From m.chapman at student.unsw.edu.au Mon Feb 1 02:24:58 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:02 2003 Subject: Cannot connect to NT machines since 20th Jan.. References: <36B46092.900B9A04@sunshine.bke.hu> <36B4AD3F.C5E49AD7@eng.auburn.edu> Message-ID: <36B5107A.330750EE@student.unsw.edu.au> > Hi! > There are some (4) messages from other persons on the list explaining > the problem since jan 20. > We cannot connect to shares/printers of the NT machines. But the samba > server works fine, we can browse it. > The NTs said: server service not started. Hopefully fixed now... CVS update and try again. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From whn at topelo.lopi.com Mon Feb 1 03:32:22 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:02 2003 Subject: Cannot connect to NT machines since 20th Jan.. In-Reply-To: Your message of Mon, 01 Feb 1999 13:43:45 +1100. <36B5107A.330750EE@student.unsw.edu.au> Message-ID: <19990201033222.1813.qmail@topelo.lopi.com> On Monday, Feb 1 1999 at 13:43:45, Matt Chapman wrote: >> Hi! >> There are some (4) messages from other persons on the list explaining >> the problem since jan 20. >> We cannot connect to shares/printers of the NT machines. But the samba >> server works fine, we can browse it. >> The NTs said: server service not started. > >Hopefully fixed now... CVS update and try again. > > Matt Howdy, I'm not sure if my problem is related to your fix but things are now working differently. When running "smbclient '\\localhost\tmp' -Ujoe" with "Debug Level = 3", before this was in the log.topelo: [1999/01/31 09:44:48, 3] smbd/reply.c:reply_sesssetup_and_X(628) sesssetupX:name=[<8C><8C> "^^JOE] [1999/01/31 09:44:48, 3] passdb/pass_check.c:pass_check(783) Couldn't find user <8C><8C> "^^joe And with the code fix: [1999/01/31 22:16:00, 3] smbd/reply.c:reply_sesssetup_and_X(628) sesssetupX:name=[`^D^Uc)%JOE] [1999/01/31 22:16:00, 3] passdb/pass_check.c:pass_check(783) Couldn't find user `^D^Uc)%joe Versus using 2.0.0-19990115 release: [1999/01/31 22:27:41, 3] smbd/reply.c:reply_sesssetup_and_X(679) sesssetupX:name=[JOE] Also I'm still getting a core dump when I try to add a new smbpasswd entry (and still don't have the time to do a trace...sorry). TIA, Bill From m.chapman at student.unsw.edu.au Mon Feb 1 04:08:54 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:02 2003 Subject: Cannot connect to NT machines since 20th Jan.. References: <19990201033222.1813.qmail@topelo.lopi.com> Message-ID: <36B528D6.2B12F31@student.unsw.edu.au> Bill Nugent wrote: > I'm not sure if my problem is related to your fix but things are now > working differently. When running "smbclient '\\localhost\tmp' -Ujoe" > with "Debug Level = 3", before this was in the log.topelo: > > [1999/01/31 09:44:48, 3] smbd/reply.c:reply_sesssetup_and_X(628) > sesssetupX:name=[<8C><8C> "^^JOE] > [1999/01/31 09:44:48, 3] passdb/pass_check.c:pass_check(783) > Couldn't find user <8C><8C> "^^joe > > And with the code fix: > > [1999/01/31 22:16:00, 3] smbd/reply.c:reply_sesssetup_and_X(628) > sesssetupX:name=[`^D^Uc)%JOE] > [1999/01/31 22:16:00, 3] passdb/pass_check.c:pass_check(783) > Couldn't find user `^D^Uc)%joe I'm amused :-) Chances are there is a pointer being accidentally printed out there which has slightly changed since I added code. In reality the problem has nothing to do with what I just changed. I'm not sure what is going wrong for you, but I doubt that it is correct behaviour to print garbage or coredump regardless of how you set Samba up! I will look into it later today. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From m.chapman at student.unsw.edu.au Mon Feb 1 05:19:53 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:02 2003 Subject: Latest CVS version doesn't seem to work References: <19990131154112.19169.qmail@topelo.lopi.com> Message-ID: <36B53979.10AD36E9@student.unsw.edu.au> > [1999/01/31 09:44:48, 3] smbd/reply.c:reply_sesssetup_and_X(628) > sesssetupX:name=[<8C><8C> "^^JOE] Fixed now. > When I try to add a user I get a segmentation fault after typing in the > new SMB password. I can't reproduce this one. I assume you're just using standard ./configure'd Samba and doing smbpasswd -a joe? If you can produce a core file (you may need to adjust resource limits, on my system I do "ulimit -c unlimited"), can you load it into gdb or similar debugger ("gdb /path/to/smbd /path/to/core") and produce a backtrace ("bt"). Matt -- Matt Chapman m.chapman@student.unsw.edu.au From darrylc at vulcan.telstra.com.au Mon Feb 1 05:19:42 1999 From: darrylc at vulcan.telstra.com.au (Darryl Cording) Date: Tue Dec 2 02:25:02 2003 Subject: System Policy Problems Message-ID: <199902010519.PAA17541@vulcan.telecom.com.au> Hi, I have been playing around with the Samba PDC stuff over the last few months and have been generally impressed with the server's functionallity. The only thing I haven't been able to get working properly is the policy download from a Samba PDC. Other people on the list have stated it works for them so I am assuming it 'should' work for me. Here is what I have been doing. 1) Use poledit to create the policy (used poledit from the NTWS RKit cdrom) 2) Put the Ntconfig.POL into the [netlogon] share Somewhere I read that the .POL file must have the exact case the server is expecting for it to download it. I have tried with the suggested case (and many others), but the policy just doesn't get loaded when logging into the Domain. The policy works though if only a local logon occurs. I know smbd is seeing the file as there are references to it in the log... [1999/02/01 14:45:44, 3] lib/util.c:unix_clean_name(587) unix_clean_name [/Ntconfig.POL] [1999/02/01 14:45:44, 3] lib/util.c:unix_clean_name(587) unix_clean_name [Ntconfig.POL] [1999/02/01 14:45:44, 2] smbd/open.c:open_file(534) darrylc opened file Ntconfig.POL read=Yes write=No (numopen=2) [1999/02/01 14:45:44, 3] locking/locking_shm.c:shm_set_share_mode(453) set_share_mode: Created share record for Ntconfig.POL (dev 307 inode 108756) [1999/02/01 14:45:44, 3] locking/locking_shm.c:shm_set_share_mode(492) set_share_mode: Created share entry for Ntconfig.POL with mode 0x20 pid=3670 Could somebody please point me to the correct documentation on this, or show me the error of my ways. Oh, I should mention that I am currently running Samba-2.0.0beta4( about to upgrade to 2.0.0final, if I can get this working). I was using the CVS code but switched over as the 2.0.0beta series became available. Do I need to go back to the HEAD branch? I did want to let the HEAD branch get a little more stable before looking at it again. Any help will be much appreciated, Thanks Darryl From sp.som at hisl.co.in Mon Feb 1 09:46:29 1999 From: sp.som at hisl.co.in (SP.Somprav-Hisl) Date: Tue Dec 2 02:25:02 2003 Subject: DISKLESS ClIENT Message-ID: <301677A5C27FD21198CF00902710D36C04B6F3@SQLWEB> I have RH 5.2 running with samba 1.9 and existing NT network with 95 clients,Is it possible to have diskless clients logging on to Linux and even run Xwindows. regards Somprav From masaje at maths.bath.ac.uk Mon Feb 1 10:32:41 1999 From: masaje at maths.bath.ac.uk (A J Every) Date: Tue Dec 2 02:25:02 2003 Subject: System Policy Problems In-Reply-To: Your message of "Mon, 01 Feb 1999 16:31:09 +1100." <199902010519.PAA17541@vulcan.telecom.com.au> Message-ID: -> I have been playing around with the Samba PDC stuff over the last -> few months and have been generally impressed with the server's -> functionallity. The only thing I haven't been able to get working -> properly is the policy download from a Samba PDC I seem to have erratic behaviour on this one. I have two totally similar redhat linux machines. One has basically been cloned from the other. They are both running samba beta 4. One of the domains has its policy working fine. The other will not work at all. All directory permissions are the same etc. etc. The smb.conf is the same except the domain name and server name. I've tried samba 2.0.0 but this did not solve it either. I know the netlogon directory can be picked up as my batch file runs on both machines. Has anyone suffered similar erratic behaviour ??? Is there a known problem with this ??? regards alan (every). From whn at topelo.lopi.com Mon Feb 1 11:48:59 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:02 2003 Subject: Latest CVS version doesn't seem to work In-Reply-To: Your message of Mon, 01 Feb 1999 05:19:53 +0000. <36B53979.10AD36E9@student.unsw.edu.au> Message-ID: <19990201114859.13481.qmail@topelo.lopi.com> On Monday, Feb 1 1999 at 05:19:53, Matt Chapman wrote: >> [1999/01/31 09:44:48, 3] smbd/reply.c:reply_sesssetup_and_X(628) >> sesssetupX:name=[<8C><8C> "^^JOE] > >Fixed now. Matt, Thank you! It is now showing up in the log file correctly but still no access (I'm using samba-2.0.0-19990115 generated private/smbpasswd file at the moment because of smbpasswd dying. Not sure if that makes a difference...). >> When I try to add a user I get a segmentation fault after typing in the >> new SMB password. > >I can't reproduce this one. I assume you're just using standard ./configure'd >Samba and doing smbpasswd -a joe? Correct. I don't know the code base so I'm doing distclean builds: Download update; make distclean; ./configure; make CFLAGS="-O -g"; make install >If you can produce a core file (you may need to adjust resource limits, on my >system I do "ulimit -c unlimited"), can you load it into gdb or similar debugg >*er >("gdb /path/to/smbd /path/to/core") and produce a backtrace ("bt"). smbpasswd is biting the dust - sorry for the wrong impression. Here is the stack trace for the command line "bin/smbpasswd -a whn": (gdb) bt #0 0x805a177 in add_smbfilepwd_entry (newpwd=0x0) at passdb/smbpass.c:279 #1 0x80593a0 in add_smbpwd_entry (newpwd=0xbffff2e0) at passdb/passdb.c:209 #2 0x805b5e5 in add_new_user (user_name=0xbffffd98 "whn", uid=1002, trust_account=0, disable_user=0, set_no_password=0, new_p16=0xbffff3c0 "-UE\a}{}*???5?\024\004?\020?????\004\b\230???", new_nt_p16=0xbffff3b0 "|S???}\017\233;\226\212??Q??-UE\a}{}*???5?\024\ 004?\020?????\004\b\230???") at passdb/smbpasschange.c:52 #3 0x805b694 in local_password_change (user_name=0xbffffd98 "whn", trust_account=0, add_user=1, enable_user=0, disable_user=0, set_no_password=0, new_passwd=0x80b4440 "testing", err_str=0xbffff810 "", err_str_len=1024, msg_str=0xbffff410 "", msg_str_len=1024) at passdb/smbpasschange.c:112 #4 0x804a6f8 in password_change (remote_machine=0x0, user_name=0xbffffd98 "whn", old_passwd=0x0, new_passwd=0x80b4440 "testing", add_user=1, enable_user=0, disable_user=0, set_no_password=0, trust_account=0) at utils/smbpasswd.c:245 #5 0x804ab33 in process_root (argc=3, argv=0xbffffcac) at utils/smbpasswd.c:427 #6 0x804aeab in main (argc=3, argv=0xbffffcac) at utils/smbpasswd.c:592 private/smbpasswd is unchanged. Let me know if you any of the log files. I appreciate the assistance! Thank you, Bill From jpr9c at cs.virginia.edu Mon Feb 1 13:23:25 1999 From: jpr9c at cs.virginia.edu (Scott Ruffner) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge References: <19990130151638Z12613267-7797+10609@samba.anu.edu.au> Message-ID: <36B5AACD.6B4440D1@cs.virginia.edu> And, if you get the NT Resource Kit, there is a program called XCACLS.EXE which actually allows you to set the individual bits on each file rather than just the "clustered" bits which MS thinks are useful... Scott samba-ntdom@samba.org wrote: > > Perhaps I could write a NT command line utility for setting > > permissions that could be included in the SAMBA disstribution > > as my first try in helping the SAMBA team in writing such > > great software. > > Actually, the cacls.exe command will work and it ships > with NT. For got about that one. I'm still exploring > the share permissions. > > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > > ------------------------------ > > End of SAMBA-NTDOM Digest 617 > ***************************** -- Scott Ruffner Computer Science Department Systems Engineer 226E Olsson Hall ruffner@cs.virginia.edu University of Virginia (804)982-2219 From greg at discreet.com Mon Feb 1 13:35:09 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:02 2003 Subject: silly things Message-ID: Hi, Just wanted to report some silly things I have noticed in the latest CVS tree: 1) Configure seems to be ignoring --localstatedir 2) the o32 (-32) ABI is hardcoded in the smbwrapper compilation options. This is evil since most IRIX sites will want -n32 at this point. 