smbpasswd know where to find the file? Joel_Martin_____________________________ Asst._Computing_Resource_Manager________Yesterday_it_worked Computer_Science_Department_____________Today_it_is_not_working Taylor_University_______________________Windows_is_like_that. _____Sapre_Aude_(Dare-to-Know)__________ From Grant.Wallace at gedas.de Tue Dec 7 14:50:41 1999 From: Grant.Wallace at gedas.de (Wallace, Grant) Date: Tue Dec 2 02:27:31 2003 Subject: AW: smbpasswd not finding smbpasswd file Message-ID: Hi Joel, You are using the latest cvs-version? Some people including me had the same problem. you can try to check out an earlier version cvs update -D "1 month ago" Grant >It gives me the following: > Domain password server not available. > Can't setup password database vectors. From appro at fy.chalmers.se Tue Dec 7 14:58:15 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:31 2003 Subject: profiles in home References: Message-ID: <384D2087.3C33EC61@fy.chalmers.se> > > > i have only one question. I red (in docs) that there is a problem with > > > profiles located in home dirs, cause some strange problems appear after > > > few logins and logouts. Is this problem already solved or it's still > > > recommended to have profiles in other location than user's homes? > > As far as I have understood the problem is not on the serverside, but on the > > client side (NT or 95). > > > > So this Problem cannot be solved by samba... > > well it sort of can. > just make a separate profile share on your samba server and wa-la the > problem is gone. > or logon path = \\HOMEDIR\profiles\%U [profiles] writable = yes wide links = yes path = /tmp/profiles comment = Profile MUX preexec = [ -h %P/%U ] || /bin/ln -s %H/.nt %P/%U postexec = /bin/rm %P/%U if you don't want to have /tmp/profiles world writable prepend [pre|post]exec with root. andy. From appro at fy.chalmers.se Tue Dec 7 15:14:47 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:31 2003 Subject: NT Terminal Server integrated in Samba-PDC controlled NT-Domain? References: <001301bf3ced$2371a7b0$4ec9f683@fbk42> Message-ID: <384D2467.3864A069@fy.chalmers.se> > My NT-Terminal Server crashes when I want to login into a NT > domain. When did you build your Samba PDC? There were two TSE specific problems. One (BSOD at logon) was fixed/worked around in Samba code some time in March-May (I think), another one (slower logon times in comparison to workstation) disappears if you install SP4. Andy. From s.striker at striker.nl Tue Dec 7 15:29:59 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd not finding smbpasswd file In-Reply-To: Message-ID: <001101bf40c7$ec4779c0$0a00a8c0@office.striker.nl> Hi there, Is there anyone who knows by what this is caused? Does it only occur on Linux platforms, or on other platforms too? Is it fixable on the short term? Without it other new code in te HEAD branch can also not be brought into practice. Greetings, Sander Striker > Hi Joel, > You are using the latest cvs-version? > Some people including me had the same problem. > > you can try to check out an earlier version > cvs update -D "1 month ago" > > Grant > > > >It gives me the following: > > Domain password server not available. > > Can't setup password database vectors. > > From bs at vpnet.at Tue Dec 7 15:27:37 1999 From: bs at vpnet.at (Berthold =?ISO-8859-1?Q?St=F6ger?=) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd not finding smbpasswd file In-Reply-To: <001101bf40c7$ec4779c0$0a00a8c0@office.striker.nl> References: <001101bf40c7$ec4779c0$0a00a8c0@office.striker.nl> Message-ID: <19991207.15273700@intra.vpnet.at> >>>>>>>>>>>>>>>>>> Urspr?ngliche Nachricht <<<<<<<<<<<<<<<<<< Am 12/7/99, 4:21:48 PM, schrieb "S. Striker" zum Thema RE: smbpasswd not finding smbpasswd file: > Hi there, > Is there anyone who knows by what this is caused? > Does it only occur on Linux platforms, or on other > platforms too? > Is it fixable on the short term? Without it other > new code in te HEAD branch can also not be brought > into practice. I guess its an easy to fix segfault... From m.kaschel at sf.hs-wismar.de Tue Dec 7 15:33:04 1999 From: m.kaschel at sf.hs-wismar.de (Michael Kaschel) Date: Tue Dec 2 02:27:31 2003 Subject: Problems with NON-DOS-Names Message-ID: <384D28B0.C994623F@sf.hs-wismar.de> Hi! I'm using currently Samba 2.0 and have problems with long file names on a samba exported file system. The creation works for links to dos-programs which resides on local drive C:, but the execution of the pif-file fails, when the file name has more than 8 chars. When I change the path of the linked program from e. g. C:\BP\BIN\BP.EXE to %HOMEDRIVE%\BP\BIN\BP.exe the link works correct independent of the length of the pif file name. But the dos-program itself cannot see file names which are not in 8.3 format. In my smb.conf file I have set mangling to yes but this seem not have any effect. Has anybody some hints for solving this problem? Thanks Michael Kaschel Germany ++ From slitt at troubleshooters.com Tue Dec 7 15:45:30 1999 From: slitt at troubleshooters.com (Steve Litt) Date: Tue Dec 2 02:27:31 2003 Subject: smbpasswd not finding smbpasswd file In-Reply-To: <001101bf40c7$ec4779c0$0a00a8c0@office.striker.nl> References: Message-ID: <3.0.6.32.19991207104530.00e79100@pop.pacificnet.net> I got the same error (Domain password server not available) on samba-2.1-19991203.tar.gz running on both RH60 and RH61. Many people have been getting this error. If we can find some people using 12/3/1999 or later releases that *do not* get this error maybe we can exploit the differences and find the root cause. Steve Litt At 02:21 AM 12/08/1999 +1100, S. Striker wrote: >Hi there, > >Is there anyone who knows by what this is caused? >Does it only occur on Linux platforms, or on other >platforms too? >Is it fixable on the short term? Without it other >new code in te HEAD branch can also not be brought >into practice. > >Greetings, > >Sander Striker > > >> Hi Joel, >> You are using the latest cvs-version? >> Some people including me had the same problem. >> >> you can try to check out an earlier version >> cvs update -D "1 month ago" >> >> Grant >> >> >> >It gives me the following: >> > Domain password server not available. >> > Can't setup password database vectors. >> >> > From p.mayers at ic.ac.uk Tue Dec 7 16:36:29 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:31 2003 Subject: MAX_PATH limit - Samba or WinNT or software? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81264@icex1.cc.ic.ac.uk> I'm using an NT (workstation) machine to backup my Samba server using the OnStream Echo software that came with my OnStream tape drive. The backup seems to proceed fine until I start getting errors, and this appears in the log file from that machine: =============================================================== [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 18624 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/07 13:46:38, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/12/07 13:46:38, 1] smbd/service.c:make_connection(515) backup (192.168.1.7) connect to service backup as user backup (uid=10546, gid=8000) (pid 18632) [1999/12/07 13:46:38, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 2 in safe_strcpy [\pub\ASP\a AxiCom client\xTelecomputing\Press rele] [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(40) =============================================================== [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 18632 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/07 13:46:38, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/12/07 13:46:38, 1] smbd/service.c:make_connection(515) backup (192.168.1.7) connect to service backup as user backup (uid=10546, gid=8000) (pid 18640) [1999/12/07 13:46:38, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 2 in safe_strcpy [\pub\ASP\a AxiCom client\xTelecomputing\Press rele] [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(40) =============================================================== [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 18640 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/07 13:46:38, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/12/07 13:46:38, 1] smbd/service.c:make_connection(515) backup (192.168.1.7) connect to service backup as user backup (uid=10546, gid=8000) (pid 18648) [1999/12/07 13:46:38, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 2 in safe_strcpy [\pub\ASP\a AxiCom client\xTelecomputing\Press rele] [1999/12/07 13:46:38, 0] lib/fault.c:fault_report(40) =============================================================== Over and over and over again, until I stop the backup manually. The filepath is 132 characters long, which is nearly exactly half MAX_PATH under Win32 (260). Is this a samba issue, NT, or software? I'm running the CVS version from Oct 4 1999. Would switching to the 2.0x series help this any? Or do I have to come up with another solution. Maybe name mangling can help me - can anyone help me here!?! I don't mind having to make a seperate share to backup out of. Cheers, Phil From bs at niggard.org Tue Dec 7 17:20:45 1999 From: bs at niggard.org (bs) Date: Tue Dec 2 02:27:32 2003 Subject: CVS smbd crashing Message-ID: <19991207.17204500@intra.vpnet.at> Hello! My smbd crashed until i #ifdefed out the port-creation of port 445 in the ?only bind interfaces? path: --- samba/source/smbd/server.c.old Tue Dec 7 17:46:50 1999 +++ samba/source/smbd/server.c Tue Dec 7 17:47:20 1999 @@ -173,9 +173,11 @@ s = fd_listenset[i * 2] = open_server_socket(port, ifip->s_addr); if(s == -1) return False; FD_SET(s,&listen_set); +#if 0 s = fd_listenset[i * 2 + 1] = open_server_socket(port445, ifip->s_addr); if(s == -1) return False; FD_SET(s,&listen_set); +#endif } } else { /* Just bind to 0.0.0.0 - accept connections If you have set ?only bind interfaces = true?, this might help. I still cannot use smbpasswd though. Luke: the select loop is totally ugly! I could rewrite it, but don't know if it isnt better to wait for Main/Head merge... From perrier at onera.fr Tue Dec 7 18:09:58 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:27:32 2003 Subject: =?us-ascii?Q?Driver_download_to_NT_machines_=28was:_Re:_security=3D=3F?= =?us-ascii?Q?=29?= In-Reply-To: =?iso-8859-15?Q?=3C384C2510=2EF1696AA9=40research=2Ebell-labs=2Ecom=3E?= =?iso-8859-15?Q?=3B_from_rajeeva=40research=2Ebell-labs=2Ecom_on_mar=2C_?= =?iso-8859-15?Q?d=E9c_07=2C_1999_at_08:08:04_+1100?= References: <38147210.8C0BE2B@research.bell-labs.com> <384C0F46.67B2916E@research.bell-labs.com> <009701bf4028$b2406f60$0164a8c0@win981> <384C2510.F1696AA9@research.bell-labs.com> Message-ID: <19991207190957.B9199@mykerinos> Quoting Rajeev Agrawala (rajeeva@research.bell-labs.com): > No. I want to try 2.1.prealpha, because it supports printing from NT, > including drivers download to NT machines. Is this documented somewhere : how to setup a printer on the samba server so that drivers may be downloaded by NT machines and so on....? -- From D.Bannon at latrobe.edu.au Tue Dec 7 22:12:30 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:32 2003 Subject: =?us-ascii?Q?Driver_download_to_NT_machines_=28was:_Re:_security=3D=3F? = =?us-ascii?Q?=29?= In-Reply-To: <19991207190957.B9199@mykerinos> References: <=?iso-8859-15?Q?=3C384C2510=2EF1696AA9=40research=2Ebell-labs=2Ecom=3E?=> <38147210.8C0BE2B@research.bell-labs.com> <384C0F46.67B2916E@research.bell-labs.com> <009701bf4028$b2406f60$0164a8c0@win981> <384C2510.F1696AA9@research.bell-labs.com> Message-ID: <3.0.6.32.19991208091230.0088b9a0@bioserve.latrobe.edu.au> At 08:16 AM 08/12/1999 +1100, Christian Perrier wrote: >Quoting Rajeev Agrawala (rajeeva@research.bell-labs.com): > >> No. I want to try 2.1.prealpha, because it supports printing from NT, >> including drivers download to NT machines. > >Is this documented somewhere : how to setup a printer on the samba >server so that drivers may be downloaded by NT machines and so on....? > No, not really. I was keeping notes while I set mine up, with the view of sending them to the FAQ. But I found some problems and reverted to an older version to get me through to the end of term. I think it is safe to say that although some brilliant progress has been made, NT printing is not quite there for _everyone_ yet. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Ole.Begemann at gmx.de Tue Dec 7 22:48:27 1999 From: Ole.Begemann at gmx.de (Ole Begemann) Date: Tue Dec 2 02:27:32 2003 Subject: Transferring user profiles to new domain Message-ID: Hello experts, I have set up a Samba 2.1 PDC (Domain: NEWDOM). Now I want to transfer all the user profiles from our old domain OLDDOM (NT4 PDC, profiles stored on a Samba 2.0.4 box) to the new one so that the users won't recognize any difference. Is there a kind of step-by-step-documentation available? I just tried to create a user on the new samba box and copy one his old profile directories to the new location, but it doesn't work, the old profile is not used. Thanks very much for your help. Ole From johnk at michaelangelomould.com Tue Dec 7 22:54:57 1999 From: johnk at michaelangelomould.com (johnk@michaelangelomould.com) Date: Tue Dec 2 02:27:32 2003 Subject: New CVS Update giving errors Message-ID: <384D9041.2BC247E8@michaelangelomould.com> -also RE: today's CVS does not build I had similar errors when attempting to compile CVS last week. Only solution I could find was to upgrade to kernel 2.2.13 -previous was kernel 2.2.6 , which had no problem running samba 2.0.6, as well as CVS from a few weeks ago. Since I am not experienced enough to trace the 'source' of the problem, I did a fresh install of Linux (Ouch!) problem solved. My 'build' was stopping at cli_spoolss.o and/or srv_spoolss.o, as well as various 'parse errors.' I know this is not what you wanted to hear... -cheers -- John Krivak From wallace at tfh-berlin.de Tue Dec 7 23:10:14 1999 From: wallace at tfh-berlin.de (Grant Wallace) Date: Tue Dec 2 02:27:32 2003 Subject: New CVS Update giving errors References: <384D9041.2BC247E8@michaelangelomould.com> Message-ID: <384D93D6.2321659@tfh-berlin.de> Hi John, johnk@michaelangelomould.com schrieb: > problem solved. > well, thats all I wanted to hear. I hope, my SuSE 5.3 likes updating from 2.0.35 ;-) Grant From Shane.Anglin at turner.com Tue Dec 7 23:45:03 1999 From: Shane.Anglin at turner.com (Anglin, Shane) Date: Tue Dec 2 02:27:32 2003 Subject: What all do I need?....... Message-ID: What packages, etc. do I need to have a RedHat 6.1 Linux server service PCs (via SMB), and Macs (via AFP and AFP/IP), and have PCs and Macs authenticate off a NT server. My NT setup is that the Linux server is in a NT resource domain, and the PDC with user accounts is in the single master domain? I have a lot of the pieces working, but not the Macs authenticating from the PDC. I am asking this broad question to see if I need to approach this differently. Thanks! Shane Anglin shane.anglin@cnn.com From lonnie at borntreger.com Wed Dec 8 00:29:59 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:32 2003 Subject: New CVS Update giving errors In-Reply-To: <384D9041.2BC247E8@michaelangelomould.com> Message-ID: <002401bf4113$5ce5a080$0500000a@wh.com> I'm seeing the errors while compiling on Solaris 7. I don't think a new Linux kernel will help me. ;) Lonnie Borntreger > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > johnk@michaelangelomould.com > Sent: Tuesday, December 07, 1999 5:02 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New CVS Update giving errors > > > > -also RE: today's CVS does not build > > I had similar errors when attempting to compile CVS last week. > > Only solution I could find was to upgrade to kernel 2.2.13 -previous > was kernel 2.2.6 , which had no problem running samba 2.0.6, > as well as > CVS from a few weeks ago. Since I am not experienced enough > to trace the > 'source' of the problem, I did a fresh install of Linux > (Ouch!) problem > solved. > > My 'build' was stopping at cli_spoolss.o and/or srv_spoolss.o, as well > as various 'parse errors.' > > I know this is not what you wanted to hear... > > -cheers > -- John Krivak > From s.striker at striker.nl Wed Dec 8 00:54:33 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file Message-ID: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> Dear Samba users, Please respond to the following if you are running the current Samba HEAD branch and have no difficulties with smbpasswd. Some of us are having problems and some comparing of situations might solve the problem. Maybe if the Samba Team could comment on this? Only if you've got the time folks, we need the code more than your comments ;) Greetings and thanks in advance, Sander Striker > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Steve Litt > Sent: dinsdag 7 december 1999 16:52 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: smbpasswd not finding smbpasswd file > > > I got the same error (Domain password server not available) on > samba-2.1-19991203.tar.gz running on both RH60 and RH61. Many people have > been getting this error. If we can find some people using 12/3/1999 or > later releases that *do not* get this error maybe we can exploit the > differences and find the root cause. > > Steve Litt > > > At 02:21 AM 12/08/1999 +1100, S. Striker wrote: > >Hi there, > > > >Is there anyone who knows by what this is caused? > >Does it only occur on Linux platforms, or on other > >platforms too? > >Is it fixable on the short term? Without it other > >new code in te HEAD branch can also not be brought > >into practice. > > > >Greetings, > > > >Sander Striker > > > > > >> Hi Joel, > >> You are using the latest cvs-version? > >> Some people including me had the same problem. > >> > >> you can try to check out an earlier version > >> cvs update -D "1 month ago" > >> > >> Grant > >> > >> > >> >It gives me the following: > >> > Domain password server not available. > >> > Can't setup password database vectors. > >> > >> > > > > From skvidal at phy.duke.edu Wed Dec 8 01:06:50 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file In-Reply-To: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> Message-ID: > Please respond to the following if you are running the current Samba HEAD > branch and have no difficulties with smbpasswd. Some of us are having > problems and some comparing of situations might solve the problem. > > Maybe if the Samba Team could comment on this? Only if you've got the > time folks, we need the code more than your comments ;) > > Greetings and thanks in advance, I'm having no problems. using a version from 9-24-99 added 400+ users with it. NT - wkstations DC'd by samba 2.1prealpha and file/print served to 2.0.6 -sv From jason at bertke.net Wed Dec 8 01:15:24 1999 From: jason at bertke.net (Jason A. Diegmueller) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file Message-ID: | I'm having no problems. | using a version from 9-24-99 | | added 400+ users with it. | NT - wkstations DC'd by samba 2.1prealpha and file/print | served to 2.0.6 I checked out new CVS code about a week ago, and have tried every day since with the exact same problem. (the domain password server not available) The solution for me was simply a "workaround" as opposed to a solution, but it did get my client up and running again: checkout code from "21 days ago" with CVS. So, in this case, code from 9-24-99 would work theoretically work fine. It's just the more recent (7-10 days?) CVS code that seems to be displaying the issue. In my case, the machine is a Linux 2.2.13pre12 SMP machine. From mgeddes at xavier.sa.edu.au Wed Dec 8 05:13:36 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:32 2003 Subject: Samba and NT password sync Message-ID: <3.0.5.32.19991208151336.007c9d70@mail.xavier.sa.edu.au> Hi all, Does anybody out there know the limitations with unix or NT password expiry and synchronisation with Samba 2.0.5a? I am looking at having my Samba Domain controller expire user passwords after a certain amount of time (different for different users) and I need to know if it will just prompt them to change their password or whether it will just be a pain in the arse.... Thanks Heaps, Matt P.S. I was referring to NT when I said pain in the arse ;-) From mgeddes at xavier.sa.edu.au Wed Dec 8 06:03:22 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:32 2003 Subject: LDAP support in Samba 2.0.5a Message-ID: <3.0.5.32.19991208160322.007bd8b0@mail.xavier.sa.edu.au> Hi again, I was just perusing my copy of the smb.conf man page and noticed something I hadn't noticed before. The LDAP support options. Does anyone know where to start looking for information on playing with this? Thanks HEAPS, Matt From paulc at wickedawesome.dhs.org Wed Dec 8 07:44:18 1999 From: paulc at wickedawesome.dhs.org (Paul Coleman) Date: Tue Dec 2 02:27:32 2003 Subject: No subject Message-ID: <003701bf4150$09689060$0a01a8c0@wickedawesome.dhs.org> unsubscribe -------------- next part -------------- HTML attachment scrubbed and removed From siems at cck.uni-kl.de Wed Dec 8 08:07:51 1999 From: siems at cck.uni-kl.de (Sven Siems) Date: Tue Dec 2 02:27:32 2003 Subject: NT Terminal Server integrated in Samba-PDC controlled NT-Domain? References: <001301bf3ced$2371a7b0$4ec9f683@fbk42> <384D2467.3864A069@fy.chalmers.se> Message-ID: <003301bf4153$5297e300$4ec9f683@fbk42> Ok, with Samba 2.0.6 all functions of my NT Terminal Server works good!!! thank you for your help Sven > > My NT-Terminal Server crashes when I want to login into a NT > > domain. > When did you build your Samba PDC? There were two TSE specific problems. > One (BSOD at logon) was fixed/worked around in Samba code some time in > March-May (I think), another one (slower logon times in comparison to > workstation) disappears if you install SP4. > > Andy. > From Alessandro.BRUNI at cec.eu.int Wed Dec 8 08:48:06 1999 From: Alessandro.BRUNI at cec.eu.int (Alessandro.BRUNI@cec.eu.int) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file In-Reply-To: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> Message-ID: For me it was not working too (CVS version), but I replace simply the smbpasswd by the 2.0.6 version, and it works fine. Ale From wallace at tfh-berlin.de Wed Dec 8 08:49:34 1999 From: wallace at tfh-berlin.de (Grant Wallace) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file References: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> Message-ID: <384E1B9E.C7EE7D56@tfh-berlin.de> Hi, I got my Version o 3rd of December trying to run it under Kernel 2.0.35 I?m right now compiling 2.2.13.. Error message: Domain password server not available Can't set up password database vectors Grant From LEYMARIE_Gerard at accor-hotels.com Wed Dec 8 09:06:37 1999 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:32 2003 Subject: NT & YP Message-ID: <006a01bf415b$8886d3b0$2300c839@accorhotels.com> All, Would you please say if I'm wrong: If I use encrypted password, I can't synchronize NT password and Unix password (ex: YP password) Thks -------------- next part -------------- A non-text attachment was scrubbed... Name: Gerard LEYMARIE.vcf Type: text/x-vcard Size: 485 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991208/07ee131a/GerardLEYMARIE.vcf From Harald at iki.fi Wed Dec 8 09:32:17 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:32 2003 Subject: NT & YP In-Reply-To: <006a01bf415b$8886d3b0$2300c839@accorhotels.com> Message-ID: On Wed, 8 Dec 1999, LEYMARIE Gerard wrote: > Would you please say if I'm wrong: You are wrong ;) > If I use encrypted password, I can't synchronize NT password and Unix > password (ex: YP password) You can, but that practically requires you to run samba on the nis master. On the nis master, you can use the regular unix tools (passwd,chpasswd and friends) to achieve that.. Have a look at the 'unix password sync' and 'password chat' params.. Here's mine working example: unix password sync = yes passwd chat = *word: %n\n *word: %n\n *changed* passwd program = /usr/bin/passwd %u So, after that you want to replace the std passwd program on the clients with e.g. a shellscript that looks like this: ${smbpasswd} -r ${rmhost} (essentially 'smbpasswd -r sambaserver' where sambaserver is the same as the nis-master) This way, when a user changes his samba password, the unix password gets changed to the same. You might have to HUP the 'ypserv' process to get it to rebuild its db, YMMV.. =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From kkappel at sha2000.de Tue Dec 7 13:22:41 1999 From: kkappel at sha2000.de (Klaus Kappel) Date: Tue Dec 2 02:27:32 2003 Subject: profiles in home References: Message-ID: <384D0A21.A4D5838@mail.novalisa> Ondrej Hanak schrieb: > I red (in docs) that there is a problem with profiles located in home > dirs, cause some strange problems appear after few logins and logouts. > Is this problem already solved or it's still recommended to have > profiles in other location than user's homes? AFAIK, it was a matter of design und usability. some users might delete or move the directory profiles by accident or ignorance. I think this problem is not yet solved. ;-) cu, Klaus From cartegw at Eng.Auburn.EDU Wed Dec 8 13:36:20 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:32 2003 Subject: broken smbpasswd in HEAD branch [was Re: INQUIRY, was: RE: smbpasswd not finding smbpasswd file] References: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> <384E1B9E.C7EE7D56@tfh-berlin.de> Message-ID: <384E5ED4.9955E69E@eng.auburn.edu> Grant Wallace wrote: > > Hi, > I got my Version o 3rd of December trying to run it under Kernel 2.0.35 > I?m right now compiling 2.2.13.. > Error message: Domain password server not available > Can't set up password database vectors > Grant I'm working on it. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Dec 8 13:37:50 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:32 2003 Subject: LDAP support in Samba 2.0.5a References: <3.0.5.32.19991208160322.007bd8b0@mail.xavier.sa.edu.au> Message-ID: <384E5F2E.BC66B158@eng.auburn.edu> Matthew Geddes wrote: > > Hi again, > > I was just perusing my copy of the smb.conf man page and > noticed something I hadn't noticed before. The LDAP > support options. Does anyone know where to start > looking for information on playing with this? LDAP support in 2.0.x is broken (although there are some patches floating around). Matthew Chapman will correct me if I'm wrong. ;) Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From johnk at michaelangelomould.com Wed Dec 8 13:42:07 1999 From: johnk at michaelangelomould.com (johnk@michaelangelomould.com) Date: Tue Dec 2 02:27:32 2003 Subject: New CVS Update giving errors References: <384D9041.2BC247E8@michaelangelomould.com> <384D93D6.2321659@tfh-berlin.de> Message-ID: <384E602F.8F1AADF3@michaelangelomould.com> Grant Wallace wrote: > Hi John, > > johnk@michaelangelomould.com schrieb: > > problem solved. > > > > well, thats all I wanted to hear. > I hope, my SuSE 5.3 likes updating from 2.0.35 ;-) > > Grant Hi Grant! -I don't know if the incompatability was kernel itself, or 'lib' files etc, but unfortunately my position does not allow me to explore the problem further(it's all Black Magic to me) I was almost ready to give up on experimenting with CVS' but I had a newly setup system running Slackware 7/kernel 2.2.13 and I decided to try a build, and voila! -As far as upgrading goes, the docs I read scared me to the point where I felt the safest route was a fresh install! -on our 24 Gb, Raid-0, Intranet Mirror-Server no less!! What A Pain! This machine is earmarked for double duty to replace our NT logon server, and 'wean' our network off MS dependancy once and for all, so my options were limited. -sorry to Lonnie B. -can't offer any suggestions on Solaris 7 - I see several others are having similar problems, maybe someone 'in the know' can offer a more useful solution, or better yet , a fix! -cheers all --John Krivak From ksmelser at uindy.edu Wed Dec 8 14:00:45 1999 From: ksmelser at uindy.edu (Kelly S. Smelser) Date: Tue Dec 2 02:27:32 2003 Subject: Machine specific shares Message-ID: Is it possible to give only certain machines in the domain access specific shares or specific parts of a share? For instance, I have a group of apps stored on a share. I have a base campuswide lab image that has links to these apps, but even though the links are available all over campus the dept in using the apps wants to only be able to access these apps from a certain lab. Thus, I would need to make those apps accessible only by certain machines or possibly put them in a new share that those machines only can connect to. Is this possible? Suggestions? k "...kneel down and kiss the earth, and show me what this thought is worth." -Trey Anastasio/Tom Marshall (Phish) From skvidal at phy.duke.edu Wed Dec 8 14:22:14 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:32 2003 Subject: Machine specific shares In-Reply-To: Message-ID: > Is it possible to give only certain machines in the domain access > specific shares or specific parts of a share? For instance, I have a > group of apps stored on a share. I have a base campuswide lab image that > has links to these apps, but even though the links are available all over > campus the dept in using the apps wants to only be able to access these > apps from a certain lab. Thus, I would need to make those apps accessible > only by certain machines or possibly put them in a new share that those > machines only can connect to. Is this possible? Suggestions? my suggestion: do an include %m.conf then have the machine specific profile point to a lab general conf file or do symlinks from the %m's to the lab specific conf file. then only machines w/those names get the shares and info in those conf files. -sv From giulioo at pobox.com Wed Dec 8 14:27:21 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:32 2003 Subject: Machine specific shares In-Reply-To: References: Message-ID: <19991208142834.81C2626E6F@i3.golden.dom> On Thu, 9 Dec 1999 01:03:49 +1100, hai scritto: >apps from a certain lab. Thus, I would need to make those apps accessible >only by certain machines or possibly put them in a new share that those >machines only can connect to. Is this possible? Suggestions? you can try with hosts allow which is a service level parameter. -- giulioo@pobox.com From kevinc at grainsystems.com Wed Dec 8 14:48:39 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:32 2003 Subject: profiles in home References: <384D0A21.A4D5838@mail.novalisa> Message-ID: <384E6FC7.56D7B676@grainsystems.com> Klaus Kappel wrote: > Ondrej Hanak schrieb: > > > > I red (in docs) that there is a problem with profiles located in home > > dirs, cause some strange problems appear after few logins and logouts. > > Is this problem already solved or it's still recommended to have > > profiles in other location than user's homes? > > AFAIK, it was a matter of design und usability. some users might > delete or move the directory profiles by accident or ignorance. Actually, as I understand it, it has to do with some subtleties in the way NT "logs out" versus the way 9x "logs out". Something about how NT doesn't reconnect the profile share until after the next login session starts, so if it were a user's home, the loggin in user may not have permission to the share, and hence, no profile. There really is no "solution" on the samba end in that case. NT is just funky like that. - Kevin Colby kevinc@grainsystems.com Of course, if I'm just completely wrong, someone enlighten us all. From Loo at littongcs.com Wed Dec 8 15:43:55 1999 From: Loo at littongcs.com (Loo, Joseph) Date: Tue Dec 2 02:27:32 2003 Subject: Guest Account Connecting Message-ID: <9DD60A65AD75D211816700A0C9E93F910278FD8E@whntmail1.littongcs.com> I just got my samba server connected to an NT domain (NT pdc). I am trying to share a resource that will allow anyone to read, but whenever I try to connect to it, I either get challenge for a username/password or they can not find the machine. The global paramter file is: Samba config file created using SWAT # from loo (159.201.125.21) # Date: 1999/12/06 13:56:59 # Global parameters [global] workgroup = GCSNT netbios name = STRANGE1 security = DOMAIN encrypt passwords = Yes map to guest = Bad User password server = * smb passwd file = /opt/misc/samba/lib/private/smbpasswd passwd chat debug = Yes username map = /opt/misc/samba/lib/users.map printcap name = /opt/misc/samba/lib/printcap preload = Mfg_Docs Color_Nor Homes guest account = guest print command = /usr/bin/lp -d %p %s lprm command = /usr/ucb/lprm -P%p %j oplocks = No [homes] read only = No [printers] comment = All Printers path = /tmp create mask = 0700 guest ok = Yes print ok = Yes browseable = No [color] path = /tmp read only = No create mask = 0700 guest ok = Yes print ok = Yes print command = /usr/bin/lp -o nobanner -o nofilebreak -d %p %s printer name = color share modes = No [Apex_Info] comment = Apex Requirements Data path = /home/apex/share write list = loo,ibrahim,weekley,bremerb force user = apex [Mfg_Docs] comment = Directory containing manufacturing documents path = /home/docs/mfg guest account = pdfrd write list = valdez guest ok = Yes [color_nor] path = /tmp guest ok = Yes print ok = Yes print command = /usr/bin/lp -o nobanner -o nofilebreak -d %p %s printer name = color_nor In the samba log file (smb) I get: [1999/12/08 07:36:09, 0] rpc_client/cli_pipe.c:check_bind_response(977) bind_rpc_pipe: transfer syntax differs [1999/12/08 07:36:09, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1128) rpc_pipe_bind: check_bind_response failed. [1999/12/08 07:36:09, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1201) cli_nt_session_open: rpc bind failed. Error was code 0 [1999/12/08 07:36:09, 0] smbd/password.c:domain_client_validate(1404) domain_client_validate: unable to open the domain client session to machine *. Error was : code 0. [1999/12/08 07:36:09, 0] passdb/nispass.c:make_sam_from_nisresult(372) make_sam_from_nisresult: NIS+ lookup failure: Database for table does not exist [1999/12/08 07:36:09, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'loo' in smb_passwd file. [1999/12/08 07:36:09, 0] passdb/nispass.c:make_sam_from_nisresult(372) make_sam_from_nisresult: NIS+ lookup failure: Database for table does not exist [1999/12/08 07:36:09, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'loo' in smb_passwd file. [1999/12/08 07:36:09, 1] smbd/reply.c:reply_sesssetup_and_X(917) Rejecting user 'loo': bad password [1999/12/08 07:36:23, 0] rpc_client/cli_pipe.c:check_bind_response(977) bind_rpc_pipe: transfer syntax differs [1999/12/08 07:36:23, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1128) rpc_pipe_bind: check_bind_response failed. [1999/12/08 07:36:23, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1201) cli_nt_session_open: rpc bind failed. Error was code 0 [1999/12/08 07:36:23, 0] smbd/password.c:domain_client_validate(1404) domain_client_validate: unable to open the domain client session to machine *. Error was : code 0. [1999/12/08 07:36:23, 0] passdb/nispass.c:make_sam_from_nisresult(372) make_sam_from_nisresult: NIS+ lookup failure: Database for table does not exist [1999/12/08 07:36:23, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'loo' in smb_passwd file. [1999/12/08 07:36:23, 0] passdb/nispass.c:make_sam_from_nisresult(372) make_sam_from_nisresult: NIS+ lookup failure: Database for table does not exist [1999/12/08 07:36:23, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'loo' in smb_passwd file. [1999/12/08 07:36:23, 1] smbd/reply.c:reply_sesssetup_and_X(917) Rejecting user 'loo': bad password [1999/12/08 07:36:09, 0] rpc_client/cli_pipe.c:check_bind_response(977) bind_rpc_pipe: transfer syntax differs [1999/12/08 07:36:09, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1128) rpc_pipe_bind: check_bind_response failed. [1999/12/08 07:36:09, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1201) cli_nt_session_open: rpc bind failed. Error was code 0 [1999/12/08 07:36:09, 0] smbd/password.c:domain_client_validate(1404) domain_client_validate: unable to open the domain client session to machine *. Error was : code 0. [ Joseph Loo Litton Guidance & Control 5500 Canoga Ave Woodland Hills, CA 91367-6698 Phone #: (818) 715-2961 Fax #: (818) 715-2752 From rajeeva at research.bell-labs.com Wed Dec 8 15:57:36 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file References: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> Message-ID: <384E7FF0.F96C0AC8@research.bell-labs.com> "S. Striker" wrote: > > Dear Samba users, > > Please respond to the following if you are running the current Samba HEAD > branch and have no difficulties with smbpasswd. Some of us are having > problems and some comparing of situations might solve the problem. > > Maybe if the Samba Team could comment on this? Only if you've got the > time folks, we need the code more than your comments ;) > > Greetings and thanks in advance, > > Sander Striker > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Steve Litt > > Sent: dinsdag 7 december 1999 16:52 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: smbpasswd not finding smbpasswd file > > > > > > I got the same error (Domain password server not available) on > > samba-2.1-19991203.tar.gz running on both RH60 and RH61. Many people have > > been getting this error. If we can find some people using 12/3/1999 or > > later releases that *do not* get this error maybe we can exploit the > > differences and find the root cause. > > > > Steve Litt For me the 21 days ago build was core dumping and the head branch is giving me the following: Domain password server not available. Can't setup password database vectors. I am running RH Linux 6.1 kernel 2.2.12-20. Is upgrading the kernel to 2.2.13 going to solve the problem? rajeev From greg at discreet.com Wed Dec 8 16:02:55 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file In-Reply-To: <384E7FF0.F96C0AC8@research.bell-labs.com> Message-ID: I believe someone is working on this problem now. Greg On 08-Dec-99 Rajeev Agrawala wrote: > "S. Striker" wrote: >> >> Dear Samba users, >> >> Please respond to the following if you are running the current Samba HEAD >> branch and have no difficulties with smbpasswd. Some of us are having >> problems and some comparing of situations might solve the problem. >> >> Maybe if the Samba Team could comment on this? Only if you've got the >> time folks, we need the code more than your comments ;) >> >> Greetings and thanks in advance, >> >> Sander Striker >> >> > -----Original Message----- >> > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >> > Steve Litt >> > Sent: dinsdag 7 december 1999 16:52 >> > To: Multiple recipients of list SAMBA-NTDOM >> > Subject: RE: smbpasswd not finding smbpasswd file >> > >> > >> > I got the same error (Domain password server not available) on >> > samba-2.1-19991203.tar.gz running on both RH60 and RH61. Many people have >> > been getting this error. If we can find some people using 12/3/1999 or >> > later releases that *do not* get this error maybe we can exploit the >> > differences and find the root cause. >> > >> > Steve Litt > For me the 21 days ago build was core dumping and the head branch is > giving me the following: > > > Domain password server not available. > Can't setup password database vectors. > > > > I am running RH Linux 6.1 kernel 2.2.12-20. > > Is upgrading the kernel to 2.2.13 going to solve the problem? > > rajeev --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From peter at wire.cadcamlab.org Wed Dec 8 16:05:13 1999 From: peter at wire.cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:27:32 2003 Subject: Samba and NT Domain Group membership. References: <001f01bf3cf5$06e099a0$0164a8c0@win981> Message-ID: <14414.32309.724636.202118@wire.cadcamlab.org> [Mike Harris] > Am I correct in believing that Domain Group membership of users in NT > makes absolutely no difference to a Samba server? Yes. The "domain group" family of parameters refer to Unix groups (defined in /etc/group or whatever). In fact, just about everything in terms of user permission checking in Samba relates to Unix users and groups. I believe the only exception is password authentication -- which uses either the smbpasswd file (security=user) or an NT PDC (security=server). Peter From cartegw at Eng.Auburn.EDU Wed Dec 8 16:07:27 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file References: <001301bf4116$ca6d7440$0a00a8c0@office.striker.nl> <384E7FF0.F96C0AC8@research.bell-labs.com> Message-ID: <384E823F.A215FB37@eng.auburn.edu> Rajeev Agrawala wrote: > > For me the 21 days ago build was core dumping and the head branch is > giving me the following: > > Domain password server not available. > Can't setup password database vectors. > > I am running RH Linux 6.1 kernel 2.2.12-20. > > Is upgrading the kernel to 2.2.13 going to solve the problem? > > rajeev Not the bug with smbpasswd Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tjobrien at HiWAAY.net Wed Dec 8 16:18:12 1999 From: tjobrien at HiWAAY.net (Timothy J. O'Brien) Date: Tue Dec 2 02:27:32 2003 Subject: Getting rid of printer temp files Message-ID: I've set up Samba 2.0.6 for use as a print server on our company NT network. For some reason, the print files in the "path" in smb.conf are not getting removed after the print job is completed. Any idea what I can do to fix this? I've seen something similar in the past, but I can't remember what I did to fix it. Here's a copy of smb.conf: [global] workgroup = VMIC server string = B2 Print Server v%v encrypt passwords = Yes map to guest = Bad Password log file = /var/log/smbaccess.log.%m max log size = 50 name resolve order = wins host bcast deadtime = 120 read prediction = Yes socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 client code page = 437 wins server = 192.9.200.63 panic action = /bin/smbpanic %d %a %I %U guest account = guest invalid users = root print command = /bin/pt %p %s %M %U %T %a %v %m %I %d lpq command = /usr/bin/lpq %p lprm command = /usr/bin/lprm %j [tb] comment = tinkerbell in B2 lab path = /var/spool/samba guest ok = Yes print ok = Yes printer driver = HP LaserJet 5Si/5Si MX PS [thoth] comment = thoth in B2 lab path = /var/spool/samba guest ok = Yes print ok = Yes printer driver = Lexmark Optra L Series PS [homes] comment = Home Directory read only = No create mask = 0700 directory mask = 0700 browseable = No -- Tim O'Brien (tjobrien@hiwaay.net, KF4YTI) OAsys Engineering Madison, AL 35757 (256) 430-4309 -- From s.striker at striker.nl Wed Dec 8 16:31:06 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file In-Reply-To: <384E7FF0.F96C0AC8@research.bell-labs.com> Message-ID: <000b01bf4199$a030aed0$0a00a8c0@office.striker.nl> Hi there, > For me the 21 days ago build was core dumping and the head branch is > giving me the following: > > > Domain password server not available. > Can't setup password database vectors. > > > > I am running RH Linux 6.1 kernel 2.2.12-20. > > Is upgrading the kernel to 2.2.13 going to solve the problem? > > rajeev I don't think upgrading your kernel will help. I'm using 2.2.13 and have the same problem. The problem is being worked on however by someone. Greetings, Sander Striker > -----Original Message----- > From: rajeeva@research.bell-labs.com > [mailto:rajeeva@research.bell-labs.com] > Sent: woensdag 8 december 1999 16:58 > To: s.striker@striker.nl > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: INQUIRY, was: RE: smbpasswd not finding smbpasswd file > > > "S. Striker" wrote: > > > > Dear Samba users, > > > > Please respond to the following if you are running the current > Samba HEAD > > branch and have no difficulties with smbpasswd. Some of us are having > > problems and some comparing of situations might solve the problem. > > > > Maybe if the Samba Team could comment on this? Only if you've got the > > time folks, we need the code more than your comments ;) > > > > Greetings and thanks in advance, > > > > Sander Striker > > > > > -----Original Message----- > > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > > Steve Litt > > > Sent: dinsdag 7 december 1999 16:52 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: RE: smbpasswd not finding smbpasswd file > > > > > > > > > I got the same error (Domain password server not available) on > > > samba-2.1-19991203.tar.gz running on both RH60 and RH61. Many > people have > > > been getting this error. If we can find some people using 12/3/1999 or > > > later releases that *do not* get this error maybe we can exploit the > > > differences and find the root cause. > > > > > > Steve Litt From s.striker at striker.nl Wed Dec 8 16:34:20 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:32 2003 Subject: INQUIRY, was: RE: smbpasswd not finding smbpasswd file In-Reply-To: Message-ID: <000c01bf419a$143a7e50$0a00a8c0@office.striker.nl> > I believe someone is working on this problem now. > > Greg > You are right. I believe it is Gerald (Jerry) Carter. See his posting on samba-ntdom, subject: broken smbpasswd in HEAD branch [was Re: INQUIRY, was: RE: smbpasswd not finding smbpasswd file] Greetings, Sander Striker > On 08-Dec-99 Rajeev Agrawala wrote: > > "S. Striker" wrote: > >> > >> Dear Samba users, > >> > >> Please respond to the following if you are running the current > Samba HEAD > >> branch and have no difficulties with smbpasswd. Some of us are having > >> problems and some comparing of situations might solve the problem. > >> > >> Maybe if the Samba Team could comment on this? Only if you've got the > >> time folks, we need the code more than your comments ;) > >> > >> Greetings and thanks in advance, > >> > >> Sander Striker > >> > >> > -----Original Message----- > >> > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On > Behalf Of > >> > Steve Litt > >> > Sent: dinsdag 7 december 1999 16:52 > >> > To: Multiple recipients of list SAMBA-NTDOM > >> > Subject: RE: smbpasswd not finding smbpasswd file > >> > > >> > > >> > I got the same error (Domain password server not available) on > >> > samba-2.1-19991203.tar.gz running on both RH60 and RH61. > Many people have > >> > been getting this error. If we can find some people using > 12/3/1999 or > >> > later releases that *do not* get this error maybe we can exploit the > >> > differences and find the root cause. > >> > > >> > Steve Litt > > For me the 21 days ago build was core dumping and the head branch is > > giving me the following: > > > > > > Domain password server not available. > > Can't setup password database vectors. > > > > > > > > I am running RH Linux 6.1 kernel 2.2.12-20. > > > > Is upgrading the kernel to 2.2.13 going to solve the problem? > > > > rajeev > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > From tjobrien at HiWAAY.net Wed Dec 8 16:49:25 1999 From: tjobrien at HiWAAY.net (Timothy J. O'Brien) Date: Tue Dec 2 02:27:32 2003 Subject: ignore - Re: Getting rid of printer temp files In-Reply-To: Message-ID: Sorry, I posted this to the wrong list. Please disregard. -- Tim O'Brien (tjobrien@hiwaay.net, KF4YTI) OAsys Engineering Madison, AL 35757 (256) 430-4309 -- On Thu, 9 Dec 1999, Timothy J. O'Brien wrote: > I've set up Samba 2.0.6 for use as a print server on our company NT > network. For some reason, the print files in the "path" in smb.conf are From Shane.Anglin at turner.com Wed Dec 8 18:06:15 1999 From: Shane.Anglin at turner.com (Anglin, Shane) Date: Tue Dec 2 02:27:32 2003 Subject: is it currently possible to....? Message-ID: Is it currently possible to query the entire database on a NT PDC, and write the usernames and passwords into the password database on a Linux samba box, which I could then force out to all other Linux samba servers..... the madness behind this is getting Macintoshes (the bane of my existence) to authenticate via Appletalk off the local password file of the Linux samba server. Or, if there's a way to have the Macintoshes authenticate off the PDC via Appletalk..... Thanks! Shane Anglin shane.anglin@cnn.com From lonnie at borntreger.com Wed Dec 8 18:15:56 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:32 2003 Subject: New CVS Update giving errors In-Reply-To: <384E602F.8F1AADF3@michaelangelomould.com> Message-ID: <003b01bf41a8$465eeac0$0500000a@wh.com> I finally got it to compile by adding $(LIBSMB_OBJ) and $(RPC_PARSE_OBJ2) to the object lists MAKE_SMBCODEPAGE_OBJ, MAKE_PRINTERDEF_OBJ, STATUS_OBJ, TESTPARM_OBJ, TESTPRNS_OBJ and DEBUG2HTML_OBJ in source/Makefile After further test compiling, I refined the list of objects needed in these OBJ variables down to: libsmb/pwd_cache.o, libsmb/smbdes.o, libsmb/smbencrypt.o, rpc_parse/parse_prs.o, rpc_parse/parse_misc.o and rpc_parse/parse_rpc.o I find it hard to believe that just upgrading a Linux kernel fixes problems like that, since I tried it on my Linux machine - running 2.2.13 - as well as my Solaris 7 one, with the same results. TTFN, Lonnie Borntreger PS: Of course I still get a segv when attempting to access a share after starting the new binaries. Oh well, make revert... PPS: I also have to add -lresolv on Solaris 7 to find the inet_aton symbol. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > johnk@michaelangelomould.com > Sent: Wednesday, December 08, 1999 7:54 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New CVS Update giving errors > > > Grant Wallace wrote: > > > Hi John, > > > > johnk@michaelangelomould.com schrieb: > > > problem solved. > > > > > > > well, thats all I wanted to hear. > > I hope, my SuSE 5.3 likes updating from 2.0.35 ;-) > > > > Grant > > Hi Grant! > > -I don't know if the incompatability was kernel itself, or > 'lib' files > etc, but unfortunately my position does not allow me to explore the > problem further(it's all Black Magic to me) I was almost > ready to give > up on experimenting with CVS' but I had a newly setup system running > Slackware 7/kernel 2.2.13 and I decided to try a build, and voila! > -As far as upgrading goes, the docs I read scared me to the > point where > I felt the safest route was a fresh install! -on our 24 Gb, Raid-0, > Intranet Mirror-Server no less!! What A Pain! This machine is > earmarked > for double duty to replace our NT logon server, and 'wean' our network > off MS dependancy once and for all, so my options were limited. > > -sorry to Lonnie B. -can't offer any suggestions on Solaris 7 > > - I see several others are having similar problems, maybe someone 'in > the know' can offer a more useful solution, or better yet , a fix! > > -cheers all > --John Krivak > > From Shane.Anglin at turner.com Wed Dec 8 18:33:01 1999 From: Shane.Anglin at turner.com (Anglin, Shane) Date: Tue Dec 2 02:27:32 2003 Subject: What all do I need?....... Message-ID: I am using Services for Macintosh on NT now, and am not happy with the performance, as I have alot of data moving on them. MacServerIP did improve performance, but my tests with Linux with Samba and Netatalk are far superior to the NT solution. The issue with netatalk is that I need it to authenticate of the NT PDC SAM database, and have no solid solution for that yet. -----Original Message----- From: Anthony L. Sollars [mailto:sollarsa@starofthesea.pvt.k12.or.us] Sent: Wednesday, December 08, 1999 1:12 PM To: Shane.Anglin@turner.com Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: What all do I need?....... If I read your e-mail correctly, you want the PC's and your MAC's to authenticate against an NT PDC correct? All you need to do is add the services for macintosh service to your NT box. This will allow you to authenticate and actually print over the network through an NT box. As for for using smb, you want to check out samba. As for file sharing for your macintosh's check out a package called netatalk+asun. These will allow PC 's and MAC's to file share on the same network volumes. Check here for info and sources for Netatalk http://thehamptons.com/anders/netatalk/ Hope this helps!!! Sincerely, _____________________________________________________________ Anthony L. Sollars Technology Coordinator/Computer Teacher Star of the Sea School 1411 Grand Avenue Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us http://www.starofthesea.pvt.k12.or.us --Never Argue with a Fool,. --They bring you down to their level and beat you with Experience. _____________________________________________________________ From greg at discreet.com Wed Dec 8 21:16:48 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:32 2003 Subject: oplock warning messages Message-ID: Hi, We are suddenly experiencing these messages running samba 2.0.6 on IRIX 6.5.4f WARNING: oplock 0xa800000012f2d700 timeout These are coming from the kernel not samba since IRIX supports kernel oplocks. Should I be worried and what causes this? Jeremy? thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From mgeddes at xavier.sa.edu.au Wed Dec 8 21:47:29 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:32 2003 Subject: is it currently possible to....? References: Message-ID: <384ED1F1.91E0F0E9@xavier.sa.edu.au> With the NT server Resource Kit, there is an console-based executable for adding users (may be native NT, but I think it's in the reskit). I'm sorry, but I can't remember the name of it (useradd.exe or something). It has an option to dump all user accounts to a file, which you can then import or alter it and move it to linux. I don't know much (nothing) about Macs. Sorry Matt "Anglin, Shane" wrote: > Is it currently possible to query the entire database on a NT PDC, and write the usernames and passwords into the password database on a Linux samba box, which I could then force out to all other Linux samba servers..... the madness behind this is getting Macintoshes (the bane of my existence) to authenticate via Appletalk off the local password file of the Linux samba server. > > Or, if there's a way to have the Macintoshes authenticate off the PDC via Appletalk..... > > Thanks! > > Shane Anglin > shane.anglin@cnn.com From mjwestkamper at weiinc.com Wed Dec 8 21:49:15 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:33 2003 Subject: is it currently possible to....? References: <384ED1F1.91E0F0E9@xavier.sa.edu.au> Message-ID: <384ED25B.4477E76A@weiinc.com> It is in the resource kit. D:\NTRESKIT>addusers / ADDUSERS [/?] [\\computername] [[/c | /d | /e] filename]] [/s:?] Good luck Matthew Geddes wrote: > With the NT server Resource Kit, there is an console-based executable for adding users (may be native NT, but I think it's in the reskit). I'm sorry, but I can't remember the name of it (useradd.exe or something). It has an option to dump all user accounts to a file, which you can then import or alter it and move it to linux. > > I don't know much (nothing) about Macs. Sorry > > Matt > > "Anglin, Shane" wrote: > > > Is it currently possible to query the entire database on a NT PDC, and write the usernames and passwords into the password database on a Linux samba box, which I could then force out to all other Linux samba servers..... the madness behind this is getting Macintoshes (the bane of my existence) to authenticate via Appletalk off the local password file of the Linux samba server. > > > > Or, if there's a way to have the Macintoshes authenticate off the PDC via Appletalk..... > > > > Thanks! > > > > Shane Anglin > > shane.anglin@cnn.com From lkcl at samba.org Wed Dec 8 22:28:21 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:33 2003 Subject: major architectural "split" Message-ID: i liked unix sockets so much when i wrote smb-agent that i decided to write an msrpc-agent too. the purpose of this is to be able to split the currently massive smbd program into several smaller daemons, such as lsarpc, netlogond, spoolssd, svcctld etc. if people want to add their own daemons (both client and server side) then this should be very, very easy to do. it should also be possible to mix-and-match development MSRPC daemons with stable releases. why do this? so that the core SMB file code is unaffected by developments in progress in, say, lsarpcd. a replacement lsarpcd that adds, for example, LDAP as the back-end database instead, can simply be plugged in... WITHOUT even having to terminate smbd or any of the other MSRPC daemons. this is the plan. the only thing that is a pain is having to transfer unix and nt credentials (unix user name, nt domain name, unix uids, gid, groups, NT SID and NT Security Descriptor) across a unix pipe from smbd to an msrpc daemon (e.g lsarpcd) so that the lsarpcd can inherit the unix and nt credentials of the smbd process that fired it up. i am not looking forward to having to modify 2.0.x and cvs main to do this, but once it is done, it will DEFINITELY make development of samba MSRPC services _so_ much easier. luke From lkcl at samba.org Wed Dec 8 23:17:33 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:33 2003 Subject: is it currently possible to....? Message-ID: yes. rpcclient -S nt_srv -Uadmiistrator -l log [administrator@ntsrv$ ] samsync you must have set up a BDC trust account (createuser YOUR_SAMBA_SERVER$ -s -j) in order to do the sam sync. the results will appear on stdout. alternativel, matthew chapman added a sam sync option to smbpasswd, six months ago. you must be root to run createuser with the -j option or smbpasswd with the sam sync option. i recommend using createuser as it will join the samba BDC to the domain locally _and_ remotely. using SRVMGR.EXE to add BDCs to the domain is a SERIOUS security risk and should be avoided at all costs. luke From jeremy at valinux.com Thu Dec 9 02:12:54 1999 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:33 2003 Subject: oplock warning messages References: Message-ID: <384F1026.7A38B6FD@valinux.com> Greg Dickie wrote: > > Hi, > > We are suddenly experiencing these messages running samba 2.0.6 on IRIX 6.5.4f > > WARNING: oplock 0xa800000012f2d700 timeout > > These are coming from the kernel not samba since IRIX supports kernel oplocks. > > Should I be worried and what causes this? As the IRIX kernel supports oplocks it is the kernel, not Samba, that will decide an oplock break has taken too long and will release the oplock after a (30 second I think ?) timeout. Essentially, this is the same as a Samba "client not responding to oplock break" message - ie. some client is having problems. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From p.mayers at ic.ac.uk Thu Dec 9 01:32:57 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:33 2003 Subject: Transferring user profiles to new domain Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81266@icex1.cc.ic.ac.uk> If you check the archives (~2 weeks ago), I wrote a utility that will do this. I'll mail it if you want. Runs under *NT* (there's no way around it). I take it you want to change the security permissions on them? Easier would be to find the SID of the domain on the old domain, and fill in the MACHINE.SID file manually with that. Cheers, Phil -----Original Message----- From: Ole Begemann To: Multiple recipients of list SAMBA-NTDOM Sent: 12/7/99 10:48 PM Subject: Transferring user profiles to new domain Hello experts, I have set up a Samba 2.1 PDC (Domain: NEWDOM). Now I want to transfer all the user profiles from our old domain OLDDOM (NT4 PDC, profiles stored on a Samba 2.0.4 box) to the new one so that the users won't recognize any difference. Is there a kind of step-by-step-documentation available? I just tried to create a user on the new samba box and copy one his old profile directories to the new location, but it doesn't work, the old profile is not used. Thanks very much for your help. Ole From cartegw at Eng.Auburn.EDU Thu Dec 9 07:07:20 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:33 2003 Subject: smbpasswd problems fixed Message-ID: <384F5528.BB756729@eng.auburn.edu> Folks, Would those who are interested, please grab a new copy of the code and see if smbpasswd behaves better this time? The Domain password server not available. Can't setup password database vectors. Should be fixed now. Thanks. Cheers, jerry PS: Glad I didn't send this message out earlier. This fix seems ok on a RedHat 6.0 system. However, still have issues on my Solaris 2.6 box. I'll keep working tomorrow. From Alan.Hourihane at pinacl.co.uk Thu Dec 9 09:15:25 1999 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:33 2003 Subject: major architectural "split" Message-ID: <01BF4225.EDCF9250.Alan.Hourihane@pinacl.co.uk> This is fantastic news.... I always shudder when I have to kill an smbd process as it kills so many other things. Being able to kill a specific service in cases of trouble will definately improve things over here. This is great news ! Thanks. On 08 December 1999 22:37, Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] wrote: > i liked unix sockets so much when i wrote smb-agent that i decided to > write an msrpc-agent too. > > the purpose of this is to be able to split the currently massive smbd > program into several smaller daemons, such as lsarpc, netlogond, spoolssd, > svcctld etc. if people want to add their own daemons (both client and > server side) then this should be very, very easy to do. > > it should also be possible to mix-and-match development MSRPC daemons with > stable releases. why do this? so that the core SMB file code is > unaffected by developments in progress in, say, lsarpcd. a replacement > lsarpcd that adds, for example, LDAP as the back-end database instead, can > simply be plugged in... WITHOUT even having to terminate smbd or any of > the other MSRPC daemons. > > this is the plan. > > the only thing that is a pain is having to transfer unix and nt > credentials (unix user name, nt domain name, unix uids, gid, groups, NT > SID and NT Security Descriptor) across a unix pipe from smbd to an msrpc > daemon (e.g lsarpcd) so that the lsarpcd can inherit the unix and nt > credentials of the smbd process that fired it up. > > i am not looking forward to having to modify 2.0.x and cvs main to do > this, but once it is done, it will DEFINITELY make development of samba > MSRPC services _so_ much easier. > > luke From lonnie at borntreger.com Thu Dec 9 10:32:41 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:33 2003 Subject: smbd SegV in latest CVS (for past two weeks) Message-ID: <003e01bf4230$b959d980$0500000a@wh.com> Howdy, System info: - Server Solaris 7 gcc 2.8.1 Samba 2.1.0-prealpha (CVS head) - Client Win95 (this has been happening for a couple of weeks now... been doing a lot of "make revert" :) When I compile the latest CVS, start it up, and try to access a share, I see: - Gets user name - does the domain and user sid stuff - finds user - then........ -------- from log.smb ----------- [1999/12/05 07:39:20, 5] lib/username.c:hashed_getpwnam(233) getpwnam(67goat) [1999/12/05 07:39:20, 5] lib/username.c:hashed_getpwnam(249) Found: 67goat:x:21749:21749:Lonnie Borntreger:/home/67goat:/usr/bin/ksh [1999/12/05 07:39:20, 10] lib/util.c:get_trusted_serverlist(3240) [1999/12/05 07:39:20, 0] lib/fault.c:fault_report(40) =============================================================== [1999/12/05 07:39:20, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 19895 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/05 07:39:20, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/05 07:39:20, 0] lib/util.c:smb_panic(2527) PANIC: internal error It seems to be dying at lib/util.c(3241): pstrcpy(srv_list, lp_passwordserver()); in get_trusted_serverlist. I verified this by placing a DEBUG right after the line, and it never got hit. I can't figure out why, don't know the code good enough. This is not "mission critical" for me, just wanted the samba team to know about the problem. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From Harald at iki.fi Thu Dec 9 11:11:13 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:33 2003 Subject: 16-bit, 8.3, long filenames Message-ID: Hi there, I know that part of this is in the FAQ, but I need some more info. We're on a NTWKS and we try to doubleclick an MS-Access file on a samba-share.. When doubleclicking files in win95 explorer, and the paths for the files are not 8.3 compliant, all works ok. This is not the case in NT though. We get an error from NT that shows us some mystical mangled filename, and it tells us that it cannot open it. From 'File -> Open' it seems to work most of the time. How do I get doubleclick-opening of MS-Access files from the samba-server working on the NTWKS with long filenames? (i.e. not 8.3) =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From lonnie at borntreger.com Thu Dec 9 10:43:42 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:33 2003 Subject: smbd SegV in latest CVS (for past two weeks) Message-ID: <004001bf4232$438d6080$0500000a@wh.com> Well, you can ignore this. After sending it, I decided I'd take a chance and see if anything had changed in the 1/2 hour since my last update. Sure enough, there were a couple of files changed, including the lib/util.c, and a recompile proved that the problem exists no more. Thanks, Lonnie Borntreger > -----Original Message----- > From: > Sent: Thursday, December 09, 1999 4:33 AM > To: SambaList (E-mail) > Subject: smbd SegV in latest CVS (for past two weeks) > > > Howdy, > > System info: > - Server > Solaris 7 > gcc 2.8.1 > Samba 2.1.0-prealpha (CVS head) > - Client > Win95 > > (this has been happening for a couple of weeks now... been > doing a lot of "make revert" :) > > When I compile the latest CVS, start it up, and try to access > a share, I see: > - Gets user name > - does the domain and user sid stuff > - finds user > - then........ > -------- from log.smb ----------- > [1999/12/05 07:39:20, 5] lib/username.c:hashed_getpwnam(233) > getpwnam(67goat) > [1999/12/05 07:39:20, 5] lib/username.c:hashed_getpwnam(249) > Found: 67goat:x:21749:21749:Lonnie > Borntreger:/home/67goat:/usr/bin/ksh > [1999/12/05 07:39:20, 10] lib/util.c:get_trusted_serverlist(3240) > [1999/12/05 07:39:20, 0] lib/fault.c:fault_report(40) > =============================================================== > [1999/12/05 07:39:20, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 19895 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/12/05 07:39:20, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/12/05 07:39:20, 0] lib/util.c:smb_panic(2527) > PANIC: internal error > > It seems to be dying at lib/util.c(3241): > pstrcpy(srv_list, lp_passwordserver()); > in get_trusted_serverlist. I verified this by placing a > DEBUG right after the line, and it never got hit. I can't > figure out why, don't know the code good enough. > > This is not "mission critical" for me, just wanted the samba > team to know about the problem. > > TTFN, > Lonnie Borntreger > lonnie@borntreger.com > http://www.borntreger.com/ From giulioo at pobox.com Thu Dec 9 12:10:06 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:33 2003 Subject: smbpasswd problems fixed In-Reply-To: <384F5528.BB756729@eng.auburn.edu> References: <384F5528.BB756729@eng.auburn.edu> Message-ID: <19991209120935.07AB226E66@i3.golden.dom> On Thu, 9 Dec 1999 18:14:49 +1100, hai scritto: > Domain password server not available. > Can't setup password database vectors. > >Should be fixed now. Thanks. linux 2.0.33 I had the above problem, now I get # smbpasswd -a go error connecting to :445 (Connection refused) error connecting to :445 (Connection refused) cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine . Error was ERRSRV - ERRaccess (The requester does not have the necessary access rights within the specified context for the reque lsa query info failed Can't setup password database vectors. -- giulioo@pobox.com From cartegw at Eng.Auburn.EDU Thu Dec 9 13:20:34 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:33 2003 Subject: smbpasswd problems fixed References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> Message-ID: <384FACA2.CAF8C59C@eng.auburn.edu> Giulio Orsero wrote: > > > linux 2.0.33 > > I had the above problem, now I get > > # smbpasswd -a go > error connecting to :445 (Connection refused) > error connecting to :445 (Connection refused) > cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine > . Error was ERRSRV - ERRaccess (The requester does > not have the necessary access rights within the > specified context for the reque > lsa query info failed > Can't setup password database vectors. Sorry. That's what I get for my Solaris box. Does it work for anyone else but my RedHat 6.0 box? jery ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From wallace at tfh-berlin.de Thu Dec 9 13:44:17 1999 From: wallace at tfh-berlin.de (Grant Wallace) Date: Tue Dec 2 02:27:33 2003 Subject: smbpasswd problems fixed References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <384FACA2.CAF8C59C@eng.auburn.edu> Message-ID: <384FB231.E9D9028F@tfh-berlin.de> Hi All Gerald Carter wrote: > Giulio Orsero wrote: > > > > > > linux 2.0.33 > > > > I had the above problem, now I get > > > > # smbpasswd -a go > > error connecting to :445 (Connection refused) > > error connecting to :445 (Connection refused) > > cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine > > . Error was ERRSRV - ERRaccess (The requester does > > not have the necessary access rights within the > > specified context for the reque > > lsa query info failed > > Can't setup password database vectors. > > Sorry. That's what I get for my Solaris box. Does it > work for anyone else but my RedHat 6.0 box? > My error message looks similar: (on Linux 2.0.35) error connecting to 141.64.53.98:445 (Connection refused) error connecting to 141.64.53.98:445 (Connection refused) Can't setup password database vectors. Grant From ctooley at joslyn.org Thu Dec 9 14:12:25 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z In-Reply-To: Message-ID: <001001bf424f$6b6cb840$1900a8c0@webstat.joslyn.org> I am trying to map a Samba Share with the netlogon batch file on Windows 9x machines to drive Z:, however I am coming up with problems because the script says that \\\netlogon is already mapped to Z:. But, when the machine is logged in, nothing is mapped to Z:. Is this a Windows issue or a Samba setting? And, in either case is there a way to change the drive letter that netlogon is mapped to for the purpose of running the script? Chris Tooley Joslyn Art Museum 2200 Dodge St. Omaha, NE 68102 (402)342-3300 From ctooley at joslyn.org Thu Dec 9 14:18:05 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:33 2003 Subject: major architectural "split" In-Reply-To: <01BF4225.EDCF9250.Alan.Hourihane@pinacl.co.uk> Message-ID: <001101bf4250$362255e0$1900a8c0@webstat.joslyn.org> I am also happy to hear this. My only question is, thanks to my naiveity, what effect will this have on updating the smb.conf? Will the config file get split up so services can be stopped and started with a different configuration without affecting the overall work? If so, I don't envy you or the people that write the programs that people use to update those config files. But, I do appreciate the work that is done on Samba greatly. Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Alan Hourihane Sent: Thursday, December 09, 1999 3:20 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: major architectural "split" This is fantastic news.... I always shudder when I have to kill an smbd process as it kills so many other things. Being able to kill a specific service in cases of trouble will definately improve things over here. This is great news ! Thanks. On 08 December 1999 22:37, Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] wrote: > i liked unix sockets so much when i wrote smb-agent that i decided to > write an msrpc-agent too. > > the purpose of this is to be able to split the currently massive smbd > program into several smaller daemons, such as lsarpc, netlogond, spoolssd, > svcctld etc. if people want to add their own daemons (both client and > server side) then this should be very, very easy to do. > > it should also be possible to mix-and-match development MSRPC daemons with > stable releases. why do this? so that the core SMB file code is > unaffected by developments in progress in, say, lsarpcd. a replacement > lsarpcd that adds, for example, LDAP as the back-end database instead, can > simply be plugged in... WITHOUT even having to terminate smbd or any of > the other MSRPC daemons. > > this is the plan. > > the only thing that is a pain is having to transfer unix and nt > credentials (unix user name, nt domain name, unix uids, gid, groups, NT > SID and NT Security Descriptor) across a unix pipe from smbd to an msrpc > daemon (e.g lsarpcd) so that the lsarpcd can inherit the unix and nt > credentials of the smbd process that fired it up. > > i am not looking forward to having to modify 2.0.x and cvs main to do > this, but once it is done, it will DEFINITELY make development of samba > MSRPC services _so_ much easier. > > luke From dmitry at irex.ru Thu Dec 9 14:23:36 1999 From: dmitry at irex.ru (Dmitry Barabanov) Date: Tue Dec 2 02:27:33 2003 Subject: cyrillic filenames Message-ID: <000501bf4250$fb06b180$5a02a8c0@dmitry.irex.ru> Does anyone know why Samba 2.1 does not support cyrillic filenames while Samba 2.0.x does? Config is the same (character set = iso8859-1, client code page = 866) ****************************************** Dmitry N. Barabanov IT Specialist, IREX/Moscow tel 7-095-956-0978, fax 7-095-956-0977 e-mail: dmitry@irex.ru ****************************************** From webber at sj.univali.br Thu Dec 9 15:37:16 1999 From: webber at sj.univali.br (Celso Kopp Webber) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z References: <001001bf424f$6b6cb840$1900a8c0@webstat.joslyn.org> Message-ID: <384FCCAC.513A0D62@sj.univali.br> Hello Chris, this is a WinBlows 9x issue. As far as I can tell, Winblows 9x maps internally drive Z: for profiles, and when the user interface is available for use, you don?t see that drive mapped anymore. Unfortunately, during logon script processing, drive Z: is still mapped by Windows. I use here "logon drive = X:" in smb.conf to avoid this problem. Regards, Celso. Chris Tooley gravada: > > I am trying to map a Samba Share with the netlogon batch file on Windows 9x > machines to drive Z:, however I am coming up with problems because the > script says that \\\netlogon is already mapped to Z:. But, > when the machine is logged in, nothing is mapped to Z:. Is this a Windows > issue or a Samba setting? And, in either case is there a way to change the > drive letter that netlogon is mapped to for the purpose of running the > script? > > Chris Tooley > Joslyn Art Museum > 2200 Dodge St. > Omaha, NE 68102 > (402)342-3300 From ba2k at virginia.edu Thu Dec 9 14:30:53 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:33 2003 Subject: smbpasswd problems fixed In-Reply-To: <384FB231.E9D9028F@tfh-berlin.de> References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <384FACA2.CAF8C59C@eng.auburn.edu> Message-ID: <3.0.6.32.19991209093053.009f9560@127.0.0.1> At 12:46 AM 12/10/99 +1100, Grant Wallace wrote: >Hi All > >Gerald Carter wrote: > >> Giulio Orsero wrote: >> > >> > >> > linux 2.0.33 >> > >> > I had the above problem, now I get >> > >> > # smbpasswd -a go >> > error connecting to :445 (Connection refused) >> > error connecting to :445 (Connection refused) >> > cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine >> > . Error was ERRSRV - ERRaccess (The requester does >> > not have the necessary access rights within the >> > specified context for the reque >> > lsa query info failed >> > Can't setup password database vectors. >> >> Sorry. That's what I get for my Solaris box. Does it >> work for anyone else but my RedHat 6.0 box? >> > >My error message looks similar: >(on Linux 2.0.35) >error connecting to 141.64.53.98:445 (Connection refused) >error connecting to 141.64.53.98:445 (Connection refused) >Can't setup password database vectors. > >Grant > > > Ditto on that for CVS version run on AIX 4.2 several months back when I gave up on the prealpha version. -ba- -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-8065 (w) 804-245-5813 (h) From kai at ica1.uni-stuttgart.de Thu Dec 9 14:38:43 1999 From: kai at ica1.uni-stuttgart.de (Kai Hoefler) Date: Tue Dec 2 02:27:33 2003 Subject: Has anybody used Netinstall with a Samba PDC Message-ID: <14415.48883.546064.223069@tiger.ica1.uni-stuttgart.de> Hello, I wonder if anybody has used Netinstall to install software on NT Workstations in connection with a Samba PDC. The problem is that Netinstall wants to install a service which has to run with administrator rights. We wanted to use a user which is Domain Administrator and who is able to install the service. The problem is that Netinstall claims that the account could not be found, which is not true because I am able to login as the according user on the workstation. I suspect that Netinstall wants to browse the userlist and this is not working. Is it possible that the 2.1 beta will work? Any comment is appreciated. Kai Hoefler From ctooley at joslyn.org Thu Dec 9 14:49:59 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z In-Reply-To: <384FCCAC.513A0D62@sj.univali.br> Message-ID: <001201bf4254$ab318aa0$1900a8c0@webstat.joslyn.org> Does this go in the global entries? Chris -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Celso Kopp Webber Sent: Thursday, December 09, 1999 8:33 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Mapping Drive Z Hello Chris, this is a WinBlows 9x issue. As far as I can tell, Winblows 9x maps internally drive Z: for profiles, and when the user interface is available for use, you don?t see that drive mapped anymore. Unfortunately, during logon script processing, drive Z: is still mapped by Windows. I use here "logon drive = X:" in smb.conf to avoid this problem. Regards, Celso. Chris Tooley gravada: > > I am trying to map a Samba Share with the netlogon batch file on Windows 9x > machines to drive Z:, however I am coming up with problems because the > script says that \\\netlogon is already mapped to Z:. But, > when the machine is logged in, nothing is mapped to Z:. Is this a Windows > issue or a Samba setting? And, in either case is there a way to change the > drive letter that netlogon is mapped to for the purpose of running the > script? > > Chris Tooley > Joslyn Art Museum > 2200 Dodge St. > Omaha, NE 68102 > (402)342-3300 From swaters at amicus.com Thu Dec 9 15:07:50 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:33 2003 Subject: 16-bit, 8.3, long filenames References: Message-ID: <384FC5C6.668C84D@amicus.com> 1) can you write the exact error message to the list? 2) have you changed any of the default mangling settings in smb.conf? the default options are the best (i discovered this the hard way a few weeks back...) -s Harald Hannelius wrote: > > Hi there, > > I know that part of this is in the FAQ, but I need some more info. > > We're on a NTWKS and we try to doubleclick an MS-Access file on a > samba-share.. > > When doubleclicking files in win95 explorer, and the paths for the > files are not 8.3 compliant, all works ok. This is not the case in NT > though. We get an error from NT that shows us some mystical mangled > filename, and it tells us that it cannot open it. From 'File -> Open' it > seems to work most of the time. > > How do I get doubleclick-opening of MS-Access files from the samba-server > working on the NTWKS with long filenames? (i.e. not 8.3) > > =========================================================== > Harald H Hannelius | Harald@iki.fi | GSM +358405470870 > =========================================================== -- Owe no man any thing... -- Romans 13:8 From devnull at epiuse.com Thu Dec 9 14:57:17 1999 From: devnull at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z Message-ID: according to the smb.conf man page, yes. > -----Original Message----- > From: Chris Tooley [mailto:ctooley@joslyn.org] > Sent: Thursday, December 09, 1999 4:57 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Mapping Drive Z > > > Does this go in the global entries? > > Chris > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Celso Kopp Webber > Sent: Thursday, December 09, 1999 8:33 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Mapping Drive Z > > > > Hello Chris, > > this is a WinBlows 9x issue. As far as I can tell, Winblows 9x maps > internally drive Z: for profiles, and when the user interface is > available for use, you don?t see that drive mapped anymore. > > Unfortunately, during logon script processing, drive Z: is still > mapped by Windows. I use here "logon drive = X:" in smb.conf > to avoid this problem. > > Regards, > > Celso. > > Chris Tooley gravada: > > > > I am trying to map a Samba Share with the netlogon batch > file on Windows > 9x > > machines to drive Z:, however I am coming up with problems > because the > > script says that \\\netlogon is already > mapped to Z:. But, > > when the machine is logged in, nothing is mapped to Z:. Is > this a Windows > > issue or a Samba setting? And, in either case is there a > way to change > the > > drive letter that netlogon is mapped to for the purpose of > running the > > script? > > > > Chris Tooley > > Joslyn Art Museum > > 2200 Dodge St. > > Omaha, NE 68102 > > (402)342-3300 > From lee.taylor at scania.co.za Thu Dec 9 15:04:57 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z Message-ID: <021001bf4256$c2ddce00$8b640107@scania.co.za> Hi ... If I understand the doc's correctly, "logon drive = X:" is only map by WinNT clients and not DOS, WFW or Win9X clients. What I have don't though is but a "NET USE L: \\\Netlogon /YES" so that "L:" is always the netlogon drive. Also I have set "logon drive = l:" so that my WinNT clients use the same drive. I hope this helps. Mailed C.Lee Taylor -------------- next part -------------- HTML attachment scrubbed and removed From lee.taylor at scania.co.za Thu Dec 9 15:06:33 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:33 2003 Subject: Major architectural "split" Message-ID: <023b01bf4256$fd22cc00$8b640107@scania.co.za> Hi ... My less than two cents worth. I totally agree. I think the Samba team (both developers and users) are great, every morning when I read through the night before mail list, I get a great sense of pride and community feeling, seeing so many people from all over the world helping with problems and collective usefulness ... a big Thank You to ALL. Mailed C.Lee Taylor > This is fantastic news.... > > I always shudder when I have to kill an smbd process as it kills so many > other things. Being able to kill a specific service in cases of trouble will > definately improve things over here. > > This is great news ! > > Thanks. -------------- next part -------------- HTML attachment scrubbed and removed From Shane.Anglin at turner.com Thu Dec 9 15:20:11 1999 From: Shane.Anglin at turner.com (Anglin, Shane) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z Message-ID: This is a Win95 issue. Win95 temporarily grabs it during the log on process. -----Original Message----- From: Chris Tooley [mailto:ctooley@joslyn.org] Sent: Thursday, December 09, 1999 9:11 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Mapping Drive Z I am trying to map a Samba Share with the netlogon batch file on Windows 9x machines to drive Z:, however I am coming up with problems because the script says that \\\netlogon is already mapped to Z:. But, when the machine is logged in, nothing is mapped to Z:. Is this a Windows issue or a Samba setting? And, in either case is there a way to change the drive letter that netlogon is mapped to for the purpose of running the script? Chris Tooley Joslyn Art Museum 2200 Dodge St. Omaha, NE 68102 (402)342-3300 From giulioo at pobox.com Thu Dec 9 15:31:48 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z In-Reply-To: <001201bf4254$ab318aa0$1900a8c0@webstat.joslyn.org> References: <384FCCAC.513A0D62@sj.univali.br> <001201bf4254$ab318aa0$1900a8c0@webstat.joslyn.org> Message-ID: <19991209153115.5735E26E66@i3.golden.dom> On Fri, 10 Dec 1999 01:57:51 +1100, hai scritto: >Does this go in the global entries? > >this is a WinBlows 9x issue. As far as I can tell, Winblows 9x maps >internally drive Z: for profiles, and when the user interface is >available for use, you don?t see that drive mapped anymore. > >Unfortunately, during logon script processing, drive Z: is still >mapped by Windows. I use here "logon drive = X:" in smb.conf According to smb.conf man page, "logon drive" is for winnt only, and is ignored by win9x. -- giulioo@pobox.com From ctooley at joslyn.org Thu Dec 9 15:41:21 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z In-Reply-To: <021001bf4256$c2ddce00$8b640107@scania.co.za> Message-ID: <001801bf425b$d85b9140$1900a8c0@webstat.joslyn.org> Are you putting this net use command somewhere on the local machine and if so where, or are you putting in the batch file? Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of C.Lee Taylor Sent: Thursday, December 09, 1999 9:25 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Mapping Drive Z Hi ... If I understand the doc's correctly, "logon drive = X:" is only map by WinNT clients and not DOS, WFW or Win9X clients. What I have don't though is but a "NET USE L: \\\Netlogon /YES" so that "L:" is always the netlogon drive. Also I have set "logon drive = l:" so that my WinNT clients use the same drive. I hope this helps. Mailed C.Lee Taylor -------------- next part -------------- HTML attachment scrubbed and removed From mg at plum.de Thu Dec 9 15:51:58 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:33 2003 Subject: cyrillic filenames References: <000501bf4250$fb06b180$5a02a8c0@dmitry.irex.ru> Message-ID: <384FD01E.9C319BE@plum.de> Dmitry Barabanov wrote: > > Does anyone know why Samba 2.1 does not support cyrillic filenames > while Samba 2.0.x does? Config is the same (character set = iso8859-1, > client code page = 866) Yes .. because you should only use 2.1 as PDC, not as fileserver. There are numerous bugs/fixes/new stuff in the 2.0.x Fileserver code, which are missing in the 2.1.x tree. Several people seem to be working on this issue. So ... don't use 2.1 as fileserver and dont't use 2.0.x as PDC .. :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From mjwestkamper at weiinc.com Thu Dec 9 15:48:11 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:33 2003 Subject: Another two bits worth Message-ID: <384FCF3B.1BC8944C@weiinc.com> Another voice in the crowd... Through your work and this forum I have been able to implement significant systems with the systems your have developed. I appreciate the effort and the direction you are taking. This is not a replacement for the Microsoft gadgetry, it is an alternate solution to a problem many of us face. It has the benefit of being better while accommodating the existing protocol. The single largest benefit for us here is the ability to select the platform. Here a favorite is Linux. It is stable, reliable, robust, efficient and cost effective. Linux coupled with SAMBA makes a solid system that is readily maintained and seldom causes any problems. Your work here is greatly appreciated. Mike From rajeeva at research.bell-labs.com Thu Dec 9 16:18:04 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:33 2003 Subject: smbpasswd problems fixed References: <384F5528.BB756729@eng.auburn.edu> Message-ID: <384FD63C.255559CC@research.bell-labs.com> Gerald Carter wrote: > > Folks, > > Would those who are interested, please grab a new copy > of the code and see if smbpasswd behaves better this time? > The > > Domain password server not available. > Can't setup password database vectors. > > Should be fixed now. Thanks. > > Cheers, > jerry > > PS: Glad I didn't send this message out earlier. > This fix seems ok on a RedHat 6.0 system. > However, still have issues on my Solaris 2.6 box. > I'll keep working tomorrow. Hi, On my linux box running RH 6.1 (2.2.12) I get error connecting to 135.104.54.46:445 (Connection refused) error connecting to 135.104.54.46:445 (Connection refused) cli_nt_session_open: cli_open failed on pipe \PIPE\lsarpc to machine PRINT. Error was ERRSRV - ERRaccess (The requester does not have the necessary access rights within the specified context for the reque lsa query info failed Can't setup password database vectors. rajeev From cartegw at Eng.Auburn.EDU Thu Dec 9 16:22:35 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:33 2003 Subject: new lsarpcd daemon [was Re: smbpasswd problems fixed] References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <384FACA2.CAF8C59C@eng.auburn.edu> <384FB231.E9D9028F@tfh-berlin.de> Message-ID: <384FD74B.3F2669AD@eng.auburn.edu> Grant Wallace wrote: > > My error message looks similar: > (on Linux 2.0.35) > error connecting to 141.64.53.98:445 (Connection refused) > error connecting to 141.64.53.98:445 (Connection refused) > Can't setup password database vectors. Yes, well apparently you need to run smbd, nmdb and the new lsarpcd daemons. root@mole source]# bin/smbpasswd cartegw error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) New SMB password: Retype new SMB password: Password changed for user cartegw Honest folks. Still trying to work out what else is going on here. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mike at psand.net Thu Dec 9 16:51:50 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z References: <001001bf424f$6b6cb840$1900a8c0@webstat.joslyn.org> Message-ID: <005501bf4265$b2441680$0164a8c0@win981> Chris, I'd let Win9x have it's way with the default Z: drive and map home to U: in the logon.bat script: net use U: \\sambaserver\homes /persistent:no /yes or something like that! Mike. ----- Original Message ----- From: Chris Tooley To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, December 09, 1999 3:11 PM Subject: Mapping Drive Z > I am trying to map a Samba Share with the netlogon batch file on Windows 9x > machines to drive Z:, however I am coming up with problems because the > script says that \\\netlogon is already mapped to Z:. But, > when the machine is logged in, nothing is mapped to Z:. Is this a Windows > issue or a Samba setting? And, in either case is there a way to change the > drive letter that netlogon is mapped to for the purpose of running the > script? > > Chris Tooley > Joslyn Art Museum > 2200 Dodge St. > Omaha, NE 68102 > (402)342-3300 From jhanna at cproject.com Thu Dec 9 17:02:05 1999 From: jhanna at cproject.com (John Hanna) Date: Tue Dec 2 02:27:33 2003 Subject: RFA: configuration: No Domain Server to validate your password References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> Message-ID: <003001bf4267$1ebb0160$2b01010a@omfus.org> Hi. I have a NT server which I'm replacing with my new FreeBSD server. I'm running samba.2.0.6. I exported my NT passwords with the pwdump utility, and wrote a script to add the new accounts to my /etc/master.passwd (et al) files. When I kill the NT server and restart Samba with the PDC configuration file I get the following log in log.nmb, but when a user tries to boot they get the "No Domain Server to validate your password" error. Can someone please help me figure what I've missed, or point me to a checklist or something? If I set debug=9 will that help give me more information to troubleshoot? Thanks, John ----------- samba.conf # Global parameters [global] ... security = USER encrypt passwords = Yes map to guest = Bad Password smb passwd file = /usr/local/private/smbpasswd preferred master = Yes domain master = Yes ... ----------- log.nmb [1999/12/08 17:28:45, 1] nmbd/nmbd.c:main(747) Netbios nameserver version 2.0.6 started. Copyright Andrew Tridgell 1994-1998 [1999/12/08 17:28:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup M_PLEX on subnet 10.1.1.99 [1999/12/08 17:28:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308) become_domain_master_browser_bcast: querying subnet 10.1.1.99 for domain master browser on workgroup M_PLEX [1999/12/08 17:28:54, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server NT_SERVER is now a domain master browser for workgroup M_PLEX on subnet 10.1.1.99 ***** [1999/12/08 17:29:07, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) ***** Samba name server NT_SERVER is now a local master browser for workgroup M_PLEX on subnet 10.1.1.99 ***** ------------- log.smb [ shows nothing of relivance ] ------------- /etc/passwd ... mbradley:*:65534:65533:Mark Bradley:/nonexistant:/sbin/nologin ... ------------- /usr/local/private/smbpasswd ... MBradley:65534:3D5B75194B4F3F616543B435B51404EE:10289B0AC7D434349C985C9E 0D6A3863:Mark Bradley:: ... From ctooley at joslyn.org Thu Dec 9 17:08:28 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:33 2003 Subject: Mapping Drive Z In-Reply-To: <005501bf4265$b2441680$0164a8c0@win981> Message-ID: <002001bf4268$03e2f220$1900a8c0@webstat.joslyn.org> The only problem with that is that we are converting from a Novell server where all of the Database directories for the 30-40 databases in house were stored were mapped to drive Z: as well as about 8 billion other shortcuts, all of which will be broken if we map the new share of those things to a different drive letter. This wouldn't be a problem if we had users that understood the concept of changing the driver letter in the shortcuts. However, changing 10-20 shortcuts on 50-60 machines would take quite a lot of time, especially when you don't have a clue what those shortcuts are. Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Mike Harris Sent: Thursday, December 09, 1999 10:52 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Mapping Drive Z Chris, I'd let Win9x have it's way with the default Z: drive and map home to U: in the logon.bat script: net use U: \\sambaserver\homes /persistent:no /yes or something like that! Mike. ----- Original Message ----- From: Chris Tooley To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, December 09, 1999 3:11 PM Subject: Mapping Drive Z > I am trying to map a Samba Share with the netlogon batch file on Windows 9x > machines to drive Z:, however I am coming up with problems because the > script says that \\\netlogon is already mapped to Z:. But, > when the machine is logged in, nothing is mapped to Z:. Is this a Windows > issue or a Samba setting? And, in either case is there a way to change the > drive letter that netlogon is mapped to for the purpose of running the > script? > > Chris Tooley > Joslyn Art Museum > 2200 Dodge St. > Omaha, NE 68102 > (402)342-3300 From oliver at hydraweb.com Thu Dec 9 17:15:16 1999 From: oliver at hydraweb.com (Oliver Stockhammer) Date: Tue Dec 2 02:27:33 2003 Subject: Current Status of NTdom Proj... Message-ID: **Please email me directly, as I am not a member of the list, currently. Hello, I have been going through your archives and through the Samba NTdomain Proj FAQ, and have found an incredible array of info. I haven't been able to fine a current status of the project as of Nov/Dec 1999. I am looking to use the Samba PDC abilities to control multiple NT domains on a Red Hat Linux machine, or to go with Sun's PC Netlinks solution and use a Sparc Server. Of main concern is the seemly inability of Samba to address/handle the following: trust relationships printing BDC support Stability is also a main concern as well, and I have seen that Samba is slated to integrate the NTdomain aspect in the 'stable' tree in v2.1. How far away is this? Take Care, Oliver Stockhammer -- ,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ' Oliver Stockhammer / Hydraweb Technologies ' Unix Sys Admin / 40 Broad St., ste2175 NY,NY,10004 , oliver@hydraweb.com / ph.212.809.5900 fx.212.809.5932 , ''''''''''''''''''''''''' ''''''''' From parsons at clearway.com Thu Dec 9 19:30:25 1999 From: parsons at clearway.com (Jim Parsons) Date: Tue Dec 2 02:27:33 2003 Subject: zero length file transfer Message-ID: <611C0CE12596D311B466009027D5E75908514B@host100.56jfk.com> Hello, Problem: I need to backup our local development CVS tree from a Linux box where it resides to an NT box running NT Server on our local net. Approach: I have a script in place that tars up the dir tree on the Linux box, then gzips it, and then calls smbclient //NTbox/backupdir -U NTaccountname%NTpasswd -c 'put backup.tar.gz' This script runs from a cron as root. Drastic Results!: I know this may sound unusual, but the folks on this list are my first choice for asking why this strange thing is happening--when I set the cron to start running a couple of nights ago at 2:00AM, I found that I was getting a zero length file on the target dir on the NT box; despite the fact that the entire script/cron had tested fine earlier in the day when I was at work. Further testing has proved the following: If I set the cron to go off every hour on the hour, the backup works perfectly, and the file backup.tar.gz transfers perfectly. The FIRST smbclient 'put' after midnight fails though! After that backup attempt, every thing once again is normal, and the backup proceeds properly at 1:00AM, 2:00AM, 3:00AM..... 1) The cron runs as root on the CVS repository linux box, with no one logged in. 2) From another linux box, I have a script that calls smbclient //NTbox/backupdir -U NTaccountname%NTpasswd -c 'dir * ' every 15 minutes and writes the results into a logfile...most of the time the entire tar, zip, and smbclient transfer take about 5 minutes according to the timestamp on the file residing in the target directory returned from the 'dir *' command. The one that fails at midnight takes 18 minutes because the time stamp on the zero length file in the target dir reflects this. 3) The times on all of the machines are correct; within one or two minutes of each other...all the right time zone. 4) If I do not make a backup and put it on the NT box from before midnight until 2:00AM, or 3:00AM, or 4:30AM...or whatever time after midnight I choose, it fails, but then the next attempt succeeds, as do all future attempts until the magic midnight hour! 5) The file on the Linux box that gets tarred and zipped is proper size...the file is not zero length on the Linux side of the connection before the 'put...' is executed. 6) The NT acct for the backup (referred to as NTaccountname in the smbclient command above) has permissions set around the clock on it...no restrictions So The NT guy here thinks its my problem, and I think it is his problem... Can anyone shed any light on this? Is this a samba issue? Major apologies if this list isn't pertinent...I chose what I thought was the closest domain! Please cc any responses to me as I am not subscribed yet... Jim Parsons From mgeddes at xavier.sa.edu.au Thu Dec 9 21:45:55 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:33 2003 Subject: RFA: configuration: No Domain Server to validate your password References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <003001bf4267$1ebb0160$2b01010a@omfus.org> Message-ID: <38502313.EDA31C48@xavier.sa.edu.au> John Hanna wrote: > Hi. I have a NT server which I'm replacing with my new FreeBSD server. > I'm running samba.2.0.6. I exported my NT passwords with the pwdump > utility, and wrote a script to add the new accounts to my > /etc/master.passwd (et al) files. When I kill the NT server and restart > Samba with the PDC configuration file I get the following log in > log.nmb, but when a user tries to boot they get the "No Domain Server to > validate your password" error. > > Can someone please help me figure what I've missed, or point me to a > checklist or something? If I set debug=9 will that help give me more > information to troubleshoot? > > Thanks, > John > > ----------- samba.conf > > # Global parameters > [global] > .. > security = USER > encrypt passwords = Yes > map to guest = Bad Password > smb passwd file = /usr/local/private/smbpasswd > preferred master = Yes > domain master = Yes > .. > > ----------- log.nmb > > [1999/12/08 17:28:45, 1] nmbd/nmbd.c:main(747) > Netbios nameserver version 2.0.6 started. > Copyright Andrew Tridgell 1994-1998 > [1999/12/08 17:28:45, 0] > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294) > become_domain_master_browser_bcast: > Attempting to become domain master browser on workgroup M_PLEX on > subnet 10.1.1.99 > [1999/12/08 17:28:45, 0] > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308) > become_domain_master_browser_bcast: querying subnet 10.1.1.99 for > domain master browser on workgroup M_PLEX > [1999/12/08 17:28:54, 0] > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) > ***** > > Samba server NT_SERVER is now a domain master browser for workgroup > M_PLEX on subnet 10.1.1.99 > > ***** > [1999/12/08 17:29:07, 0] > nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) > ***** > > Samba name server NT_SERVER is now a local master browser for > workgroup M_PLEX > on subnet 10.1.1.99 > > ***** > ------------- log.smb > [ shows nothing of relivance ] > > ------------- /etc/passwd > .. > mbradley:*:65534:65533:Mark Bradley:/nonexistant:/sbin/nologin > .. > > ------------- /usr/local/private/smbpasswd > .. > MBradley:65534:3D5B75194B4F3F616543B435B51404EE:10289B0AC7D434349C985C9E > 0D6A3863:Mark Bradley:: > .. You might want to try telling samba to act as a WINS server (wins support=yes in smb.conf I believe), and tell the workstations to look at the samba box for WINS. When Windows machines log into an NT domain, they use WINS to find the Domain Controller. If WINS isn't working properly, or isn't configured, the workstation turns to broadcasting to find the server. This dosen't always work. I usually set security = Domain for a PDC. Also make sure you've got the standard domain logons = yes and stuff (I once spent hours trying to find the problem and hadn't even turned on Domain Control support ;-)). You probably want the netlogon share as well (although not compulsory). Matt From Loo at littongcs.com Thu Dec 9 22:03:38 1999 From: Loo at littongcs.com (Loo, Joseph) Date: Tue Dec 2 02:27:33 2003 Subject: RFA: configuration: No Domain Server to validate your password Message-ID: <9DD60A65AD75D211816700A0C9E93F910278FD93@whntmail1.littongcs.com> Does that mean you need domain logins = yes when samba is being using strictly as a server of shared resources to get good reliability to share resources? Joseph Loo Litton Guidance & Control 5500 Canoga Ave Woodland Hills, CA 91367-6698 Phone #: (818) 715-2961 Fax #: (818) 715-2752 -----Original Message----- From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] Sent: Thursday, December 09, 1999 1:43 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: RFA: configuration: No Domain Server to validate your password John Hanna wrote: > Hi. I have a NT server which I'm replacing with my new FreeBSD server. > I'm running samba.2.0.6. I exported my NT passwords with the pwdump > utility, and wrote a script to add the new accounts to my > /etc/master.passwd (et al) files. When I kill the NT server and restart > Samba with the PDC configuration file I get the following log in > log.nmb, but when a user tries to boot they get the "No Domain Server to > validate your password" error. > > Can someone please help me figure what I've missed, or point me to a > checklist or something? If I set debug=9 will that help give me more > information to troubleshoot? > > Thanks, > John > > ----------- samba.conf > > # Global parameters > [global] > .. > security = USER > encrypt passwords = Yes > map to guest = Bad Password > smb passwd file = /usr/local/private/smbpasswd > preferred master = Yes > domain master = Yes > .. > > ----------- log.nmb > > [1999/12/08 17:28:45, 1] nmbd/nmbd.c:main(747) > Netbios nameserver version 2.0.6 started. > Copyright Andrew Tridgell 1994-1998 > [1999/12/08 17:28:45, 0] > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294) > become_domain_master_browser_bcast: > Attempting to become domain master browser on workgroup M_PLEX on > subnet 10.1.1.99 > [1999/12/08 17:28:45, 0] > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308) > become_domain_master_browser_bcast: querying subnet 10.1.1.99 for > domain master browser on workgroup M_PLEX > [1999/12/08 17:28:54, 0] > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) > ***** > > Samba server NT_SERVER is now a domain master browser for workgroup > M_PLEX on subnet 10.1.1.99 > > ***** > [1999/12/08 17:29:07, 0] > nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) > ***** > > Samba name server NT_SERVER is now a local master browser for > workgroup M_PLEX > on subnet 10.1.1.99 > > ***** > ------------- log.smb > [ shows nothing of relivance ] > > ------------- /etc/passwd > .. > mbradley:*:65534:65533:Mark Bradley:/nonexistant:/sbin/nologin > .. > > ------------- /usr/local/private/smbpasswd > .. > MBradley:65534:3D5B75194B4F3F616543B435B51404EE:10289B0AC7D434349C985C9E > 0D6A3863:Mark Bradley:: > .. You might want to try telling samba to act as a WINS server (wins support=yes in smb.conf I believe), and tell the workstations to look at the samba box for WINS. When Windows machines log into an NT domain, they use WINS to find the Domain Controller. If WINS isn't working properly, or isn't configured, the workstation turns to broadcasting to find the server. This dosen't always work. I usually set security = Domain for a PDC. Also make sure you've got the standard domain logons = yes and stuff (I once spent hours trying to find the problem and hadn't even turned on Domain Control support ;-)). You probably want the netlogon share as well (although not compulsory). Matt From karlheinz at khschulz.com Thu Dec 9 22:35:17 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:33 2003 Subject: Access share without password Message-ID: <004401bf4295$ab5de140$6e320180@charlielabtop> Is it possible to access Samba shares without password? Or how can I define a global group? Can this be done through the smb.conf file or is it a Linux thing? I want that all user from my NT PDC can access the //server/mdii share - only read rights. Thank you, Karl-Heinz From jhanna at cproject.com Thu Dec 9 22:43:21 1999 From: jhanna at cproject.com (John Hanna) Date: Tue Dec 2 02:27:33 2003 Subject: configuration: No Domain Server to validate your password References: <9DD60A65AD75D211816700A0C9E93F910278FD93@whntmail1.littongcs.com> Message-ID: <00e801bf4296$cb791160$2b01010a@omfus.org> No, just if you want Samba to validate Win95/98 network logons. ----- Original Message ----- From: Loo, Joseph To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, December 09, 1999 3:11 PM Subject: RFA: configuration: No Domain Server to validate your password > Does that mean you need domain logins = yes when samba is being using > strictly as a server of shared resources to get good reliability to share > resources? > > Joseph Loo > Litton Guidance & Control > 5500 Canoga Ave > Woodland Hills, CA 91367-6698 > Phone #: (818) 715-2961 > Fax #: (818) 715-2752 > > > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Thursday, December 09, 1999 1:43 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: RFA: configuration: No Domain Server to validate your > password > > > John Hanna wrote: > > > Hi. I have a NT server which I'm replacing with my new FreeBSD server. > > I'm running samba.2.0.6. I exported my NT passwords with the pwdump > > utility, and wrote a script to add the new accounts to my > > /etc/master.passwd (et al) files. When I kill the NT server and restart > > Samba with the PDC configuration file I get the following log in > > log.nmb, but when a user tries to boot they get the "No Domain Server to > > validate your password" error. > > > > Can someone please help me figure what I've missed, or point me to a > > checklist or something? If I set debug=9 will that help give me more > > information to troubleshoot? > > > > Thanks, > > John > > > > ----------- samba.conf > > > > # Global parameters > > [global] > > .. > > security = USER > > encrypt passwords = Yes > > map to guest = Bad Password > > smb passwd file = /usr/local/private/smbpasswd > > preferred master = Yes > > domain master = Yes > > .. > > > > ----------- log.nmb > > > > [1999/12/08 17:28:45, 1] nmbd/nmbd.c:main(747) > > Netbios nameserver version 2.0.6 started. > > Copyright Andrew Tridgell 1994-1998 > > [1999/12/08 17:28:45, 0] > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294) > > become_domain_master_browser_bcast: > > Attempting to become domain master browser on workgroup M_PLEX on > > subnet 10.1.1.99 > > [1999/12/08 17:28:45, 0] > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308) > > become_domain_master_browser_bcast: querying subnet 10.1.1.99 for > > domain master browser on workgroup M_PLEX > > [1999/12/08 17:28:54, 0] > > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) > > ***** > > > > Samba server NT_SERVER is now a domain master browser for workgroup > > M_PLEX on subnet 10.1.1.99 > > > > ***** > > [1999/12/08 17:29:07, 0] > > nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) > > ***** > > > > Samba name server NT_SERVER is now a local master browser for > > workgroup M_PLEX > > on subnet 10.1.1.99 > > > > ***** > > ------------- log.smb > > [ shows nothing of relivance ] > > > > ------------- /etc/passwd > > .. > > mbradley:*:65534:65533:Mark Bradley:/nonexistant:/sbin/nologin > > .. > > > > ------------- /usr/local/private/smbpasswd > > .. > > MBradley:65534:3D5B75194B4F3F616543B435B51404EE:10289B0AC7D434349C985C9E > > 0D6A3863:Mark Bradley:: > > .. > > You might want to try telling samba to act as a WINS server (wins > support=yes in smb.conf I believe), and tell the workstations to look at > the samba box for WINS. When Windows machines log into an NT domain, they > use WINS to find the Domain Controller. If WINS isn't working properly, or > isn't configured, the workstation turns to broadcasting to find the server. > This dosen't always work. > > I usually set security = Domain for a PDC. Also make sure you've got the > standard domain logons = yes and stuff (I once spent hours trying to find > the problem and hadn't even turned on Domain Control support ;-)). You > probably want the netlogon share as well (although not compulsory). > > Matt > From mgeddes at xavier.sa.edu.au Thu Dec 9 23:40:35 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:34 2003 Subject: RFA: configuration: No Domain Server to validate your password In-Reply-To: <9DD60A65AD75D211816700A0C9E93F910278FD93@whntmail1.littong cs.com> Message-ID: <3.0.5.32.19991210094035.007bf100@mail.xavier.sa.edu.au> No. Just when it's a domain controller At 09:12 AM 12/10/99 +1100, Loo, Joseph wrote: >Does that mean you need domain logins = yes when samba is being using >strictly as a server of shared resources to get good reliability to share >resources? > >Joseph Loo >Litton Guidance & Control >5500 Canoga Ave >Woodland Hills, CA 91367-6698 >Phone #: (818) 715-2961 >Fax #: (818) 715-2752 > > >-----Original Message----- >From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] >Sent: Thursday, December 09, 1999 1:43 PM >To: Multiple recipients of list SAMBA-NTDOM >Subject: Re: RFA: configuration: No Domain Server to validate your >password > > >John Hanna wrote: > >> Hi. I have a NT server which I'm replacing with my new FreeBSD server. >> I'm running samba.2.0.6. I exported my NT passwords with the pwdump >> utility, and wrote a script to add the new accounts to my >> /etc/master.passwd (et al) files. When I kill the NT server and restart >> Samba with the PDC configuration file I get the following log in >> log.nmb, but when a user tries to boot they get the "No Domain Server to >> validate your password" error. >> >> Can someone please help me figure what I've missed, or point me to a >> checklist or something? If I set debug=9 will that help give me more >> information to troubleshoot? >> >> Thanks, >> John >> >> ----------- samba.conf >> >> # Global parameters >> [global] >> .. >> security = USER >> encrypt passwords = Yes >> map to guest = Bad Password >> smb passwd file = /usr/local/private/smbpasswd >> preferred master = Yes >> domain master = Yes >> .. >> >> ----------- log.nmb >> >> [1999/12/08 17:28:45, 1] nmbd/nmbd.c:main(747) >> Netbios nameserver version 2.0.6 started. >> Copyright Andrew Tridgell 1994-1998 >> [1999/12/08 17:28:45, 0] >> nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294) >> become_domain_master_browser_bcast: >> Attempting to become domain master browser on workgroup M_PLEX on >> subnet 10.1.1.99 >> [1999/12/08 17:28:45, 0] >> nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308) >> become_domain_master_browser_bcast: querying subnet 10.1.1.99 for >> domain master browser on workgroup M_PLEX >> [1999/12/08 17:28:54, 0] >> nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) >> ***** >> >> Samba server NT_SERVER is now a domain master browser for workgroup >> M_PLEX on subnet 10.1.1.99 >> >> ***** >> [1999/12/08 17:29:07, 0] >> nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) >> ***** >> >> Samba name server NT_SERVER is now a local master browser for >> workgroup M_PLEX >> on subnet 10.1.1.99 >> >> ***** >> ------------- log.smb >> [ shows nothing of relivance ] >> >> ------------- /etc/passwd >> .. >> mbradley:*:65534:65533:Mark Bradley:/nonexistant:/sbin/nologin >> .. >> >> ------------- /usr/local/private/smbpasswd >> .. >> MBradley:65534:3D5B75194B4F3F616543B435B51404EE:10289B0AC7D434349C985C9E >> 0D6A3863:Mark Bradley:: >> .. > >You might want to try telling samba to act as a WINS server (wins >support=yes in smb.conf I believe), and tell the workstations to look at >the samba box for WINS. When Windows machines log into an NT domain, they >use WINS to find the Domain Controller. If WINS isn't working properly, or >isn't configured, the workstation turns to broadcasting to find the server. >This dosen't always work. > >I usually set security = Domain for a PDC. Also make sure you've got the >standard domain logons = yes and stuff (I once spent hours trying to find >the problem and hadn't even turned on Domain Control support ;-)). You >probably want the netlogon share as well (although not compulsory). > >Matt > From bs at niggard.org Thu Dec 9 22:02:26 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:34 2003 Subject: new lsarpcd daemon [was Re: smbpasswd problems fixed] In-Reply-To: <384FD74B.3F2669AD@eng.auburn.edu> Message-ID: On Fri, 10 Dec 1999, Gerald Carter wrote: > Grant Wallace wrote: > > > > My error message looks similar: > > (on Linux 2.0.35) > > error connecting to 141.64.53.98:445 (Connection refused) > > error connecting to 141.64.53.98:445 (Connection refused) > > Can't setup password database vectors. > > Yes, well apparently you need to run smbd, nmdb and the > new lsarpcd daemons. > > root@mole source]# bin/smbpasswd cartegw > error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) > error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) > New SMB password: > Retype new SMB password: > Password changed for user cartegw This is a Debian Slink updated to Potato, Linux2.2, glibc2.1: Added interface ip=192.168.101.1 bcast=192.168.101.255 nmask=255.255.255.0 Added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx nmask=xxx.xxx.xxx.xxx resolve_name: Attempting lmhosts lookup for name INTRA resolve_name: Attempting host lookup for name INTRA Connecting to 192.168.101.1 at port 445 error connecting to 192.168.101.1:445 (Connection refused) Connecting to 192.168.101.1 at port 139 resolve_name: Attempting lmhosts lookup for name INTRA resolve_name: Attempting host lookup for name INTRA Connecting to 192.168.101.1 at port 445 error connecting to 192.168.101.1:445 (Connection refused) Connecting to 192.168.101.1 at port 139 cli_nt_session_open: rpc bind failed. Error was RAP code 0 lsa query info failed Can't setup password database vectors. From plasma at gen.latrobe.edu.au Thu Dec 9 23:27:08 1999 From: plasma at gen.latrobe.edu.au (Scott Rosicka) Date: Tue Dec 2 02:27:34 2003 Subject: Mapping Drive Z In-Reply-To: <001001bf424f$6b6cb840$1900a8c0@webstat.joslyn.org> Message-ID: I found the easyest way to combat this was to put a link in "Startup" on the 95's to a batch file contaning ------------ @echo off net use z: /delete NET USE z: \\\homes EXIT ---------- I made the link back to \\\netlogon\scripts\default95.bat that way i could make changes to it if i needed to scott On Fri, 10 Dec 1999, Chris Tooley wrote: > I am trying to map a Samba Share with the netlogon batch file on Windows 9x > machines to drive Z:, however I am coming up with problems because the > script says that \\\netlogon is already mapped to Z:. But, > when the machine is logged in, nothing is mapped to Z:. Is this a Windows > issue or a Samba setting? And, in either case is there a way to change the > drive letter that netlogon is mapped to for the purpose of running the > script? > > Chris Tooley > Joslyn Art Museum > 2200 Dodge St. > Omaha, NE 68102 > (402)342-3300 > From giulioo at pobox.com Thu Dec 9 23:25:48 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:34 2003 Subject: Access share without password In-Reply-To: <004401bf4295$ab5de140$6e320180@charlielabtop> References: <004401bf4295$ab5de140$6e320180@charlielabtop> Message-ID: <19991209232702.D3B0B26E67@i3.golden.dom> On Fri, 10 Dec 1999 09:39:29 +1100, hai scritto: >Is it possible to access Samba shares without password? >Or how can I define a global group? >Can this be done through the smb.conf file or is it a Linux thing? > >I want that all user from my NT PDC can access the //server/mdii share - >only read rights. in smb.conf ==== security = user map to guest = bad user guest account = ftp (or another user) [myshare] path = /path/dir guest ok = yes writable = no ==== make /path/dir readable by the ftp (or another user) user. User which don't provide a good userid will be mapped to the guest user and will be able to access the share. -- giulioo@pobox.com From cartegw at Eng.Auburn.EDU Fri Dec 10 00:06:30 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:34 2003 Subject: RFA: configuration: No Domain Server to validate your password References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <003001bf4267$1ebb0160$2b01010a@omfus.org> <38502313.EDA31C48@xavier.sa.edu.au> Message-ID: <38504406.31756F8E@eng.auburn.edu> Matthew Geddes wrote: > > I usually set security = Domain for a PDC. I'm assuming you mean 'security = user' jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mgeddes at xavier.sa.edu.au Fri Dec 10 01:44:02 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:34 2003 Subject: RFA: configuration: No Domain Server to validate your password In-Reply-To: <38504406.31756F8E@eng.auburn.edu> References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <003001bf4267$1ebb0160$2b01010a@omfus.org> <38502313.EDA31C48@xavier.sa.edu.au> Message-ID: <3.0.5.32.19991210104402.007c8100@mail.xavier.sa.edu.au> No. security = domain works just fine with my Samba 2.0.5a and 2.0.6 machines... Matt At 12:06 AM 12/10/99 +0000, Gerald Carter wrote: >Matthew Geddes wrote: >> >> I usually set security = Domain for a PDC. > >I'm assuming you mean 'security = user' > > > > > > >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From osabmt00 at fht-esslingen.de Fri Dec 10 00:58:38 1999 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:27:34 2003 Subject: can't join Domain with latest CVS Message-ID: <199912100102.CAA31351@rslx01.fht-esslingen.de> Hello everyone out there, The current CVS (4 hours old) causes me much trouble: 1) smbpasswd -j DOMAIN_TO_JOIN gives me: error connecting to X.X.X.X:445 (Connection refused) error connecting to X.X.X.X:445 (Connection refused) Joining Domain as Workstation get_trust_account_password: Failed to seek to start of file. Error was Bad file descriptor. change_trust_account_password: unable to read the machine account password for domain DOMAIN_TO_JOIN Unable to join domain DOMAIN_TO_JOIN After a short look into the sources I think that the .mac-FIle isn't locked, so it can't be fseek'ed. To avoid the message I added the following lines to clienttrust.c/change_trust_account_password,line 90: if(!trust_password_lock( domain, global_myname, True)) { DEBUG(0,("change_trust_account_password: unable to open the trust account password file for trust %s in domain %s.\n", global_myname, domain )); return False; } ......READING_AND_SETTING_OF_NEW_PASSWORD......... trust_password_unlock(); which made the message disappear. 2) smbpasswd -j DOMAIN_TO_JOIN results in the following message: error connecting to X.X.X.X:445 (Connection refused) error connecting to X.X.X.X:445 (Connection refused) Joining Domain as Workstation Domain:DOMAIN_TO_JOIN cli_nt_setup_creds: auth2 challenge failed. status: c0000022 1999/12/10 01:37:40 : change_trust_account_password: Failed to change password for domain DOMAIN_TO_JOIN. Unable to join domain DOMAIN_TO_JOIN. 3) when connecting from a NTWKS to the Samba-Server it logs the following: [1999/12/10 01:39:09, 1] lib/util_sock.c:open_socket_out(749) error connecting to X.X.X.X:445 (Connection refused) [1999/12/10 01:39:10, 1] lib/util_sock.c:open_socket_out(749) error connecting to X.X.X.X:445 (Connection refused) [1999/12/10 01:39:10, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 10 in safe_strcpy [u?2?+^ a?? ?[?:??(] ??c? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ looks not good... #-} [1999/12/10 01:39:10, 1] rpc_client/cli_login.c:cli_nt_setup_creds(82) cli_nt_setup_creds: auth2 challenge failed. status: c0000022 [1999/12/10 01:39:10, 0] smbd/password.c:domain_client_validate(711) domain_client_validate: unable to setup the PDC credentials to machine \\MY_PDC. [1999/12/10 01:39:10, 0] smbd/reply.c:reply_sesssetup_and_X(759) NT Password did not match ! Defaulting to Lanman ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I have entered the correct password. What is wrong there? What should I Change? What am I missing? Thanks for any response, Yours Osama --- University of technics Esslingen / Germany Inst. f. mechatronics / microelectronics From lee.taylor at scania.co.za Fri Dec 10 06:44:55 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:34 2003 Subject: Mapping Drive Z Message-ID: <007101bf42da$120849a0$8b640107@scania.co.za> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: login.bat Type: application/octet-stream Size: 1370 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991210/d52b8c36/login.obj From lee.taylor at scania.co.za Fri Dec 10 06:47:24 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:34 2003 Subject: Access share without password References: <004401bf4295$ab5de140$6e320180@charlielabtop> Message-ID: <009601bf42da$6ac0fec0$8b640107@scania.co.za> Hi ... What clients will you be using to access your share? ----- Original Message ----- From: Karl-Heinz Schulz To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, December 10, 1999 12:38 AM Subject: Access share without password > Is it possible to access Samba shares without password? > Or how can I define a global group? > Can this be done through the smb.conf file or is it a Linux thing? > > I want that all user from my NT PDC can access the file://server/mdii share - > only read rights. > > Thank you, > Karl-Heinz > > > Mailed C.Lee Taylor From zdenek.drlik at kleibl.cz Fri Dec 10 06:22:17 1999 From: zdenek.drlik at kleibl.cz (Zdenek Drlik) Date: Tue Dec 2 02:27:34 2003 Subject: Printing to Windows 95 PCs Message-ID: <38509C18.FAB98129@kleibl.cz> I have a problem with printing from Samba server to Windows 95 PCs. I just have a printer server on Linux 2.2.12 with Samba 2.0.6 and I want this one spool all printer jobs. But when I have on this server shared printers which send jobs to Windows 95 shared printers, all jobs are spooled on that PCs. I think that better is to spool them only on server, but I have no idea how to do it. Does anybody know how to set up it (stop spooling on Windows 95 and let spool only the server)? Thanks a lot. -- Zdenek Drlik, diplomovany technik Klein & Blazek spol. s r.o. e-mail: zdenek.drlik@kleibl.cz tel: +420 648/440 316 From lee.taylor at scania.co.za Fri Dec 10 07:01:29 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:34 2003 Subject: Mapping Drive Z References: Message-ID: <00f101bf42dc$62652f60$8b640107@scania.co.za> Hi ... I see two other options post in the list. First the two batch files might cause a little havoc when DOS (Win9x / WFW) wants to find the first batch file if you use a "Call Login2.Bat" if you don't it might work fine, but I think this is messy. Second option to put a batch file into the Start-up group, well, I think that even more messy because you have to go to each PC to do the updates ... in that case you might as well update all the short-cut anyway ... I would go with one batch file that map "L:" and the changes to "L:" in the batch files, as long as if can find the batch file in the current directory, it should not complain about "Please insert disk with Batch". If you need a little more help, please feel free to e-mail me or the group ... it's about time I gave a little back to our community !!! ... Mailed C.Lee Taylor ----- Original Message ----- From: Scott Rosicka To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, December 10, 1999 1:30 AM Subject: Re: Mapping Drive Z > I found the easyest way to combat this was to put a link in "Startup" > on the 95's to a batch file contaning > ------------ > @echo off > > net use z: /delete > NET USE z: \\\homes > > EXIT > ---------- > I made the link back to \\\netlogon\scripts\default95.bat > that way i could make changes to it if i needed to > > > scott > > On Fri, 10 Dec 1999, Chris Tooley wrote: > > > I am trying to map a Samba Share with the netlogon batch file on Windows 9x > > machines to drive Z:, however I am coming up with problems because the > > script says that \\\netlogon is already mapped to Z:. But, > > when the machine is logged in, nothing is mapped to Z:. Is this a Windows > > issue or a Samba setting? And, in either case is there a way to change the > > drive letter that netlogon is mapped to for the purpose of running the > > script? > > > > Chris Tooley > > Joslyn Art Museum > > 2200 Dodge St. > > Omaha, NE 68102 > > (402)342-3300 > > > From lee.taylor at scania.co.za Fri Dec 10 07:13:57 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:34 2003 Subject: Printing to Windows 95 PCs References: <38509C18.FAB98129@kleibl.cz> Message-ID: <010701bf42de$206c3ac0$8b640107@scania.co.za> I think this is a Win9X problem, check the client and remote print server (I would think these are all are Win9x PC) printer setups, ... START, SETTINGS, PRINTERS, select your printer then right click to get context menu, select PROPERTIES, select DETAILS tab, SPOOL SETTINGS, then select PRINT DIRECTLY TO PRINTER. From the client this should send to the Linux server, the Linux server LPD (or LPRng, which I believe is better for control and other benefits) should then send to remote print server ... This should all be a little quicker ... I think, I have not tested myself, but this all might just see like a lot of work for a small benefit. Mailed C.Lee Taylor ----- Original Message ----- From: Zdenek Drlik To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, December 10, 1999 8:53 AM Subject: Printing to Windows 95 PCs > I have a problem with printing from Samba server to Windows 95 PCs. I > just have a printer server on Linux 2.2.12 with Samba 2.0.6 and I want > this one spool all printer jobs. But when I have on this server shared > printers which send jobs to Windows 95 shared printers, all jobs are > spooled on that PCs. I think that better is to spool them only on > server, but I have no idea how to do it. Does anybody know how to set up > it (stop spooling on Windows 95 and let spool only the server)? > Thanks a lot. > > -- > Zdenek Drlik, diplomovany technik > Klein & Blazek spol. s r.o. > e-mail: zdenek.drlik@kleibl.cz > tel: +420 648/440 316 > > > From mg at plum.de Fri Dec 10 08:22:31 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:34 2003 Subject: Printing to Windows 95 PCs References: <38509C18.FAB98129@kleibl.cz> Message-ID: <3850B847.8D43282A@plum.de> Zdenek Drlik wrote: > > I have a problem with printing from Samba server to Windows 95 PCs. I > just have a printer server on Linux 2.2.12 with Samba 2.0.6 and I want > this one spool all printer jobs. But when I have on this server shared > printers which send jobs to Windows 95 shared printers, all jobs are > spooled on that PCs. I think that better is to spool them only on > server, but I have no idea how to do it. Does anybody know how to set up > it (stop spooling on Windows 95 and let spool only the server)? > Thanks a lot. Take a look at the "smbprint" shell script, supplied with the samba distribution. regards, Michael Glauche From g.schram at linvision.com Fri Dec 10 09:34:28 1999 From: g.schram at linvision.com (Geerten Schram) Date: Tue Dec 2 02:27:34 2003 Subject: can't join Domain with latest CVS References: <199912100102.CAA31351@rslx01.fht-esslingen.de> Message-ID: <3850C924.3209B46B@linvision.com> A few weeks ago I encountered the same problem. When I used a older version (samba-2.0.5) of the smbpasswd programm everything worked. I think smbpasswd tries to connect to a rpcserver on port 445. I don't now if this service already exists in Samba or that you have to connect to a NT PDC... Osama Abu-Aish wrote: > Hello everyone out there, > > The current CVS (4 hours old) causes me much trouble: > > 1) smbpasswd -j DOMAIN_TO_JOIN gives me: > > error connecting to X.X.X.X:445 (Connection refused) > error connecting to X.X.X.X:445 (Connection refused) > Joining Domain as Workstation > get_trust_account_password: Failed to seek to start of file. Error was Bad file descriptor. > change_trust_account_password: unable to read the machine account password for domain > DOMAIN_TO_JOIN > Unable to join domain DOMAIN_TO_JOIN > > After a short look into the sources I think that the .mac-FIle isn't locked, so it can't be > fseek'ed. > > To avoid the message I added the following lines to > clienttrust.c/change_trust_account_password,line 90: > > if(!trust_password_lock( domain, global_myname, True)) > { > DEBUG(0,("change_trust_account_password: unable to open the trust account password file > for trust %s in domain %s.\n", global_myname, domain )); > return False; > } > .....READING_AND_SETTING_OF_NEW_PASSWORD......... > trust_password_unlock(); > > which made the message disappear. > > 2) smbpasswd -j DOMAIN_TO_JOIN results in the following message: > > error connecting to X.X.X.X:445 (Connection refused) > error connecting to X.X.X.X:445 (Connection refused) > Joining Domain as Workstation > Domain:DOMAIN_TO_JOIN > cli_nt_setup_creds: auth2 challenge failed. status: c0000022 > 1999/12/10 01:37:40 : change_trust_account_password: Failed to change password for domain > DOMAIN_TO_JOIN. > Unable to join domain DOMAIN_TO_JOIN. > > 3) when connecting from a NTWKS to the Samba-Server it logs the following: > > [1999/12/10 01:39:09, 1] lib/util_sock.c:open_socket_out(749) > error connecting to X.X.X.X:445 (Connection refused) > [1999/12/10 01:39:10, 1] lib/util_sock.c:open_socket_out(749) > error connecting to X.X.X.X:445 (Connection refused) > [1999/12/10 01:39:10, 0] lib/util_str.c:safe_strcpy(765) > ERROR: string overflow by 10 in safe_strcpy [u?2?+^ > a?? ?[?:??(] ??c? > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > looks not good... #-} > > [1999/12/10 01:39:10, 1] rpc_client/cli_login.c:cli_nt_setup_creds(82) > cli_nt_setup_creds: auth2 challenge failed. status: c0000022 > [1999/12/10 01:39:10, 0] smbd/password.c:domain_client_validate(711) > domain_client_validate: unable to setup the PDC credentials to machine \\MY_PDC. > [1999/12/10 01:39:10, 0] smbd/reply.c:reply_sesssetup_and_X(759) > NT Password did not match ! Defaulting to Lanman > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > I have entered the correct password. > > What is wrong there? What should I Change? What am I missing? > > Thanks for any response, > > Yours Osama > > --- > University of technics Esslingen / Germany > Inst. f. mechatronics / microelectronics From johanh at fusion.kth.se Fri Dec 10 10:45:36 1999 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:27:34 2003 Subject: Why static BOOL become_uid(...)? Message-ID: I'm trying to make a patch for Samba to be able to read an AFS ticket from a srvtab entry. This as a not that nice, but sufficient for our needs way to use Samba as a PDC for AFS accounts. For this patch I need to switch to the user UID in order to read the users srvtab. The become_uid is declared static. Is is safe to remove the static? TIA Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From brandtwr-samba at draaw.net Fri Dec 10 12:28:33 1999 From: brandtwr-samba at draaw.net (Bill Brandt) Date: Tue Dec 2 02:27:34 2003 Subject: Access share without password In-Reply-To: <009601bf42da$6ac0fec0$8b640107@scania.co.za>; from C.Lee Taylor on Fri, Dec 10, 1999 at 05:48:45PM +1100 References: <004401bf4295$ab5de140$6e320180@charlielabtop> <009601bf42da$6ac0fec0$8b640107@scania.co.za> Message-ID: <19991210072833.A28941@draaw.net> >From smb.conf: # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no Consider using writable = no and making the files owned by default user (usually nobody). Bill On Fri, Dec 10, 1999 at 05:48:45PM +1100, C.Lee Taylor wrote: >Hi ... > > What clients will you be using to access your share? > > >----- Original Message ----- >From: Karl-Heinz Schulz >To: Multiple recipients of list SAMBA-NTDOM >Sent: Friday, December 10, 1999 12:38 AM >Subject: Access share without password > > >> Is it possible to access Samba shares without password? >> Or how can I define a global group? >> Can this be done through the smb.conf file or is it a Linux thing? >> >> I want that all user from my NT PDC can access the file://server/mdii >share - >> only read rights. >> >> Thank you, >> Karl-Heinz >> >> >> > >Mailed >C.Lee Taylor > -- Liam Bill Brandt brandtwr@draaw.net http://www.draaw.net/ From mike at psand.net Fri Dec 10 14:22:30 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:34 2003 Subject: Mapping Drive Z References: <00f101bf42dc$62652f60$8b640107@scania.co.za> Message-ID: <01a001bf431a$0066a1c0$0164a8c0@win981> Two batch files doesn't work as Win9x still deletes Z: at the end, I'd go with the StartMenu solution. Mike. ----- Original Message ----- From: C.Lee Taylor To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, December 10, 1999 7:59 AM Subject: Re: Mapping Drive Z > Hi ... > > I see two other options post in the list. First the two batch files > might cause a little havoc when DOS (Win9x / WFW) wants to find the first > batch file if you use a "Call Login2.Bat" if you don't it might work fine, > but I think this is messy. Second option to put a batch file into the > Start-up group, well, I think that even more messy because you have to go to > each PC to do the updates ... in that case you might as well update all the > short-cut anyway ... > > I would go with one batch file that map "L:" and the changes to "L:" in > the batch files, as long as if can find the batch file in the current > directory, it should not complain about "Please insert disk with Batch". If > you need a little more help, please feel free to e-mail me or the group ... > it's about time I gave a little back to our community !!! ... > > Mailed > C.Lee Taylor > > > ----- Original Message ----- > From: Scott Rosicka > To: Multiple recipients of list SAMBA-NTDOM > Sent: Friday, December 10, 1999 1:30 AM > Subject: Re: Mapping Drive Z > > > > I found the easyest way to combat this was to put a link in "Startup" > > on the 95's to a batch file contaning > > ------------ > > @echo off > > > > net use z: /delete > > NET USE z: \\\homes > > > > EXIT > > ---------- > > I made the link back to \\\netlogon\scripts\default95.bat > > that way i could make changes to it if i needed to > > > > > > scott > > > > On Fri, 10 Dec 1999, Chris Tooley wrote: > > > > > I am trying to map a Samba Share with the netlogon batch file on Windows > 9x > > > machines to drive Z:, however I am coming up with problems because the > > > script says that \\\netlogon is already mapped to Z:. > But, > > > when the machine is logged in, nothing is mapped to Z:. Is this a > Windows > > > issue or a Samba setting? And, in either case is there a way to change > the > > > drive letter that netlogon is mapped to for the purpose of running the > > > script? > > > > > > Chris Tooley > > > Joslyn Art Museum > > > 2200 Dodge St. > > > Omaha, NE 68102 > > > (402)342-3300 > > > > > From lizner at komix.cz Fri Dec 10 14:28:53 1999 From: lizner at komix.cz (Martin Lizner) Date: Tue Dec 2 02:27:34 2003 Subject: czech windows filenames problem Message-ID: hello, i've set up roaming profiles on samba 205a on linux and it has problems with few czech windows9x filenames (my samba's character set is iso8859-2 and codepage 852). for example in outlook express (coming with iexplorer 4.x) there are two problematic files: "Posta k odeslani.mbx" and "Posta k odeslani.idx" (english translation is Outbox.*). samba doesn't read the space between "k" and "odeslani" as space (32) but ^Z (032) so on ext2 on linux the file looks like "Posta k^Zodeslani". windows can not read it than. either it is filename typo of some windows9x programmer or it is intentional because of two spaces and "k". any idea for smart solution ? thank you, Martin Lizner +420-2-7911637 Konstantinova 1472 Praha 4 CR - beware of warnings - From lee.taylor at scania.co.za Fri Dec 10 14:40:26 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:34 2003 Subject: Access share without password References: <000301bf431a$afa80ca0$6e320180@charlielabtop> Message-ID: <00c101bf431c$7f5e6060$8b640107@scania.co.za> Okay, this might not be what you looking for, but leave if you use Windows as you valuator (in the NETWORK properties set your PRIMARY NETWORK LOGON as WINDOWS LOGON ) ... what this does every time you access something that users the same username as the Windows Logon username, you can save the password for that resource in your PWL file. Normally the first time you logon you will see a dialog that needs username and password and at the bottom of the dialog you should see a checkbox to enable saving of password. This means you keep some of your security and ease of use. You will still need the first password ... Hope this helps. Mailed C.Lee Taylor ----- Original Message ----- From: Karl-Heinz Schulz To: Sent: Friday, December 10, 1999 4:27 PM Subject: RE: Access share without password > Win98, NT4 and Win2000 clients > If possible also Win95 clients > > Karl-Heinz > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of > C.Lee Taylor > Sent: Friday, December 10, 1999 1:48 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Access share without password > > Hi ... > > What clients will you be using to access your share? > > > ----- Original Message ----- > From: Karl-Heinz Schulz > To: Multiple recipients of list SAMBA-NTDOM > Sent: Friday, December 10, 1999 12:38 AM > Subject: Access share without password > > > > Is it possible to access Samba shares without password? > > Or how can I define a global group? > > Can this be done through the smb.conf file or is it a Linux thing? > > > > I want that all user from my NT PDC can access the file://server/mdii > share - > > only read rights. > > > > Thank you, > > Karl-Heinz > > > > > > > > Mailed > C.Lee Taylor > From s.striker at striker.nl Fri Dec 10 14:55:50 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:34 2003 Subject: new lsarpcd daemon [was Re: smbpasswd problems fixed] In-Reply-To: <384FD74B.3F2669AD@eng.auburn.edu> Message-ID: <000701bf431e$a62e5f40$0a00a8c0@office.striker.nl> Hi, > Grant Wallace wrote: >> >> My error message looks similar: >> (on Linux 2.0.35) >> error connecting to 141.64.53.98:445 (Connection refused) >> error connecting to 141.64.53.98:445 (Connection refused) >> Can't setup password database vectors. > Jerry Carter wrote: > Yes, well apparently you need to run smbd, nmdb and the > new lsarpcd daemons. Right, but in the current cvs version the lsarpc deamon doesn't get build as far as I know (correct me if I'm wrong). How do we get this to run? > root@mole source]# bin/smbpasswd cartegw > error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) > error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) > New SMB password: > Retype new SMB password: > Password changed for user cartegw > > Honest folks. Still trying to work out what else is going > on here. We believe you. Good luck. Greetings, Sander Striker From cartegw at Eng.Auburn.EDU Fri Dec 10 14:50:00 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:34 2003 Subject: new lsarpcd daemon [was Re: smbpasswd problems fixed] References: <000701bf431e$a62e5f40$0a00a8c0@office.striker.nl> Message-ID: <38511318.BE68E8AE@eng.auburn.edu> "S. Striker" wrote: > > Right, but in the current cvs version the lsarpc deamon doesn't > get build as far as I know (correct me if I'm wrong). How do > we get this to run? Yes. Look for source/bin/lsarpcd. It's in the Makefile jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cdkim at cfxc.com Fri Dec 10 14:53:54 1999 From: cdkim at cfxc.com (Chris Kim) Date: Tue Dec 2 02:27:34 2003 Subject: Samba and Timeslips Message-ID: <38511402.4A2F5CA5@cfxc.com> Is there anyone out there who has any experience with running the software Timeslips on a Samba server? Timeslips uses Paradox for its DB. I have one test site that is having problems that seem related to record locking. And I have several more sites in the works that use timeslips and want Samba servers. I am already using : deny_oplocks /*.net/ So this should force Samba to let paradox control the locks but something is still not right. Any help would be greatly appreciated, or anyone else out there with experience with Paradox and Samba. Thanks Chris Kim cdkim@cfxc.com From Stanley.Skidmore at PSS.Boeing.com Fri Dec 10 15:27:59 1999 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:34 2003 Subject: New CVS questions Message-ID: Hi, I picked up the new CVS code last night (12/9/99 @ around 7:00 p.m.) After building it and doing the install I received a couple of interesting messages. When I checked to ensure that smbd was running I saw the following: ps -ax | grep smbd --- [smbd ] I also got an error with smbpasswd: error connecting to my ip address:445 (connection refused) Could anyone shed some light on what is happening? > ---------- > From: S. Striker[SMTP:s.striker@striker.nl] > Reply To: s.striker@striker.nl > Sent: 12/10/99 6:46 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: new lsarpcd daemon [was Re: smbpasswd problems fixed] > > Hi, > > > Grant Wallace wrote: > >> > >> My error message looks similar: > >> (on Linux 2.0.35) > >> error connecting to 141.64.53.98:445 (Connection refused) > >> error connecting to 141.64.53.98:445 (Connection refused) > >> Can't setup password database vectors. > > > Jerry Carter wrote: > > Yes, well apparently you need to run smbd, nmdb and the > > new lsarpcd daemons. > > Right, but in the current cvs version the lsarpc deamon doesn't > get build as far as I know (correct me if I'm wrong). How do > we get this to run? > > > root@mole source]# bin/smbpasswd cartegw > > error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) > > error connecting to aaa.bbb.ccc.ddd:445 (Connection refused) > > New SMB password: > > Retype new SMB password: > > Password changed for user cartegw > > > > Honest folks. Still trying to work out what else is going > > on here. > > We believe you. Good luck. > > Greetings, > > Sander Striker > From giulioo at pobox.com Fri Dec 10 15:38:56 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:34 2003 Subject: czech windows filenames problem In-Reply-To: References: Message-ID: <19991210153816.D275026E67@i3.golden.dom> On Sat, 11 Dec 1999 01:30:11 +1100, hai scritto: >4.x) there are two problematic files: "Posta k odeslani.mbx" and "Posta k >odeslani.idx" (english translation is Outbox.