3) the DOM_MAP_TYPE enum in smb.h has a trailing comma after DOM_MAP_USER. I don't think it's required and my compiler bitches about it. Other than that everything seems okely-dokely, Cheers, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From tridge at samba.org Mon Feb 1 13:48:33 1999 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:25:02 2003 Subject: silly things In-Reply-To: (message from Greg Dickie on Tue, 2 Feb 1999 00:36:53 +1100) References: Message-ID: <19990201134834Z12607250-2991+10920@samba.anu.edu.au> > 2) the o32 (-32) ABI is hardcoded in the smbwrapper compilation > options. This is evil since most IRIX sites will want -n32 at this > point. no, look at it more carefully. It builds both -n32 and -32 shared libraries (it does assume -n32 is the default tho) and this is needed so that old binaries work with smbwrapper. If you look in smbsh.c you will see the env variables set to point the dynamic loader at different shared libraries based on the binary type. strictly we should build -64 libs as well, but we don't because it isn't trivial (it requires some different code in wrapped.c) From greg at discreet.com Mon Feb 1 14:09:35 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:03 2003 Subject: silly things In-Reply-To: <19990201134834Z12607250-2991+10920@samba.anu.edu.au> Message-ID: oops. that makes sense, sorry. I normally setenv CFLAGS -n32 before I run configure so it builds everything n32. Of course this fails when it hits the po32 target. What is the proper way to do this? Thanks, Greg On 01-Feb-99 Andrew Tridgell wrote: >> 2) the o32 (-32) ABI is hardcoded in the smbwrapper compilation >> options. This is evil since most IRIX sites will want -n32 at this >> point. > > no, look at it more carefully. It builds both -n32 and -32 shared > libraries (it does assume -n32 is the default tho) and this is needed > so that old binaries work with smbwrapper. If you look in smbsh.c you > will see the env variables set to point the dynamic loader at > different shared libraries based on the binary type. > > strictly we should build -64 libs as well, but we don't because it > isn't trivial (it requires some different code in wrapped.c) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cigor at EUnet.yu Mon Feb 1 11:55:26 1999 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:25:03 2003 Subject: System Policy Problems Message-ID: <01be4dd9$c18df2e0$0200a8c0@big.co.yu> Have you set browsable = yes. This could be a solution to your problem. Windows sometimes requre that netlogon to bee browsable so I can access it. I hope this help. ______________________________________________ Colovic Igor Linux Users Group of Yugoslavia www.linux.org.yu cigor@eunet.yu DelphiPro@yahoo.com -----Original Message----- From: A J Every To: Multiple recipients of list Date: Monday, February 01, 1999 11:37 Subject: Re: System Policy Problems > > >I've tried samba 2.0.0 but this did not solve it either. I know the netlogon >directory can be picked up as my batch file runs on both machines. > >Has anyone suffered similar erratic behaviour ??? Is there a known problem >with this ??? > >regards > >alan (every). > From lkcl at switchboard.net Mon Feb 1 15:16:01 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? In-Reply-To: <199901292137.QAA27251@vespa.cs.byu.edu> Message-ID: hm. if you have "security = domain" and no "password server = PDC_NAME" then latest cvs code aborts. it attempts to obtain the SID for the domain from the PDC, and if this fails for any reason then smbd will exit. > Yeah -- I read that. What it DOESN'T say is that you _really_ dont > want security = DOMAIN in your smb.conf file. this is for member of domain. From lkcl at switchboard.net Mon Feb 1 15:17:32 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <36B233B6.9D7C49A3@eng.auburn.edu> Message-ID: > > is broken. From NT I get: > > > > \\Carver is not accessible > > > > The Server service is not started. > > This has been posted before. I think we're still working > on a fix. (Someone correct me if I'm wrong) > sounds like the pass-through code is broken. From lkcl at switchboard.net Mon Feb 1 15:20:47 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: shared MACHINE.SID In-Reply-To: Message-ID: On Sat, 30 Jan 1999, Todd Pfaff wrote: > What are the implications of sharing /usr/local/samba/private/MACHINE.SID > between a group of samba servers, one of which is a samba PDC, and the > others are domain members? bad idea. which is why, in latest cvs, i use SAM_DATABASE_NAME.SID not MACHINE.SID (renaming MACHINE.SID if it exists. do not run latest cvs then revert to 2.0.0 without *manually* renaming the file back to MACHINE.SID) > Does every samba server, PDC or otherwise, have a MACHINE.SID file, or > is this file only created and used by a samba PDC? every NT-domain server needs a SID to represent its SAM database. for members-of-domain that goes under the machine name (local SAM). for domain-masters that is the DOMAIN name (Domain SAM). From lkcl at switchboard.net Mon Feb 1 15:26:30 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <000e01be4bee$39723c00$f2c6d6cf@ebola.microdisplay.com> Message-ID: > I'd rather put time into hacking something to make it work than > re-doing this i'll take you up on that! > - are there any docs about what has to be done? hm, methinks not. do you have netmon? (yes, if you have nt srv). do you have SMS version of netmon? have a look-see with it. run smbd at level 10. etc. luke From jrb at fluent.de Mon Feb 1 15:03:15 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:25:03 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: References: <36B233B6.9D7C49A3@eng.auburn.edu> Message-ID: <199902011602.JAA25983@prag.fluent.de> > > > is broken. From NT I get: > > > > > > \\Carver is not accessible > > > > > > The Server service is not started. > > > > This has been posted before. I think we're still working > > on a fix. (Someone correct me if I'm wrong) > > > > sounds like the pass-through code is broken. > I downloaded today's cvs and that seems to work now. I can browse and access the shares. But I cannot access \\machine\c$ even though I'm listed as admin user. It still says Domain=[FD] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] tree connect failed: ERRDOS - ERRnoaccess (Access denied.) Juergen Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From lkcl at switchboard.net Mon Feb 1 16:09:42 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: System Policy Problems In-Reply-To: Message-ID: On Mon, 1 Feb 1999, A J Every wrote: > -> I have been playing around with the Samba PDC stuff over the last > -> few months and have been generally impressed with the server's > -> functionallity. The only thing I haven't been able to get working > -> properly is the policy download from a Samba PDC > > I seem to have erratic behaviour on this one. I have two totally similar > redhat linux machines. One has basically been cloned from the other. does that include the MACHINE.SID file? if so, this may be part of the problem. From lkcl at switchboard.net Mon Feb 1 16:27:56 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: Latest CVS version doesn't seem to work In-Reply-To: <19990201114859.13481.qmail@topelo.lopi.com> Message-ID: > smbpasswd is biting the dust - sorry for the wrong impression. Here is > the stack trace for the command line "bin/smbpasswd -a whn": pwdb_smb_map_names() is returning NULL, and then add_smbfilepwd_entry() doesn't check for NULL. lookup of unix name is failing, do you have a user "whn" in unix password file? what arrangement do you have for nt->unix mappings? > (gdb) bt > #0 0x805a177 in add_smbfilepwd_entry (newpwd=0x0) at passdb/smbpass.c:279 > #1 0x80593a0 in add_smbpwd_entry (newpwd=0xbffff2e0) at > passdb/passdb.c:209 > #2 0x805b5e5 in add_new_user (user_name=0xbffffd98 "whn", uid=1002, > trust_account=0, disable_user=0, set_no_password=0, > new_p16=0xbffff3c0 "-UE\a}{}*ªÓ´5µ\024\004î\020üÿ¿ø¦\004\b\230ýÿ¿", > new_nt_p16=0xbffff3b0 "|SÏ¥ê}\017\233;\226\212 ûQ£õ-UE\a}{}*ªÓ´5µ\024\ > 004î\020üÿ¿ø¦\004\b\230ýÿ¿") at passdb/smbpasschange.c:52 > #3 0x805b694 in local_password_change (user_name=0xbffffd98 "whn", > trust_account=0, add_user=1, enable_user=0, disable_user=0, > set_no_password=0, new_passwd=0x80b4440 "testing", err_str=0xbffff810 > "", > err_str_len=1024, msg_str=0xbffff410 "", msg_str_len=1024) > at passdb/smbpasschange.c:112 > #4 0x804a6f8 in password_change (remote_machine=0x0, > user_name=0xbffffd98 "whn", old_passwd=0x0, > new_passwd=0x80b4440 "testing", add_user=1, enable_user=0, > disable_user=0, > set_no_password=0, trust_account=0) at utils/smbpasswd.c:245 > #5 0x804ab33 in process_root (argc=3, argv=0xbffffcac) > at utils/smbpasswd.c:427 > #6 0x804aeab in main (argc=3, argv=0xbffffcac) at utils/smbpasswd.c:592 > > private/smbpasswd is unchanged. Let me know if you any of the log files. > I appreciate the assistance! > > Thank you, > Bill > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Mon Feb 1 16:32:07 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: silly things In-Reply-To: Message-ID: > 3) the DOM_MAP_TYPE enum in smb.h has a trailing comma after DOM_MAP_USER. I > don't think it's required and my compiler bitches about it. thanx. From lkcl at switchboard.net Mon Feb 1 16:41:35 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <199902011602.JAA25983@prag.fluent.de> Message-ID: > > sounds like the pass-through code is broken. > > > I downloaded today's cvs and that seems to work now. I can good. that's probably matt's fix. > browse and access the shares. But I cannot access \\machine\c$ > even though I'm listed as admin user. It still says > Domain=[FD] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > tree connect failed: ERRDOS - ERRnoaccess (Access denied.) have you created a [c$] share in smb.conf? From whn at topelo.lopi.com Mon Feb 1 16:52:46 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:03 2003 Subject: Latest CVS version doesn't seem to work In-Reply-To: Your message of Mon, 01 Feb 1999 16:27:56 +0000. Message-ID: <19990201165247.1227.qmail@topelo.lopi.com> On Monday, Feb 1 1999 at 16:27:56, Luke Kenneth Casson Leighton wrote: >> smbpasswd is biting the dust - sorry for the wrong impression. Here is= >=20 >> the stack trace for the command line "bin/smbpasswd -a whn": > >pwdb_smb_map_names() is returning NULL, and then add_smbfilepwd_entry() >doesn't check for NULL. > >lookup of unix name is failing, do you have a user "whn" in unix password >file? Yes. > what arrangement do you have for nt->unix mappings? I assume you mean username but just in case... Usernames: user whn (me) is in /etc/passwd and was attempting to add it to private/smbpasswd The experimental account is "joe" and that has a dummy entry in /etc/passwd and is in private/smbpasswd. DNS: topelo has DNS entries for 199.92.203.2 and 208.3.201.1 and the in-addr.arpa mapping. 192.168.1.20 is a connection to an NT 4.0 SP4 box for testing purposes and is in /etc/hosts. topelo is the DNS primary DNS server for the domain. In the production environment there will be no external connectivity. The files were copied from a functioning 2.0.0 setup on topelo for trying to make it into a PDC. Thank you, Bill From jrb at fluent.de Mon Feb 1 15:53:45 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:25:03 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: References: <199902011602.JAA25983@prag.fluent.de> Message-ID: <199902011652.JAA27355@prag.fluent.de> > > > sounds like the pass-through code is broken. > > > > > I downloaded today's cvs and that seems to work now. I can > > good. that's probably matt's fix. > > > browse and access the shares. But I cannot access \\machine\c$ > > even though I'm listed as admin user. It still says > > Domain=[FD] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > tree connect failed: ERRDOS - ERRnoaccess (Access denied.) > > have you created a [c$] share in smb.conf? Sorry, I didn't mention that. \\machine is an NT box so C$ should be an admin share, right? Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From lkcl at switchboard.net Mon Feb 1 16:57:32 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <199902011652.JAA27355@prag.fluent.de> Message-ID: On Mon, 1 Feb 1999, Juergen Bock wrote: > > > > sounds like the pass-through code is broken. > > > > > > > I downloaded today's cvs and that seems to work now. I can > > > > good. that's probably matt's fix. > > > > > browse and access the shares. But I cannot access \\machine\c$ > > > even though I'm listed as admin user. It still says > > > Domain=[FD] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > > tree connect failed: ERRDOS - ERRnoaccess (Access denied.) > > > > have you created a [c$] share in smb.conf? > Sorry, I didn't mention that. \\machine is an NT box so C$ should > be an admin share, right? correct. hm, check the rights on c$ on the nt box, see if it requires domain admin or local admin privs, grant the necessary privs to the admin user, you may be giving the admin user the wrong kind of admin privs. luke From lkcl at switchboard.net Mon Feb 1 16:59:24 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:03 2003 Subject: Latest CVS version doesn't seem to work In-Reply-To: <19990201165247.1227.qmail@topelo.lopi.com> Message-ID: On Mon, 1 Feb 1999, Bill Nugent wrote: > On Monday, Feb 1 1999 at 16:27:56, Luke Kenneth Casson Leighton wrote: > > >> smbpasswd is biting the dust - sorry for the wrong impression. Here > is= > >=20 > >> the stack trace for the command line "bin/smbpasswd -a whn": > > > >pwdb_smb_map_names() is returning NULL, and then add_smbfilepwd_entry() > >doesn't check for NULL. > > > >lookup of unix name is failing, do you have a user "whn" in unix password > >file? > > Yes. ok, then i don't know exactly what's going on without stepping through pwdb_smb_map_names() would you care to do this / put some debug statements in, take a look-see? > > what arrangement do you have for nt->unix mappings? > > I assume you mean username but just in case... i did mean username. luke From masaje at maths.bath.ac.uk Mon Feb 1 17:03:35 1999 From: masaje at maths.bath.ac.uk (A J Every) Date: Tue Dec 2 02:25:03 2003 Subject: System Policy Problems In-Reply-To: Your message of "Mon, 01 Feb 1999 16:09:42 GMT." Message-ID: -> > I seem to have erratic behaviour on this one. I have two totally similar -> > redhat linux machines. One has basically been cloned from the other. -> does that include the MACHINE.SID file? if so, this may be part of the -> problem. No. I currently have two domains, set up the same (obviously different domain names). Everything including the smb.conf, directory structure etc. was the same. The machine.sids are not the same... this would surely stop me from logging on ? I have a NETLOGON directory with NTConfig.Pol in and a logon script in it. My user profiles (stored elsewhere) are read ok, and so is the logon script. The policy is applied in one domain... but not the other. There are no differences between either policy. regards alan (every), University of Bath. From whn at topelo.lopi.com Mon Feb 1 17:10:32 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:03 2003 Subject: Latest CVS version doesn't seem to work In-Reply-To: Your message of Mon, 01 Feb 1999 16:59:24 +0000. Message-ID: <19990201171032.1335.qmail@topelo.lopi.com> On Monday, Feb 1 1999 at 16:59:24, Luke Kenneth Casson Leighton wrote: >ok, then i don't know exactly what's going on without stepping through >pwdb_smb_map_names() would you care to do this / put some debug statements >in, take a look-see? Yes. Let me know what you want done. I've been coding C for almost 20 years so you can assume I know something. Thanks, Bill From jallison at cthulhu.engr.sgi.com Mon Feb 1 19:42:11 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:03 2003 Subject: Benchmark results. Message-ID: <36B60393.20E43CCD@engr.sgi.com> Hi all, For people who are looking for some objective numbers to help recommend Samba to their employers (I know there are some of you on this list :-) you might want to look at the following couple of articles. The first one is in Smart Reseller (a USA trade press magazine) at : http://www.zdnet.com/sr/stories/issue/0,4537,2196106,00.html titled : "The Best Windows File Server: Linux!". It covers Samba on Linux vs. NT on a single processor system (and confirms the rumours I've heard that Linux + Samba outperform NT with more than 12 users). The second becnhmark I must confess I helped with. This was done at PC Week (another USA trade press magazine) and was in a large server configuration. This was a VA Research 4 x 450MHz Xeon processor machine, with 18GB of storage in a RAID 5 configuration and 2GB of memory. This article may be found at : http://www.zdnet.com/pcweek/stories/news/0,4153,387766,00.html titled: "Linux: Enterprise-ready". There are no comparitive NT numbers in this benchmark. The reason for that is that NT on the multiprocessor box performed so poorly in the test (a factor of 5 slower than Samba) that both PC Week and myself were convinced that something was wrong with the NT tuning. The problem was that NT refused to use more that 300MB of memory for file cache (despite tweaking the only public setting that NT allows to modify this). Even searchin all Microsoft technical references and Web pages on NT tuning did not allow us to find anything to force NT to use more memory for disk cache. On the Linux side I used to documentation in /usr/src/linux/Documentation/vm to set the disk cache size to 80% of all available memory. Hope these numbers are interesting to people - use them as you will :-) :-). Regards, Jeremy Allison, Samba Team. -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jmeff at engsoc.queensu.ca Mon Feb 1 21:13:04 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:03 2003 Subject: System Policy Problems In-Reply-To: Message-ID: Alan, We've