*). samba doesn't read the >space between "k" and "odeslani" as space (32) but ^Z (032) so on ext2 on >linux the file looks like "Posta k^Zodeslani". windows can not read it 1) when you create normal files with local chars in them, do you see them well? 2) I think you can (after a backup) change the name of the outlook mailbox filenames (obviously change name both to the mbx and idx together), and it will keep working. So try renaming them using us-ascii chars. -- giulioo@pobox.com From estes at ece.ucdavis.edu Fri Dec 10 17:12:52 1999 From: estes at ece.ucdavis.edu (Robert Estes) Date: Tue Dec 2 02:27:34 2003 Subject: Upgrade from 2.05a to 2.06 killed roaming profiles Message-ID: <19991210091252R.estes@spider.engr.ucdavis.edu> I scanned the list, but didn't see anything related. I upgraded a RedHat 6.0 Linux box from Samba 2.05a to 2.06 (using RPMs from the samba site) and my roaming profiles started doing wierd things. Instead of using the directory specified in logon path (in the [profile] share), all the files were placed in the users home directory at logout, but didn't seem to be read at login time. Changing nothing, specifically, using the same smb.conf file, I downgraded to 2.05a and everything works - files are read from [profile] at login and written at logout. I have no problem staying at 2.05a, but am afraid this problem will also surface in newer versions as well. Anyone else witnessed this? Know how to fix it? While I've got your attention, is there a way to create a roaming Default User that is copied into someone's directory the first time they log in? I thought I read somewhere that this can be done by putting the default profile in the [netlogon] share. Thanks! -R From giulioo at pobox.com Fri Dec 10 18:18:19 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:34 2003 Subject: Upgrade from 2.05a to 2.06 killed roaming profiles In-Reply-To: <19991210091252R.estes@spider.engr.ucdavis.edu> References: <19991210091252R.estes@spider.engr.ucdavis.edu> Message-ID: <19991210181940.0905226E69@i3.golden.dom> On Sat, 11 Dec 1999 04:14:53 +1100, hai scritto: >Anyone else witnessed this? Know how to fix it? This is a known 2.0.6 problem, to solve it you can revert to 2.0.5 behavior (net use x: /home won't work anymore): --- source/smbd/ipc.c.orig Sun Nov 14 10:09:40 1999 +++ source/smbd/ipc.c Sun Nov 14 10:10:23 1999 @@ -2478,7 +2478,7 @@ SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - pstrcpy(p2, lp_logon_home()); + pstrcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ pstrcpy(p2,""); @@ -2514,7 +2514,7 @@ SSVAL(p,42, conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_home()); + pstrcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; -- giulioo@pobox.com From ceara at pmf.sc.gov.br Fri Dec 10 18:38:53 1999 From: ceara at pmf.sc.gov.br (Eu) Date: Tue Dec 2 02:27:35 2003 Subject: No subject Message-ID: Could samba authenticates two domains? If yes, how I do it? Thanks, Ceara From speck at xilinx.com Fri Dec 10 21:02:01 1999 From: speck at xilinx.com (Seth Peck) Date: Tue Dec 2 02:27:35 2003 Subject: authenication with multiple domains/pdc's Message-ID: <38516A49.EF489EE6@xilinx.com> Hi I am currently trying to roll out samba within our organization and I have run into a little problem. We have several sites, each with their own domain and pdc. When people need to access data from one of the other sites/domains they have to log in as that domain/userid. This is creating a lot of work for our NT admins who have to maintain user profiles across 4-5 domains. Is there anyway to configure samba to authenticate through multiple pdc's, one after the other, until it finds the user? Thanks Seth From jhanna at cproject.com Fri Dec 10 21:10:40 1999 From: jhanna at cproject.com (John Hanna) Date: Tue Dec 2 02:27:35 2003 Subject: NT not to PDC? (RPC not found) References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <003001bf4267$1ebb0160$2b01010a@omfus.org> <38502313.EDA31C48@xavier.sa.edu.au> Message-ID: <009501bf4353$06438ca0$2b01010a@omfus.org> "domain logons = yes" was my problem. Now I have a new one -- How do I tell my NT Server 3.51 to not be the primary domain controller, so that Samba can do it? I tried to use the Server Manager->Computer->Promote to Primary option but got the error message "RPC service not found" (or something like that). The "Demote" option is greyed out for the NT server. Any suggestions? John ----- Original Message ----- From: Matthew Geddes To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, December 09, 1999 2:42 PM Subject: Re: RFA: configuration: No Domain Server to validate your password > You might want to try telling samba to act as a WINS server (wins > support=yes in smb.conf I believe), and tell the workstations to look at > the samba box for WINS. When Windows machines log into an NT domain, they > use WINS to find the Domain Controller. If WINS isn't working properly, or > isn't configured, the workstation turns to broadcasting to find the server. > This dosen't always work. > > I usually set security = Domain for a PDC. Also make sure you've got the > standard domain logons = yes and stuff (I once spent hours trying to find > the problem and hadn't even turned on Domain Control support ;-)). You > probably want the netlogon share as well (although not compulsory). > > Matt > > From slitt at troubleshooters.com Fri Dec 10 23:14:13 1999 From: slitt at troubleshooters.com (Steve Litt) Date: Tue Dec 2 02:27:35 2003 Subject: NT not to PDC? (RPC not found) In-Reply-To: <009501bf4353$06438ca0$2b01010a@omfus.org> References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <003001bf4267$1ebb0160$2b01010a@omfus.org> <38502313.EDA31C48@xavier.sa.edu.au> Message-ID: <3.0.6.32.19991210181413.00ef5100@pop.pacificnet.net> Hmmm If it's on the same subnet as your Samba PDC, I'll bet you could put os level=255. I know that would make the Samba box the LDC. Now the question is would it also take the PDC job away from the NT box. By the way, according to GOTCHAS.txt, if you have NT servers on the network, you're better off using them as the WINS server and PDC. Steve Litt At 08:20 AM 12/11/1999 +1100, John Hanna wrote: >"domain logons = yes" was my problem. Now I have a new one -- How do I >tell my NT Server 3.51 to not be the primary domain controller, so that >Samba can do it? I tried to use the Server Manager->Computer->Promote to >Primary option but got the error message "RPC service not found" (or >something like that). The "Demote" option is greyed out for the NT >server. > >Any suggestions? > >John > > > >----- Original Message ----- >From: Matthew Geddes >To: Multiple recipients of list SAMBA-NTDOM >Sent: Thursday, December 09, 1999 2:42 PM >Subject: Re: RFA: configuration: No Domain Server to validate your >password > > >> You might want to try telling samba to act as a WINS server (wins >> support=yes in smb.conf I believe), and tell the workstations to look >at >> the samba box for WINS. When Windows machines log into an NT domain, >they >> use WINS to find the Domain Controller. If WINS isn't working >properly, or >> isn't configured, the workstation turns to broadcasting to find the >server. >> This dosen't always work. >> >> I usually set security = Domain for a PDC. Also make sure you've got >the >> standard domain logons = yes and stuff (I once spent hours trying to >find >> the problem and hadn't even turned on Domain Control support ;-)). You >> probably want the netlogon share as well (although not compulsory). >> >> Matt >> >> > > From kitchingc at mail.techplus.com Sat Dec 11 08:52:57 1999 From: kitchingc at mail.techplus.com (Chad Kitching) Date: Tue Dec 2 02:27:35 2003 Subject: NT not to PDC? (RPC not found) References: <384F5528.BB756729@eng.auburn.edu> <19991209120935.07AB226E66@i3.golden.dom> <003001bf4267$1ebb0160$2b01010a@omfus.org> <38502313.EDA31C48@xavier.sa.edu.au> <009501bf4353$06438ca0$2b01010a@omfus.org> Message-ID: <003601bf43b5$1f41a2c0$0300a8c0@wpnk1.mb.wave.home.com> As far as I know, Samba (even the 2.1.x alpha versions) cannot replicate a NT PDC, and therefore cannot demote a NT PDC to a BDC and then takeover PDC roles. You would have to completely remove the NT machine, make the Samba server the only DC on the network, and recreate all the machine/user accounts. Unfortunately there's no way to change a NT PDC into a standalone server (through official tools anyway -- there are apparently some that can do it but are in violation of the incredibly strict NT license. And no, unfortunately, I don't have them.) except through a complete format/reinstall. ----- Original Message ----- From: John Hanna To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, December 10, 1999 3:20 PM Subject: NT not to PDC? (RPC not found) > "domain logons = yes" was my problem. Now I have a new one -- How do I > tell my NT Server 3.51 to not be the primary domain controller, so that > Samba can do it? I tried to use the Server Manager->Computer->Promote to > Primary option but got the error message "RPC service not found" (or > something like that). The "Demote" option is greyed out for the NT > server. > > Any suggestions? > > John > > > > ----- Original Message ----- > From: Matthew Geddes > To: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, December 09, 1999 2:42 PM > Subject: Re: RFA: configuration: No Domain Server to validate your > password > > > > You might want to try telling samba to act as a WINS server (wins > > support=yes in smb.conf I believe), and tell the workstations to look > at > > the samba box for WINS. When Windows machines log into an NT domain, > they > > use WINS to find the Domain Controller. If WINS isn't working > properly, or > > isn't configured, the workstation turns to broadcasting to find the > server. > > This dosen't always work. > > > > I usually set security = Domain for a PDC. Also make sure you've got > the > > standard domain logons = yes and stuff (I once spent hours trying to > find > > the problem and hadn't even turned on Domain Control support ;-)). You > > probably want the netlogon share as well (although not compulsory). > > > > Matt > > > > > > From darren at mylaptop.co.uk Sat Dec 11 17:19:11 1999 From: darren at mylaptop.co.uk (darren@mylaptop.co.uk) Date: Tue Dec 2 02:27:35 2003 Subject: Server Tools Message-ID: <135962033.944932752256.JavaMail.root@mx-a02.backend.funmail.co.uk> I know I have asked before - But I NEED these tools. When will I be able to use the NT Server tools? I have tried Samba 2.0.3 - I can see users in UMD but always causes an illegal operation + RPC error. Samba2.0.6 - RPC error always, I can't CVS as I don't have a direct Net connection on the Linux box. Darren ------------------------------------------------------------------- yourname@0-0-7.co.uk or yourname@shaken-not-stirred.co.uk The domain's Bond, James Bond - only from www.funmail.co.uk From pli at ee.ualberta.ca Sat Dec 11 20:32:46 1999 From: pli at ee.ualberta.ca (Patrick Li) Date: Tue Dec 2 02:27:35 2003 Subject: Samba as PDC Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 862 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991211/3b6acd4c/attachment.gif From p.mayers at ic.ac.uk Sun Dec 12 16:49:56 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:35 2003 Subject: Server Tools Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8127C@icex1.cc.ic.ac.uk> You will never be able to use the Server Tools on 2.0.x - it doesn't implement the required RPC stuff, and never will. That will be in the 2.1.x series. If you want to backport the mods to the release branch (called the "big merge", and has been taking 3 people more than 6 months) please do. Also note: The CVS branch works "kind of" with the server tools. You can't create users, add users to groups, or anything like that. It's "view only". If the person administering the samba server isn't comfortable with doing so in Unix, I suggest you pay up for NT. Also, please see: ftp://samba.anu.edu.au/pub/unpacked/samba/ I recommend using wget to get the entire tree. This will get you the CVS version. Cheers, Phil -----Original Message----- From: darren@mylaptop.co.uk To: Multiple recipients of list SAMBA-NTDOM Sent: 11/12/99 17:21 Subject: Server Tools I know I have asked before - But I NEED these tools. When will I be able to use the NT Server tools? I have tried Samba 2.0.3 - I can see users in UMD but always causes an illegal operation + RPC error. Samba2.0.6 - RPC error always, I can't CVS as I don't have a direct Net connection on the Linux box. Darren ------------------------------------------------------------------- yourname@0-0-7.co.uk or yourname@shaken-not-stirred.co.uk The domain's Bond, James Bond - only from www.funmail.co.uk From lkcl at samba.org Sun Dec 12 20:46:48 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:35 2003 Subject: MSRPC daemons Message-ID: just when you thought it was safe to do a cvs update, another cvs commit hits the tree. the first pass now has the following MSRPC services as separate daemons: samr - samrd lsarpc - lsarpcd srvsvc - srvsvcd wkssvc - wkssvcd spoolss - spoolssd NETLOGON - netlogond browser - browserd svcctl - svcctld winreg - winregd and guess what? if you don't want to run any of these services... YOU DON'T HAVE TO! however, if you want a minimum level of pdc support, you are going to need: lsarpcd, srvsvcd, wkssvcd, netlogond. if you want to be able to either change user passwords (NT-style) or run usrmgr.exe or srvmgr.exe, you are going to need: winregd and samrd. if you just want samba as a member of a domain that does NOT support local accounts, i don't think you need any of these msrpc services, i'd be interested to see if people agree with this initial assessement. if you want samba to be "browseable" in the network neighbourhood, you are going to need: wkssvcd and srvsvcd. this configuration setup may change. in fact, i guarantee that it will. one of the things that i wish to do is to ensure that smbd does not need _any_ of the smb password database API calls, directly, it goes through \PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account information. apart from anything, direct verification of smb file access using the password database API (getsmbpwnam etc) is wrong, as this excludes trusted domains and your pdc. so, a minimum requirement at some future point may be to run at least the netlogond. we live in interesting times! luke (samba team) p.s i'm back on samba-technical. From mgeddes at xavier.sa.edu.au Sun Dec 12 21:57:23 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:35 2003 Subject: NT not to PDC? (RPC not found) References: <384F5528.BB756729@eng.auburn.edu> <3.0.6.32.19991210181413.00ef5100@pop.pacificnet.net> Message-ID: <38541A43.A0CEA5C9@xavier.sa.edu.au> Steve Litt wrote: > Hmmm > > If it's on the same subnet as your Samba PDC, I'll bet you could put os > level=255. I know that would make the Samba box the LDC. Now the question > is would it also take the PDC job away from the NT box. > > By the way, according to GOTCHAS.txt, if you have NT servers on the > network, you're better off using them as the WINS server and PDC. > > Steve Litt > > At 08:20 AM 12/11/1999 +1100, John Hanna wrote: > >"domain logons = yes" was my problem. Now I have a new one -- How do I > >tell my NT Server 3.51 to not be the primary domain controller, so that > >Samba can do it? I tried to use the Server Manager->Computer->Promote to > >Primary option but got the error message "RPC service not found" (or > >something like that). The "Demote" option is greyed out for the NT > >server. > > > >Any suggestions? > > > >John > > > The OS level is just for Browsing purposes. The only way to turn a PDC into a Member server is to re-install NT (Go Microsoft).. You can, however, stop the netlogon service, and bring up the machine you want to be the PDC. If this doesn't work, reboot the PDC, bring up the new PDC (before the other one boots) and the OLD PDC will freak and refuse to do any Domain Logons. Hope this helps, Matt P.S. When was the last time the Gotchas.txt was updated? I have been running Samba 2.0.5a with NT as a member of the Samba-controlled domain, using Samba as the WINS server fine. Maybe the file is just out of date? From jon at bugjr.com Sun Dec 12 23:28:33 1999 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:35 2003 Subject: No rule? Message-ID: <000101bf44f8$9b1b50a0$0200a8c0@server1> I downloaded the latest build of Samba from CVS today. When I ran the configure script it worked fine, however during Make i got the following error: make: *** No rule to make target `rpc_client/msrpc_netlogon.o', needed by `bin/smbd'. Stop. Does anyone know what this means and/or how to fix it. Jon Westfall. ================ Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 -------------- next part -------------- HTML attachment scrubbed and removed From pli at ee.ualberta.ca Mon Dec 13 06:01:24 1999 From: pli at ee.ualberta.ca (Patrick Li) Date: Tue Dec 2 02:27:35 2003 Subject: Samba as PDC Message-ID: Hello there, I updated my samba to the 2.10prealpha thru CVS and I tried to use my NT to join the Samba Domain. But when I tried to join the domain, I got a error message. Cannot update machine's security to add to that Domain ( It may not be exact wording since I use a non english NT server) the log.smb is attached, please see if anyone can help me out Thanx Pat ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Patrick WL Li, E.I.T. B.Sc. (Electrical Engineering) MCP pli@ee.ualberta.ca MCP + Internet Patrick.Li@v-wave.com MCSE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------- next part -------------- smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter smb passwd file = /etc/smbpasswd doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfu$ doing parameter socket options = TCP_NODELAY doing parameter local master = yes doing parameter os level = 34 doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter name resolve order = wins lmhosts bcast doing parameter wins support = yes doing parameter dns proxy = no [1999/12/12 22:25:48, 2] param/loadparm.c:do_section(2359) Processing section "[homes]" doing parameter comment = Home Directories doing parameter browseable = yes doing parameter writable = yes [1999/12/12 22:25:48, 2] param/loadparm.c:do_section(2359) Processing section "[netlogon]" doing parameter comment = Network Logon Service doing parameter path = /home/netlogon doing parameter public = no doing parameter writable = no doing parameter browsable = yes [1999/12/12 22:25:48, 2] param/loadparm.c:do_section(2359) Processing section "[HP_Lj3P]" doing parameter printer = raw doing parameter comment = HP LaserJet 3P Printer doing parameter path = /var/spool/samba doing parameter browseable = yes doing parameter public = yes doing parameter writable = no doing parameter printable = yes doing parameter print command = /usr/bin/lpr -b -r -PHP_Lj3P %s doing parameter lpq command = lpq -PHP_Lj3P doing parameter lprm command = lprm -PHP_Lj3P %j [1999/12/12 22:25:48, 2] param/loadparm.c:do_section(2359) Processing section "[Backup]" doing parameter comment = Backup for YohjiLand doing parameter path = /mnt/backup doing parameter public = yes doing parameter writable = yes doing parameter browseable = yes [1999/12/12 22:25:48, 3] param/loadparm.c:lp_load(2681) pm_process() returned Yes [1999/12/12 22:25:48, 3] param/loadparm.c:lp_add_ipc(1581) adding IPC service [1999/12/12 22:25:48, 7] param/loadparm.c:lp_servicenumber(2760) lp_servicenumber: couldn't find printers [1999/12/12 22:25:48, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:25:48, 4] lib/interface.c:get_broadcast(118) Derived broadcast address 24.108.25.255 [1999/12/12 22:25:48, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=24.108.25.235 bcast=24.108.25.255 nmask=255.255.255.0 [1999/12/12 22:25:48, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/12 22:25:48, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/12 22:25:48, 6] lib/charset.c:codepage_initialise(338) codepage_initialise: client code page = 850 [1999/12/12 22:25:48, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) [1999/12/12 22:25:48, 10] lib/util_sid.c:read_sid(297) read_sid: Domain: YOHJILAND [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3882218122-1609023385-294807447 [1999/12/12 22:25:48, 5] lib/util_sid.c:read_sid_from_file(278) read_sid_from_file: sid S-1-5-21-3882218122-1609023385-294807447 [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32 [1999/12/12 22:25:48, 10] lib/sids.c:create_sidmap_table(256) Map: Domain: BUILTIN SID: S-1-5-32 [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-1 [1999/12/12 22:25:48, 10] lib/sids.c:create_sidmap_table(256) Map: Domain: Everyone SID: S-1-1 [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-3 [1999/12/12 22:25:48, 10] lib/sids.c:create_sidmap_table(256) Map: Domain: Creator Owner SID: S-1-3 [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5 [1999/12/12 22:25:48, 10] lib/sids.c:create_sidmap_table(256) Map: Domain: NT Authority SID: S-1-5 [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3882218122-1609023385-294807447 [1999/12/12 22:25:48, 10] lib/sids.c:create_sidmap_table(256) Map: Domain: YOHJILAND SID: S-1-5-21-3882218122-1609023385-294807447 [1999/12/12 22:25:48, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-0-0 [1999/12/12 22:25:48, 10] lib/sids.c:create_sidmap_table(256) Map: Domain: YOHJILAND SID: S-0-0 [1999/12/12 22:25:48, 3] smbd/server.c:main(748) loaded services [1999/12/12 22:25:48, 3] smbd/server.c:main(756) Becoming a daemon. [1999/12/12 22:25:48, 10] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /tmp/.msrpc/.lsarpc 448 /tmp/.msrpc/.lsarpc/agent 0 [1999/12/12 22:25:48, 0] lib/util_sock.c:create_pipe_socket(911) chmod on /tmp/.msrpc/.lsarpc failed [1999/12/12 22:25:48, 0] lib/fault.c:fault_report(40) =============================================================== [1999/12/12 22:25:48, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 10276 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/12 22:25:48, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/12 22:25:48, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/12/12 22:25:48, 8] lib/util.c:fcntl_lock(2776) fcntl_lock 6 6 0 1 1 [1999/12/12 22:25:48, 8] lib/util.c:fcntl_lock(2837) Lock call successful [1999/12/12 22:25:48, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 139 [1999/12/12 22:25:48, 2] smbd/server.c:open_sockets(202) waiting for a connection [1999/12/12 22:26:05, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/12/12 22:26:05, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/12/12 22:26:05, 5] locking/shmem_sysv.c:shm_initialize(420) shm_initialize : initializing shmem size 1048576 [1999/12/12 22:26:05, 6] locking/shmem_sysv.c:shm_alloc(249) shm_alloc : allocated 52 bytes at offset 48 [1999/12/12 22:26:05, 3] locking/shmem_sysv.c:sysv_shm_open(698) Initialised IPC area of size 1048576 [1999/12/12 22:26:05, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:26:05, 2] smbd/server.c:main(781) Changed root to / [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/12/12 22:26:05, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 0 [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 10281, global_oplock_port = 1299 [1999/12/12 22:26:05, 3] smbd/process.c:smbd_process(760) priming nmbd [1999/12/12 22:26:05, 3] lib/util_sock.c:send_one_packet(617) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/12/12 22:26:05, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [1999/12/12 22:26:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(448) got smb length of 68 [1999/12/12 22:26:05, 2] lib/access.c:check_access(232) Allowed connection from yohji-pii (24.108.25.236) [1999/12/12 22:26:05, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/12/12 22:26:05, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/12/12 22:26:05, 2] smbd/reply.c:reply_special(144) netbios connect: name1=YOHJI-LINUX name2=YOHJI-PII [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(YOHJI-PII) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) YOHJI-PII not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) Yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-piI) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-piI not found [1999/12/12 22:26:05, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/12/12 22:26:05, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/12/12 22:26:05, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:26:05, 2] smbd/server.c:main(781) Changed root to / [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/12/12 22:26:05, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 0 [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 10282, global_oplock_port = 1300 [1999/12/12 22:26:05, 3] smbd/process.c:smbd_process(760) priming nmbd [1999/12/12 22:26:05, 3] lib/util_sock.c:send_one_packet(617) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/12/12 22:26:05, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [1999/12/12 22:26:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(448) got smb length of 68 [1999/12/12 22:26:05, 2] lib/access.c:check_access(232) Allowed connection from yohji-pii (24.108.25.236) [1999/12/12 22:26:05, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/12/12 22:26:05, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/12/12 22:26:05, 2] smbd/reply.c:reply_special(144) netbios connect: name1=YOHJI-LINUX name2=YOHJI-PII [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(YOHJI-PII) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) YOHJI-PII not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) Yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-piI) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-piI not found [1999/12/12 22:26:05, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/12/12 22:26:05, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/12/12 22:26:05, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:26:05, 2] smbd/server.c:main(781) Changed root to / [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/12/12 22:26:05, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 0 [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 10283, global_oplock_port = 1301 [1999/12/12 22:26:05, 3] smbd/process.c:smbd_process(760) priming nmbd [1999/12/12 22:26:05, 3] lib/util_sock.c:send_one_packet(617) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/12/12 22:26:05, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [1999/12/12 22:26:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(448) got smb length of 68 [1999/12/12 22:26:05, 2] lib/access.c:check_access(232) Allowed connection from yohji-pii (24.108.25.236) [1999/12/12 22:26:05, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/12/12 22:26:05, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/12/12 22:26:05, 2] smbd/reply.c:reply_special(144) netbios connect: name1=YOHJI-LINUX name2=YOHJI-PII [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(YOHJI-PII) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) YOHJI-PII not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) Yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-piI) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-piI not found [1999/12/12 22:26:05, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/12/12 22:26:05, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/12/12 22:26:05, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:26:05, 2] smbd/server.c:main(781) Changed root to / [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/12/12 22:26:05, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 0 [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 10285, global_oplock_port = 1303 [1999/12/12 22:26:05, 3] smbd/process.c:smbd_process(760) priming nmbd [1999/12/12 22:26:05, 3] lib/util_sock.c:send_one_packet(617) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/12/12 22:26:05, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [1999/12/12 22:26:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(448) got smb length of 68 [1999/12/12 22:26:05, 2] lib/access.c:check_access(232) Allowed connection from yohji-pii (24.108.25.236) [1999/12/12 22:26:05, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/12/12 22:26:05, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/12/12 22:26:05, 2] smbd/reply.c:reply_special(144) netbios connect: name1=YOHJI-LINUX name2=YOHJI-PII [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(YOHJI-PII) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) YOHJI-PII not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) Yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-piI) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-piI not found [1999/12/12 22:26:05, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/12/12 22:26:05, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/12/12 22:26:05, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:26:05, 2] smbd/server.c:main(781) Changed root to / [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/12/12 22:26:05, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 0 [1999/12/12 22:26:05, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 10286, global_oplock_port = 1304 [1999/12/12 22:26:05, 3] smbd/process.c:smbd_process(760) priming nmbd [1999/12/12 22:26:05, 3] lib/util_sock.c:send_one_packet(617) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/12/12 22:26:05, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [1999/12/12 22:26:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(448) got smb length of 68 [1999/12/12 22:26:05, 2] lib/access.c:check_access(232) Allowed connection from yohji-pii (24.108.25.236) [1999/12/12 22:26:05, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/12/12 22:26:05, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/12/12 22:26:05, 2] smbd/reply.c:reply_special(144) netbios connect: name1=YOHJI-LINUX name2=YOHJI-PII [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/12/12 22:26:05, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(YOHJI-PII) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) YOHJI-PII not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Yohji-pii) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) Yohji-pii not found [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-piI) [1999/12/12 22:26:05, 5] lib/username.c:hashed_getpwnam(256) yohji-piI not found [1999/12/12 22:26:10, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/12/12 22:26:10, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/12/12 22:26:10, 6] param/loadparm.c:lp_file_list_changed(1870) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sun Dec 12 22:25:14 1999 [1999/12/12 22:26:10, 2] smbd/server.c:main(781) Changed root to / [1999/12/12 22:26:10, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/12/12 22:26:10, 3] lib/util_sock.c:open_socket_in(688) bind succeeded on port 0 [1999/12/12 22:26:10, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 10287, global_oplock_port = 1305 [1999/12/12 22:26:10, 3] smbd/process.c:smbd_process(760) priming nmbd [1999/12/12 22:26:10, 3] lib/util_sock.c:send_one_packet(617) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/12/12 22:26:10, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [1999/12/12 22:26:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(448) got smb length of 68 [1999/12/12 22:26:10, 2] lib/access.c:check_access(232) Allowed connection from yohji-pii (24.108.25.236) [1999/12/12 22:26:10, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/12/12 22:26:10, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/12/12 22:26:10, 2] smbd/reply.c:reply_special(144) netbios connect: name1=YOHJI-LINUX name2=YOHJI-PII [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:10, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/12/12 22:26:10, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-pii) [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(256) yohji-pii not found [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(233) getpwnam(YOHJI-PII) [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(256) YOHJI-PII not found [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Yohji-pii) [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(256) Yohji-pii not found [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(233) getpwnam(yohji-piI) [1999/12/12 22:26:10, 5] lib/username.c:hashed_getpwnam(256) yohji-piI not found [1999/12/12 22:26:10, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:26:10, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:26:10, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:26:22, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:26:22, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:26:22, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:26:22, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:27:31, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:27:31, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:27:31, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:27:32, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:28:50, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:28:50, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:28:50, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:29:06, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:29:06, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:29:06, 10] lib/genrand.c:do_reseed(135) [1999/12/12 22:29:06, 10] lib/genrand.c:do_reseed(135) From hanak at IRIS.osu.cz Mon Dec 13 07:47:26 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:35 2003 Subject: Administrator account, groups Message-ID: Hi, i have done cca 400 users on samba server. Then i tested couple of them, and everything was o.k (homes were mapped well). But administrator can not see his home. When i went through Network Neighbrhood to shares i saw share administrator, but after trying to go in, message appeared (network name is not vaild on network - or something like that). I can't understand, why all tested users were o.k. and this pecific not. Everting was created automaticly by script with pwdump help. The second my problem is groups. Can anybody say how samba deals with this. For example, how to use 2 or 3 logon scripts, which will be used with depending on user's group. Thanks for any comment. O.H. From pli at ee.ualberta.ca Mon Dec 13 07:48:03 1999 From: pli at ee.ualberta.ca (Patrick Li) Date: Tue Dec 2 02:27:35 2003 Subject: Domain SID Message-ID: hello all, Where should I put the "Domain SID = "? in smb.conf or other place? cuz I heard that will fix the "cannot update internal security, Cannot add to domain" problem Thanx Patrick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Patrick WL Li, E.I.T. B.Sc. (Electrical Engineering) MCP pli@ee.ualberta.ca MCP + Internet Patrick.Li@v-wave.com MCSE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lee.taylor at scania.co.za Mon Dec 13 08:47:28 1999 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:27:35 2003 Subject: MSRPC daemons References: Message-ID: <018e01bf4546$b0f162e0$8b640107@scania.co.za> Great Idea ... and interesting times are here to stay ... ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Multiple recipients of list SAMBA-NTDOM Sent: Sunday, December 12, 1999 10:51 PM Subject: MSRPC daemons > just when you thought it was safe to do a cvs update, another cvs commit > hits the tree. > > the first pass now has the following MSRPC services as separate daemons: > > samr - samrd > lsarpc - lsarpcd > srvsvc - srvsvcd > wkssvc - wkssvcd > spoolss - spoolssd > NETLOGON - netlogond > browser - browserd > svcctl - svcctld > winreg - winregd > > and guess what? if you don't want to run any of these services... YOU > DON'T HAVE TO! > > however, if you want a minimum level of pdc support, you are going to > need: > > lsarpcd, srvsvcd, wkssvcd, netlogond. > > if you want to be able to either change user passwords (NT-style) or run > usrmgr.exe or srvmgr.exe, you are going to need: > > winregd and samrd. > > if you just want samba as a member of a domain that does NOT support local > accounts, i don't think you need any of these msrpc services, i'd be > interested to see if people agree with this initial assessement. > > if you want samba to be "browseable" in the network neighbourhood, you are > going to need: > > wkssvcd and srvsvcd. > > > this configuration setup may change. in fact, i guarantee that it will. > one of the things that i wish to do is to ensure that smbd does not need > _any_ of the smb password database API calls, directly, it goes through > \PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account > information. apart from anything, direct verification of smb file access > using the password database API (getsmbpwnam etc) is wrong, as this > excludes trusted domains and your pdc. > > so, a minimum requirement at some future point may be to run at least the > netlogond. > > we live in interesting times! > > luke (samba team) > > p.s i'm back on samba-technical. > From snail_talk at yahoo.com Mon Dec 13 08:52:30 1999 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:27:35 2003 Subject: MSRPC daemons In-Reply-To: Message-ID: <000701bf4547$63d45e80$0200000a@workstation1> hi, it would be very nice to split up the daemons. currently there are two daemons, the smbd and nmbd. if you did something to the config, you'll have to restart the appropraite daemon ( <-- very troublesome.) > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: Monday, December 13, 1999 4:52 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: MSRPC daemons > > > just when you thought it was safe to do a cvs update, another cvs commit > hits the tree. > > the first pass now has the following MSRPC services as separate daemons: > > samr - samrd > lsarpc - lsarpcd > srvsvc - srvsvcd > wkssvc - wkssvcd > spoolss - spoolssd > NETLOGON - netlogond > browser - browserd > svcctl - svcctld > winreg - winregd > > and guess what? if you don't want to run any of these services... YOU > DON'T HAVE TO! > > however, if you want a minimum level of pdc support, you are going to > need: > > lsarpcd, srvsvcd, wkssvcd, netlogond. > > if you want to be able to either change user passwords (NT-style) or run > usrmgr.exe or srvmgr.exe, you are going to need: > > winregd and samrd. > > if you just want samba as a member of a domain that does NOT support local > accounts, i don't think you need any of these msrpc services, i'd be > interested to see if people agree with this initial assessement. > > if you want samba to be "browseable" in the network neighbourhood, you are > going to need: > > wkssvcd and srvsvcd. > > > this configuration setup may change. in fact, i guarantee that it will. > one of the things that i wish to do is to ensure that smbd does not need > _any_ of the smb password database API calls, directly, it goes through > \PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account > information. apart from anything, direct verification of smb file access > using the password database API (getsmbpwnam etc) is wrong, as this > excludes trusted domains and your pdc. > > so, a minimum requirement at some future point may be to run at least the > netlogond. > > we live in interesting times! > > luke (samba team) > > p.s i'm back on samba-technical. > From db at med-in.uni-sb.de Mon Dec 13 09:52:12 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:27:35 2003 Subject: remote tapes Message-ID: Sirs, I know, my question is off-topic, but I hope to find a guru who can answer me. I want to use the DAT-Tape of my Samba-Server (Solaris) from any Windows client. Is there a possibility to do that. And on the other side. I want to use a DAT-Tape which is installed in a windows-client from the Solaris Server. Does there exist any tool like the unix rmt? And as third question: Can I share a Windows DAT-Tape between different NT-machines? Thank You Dieter Dr. med. dipl.-math Dieter Becker Medizinische Universitaets- und Poliklinik Innere Medizin III D - 66421 Homburg / Saar ########################################### Tel.: (0 / +49) 6841 - 16 3046 Fax.: (0 / +49) 6841 - 16 3043 Email: db@med-in.uni-sb.de From s.striker at striker.nl Mon Dec 13 10:22:03 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:35 2003 Subject: MSRPC daemons In-Reply-To: <018e01bf4546$b0f162e0$8b640107@scania.co.za> Message-ID: <000301bf4553$e5dfe140$0a00a8c0@office.striker.nl> Hi there, > Great Idea ... and interesting times are here to stay ... Indeed they are. But if we are going to talk abouit interesting times, you should read the book 'Interesting Times' by Terry Pratchett. Guaranteed to get you to laugh. Sander Striker > > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: Sunday, December 12, 1999 10:51 PM > Subject: MSRPC daemons > > > > just when you thought it was safe to do a cvs update, another cvs commit > > hits the tree. > > > > the first pass now has the following MSRPC services as separate daemons: > > > > samr - samrd > > lsarpc - lsarpcd > > srvsvc - srvsvcd > > wkssvc - wkssvcd > > spoolss - spoolssd > > NETLOGON - netlogond > > browser - browserd > > svcctl - svcctld > > winreg - winregd > > > > and guess what? if you don't want to run any of these services... YOU > > DON'T HAVE TO! > > > > however, if you want a minimum level of pdc support, you are going to > > need: > > > > lsarpcd, srvsvcd, wkssvcd, netlogond. > > > > if you want to be able to either change user passwords (NT-style) or run > > usrmgr.exe or srvmgr.exe, you are going to need: > > > > winregd and samrd. > > > > if you just want samba as a member of a domain that does NOT > support local > > accounts, i don't think you need any of these msrpc services, i'd be > > interested to see if people agree with this initial assessement. > > > > if you want samba to be "browseable" in the network > neighbourhood, you are > > going to need: > > > > wkssvcd and srvsvcd. > > > > > > this configuration setup may change. in fact, i guarantee that it will. > > one of the things that i wish to do is to ensure that smbd does not need > > _any_ of the smb password database API calls, directly, it goes through > > \PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account > > information. apart from anything, direct verification of smb > file access > > using the password database API (getsmbpwnam etc) is wrong, as this > > excludes trusted domains and your pdc. > > > > so, a minimum requirement at some future point may be to run at > least the > > netlogond. > > > > we live in interesting times! > > > > luke (samba team) > > > > p.s i'm back on samba-technical. > > > > From cgreuter at rehabnet.ch Mon Dec 13 10:11:48 1999 From: cgreuter at rehabnet.ch (Christan Greuter) Date: Tue Dec 2 02:27:35 2003 Subject: Urgent: Problems while adding a NT-WS to Domain (srv_samr.c:api_samr_unknown)! Message-ID: <3854C664.7C708F7@rehabnet.ch> Hello I have a problem with samba as a PDC. The network is running without problems. But when I want to add a new NT-Machine to the domain, the Network-Settings on NT produce an crash (memory fault) and in the log file I have the following entry: [1999/12/13 10:24:03, 0] rpc_server/srv_samr.c:api_samr_unknown_32(1508) trouble! What can I do, five other NT-Workstations are running without any problems. thanks for help best chrue. From jon at bugjr.com Mon Dec 13 10:50:12 1999 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:35 2003 Subject: missing msrpc_netlogon.c Message-ID: <000501bf4557$d535b000$0200a8c0@server1> I've checked out CVS and updated a few times, and looked at CVS web on the samba site and cannot find msrpc_netlogon.c anywhere. I assume their is an error in the MakeFile, and wanted to let everyone know about it. I don't think this is just me ;) Jon. ================ Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 -------------- next part -------------- HTML attachment scrubbed and removed From puru at elbvilla.de Mon Dec 13 12:32:11 1999 From: puru at elbvilla.de (Jens Puruckherr) Date: Tue Dec 2 02:27:35 2003 Subject: unable to get user-list Message-ID: <001901bf4566$28cf05a0$0301a8c0@k6> I use Samba 2.0.5 as fileserver without PDC functionality and some windows-clients. security level is user. works fine. But: I'm not abel to give free a drive on a client-pc because windows can't find the user-list on the server. Where is this list (- logo: on the Li Why is it so and how can I fix ist? Mit freundlichen Gr??en Jens Puruckherr EDV-Manager Elbvilla facility Service GmbH Hoyerswerdaer Stra?e 3 01099 Dresden ------------------------------------------------------- Tel. 03528/446372 mail:puru@elbvilla.de Fax. 0351/8082250 http://www.wohnungsmarkt-dresden.de From Alex.Monaghan at icl.com Mon Dec 13 10:06:49 1999 From: Alex.Monaghan at icl.com (Monaghan Alex) Date: Tue Dec 2 02:27:35 2003 Subject: Administrator account, groups Message-ID: <05C3AFB22D89D2119ED60010A80011973B8A0B@WWWMSGM6> > Hi, > i have done cca 400 users on samba server. Then i tested > couple of them, > and everything was o.k (homes were mapped well). But > administrator can > not see his home. When i went through Network Neighbrhood to > shares i saw > share administrator, but after trying to go in, message > appeared (network > name is not vaild on network - or something like that). I can't > understand, why all tested users were o.k. and this pecific > not. Everting > was created automaticly by script with pwdump help. Can't help with this, but > The second my problem is groups. Can anybody say how samba > deals with this. > For example, how to use 2 or 3 logon scripts, which will be used > with depending on user's group. This is not a samba thing, you'll get the same problem with NT. I think there is a utility in the NT Resource kit that will detect group membership from a batch file. You could also try Kixstart or even write your logon script in VB Script and use some of the WSH 2.0 facilities to detect NT groups & permissions. Alex Monaghan From mg at plum.de Mon Dec 13 12:53:54 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:35 2003 Subject: unable to get user-list References: <001901bf4566$28cf05a0$0301a8c0@k6> Message-ID: <3854EC62.7BB75885@plum.de> Jens Puruckherr wrote: > > I use Samba 2.0.5 as fileserver without PDC functionality and some > windows-clients. > security level is user. > works fine. > > But: > I'm not abel to give free a drive on a client-pc because windows can't find > the user-list on the server. > Where is this list (- logo: on the Li > Why is it so and how can I fix ist? I think the 2.0.5 release cannot handle this RPC. in 2.0.5 is barely an PDC ... You could use the 2.1.0pre version, but beware ... luke did quite a few updates in the last weeks :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lajbi at lajli.gau.hu Mon Dec 13 13:12:55 1999 From: lajbi at lajli.gau.hu (Lajber Zoltan) Date: Tue Dec 2 02:27:35 2003 Subject: Administrator account, groups In-Reply-To: <05C3AFB22D89D2119ED60010A80011973B8A0B@WWWMSGM6> Message-ID: On Mon, 13 Dec 1999, Monaghan Alex wrote: > > The second my problem is groups. Can anybody say how samba > > deals with this. > > For example, how to use 2 or 3 logon scripts, which will be used > > with depending on user's group. > > This is not a samba thing, you'll get the same problem with NT. Well, my solutions is: in the smb.conf: logon script = %G.bat And on the netlogon share I have a batch file for each group. The probles is that the %G is for unix _primary_ group, so one user can belong to one group. Bye, -=Lajbi=-------------------------------------------------------------------- LAJBER Zoltan lajbi@jht.gau.hu http://jht.gau.hu/~lajbi GATE Jarmu- es Hotechnika Tanszek http://jht.gau.hu A member of HuLUG http://mlf.linux.rulez.org/mlf From Alexej.Kupin at partner.bmw.de Mon Dec 13 11:46:39 1999 From: Alexej.Kupin at partner.bmw.de (Alexej Kupin) Date: Tue Dec 2 02:27:35 2003 Subject: "One users experience" for Samba! Message-ID: <3854DC9F.A144BC0E@partner.bmw.de> Hello Samba-folk! After I put some tips and trix on the Samba-Mailing list many people sent me a thank you letter... At the end of my work I decided to put all of my experience on the Web. I hope that it will help and will save you time... http://computer.freepage.de/kupin/samba.html This document contains a description of my experience with Samba and will show you step by step how to install, setup and use Samba and Samba as PDC. You will find here many solutions (e.g. NIS-password synchronisation, server-profiles,etc...) Additionally this report gives you an overview of existing solution for integration of Windows & Unix-systems in one LAN. Enjoy it! Alexej PS: May be in the future someone(or samba team) will continue with this kind of additional information and will put it on a better(faster) location! -------------- next part -------------- A non-text attachment was scrubbed... Name: Alexej.Kupin.vcf Type: text/x-vcard Size: 147 bytes Desc: Visitenkarte f?r Alexej Kupin Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991213/1c77876c/Alexej.Kupin.vcf From squeegy+sambant at squeegy.org Mon Dec 13 16:17:28 1999 From: squeegy+sambant at squeegy.org (squeegy+sambant@squeegy.org) Date: Tue Dec 2 02:27:35 2003 Subject: latest as of last night crashing on start Message-ID: I am trying to start the latest version of samba 2.1alpha as of last night and It is not starting and the /var/log/log.smb is reporting the following: wiggles:~ # tail /var/log/log.smb chmod on /tmp/.msrpc/.lsarpc failed [1999/12/11 21:14:30, 0] lib/fault.c:fault_report(40) =============================================================== [1999/12/11 21:14:30, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 299 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/11 21:14:30, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/11 21:14:30, 0] lib/util.c:smb_panic(2527) PANIC: internal error What am I doing incorrectly? ___________________ Jt "The Squeegy" Chiodi http://www.squeegy.org/ squeegy@squeegy.org From ctooley at joslyn.org Mon Dec 13 16:28:14 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:35 2003 Subject: Mapping Drive Z In-Reply-To: <007101bf42da$120849a0$8b640107@scania.co.za> Message-ID: <000101bf4587$0e457e00$1900a8c0@webstat.joslyn.org> Well, I think I have found an almost tolerable answer that will do. While, I'd still like to find a better answer, I decided that I'm spending enough time on this that going around to each machine was becoming more and more acceptable. Anyway, I created the script on the server. In the initial netlogon script I map the netlogon directory (we use X: for in house reasons). Then we have a shortcut to X:\zlogin.bat (the batch file that maps Z: to the share we want it mapped to. This way all the scripts are on the server and all of the machines are processing the info in a uniform way. The two biggest problems are of course that the shortcut must be on the machine and without couple of other scripts the netlogon directory will be mapped to X: for the duration of the access. Thank you all for the tremendous amount of help. Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of C.Lee Taylor Sent: Friday, December 10, 1999 12:43 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Mapping Drive Z Hi ... Sorry took so long to come back to you, but I keep forgetting about time differences around the world .. and I hope I can explain what I wish to explain ... anyway here goes .. This explanation goes only for Win9x clients ... if I try to explain what I have done for my DOS, WFW and WinNT stuff I will never fire off this message, ... sorry, if you don't understand what I am ranting about, please say so ... I hate it when somebody tries to help me and I just can't seem to get what they are getting at .. First you should have already a Netlogin Path setup in you smb.conf ... you should then copy (and modify to suit your needs) the login.bat into this directory. I set this to "L:" for WinNT in the smb.conf and all other clients in the login.bat ... I also have another batch file that sets the os in the DOS env. so that I don't map "L:" in the batch file to WinNT, but I have not put that stuff in the batch file for you. Now at the bottom of the batch file you should be able to map "Z:" to the path you want, you might need to look at the net help use to find how you over map a drive. I would also suggest that you, inside the login.bat file change your current drive and path to "L:\" so that you don't get a missing batch file error or something like that. Again I am sorry this is so disjointed, I have had to take support called between writing this ... so it makes sense to me, but could be a little confusing to others. Mailed C.Lee Taylor P.S. Other thanks goes out to the Samba team for all their effort. -------------- next part -------------- HTML attachment scrubbed and removed From stevem at letchworth.com Mon Dec 13 16:53:28 1999 From: stevem at letchworth.com (Steve Martin) Date: Tue Dec 2 02:27:35 2003 Subject: Real Problems with Samba 2.0.6 Message-ID: <209F013DF10ED311AE7B0004AC386CDD05E08E@SPIRELLA-NT01> Skipped content of type multipart/alternative-------------- next part -------------- [stephenm@ /etc]$ more smb.conf #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = samba # server string is the equivalent of the NT Description field server string = samba lm announce = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.11.1 # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = stephenm # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passw d:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) remote browse sync = 192.11.1 # Cause this host to announce itself to local subnets here remote announce = 192.11.1 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = yes share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group [public] comment = Public Stuff path = /home/samba public = yes writable = yes printable = no write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 From james at whispering.org Mon Dec 13 17:24:47 1999 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:35 2003 Subject: MSRPC daemons In-Reply-To: <018e01bf4546$b0f162e0$8b640107@scania.co.za> from "C.Lee Taylor" at Dec 13, 99 07:45:07 pm Message-ID: <199912131724.MAA19770@whispering.org> Luke, An idea came to me, how difficult would it be to get "Services..." under Server Manager to be able to start and stop these? Of course, some of them would be required to be running already for Server Manager to even work. Have you reverse engineered the Services API? James > > Great Idea ... and interesting times are here to stay ... > > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: Sunday, December 12, 1999 10:51 PM > Subject: MSRPC daemons > > > > just when you thought it was safe to do a cvs update, another cvs commit > > hits the tree. > > > > the first pass now has the following MSRPC services as separate daemons: > > > > samr - samrd > > lsarpc - lsarpcd > > srvsvc - srvsvcd > > wkssvc - wkssvcd > > spoolss - spoolssd > > NETLOGON - netlogond > > browser - browserd > > svcctl - svcctld > > winreg - winregd > > > > and guess what? if you don't want to run any of these services... YOU > > DON'T HAVE TO! > > > > however, if you want a minimum level of pdc support, you are going to > > need: > > > > lsarpcd, srvsvcd, wkssvcd, netlogond. > > > > if you want to be able to either change user passwords (NT-style) or run > > usrmgr.exe or srvmgr.exe, you are going to need: > > > > winregd and samrd. > > > > if you just want samba as a member of a domain that does NOT support local > > accounts, i don't think you need any of these msrpc services, i'd be > > interested to see if people agree with this initial assessement. > > > > if you want samba to be "browseable" in the network neighbourhood, you are > > going to need: > > > > wkssvcd and srvsvcd. > > > > > > this configuration setup may change. in fact, i guarantee that it will. > > one of the things that i wish to do is to ensure that smbd does not need > > _any_ of the smb password database API calls, directly, it goes through > > \PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account > > information. apart from anything, direct verification of smb file access > > using the password database API (getsmbpwnam etc) is wrong, as this > > excludes trusted domains and your pdc. > > > > so, a minimum requirement at some future point may be to run at least the > > netlogond. > > > > we live in interesting times! > > > > luke (samba team) > > > > p.s i'm back on samba-technical. > > > -- James D. Willard, CCNA | Linux/FreeBSD/OpenBSD/Novell/Win/DOS/Minix User james@whispering.org | finger james@whispering.org for PGP Public Key #!/bin/perl -sp0777i Hi all, Still trying to get roaming profiles to work for NT clients on a Samba PDC, no luck. I have just got the latest cvs stuff and now I can't configure, the error is the following when I run the configure script: checking if large file support can be enabled no checking configure summary WARNING: No automated network interface determination ERROR: no seteuid method available configure: error: summary failure. Aborting config Any Clues? I am running RedHat 6.0 Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From mike at psand.net Mon Dec 13 21:30:46 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:35 2003 Subject: Real Problems with Samba 2.0.6 References: <209F013DF10ED311AE7B0004AC386CDD05E08E@SPIRELLA-NT01> Message-ID: <002501bf45b1$bfe2c120$0164a8c0@win981> Real Problems with Samba 2.0.6Steve, In short, you should read the smb.conf man page on the following parameters: lm announce - only needed by OS/2 clients, values should be true, false or auto hosts allow - not sure, but I think you need a trailing dot, i.e. 192.11.1. password server - this is for pass-through authentication by an NT server or PDC, if you haven't got one, comment out this parameter. remote announce - you probably don't need this unless you a placing Samba across more than one subnet. If you are, I think you need to specify both subnets. remote browse sync - same as for remote announce, also this should be a 'broadcast' address, i.e. 192.11.1.255 or an IP for another master browser. wins support - okay, so the Samba box is doing WINS wins proxy - you probably don't need this for Win95, Win98 clients. What I would do is remove your existing RedHat config full of comments and use SWAT to configure your Samba machine. It's available on port 901 of your Samba server. It's much easier to use and get a basic set-up without using too many parameters. A very minimum smb.conf file should work, such as: ; [global] workgroup = samba encrypt passwords = yes [homes] ; Running the above, you should be able to browse your Samba server using Network Neighborhood. It works fine on my RHL6.0 system with 2.0.6. :-) One last thing to watch out for is that Linux systems often use PAM (Pluggable Authentication Modules) for stronger security. You should do two things to make sure this is working: 1. Compile samba with --with-pam, you may need to install the PAM libraries package to get the ./configure script to work. 2. Make sure the file /etc/pam.d/samba exists. If doesn't, you can copy the file /etc/pam.d/linuconf, it should be the same. Hope that helps, Mike Harris Psand Espa?a. ----- Original Message ----- From: Steve Martin To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 13, 1999 6:47 PM Subject: Real Problems with Samba 2.0.6 can you help I have recently installed Samba ver 2.0.6 onto Redhat ver6.0 server...I can't seem to get logged in using the MS Client software under Win95 or Win98.... However I can ping the server and I can telnet into it..My Linux server does not show up under Network Neighborhood....what am I doing wrong....here is my smb.conf attached Can you help <> Steve Martin -------------- next part -------------- HTML attachment scrubbed and removed From mgeddes at xavier.sa.edu.au Mon Dec 13 21:48:17 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:36 2003 Subject: Real Problems with Samba 2.0.6 References: <209F013DF10ED311AE7B0004AC386CDD05E08E@SPIRELLA-NT01> Message-ID: <385569A1.750F9D9@xavier.sa.edu.au> Steve Martin wrote: > > > can you help > > I have recently installed Samba ver 2.0.6 onto Redhat ver6.0 > server...I can't seem to get logged in using the MS Client software > under Win95 or Win98.... > > However I can ping the server and I can telnet into it..My Linux > server does not show up under Network Neighborhood....what am I doing > wrong....here is my smb.conf attached > > Can you help > > <> > > Steve Martin It sounds like a browsing problem. If you can mapa drive to the samba box without using network neighbourhood (right-click My Computer -> Map Network Drive), It is definitely a browser problem. In which case, make sure you have a machine that contains a browse list (NT Server will by default, or say yes to the browsing options in smb.conf). If you are getting a message saying you can't browse the network, or you only have the Windows machine(s) in N.N., then Windows is acting as a master browser (and should be stopped). Go to the network control panel and the properties of file and print services and switch the Browse List option (i think) to disabled. Reboot Windows and start Samba before it boots Windows. Hope this helps. Matt P.S. I didn't get the attachment. -------------- next part -------------- HTML attachment scrubbed and removed From ctooley at joslyn.org Mon Dec 13 21:52:55 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:36 2003 Subject: Real Problems with Samba 2.0.6 In-Reply-To: <002501bf45b1$bfe2c120$0164a8c0@win981> Message-ID: <000201bf45b4$6a3a51e0$1900a8c0@webstat.joslyn.org> I've found that WebMin is overall a little easier to use. Things are broken up more. This however is only personal opinion. I do however like the SWAT interface for checking active connections. Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Mike Harris Sent: Monday, December 13, 1999 3:34 PM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Real Problems with Samba 2.0.6 Steve, In short, you should read the smb.conf man page on the following parameters: lm announce - only needed by OS/2 clients, values should be true, false or auto hosts allow - not sure, but I think you need a trailing dot, i.e. 192.11.1. password server - this is for pass-through authentication by an NT server or PDC, if you haven't got one, comment out this parameter. remote announce - you probably don't need this unless you a placing Samba across more than one subnet. If you are, I think you need to specify both subnets. remote browse sync - same as for remote announce, also this should be a 'broadcast' address, i.e. 192.11.1.255 or an IP for another master browser. wins support - okay, so the Samba box is doing WINS wins proxy - you probably don't need this for Win95, Win98 clients. What I would do is remove your existing RedHat config full of comments and use SWAT to configure your Samba machine. It's available on port 901 of your Samba server. It's much easier to use and get a basic set-up without using too many parameters. A very minimum smb.conf file should work, such as: ; [global] workgroup = samba encrypt passwords = yes [homes] ; Running the above, you should be able to browse your Samba server using Network Neighborhood. It works fine on my RHL6.0 system with 2.0.6. :-) One last thing to watch out for is that Linux systems often use PAM (Pluggable Authentication Modules) for stronger security. You should do two things to make sure this is working: 1. Compile samba with --with-pam, you may need to install the PAM libraries package to get the ./configure script to work. 2. Make sure the file /etc/pam.d/samba exists. If doesn't, you can copy the file /etc/pam.d/linuconf, it should be the same. Hope that helps, Mike Harris Psand Espa?a. ----- Original Message ----- From: Steve Martin To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 13, 1999 6:47 PM Subject: Real Problems with Samba 2.0.6 can you help I have recently installed Samba ver 2.0.6 onto Redhat ver6.0 server...I can't seem to get logged in using the MS Client software under Win95 or Win98.... However I can ping the server and I can telnet into it..My Linux server does not show up under Network Neighborhood....what am I doing wrong....here is my smb.conf attached Can you help <> Steve Martin -------------- next part -------------- HTML attachment scrubbed and removed From mgeddes at xavier.sa.edu.au Mon Dec 13 22:04:36 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:36 2003 Subject: remote tapes References: Message-ID: <38556D73.763FB460@xavier.sa.edu.au> "Dr. Dieter Becker" wrote: > Sirs, > > I know, my question is off-topic, but I hope to find a guru who can > answer me. > > I want to use the DAT-Tape of my Samba-Server (Solaris) from any > Windows client. Is there a possibility to do that. > > And on the other side. > > I want to use a DAT-Tape which is installed in a windows-client > from the Solaris Server. Does there exist any tool like the > unix rmt? > > And as third question: Can I share a Windows DAT-Tape between > different NT-machines? > > Thank You > > Dieter > > Dr. med. dipl.-math Dieter Becker > Medizinische Universitaets- und Poliklinik > Innere Medizin III > D - 66421 Homburg / Saar > ########################################### > Tel.: (0 / +49) 6841 - 16 3046 > Fax.: (0 / +49) 6841 - 16 3043 > Email: db@med-in.uni-sb.de I have found that the problems is the software you run, not which operating system it's on. For example, ArcServe would store things in a different format to tar and gzip or BRU. If you can find two pieces of software that are compatible, you should be OK. It's a bit like the whole file system thing, Unix don't work with FAT, which don't work with UFS, which don't work with NTFS..... I am not aware of much software that will help. You might find that some of the GNU tools are handy as they have been ported to many platforms. Matt From JJones at nwnets.com Mon Dec 13 23:01:05 1999 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:36 2003 Subject: Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller Message-ID: <4128C0428F94D3118F1E00902773CED201B31E@NNSBOIS1> Hi all, Many questions... Hoping someone [patient] could explain the chain of events to me, or tell me why such a chain of events could not possibly occur. I think I may be confusing myself... How would a Kerberos KDC, an LDAP directory, and a Samba server interact with one another? 1. Could the KDC store it's database in the LDAP directory? 2. Could the LDAP directory require Kerberos v5 authentication before allowing a user/service access to the directory? 3. Would a user first need a TGT, then request authentication from the samba server, which in turn would check the LDAP directory for a match? Here's what I'd like to do... 1. Conifgure OpenLDAP --with-krb5 so that a KDC authenticates connections to the LDAP directory. 2. Configure Kerberos server --with-LDAP so that the Kerberos database is stored in the LDAP directoy, and kerb password changes, etc. are made to the LDAP directory (if that's what the --with-ldap option actually does for kerb1.1--if not, what does it do?) 3. Configure samba as an NT domain controller --with-ldap and --with-krb5 so that NT clients are authenticated by the KDC and have their tickets, etc. stored in the LDAP directory. Is this a sensible thing to want to do? Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com From lukeh at padl.com Tue Dec 14 00:05:36 1999 From: lukeh at padl.com (Luke Howard) Date: Tue Dec 2 02:27:36 2003 Subject: Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller Message-ID: <199912140005.LAA55213@au.padl.com> G'day, >1. Could the KDC store it's database in the LDAP directory? Yes. Indeed, this was the reason we implemented the domain socket transport for OpenLDAP. There's still a lot of work to be done to implement this, though. >2. Could the LDAP directory require Kerberos v5 authentication before >allowing a user/service access to the directory? In principle (pun not intended!), yes. However, OpenLDAP still requires support for the GSS-API SASL mechanism in order to do this in the "correct" manner. Netscape's Directory Server supports this mechanism with an appropriate plugin, and OpenLDAP will eventually support SASL authentication using the Cyrus SASL library. >3. Would a user first need a TGT, then request authentication from the >samba server, which in turn would check the LDAP directory for a match? W2K clients use a complicated mix of Kerberos, LDAP, and RPCs for authentication and authorization. Check out: http://www.microsoft.com/security/resources/brundrett.asp for some interesting reading. That said, I believe SAMBA supports LDAP now as a backend to its pre-W2K domain controller service. >2. Configure Kerberos server --with-LDAP so that the Kerberos database is >stored in the LDAP directoy, and kerb password changes, etc. are made to the >LDAP directory (if that's what the --with-ldap option actually does for >kerb1.1--if not, what does it do?) I wasn't aware of this -- I'm curious to know more. regards, -- Luke -- ___________________________________________________________________________ luke howard lukeh@PADL.COM PADL software pty ltd http://www.PADL.COM From Kurt at OpenLDAP.Org Tue Dec 14 00:01:20 1999 From: Kurt at OpenLDAP.Org (Kurt D. Zeilenga) Date: Tue Dec 2 02:27:36 2003 Subject: Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller In-Reply-To: <4128C0428F94D3118F1E00902773CED201B31E@NNSBOIS1> Message-ID: <3.0.5.32.19991213160120.00955300@localhost> [Note: repliers to this message may want to trim the CC list to avoid non-member bouncing by some mailing list managers (such as those used by OpenLDAP)] At 04:01 PM 12/13/99 -0700, Jeremy Jones wrote: >How would a Kerberos KDC, an LDAP directory, and a Samba server interact >with one another? > >1. Could the KDC store it's database in the LDAP directory? Could? Yes Should? debatable >2. Could the LDAP directory require Kerberos v5 authentication before >allowing a user/service access to the directory? Yes. Via LDAPv2 Kerberos bind mechanisms or via LDAPv3/SASL mechanisms. >3. Would a user first need a TGT, then request authentication from the >samba server, which in turn would check the LDAP directory for a match? Match? Not sure what you mean here. I would suggest that one authentication service be used and all your various applications (LDAP, samba) use that service directly. That is, if LDAP is using Kerberos authentication then so should samba. >Here's what I'd like to do... >1. Conifgure OpenLDAP --with-krb5 so that a KDC authenticates connections to >the LDAP directory. Reasonable. >2. Configure Kerberos server --with-LDAP so that the Kerberos database is >stored in the LDAP directoy, and kerb password changes, etc. are made to the >LDAP directory (if that's what the --with-ldap option actually does for >kerb1.1--if not, what does it do?) Likely a bad idea. For security reasons, it is wise to separate public (or published) information from private (secret) information. LDAP is well suited for publishing public information. Kerberos is well suited for keeping authentication secrets private. >3. Configure samba as an NT domain controller --with-ldap and --with-krb5 so >that NT clients are authenticated by the KDC and have their tickets, etc. >stored in the LDAP directory. It is wise to configure applications to avoid proxies. If LDAP is using Kerberos, than samba should directly use Kerberos if at all possible. >Is this a sensible thing to want to do? Pick an authentication service and use it uniformily. Avoid authentication proxies. From lonnie at borntreger.com Tue Dec 14 03:51:45 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:36 2003 Subject: Latest CVS In-Reply-To: <38555185.269BF473@oracom.com> Message-ID: <000201bf45e6$8c884a40$0500000a@wh.com> The problem is that the file used to check for the set*uid functions doesn't exit. From the config.log (one of several failures on the file): configure:8662: lib/util_sec.c: No such file or directory Lonnie Borntreger > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Glenn MacGregor > Sent: Monday, December 13, 1999 1:08 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Latest CVS > > > Hi all, > > Still trying to get roaming profiles to work for NT clients on a > Samba PDC, no luck. I have just got the latest cvs stuff and now I > can't configure, the error is the following when I run the configure > script: > > > checking if large file support can be enabled > no > checking configure summary > WARNING: No automated network interface determination > ERROR: no seteuid method available > configure: error: summary failure. Aborting config > > Any Clues? I am running RedHat 6.0 > > Glenn > > > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > > From anders at aae.wisc.edu Mon Dec 13 10:57:27 1999 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons (fwd) Message-ID: <199912131057.EAA24919@pug.aae.wisc.edu> Why not implement a signal (HUP ?) so that samba will re-read the config. Or is tere such a signal today? --Anders C. Thorsen acthorsen@students.wisc.edu >hi, >it would be very nice to split up the daemons. currently there are two >daemons, the smbd and nmbd. if you did something to the config, you'll have >to restart the appropraite daemon ( <-- very troublesome.) From db at med-in.uni-sb.de Tue Dec 14 05:44:19 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:27:36 2003 Subject: remote tapes In-Reply-To: <38556D73.763FB460@xavier.sa.edu.au> Message-ID: I asked about the possibility to use DAT-tapes from UNIX on NT and vice versa. I did not look to special programs (networker, ...) which exist all over the net but I am searching for basic tools like rmt for Win NT (perhaps running as service) for doing dumps under Unix on a NT-Tape or a connection for saving NT backups under Unix. Sorry for my bad english; next time I will post my question more precisely. Dieter Dr. med. dipl.