noticed some eratic behaviour with the NT clients - but the samba PDC seems to be consistent when used with the default NT workstation client installs. First check the case-sensitive name of \\server\netlogon\ntconfig.pol, and try both "ntconfig.pol" and "Ntconfig.pol". Next, start up poledit on the NT client, file/open the registry, and check the "Default Computer" settings. Under "network", check the remote update setting - it should be "automatic". I've noticed that some NT clients change this to "manual" once they know the location of the policy file on the server. (the "manual" option lets you specify a custom location for the policy file, and that could be a redirect to another policy file somewhere else on the network). Of course, save the change. good luck, Jamie On Mon, 1 Feb 1999, A J Every wrote: > -> I have been playing around with the Samba PDC stuff over the last > -> few months and have been generally impressed with the server's > -> functionallity. The only thing I haven't been able to get working > -> properly is the policy download from a Samba PDC > > I seem to have erratic behaviour on this one. I have two totally similar > redhat linux machines. One has basically been cloned from the other. > > They are both running samba beta 4. One of the domains has its policy working > fine. The other will not work at all. All directory permissions are the same > etc. etc. The smb.conf is the same except the domain name and server name. > > I've tried samba 2.0.0 but this did not solve it either. I know the netlogon > directory can be picked up as my batch file runs on both machines. > > Has anyone suffered similar erratic behaviour ??? Is there a known problem > with this ??? > > regards > > alan (every). > From dan118s at mail.smsu.edu Mon Feb 1 21:14:33 1999 From: dan118s at mail.smsu.edu (David Nemeth) Date: Tue Dec 2 02:25:03 2003 Subject: Error Condition Re: UNSUBSCRIBE SAMBA-NTDOM dan118s@mail.smsu.edu Message-ID: <00d601be4e27$dd2d57e0$1fe80792@pannonia.smsu.edu> -----Original Message----- From: samba-ntdom@samba.org To: dan118s@mail.smsu.edu Date: Monday, February 01, 1999 2:57 PM Subject: Error Condition Re: UNSUBSCRIBE SAMBA-NTDOM dan118s@mail.smsu.edu > >We are sorry, but this system sensed the following request which may have been >inadvertedly sent to this list: > >UNSUBSCRIBE SAMBA-NTDOM > >If your posting was intentional, please accept our apologies and resend your >mail message, making sure you do not include anything that may look like a >request in the first line of the body of the actual message. If this was >indeed a request please resend it to listproc@samba.anu.edu.au >Your entire message >is copied below. > >--------------------------------------------------------------------------- ---- >UNSUBSCRIBE SAMBA-NTDOM dan118s@mail.smsu.edu > From tridge at samba.org Mon Feb 1 21:49:25 1999 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:25:03 2003 Subject: silly things In-Reply-To: (message from Greg Dickie on Mon, 01 Feb 1999 09:09:35 -0500 (EST)) References: Message-ID: <19990201214934Z12607250-3608+11266@samba.anu.edu.au> > I normally setenv CFLAGS -n32 before I run > configure so it builds everything n32. Of course this fails when it hits the > po32 target. What is the proper way to do this? there isn't really a good solution. If you just don't set CFLAGS it will work, but I'm open to suggestions for better solutions :) From simonmu at optimation.co.nz Mon Feb 1 21:52:17 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:25:03 2003 Subject: Sparc IPC's Message-ID: Hi People, This is probably not too much realated to NTDOM stuff but... Has anyone tried to run samba on a slow machine like a SparcStation IPC? I have a client that would like to do so but I am unclear just what sort of performance he will get compared to NFS. >From experience, using low end 486's has been fine except for when the client tries to connect to a share or is doing domain negotiation. These can take a wee bit of processing power but the rest just requires a bit of RAM. If anybody has done some benchmarks of samba vs nfs I would definitely like to hear the results. Thanks in advance. Regards Simon Murcott From e8903122 at student.tuwien.ac.at Tue Feb 2 00:14:47 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:25:03 2003 Subject: Cached smbpasswd idea. Message-ID: Hello ! I have a problem and a idea to solve it, but before I go and try to understand the samba source code I want to hear if this would be possible: The problem: +----+----R-----ur-----R----+ | | | C L PDC There is a network with some WindowsNT-Clients(C) and a linux box(L) with samba installed. This LAN is connected via an unreliable 64kbit link(ur) via routers(R) with a other network, where the PDC lives. The requirement is, that the user can login on the WindowsNT Client, authenticated from the PDC. This shouldn't be a problem with security=domain and password server=BLABLA. What worries me is the unreliable 64kbit link. It would be very nive to have some way to emulate a backup domain controller on the Linux box, so that users can log in, even if the 64kbit link is dead. My idea: Wouldn't it be possible for samba to write the user/password-equivalents to a file as they passing by in the security=domain modus ? If this is possible, it should also be possible to create a smbpasswd-file from this information. With this, I may switch the configuration to "Samba-PDC", if the original PDC isn't available and let the users login. Comments ? Kind regards, Richard ------ "One day, computer power will eventually outstrip demand, and OS engineers will be free to use friendly languages like LISP again.. until then, I think we're stuck with C." -- Oliver Xymoro From cwood at wencor.com Tue Feb 2 00:29:19 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:25:03 2003 Subject: Not in Neighborhood and no login scripts Message-ID: I've been trying to setup login scripts for users authenticating against Samba 2.0 (PDC). I've heard people mention that win95 needs to be able to build the path to the netlogon thus netlogon must