-math Dieter Becker Medizinische Universitaets- und Poliklinik Innere Medizin III D - 66421 Homburg / Saar ########################################### Tel.: (0 / +49) 6841 - 16 3046 Fax.: (0 / +49) 6841 - 16 3043 Email: db@med-in.uni-sb.de -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Matthew Geddes Sent: Monday, December 13, 1999 11:07 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: remote tapes "Dr. Dieter Becker" wrote: > Sirs, > > I know, my question is off-topic, but I hope to find a guru who can > answer me. > > I want to use the DAT-Tape of my Samba-Server (Solaris) from any > Windows client. Is there a possibility to do that. > > And on the other side. > > I want to use a DAT-Tape which is installed in a windows-client > from the Solaris Server. Does there exist any tool like the > unix rmt? > > And as third question: Can I share a Windows DAT-Tape between > different NT-machines? > > Thank You > > Dieter > > Dr. med. dipl.-math Dieter Becker > Medizinische Universitaets- und Poliklinik > Innere Medizin III > D - 66421 Homburg / Saar > ########################################### > Tel.: (0 / +49) 6841 - 16 3046 > Fax.: (0 / +49) 6841 - 16 3043 > Email: db@med-in.uni-sb.de From hanak at IRIS.osu.cz Tue Dec 14 08:30:36 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC <-> SUN RPC (ONC RPC) Message-ID: Hi, can somebody explain compatibility of subject? I know (i wrote some apps) SUN RPC, standard on UNIX, but MS clone is for me new. Any comment is welcome. Ondrej From estes at ece.ucdavis.edu Tue Dec 14 08:30:59 1999 From: estes at ece.ucdavis.edu (Robert Estes) Date: Tue Dec 2 02:27:36 2003 Subject: remote tapes Message-ID: <19991214003059N.estes@spider.engr.ucdavis.edu> So far, of the people I sent it to, we're nowhere near 98% ... already have three outliers ... Another friend of mine thought rutabega (sp?) ... -R From estes at ece.ucdavis.edu Tue Dec 14 08:54:21 1999 From: estes at ece.ucdavis.edu (Robert Estes) Date: Tue Dec 2 02:27:36 2003 Subject: remote tapes Message-ID: <19991214005421Y.estes@spider.engr.ucdavis.edu> Sorry samba folks ... my bad - thought I was replying to something else ... maybe we can have this stricken from the archives :) > So far, of the people I sent it to, we're nowhere near 98% ... already have > three outliers ... > > Another friend of mine thought rutabega (sp?) ... > > -R From hoffmaf at math.uni-muenster.de Tue Dec 14 11:13:08 1999 From: hoffmaf at math.uni-muenster.de (Frank Hoffmann) Date: Tue Dec 2 02:27:36 2003 Subject: Problems with smbpasswd and NIS+ References: <209F013DF10ED311AE7B0004AC386CDD05E08E@SPIRELLA-NT01> Message-ID: <38562644.800103BC@math.uni-muenster.de> Hi all, i think, i have found a bug when using smbpasswd (2.0.6), any ideas? (SunOS host 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10) Do i have to use smbpasswd on the nis+-master? ./smbpasswd -e hoffmaf New SMB password: Retype new SMB password: getnisp21pwnam: search by name: hoffmaf getnisp21pwnam: using NIS+ table smbpasswd make_sam_from_nisp_object: entry invalidated for user hoffmaf mod_getnisp21pwd_entry: search by name: hoffmaf mod_getnisp21pwd_entry: using NIS+ table smbpasswd mod_getnisp21pwd_entry: entry exists Segmentation Fault sigaction(SIGALRM, 0xFFBEE7A0, 0x00000000) = 0 make_sam_from_nisp_object: entry invalidated for user hoffmaf write(1, " m a k e _ s a m _ f r o".., 62) = 62 mod_getnisp21pwd_entry: search by name: hoffmaf write(1, " m o d _ g e t n i s p 2".., 48) = 48 mod_getnisp21pwd_entry: using NIS+ table smbpasswd write(1, " m o d _ g e t n i s p 2".., 51) = 51 sigaction(SIGALRM, 0xFFBEE6C0, 0x00000000) = 0 alarm(5) = 0 getpid() = 20927 [20922] getuid() = 0 [0] fstat(4, 0xFFBEE420) = 0 write(4, "80\0\08C 8 ^89 ;\0\0\0\0".., 144) = 144 poll(0x000B5C58, 1, 15000) = 1 getmsg(4, 0xFFBEE09C, 0xFFBEE08C, 0xFFBEE0CC) = 0 getpid() = 20927 [20922] getuid() = 0 [0] fstat(4, 0xFFBEE420) = 0 write(4, "80\0\094 8 ^89 :\0\0\0\0".., 152) = 152 poll(0x000B5C58, 1, 15000) = 1 getmsg(4, 0xFFBEE09C, 0xFFBEE08C, 0xFFBEE0CC) = 0 alarm(0) = 5 sigaction(SIGALRM, 0xFFBEE6C0, 0x00000000) = 0 mod_getnisp21pwd_entry: entry exists write(1, " m o d _ g e t n i s p 2".., 37) = 37 Incurred fault #6, FLTBOUNDS %pc = 0x0006A490 siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 *** process killed *** Frank From karlheinz at khschulz.com Tue Dec 14 11:50:24 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:36 2003 Subject: Problem with Win95 clients Message-ID: <000501bf4629$68ad6220$6e320180@charlielabtop> My systems are: RH 6.1 Samba 2.0.6 NT 4 with SP5 - PDC and WINS Whenever I try to map the Samba share with \\IP_Address\Sharename the error is computer or share not found. If I use \\computer_name_in_WINS\Sharename I get prompted with "The password is not correct". I did triple check the passwords on both machines - it is the same. Is the name for the Samba share case sensitive? I named it "mdii" but the "map" dialog box reports it as "MDII" To be honest I'm lost. Thank you Karl-Heinz From mw at theatre.sax.de Tue Dec 14 07:02:36 1999 From: mw at theatre.sax.de (Martin Welk) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons (fwd) In-Reply-To: <199912131057.EAA24919@pug.aae.wisc.edu>; from anders@aae.wisc.edu on Tue, Dec 14, 1999 at 04:00:55PM +1100 References: <199912131057.EAA24919@pug.aae.wisc.edu> Message-ID: <19991214080235.B13327@theatre.sax.de> On Tue, Dec 14, 1999 at 04:00:55PM +1100, Anders C. Thorsen wrote: > Why not implement a signal (HUP ?) so that samba will re-read the config. It is, for a long while nowadays, but in the case you made something wrong (for example, a simple typo), the daemon you restarted sits on the floor waiting and whines doesn't want to play with anybody anymore. Often this is no real problem for the one who changed the configuration, but for the users using it. Wait for them coming and whining that your Samba server doesn't play with them anymore :-) (And of course, await them to be angry if you caught them during an M$-Access session or something like that :-) ) Apache has this nice option to try a new configuration file before loading it. When you SIGHUP him, he doesn't care, but if you use the apachectl tool (configtest option) it tells you that you that and where you did something wrong but leaves the running daemons unchanged. Such a thing could be very useful for Samba in production environments, too. Regards, Martin -- /| /| | /| / ,,You know, there's a lot of opportunities, / |/ | artin |/ |/ elk if you're knowing to take them, you know, there's a lot of opportunities, Freiberg/Saxony, Germany if there aren't you can make them, mw@sax.de / mw@theatre.sax.de make or break them!'' (Tennant/Lowe) From mw at theatre.sax.de Tue Dec 14 07:04:44 1999 From: mw at theatre.sax.de (Martin Welk) Date: Tue Dec 2 02:27:36 2003 Subject: remote tapes In-Reply-To: ; from db@med-in.uni-sb.de on Tue, Dec 14, 1999 at 04:45:45PM +1100 References: <38556D73.763FB460@xavier.sa.edu.au> Message-ID: <19991214080444.C13327@theatre.sax.de> On Tue, Dec 14, 1999 at 04:45:45PM +1100, Dr. Dieter Becker wrote: > I asked about the possibility to use DAT-tapes from UNIX on NT and > vice versa. I did not look to special programs (networker, ...) > which exist all over the net but I am searching for basic tools > like rmt for Win NT (perhaps running as service) for doing dumps > under Unix on a NT-Tape or a connection for saving NT backups > under Unix. It's about two years ago when I found something like that for Windows 95 (probably also for NT) at what is nowadays called http://www.winfiles.com/ but I don't remember it's name (something like WIN-rsh? I'm not sure). This way I did backups from Windows to a FreeBSD box. Regards, Martin -- /| /| | /| / ,,You know, there's a lot of opportunities, / |/ | artin |/ |/ elk if you're knowing to take them, you know, there's a lot of opportunities, Freiberg/Saxony, Germany if there aren't you can make them, mw@sax.de / mw@theatre.sax.de make or break them!'' (Tennant/Lowe) From eirvine at tpgi.com.au Tue Dec 14 12:09:03 1999 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:27:36 2003 Subject: Problem with Win95 clients References: <000501bf4629$68ad6220$6e320180@charlielabtop> Message-ID: <3856335F.4D38541@tpgi.com.au> Hi Karl-Heinz Are you using plain-text passwords? Karl-Heinz Schulz wrote: > > My systems are: > > RH 6.1 > Samba > 2.0.6 > > NT 4 with SP5 - PDC and WINS > > Whenever I try to map the Samba share with \\IP_Address\Sharename the error > is computer or share not found. > If I use \\computer_name_in_WINS\Sharename I get prompted with "The password > is not correct". > > I did triple check the passwords on both machines - it is the same. > Is the name for the Samba share case sensitive? > I named it "mdii" but the "map" dialog box reports it as "MDII" > > To be honest I'm lost. > > Thank you > Karl-Heinz From giulioo at pobox.com Tue Dec 14 12:40:04 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:36 2003 Subject: Problem with Win95 clients In-Reply-To: <000501bf4629$68ad6220$6e320180@charlielabtop> References: <000501bf4629$68ad6220$6e320180@charlielabtop> Message-ID: <19991214124017.39FA726E67@i3.golden.dom> On Tue, 14 Dec 1999 22:54:08 +1100, hai scritto: >I did triple check the passwords on both machines - it is the same. Did you enable passwd encryption on samba and added the nt user? >Is the name for the Samba share case sensitive? No -- giulioo@pobox.com From mike at psand.net Tue Dec 14 13:28:25 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:36 2003 Subject: Real Problems with Samba 2.0.6 References: <000201bf45b4$6a3a51e0$1900a8c0@webstat.joslyn.org> Message-ID: <004b01bf4637$1c1be900$0164a8c0@win981> Real Problems with Samba 2.0.6Chris, I love webmin and use it to do all sorts of stuff: It saved my life the other day when I made a typing error changing the root password on a remote Internet server ;-). Although SWAT is more complicated, it does help force people to read the documentation and use the one-line context sensitive manual pages, which answer a lot of questions and make it very quick to look-up stuff. I like a combination of both. If you're a UNIX administrator, you *should* run webmin, it's ace! Mike. ----- Original Message ----- From: Chris Tooley To: mike@psand.net ; 'Multiple recipients of list SAMBA-NTDOM' Sent: Monday, December 13, 1999 10:52 PM Subject: RE: Real Problems with Samba 2.0.6 I've found that WebMin is overall a little easier to use. Things are broken up more. This however is only personal opinion. I do however like the SWAT interface for checking active connections. Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Mike Harris Sent: Monday, December 13, 1999 3:34 PM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Real Problems with Samba 2.0.6 Steve, In short, you should read the smb.conf man page on the following parameters: lm announce - only needed by OS/2 clients, values should be true, false or auto hosts allow - not sure, but I think you need a trailing dot, i.e. 192.11.1. password server - this is for pass-through authentication by an NT server or PDC, if you haven't got one, comment out this parameter. remote announce - you probably don't need this unless you a placing Samba across more than one subnet. If you are, I think you need to specify both subnets. remote browse sync - same as for remote announce, also this should be a 'broadcast' address, i.e. 192.11.1.255 or an IP for another master browser. wins support - okay, so the Samba box is doing WINS wins proxy - you probably don't need this for Win95, Win98 clients. What I would do is remove your existing RedHat config full of comments and use SWAT to configure your Samba machine. It's available on port 901 of your Samba server. It's much easier to use and get a basic set-up without using too many parameters. A very minimum smb.conf file should work, such as: ; [global] workgroup = samba encrypt passwords = yes [homes] ; Running the above, you should be able to browse your Samba server using Network Neighborhood. It works fine on my RHL6.0 system with 2.0.6. :-) One last thing to watch out for is that Linux systems often use PAM (Pluggable Authentication Modules) for stronger security. You should do two things to make sure this is working: 1. Compile samba with --with-pam, you may need to install the PAM libraries package to get the ./configure script to work. 2. Make sure the file /etc/pam.d/samba exists. If doesn't, you can copy the file /etc/pam.d/linuconf, it should be the same. Hope that helps, Mike Harris Psand Espa?a. ----- Original Message ----- From: Steve Martin To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 13, 1999 6:47 PM Subject: Real Problems with Samba 2.0.6 can you help I have recently installed Samba ver 2.0.6 onto Redhat ver6.0 server...I can't seem to get logged in using the MS Client software under Win95 or Win98.... However I can ping the server and I can telnet into it..My Linux server does not show up under Network Neighborhood....what am I doing wrong....here is my smb.conf attached Can you help <> Steve Martin -------------- next part -------------- HTML attachment scrubbed and removed From puru at elbvilla.de Tue Dec 14 11:33:53 1999 From: puru at elbvilla.de (Jens Puruckherr) Date: Tue Dec 2 02:27:36 2003 Subject: unable to get user-list References: <001901bf4566$28cf05a0$0301a8c0@k6> <3854EC62.7BB75885@plum.de> Message-ID: <000401bf4651$cc478e00$0301a8c0@k6> Hi, From: Michael Glauche > I think the 2.0.5 release cannot handle this RPC. in 2.0.5 is barely an > PDC ... > You could use the 2.1.0pre version, but beware ... luke did quite a few > updates in the last weeks :) That means, I do need a PDC? From GLeblanc at cu-portland.edu Tue Dec 14 16:24:13 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons (fwd) Message-ID: > -----Original Message----- > From: Martin Welk [mailto:mw@theatre.sax.de] > Sent: Tuesday, December 14, 1999 4:11 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: MSRPC daemons (fwd) > > > On Tue, Dec 14, 1999 at 04:00:55PM +1100, Anders C. Thorsen wrote: > > Apache has this nice option to try a new configuration file > before loading > it. When you SIGHUP him, he doesn't care, but if you use the > apachectl tool > (configtest option) it tells you that you that and where you > did something > wrong but leaves the running daemons unchanged. Such a thing > could be very > useful for Samba in production environments, too. I think it's called 'testparm'. :) It's been there for as long as I've used samba, and I run it before I restart smbd to change config. Greg From dominik.kubla at uni-mainz.de Tue Dec 14 16:27:53 1999 From: dominik.kubla at uni-mainz.de (Dominik Kubla) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC <-> SUN RPC (ONC RPC) In-Reply-To: ; from Ondrej Hanak on Tue, Dec 14, 1999 at 07:26:22PM +1100 References: Message-ID: <19991214172753.D12881@uni-mainz.de> On Tue, Dec 14, 1999 at 07:26:22PM +1100, Ondrej Hanak wrote: > Hi, > can somebody explain compatibility of subject? I know (i wrote some apps) > SUN RPC, standard on UNIX, but MS clone is for me new. > Any comment is welcome. > Ondrej As far as i know, MSRPC is a derivative of DCE RPC which is different from ONC RPC (as SUN RPC is officially known). Yours, Dominik Kubla From slitt at troubleshooters.com Tue Dec 14 16:36:40 1999 From: slitt at troubleshooters.com (Steve Litt) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons (fwd) In-Reply-To: Message-ID: <3.0.6.32.19991214113640.00a12840@pop.pacificnet.net> At 03:26 AM 12/15/1999 +1100, Gregory Leblanc wrote: [clip] >I think it's called 'testparm'. :) It's been there for as long as I've >used samba, and I run it before I restart smbd to change config. > Greg Greg -- what would you think of a testparm-like utility that lists all parameters for *each* service, instead of just the non-default parameters. It features three delimited fields per line: share, parameter name, and parameter value. The intent is to have it easily manipulated by a Perl or Python script. I've got it running in a very rough form, but haven't yet had time to test it or clean it up. My version doesn't check syntax, since the real testparm does that just fine. Mine simply outputs data about every paraemter for every share, regardless of default. Steve Litt From s.striker at striker.nl Tue Dec 14 19:20:39 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:36 2003 Subject: Latest CVS In-Reply-To: <000201bf45e6$8c884a40$0500000a@wh.com> Message-ID: <000501bf4668$4e8e6080$0a00a8c0@office.striker.nl> Hi there, > The problem is that the file used to check for the set*uid > functions doesn't > exit. From the config.log (one of several failures on the file): > configure:8662: lib/util_sec.c: No such file or directory > > Lonnie Borntreger Indeed this seems to be the problem. How do we fix this? Older CVS version did configure, but don't have Luke's multiple daemon update. Greetings, Sander Striker > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Glenn MacGregor > > Sent: Monday, December 13, 1999 1:08 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Latest CVS > > > > > > Hi all, > > > > Still trying to get roaming profiles to work for NT clients on a > > Samba PDC, no luck. I have just got the latest cvs stuff and now I > > can't configure, the error is the following when I run the configure > > script: > > > > > > checking if large file support can be enabled > > no > > checking configure summary > > WARNING: No automated network interface determination > > ERROR: no seteuid method available > > configure: error: summary failure. Aborting config > > > > Any Clues? I am running RedHat 6.0 > > > > Glenn > > > > > > > > -- > > > > Glenn MacGregor > > > > Director of Services > > Oracom, Inc. > > http://www.oracom.com > > > > Tel. +1 978.557.5710 Ext. 302 > > Fax +1 978.557.5716 > > > > > > > > From gleblanc at cu-portland.edu Tue Dec 14 19:08:06 1999 From: gleblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons (fwd) References: <3.0.6.32.19991214113640.00a12840@pop.pacificnet.net> Message-ID: <38569596.3974625F@cu-portland.edu> Steve Litt wrote: > > At 03:26 AM 12/15/1999 +1100, Gregory Leblanc wrote: > [clip] > >I think it's called 'testparm'. :) It's been there for as long as I've > >used samba, and I run it before I restart smbd to change config. > > Greg > > Greg -- what would you think of a testparm-like utility that lists all > parameters for *each* service, instead of just the non-default parameters. > It features three delimited fields per line: share, parameter name, and > parameter value. The intent is to have it easily manipulated by a Perl or > Python script. This would be really useful for a server on which I was doing a lot of configuration. Right now, I haven't changed my version of samba, or the configuration for about 6 months, and I don't plan to change it any time soon. :) Every now and then I go browse the logs, but not very often. VERY low maintenence server. > > I've got it running in a very rough form, but haven't yet had time to test > it or clean it up. My version doesn't check syntax, since the real testparm > does that just fine. Mine simply outputs data about every paraemter for > every share, regardless of default. So you would run testparm first, to make sure that you hadn't mangled anything, and then run this to get more detailed information about your shares? Greg From lharold at mrc.uidaho.edu Tue Dec 14 19:11:03 1999 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:36 2003 Subject: New configure error under HP-UX In-Reply-To: from "To:samba-ntdom@samba.anu.edu.au" at Mar 08, 99 12:04 (noon) Message-ID: <199912141911.LAA03062@zeus.mrc.uidaho.edu> Hi guys, I have another configure error under HP-UX 10.20 with the CVS code from Tue Dec 14 18:23:44 1999. The error message is: checking configure summary WARNING: No automated network interface determination ERROR: no seteuid method available configure: error: summary failure. Aborting config and the config.log can be found at: http://www.len.moscow.id.us/config.log I think the most relevant lines are: configure:4022: checking for getauthuid configure:4050: cc -o conftest -O -Ae -D_HPUX_SOURCE -D_POSIX_SOURCE conftest.c 1>&5 /usr/ccs/bin/ld: Unsatisfied symbols: getauthuid (code) but then I'm not a programmer. Len Harold From stanley.g.skidmore at boeing.com Tue Dec 14 19:22:16 1999 From: stanley.g.skidmore at boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:36 2003 Subject: Latest CVS Message-ID: Hi, > > > checking configure summary > > > WARNING: No automated network interface determination > > > ERROR: no seteuid method available > > > configure: error: summary failure. Aborting config > I had this same error message last night. Does anyone have any ideas? > ---------- > From: S. Striker[SMTP:s.striker@striker.nl] > Reply To: s.striker@striker.nl > Sent: 12/14/99 11:18 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Latest CVS > > Hi there, > > > The problem is that the file used to check for the set*uid > > functions doesn't > > exit. From the config.log (one of several failures on the file): > > configure:8662: lib/util_sec.c: No such file or directory > > > > Lonnie Borntreger > > Indeed this seems to be the problem. How do we fix this? Older CVS > version did configure, but don't have Luke's multiple daemon update. > > Greetings, > > Sander Striker > > > > -----Original Message----- > > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > > Glenn MacGregor > > > Sent: Monday, December 13, 1999 1:08 PM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Latest CVS > > > > > > > > > Hi all, > > > > > > Still trying to get roaming profiles to work for NT clients on a > > > Samba PDC, no luck. I have just got the latest cvs stuff and now I > > > can't configure, the error is the following when I run the configure > > > script: > > > > > > > > > checking if large file support can be enabled > > > no > > > checking configure summary > > > WARNING: No automated network interface determination > > > ERROR: no seteuid method available > > > configure: error: summary failure. Aborting config > > > > > > Any Clues? I am running RedHat 6.0 > > > > > > Glenn > > > > > > > > > > > > -- > > > > > > Glenn MacGregor > > > > > > Director of Services > > > Oracom, Inc. > > > http://www.oracom.com > > > > > > Tel. +1 978.557.5710 Ext. 302 > > > Fax +1 978.557.5716 > > > > > > > > > > > > > > From mw at theatre.sax.de Tue Dec 14 19:49:01 1999 From: mw at theatre.sax.de (Martin Welk) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons (fwd) In-Reply-To: ; from GLeblanc@cu-portland.edu on Tue, Dec 14, 1999 at 08:24:13AM -0800 References: Message-ID: <19991214204901.J13327@theatre.sax.de> On Tue, Dec 14, 1999 at 08:24:13AM -0800, Gregory Leblanc wrote: > I think it's called 'testparm'. :) It's been there for as long as I've > used samba, and I run it before I restart smbd to change config. Oh. Sorry. My very deep and serious apologies. I think I missed something. :-) I think, I've always increased the log level and used a ``tail -f'' to see what's wrong :-) Than of course it is no problem check if there are typos or syntax errors in a configuration file before loading it with a SIGHUP. Regards, Martin -- /| /| | /| / ,,You know, there's a lot of opportunities, / |/ | artin |/ |/ elk if you're knowing to take them, you know, there's a lot of opportunities, Freiberg/Saxony, Germany if there aren't you can make them, mw@sax.de / mw@theatre.sax.de make or break them!'' (Tennant/Lowe) From lkcl at samba.org Tue Dec 14 20:05:19 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:36 2003 Subject: MSRPC daemons Message-ID: james, i hacked up something simple that will list all the entries in /usr/local/samba/var/locks/*.pid as "started" services, and svcstop (rpcclient) and svcstart (rpcclient) will cause smbrun to start / stop these programs with a script rc.service. luke From slitt at troubleshooters.com Tue Dec 14 20:29:59 1999 From: slitt at troubleshooters.com (Steve Litt) Date: Tue Dec 2 02:27:37 2003 Subject: MSRPC daemons (fwd) In-Reply-To: <38569596.3974625F@cu-portland.edu> References: <3.0.6.32.19991214113640.00a12840@pop.pacificnet.net> Message-ID: <3.0.6.32.19991214152959.00f374b0@pop.pacificnet.net> At 11:08 AM 12/14/1999 -0800, Gregory Leblanc wrote: >Steve Litt wrote: [clip] >> Greg -- what would you think of a testparm-like utility that lists all >> parameters for *each* service, instead of just the non-default parameters. >> It features three delimited fields per line: share, parameter name, and >> parameter value. The intent is to have it easily manipulated by a Perl or >> Python script. > [clip] > >> >> I've got it running in a very rough form, but haven't yet had time to test >> it or clean it up. My version doesn't check syntax, since the real testparm >> does that just fine. Mine simply outputs data about every paraemter for >> every share, regardless of default. > >So you would run testparm first, to make sure that you hadn't mangled >anything, and then run this to get more detailed information about your >shares? > Greg Greg --Exactly. Testparm checks smb.conf syntax, and the new program outputs a more complete and parsable version of shares and their parameters. The new program would answer questions like "what print command does this print share think it has?", or "what's the directory mask of this share?", or "which shares have bobby as a valid user?", simply by piping it thru the proper grep. Right now I'm busy writing a book, but if there's interest I'll contribute it after I've had enough time to test it and clean up the code. Steve Litt From Nicolas.Williams at wdr.com Tue Dec 14 21:49:18 1999 From: Nicolas.Williams at wdr.com (Nicolas Williams) Date: Tue Dec 2 02:27:37 2003 Subject: [XAD] Re: Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller In-Reply-To: <199912140005.LAA55213@au.padl.com>; from Luke Howard on Tue, Dec 14, 1999 at 11:05:36AM +1100 References: <199912140005.LAA55213@au.padl.com> Message-ID: <19991214164918.A7989@wdr.com> [[NOTE: openldap list removed from Cc: list]] On Tue, Dec 14, 1999 at 11:05:36AM +1100, Luke Howard wrote: > > G'day, > > >1. Could the KDC store it's database in the LDAP directory? > > Yes. Indeed, this was the reason we implemented the domain socket > transport for OpenLDAP. There's still a lot of work to be done > to implement this, though. > > >2. Could the LDAP directory require Kerberos v5 authentication before > >allowing a user/service access to the directory? > > In principle (pun not intended!), yes. However, OpenLDAP still requires > support for the GSS-API SASL mechanism in order to do this in the > "correct" manner. Netscape's Directory Server supports this mechanism > with an appropriate plugin, and OpenLDAP will eventually support SASL > authentication using the Cyrus SASL library. > > >3. Would a user first need a TGT, then request authentication from the > >samba server, which in turn would check the LDAP directory for a match? > > W2K clients use a complicated mix of Kerberos, LDAP, and RPCs for > authentication and authorization. Check out: > > http://www.microsoft.com/security/resources/brundrett.asp I just read that doc. It seems that when using NTLM for authentication NT services will fetch the user's profile from the DC for impersonation. It seems that when using Kerberos5 for authentication NT services will use the user's profile if attached to the kerberos5 ticket, or, if the profile data is not in the ticket, impersonation is disabled. Is that a correct reading of that document? If so, why the difference in behaviour? If the profile is not in the krb5 ticket, why not query a DC for it as is done when using NTLM? Is the issue one of mapping krb5 principals to ActiveDirectory objects when the KDC is a non-ActiveDirectory KDC? > for some interesting reading. That said, I believe SAMBA supports LDAP > now as a backend to its pre-W2K domain controller service. > > >2. Configure Kerberos server --with-LDAP so that the Kerberos database is > >stored in the LDAP directoy, and kerb password changes, etc. are made to the > >LDAP directory (if that's what the --with-ldap option actually does for > >kerb1.1--if not, what does it do?) > > I wasn't aware of this -- I'm curious to know more. > > > regards, > > > -- Luke > > -- > > ___________________________________________________________________________ > luke howard lukeh@PADL.COM > PADL software pty ltd http://www.PADL.COM Nico -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. From mparker at myra.com Wed Dec 15 00:07:16 1999 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:37 2003 Subject: can't find the PDC Message-ID: <3856DBB4.A372E1F@myra.com> Hi, I have configured samba 2.0.6 as a PDC on my solaris 2.6 box. I am able to join the domain from an NT 4.0 workstation but when I log on I get an error : "can't find profile" and then I cannot log on. When I look in the error log it says: "No Windows NT Domain Controller is available for domain ITALY. (This event is expected and can be ignored when booting with the 'No Net' Hardware Profile.) The following error occurred: There are currently no logon servers available to service the logon request." In the log.nmb it says: "[1999/12/14 13:39:00, 0] lib/util_sock.c:set_socket_options(148) Failed to set socket option TCP_NODELAY (Error Bad file number) [1999/12/14 13:39:12, 0] smbd/service.c:make_connection(209) durango (142.44.2.53) couldn't find service test [1999/12/14 13:39:12, 0] smbd/service.c:make_connection(209) durango (142.44.2.53) couldn't find service test" test is the name of the user that I created. Here is my smb.conf: [global] workgroup = ITALY netbios name = RIO encrypt passwords = yes # map to guest = Bad User mangled names = yes case sensitive = no #domain user map = /opt/samba/lib/domainuser.map #domain group map = /opt/smab/lib/domaingroup.map preserve case = yes server string = Samba Server ;dns proxy = yes security = user ;guest account = nfs password server = rio ##used to be glasgow password level = 0 unix password sync = yes unix realname = yes domain logons = yes domain master = no local master = yes ###smb passwd file = /etc/passwd max log size = 50 printcap name = /opt/local/samba/lib/printcap printing = sysv load printers = yes #logon path = \\%L\netlogon #logon script = %U.bat # socket options = TCiP_NODELAY dns proxy = no browseable = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* [netlogon] path = /opt/samba/netlogon public = no browseable = yes [samba] comment = test share path = /opt/samba read only = no browseable = yes #valid users = @corp_myra create mask = 0770 directory mask = 0770 [profiles$] path = /opt/samba/profiles/%U root preexec = /bin/mkdir /opt/samba/profiles/%U; \ /bin/chown %U /opt/samba/profiles/%U; \ /bin/chmod 700 /opt/samba/profiles/%U browseable = yes guest ok = yes create mode = 0600 directory mode = 0700 writeable = yes Any ideas? Thanks -- Margarita Parker From lukeh at padl.com Wed Dec 15 00:36:03 1999 From: lukeh at padl.com (Luke Howard) Date: Tue Dec 2 02:27:37 2003 Subject: Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller References: <199912140005.LAA55213@au.padl.com> <19991214164918.A7989@wdr.com> Message-ID: <199912150036.LAA93144@au.padl.com> >If so, why the difference in behaviour? If the profile is not in the >krb5 ticket, why not query a DC for it as is done when using NTLM? Is >the issue one of mapping krb5 principals to ActiveDirectory objects when >the KDC is a non-ActiveDirectory KDC? AFAIK, non-ActiveDirectory KDCs are only supported for authentication, where the authorization information (the SIDs) comes from the local SAM. So I don't think this mapping issue is related. (Note the userprincipalname and serviceprincipalname attributes in ActiveDirectory, and the command line tools for setting up a mapping between local and KDC user accounts when ActiveDirectory is not being used.) I suspect the authorization data field is used because it's there. The client gets a fully expanded set of SIDs which maps well to NT's internal concept of an authorization token, rather than having each client trawl the domain to construct this at logon. Perhaps the fact that DCE used the PAC for a set of user identifiers influenced this. regards, -- Luke -- ___________________________________________________________________________ luke howard lukeh@PADL.COM PADL software pty ltd http://www.PADL.COM From lonnie at borntreger.com Wed Dec 15 04:40:06 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:37 2003 Subject: Latest CVS In-Reply-To: Message-ID: <005501bf46b6$770e95e0$0500000a@wh.com> Looking through the config.log and the Makefile.in, it looks like somebody forgot to check in some files. from config.log: include/includes.h:617: interfaces.h: No such file or directory configure:8490: lib/interfaces.c: No such file or directory configure:8531: lib/interfaces.c: No such file or directory configure:8573: lib/interfaces.c: No such file or directory configure:8619: lib/util_sec.c: No such file or directory configure:8662: lib/util_sec.c: No such file or directory -> egrep -n 'interfaces|util_sec' Makefile.in 95: lib/interfaces.o lib/pidfile.o lib/replace.o \ 101: lib/util.o lib/util_sock.o lib/util_sec.o smbd/ssl.o lib/fnmatch.o 182:SMBRUN_OBJ = utils/smbrun.o lib/util_sec.o So the files are really needed, not just for configure. I just grabbed the latest CVS, and they still aren't there. Anybody have these files to check in? Luke, you seem to be compiling what you are developing... do you have these files? TTFN, Lonnie Borntreger > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Skidmore, Stanley G > Sent: Tuesday, December 14, 1999 2:22 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Latest CVS > > > Hi, > > > > checking configure summary > > > > WARNING: No automated network interface determination > > > > ERROR: no seteuid method available > > > > configure: error: summary failure. Aborting config > > > I had this same error message last night. Does anyone have any ideas? > > > > ---------- > > From: S. Striker[SMTP:s.striker@striker.nl] > > Reply To: s.striker@striker.nl > > Sent: 12/14/99 11:18 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: Latest CVS > > > > Hi there, > > > > > The problem is that the file used to check for the set*uid > > > functions doesn't > > > exit. From the config.log (one of several failures on the file): > > > configure:8662: lib/util_sec.c: No such file or directory > > > > > > Lonnie Borntreger > > > > Indeed this seems to be the problem. How do we fix this? Older CVS > > version did configure, but don't have Luke's multiple daemon update. > > > > Greetings, > > > > Sander Striker > > > > > > -----Original Message----- > > > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > > Glenn MacGregor > > > Sent: Monday, December 13, 1999 1:08 PM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Latest CVS > > > > > > > > > Hi all, > > > > > > Still trying to get roaming profiles to work for NT clients on a > > > Samba PDC, no luck. I have just got the latest cvs stuff and now I > > > can't configure, the error is the following when I run the configure > > > script: > > > > > > > > > checking if large file support can be enabled > > > no > > > checking configure summary > > > WARNING: No automated network interface determination > > > ERROR: no seteuid method available > > > configure: error: summary failure. Aborting config > > > > > > Any Clues? I am running RedHat 6.0 > > > > > > Glenn > > > > > > > > > > > > -- > > > > > > Glenn MacGregor > > > > > > Director of Services > > > Oracom, Inc. > > > http://www.oracom.com > > > > > > Tel. +1 978.557.5710 Ext. 302 > > > Fax +1 978.557.5716 > > > > > > > > > > > > > > From mgeddes at xavier.sa.edu.au Wed Dec 15 05:19:04 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:37 2003 Subject: can't find the PDC References: <3856DBB4.A372E1F@myra.com> Message-ID: <385724C8.B2084DF1@xavier.sa.edu.au> Margarita Parker wrote: > Hi, > > I have configured samba 2.0.6 as a PDC on my solaris 2.6 box. > I am able to join the domain from an NT 4.0 workstation but when I log > on I get an error : > "can't find profile" and then I cannot log on. > When I look in the error log it says: > "No Windows NT Domain Controller is available for domain ITALY. (This > event is expected and can be ignored when booting with the 'No Net' > Hardware Profile.) The following error occurred: > There are currently no logon servers available to service the logon > request." > > In the log.nmb it says: > "[1999/12/14 13:39:00, 0] lib/util_sock.c:set_socket_options(148) > Failed to set socket option TCP_NODELAY (Error Bad file number) > [1999/12/14 13:39:12, 0] smbd/service.c:make_connection(209) > durango (142.44.2.53) couldn't find service test > [1999/12/14 13:39:12, 0] smbd/service.c:make_connection(209) > durango (142.44.2.53) couldn't find service test" > Hi, I have the same errors in my log files when everything is working OK (maybe I'm just broken). As for the Domain Controller thing, do you have a WINS Server on your network? Windows uses a WINS server to find out the address of the Domain Controller. If there are no WINS servers specified on the client, Windows will resort to broadcasting, which doesn't always work. If you haven't got a WINS server, add the wins support = yes line to smb.conf and put the IP address of the Samba server in the primary and secondary WINS server box on the client. If you don't want a WINS server, you can create an LMHOSTS file on the clients. This is stored in <%winroot%> on Win9x clients, or <%winroot%>\system32\drivers\etc (I think) on Windows NT. Here's an example 10.3.2.2 Samba_Server #PRE #DOM:ITALY Where ITALY is the Domain, Samba_Server is the NetBIOS name of the Samba DC and 10.3.2.2 is it's IP. Then run nbtstat -R on the client that has the LMHOSTS file. Repeat for all clients..... Hope it helps, Matt From scarleton at bigfoot.com Wed Dec 15 08:22:58 1999 From: scarleton at bigfoot.com (Sam Carleton) Date: Tue Dec 2 02:27:37 2003 Subject: error w/ 'sbmpasswd -j -r ' Message-ID: <38574FE2.3888F0EE@bigfoot.com> Ok, I am having a problem hooking up my Samba box (Linux) with my NT box (SP5). The Linux box is ln1, and the NT box is roses. When I type in: smbpasswd -j FLOWERS.DOM -r roses I get this error: error connecting to 192.168.0.2:139 (Connection refused) modify_trust_password: unable to connect to SMB server on machine ROSES. Error was : code 0. 1999/12/15 03:09:46 : change_trust_account_password: Failed to change password for domain FLOWERS.DOM. I DID go into the "Windows NT Workstation or Server" and create an account for LN1. Any ideas what I amd doing wrong? Sam Carleton From holzmann at mhnet.de Wed Dec 15 09:42:50 1999 From: holzmann at mhnet.de (Micha Holzmann) Date: Tue Dec 2 02:27:37 2003 Subject: NT maps shares multiple Message-ID: <19991215094250.B6B3C781A@kaliba.rappgmbh.de> Hello, i have here Samba 2.0.6 (Linux, 2.0.36) an NT SP4. I use Samba as PDC. i have one share called 'office'. Normally this share is mapped to drive g: Sometimes this share appears multiple. Beginnig with the next free drive, this share is mapped 5,6 or 7 times. Is this Problem with samba or NT. I have asked Colleagues which have NT Servers, they do not know this behavior. Where must i look/work to solve this? Many thanks and kind regards, Micha Holzmann From Menger at SOHARD.DE Wed Dec 15 10:13:51 1999 From: Menger at SOHARD.DE (Stephan Menger) Date: Tue Dec 2 02:27:37 2003 Subject: AW: NT maps shares multiple Message-ID: this seems to be a NT specific problem, because we have the same issue on our NT workstations, that arre mapping drives from a NT server. Stephan From matthias at waechter.wol.at Wed Dec 15 11:27:25 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:37 2003 Subject: NT maps shares multiple In-Reply-To: <19991215094250.B6B3C781A@kaliba.rappgmbh.de> Message-ID: On Wed, 15 Dec 1999, Micha Holzmann wrote: > i have here Samba 2.0.6 (Linux, 2.0.36) an NT SP4. I use Samba as PDC. > i have one share called 'office'. Normally this share is mapped to drive g: > > Sometimes this share appears multiple. Beginnig with the next free drive, > this share is mapped 5,6 or 7 times. > > Is this Problem with samba or NT. I have asked Colleagues which have NT Servers, > they do not know this behavior. Where must i look/work to solve this? This is an NT (and Win 9x) issue, possibly related to Samba. I worked in a 9x/NT-only office (at the university) for 1 a year, we had this problem in another way: We had different application servers, where one should use the application server nearest to him. Whenever he created a link to, f.e., "P:\apps\office\winword.exe", where P: is mapped to the nearest server's APPS share (all these application servers are configured exactly the same), and changes to another computer using another application server, he automatically connects another drive, f.e. O:, to point on the original application server's APPS share. In fact, it's the roaming profiles and the links in all your explorer folders that make the problem. Windows stores not only the visible path (i.e. g:\project_x\mydoc.xls or p:\apps\office\winword.exe) in the link but also the absolute path (i.e. \\myserver\docroot) - on a Samba server it sometimes forgets that it has already mapped \\myserver\docroot to g:, and, guess what, maps it automatically again (f.e. to l:), additionally changing the link to show "l:\project_x\mydoc.xls) which automatically leads to these shares being connected also in situations when NT doesn't think there's something wrong. So it looks like NT sometimes thinks that the Samba server is different to the one it is already connected to, and tries to reconnect. Since the drive it wants to use (i.e. g:) is already in use, it reconnects to another drive. Search the archive (or deja or MSKB) for "LinkResolveIgnoreLinkInfo" - that's the name of a registry value one can enter to beautify this behavior: Windows NT/9x then ignores the absolute path and doesn't try to automatically remap the drive or change the link to point there. This registry setting is normally accessible also via the standard .adm file for poledit, in fact, most users cannot enter the value by themselves using regedit (or double clicking on a .reg file) because it's located in \\...\Windows\CurrentVersion\Policies\Explorer which they cannot access, so you will have to set up an appropriate ntconfig.pol file on your Samba server's netlogon share. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From snail_talk at yahoo.com Wed Dec 15 11:35:40 1999 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:27:37 2003 Subject: error w/ 'sbmpasswd -j -r ' In-Reply-To: <38574FE2.3888F0EE@bigfoot.com> Message-ID: <000001bf46f0$83e0daf0$0200000a@workstation1> hi, it seems that you are mixing up the idea of nt domains and DNS names. they are _NOT_ the same!! Please find out the name of your nt domain and then try again. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Sam Carleton > Sent: Wednesday, December 15, 1999 4:25 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: error w/ 'sbmpasswd -j -r ' > > > Ok, I am having a problem hooking up my Samba box (Linux) with my NT box > (SP5). The Linux box is ln1, and the NT box is roses. When I type in: > > smbpasswd -j FLOWERS.DOM -r roses > > I get this error: > > error connecting to 192.168.0.2:139 (Connection refused) > modify_trust_password: unable to connect to SMB server on machine ROSES. > Error was : code 0. > 1999/12/15 03:09:46 : change_trust_account_password: Failed to change > password for domain FLOWERS.DOM. > > I DID go into the "Windows NT Workstation or Server" and create an > account for LN1. > > Any ideas what I amd doing wrong? > > Sam Carleton > From canfield at uindy.edu Wed Dec 15 14:14:38 1999 From: canfield at uindy.edu (Canfield) Date: Tue Dec 2 02:27:37 2003 Subject: Bug report w/ Intel Netcards References: <004a01bf3cb2$52b1ea20$0164a8c0@win981> Message-ID: <3857A24E.4205C185@uindy.edu> A bit of a late followup, but... The only problems we (I work with Kelly, the original poster) have seen at all with the eepro cards are related to browsing and domain control. You can actually use Samba in a non-PDC environment with these cards and have some success. PDC is still a bit obscure at the moment, so I wouldn't trust that someone who claims to support Linux would know about this problem. In fact, one of the boxes that failed was a VALinux box (and VA was unaware of the problem). On a positive note, I asked Don Becker (eepro driver author) if he was aware of the problem. He believed the problem would be fixed by using the latest eepro driver (which is not in any of the Linux kernels, and it sounds like it won't be any time soon). Apparently, previous versions of the eepro driver have multicast problems. I don't know enough about browsing/PDC to know if these use multicasting, but it seems likely enough. I won't be able to test this on our boxes until sometime in January, but I'll let the list know at that point if the updated driver fixes the problem. DC Mike Harris wrote: > > This is a little worrying, just about to purchase a Dell PowerEdge for a > webserver. The ones I've used previously have all had the Intel Pro 100+ > PCI card but with 450NX and 440GX chipsets and they've worked like a dream > (a nice one!). This next box has a 440BX chipset. Now Dell say they > support RedHat 6.0 as an OS on these machines, so perhaps it's alright - > though in the UK you can't buy it pre-installed :-(. Jon, do you have a URL > for that patch? > > Mike Harris, > Psand. > ----- Original Message ----- > From: Jon Doyle > To: Multiple recipients of list SAMBA-NTDOM > Sent: Wednesday, December 01, 1999 6:31 PM > Subject: Re: Bug report w/ Intel Netcards > > > I have noticed that Intel cards are not great under Linux. I do see that a > new Driver for eepro has been posted. I have liked to use Intel in the past, > particulary the Server Adapter with the i960 RISC Processor on board; but > due to the problems under Linux I have moved to SMC & Netgear cards. Both of > these work great under Linux. 3COM cards I have stayed away from because of > the horror under Windows and on Switched Networks I have experienced in the > past. I do know 3COM has fixed a lot of this in their drivers, but who wants > to create three floppies for a driver anyway? > > > > > > Jon > > > > Jon R. Doyle > > Systems Administrator > > Document Solutions, Inc. > > 1611 Telegraph Avenue Ste. 1010 > > Oakland, Ca. 94612 > > 510-986-0250 > > > > >>> "Kelly S. Smelser" 12/01/99 07:01AM >>> > > I posted yesterday regarding problems setting up a 2nd samba > > server as a PDC on our campus network. It turns out that the problem > > appears to be more of a network card related issue. After testing the > > scenario out on multiple servers and having no luck, I realized that all > > of the server machines I was trying had Intel network cards. I then tried > > the same setup on my laptop with a 3com PCMCIA ethernet card and the PDC > > setup worked flawlessly. The machines that were not working properly were > > an Intel T440BX motherboard with integrated eepro 10/100 network interface > > and a machine with a PCI Intel EtherExpress 10/100 (i82555) card. Has > > anyone else noticed similar problems with this hardware? > > > > k > > > > "...kneel down and kiss the earth, and show me what this thought is > > worth." -Trey Anastasio/Tom Marshall (Phish) > > From eiben at busitec.de Wed Dec 15 10:52:50 1999 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:27:37 2003 Subject: NT maps shares multiple In-Reply-To: Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Stephan Menger > Sent: Wednesday, December 15, 1999 11:14 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: AW: NT maps shares multiple > > > > this seems to be a NT specific problem, because we have the same issue on > our NT workstations, that arre mapping drives from a NT server. Well, I've seen this behavior an NT Server as well as on Samba ... but only on some clients, not all of them map share multiple all the time ... confusing :) -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de From Menger at SOHARD.DE Wed Dec 15 14:41:32 1999 From: Menger at SOHARD.DE (Stephan Menger) Date: Tue Dec 2 02:27:37 2003 Subject: AW: NT maps shares multiple Message-ID: The problem is - my 2 cents - restricted to the client side. Stephan > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Stephan Menger > > Sent: Wednesday, December 15, 1999 11:14 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: AW: NT maps shares multiple > > > > > > > > this seems to be a NT specific problem, because we have the same issue > on > > our NT workstations, that arre mapping drives from a NT server. > > Well, I've seen this behavior an NT Server as well as on Samba ... but > only > on some clients, not all of them map share multiple all the time ... > confusing :) > > > -- > Henning Eiben > eiben@busitec.de busitec GmbH > business information technology > http://www.busitec.de > From squeegy+sambant at squeegy.org Wed Dec 15 15:14:21 1999 From: squeegy+sambant at squeegy.org (squeegy+sambant@squeegy.org) Date: Tue Dec 2 02:27:37 2003 Subject: latest as of last night crashing on start In-Reply-To: Message-ID: I am trying starting smb in debug mode -d 20 but where does it write this addtional information. i am not seeing anything different in the /var/log/log.smb file. > I am trying to start the latest version of samba 2.1alpha as of last > night and It is not starting and the /var/log/log.smb is reporting > the following: > > wiggles:~ # tail /var/log/log.smb > chmod on /tmp/.msrpc/.lsarpc failed > [1999/12/11 21:14:30, 0] lib/fault.c:fault_report(40) > =============================================================== > [1999/12/11 21:14:30, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 299 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/12/11 21:14:30, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/12/11 21:14:30, 0] lib/util.c:smb_panic(2527) > PANIC: internal error > > What am I doing incorrectly? > > > > ___________________ > > Jt "The Squeegy" Chiodi > > http://www.squeegy.org/ > squeegy@squeegy.org > > ___________________ Jt "The Squeegy" Chiodi http://www.squeegy.org/ squeegy@squeegy.org From Mikael.Olofsson at es.sigma.se Wed Dec 15 14:44:39 1999 From: Mikael.Olofsson at es.sigma.se (Mikael Olofsson) Date: Tue Dec 2 02:27:37 2003 Subject: NT maps shares multiple Message-ID: <960FCE94AC10D1119EFF00A02416D7EA8E655C@exchange.exallon.se> Hi, I have heard a rumor that this should be a netscape problem, this happend to me and I run netscape. /Mikael --- "One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs." - Robert Firth > -----Original Message----- > From: Henning Eiben [SMTP:eiben@busitec.de] > Sent: Wednesday, December 15, 1999 3:22 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: NT maps shares multiple > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Stephan Menger > > Sent: Wednesday, December 15, 1999 11:14 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: AW: NT maps shares multiple > > > > > > > > this seems to be a NT specific problem, because we have the same issue > on > > our NT workstations, that arre mapping drives from a NT server. > > Well, I've seen this behavior an NT Server as well as on Samba ... but > only > on some clients, not all of them map share multiple all the time ... > confusing :) > > > -- > Henning Eiben > eiben@busitec.de busitec GmbH > business information technology > http://www.busitec.de > From snail_talk at yahoo.com Wed Dec 15 15:23:58 1999 From: snail_talk at yahoo.com (geoff) Date: Tue Dec 2 02:27:38 2003 Subject: NT maps shares multiple References: <960FCE94AC10D1119EFF00A02416D7EA8E655C@exchange.exallon.se> Message-ID: <3857B28E.1BA4F0C3@yahoo.com> Mikael Olofsson wrote: > > Hi, I have heard a rumor that this should be a netscape problem, this > happend to me and I run netscape. > > /Mikael > > --- > "One of the main causes of the fall of the Roman Empire was that, lacking > zero, they had no way to indicate successful termination of their C > programs." > - Robert Firth > > > -----Original Message----- > > From: Henning Eiben [SMTP:eiben@busitec.de] > > Sent: Wednesday, December 15, 1999 3:22 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: NT maps shares multiple > > > > > -----Original Message----- > > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > > Stephan Menger > > > Sent: Wednesday, December 15, 1999 11:14 AM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: AW: NT maps shares multiple > > > > > > > > > > > > this seems to be a NT specific problem, because we have the same issue > > on > > > our NT workstations, that arre mapping drives from a NT server. > > > > Well, I've seen this behavior an NT Server as well as on Samba ... but > > only > > on some clients, not all of them map share multiple all the time ... > > confusing :) > > > > > > -- > > Henning Eiben > > eiben@busitec.de busitec GmbH > > business information technology > > http://www.busitec.de > > hi, i'm not too sure but ..this is a guess, but it's remotely possible, but i _really_ doubt it, because netscape should not interfere with your shares. From jbeauchamp at gesinc.com Wed Dec 15 16:01:06 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:38 2003 Subject: Roaming Profiles Message-ID: <001a01bf4715$a240bc20$0601a8c0@jwb.gesinc.com> Hi everyone: I have been lurking here for some time trying to glean information related to roaming profiles. I have RedHat 5.2 (2.0.36) and Samba 2.0.5a. I am trying to implement roaming profiles with Win9x and Win NT 4.0 machines. >From reading the FAQ,and posts to this list, I understand it is bad form to let Samba put the roaming profile in the users home directory (/home/username on my system) however, when I try to change it by un commenting the 'logon path = \\%L\home\profiles\%U' statement, it does not work. When you use the logon path statement should it match exactly with the path= statement in the [Profiles] section? I think I'm missing something simple but I'm too far down in the weeds to see it! Any help is appreciated. Thanks James -------If you ain't the lead dog, the scenery never changes---------- BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From fricke at team.owl-online.de Wed Dec 15 15:51:04 1999 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:38 2003 Subject: Antwort: Roaming Profiles Message-ID: The Profiles are saved in the share [profiles] When you type \\%L\profiles\%U.pds the profiles were found in the directory which you created in the share-location. This is my smb.conf logon path = \\%L\profiles\%U.pds [profiles] comment = profile-share path = /var/samba/profile read only = No create mask = 0750 browseable = No locking = No Hope it works for you -------------------------------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... "James W. Beauchamp" Gesendet von: samba-ntdom@samba.org 15.12.99 16:50 Bitte antworten an jbeauchamp An: Multiple recipients of list SAMBA-NTDOM Kopie: Thema: Roaming Profiles Hi everyone: I have been lurking here for some time trying to glean information related to roaming profiles. I have RedHat 5.2 (2.0.36) and Samba 2.0.5a. I am trying to implement roaming profiles with Win9x and Win NT 4.0 machines. >From reading the FAQ,and posts to this list, I understand it is bad form to let Samba put the roaming profile in the users home directory (/home/username on my system) however, when I try to change it by un commenting the 'logon path = \\%L\home\profiles\%U' statement, it does not work. When you use the logon path statement should it match exactly with the path= statement in the [Profiles] section? I think I'm missing something simple but I'm too far down in the weeds to see it! Any help is appreciated. Thanks James -------If you ain't the lead dog, the scenery never changes---------- BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From pmanuel at myrealbox.com Wed Dec 15 15:57:53 1999 From: pmanuel at myrealbox.com (Pedro Manuel Rodrigues) Date: Tue Dec 2 02:27:38 2003 Subject: NT maps shares Message-ID: <19991215160015Z13082055-11511+28339@samba.anu.edu.au> May i recommend a wonderful resource for people working with Samba and NT? http://www.ntfaq.com. If you go there you can find the solution for a problem that also occurs with NT servers: "Drive mappings are being created by themselves. ". The guilty part is FINDFAST.EXE from Microsoft Office. At least in my case, when it was happening to me exactly what you describe. In fact, for me, FINDFAST.EXe was never worth the problems it creates. Let me paste the solution: -------------- Q. Drive mappings are being created by themselves. A. One known cause of this behavior is the FINDFAST.EXE application that is supplied with Office 97. If either set of the following conditions are both true then drive mappings may be created automatically: Condition set 1 u You perform a search in either the Open dialog box or the Advanced Find dialog box in any Microsoft Office 97 program u The drive you search contains shortcuts that specify a target location that uses a network drive letter instead of a universal naming convention (UNC) path (for example, \\\) Condition set 2 u Find Fast is installed in your Startup group u You index a drive that contains shortcuts that specify a target location that uses a network drive letter instead of a UNC path There are a number of resolutions to this 1. Install Service Pack 3 2. Avoid searching folders that contain shortcuts (.lnk files) 3. Change shortcut target locations to UNC paths, e.g. d:\folder\john.txt to \\\\john.txt 4. Disable Find Fast My experience with FindFast is that is uses up a great deal of system resources and is not worth the resource usage for what it does so option 4 may be your best bet. ----------- On Wed, 15 Dec 1999, Micha Holzmann wrote: > i have here Samba 2.0.6 (Linux, 2.0.36) an NT SP4. I use Samba as PDC. i > have one share called 'office'. Normally this share is mapped to drive > g: > > Sometimes this share appears multiple. Beginnig with the next free > drive, this share is mapped 5,6 or 7 times. > > Is this Problem with samba or NT. I have asked Colleagues which have NT > Servers, they do not know this behavior. Where must i look/work to solve > this? From hanak at IRIS.osu.cz Wed Dec 15 16:05:38 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:38 2003 Subject: Roaming Profiles Message-ID: try logon path=\\%N\profiles\%U it works fine for me. Ondrej From lepape at shom.fr Wed Dec 15 17:09:31 1999 From: lepape at shom.fr (Jean-Marc Le Pape) Date: Tue Dec 2 02:27:38 2003 Subject: programs running under domain accounts Message-ID: <3857CB4B.2942562E@shom.fr> Hello, I wrote cgi scripts to manage a network of PC NT. These scripts functions under the administrator's account and as all the machines of the network have the same administrator's password one can act from one on all the others. I installed a samba server 2.0.6 PDC under linux and now I can't manage the domain's machines any more. Can't we have equivalence between the local administrators and the domain administrators? Why the actions as a local administrator do not go any more whereas the local account always exists on the machines of the domain? Can i make turn the service which launches scripts (apache) under a domain administrator's account? (i try but it doesn't work). Thanks and sorry for my poor english. JM From jbeauchamp at gesinc.com Wed Dec 15 19:23:54 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:38 2003 Subject: Antwort: Roaming Profiles Message-ID: <001801bf4731$f293b800$0601a8c0@jwb.gesinc.com> Thanks to all for the replies. I was misinterpreting the significance of the middle item in '+ACU-L+AFw-profiles+AFwAJQ-U. I did not have it matching the profiles section. I have corrected the problem and all is well+ACE- Thanks James -----Original Message----- From: fricke+AEA-team.owl-online.de +ADw-fricke+AEA-team.owl-online.de+AD4- To: jbeauchamp+AEA-gesinc.com +ADw-jbeauchamp+AEA-gesinc.com+AD4- Cc: samba-ntdom+AEA-samba.org +ADw-samba-ntdom+AEA-samba.org+AD4- Date: Wednesday, December 15, 1999 11:03 AM Subject: Antwort: Roaming Profiles +AD4-The Profiles are saved in the share +AFs-profiles+AF0- +AD4-When you type +AFwAXAAl-L+AFw-profiles+AFwAJQ-U.pds the profiles were found in the +AD4-directory which you created in the share-location. +AD4- +AD4-This is my smb.conf +AD4- +AD4-logon path +AD0- +AFwAXAAl-L+AFw-profiles+AFwAJQ-U.pds +AD4- +AD4AWw-profiles+AF0- +AD4- comment +AD0- profile-share +AD4- path +AD0- /var/samba/profile +AD4- read only +AD0- No +AD4- create mask +AD0- 0750 +AD4- browseable +AD0- No +AD4- locking +AD0- No +AD4- +AD4-Hope it works for you +AD4---------------------------------------------------------------------------- ----------------------- +AD4- +AD4-Cord-H. Fricke +AD4-Technik/Systemadministration +AD4-Fon: 0 52 1 / 52 51-133 +AD4-Fax: 0 52 1 / 52 51- 115 +AD4-fricke+AEA-team.owl-online.de +AD4-http://www.team.owl-online.de/ +AD4- +AD4-A bus station is where a bus stops +AD4-A train station is where a train stops +AD4-On my desk I have work station... +AD4- +AD4- +AD4- +AD4- +AD4AIg-James W. Beauchamp+ACI- +ADw-jbeauchamp+AEA-gesinc.com+AD4- +AD4-Gesendet von: samba-ntdom+AEA-samba.org +AD4-15.12.99 16:50 +AD4-Bitte antworten an jbeauchamp +AD4- +AD4- +AD4- An: Multiple recipients of list SAMBA-NTDOM +ADw-samba-ntdom+AEA-samba.org+AD4- +AD4- Kopie: +AD4- Thema: Roaming Profiles +AD4- +AD4-Hi everyone: +AD4-I have been lurking here for some time trying to glean information related +AD4-to roaming profiles. I have RedHat 5.2 (2.0.36) and Samba 2.0.5a. I am +AD4-trying to implement roaming profiles with Win9x and Win NT 4.0 machines. +AD4APg-From reading the FAQ,and posts to this list, I understand it is bad form +AD4-to +AD4-let Samba put the roaming profile in the users home directory +AD4-(/home/username on my system) however, when I try to change it by un +AD4-commenting the 'logon path +AD0- +AFwAXAAl-L+AFw-home+AFw-profiles+AFwAJQ-U' statement, it does not +AD4-work. +AD4- +AD4-When you use the logon path statement should it match exactly with the +AD4-path+AD0- +AD4-statement in the +AFs-Profiles+AF0- section? I think I'm missing something simple +AD4-but I'm too far down in the weeds to see it+ACE- +AD4- +AD4-Any help is appreciated. +AD4- +AD4-Thanks +AD4-James +AD4- +AD4- +AD4--------If you ain't the lead dog, the scenery never changes---------- +AD4-BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS +AD4- +AD4-James W. Beauchamp, P.E. +AD4-Global Environmental Solutions, Inc. +AD4-2621 Sandy Plains Road +AD4-Suite 102 +AD4-Marietta, Georgia 30066 +AD4-Phone - 770-579-6097 +AD4-Fax - 770-579-6099 +AD4-Email - jbeauchamp-at-gesinc.com +AD4- +AD4- +AD4- +AD4- +AD4- From estes at ece.ucdavis.edu Wed Dec 15 20:17:43 1999 From: estes at ece.ucdavis.edu (Robert Estes) Date: Tue Dec 2 02:27:38 2003 Subject: latest as of last night crashing on start In-Reply-To: References: Message-ID: <19991215121743N.estes@spider.engr.ucdavis.edu> > I am trying starting smb in debug mode -d 20 but where does it write > this addtional information. i am not seeing anything different in the > /var/log/log.smb file. Do you also have machine specific logs? A lot of the stuff goes there. Also, I'm not sure how the two interact, but there's also a debug level in smb.conf. -R From estes at ece.ucdavis.edu Wed Dec 15 20:27:00 1999 From: estes at ece.ucdavis.edu (Robert Estes) Date: Tue Dec 2 02:27:38 2003 Subject: Antwort: Roaming Profiles In-Reply-To: References: Message-ID: <19991215122700M.estes@spider.engr.ucdavis.edu> I've read about the *.pds directory, but when I read about it, the document said NT created it, but that they didn't know what it was for. Does Win95 use it too? > The Profiles are saved in the share [profiles] > When you type \\%L\profiles\%U.pds the profiles were found in the > directory which you created in the share-location. > > This is my smb.conf > > logon path = \\%L\profiles\%U.pds > > [profiles] > comment = profile-share > path = /var/samba/profile > read only = No > create mask = 0750 > browseable = No > locking = No > > Hope it works for you > -------------------------------------------------------------------------------------------------- > > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > Fax: 0 52 1 / 52 51- 115 > fricke@team.owl-online.de > http://www.team.owl-online.de/ > > A bus station is where a bus stops > A train station is where a train stops > On my desk I have work station... > > > > > "James W. Beauchamp" > Gesendet von: samba-ntdom@samba.org > 15.12.99 16:50 > Bitte antworten an jbeauchamp > > > An: Multiple recipients of list SAMBA-NTDOM > Kopie: > Thema: Roaming Profiles > > Hi everyone: > I have been lurking here for some time trying to glean information related > to roaming profiles. I have RedHat 5.2 (2.0.36) and Samba 2.0.5a. I am > trying to implement roaming profiles with Win9x and Win NT 4.0 machines. > >From reading the FAQ,and posts to this list, I understand it is bad form > to > let Samba put the roaming profile in the users home directory > (/home/username on my system) however, when I try to change it by un > commenting the 'logon path = \\%L\home\profiles\%U' statement, it does not > work. > > When you use the logon path statement should it match exactly with the > path= > statement in the [Profiles] section? I think I'm missing something simple > but I'm too far down in the weeds to see it! > > Any help is appreciated. > > Thanks > James > > > -------If you ain't the lead dog, the scenery never changes---------- > BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS > > James W. Beauchamp, P.E. > Global Environmental Solutions, Inc. > 2621 Sandy Plains Road > Suite 102 > Marietta, Georgia 30066 > Phone - 770-579-6097 > Fax - 770-579-6099 > Email - jbeauchamp-at-gesinc.com > > > From cliff at scs.uiuc.edu Wed Dec 15 20:43:46 1999 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:27:38 2003 Subject: Can't compile Message-ID: <3857FD81.FF6EBD22@scs.uiuc.edu> Doesn't seem like anyone can compile the new cvs, huh? Well, here's my output from configure(irix 6.5): checking configure summary WARNING: No automated network interface determination ERROR: no seteuid method available configure: error: summary failure. Aborting config Anybody working on this? -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From scarleton at miltonstreet.com Wed Dec 15 22:40:15 1999 From: scarleton at miltonstreet.com (Sam Carleton) Date: Tue Dec 2 02:27:38 2003 Subject: 'sbmpasswd -j -r ' returns an error References: <000001bf46f0$83e0daf0$0200000a@workstation1> Message-ID: <385818CF.2797B148@miltonstreet.com> No, I don't have nt domains and DNS names mixed up. I named my domain "flowers.dom" I added the ".dom" to stand for domain and so that it would standout fron the other workgroups on the network. The domain IS "flowers.dom" and the pds IS "roses". With this established, does anyone have any idea why I am getting the following error message when I try the command "smbpasswd -j FLOWERS.DOM -r roses": error connecting to 192.168.0.2:139 (Connection refused) modify_trust_password: unable to connect to SMB server on machine ROSES. Error was : code 0. 1999/12/15 03:09:46 : change_trust_account_password: Failed to change password for domain FLOWERS.DOM. Sam Carleton P.S. Is there something I need to set in the NT domain so that I don't use encrypted passwds? If so, what might that be? geoffrey lee wrote: > hi, > > it seems that you are mixing up the idea of nt domains and DNS names. > > they are _NOT_ the same!! > > Please find out the name of your nt domain and then try again. > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Sam Carleton > > Sent: Wednesday, December 15, 1999 4:25 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: error w/ 'sbmpasswd -j -r ' > > > > > > Ok, I am having a problem hooking up my Samba box (Linux) with my NT box > > (SP5). The Linux box is ln1, and the NT box is roses. When I type in: > > > > smbpasswd -j FLOWERS.DOM -r roses > > > > I get this error: > > > > error connecting to 192.168.0.2:139 (Connection refused) > > modify_trust_password: unable to connect to SMB server on machine ROSES. > > Error was : code 0. > > 1999/12/15 03:09:46 : change_trust_account_password: Failed to change > > password for domain FLOWERS.DOM. > > > > I DID go into the "Windows NT Workstation or Server" and create an > > account for LN1. > > > > Any ideas what I amd doing wrong? > > > > Sam Carleton > > From jbeauchamp at gesinc.com Wed Dec 15 23:14:00 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:38 2003 Subject: Followup Profile Related Question Message-ID: <001101bf4752$13a47aa0$0601a8c0@jwb.gesinc.com> Thanks again for your help. As I am a relative newbie at all this, what please is the significance of the '.pds' on the end of %U (which is username if I remember the documentation clearly). Thanks James -------If you ain't the lead dog, the scenery never changes---------- BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From lkcl at samba.org Thu Dec 16 02:35:28 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:38 2003 Subject: [samba-tng] msrpc status Message-ID: tasks completed so far: 1) creation and implementation (first) of msrpc daemon architecture. this has smbd construct msrpc PDUs which are fed through a unix socket over to msrpc daemons. each msrpc daemon listens on the unix socket for connections (which are triggered by an SMB open) and forks() to accept the incoming connection, just like smbd does and for exactly the same reasons that smbd does (security, reliability, simplicity etc). there are variations on this: a) don't fork, have a socket array. on each incoming packet, you will need to do a become_user() for security reasons before processing the function call. you don't want anonymous users to either run as the previous arbitrary user or as root. this implementation variation is being considered as some of the msrpc daemons may require to share info, or to maintain info that needs to be around longer than the duration of an incoming connection (\PIPE\NETLOGON). it will be added to the type of daemons that can be created rather than replace existing one(s). b) have only one msrpc daemon. fork() or socket-array, doesn't matter: you only have one msrpc daemon. this one daemon processes all msrpc pipes. c) variation on b) - allow one msrpc daemon to deal with multiple msrpc pipes, but allow other msrpc daemons to run as well that deal with _other_ pipes. i like this one because some of the pipes only currently support one msrpc call, and it's a bit of a waste to have a 370k binary doing one thing!!! (NetWkstaGetInfo on \PIPE\wkssvc). d) remove all msrpc processing from smbd. this requires a mini-API to be created. split instead of at the smb/msrpc pdu point, just feed any-data-identified-as-msrpc-related out of smbd to, say, a unix socket. on an SMB open - send a mini-API command to open the requested MSRPC pipe. on an SMBtrans request, SMBreadX, send a mini-API command plus the SMB data out of smbd's hands. on am SMBtrans response, SMBwriteX, send a mini-API command to read the data from the other side of the smbd/msrpc interface, then create the SMB response. on an SMB close, send a mini-API commannd to close the requested MSRPC pipe. the current implementation does a little bit of additional house-keeping, but other than that it _has_ an implementation of this "API" - an in-house one: SMB open - fd = open("/tmp/.msrpc/PIPE_NAME"); SMBtrans request, SMBreadX - write(fd, smb_data, smb_len); SMBtrans response, SMBwriteX - read(fd, smb_data, smb_len); SNB close - close(fd) it's not quite like that, but close enough :-) e) allow smbd to be able to run msprc pipes in the same process. actually, code to do this already exists. i haven't removed this code. i used it to transition to independent msrpc daemons. 2) msrpc loop-back interface, aka "ncalrpc" in dce/rpc terminology. this uses the msrpc / smb split point to jump in and bypass the smbd / clientgen.c over SMB over TCP 127.0.0.1. it bypasses SMB authentication mechanisms and uses the internal msrpc authentication mechanism i had to add. security is implemented by only allowing programs run as root to access the unix sockets (/tmp/.msrpc/PIPE_name - you chmod the permissions on the .msrpc directory to 0700). i have a little more thinking to do about this: do we want instead to allow anyone in any user context to be able to run msrpc daemons? if so, we have to go for a three-level directory structure on the unix sockets: /tmp/.msrpc 0777 /tmp/.msrpc/PIPE_name 0770 (or any other permissions) /tmp/.msrpc/PIPE_name/socket 1777 - this is the actual unix socket. current design: /tmp/.msrpc 0700 /tmp/.msrpc/PIPE_name 1777 - this is the actual unix socket. back to the loop-back interface. if you call lsa_open_policy("\\.", ...) or lsa_open_policy("\\myserver, ...) then instead of issuing an SMB connection, the underlying code connets straight to the unix socket for /tmp/.msrpc/lsarpc. i have socurity stuff to deal with that may require me to use the msrpc-agent code i wrote last week. hmm... more thought required. 3) rpc client smb / msrpc split (more transports, client-side) as part of the loop-back rewrite, i had to split out the code in the msrpc client side to do either smb or loop-back, and i did it in such a way that other transports (e.g TCP) can be added later on. it took less time than i expected, but it wass still a pain. 4) lsarpcd lookup names and sids rewrite lsarpcd now no longer access the smb password API database. it uses samr_lookup_rids and samr_lookup_names to query the SAM database (using the new msrpc client loop-back code!) and uses lsa_lookup_sids() and lsa_lookup_names (against using msrpc client code but this time onthe SMB transport) to recursively loop up any names not in the same domain. and if you think this is horrible, complain to microsoft about the the risks of recursion, not to me: it's exactly what NT does :-) i was slightly concerned about this behaviour: nt client does lsalookupnames. client connects to smbd. smbd forks. smbd feeds to lsarpcd. lsarpcd forks. lsarpcd finds that name is in its domain. lsarpcd does a samrlookupnames over an SMB connection. lsarpcd-as-client connects to smbd. smbd fors. smbd feeds to samrd. samrd forks. samrd process samrlookupnames request. feeds response to smbd. smbd feeds response over SMB connection back to lsarpcd. lsarpcd drops SMB connection. lsarpcd creates lsalookupnames response from samrlookupnames response. lsarpcd feeds reponse to smbd. smbd feeds response over SMB connection back to nt client. nt client drops connection. this is UGLY as sin. it is why i created the loop-back code: nt client does lsalookupnames. client connects to smbd. smbd forks. smbd feeds to lsarpcd. lsarpcd forks. lsarpcd finds that name is in its domain. lsarpcd does a samrlookupnames over a loop-back to samrd. samrd forks samrd process samrlookupnames request. feeds response to lsarpdc. lsarpcd drops loopback connection. lsarpcd creates lsalookupnames response from samrlookupnames response. lsarpcd feeds reponse to smbd. smbd feeds response over SMB connection back to nt client. nt client drops connection. this reduces the process count, somewhat. if you really want to reduce the process count, you put lsarpcd and samrd back into smbd. for now, i'm prepared to run with these separate daemons for a while, and see what happens. 5) msrpc redirector agent. like smb-agent, this manages smb connections. it records the credentials of incoming connections, and allows for "reuse" of connections between clients and servers. this can be used to reduce the number of connections (and therefore the number of processes) to one per set of user credentials. it's got potential. it means that the msrpc daemon architecture will need to be able to accept more that one BIND/BIND-ACK + request/response + request/response + request/response .... drop connection sequence simultaneously. i _think_ this is going to be a problem, making it impossible to do this "msrpc redirecter" thing. the difference between smb and msrpc is that smb has the ability to accept and, most importantly, _distinguish_, multiple users on the same session (or connection), whereas MSRPC does not. it's already been decided in the design of MSRPC that when you accept an MSRPC connection, you're not going to accept multiple users on that same connection: it's a per-session connection, that's it, folks. hmmm.... TODO 1) fix the security holes around the loop-back msrpc code. this may involve using SMB authentication in the Bind / Bind Ack stage - code that already exists but hasn't been used for this purpose. 2) examine adding a TCP interface on to the msrpc code, client and server. this probably by implementing the DCE/RPC endport mapper. 3) implement a DCE/RPC endport mapper, client and server . add \PIPE\epmapper. 4) debug "multiple PDU" responses, which have not been tested yet. 5) add "multiple PDU" requests, which up until \PIPE\spoolss were never needed, client or server-side, and the msrpc code's been around for over two years! i can then implement an rpcclient job queye management command that i've been meaning to do for a while. 6) verify that the MSRPC NTLMSSP authentication still works (SamrChangeUserPassword is a good one to use). it uses the 3WAY Auth PDU, so there may be some issues. 7) change the MSRPC split point code to use MSRPC headers to read the correct length of data outstanding on the socket instead of a fudge-job right now which uses NetBIOS-session-style code [which writes out the length of the data in a 4-byte-header then writes that much data after it] TODO on samba itself 1) associate unix and nt user credentials in struct vuser_struct. currently, only the unix name is stored (plus uid,gid, gid*). this is very messily and confusingly assumed, at unknown points in the code, to be an NT name instead of a unix name. or, worse, an NT name is written into the unix name in the vuser_struct. at present, we are lacking the ability to allow trusted domain controller's users access to same, or worse, flattening the name space to confuse NT users with the same NT name in different domains onto the same unix name: a security risk in all current, existing samba releases. 2) remove all direct references to the NT-style SMB/SAM password API and use \PIPE\NETLOGON for user validation and \PIPE\samr or \PIPE\lsarpc for user profile information as required. if you think this will be horrible, remember that if the authentication or user profile grabbing is to be to the PDC and you _are_ the PDC, it will go over MSRPC-loopback. if the authentication of user profile grabbing to to be to a trusted DC or to the PDC and you are _not_ the PDC, it will go over MSRPC-SMB connection. and you _don't_ have to make that decision at the time that you use the SamrQueryUserInfo() call or NetrSamLogon or LsaLookupSids() call, it's done _for_ you inside the MSRPC code. it makes for simpler code. if (is_pdc()) { become_root() smb_pass = getpwnam(nt_user_name); unbecome_root() } else { SamrQueryUserInfo(nt_user_name); } just becomes this: SamrQueryUserInfo(nt_user_name); 3) rewrite or replace smbpasswd with code in rpcclient. everything that smbpasswd currently does: do it with rpcclient, instead. maybe keep smbpasswd around for backwards-compatibility or in case you want to manage smbpasswd files off-line whilst smbd and samrd are not running. in which case, remove all "remote" smbpasswd functionality. or keep it around, again, for backwards-compatibility reasons. i think that covers most major things. there are a few left out, such as what is nmb-agent for. documenting how to do inter-domain trust relationships and how to set samba up as a BDC. luke From rad2921 at cup.edu Thu Dec 16 06:51:51 1999 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:27:38 2003 Subject: network policies In-Reply-To: <001801bf4731$f293b800$0601a8c0@jwb.gesinc.com> Message-ID: I'm having trouble with getting my network policies to work. I'm running FreeBSD-Stable with Samba 2.0.6 since the CVS version won't compile under FreeBSD for some reason. The following are the lines I have in my smb.conf: +AFs-global+AF0- logon script +AD0- /usr/local/samba/lib/netlogon.bat case sensitive +AD0- no preserve case +AD0- yes default case +AD0- lower +AFs-netlogon+AF0- comment +AD0- Net Logon path +AD0- /tmp locking +AD0- no public +AD0- yes browseable +AD0- yes For some reason, my network policies don't work. I've read various online documentation about network policies and nothing seems to work. I have clients running under WinNT Workstation 4.0 and Windows 98. If anyone can help me with this, it'd be appreciated. Thanks, Tim Radigan From snail_talk at yahoo.com Thu Dec 16 06:53:18 1999 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:27:38 2003 Subject: network policies In-Reply-To: Message-ID: <000001bf4792$3c2f18a0$0200000a@workstation1> hi, by network policy i assume you mean the config.pol and ntconfig.pol file. this is an nt issue and not a samba issue really. you just needt o place those files in the netlogon share. +AD4- -----Original Message----- +AD4- From: samba-ntdom+AEA-samba.org +AFs-mailto:samba-ntdom+AEA-samba.org+AF0-On Behalf Of +AD4- Tim Radigan +AD4- Sent: Thursday, December 16, 1999 2:46 PM +AD4- To: Multiple recipients of list SAMBA-NTDOM +AD4- Subject: network policies +AD4- +AD4- +AD4- +AD4- I'm having trouble with getting my network policies to work. I'm +AD4- running FreeBSD-Stable with Samba 2.0.6 since the CVS version +AD4- won't compile under FreeBSD for some reason. The following are +AD4- the lines I have in my smb.conf: +AD4- +AD4- +AFs-global+AF0- +AD4- logon script +AD0- /usr/local/samba/lib/netlogon.bat +AD4- case sensitive +AD0- no +AD4- preserve case +AD0- yes +AD4- default case +AD0- lower +AD4- +AD4- +AFs-netlogon+AF0- +AD4- comment +AD0- Net Logon +AD4- path +AD0- /tmp +AD4- locking +AD0- no +AD4- public +AD0- yes +AD4- browseable +AD0- yes +AD4- +AD4- For some reason, my network policies don't work. I've read +AD4- various online documentation about network policies and nothing +AD4- seems to work. I have clients running under WinNT Workstation +AD4- 4.0 and Windows 98. If anyone can help me with this, it'd be appreciated. +AD4- +AD4- Thanks, +AD4- Tim Radigan +AD4- From Martin-N.Huber at ubs.com Thu Dec 16 07:26:10 1999 From: Martin-N.Huber at ubs.com (Martin Huber) Date: Tue Dec 2 02:27:38 2003 Subject: Can't compile In-Reply-To: <3857FD81.FF6EBD22@scs.uiuc.edu> Message-ID: <000301bf4796$d55e3250$76121fac@AECMHU> I got the same problem. The main problem seems to be that .c files that are required by configure (and later by make as well) were deleted from the cvs head. If you take a look to config.log you can see the error messages about the missing files. I then tried to check those files out (from the attic) - always the head version - and got configure and make to "successfully" finish. But after that nmbd did't run. It stopped after a short while writing something about "internal error" to log.nmbd. The next step: I'll try to first completely check out the 2.0.6 release code (it seems that all missing files are still there in the 2.0.6 release) and then "update" that code with the head code. But perhaps there are other answers!? -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of cliff@scs.uiuc.edu Sent: Mittwoch, 15. Dezember 1999 21:51 To: samba-ntdom@samba.org Subject: Can't compile Doesn't seem like anyone can compile the new cvs, huh? Well, here's my output from configure(irix 6.5): checking configure summary WARNING: No automated network interface determination ERROR: no seteuid method available configure: error: summary failure. Aborting config Anybody working on this? -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From fricke at team.owl-online.de Thu Dec 16 08:19:18 1999 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:38 2003 Subject: Antwort: Followup Profile Related Question Message-ID: Oh it?s a long time ago but if remember correctly, NT is searching for directory called username.pds. My first samba configuration with roaming profiles was without .pds directories and I had a lot of trouble. After renaming the directories to username.pds it works GREAT. Nobody knows why NT is searching for that directory but it works... So never change a running system... Greetings -------------------------------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... From van27 at netvigator.com Thu Dec 16 10:16:11 1999 From: van27 at netvigator.com (Luk Wan) Date: Tue Dec 2 02:27:38 2003 Subject: NT maps shares In-Reply-To: <19991215160015Z13082055-11511+28339@samba.anu.edu.au> Message-ID: i have also meet this problem. for win9x its ok, but for win nt 4.0 sp4, problem spotted. it should be related to the "net use" problem. for win9x, the os won't remeber the NT shares connection (win95 b), but nt 4.0 sp4 do. so, use "net use" to disable the ability to re-connect the shares in the NT login scropt. i can't recall the exact command now, it should be available on the help of the dos shell, look into "net use help" to check out the exact command. hope this help. regards, Christopher Luk From orcom_respond at liquid.ch Thu Dec 16 10:23:20 1999 From: orcom_respond at liquid.ch (orcom_respond) Date: Tue Dec 2 02:27:38 2003 Subject: Information Response from orcom_respond@liquid.ch Message-ID: <19991216112320.55566d05.in@inetpub.liquid.ch> Output Of Request Submitted to SLMail v3.0 Responder File orcom_response.txt(H:\SLmail\SYSTEM\orcom_response.txt) must be text only.Error sending automated response. --- End of processing 0 files sent For any problems, please contact postmaster@liquid.ch. From holzmann at mhnet.de Thu Dec 16 11:06:00 1999 From: holzmann at mhnet.de (Micha Holzmann) Date: Tue Dec 2 02:27:38 2003 Subject: NT maps shares In-Reply-To: References: <19991215160015Z13082055-11511+28339@samba.anu.edu.au> Message-ID: <19991216110601.CBEC0781A@kaliba.rappgmbh.de> Hello Luk, > i have also meet this problem. for win9x its ok, but for win nt 4.0 sp4, > problem spotted. it should be related to the "net use" problem. for win9x, > the os won't remeber the NT shares connection (win95 b), but nt 4.0 sp4 > do. so, use "net use" to disable the ability to re-connect the shares in > the NT login scropt. i can't recall the exact command now, it should be > available on the help of the dos shell, look into "net use help" to check > out the exact command. > hope this help. this is not the problem! I have always used the parameter: net use drive: \\server\share/:persistent:no I found on deja.com an answer related to this problem. I created an registry entry. Since this it has not happen again. I build a little REG File, if someone wants it, please mail me. Gruss, Micha Holzmann From rad2921 at cup.edu Thu Dec 16 15:17:25 1999 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:27:39 2003 Subject: oops.. i mean logon script Message-ID: Sorry, I do not know where my head was at last night. I did mean logon script and not network policies. Sorry about the confusion. But if someone can help me regarding the logon script configuration I have it'd be appreciated. Tim Radigan -----Original Message----- From: Tim Radigan +AFs-mailto:rad2921+AEA-cup.edu+AF0- Sent: Thursday, December 16, 1999 1:52 AM To: Multiple recipients of list SAMBA-NTDOM Subject: network policies I'm having trouble with getting my network policies to work. I'm running FreeBSD-Stable with Samba 2.0.6 since the CVS version won't compile under FreeBSD for some reason. The following are the lines I have in my smb.conf: +AFs-global+AF0- logon script +AD0- /usr/local/samba/lib/netlogon.bat case sensitive +AD0- no preserve case +AD0- yes default case +AD0- lower +AFs-netlogon+AF0- comment +AD0- Net Logon path +AD0- /tmp locking +AD0- no public +AD0- yes browseable +AD0- yes For some reason, my network policies don't work. I've read various online documentation about network policies and nothing seems to work. I have clients running under WinNT Workstation 4.0 and Windows 98. If anyone can help me with this, it'd be appreciated. Thanks, Tim Radigan From estes at ece.ucdavis.edu Thu Dec 16 15:27:08 1999 From: estes at ece.ucdavis.edu (Robert Estes) Date: Tue Dec 2 02:27:39 2003 Subject: Antwort: Followup Profile Related Question In-Reply-To: References: Message-ID: <19991216072708B.estes@spider.engr.ucdavis.edu> > Oh it's a long time ago but if remember correctly, NT is searching for > directory called username.pds. My first samba configuration with roaming > profiles was without .pds directories and I had a lot of trouble. After > renaming the directories to username.pds it works GREAT. Nobody knows > why NT is searching for that directory but it works... So it actually stores the files in the .pds directory? > So never change a running system... Good idea. Thanks! -R From bobby at math01.cs.upd.edu.ph Thu Dec 16 15:35:01 1999 From: bobby at math01.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:39 2003 Subject: need help on printer accounting Message-ID: Hello, I already have a working samba domain and I would like to know the number of pages my users are printing. I have tried the printer-accounting scripts that came with the samba distribution but I don't know how to use it. It seems that my samba logs report that a user connects to the printer but I don't see any record of how many bytes were printed. If anyone has done a successful printer-accounting, I would like ask your help. Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- Under every stone lurks a politician. -- Aristophanes From bobby at math01.cs.upd.edu.ph Thu Dec 16 15:55:45 1999 From: bobby at math01.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:39 2003 Subject: need help on roaming profiles Message-ID: Hello, I have read from the samba_ntdom faq that it is bad to set "logon path = \\%N\%U\profile". The faq suggested that I use "logon path = \\%N\profiles\%U". When I did, I get an error saying something like "Can't create \\hilbert\profiles\bobby.pds. You will be logged using your local profile." When I click on the folder Profiles in the network neighborhood, NT says something like "Network path not found!". I can't seem to figure this out. If anyone has success on this setup, I would like to ask for help. Here is my smb.conf: # Global parameters [global] workgroup = MATH01 encrypt passwords = Yes logon path = \\%N\profiles\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes guest account = pcguest [homes] comment = Home Directories read only = No guest ok = Yes [netlogon] comment = Network Logon Service path = /home/netlogon write list = bobby force create mode = 0644 force directory mode = 0755 locking = No [Profiles] path = /home/profiles/%u guest ok = Yes [printers] comment = All Printers path = /var/spool/samba guest ok = Yes print ok = Yes browseable = No [tmp] comment = Temporary File Space path = /tmp read only = No guest ok = Yes [cdrom] comment = CD ROM path = /mnt/cdrom guest ok = Yes Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- "The sixties were good to you, weren't they?" -- George Carlin From caesmb at lab2.cc.wmich.edu Thu Dec 16 16:27:39 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:27:39 2003 Subject: PAM, smbpasswd/unix sync Message-ID: Hello, I've been off the list for a while, and I couldn't find anything in the archives, but a while ago there was some talk about including a PAM module in the distribution that would automagically update the smbpasswd file when unix passwords got changed on PAM aware systems. Was there any further development on that? Thanks, Kevin Currie From pgreer at dalcon-icis.com Thu Dec 16 16:40:51 1999 From: pgreer at dalcon-icis.com (Phillip Greer) Date: Tue Dec 2 02:27:39 2003 Subject: Domain.... time out? Message-ID: <1FEC2D6FA0E3D211B7A30090274ECD871B1041@MERCURY> Problem: I've just set up Samba 2.0.6 under Linux 6.1. We have an NT PDC and I wanted the samba server to be part of that domain - so I followed the DOMAIN_MEMBER.txt instructions by - Adding the machine name to the PDC server admin - Running the samba command smbpasswd -j DOMAIN -r DOMPDC - Starting samba (with the appropriate changes to smb.conf) It worked beautifully. Users that don't have an account on the Linux box don't see a personal folder but do see the shared folders/printers under da net hood. Those with logins on the Linux box see their /home/ directories along with the public shared stuff - all without having to log in to the samba server, they only have to log into the NT domain. After a long while (like overnight), something goes amiss and the samba server acts like it no longer is part of the domain (i.e. double clicking on the server in da net hood gives a password prompt, but one can never log in - no matter if the user/passwd is right). The only way for me to get it working again is to delete the server from the PDC, shut down samba, re-add the server to the PDC, run the smbpasswd command again, then start samba up again. QUESTION: Is there some sort of time out with Samba being part of the domain? Has anyone else run into this? Thanks in advance, PG.. Philip Greer AIX Systems Administrator Dalcon Technologies (615)-366-4300 pgreer@dalcon-icis.com From mariap at dvs.nuphase.com Thu Dec 16 17:17:13 1999 From: mariap at dvs.nuphase.com (Maria Teresa Pineda) Date: Tue Dec 2 02:27:39 2003 Subject: SUBSCRIBE Message-ID: <4.2.0.58.19991216121706.0095cf00@dvs.nuphase.com> ------=_NextPart_000_0004_01BEBE31.D9B2C800 Content-Type: text/plain; charset="iso-8859-1" From Loo at littongcs.com Thu Dec 16 17:50:27 1999 From: Loo at littongcs.com (Loo, Joseph) Date: Tue Dec 2 02:27:39 2003 Subject: Domain.... time out? Message-ID: <9DD60A65AD75D211816700A0C9E93F910278FDA7@whntmail1.littongcs.com> Have you tried setting the wins server? I had the same problem until I placed the appropriate wins server in the global portion of the configuration. [global] wins server = xxx.xxx.xxx.xxx (your wins server). Joseph Loo Litton Guidance & Control 5500 Canoga Ave Woodland Hills, CA 91367-6698 Phone #: (818) 715-2961 Fax #: (818) 715-2752 -----Original Message----- From: Phillip Greer [mailto:pgreer@dalcon-icis.com] Sent: Thursday, December 16, 1999 8:41 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Domain.... time out? Problem: I've just set up Samba 2.0.6 under Linux 6.1. We have an NT PDC and I wanted the samba server to be part of that domain - so I followed the DOMAIN_MEMBER.txt instructions by - Adding the machine name to the PDC server admin - Running the samba command smbpasswd -j DOMAIN -r DOMPDC - Starting samba (with the appropriate changes to smb.conf) It worked beautifully. Users that don't have an account on the Linux box don't see a personal folder but do see the shared folders/printers under da net hood. Those with logins on the Linux box see their /home/ directories along with the public shared stuff - all without having to log in to the samba server, they only have to log into the NT domain. After a long while (like overnight), something goes amiss and the samba server acts like it no longer is part of the domain (i.e. double clicking on the server in da net hood gives a password prompt, but one can never log in - no matter if the user/passwd is right). The only way for me to get it working again is to delete the server from the PDC, shut down samba, re-add the server to the PDC, run the smbpasswd command again, then start samba up again. QUESTION: Is there some sort of time out with Samba being part of the domain? Has anyone else run into this? Thanks in advance, PG.. Philip Greer AIX Systems Administrator Dalcon Technologies (615)-366-4300 pgreer@dalcon-icis.com From ba2k at virginia.edu Thu Dec 16 18:09:47 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:39 2003 Subject: Local Directory ACLs Message-ID: <3.0.6.32.19991216130947.0091b640@127.0.0.1> Greetings: I am perplexed by what I see as a local NT Administrator when I look at the security that has been applied to the local profiles (%windir%\Profiles\%username%) as well as other directories of significance. They show a username of Account Unknown in the Samba domain named COMPLAB (COMPLAB\Account Unknown). Account Unknown is shown as having Full Control for the directory of interest. As local Administrator, I can change the security permissions for the directories of interest. When logged into the domain COMPLAB as Administrator, I can only view the security permissions of directories in question, no change is allowed. Obviously what I think as the domain Administrator does not have rights to change directory permissions. Again there are entries in the Directory Permissions table for COMPLAB\Account Unknown. My assumption is Account Unknown means the SID for the user is invalid. In smb.conf i have Administrator(s) listed as a domain administrator by "domain admin = win98adm Administrator" and defined in the username map file as win98adm = Administrator. Should not domain admins also have rights, if given, into the local file system? ./testparm shows "nt acl support = yes". We are running Samba 2.0.5a under RS/6000 AIX 4.2. There are six WIN98 systems that seem very happy in the domain. The NT test systems are at issue. My question come to the point of asking whether this situation is normal in the non-HEAD version. I understand domain control is incompletely implemented in 2.0.5a. If this situation should not occur in 2.0.5a, how should i correct it. How well are ACLs supported in 2.0.5a? Is this problem related to the failure of NT to download NT profiles although it re-writes profiles in the expected location (\\%L\profiles\%U\%a where profiles is /home/samba_profiles). Everytime a user logs in, NT thinks is the first. Any help is greatly appreciated. If I can get beyond this problem, I can get my apps installed by the domain admin and be on the way to a truly useful administrative domain. As an afterthough, the test system is registered in the domain (domain login IS offered as an option). No policies have been applied. -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-8065 (w) 804-245-5813 (h) From mgeddes at xavier.sa.edu.au Thu Dec 16 22:09:10 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:39 2003 Subject: network policies References: <000001bf4792$3c2f18a0$0200000a@workstation1> Message-ID: <38596305.2AF2EC5A@xavier.sa.edu.au> geoffrey lee wrote: > hi, > > by network policy i assume you mean the config.pol and ntconfig.pol file. > > this is an nt issue and not a samba issue really. you just needt o place > those files in the netlogon share. > > +AD4- -----Original Message----- > +AD4- From: samba-ntdom+AEA-samba.org +AFs-mailto:samba-ntdom+AEA-samba.org+AF0-On Behalf Of > +AD4- Tim Radigan > +AD4- Sent: Thursday, December 16, 1999 2:46 PM > +AD4- To: Multiple recipients of list SAMBA-NTDOM > +AD4- Subject: network policies > +AD4- > +AD4- > +AD4- > +AD4- I'm having trouble with getting my network policies to work. I'm > +AD4- running FreeBSD-Stable with Samba 2.0.6 since the CVS version > +AD4- won't compile under FreeBSD for some reason. The following are > +AD4- the lines I have in my smb.conf: > +AD4- > +AD4- +AFs-global+AF0- > +AD4- logon script +AD0- /usr/local/samba/lib/netlogon.bat > +AD4- case sensitive +AD0- no > +AD4- preserve case +AD0- yes > +AD4- default case +AD0- lower > +AD4- > +AD4- +AFs-netlogon+AF0- > +AD4- comment +AD0- Net Logon > +AD4- path +AD0- /tmp > +AD4- locking +AD0- no > +AD4- public +AD0- yes > +AD4- browseable +AD0- yes > +AD4- > +AD4- For some reason, my network policies don't work. I've read > +AD4- various online documentation about network policies and nothing > +AD4- seems to work. I have clients running under WinNT Workstation > +AD4- 4.0 and Windows 98. If anyone can help me with this, it'd be appreciated. > +AD4- > +AD4- Thanks, > +AD4- Tim Radigan > +AD4- Pretty much. One problem I found was that you needed to create the .pol files on the workstation for that operating system and SAVE it to the netlogon share (rather than save and copy). So File->Save As->\\PDC\netlogon\ntconfig.pol and \\PDC\netlogon\config.pol. It's a pain in the arse. If you have any Windows 95 boxes, make sure you update the grouppol.dll. If you don't, group policies don't work at all. Matt From D.Bannon at latrobe.edu.au Thu Dec 16 22:17:08 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:39 2003 Subject: need help on printer accounting In-Reply-To: Message-ID: <3.0.6.32.19991217091708.008ade10@bioserve.latrobe.edu.au> At 02:38 AM 17/12/1999 +1100, Bobby Corpuz Jr. wrote: >... I would like to know the number >of pages my users are printing. I use a fairly effective system that has evolved over the last couple of years. I sent it in to the Samba Examples section but don't know if it has appeared yet. Briefly its a C programme that is called instead of lpr, it does the accounting stuff and then it calls lpr to do the actual printing. The programme, aprint, will only work with postscript printers. I use the programme in two modes, 'count up' and 'count down'. Count up mode, which I use in our research labs just keeps a record of how many pages each user has printed. The other mode, 'count down' or credit mode, I use in our undergraduate lab. Each student starts out with a certain printer credit (100 pages per term) and they are not permitted to print more than that. The programme will also check the paper size being printed preventing requests for the wrong size from blocking the printer queue. If you want a copy, please email me and I will send you the source and instructions. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Thu Dec 16 22:20:32 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:39 2003 Subject: PAM, smbpasswd/unix sync In-Reply-To: Message-ID: <3.0.6.32.19991217092032.0088e1e0@bioserve.latrobe.edu.au> At 03:33 AM 17/12/1999 +1100, CAE Samba Admin wrote: > >Hello, > >I've been off the list for a while, and I couldn't find anything in the >archives, but a while ago there was some talk about including a PAM >module in the distribution that would automagically update the smbpasswd >file when unix passwords got changed on PAM aware systems. Was there any >further development on that? > A better solution (that I use) is pam_smb that lets me do away with the unix passwords altogether. All user logins (samba, telnet, remote machines etc) are checked against the smbpasswd list which is much better protected that /etc/passwd David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lonnie at borntreger.com Fri Dec 17 09:49:28 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? Message-ID: <000001bf4874$035a02a0$0500000a@wh.com> I just got the latest CVS. The version is now pre3.0.0 instead of 2.1.0-prealpha. What happened to 2.1? And the lsarpcd disappeared. Should I no longer be looking at the "head" branch, or did 2.1 get nixed? OTOH, this version configures again (has the previously missing util_sec.c and interfaces.c), and shows up in W95 Server Manager as the primary instead of the backup. Just wondering what's up. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From jens.skripczynski at igd.fhg.de Fri Dec 17 09:57:04 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? In-Reply-To: <000001bf4874$035a02a0$0500000a@wh.com>; from lonnie@borntreger.com on Fri, Dec 17, 1999 at 08:50:21PM +1100 References: <000001bf4874$035a02a0$0500000a@wh.com> Message-ID: <19991217105704.A8169@pclinux.igd.fhg.de> Lonnie J. Borntreger: > I just got the latest CVS. The version is now pre3.0.0 instead of > 2.1.0-prealpha. It was said in the cvs list. Seem's that the samba 2.1pre Shall become the 3.0pre Version. As there is already a big updating process going on between 2.0 and 2.1. I hope next time for 3.1 there will never be such a big gap between the development version and the stable version like between 2.0 and 2.1... Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From bs at niggard.org Fri Dec 17 09:05:03 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? In-Reply-To: <000001bf4874$035a02a0$0500000a@wh.com> Message-ID: On Fri, 17 Dec 1999, Lonnie J. Borntreger wrote: > I just got the latest CVS. The version is now pre3.0.0 instead of > 2.1.0-prealpha. What happened to 2.1? And the lsarpcd disappeared. > > Should I no longer be looking at the "head" branch, or did 2.1 get nixed? old HEAD is now called SAMBA_TNG HEAD synced with SAMBA_2.0, waiting for PDC code to be merged in. SAMBA_2.0 stays for bugfixes and little enhacements. From s.striker at striker.nl Fri Dec 17 10:38:30 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? In-Reply-To: <19991217105704.A8169@pclinux.igd.fhg.de> Message-ID: <000301bf487a$dbdc2170$0a00a8c0@office.striker.nl> Hi there, > > Lonnie J. Borntreger: > > I just got the latest CVS. The version is now pre3.0.0 instead of > > 2.1.0-prealpha. > Jens Skripczynski: > It was said in the cvs list. Seem's that the samba 2.1pre Shall > become the > 3.0pre Version. As there is already a big updating process going > on between > 2.0 and 2.1. I hope next time for 3.1 there will never be such a big gap > between the development version and the stable version like > between 2.0 and > 2.1... Sorry for my ignorance, but where do I find the cvs mailing list? It would be very convenient to know what is going on exactly. > Lonnie J. Borntreger wrote: > > I just got the latest CVS. The version is now pre3.0.0 instead of > > 2.1.0-prealpha. What happened to 2.1? And the lsarpcd disappeared. > > Should I no longer be looking at the "head" branch, or did 2.1 get nixed? > bs@niggard.org: > old HEAD is now called SAMBA_TNG > HEAD synced with SAMBA_2.0, waiting for PDC code to be merged in. > SAMBA_2.0 stays for bugfixes and little enhacements. So if we want the '2.1' code we nead to check out SAMBA_TNG ? As for the '3.0' code we can just check out the HEAD branch ? Correct me if I'm wrong (please). Greetings, Sander Striker PS. I'm pleased to see that development has made such a great advancement, since 3.0 also stands for a more complete full featured Samba as we can read in the `future releases` documentation/timeline. From giulioo at pobox.com Fri Dec 17 10:28:00 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? In-Reply-To: References: <000001bf4874$035a02a0$0500000a@wh.com> Message-ID: <19991217102811.4F4F926F6E@i3.golden.dom> On Fri, 17 Dec 1999 21:08:07 +1100, hai scritto: >On Fri, 17 Dec 1999, Lonnie J. Borntreger wrote: > >> I just got the latest CVS. The version is now pre3.0.0 instead of >> 2.1.0-prealpha. What happened to 2.1? And the lsarpcd disappeared. >> >> Should I no longer be looking at the "head" branch, or did 2.1 get nixed? > >old HEAD is now called SAMBA_TNG >HEAD synced with SAMBA_2.0, waiting for PDC code to be merged in. >SAMBA_2.0 stays for bugfixes and little enhacements. I read the message about the CVS changes, but after those changes I have problems: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r SAMBA_2_0 samba I understand samba_2_0 should be initially = 2.0.6, and slowly becomes 2.0.7.... But I see that the whatsnew.txt talks about 2.0.4b, the version number is pre-3.0.0, there are dirs with stuff that should be in tng like winregd, wkssvcd... Did I do something wrong? Please tell me the command I have to use to download 2_0. Before the reshuffle I could keep 2_0 and HEAD ok, now it's a mess. -- giulioo@pobox.com From jens.skripczynski at igd.fhg.de Fri Dec 17 10:37:37 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? In-Reply-To: <000301bf487a$dbdc2170$0a00a8c0@office.striker.nl>; from s.striker@striker.nl on Fri, Dec 17, 1999 at 09:27:09PM +1100 References: <19991217105704.A8169@pclinux.igd.fhg.de> <000301bf487a$dbdc2170$0a00a8c0@office.striker.nl> Message-ID: <19991217113737.A8433@pclinux.igd.fhg.de> S. Striker: > Sorry for my ignorance, but where do I find the cvs mailing list? It > would be very convenient to know what is going on exactly. http://us1.samba.org/listproc/samba-cvs/ for the Archive... For subscribtion send an E-Mail to: To subscribe to the SAMBA-CVS list send an email like this: *---------------- To: listproc@samba.org Subject: subscribe subscribe SAMBA-CVS YOUR NAME You should receive a email reply giving you your password a few minutes later *----------------- Or point your Browser to: http://lists.samba.org/cgi-bin/weblist?list=SAMBA-CVS;newuser=1 Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From ncoustille at atos-group.com Fri Dec 17 10:37:24 1999 From: ncoustille at atos-group.com (Nicolas Coustille) Date: Tue Dec 2 02:27:39 2003 Subject: Message-ID: <01BF4883.174E8240.ncoustille@atos-group.com> From andreak at xcon-data.no Fri Dec 17 14:49:44 1999 From: andreak at xcon-data.no (Andreas Krogh) Date: Tue Dec 2 02:27:39 2003 Subject: Executing logon-scripts as Administrator Message-ID: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> Hi. Is there a way to execute the NT-Domain logon-scripts as administrator on the client-machines? I want to update the time with the "net" command and get something like "you are not administrator"? Is there a work-around for setting the time from a samba-server(xntp-server)? -- Andreas From cliff at scs.uiuc.edu Fri Dec 17 15:34:28 1999 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:27:39 2003 Subject: New Version in CVS?? References: <000001bf4874$035a02a0$0500000a@wh.com> Message-ID: <385A5804.599D07A3@scs.uiuc.edu> So which branch should I be on if I want the PDC code? What cvs command do I execute to get that branch? I'm interested in enough functionality so that my unix box will act as a PDC for w9* and winNT and can be administered with user manager for domains. "Lonnie J. Borntreger" wrote: > I just got the latest CVS. The version is now pre3.0.0 instead of > 2.1.0-prealpha. What happened to 2.1? And the lsarpcd disappeared. > > Should I no longer be looking at the "head" branch, or did 2.1 get nixed? > > OTOH, this version configures again (has the previously missing util_sec.c > and interfaces.c), and shows up in W95 Server Manager as the primary instead > of the backup. > > Just wondering what's up. > > TTFN, > Lonnie Borntreger > lonnie@borntreger.com > http://www.borntreger.com/ -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From thomas.heiligenmann at t-online.de Fri Dec 17 17:25:13 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:39 2003 Subject: Executing logon-scripts as Administrator References: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> Message-ID: <385A71F9.E23A576C@heiligenmann.de> You _can_ update the time o your NT clients without admin rights, however by default this privilege is granted only to admins and power users... You must add this privilege for normal users via the local NT user manager or by executing ntrights -u Users -m %Computername% +r SeSystemTimePrivilege I think ntrights.exe can be found somewhere on the resource kit CD -- Thomas Andreas Krogh wrote: > > Hi. > Is there a way to execute the NT-Domain logon-scripts as administrator > on the client-machines? I want to update the time with the "net" command > and get something like "you are not administrator"? > Is there a work-around for setting the time from a > samba-server(xntp-server)? > > -- > Andreas From thomas.heiligenmann at t-online.de Fri Dec 17 17:25:06 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:39 2003 Subject: need help on roaming profiles References: Message-ID: <385A71F2.C5F83965@heiligenmann.de> Looks like you haven't enabled writing access to your profiles share. BTW it's a good idea too to restrict read and write access to the creator of the profile! E.g.: [profiles] path = /home/profiles writable = yes create mode = 0600 directory mode = 0700 In the [global] section better set logon path = \\%L\profiles\%U Hope this helps. -- Thomas "Bobby Corpuz Jr." wrote: > > Hello, > > I have read from the samba_ntdom faq that it is bad to set "logon path = > \\%N\%U\profile". The faq suggested that I use "logon > path = \\%N\profiles\%U". When I did, I get an error saying something like > "Can't create \\hilbert\profiles\bobby.pds. You will be logged using your > local profile." When I click on the folder Profiles in the network > neighborhood, NT says something like "Network path not found!". I can't > seem to figure this out. If anyone has success on this setup, I would like > to ask for help. Here is my smb.conf: > From karlheinz at khschulz.com Fri Dec 17 17:25:20 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:39 2003 Subject: Home Directory Message-ID: <002201bf48b3$b21241b0$6e320180@charlielabtop> Samba Share /public = /home User home /home/user In the moment I can map the user to their home directory \\server\share\home_directory The user always ends up at \\server\share Can I do it with NT login scripts or shall I do it with Samba/Linux scripts? Thank you From matthias at waechter.wol.at Fri Dec 17 17:29:28 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:39 2003 Subject: Executing logon-scripts as Administrator In-Reply-To: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> Message-ID: On Sat, 18 Dec 1999, Andreas Krogh wrote: > Hi. > Is there a way to execute the NT-Domain logon-scripts as administrator > on the client-machines? I want to update the time with the "net" command > and get something like "you are not administrator"? > Is there a work-around for setting the time from a > samba-server(xntp-server)? Grant time modification rights for all the users you want (User Manager). or Install a TimeSync service for WinNT. I prefer the latter. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From dgiroux at authentica.com Fri Dec 17 18:03:51 1999 From: dgiroux at authentica.com (David Giroux) Date: Tue Dec 2 02:27:39 2003 Subject: smb.conf for rcpclient Message-ID: <385A7B07.FD96E166@authentica.com> I have built a shared library out of CVS Head components and use this library from my application in a manner very similar to the way rcpclient uses it. My program uses the SAMBA library to establish a connection to an NT PDC and then it performs lsa-query, enum-groups, sam-group-mem, and lookup-sids in order to determine the authenticated user's group membership. My SAMBA library contains PARAM, LIBSMB, UBIQX, LIB, RPC_CLIENT, RPC_PARSE, and PASSDB. My current version of the program, library, and smb.conf successfully accomplish my authentication goals. All is fine in SAMBA land. I am now looking into how to properly use smb.conf. In particular, I would like to make sure that I only use secure dialects that perform challenge response password authentication. There may be other things I need to do as well. Does anyone know how I should setup my config? Remember that I am a simple client (like rpcclient). -- --------------------------------------- David Giroux Authentica Security Technologies, Inc. 781-487-2600 x202 http://www.authentica.com --------------------------------------- From dgiroux at authentica.com Fri Dec 17 18:20:03 1999 From: dgiroux at authentica.com (David Giroux) Date: Tue Dec 2 02:27:40 2003 Subject: smb.conf for rcpclient References: <385A7B07.FD96E166@authentica.com> Message-ID: <385A7ED3.B7C7BDCC@authentica.com> Oh Ya... Here is my current smb.conf [global] workgroup = ntdomainname hosts allow = aaa.bbb.ccc. security = user socket options = TCP_NODELAY preserve case = yes short preserve case = yes After reading the man pages, I have come to believe that most of these parameters are irrelevant for a client. ? ARE ANY SMB.CONF PARAMETERS RELEVANT TO CLIENTS ? =================== David Giroux wrote: > I have built a shared library out of CVS Head components and use this > library from my application in a manner very similar to the way > rcpclient uses it. My program uses the SAMBA library to establish a > connection to an NT PDC and then it performs lsa-query, enum-groups, > sam-group-mem, and lookup-sids in order to determine the authenticated > user's group membership. My SAMBA library contains PARAM, LIBSMB, UBIQX, > LIB, RPC_CLIENT, RPC_PARSE, and PASSDB. > > My current version of the program, library, and smb.conf successfully > accomplish my authentication goals. All is fine in SAMBA land. > > I am now looking into how to properly use smb.conf. In particular, I > would like to make sure that I only use secure dialects that perform > challenge response password authentication. There may be other things I > need to do as well. Does anyone know how I should setup my config? > Remember that I am a simple client (like rpcclient). > > -- > --------------------------------------- > David Giroux > Authentica Security Technologies, Inc. > 781-487-2600 x202 > http://www.authentica.com > --------------------------------------- -- --------------------------------------- David Giroux Authentica Security Technologies, Inc. 781-487-2600 x202 http://www.authentica.com --------------------------------------- From guido.guenther at uni-konstanz.de Fri Dec 17 18:33:30 1999 From: guido.guenther at uni-konstanz.de (Guido Guenther) Date: Tue Dec 2 02:27:40 2003 Subject: Executing logon-scripts as Administrator In-Reply-To: <385A71F9.E23A576C@heiligenmann.de>; from Thomas Heiligenmann on Sat, Dec 18, 1999 at 04:27:35AM +1100 References: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> <385A71F9.E23A576C@heiligenmann.de> Message-ID: <19991217193330.A5212@faramir.physik.uni-konstanz.de> On Sat, Dec 18, 1999 at 04:27:35AM +1100, Thomas Heiligenmann wrote: > ntrights -u Users -m %Computername% +r SeSystemTimePrivilege > > I think ntrights.exe can be found somewhere on the resource kit CD or use the tool grant from: http://www.franzo.co.nz/hansson/grant.htm Bye, -- Guido -- PGP-Public Key: http://honk.physik.uni-konstanz.de/~guido/gunther.asc GPG-Public Key: http://honk.physik.uni-konstanz.de/~agx/guenther.gpg.asc From ralf at is.rice.edu Fri Dec 17 18:47:48 1999 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:27:40 2003 Subject: unsubscribe Message-ID: --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From lkcl at samba.org Fri Dec 17 19:06:28 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) Message-ID: andrew does not want me to add the ability for unix admins to decide whether to start and stop unix services. i definitely want to add the ability to start and stop msrpc services, as i find it a bit of a pain to do a killall srvsvcd; make; bin/svcctld about once every ten minutes throughout the day. andrew did not want the "magic script" option in smb.conf, which runs scripts if you copy them onto a samba server (it's a bit like rexec). if you don't speak up in favour, start/stop services as remote administrator certainly won't ever get added. if you are just a unix admin and do not touch NT or do not use any remote unix administrative tools with the similar capability [to start/stop services], please say so, and your opinion will be noted but given less weight. thx, luke ---------- Forwarded message ---------- Date: Fri, 17 Dec 1999 20:43:34 +1100 From: bs@niggard.org To: Multiple recipients of list SAMBA-CVS Subject: Re: CVS update: samba/source/include This mail is entirely based on my intuition, not on hard facts or anything; don't hit me, i just have no time digging into the internals of smb... On Fri, 17 Dec 1999, Andrew Tridgell wrote: > > > I want SMB/MSRPC to die, not to become a core piece of every unix > > > admins toolbox. I can't think of any unix admin who wants the ablity > > > to control unix daemons from NT. > > > > you might not. the unix admins might. > > they won't. ask a few if they want to start/stop sendmail via > Samba. > > I asked our local sysadmin. His answer was "its crap" True, any sane admin that can use a shell and X will never ever want to fire up windows to do administration work. but reality looks like this: more and more people are using samba that never ever used a shell. and they want to be able to do everything from their known NT-tools and they want to have a linux/bsd server. sad but true. so first i thought: hey, if we can do it, why not? it's not my problem if the luser messes everything up. i've warned him enough, he'll have to pay me for fixing it. but after thinking over it: no, it's just too dirty. and unix is not about doing it dirty, it's about doing it right and letting you the freedom to do it dirty. so, dont bother implementing this. give people a framework to do anything they want with msrpcs. what *i* would love is a plugin system comparable to gimp: handle msrpcs in plugins. the api is nearly as easy as simple function calling. as there will be no "external" plugins for some time, the api can evolve. every plugin will have 3 major functions: load_plugin(...) handle_rpc(struct rpc*) unload_plugin(). the plugin chooses which rpc's it handles. if the user loads a plugin not by the samba team, that formats her hd, can be fucked by overflows or whatever => it's not your fault! of course lots of thinking will have to go in a system like this, like how to catch segfaults in plugins and so on. but it still looks easier than doing this over pipes! i dont see what you lose over the multi-server system: instead of starting and stopping, load and unload. instead of 3rd party servers, 3rd party plugins. instead of running another process, just let the plugin fork() in the load_plugin() code. the code for decoding rpcs can be provided by smbd. the only problem that comes in to my mind is plugins and smbd being linked to different versions of the same library. but this is unlikely, isn't it? (OTOH i do not see the need to do an lsarpcd either...) when i can get some time on weekend and i'll try to distill some example code out of the gimp. cu, bertl. From mg at plum.de Fri Dec 17 19:24:58 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) References: Message-ID: <385A8E0A.228D570F@plum.de> Luke Kenneth Casson Leighton schrieb: > > andrew does not want me to add the ability for unix admins to decide > whether to start and stop unix services. > > i definitely want to add the ability to start and stop msrpc services, as > i find it a bit of a pain to do a killall srvsvcd; make; bin/svcctld about > once every ten minutes throughout the day. > > andrew did not want the "magic script" option in smb.conf, which runs > scripts if you copy them onto a samba server (it's a bit like rexec). > > if you don't speak up in favour, start/stop services as remote > administrator certainly won't ever get added. if you are just a unix > admin and do not touch NT or do not use any remote unix administrative > tools with the similar capability [to start/stop services], please say so, > and your opinion will be noted but given less weight. I would like the start/stop services via samba very much ... I am the only unix person here at this shop, rest all NT guys, so it would help me a lot ... regards, Michael From stanley.g.skidmore at boeing.com Fri Dec 17 19:47:04 1999 From: stanley.g.skidmore at boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:40 2003 Subject: Problems when joining a domain Message-ID: Hi, I am using Samba 2.0.6 funning on a Solaris 7 Sparc machine. I am trying to join an existing Windoze domain. So far, I have performed the following steps: - created a machine account on the NT domain with the NETBIOS name of the Samba machine using server manager for domains on an NT box and synched the domain - Added the password server = parameter to smb.conf to point to the domain PDC - Stopped all SMB & NMB services on the Samba box Issued the command, as root, ./smbpasswd -j NT-BLV This is the error message I received: # ./smbpasswd -j NT-BLV modify_trust_password: machine NT-BLV-27.CA.BOEING.COM rejected the session setu p. Error was : code 131. 1999/12/17 11:33:00 : change_trust_account_password: Failed to change password f or domain NT-BLV. Unable to join domain NT-BLV. Does anyone have any idea about what is causing this behavior? From bs at niggard.org Fri Dec 17 20:23:35 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) References: Message-ID: <385A9BC7.22B40CF7@niggard.org> Luke Kenneth Casson Leighton wrote: > > andrew does not want me to add the ability for unix admins to decide > whether to start and stop unix services. > > i definitely want to add the ability to start and stop msrpc services, as > i find it a bit of a pain to do a killall srvsvcd; make; bin/svcctld about > once every ten minutes throughout the day. > > andrew did not want the "magic script" option in smb.conf, which runs > scripts if you copy them onto a samba server (it's a bit like rexec). > > if you don't speak up in favour, start/stop services as remote > administrator certainly won't ever get added. if you are just a unix > admin and do not touch NT or do not use any remote unix administrative > tools with the similar capability [to start/stop services], please say so, > and your opinion will be noted but given less weight. > > thx, > > luke Ok, clarification: I am just using unix tools to administer daemons. But i *know* people that want to start & stop all kind of services (yes, SENDMAIL(!) among others like NAT or ftp or smbd) on a linux or bsd box with their NT-tools. This feature *was* requested when i installed a linux box long time ago. (A working usrmgr is more important btw). they *can* use a web interface, but they prefer NT-tool. please just dont ask me why. they *cannot* use a shell. What i want is that you can do anything you want to do with rpcs. I dont care about the implementation (although a sambarpc-perl module sure would be fun ;) And not that i know any, but why wouldn?t some unix-admin want to use NT-Tools, when he has to use NT anyway? times are changing, not only geeks have root rights on unix-boxen nowadays. bertl. From cartegw at Eng.Auburn.EDU Fri Dec 17 20:37:32 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) References: Message-ID: <385A9F0C.E1C7D502@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > if you don't speak up in favour, start/stop services as remote > administrator certainly won't ever get added. if you are just > a unix admin and do not touch NT or do not use any remote unix > administrative tools with the similar capability [to start/stop > services], please say so, and your opinion will be noted but > given less weight. Luke, I've stated this before, but I've really got to agree with Andrew. I think this is a bad idea in production. This is a gut feeling. Just for the record, bad idea.... Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From abakun at reac.com Fri Dec 17 20:41:48 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) References: <385A9BC7.22B40CF7@niggard.org> Message-ID: <385AA00C.3685657F@reac.com> bs@niggard.org wrote: > And not that i know any, but why wouldn?t some unix-admin want to use > NT-Tools, when he has to use NT anyway? times are changing, not only geeks > have > root rights on unix-boxen nowadays. I could speak volumes on what's wrong with *that*. :) I fear hearing in the future "not only doctors are performing surgery nowadays". Andy. From mangino at cis.ohio-state.edu Fri Dec 17 21:33:53 1999 From: mangino at cis.ohio-state.edu (mike mangino) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <385A9F0C.E1C7D502@eng.auburn.edu>; from Gerald Carter on Sat, Dec 18, 1999 at 07:42:04AM +1100 References: <385A9F0C.E1C7D502@eng.auburn.edu> Message-ID: <19991217163353.A22618@delta.cis.ohio-state.edu> On Sat, Dec 18, 1999 at 07:42:04AM +1100, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > if you don't speak up in favour, start/stop services as remote > > administrator certainly won't ever get added. if you are just > > a unix admin and do not touch NT or do not use any remote unix > > administrative tools with the similar capability [to start/stop > > services], please say so, and your opinion will be noted but > > given less weight. > > Luke, > > I've stated this before, but I've really got to agree with > Andrew. I think this is a bad idea in production. This is > a gut feeling. Just for the record, bad idea.... > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) I'm just a lurker, but this sounds like it could be useful, but my gut instinct says you better think long and hard about it. The security implications are scary. If you decide to do this, I'll look through the code for security problems, but even then, this could open up a whole lot of nasties. -- Mike Mangino Consultant, Analysts International mangino@cis.ohio-state.edu m.mangino@aicolumbus.com Home: (614) 326-2278 Work: (614) 575 6337 ext. 314 From norman at lithe.uark.edu Fri Dec 17 22:45:35 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) References: <385A9F0C.E1C7D502@eng.auburn.edu> Message-ID: <385ABD0F.18E5B270@lithe.uark.edu> Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > if you don't speak up in favour, start/stop services as remote > > administrator certainly won't ever get added. if you are just > > a unix admin and do not touch NT or do not use any remote unix > > administrative tools with the similar capability [to start/stop > > services], please say so, and your opinion will be noted but > > given less weight. > > Luke, > > I've stated this before, but I've really got to agree with > Andrew. I think this is a bad idea in production. This is > a gut feeling. Just for the record, bad idea.... > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) I have been lurking for awhile, and I guess I have a comment here. It would indeed be helpful to have instances where services where either denied, made unavailable, or just plain turned off, but is the best answer to split these services up into many different components on the system? I happen to think that the current approach of two daemons (smbd and nmbd) is pretty good. But what about the following as ideas to enhance the daemons... 1) Leave the smbd daemon as the master for the smb code, including the rpc's that Luke is now creating. It makes more sense to some people migrating from M$ to other platforms because this "appears" as a "server" service. From within this daemon, we the users can insert "modules" such as the ones Luke has made. By default, all modules are included. 2) In smb.conf, all services are on by default. If we have services that we know that we don't want to ever use or broadcast, we can set a global service parameter to no in this file. That way, at initialization, only those services that we want our users to use can are available. Also, during runtime, it may be helpful to create a utility to "remove" or "deny" services by runtime changing certain codes within the running smbd program. This allows users to remain connected and uninterrupted at work in the event of a change (upgrade) of a module, a service change, or even some fancier things like a cron job to cancel login services at a certain time but leaving users currently logged in uniterrupted (by denying the login service within the SAM module). Well, these are just thoughts. I am by no means a very astute programmer, but I think that these ideas may be doable. And I think that they may even be helpful to alot of people who may be "mystified" by the current state of samba. Other than that, have to say "Great Product, Guys!!!" I use it in our small departmental workgroup, and it has been solid. Thanks alot. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From lkcl at samba.org Fri Dec 17 21:50:21 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <385A9F0C.E1C7D502@eng.auburn.edu> Message-ID: On Fri, 17 Dec 1999, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > if you don't speak up in favour, start/stop services as remote > > administrator certainly won't ever get added. if you are just > > a unix admin and do not touch NT or do not use any remote unix > > administrative tools with the similar capability [to start/stop > > services], please say so, and your opinion will be noted but > > given less weight. > > Luke, > > I've stated this before, but I've really got to agree with > Andrew. I think this is a bad idea in production. This is > a gut feeling. Just for the record, bad idea.... thx jerry. so far, that's two against, and two "why not"s. From Jean-Francois.Micouleau at dalalu.fr Fri Dec 17 22:08:52 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: On Sat, 18 Dec 1999, Luke Kenneth Casson Leighton wrote: > if you don't speak up in favour, start/stop services as remote > administrator certainly won't ever get added. if you are just a unix > admin and do not touch NT or do not use any remote unix administrative > tools with the similar capability [to start/stop services], please say so, > and your opinion will be noted but given less weight. Wonderful ! Now any joe user can fire up an NT box and remotely stop any unix box in a finite time. You can send the exploit to the bugtraq mailing list as soon as you commit the code. No thank you Luke. Jean Francois From Jean-Francois.Micouleau at dalalu.fr Fri Dec 17 22:19:43 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <385A9BC7.22B40CF7@niggard.org> Message-ID: On Sat, 18 Dec 1999 bs@niggard.org wrote: > I am just using unix tools to administer daemons. But i *know* people > that want to start & stop all kind of services (yes, SENDMAIL(!) among > others like NAT or ftp or smbd) on a linux or bsd box with their > NT-tools. install ssh. ssh clients for NT are available. From kevinc at grainsystems.com Fri Dec 17 22:45:51 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) References: Message-ID: <385ABD1F.EF65C03E@grainsystems.com> Luke Kenneth Casson Leighton wrote: > > andrew does not want me to add the ability for unix admins > to decide whether to start and stop unix services. I can understand the desire for this. This could go a long way toward easing NT admins into Samba use. NT shops are going to _insist_ on complete support of NT admin tools. Neat idea. It would be very useful. HOWEVER, I too have very serious concerns about the security of such an arrangement. I don't know how exactly RPC stuff like this is our would be secured, but if it can't be done 100%, don't do it. The only thing worse than not being able to remotely start and stop services is allowing someone else to remotely start and stop services. In summary: I like it, but it would need some really serious security checks. Be careful. - Kevin Colby kevinc@grainsystems.com From bs at niggard.org Fri Dec 17 22:52:00 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <385AA00C.3685657F@reac.com> Message-ID: On Sat, 18 Dec 1999, Andy Bakun wrote: > bs@niggard.org wrote: > > > And not that i know any, but why wouldn´t some unix-admin want to use > > NT-Tools, when he has to use NT anyway? times are changing, not only geeks > > have > > root rights on unix-boxen nowadays. > > I could speak volumes on what's wrong with *that*. :) I fear hearing in the > future "not only doctors are performing surgery nowadays". Probably there's non-doctors doing surgery on their teddys. Why not? In the worst case they kill their own teddy. Maybe they learn sthg. Probably they have lots of fun. bertl. From bs at niggard.org Fri Dec 17 22:52:58 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <385A9F0C.E1C7D502@eng.auburn.edu> Message-ID: On Sat, 18 Dec 1999, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > if you don't speak up in favour, start/stop services as remote > > administrator certainly won't ever get added. if you are just > > a unix admin and do not touch NT or do not use any remote unix > > administrative tools with the similar capability [to start/stop > > services], please say so, and your opinion will be noted but > > given less weight. > > I've stated this before, but I've really got to agree with > Andrew. I think this is a bad idea in production. This is > a gut feeling. Just for the record, bad idea.... It sure is a bad idea in production. Do not include it in samba. Whats wrong with an external, unsupported module? Why is it better to allow starting/stopping over http? bertl. From jlt at pivot.net Fri Dec 17 23:52:52 1999 From: jlt at pivot.net (Jim Troutman) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: > if you don't speak up in favour, start/stop services as remote > administrator certainly won't ever get added. if you are just a unix I hate the idea of NT guys controlling unix boxes, but I concede that this would go a long way toward the further acceptance of real server operating systems in the PC world by the NT bigots. I would suggest that this stuff would NEVER be turned on by default, and come with all kinds of warnings about security and so forth. It should have access control settings built into it too (for what IP addresses or machine name should be allowed to use such an RPC tool). For the record, I admin lots of boxes (about 5000 desktops worth), mostly Linux, SCO, and NT. -- James Troutman, Troutman & Associates - telecommunications consulting 93 Main Street, Waterville, Maine 04901 - 207-861-7067 From mpc at star.sr.bham.ac.uk Fri Dec 17 23:53:31 1999 From: mpc at star.sr.bham.ac.uk (Mark Cooke) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: On Sat, 18 Dec 1999, Luke Kenneth Casson Leighton wrote: > > Luke Kenneth Casson Leighton wrote: > > > > > > if you don't speak up in favour, start/stop services as remote > > > administrator certainly won't ever get added. if you are just > > > a unix admin and do not touch NT or do not use any remote unix > > > administrative tools with the similar capability [to start/stop > > > services], please say so, and your opinion will be noted but > > > given less weight. Hi Luke, As a unix admin this sounds very worrying to me. If it were to be implemented, I'd agree with some of the other respondants - it needs to be carefully done. The lack of 'least surprise' of adding 'software to let PCs see unix disks' also suddentlz providing a mechanism to stop/start unrelated services on the unix side is scary! My preference would be a compile time option, and an smb.conf parameter, with either one or both defaulting to the current 'not available' setup. This avoids the surprise effect, so that bugs in the setup are all that remains. All that said, I'm only a satisfied user of the samba code, without enough time to really get seriously involved in the development directly. All the best, Mark +-------------------------------------------------------------------------+ Mark Cooke The views expressed above are mine and are not Systems Programmer necessarily representative of university policy University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/ +-------------------------------------------------------------------------+ From s.striker at striker.nl Sat Dec 18 00:30:05 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: <000d01bf48ef$07d0c7d0$0a00a8c0@office.striker.nl> My opion: let unix/linux be unix/linux and let them provide services to the outer world. They are stable platforms which are hard to be bring down if they are up and runnning. Why give someone a tool which breaks this robustness? I want people to think before they do. If you have to stop a service from a command prompt by typing something you have to think. If you just have to hit a button that says stop, you're not thinking, you are experimenting. Sometimes it works, sometimes it doesn't. The people used to the MS platforms have a tendency to restart/reboot their machines. I'm afraid this tendency will continue with services. What's more annoying than an ignorant admin who is constantly restarting services. No thanks Luke. The idea is good; supporting the grand total of NT. But in this case we can state that poison is the cure. Make sure this dies... Greetings and keep up the good work, I like the split of the daemons ! Sander Striker > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: vrijdag 17 december 1999 22:57 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: CVS update: samba/source/include (fwd) > > > On Fri, 17 Dec 1999, Gerald Carter wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > if you don't speak up in favour, start/stop services as remote > > > administrator certainly won't ever get added. if you are just > > > a unix admin and do not touch NT or do not use any remote unix > > > administrative tools with the similar capability [to start/stop > > > services], please say so, and your opinion will be noted but > > > given less weight. > > > > Luke, > > > > I've stated this before, but I've really got to agree with > > Andrew. I think this is a bad idea in production. This is > > a gut feeling. Just for the record, bad idea.... > > thx jerry. > > so far, that's two against, and two "why not"s. > > > From snail_talk at yahoo.com Sat Dec 18 03:07:27 1999 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <385A9F0C.E1C7D502@eng.auburn.edu> Message-ID: <000101bf4905$03bec000$0200000a@workstation1> hi all, i think everyone is right here. it's a good idea, but there are security problems involved here. i guess one of the best ways would be to use a smb.conf parameter that leaves this option DISABLED by default. people who think they need this feature can enable it in smb.conf. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Gerald Carter > Sent: Saturday, December 18, 1999 4:41 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: CVS update: samba/source/include (fwd) > > > Luke Kenneth Casson Leighton wrote: > > > > if you don't speak up in favour, start/stop services as remote > > administrator certainly won't ever get added. if you are just > > a unix admin and do not touch NT or do not use any remote unix > > administrative tools with the similar capability [to start/stop > > services], please say so, and your opinion will be noted but > > given less weight. > > Luke, > > I've stated this before, but I've really got to agree with > Andrew. I think this is a bad idea in production. This is > a gut feeling. Just for the record, bad idea.... > > > > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From ggs at shiresoft.com Sat Dec 18 03:35:09 1999 From: ggs at shiresoft.com (Guy Sotomayor) Date: Tue Dec 2 02:27:40 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <000d01bf48ef$07d0c7d0$0a00a8c0@office.striker.nl> Message-ID: <199912180335.TAA07511@aragorn.shiresoft.com> > My opion: let unix/linux be unix/linux and let them provide services to > the outer world. They are stable platforms which are hard to be bring > down if they are up and runnning. Why give someone a tool which breaks > this robustness? I want people to think before they do. If you have to > stop a service from a command prompt by typing something you have to think. > If you just have to hit a button that says stop, you're not thinking, you > are experimenting. Sometimes it works, sometimes it doesn't. The people > used to the MS platforms have a tendency to restart/reboot their machines. > I'm afraid this tendency will continue with services. What's more annoying > than an ignorant admin who is constantly restarting services. > No thanks Luke. The idea is good; supporting the grand total of NT. But in > this case we can state that poison is the cure. Make sure this dies... > I can see the point of view from many tradional unix users/admins about not wanting to let NT folks administer a unix box. However, this assumes a "general perpose" unix system. There seems to be a growing trend where unix (specifically linux) is used as an embedded OS in a "server appliance". If that appliance happens to offer SMB services, it is natural for the class of users using that appliance to want to administer it in a manner that they're used to (ie NT). Many of these appliances now rely on some sort of Web interface to administer it. As easy as they are to administer through the Web interface, it is different from what the end users are used to. Also, because it is an appliance type of device the folks that will be administering it are potentially not as tech-savy as the normal run of the mill admin. This is part of the attractiveness of these appliance devices. Just my $0.02 worth... TTFN - Guy From michael at kawo2.rwth-aachen.de Sat Dec 18 13:49:48 1999 From: michael at kawo2.rwth-aachen.de (Michael Mess) Date: Tue Dec 2 02:27:40 2003 Subject: Domain admin users with Administrator-rights on every NT-machine? Message-ID: <385B90FC.CA69AD99@kawo2.rwth-aachen.de> Is it possible to make one or more Administrator-user on the Linux-Samba-Server which can login on any machine in the domain and has Administrator-rights on the machine where logged in? This users would have the right to do Administrator things like adding local (Administrator)-users on all NT-machine or changing the IP-Adress of all NT-machine in the domain without logging in as a local administrator. Greetings, Michael From snail_talk at yahoo.com Sat Dec 18 13:57:09 1999 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:27:41 2003 Subject: Domain admin users with Administrator-rights on every NT-machine? In-Reply-To: <385B90FC.CA69AD99@kawo2.rwth-aachen.de> Message-ID: <000001bf495f$c6899790$0200000a@workstation1> hi, which samba version are you using right now ? you may want to check out the domain admin users and the domain admin group smb.conf parameters... > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Michael Mess > Sent: Saturday, December 18, 1999 9:51 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Domain admin users with Administrator-rights on every > NT-machine? > > > Is it possible to make one or more Administrator-user on the > Linux-Samba-Server which can login on any machine in the domain and has > Administrator-rights on the machine where logged in? > > This users would have the right to do Administrator things like adding > local (Administrator)-users on all NT-machine or changing the IP-Adress > of all NT-machine in the domain without logging in as a local > administrator. > > Greetings, Michael > From stolze at math.uni-muenster.de Sun Dec 19 15:22:58 1999 From: stolze at math.uni-muenster.de (Andre Stolze) Date: Tue Dec 2 02:27:41 2003 Subject: Problems when joining a domain References: Message-ID: <385CF852.BFE35119@math.uni-muenster.de> "Skidmore, Stanley G" wrote: > > Hi, > I am using Samba 2.0.6 funning on a Solaris 7 Sparc machine. I am trying to join an existing Windoze domain. > > So far, I have performed the following steps: > > - created a machine account on the NT domain with the NETBIOS name of the Samba machine using server manager for domains on an NT box and synched the domain > - Added the password server = parameter to smb.conf to point to the domain PDC > - Stopped all SMB & NMB services on the Samba box > Issued the command, as root, ./smbpasswd -j NT-BLV > > This is the error message I received: > > # ./smbpasswd -j NT-BLV > modify_trust_password: machine NT-BLV-27.CA.BOEING.COM rejected the session setu > p. Error was : code 131. > 1999/12/17 11:33:00 : change_trust_account_password: Failed to change password f > or domain NT-BLV. > Unable to join domain NT-BLV. > > Does anyone have any idea about what is causing this behavior? Put a -m behind your Command that should work! From simonmu at optimation.co.nz Sun Dec 19 20:38:19 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:41 2003 Subject: Executing logon-scripts as Administrator In-Reply-To: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> Message-ID: On Sat, 18 Dec 1999, Andreas Krogh wrote: Is there a way to execute the NT-Domain logon-scripts as administrator on the client-machines? I want to update the time with the "net" command and get something like "you are not administrator"? Is there a work-around for setting the time from a samba-server(xntp-server)? Try looking into something like "tardis" which is a SNTP client for win32. There are some registry tweaks you can do to enable the "net time" command to be used by ordinary users (but I cannot recall what they are). Regards Simon Murcott From lkcl at samba.org Sun Dec 19 20:59:17 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:41 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: On Fri, 17 Dec 1999, Jean Francois Micouleau wrote: > > On Sat, 18 Dec 1999, Luke Kenneth Casson Leighton wrote: > > > if you don't speak up in favour, start/stop services as remote > > administrator certainly won't ever get added. if you are just a unix > > admin and do not touch NT or do not use any remote unix administrative > > tools with the similar capability [to start/stop services], please say so, > > and your opinion will be noted but given less weight. > > Wonderful ! Now any joe user can fire up an NT box and remotely stop any > unix box in a finite time. joe user is an administrator, and is a member of the root group or is root? From cigor at EUnet.yu Sun Dec 19 21:07:19 1999 From: cigor at EUnet.yu (=?ISO-8859-2?Q?=C8olovi=E6_Igor?=) Date: Tue Dec 2 02:27:41 2003 Subject: Executing logon-scripts as Administrator In-Reply-To: Message-ID: All you have to do is to give premision to allusers for changing Local time. You can do it, as I recall, in User Menager under menu premisions or something like that. The only problem is that you have to do it on all mashines in your network. --------------------------------------------- ?olovi? Igor Linux User Group Yugoslavia LUGY Home www.linux.org.yu cigor@eunet.yu On Mon, 20 Dec 1999, Simon Murcott wrote: > Is there a way to execute the NT-Domain logon-scripts as administrator > on the client-machines? I want to update the time with the "net" command > and get something like "you are not administrator"? > Is there a work-around for setting the time from a > samba-server(xntp-server)? From mgeddes at xavier.sa.edu.au Sun Dec 19 21:43:33 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:41 2003 Subject: Home Directory References: <002201bf48b3$b21241b0$6e320180@charlielabtop> Message-ID: <385D5185.50010D4A@xavier.sa.edu.au> Karl-Heinz Schulz wrote: > Samba Share /public = /home > User home /home/user > > In the moment I can map the user to their home directory > \\server\share\home_directory > The user always ends up at \\server\share > > Can I do it with NT login scripts or shall I do it with Samba/Linux scripts? > > Thank you You need to create a share for EACH HOME DIRECTORY. It's a pain, but you share the directory and map each user to their home directory individually. In Samba 2.x, there are some example smb.conf files in /usr/doc/samba-2.0.x (on Linux, I'm not sure where the hide on other systems), where the 2.0.x is the version of samba you are using. One of these examples has a method of keeping the load small while having a lot of shares. I think it's one by Andrew "O Mighty" Tridgell. Worth looking at. Matthew Geddes Systems Guy and worshipper of Samba team Xavier College Gawler, SA From mike at psand.net Sun Dec 19 23:19:51 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:41 2003 Subject: Samba, W2K, Dfs and LDAP Message-ID: <002401bf4a77$901ac3a0$0164a8c0@psand.net> Does Dfs and LDAP work in the latest CVS of Samba? Does anyone have it working between a W2K Server and Samba? Can anyone tell me what else I need to configure Samba with --with-ldap and --with-dfs? Does anyone think MS will ship free the extra RAM that'll be needed so W2K Server does not run like a dog? Many thanks in advance, Mike Harris, Psand Espa?a -------------- next part -------------- HTML attachment scrubbed and removed From simonmu at optimation.co.nz Sun Dec 19 22:25:54 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:41 2003 Subject: Samba, W2K, Dfs and LDAP In-Reply-To: <002401bf4a77$901ac3a0$0164a8c0@psand.net> Message-ID: On Mon, 20 Dec 1999, Mike Harris wrote: Does anyone think MS will ship free the extra RAM that'll be needed so W2K Server does not run like a dog? Remember when Windows 95 hit the shelves? It ran like a dog then. That is to say wait another twelve months and then buy some new hardware and Windows 2000 will run ok :) Regards Simon Murcott From mgeddes at xavier.sa.edu.au Sun Dec 19 22:33:04 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:41 2003 Subject: Samba, W2K, Dfs and LDAP References: <002401bf4a77$901ac3a0$0164a8c0@psand.net> Message-ID: <385D5D1F.47AC34C3@xavier.sa.edu.au> Mike Harris wrote: > Does Dfs and LDAP work in the latest CVS of Samba?Does anyone have it > working between a W2K Server and Samba?Can anyone tell me what else I > need to configure Samba with --with-ldap and --with-dfs?Does anyone > think MS will ship free the extra RAM that'll be needed so W2K Server > does not run like a dog? Many thanks in advance, Mike Harris,Psand > Espa?a I'm sorry I can't help with the LDAP stuff, but I thought you might like to know that I have heard stories of W2K smoking Athlon systems within an hour of them running. Machines worked fine with OTHER operating systems (usually the ones that don't support the new "catch on fire" CPU instruction). Matt -------------- next part -------------- HTML attachment scrubbed and removed From D.Bannon at latrobe.edu.au Mon Dec 20 01:15:40 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:41 2003 Subject: Print Accounting, aprint In-Reply-To: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> Message-ID: <3.0.6.32.19991220121540.008b9500@bioserve.latrobe.edu.au> Hi, A number of people have asked me to send them the source for my print accounting system that I mentioned a couple of days ago. I was pretty surprised at how many, so have made a simple web page for anyone interested to get it from. It gives you a bit of a look at how it works and what is involved. Please see : http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From bobby at math01.cs.upd.edu.ph Sat Dec 18 13:59:12 1999 From: bobby at math01.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:41 2003 Subject: need help on roaming profiles In-Reply-To: <385A71F2.C5F83965@heiligenmann.de> Message-ID: Hi, I think that's the one I've missed all the while. Thanks! Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- Captain Penny's Law: You can fool all of the people some of the time, and some of the people all of the time, but you can't fool mom. On Sat, 18 Dec 1999, Thomas Heiligenmann wrote: > Looks like you haven't enabled writing access to your profiles share. > BTW it's a good idea too to restrict read and write access to the > creator of the profile! E.g.: > > [profiles] > path = /home/profiles > writable = yes > create mode = 0600 > directory mode = 0700 > > In the [global] section better set > logon path = \\%L\profiles\%U > > Hope this helps. > > -- > Thomas > > > "Bobby Corpuz Jr." wrote: > > > > Hello, > > > > I have read from the samba_ntdom faq that it is bad to set "logon path = > > \\%N\%U\profile". The faq suggested that I use "logon > > path = \\%N\profiles\%U". When I did, I get an error saying something like > > "Can't create \\hilbert\profiles\bobby.pds. You will be logged using your > > local profile." When I click on the folder Profiles in the network > > neighborhood, NT says something like "Network path not found!". I can't > > seem to figure this out. If anyone has success on this setup, I would like > > to ask for help. Here is my smb.conf: > > > From giulioo at pobox.com Mon Dec 20 07:48:34 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:41 2003 Subject: Home Directory In-Reply-To: <002201bf48b3$b21241b0$6e320180@charlielabtop> References: <002201bf48b3$b21241b0$6e320180@charlielabtop> Message-ID: <19991220074902.44AC326F6E@i3.golden.dom> On Sat, 18 Dec 1999 04:49:22 +1100, hai scritto: > >Samba Share /public = /home >User home /home/user > >In the moment I can map the user to their home directory >\\server\share\home_directory >The user always ends up at \\server\share > There are 2 ways you can do it: 1) you have samba-2.0.6 Set up the special [homes] share, then in the login script use net use x: /home 2) you have samba < 2.0.6 [homeshare] browseable = no path=/home/%U read only = no create mask = 0600 directory mask = 0700 then use net use x: \\server\homeshare -- giulioo@pobox.com From LEYMARIE_Gerard at accor-hotels.com Mon Dec 20 08:37:47 1999 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:41 2003 Subject: Executing logon-scripts as Administrator References: <257A420656DCD011BD3200A0C9495C58126C57@XCONSERVER> <385A71F9.E23A576C@heiligenmann.de> <19991217193330.A5212@faramir.physik.uni-konstanz.de> Message-ID: <003501bf4ac5$7e2aa540$2300c839@accorhotels.com> Yes but the problem is you don't have RPC server when you use the 2.0.6 release!! So all utilities can't run!!! ----- Message d'origine ----- De : "Guido Guenther" ? : "Multiple recipients of list SAMBA-NTDOM" Envoy? : vendredi 17 d?cembre 1999 19:40 Objet : Re: Executing logon-scripts as Administrator > On Sat, Dec 18, 1999 at 04:27:35AM +1100, Thomas Heiligenmann wrote: > > > ntrights -u Users -m %Computername% +r SeSystemTimePrivilege > > > > I think ntrights.exe can be found somewhere on the resource kit CD > or use the tool grant from: > http://www.franzo.co.nz/hansson/grant.htm > Bye, > -- Guido > > -- > > PGP-Public Key: http://honk.physik.uni-konstanz.de/~guido/gunther.asc > GPG-Public Key: http://honk.physik.uni-konstanz.de/~agx/guenther.gpg.asc From lauffer at ph-freiburg.de Mon Dec 20 09:06:46 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:41 2003 Subject: Domain-Master-Browser will not work! Message-ID: Hi all! I?ve got a strange problem - the domain master browser first starts correcty: ---------------------------------- [1999/12/20 09:45:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(342) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup LINUX-AG, subnet UNICAST_SUBNET. [1999/12/20 09:45:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(357) become_domain_master_browser_wins: querying WINS server at IP 193.197.133.9 for domain master browser name LINUX-AG<1b> on workgroup LINUX-AG [1999/12/20 09:45:37, 2] nmbd/nmbd_become_dmb.c:become_domain_master_stage1(182) become_domain_master_stage1: Becoming domain master browser for workgroup LINUX-AG on subnet UNICAST_SUBNET --------------------------------- ...but then he will not work: --------------------------------- [1999/12/20 09:50:14, 0] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(682) process_get_backup_list_request: domain list requested for workgroup LINUX-AG and I am not a domain master browser. [1999/12/20 09:50:33, 0] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(682) process_get_backup_list_request: domain list requested for workgroup LINUX-AG and I am not a domain master browser. [1999/12/20 09:50:50, 0] nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(402) process_master_browser_announce: Local master announce made to us from LARA IP 193.197.134.7 and we are not a domain master browser. [1999/12/20 09:51:44, 0] nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(402) process_master_browser_announce: Local master announce made to us from LISA IP 193.197.133.10 and we are not a domain master browser. [1999/12/20 09:51:50, 0] nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(402) process_master_browser_announce: Local master announce made to us from LISA IP 193.197.133.10 and we are not a domain master browser. ---------------------------------- What?s up?!! I use samba 2.06 and as WINS-Server there is a NT-Server in action. On the NT-WINS Server the domain master browser Mail1 is correctly registred <1B>. Only one thing in log.nmb looks like a problem between the NT-WINS and the samba server: ------------------------------------ [1999/12/20 09:59:37, 0] libsmb/nmblib.c:send_udp(755) Packet send failed to 193.197.133.9(137) ERRNO=Invalid argument [1999/12/20 09:59:37, 0] nmbd/nmbd_packets.c:send_netbios_packet(173) send_netbios_packet: send_packet() to IP 193.197.133.9 port 137 failed ------------------------------------ But what can cause this problem? The port 137-udp on 193.197.133.9 (Wins-Server) is opened. Any ideas? It?s a very big problem here in our network if we could not find the problem! Thanx all! Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From giulioo at pobox.com Mon Dec 20 09:42:05 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:41 2003 Subject: Domain-Master-Browser will not work! In-Reply-To: References: Message-ID: <19991220094153.3A58926F6E@i3.golden.dom> On Mon, 20 Dec 1999 20:09:17 +1100, hai scritto: >I?ve got a strange problem - the domain master browser first >starts correcty: >---------------------------------- >[1999/12/20 09:45:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(342) > become_domain_master_browser_wins: > Attempting to become domain master browser on workgroup LINUX-AG, subnet UNICAST_SUBNET. >[1999/12/20 09:45:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(357) > become_domain_master_browser_wins: querying WINS server at IP 193.197.133.9 for domain master browser name LINUX-AG<1b> on workgroup LINUX-AG >[1999/12/20 09:45:37, 2] nmbd/nmbd_become_dmb.c:become_domain_master_stage1(182) > become_domain_master_stage1: Becoming domain master browser for workgroup LINUX-AG on subnet UNICAST_SUBNET >--------------------------------- The log doesn't show if samba is a DMB, it just says samba is trying to do it. When it manages I get: Samba server is now a domain master browser for workgroup on subnet UNICAST_SUBNET ... ... Samba server is now a domain master browser for workgroup on subnet -- giulioo@pobox.com From iainr at civ.hw.ac.uk Mon Dec 20 11:42:00 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:41 2003 Subject: Executing logon-scripts as Administrator In-Reply-To: Message-ID: On Mon, 20 Dec 1999, Simon Murcott wrote: > On Sat, 18 Dec 1999, Andreas Krogh wrote: > > Is there a way to execute the NT-Domain logon-scripts as administrator > on the client-machines? I want to update the time with the "net" command > and get something like "you are not administrator"? > Is there a work-around for setting the time from a > samba-server(xntp-server)? > > Try looking into something like "tardis" which is a SNTP client for > win32. This is what we're currently looking at, the other option is to run at jobs periodically to do such things. >There are some registry tweaks you can do to enable the "net > time" command to be used by ordinary users (but I cannot recall what > they are). > From lauffer at ph-freiburg.de Mon Dec 20 12:05:55 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:42 2003 Subject: Domain-Master-Browser will not work! In-Reply-To: <19991220094153.3A58926F6E@i3.golden.dom> Message-ID: Hi Giulio! Thanx for reply! > The log doesn't show if samba is a DMB, it just says samba is trying to > do it. When it manages I get: > > Samba server is now a domain master browser for workgroup > on subnet UNICAST_SUBNET I found in logfiles (6 days ago this message ..."is now a domain master browser"...) but can?t remember what happend until now - samba wouldn?t act as DMB. If i check the <1b> for my workgroup, i?ll get this infos: On the same (ip broadcast) network with the DMB i can?t get DMB with a broadcast query (1). [see below] But if i?ll ask the wins server, he?ll send me the correct record/ info... Do you know some reasons, when it?s not possible to act as DMB for a workgroup? I read in the SAMBA-Book from O?Reilly, that there?s no election for DMBs. So what can cause the problems? (1) ------------------------------ lauffer@lisa:~ > nmblookup Linux-AG#1B Added interface ip=193.197.132.180 bcast=193.197.132.255 nmask=255.255.255.0 Added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 bind succeeded on port 0 Socket opened. Sending queries to 193.197.132.255 name_query failed to find name Linux-AG ------------------------------ (2) ------------------------------ lauffer@pinguin:~ > nmblookup -R -U 193.197.133.9 Linux-AG#1B Added interface ip=193.197.132.180 bcast=193.197.132.255 nmask=255.255.255.0 Added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Sending queries to 193.197.133.9 Got a positive name query response from 193.197.133.9 ( 193.197.132.2 ) 193.197.132.2 Linux-AG<1b> ------------------------------- Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From fricke at team.owl-online.de Mon Dec 20 12:16:29 1999 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:42 2003 Subject: No subject Message-ID: In smb.conf set time server = yes an give on NTMachine the timechanging privileg to everyone. That works fine for me and I think a lot of other SAMBA users -------------------------------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... From giulioo at pobox.com Mon Dec 20 13:04:48 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:42 2003 Subject: Domain-Master-Browser will not work! In-Reply-To: References: <19991220094153.3A58926F6E@i3.golden.dom> Message-ID: <19991220130517.9BC1626F6E@i3.golden.dom> On Mon, 20 Dec 1999 23:08:17 +1100, hai scritto: >On the same (ip broadcast) network with the DMB i can?t get DMB with a >broadcast query (1). [see below] >But if i?ll ask the wins server, he?ll send me the correct record/ info... >Do you know some reasons, when it?s not possible to act as DMB for >a workgroup? I read in the SAMBA-Book from O?Reilly, that there?s no >election for DMBs. So what can cause the problems? Don't know, maybe the wins server has not uptodate info, or there is another server which pretends to be it and they fight for it. try nmblookup -A 193.197.132.2 to see if it tells you it has registered 1B. -- giulioo@pobox.com From Volker.Lendecke at SerNet.DE Mon Dec 20 13:22:45 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:27:42 2003 Subject: SAMBA_TNG on http://samba.sernet.de/pdc.html Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello! After codetree reorganization http://samba.sernet.de/pdc.html lagged behind a bit. I just switched it to SAMBA_TNG so that you can now again easily take part in Luke's latest adventures! Have fun, Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBOF4toz/9BWnmOc5FAQElTAP9FZNnepznD1B682UFUshN2cRllel+Zqe3 Qq4mPffhZgPAxXV1dUX0dl4Rjl4uYkSpqp2ZqwznzDQcazQZhHmCbFtUvfcJHB/u Or7/EY+Bv+wP4lql65vvEEeuVMvv9ahRnGsACugVT+JSF1pk4ckkasN5tQY07rcX LCgE2jAdmEQ= =+mDO -----END PGP SIGNATURE----- From giulioo at pobox.com Mon Dec 20 13:48:00 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:42 2003 Subject: Domain-Master-Browser will not work! In-Reply-To: <3.0.6.32.19991221001535.008df980@mail.adelaide.on.net> References: <19991220094153.3A58926F6E@i3.golden.dom> <19991220130517.9BC1626F6E@i3.golden.dom> <3.0.6.32.19991221001535.008df980@mail.adelaide.on.net> Message-ID: <19991220134829.623C326F6E@i3.golden.dom> On Tue, 21 Dec 1999 00:15:35 +1000, hai scritto: >>Don't know, maybe the wins server has not uptodate info, or there is >>another server which pretends to be it and they fight for it. >>try >>nmblookup -A 193.197.132.2 >>to see if it tells you it has registered 1B. > >The Domain Master Browser is not elected as such. > Yes I know it, I expressed it in a wrong way, what I wanted to say is: If 2 servers register the 1B in the same subnet there may be problems; maybe if server A registers 1B and realizes another server has registered the same 1B on the same subnet then it gets angry, does something weird.... -- giulioo@pobox.com From timothy_d_cole at md.northgrum.com Mon Dec 20 16:13:03 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:42 2003 Subject: CVS update: samba/source/include (fwd) Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB56319F@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: bs@niggard.org [SMTP:bs@niggard.org] > Sent: Friday, December 17, 1999 19:02 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: CVS update: samba/source/include (fwd) > > > On Sat, 18 Dec 1999, Gerald Carter wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > if you don't speak up in favour, start/stop services as remote > > > administrator certainly won't ever get added. if you are just > > > a unix admin and do not touch NT or do not use any remote unix > > > administrative tools with the similar capability [to start/stop > > > services], please say so, and your opinion will be noted but > > > given less weight. > > > > I've stated this before, but I've really got to agree with > > Andrew. I think this is a bad idea in production. This is > > a gut feeling. Just for the record, bad idea.... > > It sure is a bad idea in production. Do not include it in samba. Whats > wrong with an external, unsupported module? Why is it better to allow > starting/stopping over http? > From the perspective of a Unix admin, I don't like this idea one bit either; it really amounts to a mixing of security models, which almost invariably has unformseen side-effects. HOWEVER, there are Samba installations right now that aren't really being used as Unix boxes, per se -- just a little black box sitting there serving SMB and maybe a couple other protocols, trying to look like an NT box on the NT network. In those cases, it's expected (and IMO fairly important) for services control and other administrative facilities to behave just like NT. Really, as highlighted in the discussion over security mask/create mask a while back, there are two very very different sets of demands WRT security and functionality when you compare Samba on a Unix box being used as a Unix box to Samba on a Unix box being used as an NT-like "opaque server" box. NT RPC control of services is (in most cases) an extremely bad idea in the former case, but in the latter case, it's desirable and almost necessary. So, in conclusion, I think this functionality should be added, but with the following caveats: 1. the code for this functionality should not be built by default, requiring a compile-time option to turn on. security warning at ./configure-time wouldn't hurt, too 2. it should be separated as much as possible into its own module/library/executable, such that it can be removed/uninstalled after compile-time 3. even when compiled and installed, it should not be enabled at runtime except when explicitly enabled in the configuration file 4. there needs to be a well-defined and fairly paranoid access control mechanism (I would hope this is already more or less covered by the NT security model, but...). I'd like to see Luke go into the details and implications of this before the feature is implemented. 5. control should only extend (by default) to the Samba daemons (yes, I realize that there is a potential chicken-and-egg problem there WRT starting services, but there are some circumstances under which it may still be desirable). control of additional services should require third-party packages (i.e. init.d-like scripts [but not init.d scripts]), which we would not ship with Samba The idea here being that only people who have a compelling need for this functionality (primarily the makers of these "standalone" systems) will be determined enough to jump through the hoops to set up, while not making it impossible for them to obtain (they WILL want it). At the same time, it's not going to be something that Joe admin will be able to idly turn on one day when he feels like experimenting. From rlagowski at softmed.es Mon Dec 20 16:25:09 1999 From: rlagowski at softmed.es (Rafal Lagowski) Date: Tue Dec 2 02:27:42 2003 Subject: No subject Message-ID: <99122017255104.00678@adminlin.i.softmed.es> subscribe -- Rafal Lagowski Software Medicina, Systems Administrator mailto:rlagowski@softmed.es, ICQ:54592050 From steven at aprotex.com Mon Dec 20 16:37:01 1999 From: steven at aprotex.com (Steven Hildreth) Date: Tue Dec 2 02:27:42 2003 Subject: Changed made to smb.conf, must restart? Anyway to restart without killing clients? Message-ID: <015701bf4b08$710d93c0$24ada8c0@aprotex.com> Hi, say I make a change to my samba server (smb.conf) like add a share. Then I want to be able to have clients connect to this share. Is the only way for me to get samba to see this share is to restart (/etc/rc.d/init.d/smb restart)? This closes my open clients. With a network of 85 clients (around 60 open) seems to be sort of a pain. Any suggestions? Regards, Steven Hildreth Information Technology Manager Aprotex Corporation, http://www.aprotex.com "Proven Property Protection Since 1952" From karlheinz at khschulz.com Mon Dec 20 17:54:07 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:42 2003 Subject: Big problems with groups Message-ID: <002401bf4b13$36fe71d0$6e320180@charlielabtop> I have several users being part of several groups. User1 group2 group3 group4 User2 group1 group4 group5 When User1 is saving a file on a Samba share it changes the permission to it's "main" group and everybody else has only read rights. What am I doing wrong? Thank you. From umehlig at uni-bremen.de Mon Dec 20 18:36:57 1999 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:42 2003 Subject: Big problems with groups In-Reply-To: <002401bf4b13$36fe71d0$6e320180@charlielabtop> (karlheinz@khschulz.com) References: <002401bf4b13$36fe71d0$6e320180@charlielabtop> Message-ID: <199912201836.TAA02725@pandora3.localnet> "Karl-Heinz Schulz" wrote: > I have several users being part of several groups. > > User1 group2 group3 group4 > User2 group1 group4 group5 > > When User1 is saving a file on a Samba share it changes the permission to > it's "main" group and everybody else has only read rights. > What am I doing wrong? > There are Did you try the "force group" parameter? We have shares for several "work groups", and they are defined like this: ----------------------------------------------------------- [anygroupdir] comment = Directory of AnyGroup path = /somewhere/anygroup valid users = @anygroup write list = @anygroup force group = anygroup create mask = 0660 directory mask = 0770 ---------------------------------------------------------------------- So members of (Unix-) group "anygroup" can access the share, and are (despite of their primary group, which is a per-user private group on our machine) able to read & write as "someuser.anygroup" (see "create mask", as well). What's missing is that we cannot map the Unix groups to NT domain groups (only the domain administrators), that's not possible in 2.06, I think. BTW, I recently learned from the netatalk people that you can achieve this with pure Unix by setting the share's directory's permissions like chgrp anygroup /somewhere/anygroup chmod -R g+s /somewhere/anygroup (netatalk has no "force group", and our Mac users messed up their shared volumes) Hope it helps, Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From jon at bugjr.com Mon Dec 20 18:51:04 1999 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:42 2003 Subject: RPC services Message-ID: <000501bf4b1b$2adba0a0$0200a8c0@server1> Ok, I'm new to samba pre-release and have a question. How do i specify to start, or start, my MSRPC services in the new samba tree (or any samba tree for that matter) I'm trying to get User Manager to work on my samba server, and also would like to get those services started. Do i put lines in my smb.conf? If anyone could give me some advice or a sample smb.conf or other config file (/etc/services????) I'd appreciate it. Thanks! Jon Westfall. ================ Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 -------------- next part -------------- HTML attachment scrubbed and removed From jeremy at valinux.com Mon Dec 20 20:21:04 1999 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:42 2003 Subject: Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller References: <199912140005.LAA55213@au.padl.com> <19991214164918.A7989@wdr.com> <199912150036.LAA93144@au.padl.com> Message-ID: <385E8FB0.3A4971E7@valinux.com> Luke Howard wrote: > > >If so, why the difference in behaviour? If the profile is not in the > >krb5 ticket, why not query a DC for it as is done when using NTLM? Is > >the issue one of mapping krb5 principals to ActiveDirectory objects when > >the KDC is a non-ActiveDirectory KDC? > > AFAIK, non-ActiveDirectory KDCs are only supported for authentication, > where the authorization information (the SIDs) comes from the local SAM. > So I don't think this mapping issue is related. (Note the userprincipalname > and serviceprincipalname attributes in ActiveDirectory, and the > command line tools for setting up a mapping between local and KDC > user accounts when ActiveDirectory is not being used.) > > I suspect the authorization data field is used because it's there. > The client gets a fully expanded set of SIDs which maps well to NT's > internal concept of an authorization token, rather than having each > client trawl the domain to construct this at logon. Perhaps the fact > that DCE used the PAC for a set of user identifiers influenced this. Yeah, but the PAC service in DCE was a *separate* service from the KDC. MS have jammed the two together..... Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From steven at aprotex.com Mon Dec 20 20:01:55 1999 From: steven at aprotex.com (Steven Hildreth) Date: Tue Dec 2 02:27:42 2003 Subject: Common batch file? Can you "call batch.bat" from netlogon batch? Message-ID: <001001bf4b25$11100940$24ada8c0@aprotex.com> Hi, wondering if I can setup a common batch that all users would use, along with their specific batch file. I tried to "call batch_filename.bat" and it did not work. I am wanting to create a series of maps and shares common to all in the company, and then setup each (some) of the users specific shares. Thanks for any information. Regards, Steven Hildreth Information Technology Manager Aprotex Corporation, http://www.aprotex.com "Proven Property Protection Since 1952" From mike at psand.net Mon Dec 20 21:05:46 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:42 2003 Subject: Win2KRC2 finally joins the Sambanet domain :-) References: <3.0.6.32.19991120234546.00a91d20@mail.adelaide.on.net> Message-ID: <005301bf4b2d$fe836a20$0164a8c0@psand.net> Richard, Am trying the same thing with RC3 and it doesn't work! Do you know if it does at all? If so, I'll not pester you any more and go off and investigate. Just wondered if I'm up a blind alley! I've got the latest CVS source. Thanks in advance, Mike Harris, Psand Espa?a. ----- Original Message ----- From: Richard Sharpe To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, November 22, 1999 8:44 PM Subject: Win2KRC2 finally joins the Sambanet domain :-) > Hi, > > well, I finally have Win2KRC2 joining my Sambanet domain. > > Last problem was that I had a MACHINE.SID and SAMBANET.SID file and smbd > was refusing to start ... Doh! > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From dgiroux at authentica.com Mon Dec 20 20:36:22 1999 From: dgiroux at authentica.com (David Giroux) Date: Tue Dec 2 02:27:42 2003 Subject: How Do I get rpc_client to authenticate against trusted domains Message-ID: <385E9346.392F4C04@authentica.com> I am using rpc_client to establish a connection to a PDC. The establish connection works when the PDC's SAM has an account for the user but does not work when the PDC trusts a domain that has an account for the user. Should this work? Is there anything I can do to smb.conf to enable this? --------------------------------------- David Giroux Authentica Security Technologies, Inc. 781-487-2600 x202 http://www.authentica.com --------------------------------------- From ctooley at joslyn.org Mon Dec 20 20:37:56 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:42 2003 Subject: Common batch file? Can you "call batch.bat" from netlogon batch? In-Reply-To: <001001bf4b25$11100940$24ada8c0@aprotex.com> Message-ID: <001101bf4b2a$1913c960$1900a8c0@webstat.joslyn.org> I wrote a little script that creates batch files for me. With this script when we add users it creates the batch files, and then whenever I need to change someones batch file I do it in my makeLogin script instead of in their actual batch file. Then whenever I add a new user I run the script. As the batch files for the users don't have any differences they don't notice that I'm running the script. In general it's probably not good to recreate those files all the time, but it's easier to re-make the files than to edit each one. Chris Tooley -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Steven Hildreth Sent: Monday, December 20, 1999 2:03 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Common batch file? Can you "call batch.bat" from netlogon batch? Hi, wondering if I can setup a common batch that all users would use, along with their specific batch file. I tried to "call batch_filename.bat" and it did not work. I am wanting to create a series of maps and shares common to all in the company, and then setup each (some) of the users specific shares. Thanks for any information. Regards, Steven Hildreth Information Technology Manager Aprotex Corporation, http://www.aprotex.com "Proven Property Protection Since 1952" From swaters at amicus.com Mon Dec 20 20:39:27 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:42 2003 Subject: Changed made to smb.conf, must restart? Anyway to restart without killing clients? References: <015701bf4b08$710d93c0$24ada8c0@aprotex.com> Message-ID: <385E93FF.3A2FABE@amicus.com> does this re-read smb.conf??? i forget... killall -HUP smbd -s Steven Hildreth wrote: > > Hi, say I make a change to my samba server (smb.conf) like add a > share. > > Then I want to be able to have clients connect to this share. > > Is the only way for me to get samba to see this share is to restart > (/etc/rc.d/init.d/smb restart)? This closes my open clients. With a > network of 85 clients (around 60 open) seems to be sort of a pain. > > Any suggestions? > > Regards, > Steven Hildreth > Information Technology Manager > Aprotex Corporation, http://www.aprotex.com > "Proven Property Protection Since 1952" From ctooley at joslyn.org Mon Dec 20 20:39:12 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:42 2003 Subject: How Do I get rpc_client to authenticate against trusted domains In-Reply-To: <385E9346.392F4C04@authentica.com> Message-ID: <001201bf4b2a$46e0a3e0$1900a8c0@webstat.joslyn.org> I would like to know how to do this as well. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of David Giroux Sent: Monday, December 20, 1999 2:35 PM To: Multiple recipients of list SAMBA-NTDOM Subject: How Do I get rpc_client to authenticate against trusted domains I am using rpc_client to establish a connection to a PDC. The establish connection works when the PDC's SAM has an account for the user but does not work when the PDC trusts a domain that has an account for the user. Should this work? Is there anything I can do to smb.conf to enable this? --------------------------------------- David Giroux Authentica Security Technologies, Inc. 781-487-2600 x202 http://www.authentica.com --------------------------------------- From pgreer at dalcon-icis.com Mon Dec 20 21:08:45 1999 From: pgreer at dalcon-icis.com (Phillip Greer) Date: Tue Dec 2 02:27:42 2003 Subject: Connecting to a domain Message-ID: <1FEC2D6FA0E3D211B7A30090274ECD871B106B@MERCURY> I'm running samba-2.0.6-19991110 under Linux 6.0 and am wanting to join the already established NT domain. I've followed the instructions in the DOMAIN_MEMBER.txt documentation. It worked for a while - then quit working. I've tried removing the machine from the NT domain (Server Manager under NT) and redoing the steps in DOMAIN_MEMBER.txt (smbpasswd -j -r ), but it will not allow domain logins. I'm getting the error "Specified Network Password is not correct" in Server Manager when double clicking on that machine. In network neighborhood, it prompts for a login/password but does not allow any connections (no matter if the login/password is valid for the linux box). Help? Suggestions? Below is my smb.conf global section - hopefully it will help. (I've tried both cononical names and IP addresses for most of the fields that ask for PDC/Wins/etc) ------------------------- [global] workgroup = DALCON server string = Sysadmin Samba Server hosts allow = 192.168.90. 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m max log size = 50 security = domain password server = ZEUS encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins lmhosts bcast wins server = 192.168.90.50 dns proxy = no ------------------------- PG.. Philip Greer AIX Systems Administrator Dalcon Technologies (615)-366-4300 pgreer@dalcon-icis.com From lkcl at samba.org Mon Dec 20 21:25:47 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:42 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc Message-ID: dear redhat, i examined a friend's system today, to help him configure it. assuming that he just "installed" from scratch the samba package, it appears that you have provided a default smb.conf file for redhat 6.1 that puts samba private configuration files in /etc. the suggested options, for example show "smbpasswd file = /etc/smbpasswd". this is REALLY bad. 1) you CANNOT put smbpasswd in /etc. 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc. i know that these require root access, however if your users start to assume that just because these files are in /etc, they are equivalent to /etc/passwd, they may decide to make these world-readable, and as a result they will compromise the security of the box, and potentially the security of remote nt-compatible boxes too (including other samba servers) because these files contain CLEAR_TEXT EQUIVALENT PASSWORDS. for example, private .mac files can contain information sufficient to compromise a remote server by obtaining all remote clear-text equivalent passwords: the .mac file is used to store the "Backup Domain Controller" trust account password. i know that there are people out there who are using samba configured in the way your installation suggests, because i have received debug log files from people on the samba lists showing that trust accounts are being read from /etc/DOMAIN.SERVER_NAME.mac. please respond urgently to confirm that you have received this message and that you are taking steps to correct this. thank you. luke (samba team, iss x-force research). From giulioo at pobox.com Mon Dec 20 21:25:59 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:42 2003 Subject: Big problems with groups In-Reply-To: <002401bf4b13$36fe71d0$6e320180@charlielabtop> References: <002401bf4b13$36fe71d0$6e320180@charlielabtop> Message-ID: <19991220212631.76E8F26F6E@i3.golden.dom> On Tue, 21 Dec 1999 04:58:38 +1100, hai scritto: >I have several users being part of several groups. > >User1 group2 group3 group4 >User2 group1 group4 group5 > >When User1 is saving a file on a Samba share it changes the permission to >it's "main" group and everybody else has only read rights. >What am I doing wrong? Nothing wrong, you have 2 solutions. Say that user1, user2 and user3 share a common groupA group, then all the users will be able to write/edit files created by the other 2 if: A) chown root.groupA /path/top_shared_dir chmod 2775 /path/top_shared_dir in smb.conf: create mask = 0660 directory mode = 2770 force create mode = 0660 (maybe not needed) force directory mode = 2770 (maybe not needed) B) chown root.groupA /path/top_shared_dir chmod 0775 /path/top_shared_dir set in smb.conf: force group = groupA create mask = 0660 directory mode = 0770 force create mode = 0660 (maybe not needed) force directory mode = 0770 (maybe not needed) Solution A works for files created on the unix side too. -- giulioo@pobox.com From D.Bannon at latrobe.edu.au Mon Dec 20 22:17:21 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:42 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: Message-ID: <3.0.6.32.19991221091721.008bb940@bioserve.latrobe.edu.au> At 08:27 AM 21/12/1999 +1100, Luke Kenneth Casson Leighton wrote: >dear redhat, > >i examined a friend's system today, to help him configure it. assuming >that he just "installed" from scratch the samba package, it appears that >you have provided a default smb.conf file for redhat 6.1 that puts samba >private configuration files in /etc. the suggested options, for example >show "smbpasswd file = /etc/smbpasswd". > >this is REALLY bad. Thanks for smacking their hand over this. Redhat has a habit of changing the layout of standard packages (ie Apache, PPP as well as samba). It is a real pain because things are never where you expect them and you need to do a fairly drastic uninstall before you can update. I advise people to leave out the major packages when installing redhat and get them from the primary source, now I can use security as an additional argument ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lkcl at samba.org Mon Dec 20 22:21:17 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:42 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <3.0.6.32.19991221091721.008bb940@bioserve.latrobe.edu.au> Message-ID: david, my fault: it appears that they may have taken the default rpms from the packaging directory this time, so there are two people that need to be smacked: - me (for assuming that it was redhat that set this up) - john (for creating the rpm with /etc/ as the root) - me again for telling everyone it's such a big deal. luke On Tue, 21 Dec 1999, David Bannon wrote: > At 08:27 AM 21/12/1999 +1100, Luke Kenneth Casson Leighton wrote: > >dear redhat, > > > >i examined a friend's system today, to help him configure it. assuming > >that he just "installed" from scratch the samba package, it appears that > >you have provided a default smb.conf file for redhat 6.1 that puts samba > >private configuration files in /etc. the suggested options, for example > >show "smbpasswd file = /etc/smbpasswd". > > > >this is REALLY bad. > > Thanks for smacking their hand over this. Redhat has a habit of changing > the layout of standard packages (ie Apache, PPP as well as samba). It is a > real pain because things are never where you expect them and you need to do > a fairly drastic uninstall before you can update. > > I advise people to leave out the major packages when installing redhat and > get them from the primary source, now I can use security as an additional > argument ! > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > From steven at aprotex.com Mon Dec 20 22:35:09 1999 From: steven at aprotex.com (Steven Hildreth) Date: Tue Dec 2 02:27:43 2003 Subject: Common batch file? Can you "call batch.bat" from netlogon batch? References: <001101bf4b2a$1913c960$1900a8c0@webstat.joslyn.org> Message-ID: <000c01bf4b3a$795d3080$24ada8c0@aprotex.com> How did you get the addedd "CR/LF" so DOS like it? ----- Original Message ----- From: "Chris Tooley" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Monday, December 20, 1999 2:52 PM Subject: RE: Common batch file? Can you "call batch.bat" from netlogon batch? > I wrote a little script that creates batch files for me. With this script > when we add users it creates the batch files, and then whenever I need to > change someones batch file I do it in my makeLogin script instead of in > their actual batch file. Then whenever I add a new user I run the script. > As the batch files for the users don't have any differences they don't > notice that I'm running the script. > > In general it's probably not good to recreate those files all the time, but > it's easier to re-make the files than to edit each one. > > Chris Tooley > > > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Steven Hildreth > Sent: Monday, December 20, 1999 2:03 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Common batch file? Can you "call batch.bat" from netlogon > batch? > > > Hi, wondering if I can setup a common batch that all users would use, > along with their specific batch file. > > I tried to "call batch_filename.bat" and it did not work. > > I am wanting to create a series of maps and shares common to all in > the company, and then setup each (some) of the users specific shares. > > Thanks for any information. > > Regards, > Steven Hildreth > Information Technology Manager > Aprotex Corporation, http://www.aprotex.com > "Proven Property Protection Since 1952" > From abakun at reac.com Mon Dec 20 23:33:24 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: <3.0.6.32.19991221091721.008bb940@bioserve.latrobe.edu.au> Message-ID: <385EBCC4.8912D60B@reac.com> > Thanks for smacking their hand over this. Redhat has a habit of changing > the layout of standard packages (ie Apache, PPP as well as samba). It is a > real pain because things are never where you expect them and you need to do > a fairly drastic uninstall before you can update. I never can find anything when everything insists on installing somewhere inside /usr/local. Sometimes, they put conf files in /usr/local/lib, sometimes in /usr/local/etc, sometimes /usr/local/software-package-name/whatever. I personally would prefer that all configuration files go into /etc. One possiblity is to look for conf files in a number of places, like when the Linux kernel looks for sh when booting into single user mode: look in your "package dependant location", then look in /etc. > I advise people to leave out the major packages when installing redhat and > get them from the primary source, now I can use security as an additional > argument ! I do this with all my mission critical stuff anyway, but I still try to get the conf files to go into /etc... this way it's easier to backup the system: /etc gets backed up, binaries in /usr are reinstallable. Andy. From squeegy+sambant at squeegy.org Sun Dec 12 01:53:01 1999 From: squeegy+sambant at squeegy.org (squeegy+sambant@squeegy.org) Date: Tue Dec 2 02:27:43 2003 Subject: the latest CVS crashes on start on my linux box Message-ID: I updated my CVS tonight and upon restarting samba, I got the following error in the /var/log/log.smb wiggles:/usr/local/src/samba/source # /etc/rc.d/smb start Starting SMB services. wiggles:/usr/local/src/samba/source # tail /var/log/log.smb =============================================================== [1999/12/11 20:34:55, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 1080 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/12/11 20:34:55, 0] lib/fault.c:fault_report(43) =============================================================== [1999/12/11 20:34:55, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/12/11 20:34:55, 0] lib/util_sock.c:open_socket_in(676) bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) I am running SuSE 6.1 with kernel 2.2.12. I upgraded to this version from the version of the CVS that I was running because I rebooted my machine two days ago and samba hasn't been running since. I got the following in my log. [1999/12/10 10:22:45, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/10 10:22:45, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/11 09:44:41, 0] lib/util_sock.c:set_socket_options(130) Unknown socket option IPTOS_LOWDELAY [1999/12/11 16:50:01, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/11 16:50:01, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/11 16:50:13, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/11 16:50:13, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/11 16:50:13, 0] lib/pidfile.c:pidfile_create(86) ERROR: smbd is already running. File /var/locks/smbd.pid exists and process id 3652 is running. [1999/12/11 16:52:01, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/11 16:52:01, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/11 16:55:09, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/11 16:55:09, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/11 19:09:09, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/11 19:09:09, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/12/11 19:09:09, 0] lib/util_sock.c:create_pipe_socket(911) chmod on /tmp/.msrpc/.lsarpc failed [1999/12/11 19:09:09, 0] lib/fault.c:fault_report(40) Any suggestions. I haven't changed anything that I can remember. ___________________ Jt "The Squeegy" Chiodi http://www.squeegy.org/ squeegy@squeegy.org From tavis at mahler.econ.columbia.edu Tue Dec 21 00:39:27 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <385EBCC4.8912D60B@reac.com> Message-ID: If you want to put the config files somewhere obvious by default, then it would make sense to make a directory called /etc/private or /etc/samba-private or something with a precautionary readme file, the way ssh2 does. I personally like the /usr/local configuration because I can export Samba, config files and all, throughout my NIS cluster and run a concurrent backup server or two without really touching the config files at all. But I guess that's a matter of taste. I agree with Luke, I think the default /etc installation is a big problem, just because a lot of people install Samba on RedHat without reading through the documentation a lot if at all (one user in my department didn't even know she had Samba running) and we shouldn't necessarily expect them to. Cheers, Tavis On Tue, 21 Dec 1999, Andy Bakun wrote: > > Thanks for smacking their hand over this. Redhat has a habit of changing > > the layout of standard packages (ie Apache, PPP as well as samba). It is a > > real pain because things are never where you expect them and you need to do > > a fairly drastic uninstall before you can update. > > I never can find anything when everything insists on installing somewhere > inside /usr/local. Sometimes, they put conf files in /usr/local/lib, sometimes > in /usr/local/etc, sometimes /usr/local/software-package-name/whatever. I > personally would prefer that all configuration files go into /etc. One > possiblity is to look for conf files in a number of places, like when the Linux > kernel looks for sh when booting into single user mode: look in your "package > dependant location", then look in /etc. > > > I advise people to leave out the major packages when installing redhat and > > get them from the primary source, now I can use security as an additional > > argument ! > > I do this with all my mission critical stuff anyway, but I still try to get the > conf files to go into /etc... this way it's easier to backup the system: /etc > gets backed up, binaries in /usr are reinstallable. > > Andy. > > > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From cartegw at Eng.Auburn.EDU Tue Dec 21 04:29:37 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:43 2003 Subject: Samba, W2K, Dfs and LDAP References: <002401bf4a77$901ac3a0$0164a8c0@psand.net> Message-ID: <385F0231.693542E6@eng.auburn.edu> > Mike Harris wrote: > > Does Dfs and LDAP work in the latest CVS of Samba? DFS as is MS's DFS has only been minimally implemented. Needs lots of work. Or do you mean DCE/DFS? Ldap works. However, I don;t remember how well the Samba LDAP schema matches up against MS's AD. I think JF initially modeled Samba's schema on AD docs. Don't quote me on that though. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From hanak at IRIS.osu.cz Tue Dec 21 07:59:27 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:43 2003 Subject: Win9x profiles Message-ID: Hi, one question i have. How to force Win9x to store their profiles to profile share? WinNTs normaly store profiles in profile share, but 95/98 store their profiles in home share. I feel that, there is a conflict. Can somebody tell me what i must set to achieve aim? Thanks for any comment. Ondrej From Volker.Lendecke at SerNet.DE Tue Dec 21 08:48:03 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: (message from Luke Kenneth Casson Leighton on Tue, 21 Dec 1999 08:26:26 +1100) References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > 1) you CANNOT put smbpasswd in /etc. SuSE does this as well. It was partly my decision. For a standard installation I did not want to clobber the directories. I really do not see any further security benefit if smbpasswd is put somewhere else. People who play with permissions in /etc/ have to know what they do. The standard installation does it just fine, and if you chmod anything there, you are on your own. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBOF8+sz/9BWnmOc5FAQHmXwP/ZaJhDEyOt0AJtHDtxs9nFDUSTg3Cj9G9 qzfrHfPb6MvIkgngzSVU2baHZXlDJrjfBoGhF5RHvdTtwOo3288FI8Q7kw6BLdA9 70wAVJh3MpoZQkiIh3TSsNC+emt4ph4QMETQ2cFqofnE9+Fbe6eYRV/9MIz+LtcH 8kigqdruSU8= =aFLm -----END PGP SIGNATURE----- From snail_talk at yahoo.com Tue Dec 21 09:40:17 1999 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: Message-ID: <000401bf4b97$63e52610$0200000a@workstation1> hi all, i'm using mandrake and i'd just like to say that mandrake also exhibit this problem. maybe it's a problem inherited from redhat, i don't know .. well, at least i set my /etc/smbpasswd to 600 ... > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: Tuesday, December 21, 1999 5:27 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc > > > dear redhat, > > i examined a friend's system today, to help him configure it. assuming > that he just "installed" from scratch the samba package, it appears that > you have provided a default smb.conf file for redhat 6.1 that puts samba > private configuration files in /etc. the suggested options, for example > show "smbpasswd file = /etc/smbpasswd". > > this is REALLY bad. > > 1) you CANNOT put smbpasswd in /etc. > > 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc. > > i know that these require root access, however if your users start to > assume that just because these files are in /etc, they are equivalent to > /etc/passwd, they may decide to make these world-readable, and as a result > they will compromise the security of the box, and potentially the security > of remote nt-compatible boxes too (including other samba servers) because > these files contain CLEAR_TEXT EQUIVALENT PASSWORDS. > > for example, private .mac files can contain information sufficient to > compromise a remote server by obtaining all remote clear-text equivalent > passwords: the .mac file is used to store the "Backup Domain Controller" > trust account password. > > i know that there are people out there who are using samba configured in > the way your installation suggests, because i have received debug log > files from people on the samba lists showing that trust accounts are being > read from /etc/DOMAIN.SERVER_NAME.mac. > > please respond urgently to confirm that you have received this message and > that you are taking steps to correct this. > > thank you. > > luke (samba team, iss x-force research). > From b.ganter at ganter-system.de Tue Dec 21 10:03:36 1999 From: b.ganter at ganter-system.de (Bernd Ganter) Date: Tue Dec 2 02:27:43 2003 Subject: Permissionproblem Message-ID: <199912211002.LAA23231@heisenberg.ganter-system.de> Hey list, I have a problem with NT-ACLs. I need to have all NT-Right (delete!) on a Samba share. Samba ist configered as a PDC-Controller. Does anybody know howto setup these rights? Thank You Bernd Ganter. From pes at aiss.de Tue Dec 21 11:11:54 1999 From: pes at aiss.de (Peter Schauer) Date: Tue Dec 2 02:27:43 2003 Subject: Problem with PDC machine passwd change and clients with nonpersistent disks Message-ID: <199912211111.MAA25213@eno.aiss.de> I am having a problem with vmware nonpersistent disks, running NT workstation, which are using samba as a PDC. After about a week the NT workstation tries to change the machine password on the PDC during the netlogon process. This succeeds, and the PDC now has an updated machine passwd in smbpasswd. But the nonpersistent disk image will still have the _old_ machine passwd, and after the next virtual machine start, users are unable to log into the PDC (as the machine passwd authentication fails for obvious reasons). Does anybody know if NT can be tricked into _not_ updating the machine passwd ? TIA, -- Peter Schauer pes@aiss.de From paolo at schema.co.il Tue Dec 21 11:35:43 1999 From: paolo at schema.co.il (Paolo Supino) Date: Tue Dec 2 02:27:43 2003 Subject: Moving from NT PDC to Samba PDC Message-ID: Hi I have a mixed network of Linux machines (RH 5.1) and NT WS (4-SP5) machines. All my servers are Linux based (2 servers). There is a 3rd server that acts as PDC (and it's his sole purpose in life)and authenticates every SMB connection (be it to a Samba share or a NT share). I want to move the PDC role from this NT (and move the computer to another role) to one of the linux based servers. I have the following questions: 1. Do I have to upgrade all the samba servers to 2.x version of Samba or can I get away with only upgrading the server that will act as PDC (samba on RH 5.1 was 1.9.18p10). What advantages/disadvatage can will I ancounter in either case? 2. What kind of pitfalls will I ancounter when trasitioning the role. 3. Can I leave the current domain name and general settings (which people got acastomed to) or should I bring up a new domain and move everyone to the new domain (and try to retain as much as possible of the old domain)? TIA Paolo From a.pohl at vegu.de Tue Dec 21 12:10:36 1999 From: a.pohl at vegu.de (A. Pohl) Date: Tue Dec 2 02:27:43 2003 Subject: Group mapping Message-ID: <000001bf4bac$645c4550$cbe519c0@vegu.de> I have a Linux-Samba-PDC (Samba 2.1-prealpha) and many NT4-Workstations (german). If I map my Unix-Group (root, GID=0) to "Administratoren", Samba say's "UNIX User apohl Primary Group is in the wrong domain! S-1-5-32-544". What does it mean? How must I configure Samba to become admin right's on the NT-workstations? smb.conf: --------- ... domain group map = /usr/local/samba/lib/domaingroup.mapping ... domaingroup.mapping: -------------------- root = "Administratoren" Andreas From paolo at schema.co.il Tue Dec 21 12:06:10 1999 From: paolo at schema.co.il (Paolo Supino) Date: Tue Dec 2 02:27:43 2003 Subject: a couple of problemss with in domain with linux 6.1 as PDC Message-ID: Hi I have a friend who has a couple of problems in a network which a Red Hat 6.1 acts as a PDC. 1. He wants the domain users to be local Administrator. When he opens the local user manager he can't access the domain users to add them to the local adiministrator group. Is there a way to solve this? 2. When he tries to access a share which is located on a Win9x machine (from a NT machine) he automatically gets "access denied" (just double clicking the computer name in the network neighborhood). Again any solution to this? Paolo From M.vdLaan at nyenrode.nl Tue Dec 21 12:30:20 1999 From: M.vdLaan at nyenrode.nl (Michel van der Laan) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: Message from Volker Lendecke of "Tue, 21 Dec 1999 19:51:08 +1100." Message-ID: <199912211230.NAA18967@bordeaux.nyenrode.nl> In your mail from 21-12-1999 you write: > -----BEGIN PGP SIGNED MESSAGE----- > > > 1) you CANNOT put smbpasswd in /etc. > > SuSE does this as well. It was partly my decision. For a standard > installation I did not want to clobber the directories. I really do > not see any further security benefit if smbpasswd is put somewhere > else. People who play with permissions in /etc/ have to know what they > do. The standard installation does it just fine, and if you chmod > anything there, you are on your own. It still is a bit of a pain though when you want to upgrade using the source distribution. I'd be much in favour of keeping stuff as much as possible in [/usr/][s]bin/ for the "out of the box" packages, and in /usr/local/[s]bin/ for later added packages, since this does reduce lots and lots of PATH definitions. However, when an author decices/suggests a certain /usr/local// prefix, it would be prudent to stick to that for future updates. Since samba has a rather substantial sub-directory structure, it makes even more sense. Michel. > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface > > iQCVAwUBOF8+sz/9BWnmOc5FAQHmXwP/ZaJhDEyOt0AJtHDtxs9nFDUSTg3Cj9G9 > qzfrHfPb6MvIkgngzSVU2baHZXlDJrjfBoGhF5RHvdTtwOo3288FI8Q7kw6BLdA9 > 70wAVJh3MpoZQkiIh3TSsNC+emt4ph4QMETQ2cFqofnE9+Fbe6eYRV/9MIz+LtcH > 8kigqdruSU8= > =aFLm > -----END PGP SIGNATURE----- From childern at gactr.uga.edu Tue Dec 21 13:27:51 1999 From: childern at gactr.uga.edu (childern@gactr.uga.edu) Date: Tue Dec 2 02:27:43 2003 Subject: [LDAP] ldap.c modifications Message-ID: <19991221132755Z13091174-24228+30436@samba.anu.edu.au> I am using samba to control a small NT domain with all authentication coming from an LDAP server. While building my LDAP server I organized the users into 'ou=People, o=foo, c=us' , groups into 'ou=Groups, o=foo, c=us' and so on. I installed and configured the nss_ldap and pam_ldap to provide unix services and was in the process of implementing the LDAP code in samba. Compilation went fine, (Slackware 7.0 and openldap-1.2.8, samba-absolute-newest-cvs), and the database would authenticate the PAM requests, but the samba server was making a bad query. While watching the verbose slapd logs i saw PAM doing a query at 'scope=2' for 'uid=bar' and samba doing a query at 'scope=1' for 'uid=bar'. I poked around in the passdb/ldap.c code and found the place where the scope was set, found the corresponding variable in and changed it from LDAP_SCOPE_ONELEVEL to LDAP_SCOPE_SUBTREE. ... and it worked! So, my question is this. Is this a recommended change? I know it's okay for me, because it makes my system work, but what about Samba/LDAP? I hope that it is in that it allows for a 'better' organization of the ldap tree, but i don't want to break my wonderful server in the name of better organization. Regards, Nate Childers nate@gactr.uga.edu # diff -u ldap.c.orig ldap.c --- ldap.c.orig Sun Dec 19 20:18:39 1999 +++ ldap.c Sun Dec 19 20:18:51 1999 @@ -92,7 +92,7 @@ DEBUG(2,("Searching in [%s] for [%s]n", lp_ldap_suffix(), filter)); - err = ldap_search_s(ldap_struct, lp_ldap_suffix(), LDAP_SCOPE_ONELEVEL, + err = ldap_search_s(ldap_struct, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, filter, NULL, 0, &ldap_results); if(err != LDAP_SUCCESS) { From ctooley at joslyn.org Tue Dec 21 13:59:36 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <199912211230.NAA18967@bordeaux.nyenrode.nl> Message-ID: <001e01bf4bbb$9e029480$1900a8c0@webstat.joslyn.org> I would like to say that I in no way would want the samba team to think that I don't absolutely LOVE the work they have done, it has save our Museum from going into debt to have a PDC running. However, I would like to say that from what I've seen of Linux and other UNIX's it is definitely more appropriate for config files for programs to go into it's own directory under /etc/. My roommate and I have heated discussions on occassion, him being a Sun Sys Admin and I working primarily with Linux, over where installed files should be, but I just can't defend the fact that there isn't a common ground on where the config files are supposed to be at. I would much rather someone broke in and stole my smbpasswd file and hacked away stealing all of those passwords that have someone steal my passwd or shadow files. I believe that if a developer/development group doesn't want their executables or libraries to be in the default directories, that is fine. I would much rather have all the executables in /dev and the config files in /etc than have the configs in /usr/local/ for the simple fact that I just don't touch the executables as much as the config files so I'm not nearly as worried about their placement. So, in a way I sympathize in that the rpms should be built to do what the source does, but in my humble opinion, the source should put those files there too. If a systems administrator installs something like Samba and makes the smbpasswd file world readable, that person is asking for trouble. If they are in a situation where they could leak out severely damaging information, and they are using Linux, the chances of that person not having someone on staff to catch this error are slim to none. Most of the places I've seen using Linux have several people going over the system thoroughly before the network cable or modem cable gets plugged in. This is simply my opinion and I'm sure a lot of people disagree, but that's the way with opinions, everyone is wrong in someone else's opinion. Chris Tooley ctooley@joslyn.org Joslyn Art Museum 2200 Dodge St. Omaha, NE 68102 (402)342-3300 > > 1) you CANNOT put smbpasswd in /etc. > > SuSE does this as well. It was partly my decision. For a standard > installation I did not want to clobber the directories. I really do > not see any further security benefit if smbpasswd is put somewhere > else. People who play with permissions in /etc/ have to know what they > do. The standard installation does it just fine, and if you chmod > anything there, you are on your own. It still is a bit of a pain though when you want to upgrade using the source distribution. I'd be much in favour of keeping stuff as much as possible in [/usr/][s]bin/ for the "out of the box" packages, and in /usr/local/[s]bin/ for later added packages, since this does reduce lots and lots of PATH definitions. However, when an author decices/suggests a certain /usr/local// prefix, it would be prudent to stick to that for future updates. Since samba has a rather substantial sub-directory structure, it makes even more sense. Michel. > From mhw at wittsend.com Tue Dec 21 14:09:19 1999 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: References: Message-ID: <19991221090919.F16548@alcove.wittsend.com> On Tue, Dec 21, 1999 at 07:51:13PM +1100, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > 1) you CANNOT put smbpasswd in /etc. > SuSE does this as well. It was partly my decision. For a standard > installation I did not want to clobber the directories. I really do > not see any further security benefit if smbpasswd is put somewhere > else. People who play with permissions in /etc/ have to know what they > do. The standard installation does it just fine, and if you chmod > anything there, you are on your own. Something else we could do is... 1) Bitch to high heaven at startup if permissions are any looser than 600 owned by root. Precedence is ssh and fetchmail amongst others. 2) Refuse to use the smbpasswd file if permissions are any looser than 600 owned by root. Same as #1. 3) Set the permissions to 600 or tighter any time the file is updated for any reason. That way we can keep the permissions acceptable no matter where we stuff the file and the admin can only get away with changing them to a stupid value for a very short period of time. Several security related pieces of software are known for doing that and the practice is entirely acceptable provided enough clear screaming (verbose error messages) is done to indicate why something is no longer working. > Volker > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface > iQCVAwUBOF8+sz/9BWnmOc5FAQHmXwP/ZaJhDEyOt0AJtHDtxs9nFDUSTg3Cj9G9 > qzfrHfPb6MvIkgngzSVU2baHZXlDJrjfBoGhF5RHvdTtwOo3288FI8Q7kw6BLdA9 > 70wAVJh3MpoZQkiIh3TSsNC+emt4ph4QMETQ2cFqofnE9+Fbe6eYRV/9MIz+LtcH > 8kigqdruSU8= > =aFLm > -----END PGP SIGNATURE----- Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From jens.skripczynski at igd.fhg.de Tue Dec 21 14:47:45 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:43 2003 Subject: Any final paper what will be included in samba 3.00 ? Message-ID: <19991221154745.A2707@pclinux.igd.fhg.de> Hi, I'm wondering, what Features (I don't mean Bugs ;-)) will be included into Samba 3.00 ? Just the rpc thing or will there be additionally the Domain Controller Code ? For me I was hoping, that there will be now a merge. As I have to use Windows 95 and NT. And 95 cannot cope with the current state of the NTDOM Code but NT doesn't do Domain Logons with 3.0pre. Is there any paper I can read where is stated what will be included to which level in 3.0 ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From mike at psand.net Tue Dec 21 15:45:17 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: Message-ID: <006901bf4bcc$0d8cb500$0164a8c0@win981> Luke, Redhat makes the file (I believe) rw root only, so it is reasonably secure. Caldera OpenLinux puts the files in /etc/samba.d. I personally don't like the SID and PID etc. files to wind up in /etc as it clutters an already cluttered area. /usr/private is one option. The reason for the mail, is that I'm in a book about Samba and in one section that discusses the installation, I've described how to update Samba OVER the existing locations for RedHat, Caldera and Debian. Therefore, it puts them in the (possibly) vulnerable locations. I'd like that the chapter as much as possible relays the sentiments of the Samba Team to its readers and therefore can alter it to either suggest an alternative, preffered location (/etc/private, /etc/samba, /usr/private etc.) or simply add in a note with respect to this issue for administrators. Do you have any input on this? Thanks in advance and regards, Mike Harris, Psand Espa?a. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, December 20, 1999 11:10 PM Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc > david, > > my fault: it appears that they may have taken the default rpms from the > packaging directory this time, so there are two people that need to be > smacked: > > - me (for assuming that it was redhat that set this up) > > - john (for creating the rpm with /etc/ as the root) > > - me again for telling everyone it's such a big deal. > > luke > > On Tue, 21 Dec 1999, David Bannon wrote: > > > At 08:27 AM 21/12/1999 +1100, Luke Kenneth Casson Leighton wrote: > > >dear redhat, > > > > > >i examined a friend's system today, to help him configure it. assuming > > >that he just "installed" from scratch the samba package, it appears that > > >you have provided a default smb.conf file for redhat 6.1 that puts samba > > >private configuration files in /etc. the suggested options, for example > > >show "smbpasswd file = /etc/smbpasswd". > > > > > >this is REALLY bad. > > > > Thanks for smacking their hand over this. Redhat has a habit of changing > > the layout of standard packages (ie Apache, PPP as well as samba). It is a > > real pain because things are never where you expect them and you need to do > > a fairly drastic uninstall before you can update. > > > > I advise people to leave out the major packages when installing redhat and > > get them from the primary source, now I can use security as an additional > > argument ! > > > > David > > ------------------------------------------------------------ > > David Bannon D.Bannon@latrobe.edu.au > > School of Biochemistry Phone 61 03 9479 2197 > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > > ------------------------------------------------------------ > > ..... Humpty Dumpty was pushed ! > > From cartegw at Eng.Auburn.EDU Tue Dec 21 15:32:45 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:43 2003 Subject: [LDAP] ldap.c modifications References: <19991221132755Z13091174-24228+30436@samba.anu.edu.au> Message-ID: <385F9D9D.2C1F2965@eng.auburn.edu> childern@gactr.uga.edu wrote: > > I installed and configured the nss_ldap and pam_ldap to > provide unix services and was in the process of > implementing the LDAP code in samba. Compilation > went fine, (Slackware 7.0 and openldap-1.2.8, > samba-absolute-newest-cvs), and Are you using the SAMBA_TNG tree or the HEAD branch? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From amity at macs.biu.ac.il Tue Dec 21 15:40:01 1999 From: amity at macs.biu.ac.il (Amity Ronen) Date: Tue Dec 2 02:27:43 2003 Subject: using samba to load nt passwd from unix server Message-ID: <385F9F51.C643BBCB@cs.biu.ac.il> I have a solaris sun and a room full of nt. i want to load the users from the unix(home dir and passwd) how do i do that? -- Ronen Amity Sys Admin - Pc, Mac & Multimedia Bar Ilan University - Mathematics and Computer Science Phone : 972-3-5318682 Email : amity@cs.biu.ac.il ronen@ibm.net -------------- next part -------------- HTML attachment scrubbed and removed From skvidal at phy.duke.edu Tue Dec 21 15:51:14 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:43 2003 Subject: using samba to load nt passwd from unix server In-Reply-To: <385F9F51.C643BBCB@cs.biu.ac.il> Message-ID: > I have a solaris sun and a room full of nt. > i want to load the users from the unix(home dir and passwd) > how do i do that? First you read all the docs. Next you refine your question so it is not as generalized as the entirety of multiple books. :) www.samba.org -> look for the docs link once you pick a mirror. -sv From timothy_d_cole at md.northgrum.com Tue Dec 21 15:56:49 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:43 2003 Subject: Permissionproblem Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631A5@xcgmd008.md.essd.northgrum.com> The ACLs you see are actually "native" Unix permissions. As a consequence, they have Unix (rather than NT) semantics. This means that to delete (unlink) a file or directory, the only requirement is that you have write permission on the directory that contains it -- there is no delete permission as such. > -----Original Message----- > From: Bernd Ganter [SMTP:b.ganter@ganter-system.de] > Sent: Tuesday, December 21, 1999 5:13 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Permissionproblem > > Hey list, > > I have a problem with NT-ACLs. I need to have all NT-Right (delete!) on a > Samba share. Samba ist configered as a PDC-Controller. Does anybody know > howto setup these rights? > > Thank You > > Bernd Ganter. From cej at ti.com Tue Dec 21 15:58:20 1999 From: cej at ti.com (Christian E) Date: Tue Dec 2 02:27:43 2003 Subject: Authenticating across domains Message-ID: <385FA39C.88132550@ti.com> Hi,all I've seen this question before, but I don't think it was answered. Does anyone know how to authenticate with more than one domain ? I have a problem at the moment with a user who would like access to our file server from another domain. The NT domains have a trust set up but still we get "invalid user name or password" when we try to connect to the samba box..It works to another NT box across the domain though... best regards Christian From abrown at guiworks.com Tue Dec 21 15:39:44 1999 From: abrown at guiworks.com (Albert Brown) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <385EBCC4.8912D60B@reac.com> Message-ID: <000301bf4bc9$9aab71e0$4a66c8d8@pappy.guiworks.com> I've been reading this thread off and on. The main issue is smbpasswd is not a config file. It's used to store encrypted password hashes. You most likely will never edit it by hand. I know I've only edited it once or twice over the years. You will access via smbpassword, or on the windows side. It's location is set by smb.conf which should go in /etc just to make it easy to find (symlinks are nice). If the maintainers & the samba team thinks it should go somewhere else, ie, under /usr/local/samba or elsewhere, fine. If they feel it is better protected under a directory that only root can access great. I for one, would rather only have config files in /etc, not psuedo-config/data files. -Al > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Andy Bakun > Sent: Monday, December 20, 1999 7:02 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc > > > > Thanks for smacking their hand over this. Redhat has a habit of changing > > the layout of standard packages (ie Apache, PPP as well as > samba). It is a > > real pain because things are never where you expect them and > you need to do > > a fairly drastic uninstall before you can update. > > I never can find anything when everything insists on installing somewhere > inside /usr/local. Sometimes, they put conf files in > /usr/local/lib, sometimes > in /usr/local/etc, sometimes /usr/local/software-package-name/whatever. I > personally would prefer that all configuration files go into /etc. One > possiblity is to look for conf files in a number of places, like > when the Linux > kernel looks for sh when booting into single user mode: look in > your "package > dependant location", then look in /etc. > > > I advise people to leave out the major packages when installing > redhat and > > get them from the primary source, now I can use security as an > additional > > argument ! > > I do this with all my mission critical stuff anyway, but I still > try to get the > conf files to go into /etc... this way it's easier to backup the > system: /etc > gets backed up, binaries in /usr are reinstallable. > > Andy. > > From mark at paradise.raleigh.nc.us Tue Dec 21 16:48:28 1999 From: mark at paradise.raleigh.nc.us (Mark Price) Date: Tue Dec 2 02:27:43 2003 Subject: Win9x profiles References: Message-ID: <385FAF5C.BC1D7579@paradise.raleigh.nc.us> Ondrej, you must tell Windows 95/98 to store individual profiles. Open Control Panel, then double-click Passwords, then under the "User Profiles" tab select the second radio button and check the last 2 options. hope this helps Mark Ondrej Hanak wrote: > > Hi, > one question i have. How to force Win9x to store their profiles to > profile share? WinNTs normaly store profiles in profile share, but 95/98 > store their profiles in home share. I feel that, there is a conflict. Can > somebody tell me what i must set to achieve aim? > > Thanks for any comment. > Ondrej -- Mark Price mailto: mark@paradise.raleigh.nc.us Raleigh, NC USA website: http://paradise.raleigh.nc.us __ __ .-----.---.-.----.---.-.--| |__|.-----.-----. | _ | _ | _| _ | _ | ||__ --| -__| | __|___._|__| |___._|_____|__||_____|_____| |__| From timothy_d_cole at md.northgrum.com Tue Dec 21 16:42:33 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:43 2003 Subject: Authenticating across domains Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631A6@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Christian E [SMTP:cej@ti.com] > Sent: Tuesday, December 21, 1999 11:05 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Authenticating across domains > > Hi,all > > I've seen this question before, but I don't think it was answered. > Does > anyone know how to authenticate with more than one domain ? I have a > problem at the moment with a user who would like access to our file > server from another domain. The NT domains have a trust set up but still > we get "invalid user name or password" when we try to connect to the > samba box..It works to another NT box across the domain though... > Is the samba box a PDC? If not, is "security = domain", and does the domain it is in trust the other domains? From pburch at oralis.com Tue Dec 21 16:47:19 1999 From: pburch at oralis.com (Phil Burch) Date: Tue Dec 2 02:27:43 2003 Subject: Win9x profiles Message-ID: <118529BE5569D31189910060089A3E72148E51@MAIL> Using the 'Passwords' control panel click the second radio button under User Profiles. Phil Burch Network Administrator Oralis.com The online supplier to oral healthcare professionals We are hiring the best and brightest. Please see our job openings at: http://www.oralis.com/ -----Original Message----- From: Ondrej Hanak [mailto:hanak@IRIS.osu.cz] Sent: Tuesday, December 21, 1999 12:00 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Win9x profiles Hi, one question i have. How to force Win9x to store their profiles to profile share? WinNTs normaly store profiles in profile share, but 95/98 store their profiles in home share. I feel that, there is a conflict. Can somebody tell me what i must set to achieve aim? Thanks for any comment. Ondrej From cej at ti.com Tue Dec 21 16:50:43 1999 From: cej at ti.com (Christian E) Date: Tue Dec 2 02:27:43 2003 Subject: Authenticating across domains References: <51FBD4A8EFD9D111BA7300A0C927DADB5631A6@xcgmd008.md.essd.northgrum.com> Message-ID: <385FAFE3.46956F11@ti.com> "Cole, Timothy D." wrote: > > > -----Original Message----- > > From: Christian E [SMTP:cej@ti.com] > > Sent: Tuesday, December 21, 1999 11:05 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Authenticating across domains > > > > Hi,all > > > > I've seen this question before, but I don't think it was answered. > > Does > > anyone know how to authenticate with more than one domain ? I have a > > problem at the moment with a user who would like access to our file > > server from another domain. The NT domains have a trust set up but still > > we get "invalid user name or password" when we try to connect to the > > samba box..It works to another NT box across the domain though... > > > Is the samba box a PDC? If not, is "security = domain", and does > the domain it is in trust the other domains? It is not a PDC and security is set to domain . It authenticates with an NT BDC which is in a domain who is trusting the other domain...Is it necessary to point to a BDC/PDC in the other domain ?? best regards Christian From lkcl at samba.org Tue Dec 21 18:32:00 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: Message-ID: On Tue, 21 Dec 1999, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > 1) you CANNOT put smbpasswd in /etc. > > SuSE does this as well. It was partly my decision. For a standard > installation I did not want to clobber the directories. I really do > not see any further security benefit if smbpasswd is put somewhere > else. People who play with permissions in /etc/ have to know what they > do. *sigh*. true. > The standard installation does it just fine, and if you chmod > anything there, you are on your own. do we want to be responsible for not making that really clear to people (particularly those who are new to linux)? From lkcl at samba.org Tue Dec 21 18:43:07 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <006901bf4bcc$0d8cb500$0164a8c0@win981> Message-ID: IN MY OPINION :) - smb.conf file is file in /etc - if you are concerned about novice users who may not be aware of the risks associated with modifying the file permisions: smbpasswd and *.mac are better off in a private directory (we use /usr/local/samba/private) where the permissions on the directory are rwx------ to root only. best regards, luke p.s just my opinion. On Tue, 21 Dec 1999, Mike Harris wrote: > Luke, > > Redhat makes the file (I believe) rw root only, so it is reasonably secure. > Caldera OpenLinux puts the files in /etc/samba.d. I personally don't like > the SID and PID etc. files to wind up in /etc as it clutters an already > cluttered area. /usr/private is one option. > > The reason for the mail, is that I'm in a book about Samba and in one > section that discusses the installation, I've described how to update Samba > OVER the existing locations for RedHat, Caldera and Debian. Therefore, it > puts them in the (possibly) vulnerable locations. I'd like that the chapter > as much as possible relays the sentiments of the Samba Team to its readers > and therefore can alter it to either suggest an alternative, preffered > location (/etc/private, /etc/samba, /usr/private etc.) or simply add in a > note with respect to this issue for administrators. Do you have any input > on this? > > Thanks in advance and regards, > > > Mike Harris, > Psand Espa?a. > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: Monday, December 20, 1999 11:10 PM > Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc > > > > david, > > > > my fault: it appears that they may have taken the default rpms from the > > packaging directory this time, so there are two people that need to be > > smacked: > > > > - me (for assuming that it was redhat that set this up) > > > > - john (for creating the rpm with /etc/ as the root) > > > > - me again for telling everyone it's such a big deal. > > > > luke > > > > On Tue, 21 Dec 1999, David Bannon wrote: > > > > > At 08:27 AM 21/12/1999 +1100, Luke Kenneth Casson Leighton wrote: > > > >dear redhat, > > > > > > > >i examined a friend's system today, to help him configure it. assuming > > > >that he just "installed" from scratch the samba package, it appears > that > > > >you have provided a default smb.conf file for redhat 6.1 that puts > samba > > > >private configuration files in /etc. the suggested options, for > example > > > >show "smbpasswd file = /etc/smbpasswd". > > > > > > > >this is REALLY bad. > > > > > > Thanks for smacking their hand over this. Redhat has a habit of changing > > > the layout of standard packages (ie Apache, PPP as well as samba). It is > a > > > real pain because things are never where you expect them and you need to > do > > > a fairly drastic uninstall before you can update. > > > > > > I advise people to leave out the major packages when installing redhat > and > > > get them from the primary source, now I can use security as an > additional > > > argument ! > > > > > > David > > > ------------------------------------------------------------ > > > David Bannon D.Bannon@latrobe.edu.au > > > School of Biochemistry Phone 61 03 9479 2197 > > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > > > ------------------------------------------------------------ > > > ..... Humpty Dumpty was pushed ! > > > > From perrier at onera.fr Tue Dec 21 17:50:28 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: =?iso-8859-15?Q?=3CPine=2ESGI=2E4=2E05=2E9912210529510=2E25156-100000=40?= =?iso-8859-15?Q?samba=2Eanu=2Eedu=2Eau=3E=3B_from_lkcl=40samba=2Eorg_on_?= =?iso-8859-15?Q?mar=2C_d=E9c_21=2C_1999_at_08:27:22_+1100?= References: Message-ID: <19991221185027.A6205@mykerinos> Quoting Luke Kenneth Casson Leighton (lkcl@samba.org): > this is REALLY bad. For me this is *somewhat* bad only..:-) > 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc. As far as the files are not world-readable, I do not really see the problem. > > i know that these require root access, however if your users start to > assume that just because these files are in /etc, they are equivalent to > /etc/passwd, they may decide to make these world-readable, and as a result Sorry, but the argument is quite weak here. In /etc, you'll find several other files for which world readability is prohibited (/etc/shadow for instance). So, if an "administrator" decides to make /etc/smbpasswd or *.mac files world-readable, *he* is the culprit. He just does not deserve to be called sysadmin.. Of course, if the rpm package install smbpasswd as world-readable, it is a bug. If the file permissions are 0600, I do not consider this a bug. Maybe somehting that could be enhanced... Anyway, the choice of putting configuration files somewhere under /etc is the choice of nearly all Linux distributions now. But, for sure, /etc/samba is a far better choice. That's Debian choice : smb.conf is in /etc/samba and private files are under /etc/samba/private (which is, as far as I remember, not world-readable). I use Debian for such reasons..:-) From kevinc at grainsystems.com Tue Dec 21 19:42:33 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:43 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: Message-ID: <385FD829.783FB77F@grainsystems.com> Luke Kenneth Casson Leighton wrote: > > IN MY OPINION :) > > - smb.conf file is file in /etc > > - if you are concerned about novice users who may not be aware of the > risks associated with modifying the file permisions: smbpasswd and *.mac > are better off in a private directory (we use /usr/local/samba/private) > where the permissions on the directory are rwx------ to root only. The directory idea is fine, but I do agree that _all_ config should be kept together--in /etc somewhere, preferably. Keeping partial configs in different directory structures is begging for problems. Why not have it be /etc/samba/private instead of /usr/local? I can understand the desire for source to keep everything under the /usr/local/samba/ tree, but if that is the case, then everything--including smb.conf--should be there. However, this situation can be a timebomb in production environments. Configs kept anywhere except /etc are often misplaced, overwrote, lost, or worse. /etc provides a little centralized security too. When a server goes down or is scheduled for replacement, why should I have to go poking through /usr/local/samba piece by piece. The configs in /etc should be all the local config I need. Install new binaries on a fresh system and simply drop in the old configs. It needs to be noted that production demands are not the same as development demands, and steps be taken accordingly. - Kevin Colby kevinc@grainsystems.com From thomas.heiligenmann at t-online.de Tue Dec 21 19:41:39 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:44 2003 Subject: Common batch file? Can you "call batch.bat" from netlogon batch? References: <001001bf4b25$11100940$24ada8c0@aprotex.com> Message-ID: <385FD7F3.F569B3E2@heiligenmann.de> You can make use of the %0 parameter to call batch files relatively to your originating batch file. E.g. to call a file in the same directory: call %0\..\other.bat ... to call a file one dir level higher: call %0\..\..\upper.bat ... etc. -- Thomas Steven Hildreth wrote: > > Hi, wondering if I can setup a common batch that all users would use, > along with their specific batch file. > > I tried to "call batch_filename.bat" and it did not work. > > I am wanting to create a series of maps and shares common to all in > the company, and then setup each (some) of the users specific shares. > > Thanks for any information. > > Regards, > Steven Hildreth > Information Technology Manager > Aprotex Corporation, http://www.aprotex.com > "Proven Property Protection Since 1952" From lkcl at samba.org Tue Dec 21 19:51:35 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <385FD829.783FB77F@grainsystems.com> Message-ID: > However, this situation can be a timebomb in production > environments. Configs kept anywhere except /etc are often > misplaced, overwrote, lost, or worse. /etc provides a little it's a little scary seeing samba go from a small project to a major service :) From timothy_d_cole at md.northgrum.com Tue Dec 21 19:57:49 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:44 2003 Subject: Authenticating across domains Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631A7@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Christian E [SMTP:cej@ti.com] > Sent: Tuesday, December 21, 1999 11:51 > To: Cole, Timothy D.; Samba Mailing list > Subject: Re: Authenticating across domains > > "Cole, Timothy D." wrote: > > > > > -----Original Message----- > > > From: Christian E [SMTP:cej@ti.com] > > > Sent: Tuesday, December 21, 1999 11:05 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Authenticating across domains > > > > > > Hi,all > > > > > > I've seen this question before, but I don't think it was > answered. > > > Does > > > anyone know how to authenticate with more than one domain ? I have a > > > problem at the moment with a user who would like access to our file > > > server from another domain. The NT domains have a trust set up but > still > > > we get "invalid user name or password" when we try to connect to the > > > samba box..It works to another NT box across the domain though... > > > > > Is the samba box a PDC? If not, is "security = domain", and > does > > the domain it is in trust the other domains? > > > It is not a PDC and security is set to domain . It authenticates > with > an NT BDC which is in a domain who is trusting the other domain...Is it > necessary to point to a BDC/PDC in the other domain ?? > Hmm, no, that probably wouldn't do what you want. In "security = domain", it definitely has to be pointing to a PDC/BDC of the domain it's a member of (in general it should be anyway) I have no idea if this will make a difference, but ideally rather than just the one BDC, you should probably specify the PDC and then all of the BDCs for the domain on the one "password server = " line, separated by whitespace. (i.e. "password server = SMYDOM00 SMYDOM01 SMYDOM02") At least that's how we have it here, and domain trust relationships seem to work. From skvidal at phy.duke.edu Tue Dec 21 20:14:35 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: Message-ID: > IN MY OPINION :) > > - smb.conf file is file in /etc > > - if you are concerned about novice users who may not be aware of the > risks associated with modifying the file permisions: smbpasswd and *.mac > are better off in a private directory (we use /usr/local/samba/private) > where the permissions on the directory are rwx------ to root only. > > best regards, i know there are those who might disagree but the debian structure is fairly nice. /etc/samba and /etc/private read the debian rules file - it should provide all the necessary security settings etc. it keeps things compliant with the FHS 2.0(+?) (linux-ish only but..) my 2cents -sv From ctooley at joslyn.org Tue Dec 21 20:46:11 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:44 2003 Subject: FW: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc Message-ID: <000401bf4bf7$c3167f20$1900a8c0@webstat.joslyn.org> -----Original Message----- From: James Olin Oden [mailto:joden@lee.k12.nc.us] Sent: Saturday, December 18, 1999 9:12 PM To: ctooley@joslyn.org Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc > > If a systems administrator installs something like Samba and makes the > smbpasswd file world readable, that person is asking for trouble. If they > are in a situation where they could leak out severely damaging information, > and they are using Linux, the chances of that person not having someone on > staff to catch this error are slim to none. Most of the places I've seen > using Linux have several people going over the system thoroughly before the > network cable or modem cable gets plugged in. > Samba's apps could do something like sendmail. sendmail will not run unless base set of sane permissions exist on various files and directories, unless you set a particular macro (I think that is the right word) to true. The macro is something like DontBlameSendmail. I think this is a pretty good approach, and could easily be incorparated into Samba...james From giovanni.affuso at almaitalia.it Tue Dec 21 21:32:41 1999 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:27:44 2003 Subject: Problem in the use of Domain Member in last version of CVS Message-ID: <4.2.0.58.19991221222907.00af7910@10.0.0.1> Hi, I have to install the last version of cvs-samba, but if I use the testparm I have the seguent errors: Unknown parameter encountered: "domain group map" Ignoring unknown parameter "domain group map" Unknown parameter encountered: "local group map" Ignoring unknown parameter "local group map" Unknown parameter encountered: "domain user map" Ignoring unknown parameter "domain user map" If I running the samba services infact this parameters is ignored, Why? Thanks Giovanni Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From mg at plum.de Tue Dec 21 21:48:18 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:44 2003 Subject: Problem in the use of Domain Member in last version of CVS References: <4.2.0.58.19991221222907.00af7910@10.0.0.1> Message-ID: <385FF5A2.3166778@plum.de> Affuso Giovanni wrote: > > Hi, > I have to install the last version of cvs-samba, but if I use the testparm > I have the seguent errors: > Unknown parameter encountered: "domain group map" > Ignoring unknown parameter "domain group map" > Unknown parameter encountered: "local group map" > Ignoring unknown parameter "local group map" > Unknown parameter encountered: "domain user map" > Ignoring unknown parameter "domain user map" > > If I running the samba services infact this parameters is ignored, Why? You checked out the HEAD branch, did you ? IIRC those parameters are only used in the "PDC" version aka SAMBA_TNG branch. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From mgeddes at xavier.sa.edu.au Tue Dec 21 21:55:11 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: <19991221090919.F16548@alcove.wittsend.com> Message-ID: <385FF73E.A54231FE@xavier.sa.edu.au> You could always just stick smbpasswd in an oversized binary file, that only root has access to. You would then have the system keep this file open and locked at all times, so that no-one else could even read it. Why, hell you could even put ALL of your critical configuration / boot information in this one file, so that if it was corrupt...... Or has that already been done? I think the /etc directory is a great place for files of this nature. The only problem is it's got too much stuff in it already. It could probably be split up like /bin and /usr/bin were (and then later, /usr/X11/bin). Solaris also has the passwd, shadow, group files in a seperate directory under /etc with links to the relevant files. You could have a directory /etc/here-be-dragons/, and store it all in there (with adequate permissions though). Matt From mgeddes at xavier.sa.edu.au Tue Dec 21 21:58:13 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: <001e01bf4bbb$9e029480$1900a8c0@webstat.joslyn.org> Message-ID: <385FF7F5.BD4A73E8@xavier.sa.edu.au> Chris Tooley wrote: > I would like to say that I in no way would want the samba team to think > that I don't absolutely LOVE the work they have done, it has save our Museum > from going into debt to have a PDC running. > > However, I would like to say that from what I've seen of Linux and other > UNIX's it is definitely more appropriate for config files for programs to go > into it's own directory under /etc/. My roommate and I have heated > discussions on occassion, him being a Sun Sys Admin and I working primarily > with Linux, over where installed files should be, but I just can't defend > the fact that there isn't a common ground on where the config files are > supposed to be at. I was under the impression that the Linux File System Standard had something to say about this. I must admit though, it has been a while since I read it. Matt From mgeddes at xavier.sa.edu.au Tue Dec 21 22:13:53 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:44 2003 Subject: Moving from NT PDC to Samba PDC References: Message-ID: <385FFBA1.D78C4EDF@xavier.sa.edu.au> Paolo Supino wrote: > Hi Hello > > > I have a mixed network of Linux machines (RH 5.1) and NT WS (4-SP5) > machines. All my servers are Linux based (2 servers). There is a 3rd > server that acts as PDC (and it's his sole purpose in life)and > authenticates every SMB connection (be it to a Samba share or a NT share). > I want to move the PDC role from this NT (and move the computer to another > role) to one of the linux based servers. I have the following questions: > > 1. Do I have to upgrade all the samba servers to 2.x version of Samba or > can I get away with only upgrading the server that will act as PDC (samba > on RH 5.1 was 1.9.18p10). What advantages/disadvatage can will I ancounter > in either case? Pre-Samba 2 didn't cope very well with Domain Controlling (officially, I found it OK for my purposes). So I'd probably go with Samba 2.x on your PDC (I've found version 2.0.5a quite good, although I'm sure some will disagree - anyway, go with at least 2.0.5a). Your Other Samba box should still work OK (I must admit, I haven't done a great deal of testing, but it worked for me). > > > 2. What kind of pitfalls will I ancounter when trasitioning the role. You won't be able to use User Damager for Domains and the other RPC stuff. This can be worked around by using SWAT (Samba Web Administration Tool - comes with 2.x) or something like webmin (http://www.webmin.com/), which is a set of perl scripts that allow you to configure your Unix machine through a HTTP interface. Apart from that, you shouldn't have too many problems. The NT box should become a member of the Samba Domain quite easily (RTFM) you may have a few problems with Browse lists, NT doesn't like not being the Master Browser, but if you set all the options right in the config file, there isn't much that can go wrong. > > > 3. Can I leave the current domain name and general settings (which people > got acastomed to) or should I bring up a new domain and move everyone to > the new domain (and try to retain as much as possible of the old domain)? > You can bring up Samba in the old Domain. Make sure that the NT PDC isn't running as a PDC at the time though (switching off the netlogon and browser service should be enough). You can even keep your old accounts and passwords by using pwdump.exe. It grabs the encrypted passwords from the SAM database and saves them in a file the same format as smbpasswd. I am looking at having our PDC become a Linux box and the testing I have done so far looks promising. You will need to re-install NT in order to make it join another Domain (instead of controlling it). Hopefully they will fix this soon (actually, I'm not really bothered, because you need to do the same to put Linux on the machine ;-)). I hope this was of some help, there will be things that people will disagree with, but you'll probably test this stuf out a bit first anyway..... Matt From D.Bannon at latrobe.edu.au Tue Dec 21 22:09:40 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: References: Message-ID: <3.0.6.32.19991222090940.008a97f0@bioserve.latrobe.edu.au> At 07:52 PM 21/12/1999 +1100, Volker Lendecke wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >> 1) you CANNOT put smbpasswd in /etc. > >People who play with permissions in /etc/ have to know what they >do. The standard installation does it just fine, and if you chmod >anything there, you are on your own. > My initial comment was from a convience point of view, not security. Samba (and similar packages such as Apache) arrive in a nice discrete lump. You can see all the files under /usr/local/samba belong to samba, you can be sure there are no more (apart from startup scripts) hidden away somewhere you did not expect and there are only a few files in each directry. But most importantly, the docs all talk about files being in this particular tree structure ! Along comes redhat (and others) grabs things like samba and does it their way. Someone doing an upgrade a few months later needs to completely remove the redhat rpm and then install samba from the cvs, then go off and set up the startup files. I've never let redhat do a samba install, but I have wasted some time restoring an Apache one. Even if they stick with the rpm (control freaks shudder), it must cause problems. When people on this list for example, talk about file locations they almost always assume the /usr/local/samba structure, it must be most confusing for someone following the rpm course. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From swaters at amicus.com Tue Dec 21 22:47:15 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: <3.0.6.32.19991222090940.008a97f0@bioserve.latrobe.edu.au> Message-ID: <38600373.819943A9@amicus.com> David Bannon wrote: > > Along comes redhat (and others) grabs things like samba and does it their > way. Someone doing an upgrade a few months later needs to completely remove > the redhat rpm and then install samba from the cvs, then go off and set up > the startup files. I've never let redhat do a samba install, but I have > wasted some time restoring an Apache one. > > Even if they stick with the rpm (control freaks shudder), it must cause > problems. When people on this list for example, talk about file locations > they almost always assume the /usr/local/samba structure, it must be most > confusing for someone following the rpm course. ever heard of SRPM??? just compile a nice RPM for yourself w/ your own .configure flags. it's extremely easy. when you need to upgrade, get the newer tarball from samba.org and use your old .spec file. -s From kevinc at grainsystems.com Tue Dec 21 22:56:53 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc References: <3.0.6.32.19991222090940.008a97f0@bioserve.latrobe.edu.au> Message-ID: <386005B5.24DD2575@grainsystems.com> David Bannon wrote: > > Samba (and similar packages such as Apache) arrive in a nice > discrete lump. You can see all the files under /usr/local/samba > belong to samba, you can be sure there are no more (apart from > startup scripts) hidden away somewhere you did not expect [...] Ah, but this logic quickly tends to break down. What if you're using pam_smb? Does that mean that smbpasswd goes in /etc or that /bin/login should be /usr/local/samba/bin/login? Now my example is ridiculous, but the point is the same. When you move from, "Here is some source. Try it out." to, "This Linux server ships with Samba installed." the nice lumps lose all meaning. I don't want Samba to be given any special treatment. I'd like it to be integrated into the existing (and I think adequate) configuration scheme that the majority essential Unix services' configs use. The vast majority of Samba users in the coming years will NEVER download the Samba source. They'll get it preinstalled. - Kevin Colby kevinc@grainsystems.com From lharold at mrc.uidaho.edu Tue Dec 21 22:59:34 1999 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:44 2003 Subject: Problem in the use of Domain Member in last version of CVS In-Reply-To: <385FF5A2.3166778@plum.de>; from "Michael Glauche" at Dec 22, 99 9:15 am Message-ID: <199912212259.OAA20041@hydra.mrc.uidaho.edu> >Affuso Giovanni wrote: >> >> Hi, >> I have to install the last version of cvs-samba, but if I use the testparm >> I have the seguent errors: >> Unknown parameter encountered: "domain group map" >> Ignoring unknown parameter "domain group map" >> Unknown parameter encountered: "local group map" >> Ignoring unknown parameter "local group map" >> Unknown parameter encountered: "domain user map" >> Ignoring unknown parameter "domain user map" >> >> If I running the samba services infact this parameters is ignored, Why? > >You checked out the HEAD branch, did you ? IIRC those parameters >are only used in the "PDC" version aka SAMBA_TNG branch. > >regards, > Michael Did the login change when the tree was moved? "cvs" is not working for me. Len From s.striker at striker.nl Tue Dec 21 23:44:08 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:44 2003 Subject: Confused, HEAD or SAMBA_TNG Message-ID: <001f01bf4c0d$464eabf0$0a00a8c0@office.striker.nl> Hi there, I'm a bit confused. For the PDC code, which I assumed to be in both the 2.1 and the 3.0 versions, which tree do I have to chech out? SAMBA_TNG or just the HEAD branch? Which is which; SAMBA_TNG = 2.1 or 3.0? I assume TNG stands for The Next/New Generation? This also implying that this is the 3.0 version? Sander Striker From mg at plum.de Tue Dec 21 23:37:40 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:44 2003 Subject: Problem in the use of Domain Member in last version of CVS References: <199912212259.OAA20041@hydra.mrc.uidaho.edu> Message-ID: <38600F44.AE6C30EE@plum.de> Len Harold wrote: > > >Affuso Giovanni wrote: > >> > >> Hi, > >> I have to install the last version of cvs-samba, but if I use the testparm > >> I have the seguent errors: > >> Unknown parameter encountered: "domain group map" > >> Ignoring unknown parameter "domain group map" > >> Unknown parameter encountered: "local group map" > >> Ignoring unknown parameter "local group map" > >> Unknown parameter encountered: "domain user map" > >> Ignoring unknown parameter "domain user map" > >> > >> If I running the samba services infact this parameters is ignored, Why? > > > >You checked out the HEAD branch, did you ? IIRC those parameters > >are only used in the "PDC" version aka SAMBA_TNG branch. > > > >regards, > > Michael > > Did the login change when the tree was moved? > "cvs" is not working for me. not that I know .. 2 days ago anon cvs did work here ... :) The best thing is that you do a fresh checkout : cvs -z3 checkout -r SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From ed at schernau.com Tue Dec 21 23:49:10 1999 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:44 2003 Subject: increasingly OT RPM flame Message-ID: <386011F6.6F367C1C@schernau.com> Count my vote for the "Just Say No" to RPMS, Linuxconf, GUI configurators, and the whole schmiel. Give me tarballs anyday!!! -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA From ink at inconnu.isu.edu Tue Dec 21 23:48:43 1999 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:27:44 2003 Subject: Administrator Woes Message-ID: Using 2.0.5a: smb.conf has: domain admin users = administrator root domain admin group = ntadmins root Root can login on any machine and have administrator rights. The 'administrator' is just a normal user (has no administrative rights). I've re-created the Administrator user several times, varying the parameters (I even made the Administrator UID 0 to see if that had an effect!). Does anyone know what I'm doing wrong? I'd rather not hand out the root password to people needing to do workstation maintenance. (Gee, I don't know why I would be afraid of *that* ;) TIA, Craig From gus at xux.net Tue Dec 21 23:56:46 1999 From: gus at xux.net (Kyle Schustyk) Date: Tue Dec 2 02:27:44 2003 Subject: WinNT Server logins into a Samba PDC Message-ID: Are there any known issues with users on a Windows NT Server failing to login to a Samba controlled NT Domain ? I've got encryption set up, and the smbpasswd file created. The Windows NT server has successfully joined the domain, but it won't allow users to log on. However, if I blank a users password in smbpasswd, then the windows NT server WILL successfully process the logon. This is, however, not a feasable solution:) FYI: Windows 95, and 98 nodes have no trouble logging in with the same usernames and passwords that fail from the WinNT Server. WinNT Server is Service Pack 3 From skvidal at phy.duke.edu Wed Dec 22 00:36:23 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:44 2003 Subject: Confused, HEAD or SAMBA_TNG In-Reply-To: <001f01bf4c0d$464eabf0$0a00a8c0@office.striker.nl> Message-ID: > I'm a bit confused. For the PDC code, which I assumed to be in both the > 2.1 and the 3.0 versions, which tree do I have to chech out? > SAMBA_TNG or just the HEAD branch? Which is which; SAMBA_TNG = 2.1 or 3.0? > I assume TNG stands for The Next/New Generation? This also implying that > this is the 3.0 version? I think it should also imply that it will use new tetrion beam transmissions and should regularly beam people to and fro'. sorry irresisitable. I would also like to know the distinction. >From what I've seen it appears to be that TNG includes the changes that LKCL has been adding to break up the smbd/nmbd processes into many smaller processes and the ability to control said processes from NT. But I'm not certain of this. -sv From lonnie at borntreger.com Wed Dec 22 00:39:26 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:44 2003 Subject: SAMBA_TNG doesn't compile Message-ID: <000c01bf4c15$00805da0$0500000a@wh.com> Compilation problems. Anybody have a clue? ---- SAMBA_TNG Snapshot 6:38pm CST Solaris 7 gcc 2.8.1 ---- Compiling rpc_client/cli_connect.c + gcc -I. -I. -O2 -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qu al -Wcast-align -DDEBUG_PASSWORD -Iinclude -I./include -I./ubiqx -I./smbwrap per -DLOGFILEBASE="/usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/ log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/loca l/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR ="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/lo cal/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/ usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.d ef" -DBINDIR="/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntform s.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROG RAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSM B_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DSMB_PASSGRP_FILE="/usr/ local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/s mbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" -c rpc_client/cli_connect.c -o rpc_client/cli_connect.o rpc_client/cli_connect.c: In function `cli_get_con_sesskey': rpc_client/cli_connect.c:276: structure has no member named `sess_key' rpc_client/cli_connect.c:276: structure has no member named `sess_key' rpc_client/cli_connect.c: In function `cli_con_gen_next_creds': rpc_client/cli_connect.c:360: warning: passing arg 1 of `gen_next_creds' from incompatible pointer type rpc_client/cli_connect.c: In function `cli_con_get_cli_cred': rpc_client/cli_connect.c:370: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `cli_con_deal_with_creds': rpc_client/cli_connect.c:380: structure has no member named `sess_key' rpc_client/cli_connect.c:380: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `cli_con_set_creds': rpc_client/cli_connect.c:398: structure has no member named `sess_key' rpc_client/cli_connect.c:399: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `rpc_con_pipe_req': rpc_client/cli_connect.c:426: warning: passing arg 1 of `rpc_api_pipe_req' from incompatible pointer type rpc_client/cli_connect.c:426: warning: passing arg 3 of `rpc_api_pipe_req' makes pointer from integer without a cast rpc_client/cli_connect.c:426: too many arguments to function `rpc_api_pipe_req' gmake: *** [rpc_client/cli_connect.o] Error 1 TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From mgeddes at xavier.sa.edu.au Wed Dec 22 04:30:45 1999 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:44 2003 Subject: Windows Client account password expiry Message-ID: <386053F5.7D3A62B@xavier.sa.edu.au> Hi, If you aren't all on holidays, does anyone know how I can emulate Windows NT's password expiry on a Samba / Linux box (including the prompt at login). I am planning on running Samba 2.0.5a and RedHat 6.0. I also need the user to be able to change their password. If not, does anybody know of a different method of doing the same? Thanks, Matt From Martin-N.Huber at ubs.com Wed Dec 22 07:13:30 1999 From: Martin-N.Huber at ubs.com (Martin Huber) Date: Tue Dec 2 02:27:44 2003 Subject: Win2KRC2 finally joins the Sambanet domain :-) In-Reply-To: <005301bf4b2d$fe836a20$0164a8c0@psand.net> Message-ID: <000301bf4c4c$0d5a9950$76121fac@AECMHU> I tried the same thing and got it finally to work by checking out the cvs code by date of 11-19. It seems that during the cvs reorganisation some changes disappearded in the head branch. I also tried SAMBA_TNG - the same problem. w2k couldn't join the domain. The 11-19 code has another problem: swat doesn't accept any logins. So I had to configure it with swat -a in order to be able to use it. But hopefully the code will be cleaned up in the next days? Martin -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of mike@psand.net Sent: Montag, 20. Dezember 1999 21:20 To: samba-ntdom@samba.org Subject: RE: Win2KRC2 finally joins the Sambanet domain :-) Richard, Am trying the same thing with RC3 and it doesn't work! Do you know if it does at all? If so, I'll not pester you any more and go off and investigate. Just wondered if I'm up a blind alley! I've got the latest CVS source. Thanks in advance, Mike Harris, Psand Espa?a. ----- Original Message ----- From: Richard Sharpe To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, November 22, 1999 8:44 PM Subject: Win2KRC2 finally joins the Sambanet domain :-) > Hi, > > well, I finally have Win2KRC2 joining my Sambanet domain. > > Last problem was that I had a MACHINE.SID and SAMBANET.SID file and smbd > was refusing to start ... Doh! > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From cej at ti.com Wed Dec 22 08:32:42 1999 From: cej at ti.com (Christian E) Date: Tue Dec 2 02:27:44 2003 Subject: Authenticating across domains References: <51FBD4A8EFD9D111BA7300A0C927DADB5631A7@xcgmd008.md.essd.northgrum.com> Message-ID: <38608CAA.DD535369@ti.com> "Cole, Timothy D." wrote: > > I have no idea if this will make a difference, but ideally rather > than just the one BDC, you should probably specify the PDC and then all of > the BDCs for the domain on the one "password server = " line, separated by > whitespace. (i.e. "password server = SMYDOM00 SMYDOM01 SMYDOM02") At least > that's how we have it here, and domain trust relationships seem to work. Ok, I'll try that here too then. Only problem is that the PDC is on a WAN connection ( 128 kbit) and our BDC is here on a 100 Mbit LAN..Hope there won't be any problems with slow connections... best regards Christian -- Christian Ejstrup, RF Development Engineer/ IT- Administrator. Texas Instruments A/S, Denmark ,Sofiendalsvej 85,DK-9200 Aalborg SV,Denmark Phone:+45 96346868, Phone(direct):+45 96346860, GSM:+45 22234304 From matthias at waechter.wol.at Wed Dec 22 08:32:37 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:44 2003 Subject: FW: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <000401bf4bf7$c3167f20$1900a8c0@webstat.joslyn.org> Message-ID: On Wed, 22 Dec 1999, Chris Tooley wrote: > Samba's apps could do something like sendmail. sendmail will not run unless > base set of sane permissions exist on various files and directories, unless > you > set a particular macro (I think that is the right word) to true. The macro > is something like DontBlameSendmail. I think this is a pretty good approach, > and could easily be incorparated into Samba...james I would suggest to make this not an option for the configs (i.e. like an m4 macro in sendmail) but a compile time option. This has two points: 1. Admins really have to know what they do if they do what they wanna do. 2. Hackers had to recompile Samba instead of just gaining access to the config to unlock this part of the security scheme. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From hanak at IRIS.osu.cz Wed Dec 22 10:33:09 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:44 2003 Subject: After login logout problem solved Message-ID: Hi all, you could remember, that i wrote about subject few weeks ago. I all time thought that this was made by CZ localized ver. of NT wrks. Cause domain logon with US NT wrks was correct. Only on czech stations appeared. I can not believe that it was such stupid thing. Everything was done by restricted permisions for domain users in former NT server domain. Only users from domain user group had permissions to read from system root (/winnt/system32). I found, that it was done to restrict login to some computers for some non-privileged users (non-listed in correct domain group). For example, students couldn't login in teachers office computers. And this is the core of the problem. After BIG change (NT server to Samba) there were no domain groups. But users were authenticated by Samba PDC. So users were authenticated, but on local wrks they had no acces to system root. Win NT will not tell you, that system can't read! Only logout comes after. Again one "system solution" provided by Micro$oft. You can login, but you can not login, so you will be logged out wthout any system message like access denied.... What dou you think about this great idea (i think this is recommended in resource kit) ? Cheers. Ondrej From mg at plum.de Wed Dec 22 11:17:10 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:44 2003 Subject: Confused, HEAD or SAMBA_TNG References: Message-ID: <3860B336.90A840B4@plum.de> Seth Vidal wrote: > > > I'm a bit confused. For the PDC code, which I assumed to be in both the > > 2.1 and the 3.0 versions, which tree do I have to chech out? > > SAMBA_TNG or just the HEAD branch? Which is which; SAMBA_TNG = 2.1 or 3.0? > > I assume TNG stands for The Next/New Generation? This also implying that > > this is the 3.0 version? > I think it should also imply that it will use new tetrion beam > transmissions and should regularly beam people to and fro'. :) > I would also like to know the distinction. > >From what I've seen it appears to be that TNG includes the changes that > LKCL has been adding to break up the smbd/nmbd processes into many smaller > processes and the ability to control said processes from NT. But I'm not > certain of this. IIRC at the moment the only branch that supports PDC is the SAMBA_TNG branch, which was the old 2.1.0-prealpha branch. The only problem is, that LKCL made many changes to it in the last few weeks, and some ppl got problems compiling it (including myself :) But, if I recall it correctly (correct me if I'm wrong) the current HEAD-Branch (which is basicly the old 2.0.x branch) will get the "old" PDC code soon. (i.e someone is merging them) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From mg at plum.de Wed Dec 22 11:20:33 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:44 2003 Subject: Problem in the use of Domain Member in last version of CVS References: <199912212345.PAA20137@hydra.mrc.uidaho.edu> Message-ID: <3860B401.69B01C9@plum.de> Len Harold wrote: > > >> Did the login change when the tree was moved? > >> "cvs" is not working for me. > > > >not that I know .. 2 days ago anon cvs did work here ... :) > > > >The best thing is that you do a fresh checkout : > > > >cvs -z3 checkout -r SAMBA_TNG samba > > > >regards, > > Michael > > Michael, > > Am I doing something wrong with the following command: > > > cvs -d :pserver:cvs@samba.org:SAMBA_TNG login > (Logging in to cvs@samba.org) > CVS password: > cvs [login aborted]: incorrect password > > I use "cvs" as the password. yes ... the SAMBA_TNG has nothing to do with the CVSROOT ... :) so do : cvs -d :pserver:cvs@samba.org:/cvsroot login then cvs -z3 -d :pserver:cvs@samba.org:/cvsroot checkout -r SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From ctooley at joslyn.org Wed Dec 22 14:47:33 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:44 2003 Subject: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc In-Reply-To: <385FF7F5.BD4A73E8@xavier.sa.edu.au> Message-ID: <000101bf4c8b$7ab1c8e0$1900a8c0@webstat.joslyn.org> As requested by this Matthew I downloaded the FHS (http://www.fokus.gmd.de/linux/lxstnd/fhs/fhs.txt) and read through it. It says on page 8: END RATIONALE/ -- the root directory| +-bin Essential command binaries +-boot Static files of the boot loader +-dev Device files +-etc Host-specific system configuration +-home User home directories +-lib Essential shared libraries and kernel modules +-mnt Mount point of temporary partitions +-opt Add-on application software packages +-root Home directory for the root user +-sbin Essential system binaries +-tmp Temporary files +-usr Secondary hierarchy +-var Variable data I point you to the line about etc. Later on it goes on to discuss in more detail what should go into each of these directories, and what "Host-specific system configuration" means. Again, I would like to say that I in no way want the Samba Team to take what I'm saying as negative. No matter what, I will continue to use Samba for as long as I am allowed to, no matter where the config files are. So please take this as support for the opinion I had. Thank you for the work, Chris Tooley ----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Matthew Geddes Sent: Tuesday, December 21, 1999 4:23 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc Chris Tooley wrote: > I would like to say that I in no way would want the samba team to think > that I don't absolutely LOVE the work they have done, it has save our Museum > from going into debt to have a PDC running. > > However, I would like to say that from what I've seen of Linux and other > UNIX's it is definitely more appropriate for config files for programs to go > into it's own directory under /etc/. My roommate and I have heated > discussions on occassion, him being a Sun Sys Admin and I working primarily > with Linux, over where installed files should be, but I just can't defend > the fact that there isn't a common ground on where the config files are > supposed to be at. I was under the impression that the Linux File System Standard had something to say about this. I must admit though, it has been a while since I read it. Matt From urso2k at bol.com.br Wed Dec 22 17:55:38 1999 From: urso2k at bol.com.br (urso2k) Date: Tue Dec 2 02:27:44 2003 Subject: CVS code doesn't compile - "lib/system.c:806: structure has no member named `d_off'" Message-ID: Compilation problems in AIX 4.3.1.0 AIX 4.3.1.0 gcc 2.95 # make Using FLAGS = -O -Iinclude -I./include -I./ubiqx - I./smbwrapper -D_LARGE_FILES - DSMBLOGFILE="/usr/local/samba/var/log.smb" - DNMBLOGFILE="/usr/local/samba/var/log.nmb" - DCONFIGFILE="/usr/local/samba/lib/smb.conf" - DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" - DSWATDIR="/usr/local/samba/swat" - DSBINDIR="/usr/local/samba/bin" - DLOCKDIR="/usr/local/samba/var/locks" - DSMBRUN="/usr/local/samba/bin/smbrun" - DCODEPAGEDIR="/usr/local/samba/lib/codepages" - DDRIVERFILE="/usr/local/samba/lib/printers.def" - DBINDIR="/usr/local/samba/bin" -DHAVE_INCLUDES_H - DPASSWD_PROGRAM="/bin/passwd" - DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" Using FLAGS32 = -O -Iinclude -I./include -I./ubiqx - I./smbwrapper -D_LARGE_FILES - DSMBLOGFILE="/usr/local/samba/var/log.smb" - DNMBLOGFILE="/usr/local/samba/var/log.nmb" - DCONFIGFILE="/usr/local/samba/lib/smb.conf" - DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" - DSWATDIR="/usr/local/samba/swat" - DSBINDIR="/usr/local/samba/bin" - DLOCKDIR="/usr/local/samba/var/locks" - DSMBRUN="/usr/local/samba/bin/smbrun" - DCODEPAGEDIR="/usr/local/samba/lib/codepages" - DDRIVERFILE="/usr/local/samba/lib/printers.def" - DBINDIR="/usr/local/samba/bin" -DHAVE_INCLUDES_H - DPASSWD_PROGRAM="/bin/passwd" - DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" Using LIBS = -ldl Compiling lib/system.c In file included from include/includes.h:210, from lib/system.c:22: /usr/include/arpa/inet.h:152: warning: `struct ether_addr' declared inside parameter list /usr/include/arpa/inet.h:152: warning: its scope is only this definition or declaration, which is probably not what you want. /usr/include/arpa/inet.h:153: warning: `struct ether_addr' declared inside parameter list /usr/include/arpa/inet.h:154: warning: `struct ether_addr' declared inside parameter list /usr/include/arpa/inet.h:159: warning: `struct sockaddr_dl' declared inside parameter list /usr/include/arpa/inet.h:160: warning: `struct sockaddr_dl' declared inside parameter list /usr/include/arpa/inet.h:161: warning: `struct sockaddr_dl' declared inside parameter list In file included from include/includes.h:359, from lib/system.c:22: /usr/include/rpcsvc/yp_prot.h:341: warning: `struct ypall_callback' declared inside parameter list lib/system.c: In function `wsys_readdir': lib/system.c:806: structure has no member named `d_off' make: 1254-004 The error code from the last command is 1. Stop. ---- some results running "./configure" checking whether the C compiler (gcc -O ) works... yes checking whether the C compiler (gcc -O ) is a cross- compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for a BSD compatible install... (cached) /usr/bin/installbsd -c checking for mawk... (cached) nawk checking whether gcc and cc understand -c and -o together... (cached) yes checking that the C compiler understands volatile... (cached) yes checking host system type... powerpc-ibm-aix4.3.1.0 checking target system type... powerpc-ibm-aix4.3.1.0 checking build system type... powerpc-ibm-aix4.3.1.0 Bruno Bear urso2k@bol.com.br ______________________________________________ BRASIL ONLINE Usuario do BOL tem descontos nas compras de Natal http://www.bol.com.br/festas/presentes/index.html Todo brasileiro tem direito a um e-mail grátis http://www.bol.com.br From rlagowski at softmed.es Wed Dec 22 18:06:29 1999 From: rlagowski at softmed.es (Rafal Lagowski) Date: Tue Dec 2 02:27:44 2003 Subject: CVS of HEAD Message-ID: <99122219125900.02296@adminlin.i.softmed.es> Hi! my problem is short and easy How can I download CVS version of Samba 2.1??? I downloaded using CVS cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r HEAD samba but this is not a 2.1 version (I think so) This is a 2.4b version. After copmile this version do not recognize i.e domain group map parameter in smb.conf What must I do for download and compile HEAD Branch version of Samba (I need make PDC for Wiindows NT) Please help me I know is realy stupid question but .... Thanks ! -- Rafal Lagowski mailto:rlagowski@softmed.es, ICQ:54592050 From jeremy at valinux.com Wed Dec 22 19:45:09 1999 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:44 2003 Subject: CVS code doesn't compile - "lib/system.c:806: structure has no member named `d_off'" References: Message-ID: <38612A45.DCFB887A@valinux.com> urso2k wrote: > > Compilation problems in AIX 4.3.1.0 > Sorry, that was part of the unicode changes. I have fixed this, please re-check out. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lharold at mrc.uidaho.edu Wed Dec 22 19:11:34 1999 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:44 2003 Subject: New CVS compile error Message-ID: <199912221911.LAA22647@hydra.mrc.uidaho.edu> Guys, I have new compile errors under HP-UX 10.20 with both cc and gcc. Errors using gcc 2.95.2: > gmake Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper ... Using LIBS = -lsec Compiling rpc_client/cli_connect.c rpc_client/cli_connect.c: In function `cli_get_con_sesskey': rpc_client/cli_connect.c:276: structure has no member named `sess_key' rpc_client/cli_connect.c:276: structure has no member named `sess_key' rpc_client/cli_connect.c: In function `cli_con_gen_next_creds': rpc_client/cli_connect.c:360: warning: passing arg 1 of `gen_next_creds' from incompatible pointer type rpc_client/cli_connect.c: In function `cli_con_get_cli_cred': rpc_client/cli_connect.c:370: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `cli_con_deal_with_creds': rpc_client/cli_connect.c:380: structure has no member named `sess_key' rpc_client/cli_connect.c:380: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `cli_con_set_creds': rpc_client/cli_connect.c:398: structure has no member named `sess_key' rpc_client/cli_connect.c:399: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `rpc_con_pipe_req': rpc_client/cli_connect.c:426: warning: passing arg 1 of `rpc_api_pipe_req' from incompatible pointer type rpc_client/cli_connect.c:426: warning: passing arg 3 of `rpc_api_pipe_req' makes pointer from integer without a cast rpc_client/cli_connect.c:426: too many arguments to function `rpc_api_pipe_req' gmake: *** [rpc_client/cli_connect.o] Error 1 Errors using cc 10.32.05 or 10.32.30: > gmake Using FLAGS = +O3 +Oall -Iinclude -I./include -I./ubiqx -I./smbwrapper -Ae ... Using LIBS = -lsec Compiling rpc_client/cli_connect.c cc: "rpc_client/cli_connect.c", line 276: error 1588: "sess_key" undefined. cc: "rpc_client/cli_connect.c", line 276: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 276: warning 563: Argument #2 is not the correct type. cc: "rpc_client/cli_connect.c", line 276: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 276: error 1594: The sizeof operator cannot be applied to types with unknown size. cc: "rpc_client/cli_connect.c", line 276: warning 527: Integral value implicitly converted to pointer in assignment. cc: "rpc_client/cli_connect.c", line 276: warning 563: Argument #3 is not the correct type. cc: "rpc_client/cli_connect.c", line 360: warning 604: Pointers are not assignment-compatible. cc: "rpc_client/cli_connect.c", line 360: warning 563: Argument #1 is not the correct type. cc: "rpc_client/cli_connect.c", line 370: error 1588: "clnt_cred" undefined. cc: "rpc_client/cli_connect.c", line 370: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 370: warning 563: Argument #2 is not the correct type. cc: "rpc_client/cli_connect.c", line 370: warning 527: Integral value implicitly converted to pointer in assignment. cc: "rpc_client/cli_connect.c", line 370: warning 563: Argument #3 is not the correct type. cc: "rpc_client/cli_connect.c", line 380: error 1588: "sess_key" undefined. cc: "rpc_client/cli_connect.c", line 380: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 380: warning 563: Argument #1 is not the correct type. cc: "rpc_client/cli_connect.c", line 380: error 1588: "clnt_cred" undefined. cc: "rpc_client/cli_connect.c", line 380: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 380: warning 563: Argument #2 is not the correct type. cc: "rpc_client/cli_connect.c", line 380: warning 604: Pointers are not assignment-compatible. cc: "rpc_client/cli_connect.c", line 380: warning 563: Argument #3 is not the correct type. cc: "rpc_client/cli_connect.c", line 398: error 1588: "sess_key" undefined. cc: "rpc_client/cli_connect.c", line 398: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 398: warning 563: Argument #1 is not the correct type. cc: "rpc_client/cli_connect.c", line 398: warning 611: Qualifiers are not assignment-compatible. cc: "rpc_client/cli_connect.c", line 398: warning 563: Argument #2 is not the correct type. cc: "rpc_client/cli_connect.c", line 398: warning 527: Integral value implicitly converted to pointer in assignment. cc: "rpc_client/cli_connect.c", line 398: warning 563: Argument #3 is not the correct type. cc: "rpc_client/cli_connect.c", line 399: error 1588: "clnt_cred" undefined. cc: "rpc_client/cli_connect.c", line 399: error 1531: Invalid member of struct or union. cc: "rpc_client/cli_connect.c", line 399: warning 563: Argument #1 is not the correct type. cc: "rpc_client/cli_connect.c", line 399: warning 527: Integral value implicitly converted to pointer in assignment. cc: "rpc_client/cli_connect.c", line 399: warning 563: Argument #3 is not the correct type. cc: "rpc_client/cli_connect.c", line 426: error 1619: Too many arguments for rpc_api_pipe_req. cc: "rpc_client/cli_connect.c", line 426: warning 604: Pointers are not assignment-compatible. cc: "rpc_client/cli_connect.c", line 426: warning 563: Argument #1 is not the correct type. cc: "rpc_client/cli_connect.c", line 426: warning 527: Integral value implicitly converted to pointer in assignment. cc: "rpc_client/cli_connect.c", line 426: warning 563: Argument #3 is not the correct type. gmake: *** [rpc_client/cli_connect.o] Error 1 This isn't a real problem, but HP's make doesn't like one of the Makefile macros as well: > make Make: Macro expansion too big. Stop. Len Harold From umehlig at uni-bremen.de Wed Dec 22 19:19:41 1999 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:44 2003 Subject: Administrator Woes In-Reply-To: (ink@inconnu.isu.edu) References: Message-ID: <199912221919.UAA03030@pandora3.localnet> Craig Kelley wrote: > smb.conf has: > > domain admin users = administrator root > domain admin group = ntadmins root > > Root can login on any machine and have administrator rights. The > 'administrator' is just a normal user (has no administrative > rights). I've re-created the Administrator user several times, > varying the parameters (I even made the Administrator UID 0 to see > if that had an effect!). Maybe "administrator" is a bit too long a name for a unix user? We have even more than one nt admin group ("ntadm", "netadmin" and the like), and "root" is not a member of any of them. I also do not specify the extra "domain admin user" parameter; just "... group" is sufficient to let the groups' members be nt domain admins. We are using 2.06 now, but it worked with 2.05a, too. Regards, Ulf < from "smb.conf" > ------------------------------------------------- [...] domain admin group = ntadm,netadmin # both are regular unix groups domain logons = Yes logon path = \\%N\profiles\%U [...] ---------------------------------------------------------------------- -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From mg at plum.de Wed Dec 22 19:57:35 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:44 2003 Subject: CVS of HEAD References: <99122219125900.02296@adminlin.i.softmed.es> Message-ID: <38612D2F.8D7042E4@plum.de> Rafal Lagowski wrote: > > Hi! > my problem is short and easy > > How can I download CVS version of Samba 2.1??? > I downloaded using CVS > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r HEAD samba > > but this is not a 2.1 version (I think so) This is a 2.4b version. After > copmile this version do not recognize i.e domain group map parameter in smb.conf > > What must I do for download and compile HEAD Branch version of Samba (I need > make PDC for Wiindows NT) > use : cvs -d :pserver:cvs@samba.org:/cvsroot login then cvs -z3 -d :pserver:cvs@samba.org:/cvsroot checkout -r SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From Steven.Gordon at motorola.com Wed Dec 22 22:22:55 1999 From: Steven.Gordon at motorola.com (Gordon Steven-QSG001) Date: Tue Dec 2 02:27:44 2003 Subject: roaming profile problems with Samba 2.06 Message-ID: <2608E16E82ACD3118DEF0008C7CF804533736B@tx14exm01.fwrdc.rtsg.mot.com> Hello, I'm having problems using Roaming Profiles on NT 4.0 (sp4 and sp5) when they are on an HP-UX (version 10.20) server with Samba 2.06. The messages at login time ( and in the event viewer ) imply that it's a permissions problem. The odd thing is that after you're logged in, you can then mount that same Profile share, and write/read files to it. The message from the "application" event viewer is as follows: You do not have permission to access your central profile located at \\fwhns44\profs\p_qsg001. The operating system is attempting to log you on with your local profile. Please contact your Network Administrator. The "User Profile Path" entry in the NT "User Manager for Domains" is: \\fwhns44\profs\p_qsg001 I have the Samba logs from a sample login session, with the log level set to 20. If anyone feels they would be helpful, I'd be happy to email them. The following is my smb.conf file. Any help you can provide would be greatly appreciated. Regards, Steve # Samba config file created using SWAT # from usftwwns05.fwrdc.rtsg.mot.com (178.1.100.18) # Date: 1999/12/22 14:58:35 # Global parameters [global] workgroup = CIGNAMERICA server string = %h Samba File & Print Server v%v log file = /var/adm/samba/samba-log.%m.%U max log size = 1024 name resolve order = wins host bcast deadtime = 15 getwd cache = No max open files = 1014 shared mem size = 5242880 load printers = No logon drive = h: local master = No wins server = 178.1.100.8 oplock break wait time = 40 preload = profs lock dir = /var/spool/locks homedir map = auto.home create mask = 0775 force create mode = 0755 printing = bsd print command = lp - %p %s hide dot files = No oplocks = No [homes] comment = Home Directory for %u %H via Samba read only = No create mask = 0755 delete readonly = Yes [csttgrp] comment = /cna/csttgrp.moto path = /cna/csttgrp.moto read only = No [aseweb] comment = /project/ASEWEB path = /project/ASEWEB read only = No [cna] comment = /project/cna path = /project/cna read only = No [fwtde] comment = /project/fwtde path = /project/fwtde read only = No [profs] comment = wts profiles path = /opt/samba/profiles read only = No ------------------------------------------------------------------------ __/ / _ __ | /_ / /__ / /__ /__ / | MOTOROLA _/ ____/ _/ _/ ___/ _/ _/ | | Steve Gordon | Cellular Infrastructure Group (817) 245-6811 | Information Technology Services qsg001@email.mot.com | ------------------------------------------------------------------------ From pli at ee.ualberta.ca Thu Dec 23 07:31:53 1999 From: pli at ee.ualberta.ca (Patrick Li) Date: Tue Dec 2 02:27:44 2003 Subject: PDC Message-ID: SGVsbG8gdGhlcmUsDQoNCkkgc3VjY2Vzc2Z1bGx5IHVzZSBzYW1iYSBhcyBQREMgKCBvciBsb2dv biBzZXJ2ZXIpIGZvciBteSBob21lIG5ldHdvcmsuDQpJdCBjYW4gbm93IGhhbmRsZSBpbnRlcm5h bCBJUCBsaWtlIDE5Mi4xNjgueC54IGFuZCBpcCBvbiB0aGUgc2FtZSBzdWJuZXQgYXMgbXkgc2Ft YmEgc2VydmVyLCB0aGF0IGlzIG15IHNlcnZlciBpcyAyNC4xMTEuMjUueCBhbmQgY29tcHV0ZXIg b24gMjQuMTExLjI1LnggY2FuIGFjY2VzcyBpdA0KYnV0IEkgZ290IGEgbWFjaGluZSB3aGljaCBo YXMgYSBpcCAyNC4xMTEuMjQueCBhbmQgdGhhdCBtYWNoaW5lIGlzIG5vdCBhYmxlIHRvIGpvaW4g dGhlIHNhbWJhIGRvbWFpbiwgYW55b25lIGtub3cgd2h5Pw0KSSB0aGluayB0aGUgcHJvYmxlbSBp cyB0aGF0IHRoZSBzYW1iYSBzZXJ2ZXIgZGlkbid0IGJyb2FkY2FzdCBpbiB0aGUgMjQuMTExLjI0 Lnggc3VibmV0LCBob3cgY2FuIEkgZml4IHRoaXM/DQoNClRoYW54DQoNClBhdA== From Volker.Lendecke at SerNet.DE Thu Dec 23 07:53:10 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:27:44 2003 Subject: CVS of HEAD In-Reply-To: <38612D2F.8D7042E4@plum.de> (message from Michael Glauche on Thu, 23 Dec 1999 06:54:51 +1100) References: <99122219125900.02296@adminlin.i.softmed.es> <38612D2F.8D7042E4@plum.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > cvs -z3 -d :pserver:cvs@samba.org:/cvsroot checkout -r SAMBA_TNG samba http://samba.sernet.de/pdc.html if daily update is enough for you. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBOGHU2z/9BWnmOc5FAQF0RQQAkV7R7TT9vTbmHvWogZyEwvcCmwhZLPYV Wml/w6yJJgSleL9fR4LdV0bmMajXpqkNmhG5Y1RKr/AYUcfdBw7lW8PR1Vqdz+6d hp2bSGpX/VtSLQLnnnPSQfIl7HXnibFn+scj/C8gxWq/aOrd7c+zZprc4ewXpQFm pwphZFL0nas= =wLxe -----END PGP SIGNATURE----- From lauffer at ph-freiburg.de Thu Dec 23 08:36:34 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:44 2003 Subject: roaming profile problems with Samba 2.06 In-Reply-To: <2608E16E82ACD3118DEF0008C7CF804533736B@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: Hi Steve! Don?t you need something like this in the [global] section?! encrypt passwords = yes domain logons = yes It also is recommented to set up a PDC with DMB support... domain master = yes and why not support LMB... local master = yes preferred master = yes os level = 34 I?m not an expert in domain-logons... i?ve only tested domain logons some days ago, so i?m not sure if anything else must be done (my test system includes the share [netlogons] which will be a default share name used by windows-clients...) It would be nice if you can report me what was wrong... Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From lauffer at ph-freiburg.de Thu Dec 23 08:54:28 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:44 2003 Subject: PDC In-Reply-To: Message-ID: Hi Pat! > I successfully use samba as PDC ( or logon server) for my home network. > It can now handle internal IP like 192.168.x.x and ip on the same subnet as my samba server, that is my server is 24.111.25.x and computer on 24.111.25.x can access it > but I got a machine which has a ip 24.111.24.x and that machine is not able to join the samba domain, anyone know why? > I think the problem is that the samba server didn't broadcast in the 24.111.24.x subnet, how can I fix this? Would be helpfully if you would post your global section... if you?ll support domain logons, you must have a wins server and a DMB too. It could be look like this: ------- [global] domain master = yes local master = yes preferred master = yes os level = 34 wins support = yes ------- But be carefully! There should not exist a NT DMB in this workgroup... domain masters don?t use a election. On client side you must set the wins-server ip of your samba host. In your case it should be 24.111.25.??? If you?re using win9x clients there can be strange problems... Mostly you have to disable netbios name resolution over DNS and set the node type to the h-node. you can do this automatically (included wins-server editing) if you?ll saving the following lines as a plain text-file with the file ending .reg and then start it un der M$ windows win9x clients... --- start ----------------- REGEDIT4 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP] "NameServer1"="24.111.25.???" "NodeType"="8" "EnableDNS"="0" "ScopeID"="" --- stop ----------------- Please don?t forget to set the correct wins-server ip! Normally you don?t need the ScopeID, but i?ve had several RAS-clients which couldn?t connect correctly to the samba server if this key?s not set. At least please check this file before starting with a windows editor like edit, notepad... newlines under M$ are not "compatible" to often use unix style... Windows textfile lines must end with a ^M (hope i?m not wrong). ;)) Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From lauffer at ph-freiburg.de Thu Dec 23 09:34:43 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:45 2003 Subject: =?iso-8859-1?Q?2=2E0=2E6=3A_DMB_buggy_if_you=B4re_using_an_?= =?iso-8859-1?Q?NT-Wins-Server?= Message-ID: Hi all! I?ve got samba 2.0.6. I would use the host as DMB. In our LAN there are several NT Servers, but not for the workgroup of the samba-server. There?s all right if i set up samba like this: --- domain master = yes preferred master = yes local master = yes os level = 64 wins support = true --- But if i?m using samba not as wins server and set wins server to a NT-Wins Server, samba will not act as DMB! Strange - the NT Wins server has got the correct entries (1B...). And other Samba Server (LMB) get the correct DMB Info from the NT-Wins Server and they try ro connect to the Samba DMB. But this host still says: "Local master announce made to us from PINGUIN IP 193.197.132.180 and we are not a domain master browser." I always thougt that there will be no problem using a NT-Wins Server in a "mixed" network. Does someone has got an idea why the samba server would not act as DMB in combination with the NT-Wins Server?!! Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From lauffer at ph-freiburg.de Thu Dec 23 09:43:45 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:45 2003 Subject: =?iso-8859-1?Q?2=2E0=2E6=3A_DMB_buggy_if_you=B4re_using_an_?= =?iso-8859-1?Q?NT-Wins-Server?= In-Reply-To: Message-ID: Hi all! Forgotten a dump of log.nmb... 193.197.133.9 is the NT-Wins server... ------------ [1999/12/23 10:11:44, 0] nmbd/nmbd_nameregister.c:refresh_name(397) refresh_name: Failed to send packet trying to refresh name MAIL1<00> [1999/12/23 10:11:44, 0] libsmb/nmblib.c:send_udp(755) Packet send failed to 193.197.133.9(137) ERRNO=Invalid argument [1999/12/23 10:11:44, 0] nmbd/nmbd_packets.c:send_netbios_packet(173) ----------- This is the only thing that looks strange to me... > But if i?m using samba not as wins server and set wins server to a NT-Wins Server, > samba will not act as DMB! Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From David.Bear at asu.edu Thu Dec 23 19:17:24 1999 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:45 2003 Subject: nmbd starts Message-ID: I have informed smb.conf local master = no domain master = no preferred master = no wins support = no name resolve order = wins lmhosts bcast wins server = 129.219.13.105 ; my wins server (nt) With this setup, nmbd should not be starting right? Well, it is. What other factors would tell nmbd to start. How do I keep it from starting. David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From David.Bear at asu.edu Thu Dec 23 19:31:59 1999 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:45 2003 Subject: os2 clients Message-ID: After my first sambe server croak (head crash) I have rebuilt another one with essentially the same smb.conf file windows clients connect fine. os/2 client's get an error about the current password not having priveledges, sometimes. password encyrption is set to yes. my os2 warp server is the password server. If have password server = warpserver Do is still need an smbpasswd file? I realize I need to have unix accounts for the users, so unix can handle file permissions. But it seems that with password server set to another box, smbpasswd is not needed. What other elements might confuse samba or warp about authentication/permission? The warp client is only rejected 'occasionally'. David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From maillist at nudaymedia.com Fri Dec 24 04:56:07 1999 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:45 2003 Subject: Regarding domain administrators Message-ID: Merry Christmas everyone. I'm new to the list as I just started setting up a samba PDC today (Thursday 23 December). I have everything working except one part... In the current CVS tree (or even in distrib. 2.0.6) (I have tried both) HOW do I give domain admin status to a user or group? I tried the newest CVS build and neither domain admin group or domain group map parameters in the smb.conf file worked. every time I tried to run server manager, I got "access denied" and every time I tried user manager for domains I got "A Remote Procedure Call (RPC) protocol error occurred. Do you want to select another domain...." Any ideas? I set the debug level to 20 and monitored the output - every time domain group map would be recorded as an invalid parameter, and domain admin group would just be ignored (I could not find any reference to it in the log files as being processed, rejected, or otherwise. Thanks and have a great Holiday! ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc. Columbia, SC From pli at ee.ualberta.ca Fri Dec 24 21:21:36 1999 From: pli at ee.ualberta.ca (Patrick Li) Date: Tue Dec 2 02:27:45 2003 Subject: Sharing Drive Message-ID: SGVsbG8gYW5kIE1lcnJ5IENocmlzdG1hcyB0byBhbGwsDQoNCkkgZ290IG9uZSBxdWVzdGlvbiwg SSBnb3QgbXkgc2FtYmEgdG8gYWN0IGFzIGEgUERDIG9yIFdpbmRvd3MgbG9nb24gbWFjaGluZSwN Cm5vdyBJIHdhbnQgdG8gc2hhcmUgYSBkcml2ZSBvbiBvbmUgb2YgbXkgV2luTlQgbWFjaGluZXMs IGhvdyBjYW4gSSBkbyB0aGF0PyAgDQpDYW4gSSBqdXN0IHVzZSB0aGUgc2hhcmUgaW4gbXkgV2lu TlQgbWFjaGluZT8gT3IgSSBoYXZlIHRvIHNldCB0aGUgc21iLmNvbmYgYWdhaW4/DQoNClRoYW54 DQoNClBhdA== From jscipio at rochester.rr.com Sat Dec 25 02:12:24 1999 From: jscipio at rochester.rr.com (John F. Scipione) Date: Tue Dec 2 02:27:45 2003 Subject: join mailing list Message-ID: <000d01bf4e7d$7c3a3050$0400a8c0@ophelia> Hello, I would like to join the samba-ntdom mailing list. My e-mail is jscipio@rochester.rr.com. Thank you John F. Scipione -------------- next part -------------- HTML attachment scrubbed and removed From jscipio at rochester.rr.com Sat Dec 25 11:07:55 1999 From: jscipio at rochester.rr.com (John F. Scipione) Date: Tue Dec 2 02:27:45 2003 Subject: join mailing list Message-ID: <000a01bf4ec8$4ba58e30$0400a8c0@ophelia> Sorry, Ignore the wholy ignorant and useless message below, thank you. John F. Scipione jscipio@rochester.rr.com -------------- next part -------------- HTML attachment scrubbed and removed From ingar at c2i.net Mon Dec 27 15:13:41 1999 From: ingar at c2i.net (Ingar Rune Steinsland) Date: Tue Dec 2 02:27:45 2003 Subject: Windows 2000 Beta 3 and Samba Message-ID: <38678225.B8566FB6@c2i.net> Hi, I cannot connect to my Samba 2.0 fileserver from Windows 2000. Samba refuses to accept my username/password. I had the same problem on Windows98. On W98 I had to set set following key in the registry: My Computer\HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\VxD\VNETSUP EnablePlainTextPassword=1 But this does not work (as expected) under Windows 2000. What should I do? Thanks in advance, Ingar -- ________________________________________________________________ Ingar Rune Steinsland, Orkim Data AS, Kordahlvn 13, 1591 Sperrebotn,Norway Tlf: 47+64856178/69288577/90055401/88001287 Fax: 47-69288353 email: ingar@c2i.net web: http://www.home.sol.no/~ingar/ ________________________________________________________________ From Steven.Gordon at motorola.com Mon Dec 27 16:38:23 1999 From: Steven.Gordon at motorola.com (Gordon Steven-QSG001) Date: Tue Dec 2 02:27:45 2003 Subject: roaming profile problems with Samba 2.06 Message-ID: <2608E16E82ACD3118DEF0008C7CF804533736D@tx14exm01.fwrdc.rtsg.mot.com> I tried adding: domain logons = yes but it didn't help. I don't use "encrypted" passwords because I still have some Windows95 machines on the network, and they can't deal with encrypted passwords. I would think that passwd encryption isn't the issue, since I can mount the Profile share for read/write, after the user is logged in. I don't turn on "domain master browser" and "local master browser" because it does bad things to NT workstations that bind to the SAMBA servers instead of the PDC or BDC. It still seems to be some kind of permissions issue. Any other ideas? -----Original Message----- From: Stephan Lauffer [mailto:lauffer@ph-freiburg.de] Sent: Thursday, December 23, 1999 2:40 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: roaming profile problems with Samba 2.06 Hi Steve! Don't you need something like this in the [global] section?! encrypt passwords = yes domain logons = yes It also is recommended to set up a PDC with DMB support... domain master = yes and why not support LMB... local master = yes preferred master = yes os level = 34 I'm not an expert in domain-logons... I've only tested domain logons some days ago, so I'm not sure if anything else must be done (my test system includes the share [netlogons] which will be a default share name used by windows-clients...) It would be nice if you can report me what was wrong... Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] Original Message follows: ======================================================================= I'm having problems using Roaming Profiles on NT 4.0 (sp4 and sp5) when they are on an HP-UX (version 10.20) server with Samba 2.06. The messages at login time ( and in the event viewer ) imply that it's a permissions problem. The odd thing is that after you're logged in, you can then mount that same Profile share, and write/read files to it. The message from the "application" event viewer is as follows: You do not have permission to access your central profile located at \\fwhns44\profs\p_qsg001. The operating system is attempting to log you on with your local profile. Please contact your Network Administrator. The "User Profile Path" entry in the NT "User Manager for Domains" is: \\fwhns44\profs\p_qsg001 I've attached the Samba logs from a sample login session, with the log level set to 20. The following is my smb.conf file. Any help you can provide would be greatly appreciated. Regards, Steve # Samba config file created using SWAT # from usftwwns05.fwrdc.rtsg.mot.com (178.1.100.18) # Date: 1999/12/22 14:58:35 # Global parameters [global] workgroup = CIGNAMERICA server string = %h Samba File & Print Server v%v log file = /var/adm/samba/samba-log.%m.%U max log size = 1024 name resolve order = wins host bcast deadtime = 15 getwd cache = No max open files = 1014 shared mem size = 5242880 load printers = No logon drive = h: local master = No wins server = 178.1.100.8 oplock break wait time = 40 preload = profs lock dir = /var/spool/locks homedir map = auto.home create mask = 0775 force create mode = 0755 printing = bsd print command = lp - %p %s hide dot files = No oplocks = No encrypt passwords = No domain logons = Yes [homes] comment = Home Directory for %u %H via Samba read only = No create mask = 0755 delete readonly = Yes [csttgrp] comment = /cna/csttgrp.moto path = /cna/csttgrp.moto read only = No [aseweb] comment = /project/ASEWEB path = /project/ASEWEB read only = No [cna] comment = /project/cna path = /project/cna read only = No [fwtde] comment = /project/fwtde path = /project/fwtde read only = No [profs] comment = wts profiles path = /opt/samba/profiles read only = No guest ok = Yes case sensitive = No ------------------------------------------------------------------------ __/ / _ __ | /_ / /__ / /__ /__ / | MOTOROLA _/ ____/ _/ _/ ___/ _/ _/ | | Steve Gordon | Cellular Infrastructure Group (817) 245-6811 | Information Technology Services qsg001@email.mot.com | ------------------------------------------------------------------------ From giulioo at pobox.com Mon Dec 27 18:18:06 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:45 2003 Subject: roaming profile problems with Samba 2.06 In-Reply-To: <2608E16E82ACD3118DEF0008C7CF804533736D@tx14exm01.fwrdc.rtsg.mot.com> References: <2608E16E82ACD3118DEF0008C7CF804533736D@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: <19991227181855.C0B7326E67@i3.golden.dom> On Tue, 28 Dec 1999 03:40:58 +1100, hai scritto: >but it didn't help. I don't use "encrypted" passwords because I still have >some Windows95 machines on the network, and they can't deal with encrypted I think you can get encrypted passwords with win95 by installing the redirector update, search for: vrdrupd.exe at the MS site. -- giulioo@pobox.com From lauffer at ph-freiburg.de Mon Dec 27 19:03:50 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:45 2003 Subject: roaming profile problems with Samba 2.06 In-Reply-To: <2608E16E82ACD3118DEF0008C7CF804533736D@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: Hi Steve, I'm on holiday with my girl friend - she doesen't like computers very much ;-) - till 3th january. Sorry, i didn't have enough time to answer your mail. Wich you a very nice y2k! Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From Steven.Gordon at motorola.com Mon Dec 27 23:07:53 1999 From: Steven.Gordon at motorola.com (Gordon Steven-QSG001) Date: Tue Dec 2 02:27:45 2003 Subject: roaming profile problems with Samba 2.06 Message-ID: <2608E16E82ACD3118DEF0008C7CF8045337375@tx14exm01.fwrdc.rtsg.mot.com> Thanks Jorge Granjal and Stephan Lauffer, You were both correct in that I needed encrypted passwords for the roaming profiles to work, even though I can mount the shares after login time, with unencrypted passwords. How very inconvenient. I wish the roaming profiles could be made to work with unencrypted passwords. Regards, Steve ------------------------------------------------------------------------ __/ / _ __ | /_ / /__ / /__ /__ / | MOTOROLA _/ ____/ _/ _/ ___/ _/ _/ | | Steve Gordon | Cellular Infrastructure Group (817) 245-6811 | Information Technology Services qsg001@email.mot.com | ------------------------------------------------------------------------ -----Original Message----- From: Jorge Granjal [mailto:jgranjal@eden.dei.uc.pt] Sent: Monday, December 27, 1999 10:45 AM To: Gordon Steven-QSG001 Subject: RE: roaming profile problems with Samba 2.06 As far as I know you MUST use encrypted passwords for domain logons (and profiles) to work... Cheers. Jorge Granjal -- On Tue, 28 Dec 1999, Gordon Steven-QSG001 wrote: > I tried adding: > > domain logons = yes > > but it didn't help. I don't use "encrypted" passwords because I still have > some Windows95 machines on the network, and they can't deal with encrypted > passwords. I would think that passwd encryption isn't the issue, since I > can mount the Profile share for read/write, after the user is logged in. > > I don't turn on "domain master browser" and "local master browser" because > it does bad things to NT workstations that bind to the SAMBA servers instead > of the PDC or BDC. It still seems to be some kind of permissions issue. > > Any other ideas? > > -----Original Message----- > From: Stephan Lauffer [mailto:lauffer@ph-freiburg.de] > Sent: Thursday, December 23, 1999 2:40 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: roaming profile problems with Samba 2.06 > > > Hi Steve! > > Don't you need something like this in the [global] section?! > encrypt passwords = yes > domain logons = yes > > It also is recommended to set up a PDC with DMB support... > domain master = yes > and why not support LMB... > local master = yes > preferred master = yes > os level = 34 > > I'm not an expert in domain-logons... I've only tested domain logons > some days ago, so I'm not sure if anything else must be done > (my test system includes the share [netlogons] which will be a default > share name used by windows-clients...) > It would be nice if you can report me what was wrong... > > Liebe Gruesse, > Stephan Lauffer > > [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] > [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] > [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] > Original Message follows: > ======================================================================= > I'm having problems using Roaming Profiles on NT 4.0 (sp4 and sp5) when they > are on an HP-UX (version 10.20) server with Samba 2.06. The messages at > login time ( and in the event viewer ) imply that it's a permissions > problem. The odd thing is that after you're logged in, you can then mount > that same Profile share, and write/read files to it. > > The message from the "application" event viewer is as follows: > > You do not have permission to access your central profile located at > \\fwhns44\profs\p_qsg001. > The operating system is attempting to log you on with your local profile. > Please contact your > Network Administrator. > > The "User Profile Path" entry in the NT "User Manager for Domains" is: > > \\fwhns44\profs\p_qsg001 > > I've attached the Samba logs from a sample login session, with the log level > set to 20. > > The following is my smb.conf file. Any help you can provide would be > greatly appreciated. > > Regards, > > Steve > > # Samba config file created using SWAT > # from usftwwns05.fwrdc.rtsg.mot.com (178.1.100.18) > # Date: 1999/12/22 14:58:35 > > # Global parameters > [global] > workgroup = CIGNAMERICA > server string = %h Samba File & Print Server v%v > log file = /var/adm/samba/samba-log.%m.%U > max log size = 1024 > name resolve order = wins host bcast > deadtime = 15 > getwd cache = No > max open files = 1014 > shared mem size = 5242880 > load printers = No > logon drive = h: > local master = No > wins server = 178.1.100.8 > oplock break wait time = 40 > preload = profs > lock dir = /var/spool/locks > homedir map = auto.home > create mask = 0775 > force create mode = 0755 > printing = bsd > print command = lp - %p %s > hide dot files = No > oplocks = No > encrypt passwords = No > domain logons = Yes > [homes] > comment = Home Directory for %u %H via Samba > read only = No > create mask = 0755 > delete readonly = Yes > > [csttgrp] > comment = /cna/csttgrp.moto > path = /cna/csttgrp.moto > read only = No > > [aseweb] > comment = /project/ASEWEB > path = /project/ASEWEB > read only = No > > [cna] > comment = /project/cna > path = /project/cna > read only = No > > [fwtde] > comment = /project/fwtde > path = /project/fwtde > read only = No > > [profs] > comment = wts profiles > path = /opt/samba/profiles > read only = No > guest ok = Yes > case sensitive = No > ------------------------------------------------------------------------ > __/ / _ __ | > /_ / /__ / /__ /__ / | MOTOROLA > _/ ____/ _/ _/ ___/ _/ _/ | > | > Steve Gordon | Cellular Infrastructure Group > (817) 245-6811 | Information Technology Services > qsg001@email.mot.com | > ------------------------------------------------------------------------ > > > From ed at schernau.com Tue Dec 28 01:07:50 1999 From: ed at schernau.com (Ed Schernau) Date: Tue Dec 2 02:27:45 2003 Subject: Domain != encrypted logins Message-ID: <38680D66.8C1EC566@schernau.com> Running Samba as a Win9x PDC, and you dont need encrypted passwords. Ed From Alexej.Kupin at partner.bmw.de Tue Dec 28 15:04:09 1999 From: Alexej.Kupin at partner.bmw.de (Alexej Kupin) Date: Tue Dec 2 02:27:45 2003 Subject: Can't access Samba page References: <2.2.32.19991228123700.006979c4@wow.net> Message-ID: <3868D169.A5AB85D4@partner.bmw.de> Hi Donald, hello samba-people the URL(http://computer.freepage.de/kupin/samba.html) of my Samba-Page is a free-webspace provider server... It seems to me, that this web-server is down (may be temporary, may be because of the Y2K!) Anyway it was working today in the morning(german time) then I found that some of my directories(>5MB) has been removed or dated to "01 Jan" and not accesable any more. Well I wrote a SOS-letter to the provider, and now they web-server is totally down! I want to put my samba-page on an better location (= without provider-frames!) Last week over 400 Samba-users visited my page, and I recieved very positive feedback... May be someone from Samba-team will help me? regards Alexej jsdti@wow.net schrieb: > > Hello Mr. Kupin > > I read about your webpage in Kernel Cousin Samba but I cannot access the > URL. Is there some problem with the site? I would really like to read this > information. > > Feel free to email the information to me if possible. > > Thank you. > > Donald Walker > System admin. > > ********************************************************* > The John S. Donaldson Technical Institute > Wrightson Rd. > Port-of-Spain > Trinidad, West Indies > Tel: 868-625-1511,625-1512,625-1513,625-1514,625-9939 > Fax: 868-625-9939 > Email: jsdti@wow.net, webmaster@jsdti.edu.tt > ********************************************************* -------------- next part -------------- A non-text attachment was scrubbed... Name: Alexej.Kupin.vcf Type: text/x-vcard Size: 147 bytes Desc: Visitenkarte f?r Alexej Kupin Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991228/96937735/Alexej.Kupin.vcf From roger at coconet.com Tue Dec 28 15:48:10 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:27:45 2003 Subject: Can't access Samba page Message-ID: <002901bf514a$f1f72940$dc60b0cc@saturn2> At Internet Architect we are looking to expand our learning and training content into the LINUX/SAMBA area and would partner with content/source providers. We would be willing to place your content or other content provider pages, provided it meets certain requirements (basically that the content be useful to us, e-mail me for details), on our Internet University ite( www.internet-university.com ) or Technical Help pages www.technicalhelpme.com ) at no cost to you or those who wish to access the information. We are currently on a low bandwidth T1 connection but, Internet Architect (the host provider) will be moving to a new facility in January with a dedicated UUNET T3 connection and mirrored servers. -----Original Message----- From: Alexej Kupin To: Multiple recipients of list SAMBA-NTDOM Date: Tuesday, December 28, 1999 10:08 AM Subject: Re: Can't access Samba page >Hi Donald, hello samba-people > >the URL(http://computer.freepage.de/kupin/samba.html) >of my Samba-Page is a free-webspace provider server... > >It seems to me, that this web-server is down >(may be temporary, may be because of the Y2K!) > >Anyway it was working today in the morning(german time) >then I found that some of my directories(>5MB) has been >removed or dated to "01 Jan" and not accesable any more. > >Well I wrote a SOS-letter to the provider, >and now they web-server is totally down! > >I want to put my samba-page on an better location >(= without provider-frames!) > From mkoelle at gmx.de Tue Dec 28 16:08:29 1999 From: mkoelle at gmx.de (Markus Koelle) Date: Tue Dec 2 02:27:45 2003 Subject: sticky-bit Message-ID: <199912281608.RAA77990@mail.sampo.de> How can I set the sticky bit on new directories via share definition ? (samba 2.0.6) This doesn't work: [share] .... directory mode = 1777 ^ Any idea? Best Regards Markus Koelle mkoelle@gmx.de From frlord at webmethods.com Tue Dec 28 16:45:53 1999 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:27:45 2003 Subject: Which branch for CVS? Message-ID: <3868E941.92E844CE@webmethods.com> Which branch do I need to check out for the latest PDC code? I do not need the separated funcionality of the various rpcclient stuff, I just need PDC funtions. -- frl From giulioo at pobox.com Tue Dec 28 16:47:58 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:45 2003 Subject: sticky-bit In-Reply-To: <199912281608.RAA77990@mail.sampo.de> References: <199912281608.RAA77990@mail.sampo.de> Message-ID: <19991228164727.A120426E67@i3.golden.dom> On Wed, 29 Dec 1999 03:10:42 +1100, hai scritto: >How can I set the sticky bit on new directories >via share definition ? (samba 2.0.6) > >This doesn't work: >[share] > .... >directory mode = 1777 I think this is a bug, and I remember Jeremy Allison said he would have looked into it before 2.0.7 release. -- giulioo@pobox.com From pkrawczyk at pol.pl Tue Dec 28 23:40:03 1999 From: pkrawczyk at pol.pl (Krawietz) Date: Tue Dec 2 02:27:45 2003 Subject: subscribe Message-ID: <99122818403802.01070@fileserver.office.pol.pl> subscribe From jacek at mer.chemia.polsl.gliwice.pl Tue Dec 28 18:03:25 1999 From: jacek at mer.chemia.polsl.gliwice.pl (Jacek Stolarczyk) Date: Tue Dec 2 02:27:45 2003 Subject: Sharing disks form Win* with Samba as PDC Message-ID: Hi, I have Samba-2.0.5a setup as PDC with Win98 and WinNT Workstation clients. Access to shares on the server work perfectly but I have two problems: 1) occurs on Win98 (for example named AAAA): When I try to share a disk from Win98 station (user-oriented, not share oriented) I get a message: "list of users not available at the moment. Please try again later" (reverse translation from Polish). In log.aaaa I find: [1999/12/28 18:50:41, 1] smbd/ipc.c:api_fd_reply(3269) api_fd_reply: INVALID PIPE HANDLE: 0 [1999/12/28 18:50:41, 1] smbd/ipc.c:api_fd_reply(3269) api_fd_reply: INVALID PIPE HANDLE: 0 [1999/12/28 18:50:41, 1] smbd/ipc.c:api_fd_reply(3269) api_fd_reply: INVALID PIPE HANDLE: 0 It seems that this option is not yet supported in 2.0.5a 2) occurs on WinNT Workstation 4.0 (SP4) I have only two accounts there: Administrator and Guest. All other accounts (and profiles) are loaded from the Samba server. But I cannot perfrom any administrative actions (say change printer settings) when logged as one of the Samba servers users and cannot even view the properties ofthe printer (connected to the server Samba server) when logged as Administrator (unrecognized user, which is reasonable). Is there any workaround? Use pre 2.1 code? Best wishes Jacek Stolarczyk From richard.derks at itplus.nl Tue Dec 28 18:56:31 1999 From: richard.derks at itplus.nl (Derks, Richard) Date: Tue Dec 2 02:27:45 2003 Subject: unsubscribe Message-ID: <9112F4142CCDD111BA9C00062905319A014CD8FB@hkv-svr-exch-01.itplus.nl> unsubscribe -------------- next part -------------- HTML attachment scrubbed and removed From lharold at mrc.uidaho.edu Wed Dec 29 01:38:55 1999 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:45 2003 Subject: Stumped on roaming profiles Message-ID: <199912290138.RAA02416@hydra.mrc.uidaho.edu> Hello all, I can't make roaming profiles work correctly without adding the users to the domain admin group. The start menu folders are read but not the NTUSERS.DAT file. Of course everything works just as expected for the users listed in the domain admin group. The top profiles directory is mode 777 (although those created under it are 700 with file being 600). Below is my smb.conf file. Len ------- smb.conf ------- [global] os level = 255 announce as = NT Server workgroup = TEST server string = TEST Domain Server encrypt passwords = yes domain master = yes domain logons = yes logon script = \\%N\netlogon\logon.bat logon home = \\%N\%U logon path = \\%N\profiles\%U logon drive = H: domain admin group = smbroot,tester local master = yes prefered master = yes wins support = yes dns proxy = yes name resolve order = lmhosts host bcast allow hosts = 129.101.147.0/255.255.255.0 interfaces = 129.101.147.147/255.255.255.0 bind interfaces only = true security = user valid users = samba,smbguest,@sys,@crl,@ccie,@em,@soi writable = no read only = yes public = no guest account = smbguest guest ok = no directory mode = 0700 create mode = 0600 browseable = yes printing = hpux load printers = yes time server = true auto services = %u mangled map = (*;1 *) lock directory = /opt/samba/var/locks share modes = yes socket options = TCP_NODELAY read prediction = yes ; Domain login [netlogon] comment = Logon Scripts browseable = no guest ok = yes public = yes path = /opt/samba/logon oplocks = false ; Profiles [profiles] comment = User Profiles path = /home/profiles browseable = yes read only = no writeable = yes guest ok = yes ; Home Directories [homes] comment = Home Directories browseable = no read only = no writable = yes ; Printers [laser] comment = General Printer path = /var/tmp printable = yes public = yes [facp] comment = Faculty Printer path = /var/tmp printable = yes public = yes valid users = @sys,@crl,@WWW,smbroot [facp2] comment = Faculty 2 Printer path = /var/tmp printable = yes valid users = @sys,@crl,@WWW,smbroot [secp] comment = Secretary Printer path = /var/tmp printable = yes valid users = @sys,@crl,@WWW,smbroot [studp] comment = LACR Printer path = /var/tmp printable = yes public = yes [color] comment = LACR Color Laser path = /var/tmp printable = yes public = yes [facc2] comment = LACR Color Laser 2 path = /var/tmp printable = yes valid users = @sys,@crl,@ccie,smbroot [gradp] comment = Printer in Analog Lab path = /var/tmp printable = yes public = yes [djet] comment = Plotter in Test Lab path = /var/tmp printable = yes valid users = @sys,@crl,smbroot ; Drive exports ; OS installs [NT] comment = Windows NT path = /pc/nt valid users = lharold,smbroot oplocks = false [Win95] comment = Windows 95 path = /pc/win95 valid users = lharold,smbroot oplocks = false ; Application installs [Office] comment = Office Pro 97 path = /pc/office97 valid users = lharold,smbroot oplocks = false [McAfee] comment = McAfee Virus Shield path = /pc/mcafee valid users = lharold,smbroot oplocks = false [NT Res Kit] comment = NT Resource Kit path = /pc/ntreskit valid users = lharold,smbroot oplocks = false ; Software [Install] comment = Install Apps path = /pc/apps valid users = lharold,smbroot writable = yes [Apps] comment = Apps path = /pc/apps guest ok = yes ; Other drives [Linux] comment = Redhat path = /pc/linux valid users = lharold,smbroot oplocks = false [Web] comment = Web Pages path = /pc/web valid users = lharold,smbroot force group = WWW directory mode = 0775 create mode = 0664 writable = yes [Image1] comment = CD image 1 path = /cd/image valid users = lharold,smbroot browseable = no writable = no oplocks = false [Image2] comment = CD image 2 path = /cd/image2 valid users = lharold,smbroot browseable = no writable = no oplocks = false ; Temporary file space [Tmp] comment = Temporary file space path = /tmp read only = no writable = yes guest ok = yes public = yes From cartegw at Eng.Auburn.EDU Wed Dec 29 05:19:50 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:45 2003 Subject: Stumped on roaming profiles References: <199912290138.RAA02416@hydra.mrc.uidaho.edu> Message-ID: <386999F6.EE351D09@eng.auburn.edu> Len Harold wrote: > > Hello all, > > I can't make roaming profiles work correctly without adding the > users to the domain admin group. The start menu folders are read > but not the NTUSERS.DAT file. Of course everything works just as > expected for the users listed in the domain admin group. The > top profiles directory is mode 777 (although those created under > it are 700 with file being 600). Below is my smb.conf file. Sounds like a messed up9 ACL setting on the default ntuser.dat that everyone gets. Might want to double check these. btw... how did you generate the default user profile? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From s_colombo at iol.it Wed Dec 29 11:40:53 1999 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:45 2003 Subject: warning redefinition MAXINT Message-ID: Hi , I'm compiling the 2.06 source code on a HP-UX 10.20 box and I still get a warning cpp: "values.h", line 27: warning 2001: Redefinition of macro MAXINT I'm using the Hp AnsiC compiler bundle. Can anyone give me an help ? TIA Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1812 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991229/fa080703/winmail.bin From westermann at imm-mainz.de Wed Dec 29 13:58:36 1999 From: westermann at imm-mainz.de (Torsten Westermann) Date: Tue Dec 2 02:27:45 2003 Subject: warning redefinition MAXINT In-Reply-To: Message-ID: <892C036AF0@immnfa.imm-mainz.de> Hi Stefano, I have the same warning. HP says, these message is normal with the ANSI-C Compiler. MAXINT is defined in the values.h under HP-UX 10.20. Now, on our HP-UX 10.20 Diskless-Cluster Server works samba fine. Best regards Torsten Westermann UNIX -Administation Institute of Microtechnology Mainz Carl-Zeiss Strasse 18-20 55129 Mainz/Germany Tel.: 06131/990-153 Fax.: 06131/990-205 http://www.imm-mainz.de > Hi , > I'm compiling the 2.06 source code on a HP-UX 10.20 box and I still > get a warning > cpp: "values.h", line 27: warning 2001: Redefinition of > macro MAXINT > > I'm using the Hp AnsiC compiler bundle. > Can anyone give me an help ? > > TIA > From lauffer at ph-freiburg.de Tue Dec 28 13:50:57 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:45 2003 Subject: Domain != encrypted logins References: <38680D66.8C1EC566@schernau.com> Message-ID: <3868C041.2382830C@ph-freiburg.de> Hi Ed! > Running Samba as a Win9x PDC, and you dont need encrypted passwords. Can you explain this a little bit closer? IMHO win9x can?t act as a PDC. Do you mean, samba should run in a lower os level? Or dou you mean samba should only be configured as logon host for win9x clients? Yours, Stephan Lauffer From rajeeva at research.bell-labs.com Wed Dec 29 15:39:07 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:45 2003 Subject: New CVS compile error References: <199912221911.LAA22647@hydra.mrc.uidaho.edu> Message-ID: <386A2B1B.BC231F6E@research.bell-labs.com> Hi, I am also getting the following error on compiling the SAMBA_TNG branch on RedHat Linux 6.1 (2.2.12-20). Has anybody compiled it on linux successfully ? Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses Compiling rpc_client/cli_connect.c rpc_client/cli_connect.c: In function `cli_get_con_sesskey': rpc_client/cli_connect.c:276: structure has no member named `sess_key' rpc_client/cli_connect.c:276: structure has no member named `sess_key' rpc_client/cli_connect.c: In function `cli_con_gen_next_creds': rpc_client/cli_connect.c:360: warning: passing arg 1 of `gen_next_creds' from incompatible pointer type rpc_client/cli_connect.c: In function `cli_con_get_cli_cred': rpc_client/cli_connect.c:370: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `cli_con_deal_with_creds': rpc_client/cli_connect.c:380: structure has no member named `sess_key' rpc_client/cli_connect.c:380: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `cli_con_set_creds': rpc_client/cli_connect.c:398: structure has no member named `sess_key' rpc_client/cli_connect.c:399: structure has no member named `clnt_cred' rpc_client/cli_connect.c: In function `rpc_con_pipe_req': rpc_client/cli_connect.c:426: warning: passing arg 1 of `rpc_api_pipe_req' from incompatible pointer type rpc_client/cli_connect.c:426: warning: passing arg 3 of `rpc_api_pipe_req' makes pointer from integer without a cast rpc_client/cli_connect.c:426: too many arguments to function `rpc_api_pipe_req' gmake: *** [rpc_client/cli_connect.o] Error 1 Thanks, rajeev Len Harold wrote: > > Guys, > > I have new compile errors under HP-UX 10.20 with both cc and gcc. > > Errors using gcc 2.95.2: > > > gmake > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper ... > Using LIBS = -lsec > Compiling rpc_client/cli_connect.c > rpc_client/cli_connect.c: In function `cli_get_con_sesskey': > rpc_client/cli_connect.c:276: structure has no member named `sess_key' > rpc_client/cli_connect.c:276: structure has no member named `sess_key' > rpc_client/cli_connect.c: In function `cli_con_gen_next_creds': > rpc_client/cli_connect.c:360: warning: passing arg 1 of `gen_next_creds' from incompatible pointer type > rpc_client/cli_connect.c: In function `cli_con_get_cli_cred': > rpc_client/cli_connect.c:370: structure has no member named `clnt_cred' > rpc_client/cli_connect.c: In function `cli_con_deal_with_creds': > rpc_client/cli_connect.c:380: structure has no member named `sess_key' > rpc_client/cli_connect.c:380: structure has no member named `clnt_cred' > rpc_client/cli_connect.c: In function `cli_con_set_creds': > rpc_client/cli_connect.c:398: structure has no member named `sess_key' > rpc_client/cli_connect.c:399: structure has no member named `clnt_cred' > rpc_client/cli_connect.c: In function `rpc_con_pipe_req': > rpc_client/cli_connect.c:426: warning: passing arg 1 of `rpc_api_pipe_req' from incompatible pointer type > rpc_client/cli_connect.c:426: warning: passing arg 3 of `rpc_api_pipe_req' makes pointer from integer without a cast > rpc_client/cli_connect.c:426: too many arguments to function `rpc_api_pipe_req' > gmake: *** [rpc_client/cli_connect.o] Error 1 > > Errors using cc 10.32.05 or 10.32.30: > > > gmake > Using FLAGS = +O3 +Oall -Iinclude -I./include -I./ubiqx -I./smbwrapper -Ae ... > Using LIBS = -lsec > Compiling rpc_client/cli_connect.c > cc: "rpc_client/cli_connect.c", line 276: error 1588: "sess_key" undefined. > cc: "rpc_client/cli_connect.c", line 276: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 276: warning 563: Argument #2 is not the correct type. > cc: "rpc_client/cli_connect.c", line 276: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 276: error 1594: The sizeof operator cannot be applied to types with unknown size. > cc: "rpc_client/cli_connect.c", line 276: warning 527: Integral value implicitly converted to pointer in assignment. > cc: "rpc_client/cli_connect.c", line 276: warning 563: Argument #3 is not the correct type. > cc: "rpc_client/cli_connect.c", line 360: warning 604: Pointers are not assignment-compatible. > cc: "rpc_client/cli_connect.c", line 360: warning 563: Argument #1 is not the correct type. > cc: "rpc_client/cli_connect.c", line 370: error 1588: "clnt_cred" undefined. > cc: "rpc_client/cli_connect.c", line 370: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 370: warning 563: Argument #2 is not the correct type. > cc: "rpc_client/cli_connect.c", line 370: warning 527: Integral value implicitly converted to pointer in assignment. > cc: "rpc_client/cli_connect.c", line 370: warning 563: Argument #3 is not the correct type. > cc: "rpc_client/cli_connect.c", line 380: error 1588: "sess_key" undefined. > cc: "rpc_client/cli_connect.c", line 380: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 380: warning 563: Argument #1 is not the correct type. > cc: "rpc_client/cli_connect.c", line 380: error 1588: "clnt_cred" undefined. > cc: "rpc_client/cli_connect.c", line 380: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 380: warning 563: Argument #2 is not the correct type. > cc: "rpc_client/cli_connect.c", line 380: warning 604: Pointers are not assignment-compatible. > cc: "rpc_client/cli_connect.c", line 380: warning 563: Argument #3 is not the correct type. > cc: "rpc_client/cli_connect.c", line 398: error 1588: "sess_key" undefined. > cc: "rpc_client/cli_connect.c", line 398: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 398: warning 563: Argument #1 is not the correct type. > cc: "rpc_client/cli_connect.c", line 398: warning 611: Qualifiers are not assignment-compatible. > cc: "rpc_client/cli_connect.c", line 398: warning 563: Argument #2 is not the correct type. > cc: "rpc_client/cli_connect.c", line 398: warning 527: Integral value implicitly converted to pointer in assignment. > cc: "rpc_client/cli_connect.c", line 398: warning 563: Argument #3 is not the correct type. > cc: "rpc_client/cli_connect.c", line 399: error 1588: "clnt_cred" undefined. > cc: "rpc_client/cli_connect.c", line 399: error 1531: Invalid member of struct or union. > cc: "rpc_client/cli_connect.c", line 399: warning 563: Argument #1 is not the correct type. > cc: "rpc_client/cli_connect.c", line 399: warning 527: Integral value implicitly converted to pointer in assignment. > cc: "rpc_client/cli_connect.c", line 399: warning 563: Argument #3 is not the correct type. > cc: "rpc_client/cli_connect.c", line 426: error 1619: Too many arguments for rpc_api_pipe_req. > cc: "rpc_client/cli_connect.c", line 426: warning 604: Pointers are not assignment-compatible. > cc: "rpc_client/cli_connect.c", line 426: warning 563: Argument #1 is not the correct type. > cc: "rpc_client/cli_connect.c", line 426: warning 527: Integral value implicitly converted to pointer in assignment. > cc: "rpc_client/cli_connect.c", line 426: warning 563: Argument #3 is not the correct type. > gmake: *** [rpc_client/cli_connect.o] Error 1 > > This isn't a real problem, but HP's make doesn't like one of the > Makefile macros as well: > > > make > Make: Macro expansion too big. Stop. > > Len Harold From icoupeau at unav.es Wed Dec 29 15:44:58 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:27:45 2003 Subject: New CVS compile error References: <199912221911.LAA22647@hydra.mrc.uidaho.edu> <386A2B1B.BC231F6E@research.bell-labs.com> Message-ID: <386A2C7A.F7F512E8@unav.es> Try: > ftp://samba.org/pub/samba/contributed/samba-tng-snapshot.tgz > > contains Makefile.in and */*.[ch]. does not contain config* or contents > of scripts/ etc. > and unpack it into your samba/source (TNG) dir. Rajeev Agrawala wrote: > > Hi, > > I am also getting the following error on compiling the SAMBA_TNG branch > on RedHat Linux 6.1 (2.2.12-20). Has anybody compiled it on linux > successfully ? > > Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses > -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From s_colombo at iol.it Wed Dec 29 16:22:42 1999 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:45 2003 Subject: Guest user - different password Message-ID: Hi, I don't know if this is possible or already done before , but asking does cost nothing :-) I did setup a guest user which must have no password , so I manually edited the apfs's password field in the private/smbpasswd file and set it to NO PASSWORDXXXXXXXXXXXXXX Now I mapped several windows users to the apsf guest user in the username.map file These windows users , which are both 9x and NT , however have each a different "windows" password so it seems they are not able to be authenticated by the samba server . Infact in the log files I can see the user apsf is rejected, because the password didn't match. I thought that setting the user apsf without password would have been enough , I remembered to add the null passwords = yes in the smb.conf . It seems that something is wrong with the null password configuration Can anyone help TIA happy new year to all Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2264 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991229/caf84930/winmail.bin From minni at o-matic.de Wed Dec 29 15:02:54 1999 From: minni at o-matic.de (Michael Kuefner) Date: Tue Dec 2 02:27:45 2003 Subject: Domain Groups Message-ID: Hi, I read about the problem using Samba Domain Groups with NT. I also had this Problem till today. So if you want to add a unix group to the Domain Admin Group you have to add following into your smb.conf: ---cut---- domain admin group = @wadm ---/cut--- the problem was the "@" this is VERY important. so after restarting nmbd and smbd everything worked fine (the unix-group wadm including some users had now administrativ privileges on the NT-box. Don't mind if on the NT-side is shown "Konto-Unbekannt" it works! Hope that helps Michael Kuefner -- Michael Kuefner "Chaos belongs to life... Panoramastr.41 ... so why don't we bring life into chaos?" 89081 Ulm From lharold at mrc.uidaho.edu Thu Dec 30 02:16:45 1999 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:45 2003 Subject: Stumped on roaming profiles In-Reply-To: from "To:samba-ntdom@samba.org" at Dec 28, 99 5:38 pm Message-ID: <199912300216.SAA05437@hydra.mrc.uidaho.edu> Hello again, I've noticed that if I create a new user or delete the local and roaming profiles then it will create a new roaming profile that is usable. Any suggestions on how to make current local profiles as new roaming profiles? Len >Hello all, > >I can't make roaming profiles work correctly without adding the >users to the domain admin group. The start menu folders are read >but not the NTUSERS.DAT file. Of course everything works just as >expected for the users listed in the domain admin group. The >top profiles directory is mode 777 (although those created under >it are 700 with file being 600). Below is my smb.conf file. > >Len > >------- smb.conf ------- > >[global] > os level = 255 > announce as = NT Server > workgroup = TEST > server string = TEST Domain Server > encrypt passwords = yes > domain master = yes > domain logons = yes > logon script = \\%N\netlogon\logon.bat > logon home = \\%N\%U > logon path = \\%N\profiles\%U > logon drive = H: > domain admin group = smbroot,tester > local master = yes > prefered master = yes > wins support = yes > dns proxy = yes > name resolve order = lmhosts host bcast > allow hosts = 129.101.147.0/255.255.255.0 > interfaces = 129.101.147.147/255.255.255.0 > bind interfaces only = true > security = user > valid users = samba,smbguest,@sys,@crl,@ccie,@em,@soi > writable = no > read only = yes > public = no > guest account = smbguest > guest ok = no > directory mode = 0700 > create mode = 0600 > browseable = yes > printing = hpux > load printers = yes > time server = true > auto services = %u > mangled map = (*;1 *) > lock directory = /opt/samba/var/locks > share modes = yes > socket options = TCP_NODELAY > read prediction = yes > > >; Domain login > >[netlogon] > comment = Logon Scripts > browseable = no > guest ok = yes > public = yes > path = /opt/samba/logon > oplocks = false > > >; Profiles > >[profiles] > comment = User Profiles > path = /home/profiles > browseable = yes > read only = no > writeable = yes > guest ok = yes > > >; Home Directories > >[homes] > comment = Home Directories > browseable = no > read only = no > writable = yes > > >; Printers > >[laser] > comment = General Printer > path = /var/tmp > printable = yes > public = yes > >[facp] > comment = Faculty Printer > path = /var/tmp > printable = yes > public = yes > valid users = @sys,@crl,@WWW,smbroot > >[facp2] > comment = Faculty 2 Printer > path = /var/tmp > printable = yes > valid users = @sys,@crl,@WWW,smbroot > >[secp] > comment = Secretary Printer > path = /var/tmp > printable = yes > valid users = @sys,@crl,@WWW,smbroot > >[studp] > comment = CRL Printer > path = /var/tmp > printable = yes > public = yes > >[color] > comment = CRL Color Laser > path = /var/tmp > printable = yes > public = yes > >[facc2] > comment = CRL Color Laser 2 > path = /var/tmp > printable = yes > valid users = @sys,@crl,@ccie,smbroot > >[gradp] > comment = Printer in Analog Lab > path = /var/tmp > printable = yes > public = yes > >[djet] > comment = Plotter in Test Lab > path = /var/tmp > printable = yes > valid users = @sys,@crl,smbroot > > >; Drive exports > >; OS installs > >[NT] > comment = Windows NT > path = /pc/nt > valid users = lharold,smbroot > oplocks = false > >[Win95] > comment = Windows 95 > path = /pc/win95 > valid users = lharold,smbroot > oplocks = false > > >; Application installs > >[Office] > comment = Office Pro 97 > path = /pc/office97 > valid users = lharold,smbroot > oplocks = false > >[McAfee] > comment = McAfee Virus Shield > path = /pc/mcafee > valid users = lharold,smbroot > oplocks = false > >[NT Res Kit] > comment = NT Resource Kit > path = /pc/ntreskit > valid users = lharold,smbroot > oplocks = false > > >; Software > >[Install] > comment = Install Apps > path = /pc/apps > valid users = lharold,smbroot > writable = yes > >[Apps] > comment = Apps > path = /pc/apps > guest ok = yes > > >; Other drives > >[Linux] > comment = Redhat > path = /pc/linux > valid users = lharold,smbroot > oplocks = false > >[Web] > comment = Web Pages > path = /pc/web > valid users = lharold,smbroot > force group = WWW > directory mode = 0775 > create mode = 0664 > writable = yes > >[Image1] > comment = CD image 1 > path = /cd/image > valid users = lharold,smbroot > browseable = no > writable = no > oplocks = false > >[Image2] > comment = CD image 2 > path = /cd/image2 > valid users = lharold,smbroot > browseable = no > writable = no > oplocks = false > >; Temporary file space > >[Tmp] > comment = Temporary file space > path = /tmp > read only = no > writable = yes > guest ok = yes > public = yes From richard.derks at itplus.nl Thu Dec 30 07:09:54 1999 From: richard.derks at itplus.nl (Derks, Richard) Date: Tue Dec 2 02:27:45 2003 Subject: unsubscribe Message-ID: <9112F4142CCDD111BA9C00062905319A014CD8FE@hkv-svr-exch-01.itplus.nl> unsubscribe -------------- next part -------------- HTML attachment scrubbed and removed From jwfox at adelphia.net Thu Dec 30 11:42:10 1999 From: jwfox at adelphia.net (J.W. Fox) Date: Tue Dec 2 02:27:45 2003 Subject: Which branch for CVS? In-Reply-To: <3868E941.92E844CE@webmethods.com> (frlord@webmethods.com) References: <3868E941.92E844CE@webmethods.com> Message-ID: <199912301142.GAA14057@trillian.hitch-hiker.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ross, You need to checkout the SAMBA-TNG branch if you want the head code. Cheers, J.W. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard iD8DBQE4a0UIt4RKzffiwJoRAvJbAJwP38wFpbkdrUoMgWN5UltfGBB31QCeLKzu eaHgDwBbbok9eQSevjjaAm0= =SJyq -----END PGP SIGNATURE----- From mg at plum.de Thu Dec 30 12:36:27 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:45 2003 Subject: Which branch for CVS? References: <3868E941.92E844CE@webmethods.com> <199912301142.GAA14057@trillian.hitch-hiker.net> Message-ID: <386B51CB.74FF6033@plum.de> "J.W. Fox" schrieb: > Ross, > > You need to checkout the SAMBA-TNG branch if you want the head code. which is broken at the moment .. use : ftp:://samba.org/pub/samba/contributed/samba-tng-snapshot.tgz regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From jwfox at adelphia.net Thu Dec 30 12:37:00 1999 From: jwfox at adelphia.net (J.W. Fox) Date: Tue Dec 2 02:27:45 2003 Subject: Which branch for CVS? In-Reply-To: <386B51CB.74FF6033@plum.de> (message from Michael Glauche on Thu, 30 Dec 1999 13:36:27 +0100) References: <3868E941.92E844CE@webmethods.com> <199912301142.GAA14057@trillian.hitch-hiker.net> <386B51CB.74FF6033@plum.de> Message-ID: <199912301237.HAA14189@trillian.hitch-hiker.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date: Thu, 30 Dec 1999 13:36:27 +0100 From: Michael Glauche X-Accept-Language: de CC: Multiple recipients of list SAMBA-NTDOM Content-Type: text/plain; charset=us-ascii "J.W. Fox" schrieb: > Ross, > > You need to checkout the SAMBA-TNG branch if you want the head code. which is broken at the moment .. use : ftp:://samba.org/pub/samba/contributed/samba-tng-snapshot.tgz regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de Michael, Thank you for catching me on that. I am a little behind in my reading and updating. J.W. - -- J.W. Fox Systems Engineer KTLN Computing jwfox@adelphia.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard iD8DBQE4a1Het4RKzffiwJoRAlATAKCb5ZyUKicC44ZspuzrJ69DXXO0OwCfTglj b7DYspNEFhuvAUb+kf8lWcs= =R/d4 -----END PGP SIGNATURE----- From pkrawczyk at pol.pl Thu Dec 30 19:16:03 1999 From: pkrawczyk at pol.pl (Krawietz) Date: Tue Dec 2 02:27:45 2003 Subject: NT Message-ID: <99123014173301.03068@fileserver.office.pol.pl> > the problem was the "@" this is VERY important. > so after restarting nmbd and smbd everything worked fine > (the unix-group wadm including some users had now administrativ privileges > on the NT-box. > > Don't mind if on the NT-side is shown "Konto-Unbekannt" it works! Hi, that post was helpful I've got super user privileges in my domain. When I'm trying to change permissions for the share on NT Server in "Add Users and Groups" box I get messagebox "The tag is invalid"("Windows NT" title) after click "show users" then users from my domain appears . I can add them and everything is OK. But when I'm trying to change something with permissions once again I can not see the user's names. Instead there is " Account Unknown" but permissions for particular user seem to work correctly. The next issue is: Opening "User MAnager for Domains" I can not read domain's members at all I only obtain messagebox: "A remote procedure call (RPC) protocol error occurred. Do you want to select another domain to administer?" Please Help me Best regards Krawietz From mg at plum.de Thu Dec 30 13:38:47 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:46 2003 Subject: NT References: <99123014173301.03068@fileserver.office.pol.pl> Message-ID: <386B6067.4AFF2523@plum.de> Krawietz schrieb: > > The next issue is: > Opening "User MAnager for Domains" I can not read domain's members at all I only obtain messagebox: > "A remote procedure call (RPC) protocol error occurred. Do you want to select another domain to administer?" What version of Samba do you use ? This should work at least on the (old) 2.1 CVS tree. regards, Michael Samba NT-Domain howto (in german) http://www.sambahq.de From pkrawczyk at pol.pl Thu Dec 30 20:52:27 1999 From: pkrawczyk at pol.pl (Krawietz) Date: Tue Dec 2 02:27:46 2003 Subject: NT References: <000001bf52d5$b9565de0$0200000a@workstation1> Message-ID: <99123016184902.03068@fileserver.office.pol.pl> On Thu, 30 Dec 1999, "geoffrey lee" wrote: > hi, > > unfortunately, samba nt domain controller support is still experimental. > not everything is working yet. > well, at least there is admin support now. :) > if you need to add/ remove users ...maybe you need to change the /etc/passwd > or the smbpasswd password file... > I wrote ((------------------------ When I'm trying to change permissions for the share on NT Server in "Add Users and Groups" box I get messagebox "The tag is invalid"("Windows NT" title) after click "show users" then users from my domain appears . I can add them and everything is OK. But when I'm trying to change something with permissions once again I can not see the user's names. Instead there is " Account Unknown" but permissions for particular user seem to work correctly. ---------------------)) I am using the latest stable version 2.0.6 the issue is : I need to grant Administrator privileges to some people in my domain (it's already done) because they share directories with other people listed in "Add Users and Groups" box ( users in my domain (on samba server). When names of accounts disappeare after closing "sharing..." popupmenu, administration is imposible. Shortly , I need to force explicit showing user's account ( not Account unknown) , that's all I need. Anything would help From mg at plum.de Thu Dec 30 15:44:03 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:46 2003 Subject: NT References: <000001bf52d5$b9565de0$0200000a@workstation1> <99123016184902.03068@fileserver.office.pol.pl> Message-ID: <386B7DC3.4E79E2BF@plum.de> Krawietz schrieb: > > On Thu, 30 Dec 1999, "geoffrey lee" wrote: > > hi, > > > > unfortunately, samba nt domain controller support is still experimental. > > not everything is working yet. > > well, at least there is admin support now. :) > > if you need to add/ remove users ...maybe you need to change the /etc/passwd > > or the smbpasswd password file... > > > > I wrote > ((------------------------ > When I'm trying to change permissions for the share on NT Server > in "Add Users and Groups" box I get messagebox "The tag is invalid"("Windows > NT" title) after click "show users" then users from my domain appears . I can > add them and everything is OK. But when I'm trying to change something with > permissions once again I can not see the user's names. Instead there is " > Account Unknown" but permissions for particular user seem to work correctly. > ---------------------)) > > I am using the latest stable version 2.0.6 > the issue is : > I need to grant Administrator privileges to some people in my domain > (it's already done) because they share directories with other people listed in > "Add Users and Groups" box ( users in my domain (on samba server). > When names of accounts disappeare after closing "sharing..." popupmenu, > administration is imposible. > Shortly , I need to force explicit showing user's account ( not Account > unknown) , that's all I need. I don't think that it is possible with the current 2.0.6. You got 2 options : a) wait for the current HEAD-Branch to get the PDC code merged in (so there would be a stable PDC :) b) use the SAMBA-TNG branch (or better, luke's snapshot !) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From Rick at athlon.tzo.com Thu Dec 30 17:03:49 1999 From: Rick at athlon.tzo.com (Rick Kerns) Date: Tue Dec 2 02:27:46 2003 Subject: No subject Message-ID: <200A0FCC2CBAD311BC7C00105AE6229E4389@KPDC> Subscribe From rajeeva at research.bell-labs.com Thu Dec 30 18:55:35 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:46 2003 Subject: New CVS compile error References: <199912221911.LAA22647@hydra.mrc.uidaho.edu> <386A2B1B.BC231F6E@research.bell-labs.com> <386A2C7A.F7F512E8@unav.es> Message-ID: <386BAAA7.443ECFA8@research.bell-labs.com> Thanks, I can now compile the code without any problem. Now that there are so many daemons, which daemons, I am required to run. I need to use samba as print server for windows 98/NT boxes. I tried running smbd/nmbd/lsarpcd/spoolssd/wkssvcd. My 98 box can connect to the samba server but, NT keeps on compalining about network name not found. However, in my log files I can see that the NT box connected to the samba server and user login was accepted. Thanks, rajeev Ignacio Coupeau wrote: > > Try: > > > ftp://samba.org/pub/samba/contributed/samba-tng-snapshot.tgz > > > > contains Makefile.in and */*.[ch]. does not contain config* or contents > > of scripts/ etc. > > > > and unpack it into your samba/source (TNG) dir. > > Rajeev Agrawala wrote: > > > > Hi, > > > > I am also getting the following error on compiling the SAMBA_TNG branch > > on RedHat Linux 6.1 (2.2.12-20). Has anybody compiled it on linux > > successfully ? > > > > Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses > > > -- > ____________________________________________________ > Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es > CTI, Director fax: 948 425619 > University of Navarra voice: 948 425600 > Pamplona, SPAIN http://www.unav.es/cti/ From umehlig at uni-bremen.de Thu Dec 30 19:20:38 1999 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:46 2003 Subject: NT-PDC with snapshot Message-ID: <199912301920.UAA28191@pandora3.localnet> Hello Samba-Experts, I downloaded the snapshot from ftp://de.samba.org/pub/mirror/samba/contributed/samba-tng-snapshot.tgz (30.12.1999, 18:03) and un-tar'ed it over the .../source dir from the cvs branch obtained by cvs -z3 -d :pserver:cvs@samba.org:/cvsroot checkout -r SAMBA_TNG samba (today). The stuff compiled after ./configure. Unfortunately it didn't run as expected ... The first thing I tried was starting it with my default configuration from Samba 2.06: A Linux machine ("pandora3") acts as Domain Logon Server (or PDC) for domain "OLYMP", and a vmware-NT-4.0-machine ("pseudo") as client. When starting smbd, it complained because there were a file MACHINE.SID and a file OLYMP.SID in .../samba/private. After removing MACHINE.SID smbd started (see appended log file below; it complains about not being in DFS mode, but I don't know what DFS is, it's not in the actual SWAT help pages). I also tried deleting OLYMP.SID (it was automatically recreated by samba then). nmbd starts as well, and makes itself master browser. If I start the client (which I removed from the "domain" before, from inside Windows NT), I cannot find the PDC. I tried to delete ../private/smbpasswd and make a new machine account, but smbpasswd says the following (also when trying to update the old smbpasswd file): ---------------------------------------------------------------------- pandora3:[/root] #smbpasswd -m -a pseudo socket connect to /tmp/.msrpc/lsarpc failed msrpc_establish_connection: failed lsarpc) msrpc_use_add: connection failed lsa query info failed Can't setup password database vectors. ---------------------------------------------------------------------- (a file "/tmp/.msrpc/lsarp" does not exist) What am I doing wrong? If I try to access "pandora3" (which is visible from the client) under NT, and it complains that the "Serverdienst" (=server/browser service? I'm using a German version of NT) would not be availlable (see also log below). If you have time to answer my question, I would be happy (as I'm very interested in a PDC-like Samba); if not, I will stay nearly equally happy with the existing 2.06 logon facility which works fine :-) Many thanks for your attention + happy new year, Ulf ====================================================================== >From the log files: ---------------------------------------------------------------------- .../log.smb: [1999/12/30 19:12:10, 1] smbd/server.c:main(636) smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 [1999/12/30 19:12:10, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/12/30 19:12:10, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode ---------------------------------------------------------------------- .../log.nmb: [1999/12/30 19:12:10, 1] nmbd/nmbd.c:main(661) NetBIOS nameserver version 2.1.0-prealpha started. Copyright Andrew Tridgell 1994-1998 [1999/12/30 19:12:10, 0] nmbd/asyncdns.c:start_async_dns(150) started asyncdns process 18881 [1999/12/30 19:12:10, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup OLYMP on subnet 192.168.1.8 [1999/12/30 19:12:10, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup OLYMP on subnet UNICAST_SUBNET [1999/12/30 19:12:10, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(332) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup OLYMP, subnet UNICAST_SUBNET. [1999/12/30 19:12:10, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(347) become_domain_master_browser_wins: querying WINS server at IP 192.168.1.8 for domain master browser name OLYMP<1b> on workgroup OLYMP [1999/12/30 19:12:10, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup OLYMP on subnet UNICAST_SUBNET [1999/12/30 19:12:10, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server PANDORA3 is now a domain master browser for workgroup OLYMP on subnet UNICAST_SUBNET ***** [1999/12/30 19:12:10, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(284) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup OLYMP on subnet 192.168.1.8 [1999/12/30 19:12:10, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(298) become_domain_master_browser_bcast: querying subnet 192.168.1.8 for domain master browser on workgroup OLYMP [1999/12/30 19:12:14, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup OLYMP on subnet 192.168.1.8 [1999/12/30 19:12:18, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server PANDORA3 is now a domain master browser for workgroup OLYMP on subnet 192.168.1.8 ***** [1999/12/30 19:27:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from 192.168.0.17: code = 7 [1999/12/30 19:27:52, 1] nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from 192.168.0.17: code = 7 [1999/12/30 19:27:52, 1] nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from 192.168.0.17: code = 7 [1999/12/30 19:28:10, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309) process_local_master_announce: Server PSEUDO at IP 192.168.0.17 is announcing itself as a local master browser for workgroup OLYMP and we think we are master. Forcing election. [1999/12/30 19:28:10, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(156) ***** Samba name server PANDORA3 has stopped being a local master browser for workgroup OLYMP on subnet 192.168.1.8 ***** [1999/12/30 19:28:27, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) ***** Samba name server PANDORA3 is now a local master browser for workgroup OLYMP on subnet 192.168.1.8 ***** [1999/12/30 19:29:11, 1] lib/util_sock.c:open_socket_out(749) error connecting to 192.168.0.17:445 (Verbindungsaufbau abgelehnt) ---------------------------------------------------------------------- .../log.pseudo: [1999/12/30 19:27:52, 0] lib/util_sock.c:open_pipe_sock(890) socket connect to /tmp/.msrpc/browser failed [1999/12/30 19:27:52, 1] lib/msrpc-client.c:msrpc_establish_connection(373) msrpc_establish_connection: failed browser) [1999/12/30 19:27:52, 0] lib/msrpc_use.c:msrpc_use_add(230) msrpc_use_add: connection failed [1999/12/30 19:27:52, 0] lib/util_sock.c:open_pipe_sock(890) socket connect to /tmp/.msrpc/srvsvc failed [1999/12/30 19:27:52, 1] lib/msrpc-client.c:msrpc_establish_connection(373) msrpc_establish_connection: failed srvsvc) [1999/12/30 19:27:52, 0] lib/msrpc_use.c:msrpc_use_add(230) msrpc_use_add: connection failed [1999/12/30 19:27:52, 0] lib/util_sock.c:open_pipe_sock(890) socket connect to /tmp/.msrpc/srvsvc failed [1999/12/30 19:27:52, 1] lib/msrpc-client.c:msrpc_establish_connection(373) msrpc_establish_connection: failed srvsvc) [1999/12/30 19:27:52, 0] lib/msrpc_use.c:msrpc_use_add(230) msrpc_use_add: connection failed [1999/12/30 19:27:52, 0] lib/util_sock.c:open_pipe_sock(890) socket connect to /tmp/.msrpc/browser failed [1999/12/30 19:27:52, 1] lib/msrpc-client.c:msrpc_establish_connection(373) msrpc_establish_connection: failed browser) [1999/12/30 19:27:52, 0] lib/msrpc_use.c:msrpc_use_add(230) msrpc_use_add: connection failed ---------------------------------------------------------------------- /etc/smb.conf: [global] workgroup = OLYMP netbios name = PANDORA3 server string = Samba Server encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed* unix password sync = Yes log file = /usr/local/samba/var/log.%m max log size = 50 time server = Yes # domain admin group = ntadmin logon script = sysstart.cmd logon path = \\%L\%U\.nt_profile domain logons = Yes os level = 17 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes [...] -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From darreb at hotmail.com Thu Dec 30 21:04:03 1999 From: darreb at hotmail.com (Darren Wilders) Date: Tue Dec 2 02:27:46 2003 Subject: Win95 Profiles Message-ID: <19991230210403.33190.qmail@hotmail.com> Hi, I want to store my Win95 profile on the Samba server. I have done this in a way, but it only updates the profile on the server when I logoff. What I want is for it to be up-to-date on the server all of the time. Can I do this? And, Can I also do something, so it maps a drive letter to the current logged on persons Profile, E.G N Drive: 'Darren' on Server1 Thanks in advance, DARREN ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From marcel at henselin.de Thu Dec 30 21:03:12 1999 From: marcel at henselin.de (Marcel Henselin) Date: Tue Dec 2 02:27:46 2003 Subject: No subject Message-ID: <002201bf5309$4884b150$1264a8c0@WS1> Einen guten Rutsch ins neue Jahrtausend! Und ich hoffe Eure Systeme laufen dann noch!! cu next -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Fri Dec 31 09:38:43 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:46 2003 Subject: SAMBA_TNG cvs checkouts now fixed Message-ID: the public cvs is now consistent again with the private cvs. those people who had compiler errors on cvs branch SAMBA_TNG should find that they can now use the latest cvs instead of an out-of-date one. luke From igor at mail.bkc.lv Fri Dec 31 11:31:37 1999 From: igor at mail.bkc.lv (Igor) Date: Tue Dec 2 02:27:46 2003 Subject: CVS SAMBA-TNG compiling errors Message-ID: <009101bf5382$9fa1d3e0$83aed8c3@skyportal.com> Season Greetings! CVS SAMBA-TNG 1999/12/30 giving the following errors when compiling with-smbmount: ----------------------------------------------------------------- Compiling client/smbmount.c Compiling client/clientutil.c Linking bin/smbmount libsmb/clientgen.o: In function `cli_init_creds': libsmb/clientgen.o(.text+0x4b6f): undefined reference to `copy_nt_creds' libsmb/clientgen.o: In function `cli_init_redirect': libsmb/clientgen.o(.text+0x5385): undefined reference to `create_ntuser_creds' libsmb/clientgen.o(.text+0x53e0): undefined reference to `prs_data' libsmb/clientgen.o: In function `cli_establish_connection': libsmb/clientgen.o(.text+0x59c6): undefined reference to `prs_init' libsmb/clientgen.o(.text+0x5adb): undefined reference to `prs_link' libsmb/clientgen.o(.text+0x5b63): undefined reference to `prs_buf_len' libsmb/clientgen.o(.text+0x5b73): undefined reference to `prs_buf_copy' libsmb/clientgen.o(.text+0x5b79): undefined reference to `prs_free_data' libsmb/smbencrypt.o: In function `create_ntlmssp_resp': libsmb/smbencrypt.o(.text+0x9fd): undefined reference to `make_rpc_auth_ntlmssp_resp' libsmb/smbencrypt.o(.text+0xa11): undefined reference to `smb_io_rpc_auth_ntlmssp_resp' libsmb/smbencrypt.o(.text+0xa1e): undefined reference to `prs_realloc_data' make: *** [bin/smbmount] Error 1 ----------------------------------------------------------------- Slackware 4.0 kernel 2.2.6 Igor. From giulioo at pobox.com Fri Dec 31 12:08:23 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:46 2003 Subject: CVS SAMBA-TNG compiling errors In-Reply-To: <009101bf5382$9fa1d3e0$83aed8c3@skyportal.com> References: <009101bf5382$9fa1d3e0$83aed8c3@skyportal.com> Message-ID: <19991231120731.60B8026E67@i3.golden.dom> On Fri, 31 Dec 1999 22:34:43 +1100, hai scritto: >CVS SAMBA-TNG 1999/12/30 giving the following errors when compiling with-smbmount: >Slackware 4.0 kernel 2.2.6 I think the latest smbmount (>= 2.0.6) wants at least 2.2.12 headers. -- giulioo@pobox.com From giulioo at pobox.com Fri Dec 31 18:36:05 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:46 2003 Subject: Guest user - different password In-Reply-To: References: Message-ID: <19991231183703.8288426E6A@i3.golden.dom> On Thu, 30 Dec 1999 03:25:11 +1100, hai scritto: > I did setup a guest user which must have no password , so I manually >edited the apfs's password field in the private/smbpasswd file and set it to >NO PASSWORDXXXXXXXXXXXXXX > > Now I mapped several windows users to the apsf guest user in the >username.map file If by "guest user" you mean the samba "guest user", then do it in another way: - don't do any manual mappings - take out apsf from smbpasswd - in smb.conf: ==== security = user map to guest = bad user guest account = apsf (or another user) [myshare] path = /path/dir guest ok = yes writable = yes ==== make /path/dir readable by the apsf (or another user) user. User which don't provide a good userid will be mapped to the guest user and will be able to access the share. If by "guest user" you mean something else then ignore what I've written :) -- giulioo@pobox.com