have browseable = yes. I've tried this without luck (though I can find the server, browse the share and run the .bat file manually). When I upgraded to Samba 2.0, Samba disappeared from the network neighborhood and hasn't come back since. :) Could the absense of Samba in the 'hood cause the problem of login scripts failing to run? If so, what can I do to get Samba in the neighborhood? -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From lintec at engsoc.queensu.ca Tue Feb 2 02:50:50 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:25:03 2003 Subject: runaway smbd process Message-ID: Heya Luke, we seem to be getting an odd runaway smbd when a normal user is trying to logon. An administrator can log on in two seconds, but it takes a regular account about five minutes, and an smbd process running as root goes to 100% CPU usage. Here's the part of the log file that seems relevant: [1999/02/01 21:40:32, 1] smbd/ipc.c:api_fd_reply(3272) api_fd_reply: INVALID PIPE HANDLE: 703b That's from the machine's log file, during logon. It had connected to the netlogon and profiles shares, but none of the others yet (we have it mapping a few drives in a logon script). The full log files are available at ftp://engsoc.queensu.ca/pub/samba-logs/smbd-runaway/ If you need more info, just let me know... Phil Steinke Computer Manager 98/99 Queen's Engineering Society From John_Young at sp.gap.com Tue Feb 2 03:01:56 1999 From: John_Young at sp.gap.com (John Young) Date: Tue Dec 2 02:25:03 2003 Subject: runaway smbd process Message-ID: <199902020301.TAA14897@wizard.sp.gap.com> Phil wrote: > Heya Luke, we seem to be getting an odd runaway smbd when a normal user is > trying to logon. An administrator can log on in two seconds, but it takes > a regular account about five minutes, and an smbd process running as root > goes to 100% CPU usage. Here's the part of the log file that seems > relevant: > > [1999/02/01 21:40:32, 1] smbd/ipc.c:api_fd_reply(3272) > api_fd_reply: INVALID PIPE HANDLE: 703b Although I am not in the situation above (I cannot login at all), I am seeing a similar error (just in case the additional info helps in tracking this down). Samba 2.0.0 (normal download, not CVS), Solaris 2.6, WinNT Terminal Server (NT4sp3 w/ICA (Winframe)). >From the log for the connecting client: [1999/02/01 18:42:53, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/02/01 18:42:53, 3] smbd/ipc.c:reply_trans(3621) trans <\PIPE\> data=140 params=0 setup=2 [1999/02/01 18:42:53, 5] smbd/ipc.c:reply_trans(3633) calling named_pipe [1999/02/01 18:42:53, 3] smbd/ipc.c:named_pipe(3476) named pipe command on <> name [1999/02/01 18:42:53, 5] smbd/ipc.c:api_fd_reply(3240) api_fd_reply [1999/02/01 18:42:53, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(398) search for pipe pnum=7015 [1999/02/01 18:42:53, 1] smbd/ipc.c:api_fd_reply(3297) api_fd_reply: INVALID PIPE HANDLE: 7015 [1999/02/01 18:42:53, 3] smbd/ipc.c:api_no_reply(3216) Unsupported API fd command [1999/02/01 18:42:53, 5] smbd/ipc.c:copy_trans_params_and_data(150) copy_trans_params_and_data: params[0..4] data[0..0] [1999/02/01 18:42:53, 5] lib/util.c:show_msg(459) size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [1999/02/01 18:42:53, 5] lib/util.c:show_msg(465) smb_tid=1 smb_pid=51966 smb_uid=100 smb_mid=64 smt_wct=10 Good luck! -John ________________________________________________________________ John Young Voice 650 874 4198 Director, Corporate Architecture I.S. Fax 650 874 4224 Gap, Inc. john_young@sp.gap.com From whn at topelo.lopi.com Tue Feb 2 03:42:59 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:03 2003 Subject: Samba 2.1 pre-release okay - RedHat 5.2/glibc is my problem Message-ID: <19990202034300.7507.qmail@topelo.lopi.com> Howdy, I reported earlier that I could not get smbpasswd to work properly - "smbpasswd -m 'bonkers$'" is one example. I think I may have found a problem - getpwnam() doesn't work when '$' is the last character of the name. I'm running RedHat Linux 5.2 with glibc-2.0.7-29 and my /etc/passwd (and /etc/shadow) have an entry for bonkers$: bonkers$:4999:5000:bonkers to use NT:/home/samba/Machines:/bin/false My test program: $ cat test.c #include #include #include main(int argc, char *argv[]) { struct passwd *p = getpwnam(argv[1]); printf("%s = %x\n", argv[1], p); } And some results: $ ./test joe # Dummy user joe - an entry is returned joe = 400ae2d8 $ ./test 'bonkers$' # And this is broken bonkers$ = 0 I tried escaping the dollar sign in case there was an RE involved...no such luck. I submitted a bug report to RedHat. I took a look at the glibc source and it is appears to be non-trivial (multiple levels of macros) and I do not have the cycles to spare looking into this problem as well...sigh. Bill From aperrin at demog.Berkeley.EDU Tue Feb 2 04:09:35 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:03 2003 Subject: Samba 2.1 pre-release okay - RedHat 5.2/glibc is my problem In-Reply-To: <19990202034300.7507.qmail@topelo.lopi.com> Message-ID: unless I'm misunderstanding your message, I think your problem is simple: the -m flag on smbpasswd adds the $ for you; if your machine is named BONKERS and its associated /etc/passwd entry is for BONKERS$, you should just do smbpasswd -a -m bonkers . Hope this helps- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 2 Feb 1999, Bill Nugent wrote: > Howdy, > > I reported earlier that I could not get smbpasswd to work properly - > "smbpasswd -m 'bonkers$'" is one example. I think I may have found a > problem - getpwnam() doesn't work when '$' is the last character of the > name. I'm running RedHat Linux 5.2 with glibc-2.0.7-29 and my > /etc/passwd (and /etc/shadow) have an entry for bonkers$: > > bonkers$:4999:5000:bonkers to use NT:/home/samba/Machines:/bin/false > > My test program: > > $ cat test.c > #include > #include > #include > > main(int argc, char *argv[]) > { > struct passwd *p = getpwnam(argv[1]); > > printf("%s = %x\n", argv[1], p); > } > > And some results: > > $ ./test joe # Dummy user joe - an entry is returned > joe = 400ae2d8 > $ ./test 'bonkers$' # And this is broken > bonkers$ = 0 > > I tried escaping the dollar sign in case there was an RE involved...no > such luck. > > I submitted a bug report to RedHat. I took a look at the glibc source > and it is appears to be non-trivial (multiple levels of macros) and I do > not have the cycles to spare looking into this problem as well...sigh. > > Bill > From darrylc at vulcan.telstra.com.au Tue Feb 2 05:01:03 1999 From: darrylc at vulcan.telstra.com.au (Darryl Cording) Date: Tue Dec 2 02:25:03 2003 Subject: System Policy Problems Message-ID: <199902020501.PAA00652@vulcan.telecom.com.au> Thanks for the replies, but the policies still don't get downloaded. I've checked all smb.conf parameters that were suggested and re-created the policy several times with 'Automatic' and 'Manual' update methods, but it still doesn't get to the client:-( The only thing I think maybe different is that I use a 'preexec' comand in my netlogon share to create the users login script. I wouldn't have thought that could interfere with policy downloads. here are the relevant parts of the smb.conf [netlogon] comment = TAG DC Automatic Software Downloads preexec = exec /usr/local/samba/bin/smblogin.sh '%L' '%m' '%U' '%G' '%a' '%T' path = /usr/local/samba/smb_logins writable = no guest ok = yes create mask = 0775 browseable = yes Global parameters are: encrypt passwords = yes domain logons = yes oslevel = 34 preferred master = yes domain master = yes logon script = %U.BAT the script smblogin.sh just creates the "logon script" for each user as the log in. Login scripts, roming profiles all work fine. Anyone got anymore ideas?? Anybody want a client log file or tcpdump output??? I'll keep plugging away. Again, thanks for all the replies. Regards, Darryl From jmeff at engsoc.queensu.ca Tue Feb 2 05:42:08 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:03 2003 Subject: System Policy Problems In-Reply-To: <199902020501.PAA00652@vulcan.telecom.com.au> Message-ID: <000101be4e6e$c582b800$0245a8c0@dagobah.cgocable.net> > here are the relevant parts of the smb.conf > > [netlogon] > comment = TAG DC Automatic Software Downloads > preexec = exec /usr/local/samba/bin/smblogin.sh '%L' '%m' '%U' > '%G' '%a' '%T' > path = /usr/local/samba/smb_logins > writable = no > guest ok = yes > create mask = 0775 > browseable = yes You'll need: "locking = no" for policies to work. It's in the ntdom faq ;) We also have "writable = yes" on our system so we can edit the logon script and default user profile from a desktop, but that shouldn't be necessary. Also, "create mask" is redundant if writable is "no". Jamie From lex at tor.prima.tu-chel.ac.ru Tue Feb 2 13:02:37 1999 From: lex at tor.prima.tu-chel.ac.ru (Guess) Date: Tue Dec 2 02:25:03 2003 Subject: Interfaces Message-ID: Hi all! There is a trouble... with interfaces in Samba 2.0.0 In smb.conf there are: [global] ... inetrfaces = 192.168.0.1/255.255.255.0 192.168.80.168/255.255.255.240 .... Why Samba sees only the first part if the string 'interfaces' ??? Cheers, SaLiK. From rdab100 at cam.ac.uk Tue Feb 2 08:54:19 1999 From: rdab100 at cam.ac.uk (Dominic Baines) Date: Tue Dec 2 02:25:03 2003 Subject: Interfaces References: Message-ID: <36B6BD3A.9953A319@cam.ac.uk> Guess wrote: > Hi all! > > There is a trouble... with interfaces in Samba 2.0.0 > In smb.conf there are: > [global] > .. > inetrfaces = 192.168.0.1/255.255.255.0 192.168.80.168/255.255.255.240 > ^^^^^^^ 'cos you mis-spelt 'interfaces' ? > ... > Why Samba sees only the first part if the string 'interfaces' ??? Dominic Baines From rdab100 at cam.ac.uk Tue Feb 2 09:09:02 1999 From: rdab100 at cam.ac.uk (Dominic Baines) Date: Tue Dec 2 02:25:03 2003 Subject: Interfaces References: Message-ID: <36B6C0AE.9E12B5C3@cam.ac.uk> Guess wrote: > Hi all! > > There is a trouble... with interfaces in Samba 2.0.0 > In smb.conf there are: > [global] > .. > inetrfaces = 192.168.0.1/255.255.255.0 192.168.80.168/255.255.255.240 > > ... > Why Samba sees only the first part if the string 'interfaces' ??? Samba default uses the first interface on a server unless you tell it otherwise using the 'interfaces' parameter. In this case as you've incorrectly spelt it the default is to use the eth0 on your box. If you edit it to become 'interfaces' and restart the smbd and nmbd services you will see a difference. I have used this to set up Samba on interfaces eth1-eth2 i.e. not on eth0 for security purposes (different subnet) with some success in the past. Dominic From lex at tor.prima.tu-chel.ac.ru Tue Feb 2 16:25:19 1999 From: lex at tor.prima.tu-chel.ac.ru (Guess) Date: Tue Dec 2 02:25:03 2003 Subject: Interfaces... Again Message-ID: Hi all! That was my fault and i've changed this srting at the properly: 'interfaces' BUT... nothing have changed :( And Samba sees only the first part of string: interfaces = 192.168.0.1/255.255.255.0 192.168.80.168/255.255.255.240 What the bug? Cheers, SaLiK. From weejock at ferret.lmh.ox.ac.uk Tue Feb 2 11:48:39 1999 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:25:03 2003 Subject: Interfaces... Again In-Reply-To: Message-ID: On Tue, 2 Feb 1999, Guess wrote: > Hi all! > > That was my fault and i've changed this srting at the properly: 'interfaces' > BUT... nothing have changed :( > And Samba sees only the first part of string: > interfaces = 192.168.0.1/255.255.255.0 192.168.80.168/255.255.255.240 interfaces = 192.168.0.1/24 192.168.80.168/28 Matthew. From whn at topelo.lopi.com Tue Feb 2 13:20:56 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:03 2003 Subject: Samba 2.1 pre-release okay - RedHat 5.2/glibc is my problem In-Reply-To: Your message of Mon, 01 Feb 1999 20:09:35 -0800. Message-ID: <19990202132056.10103.qmail@topelo.lopi.com> Andrew, I've tried that already. :-( The source code for smbpasswd strips off any '$' on the end and then appends one when run '-m' just to be sure (at about line 378 of utils/smbpasswd.c). The problem is with glibc 2.0.7 runtime library - it skips over usernames that have a '$' in them (I have not exhaustively tried all permutations but on the end and in the middle are ignored). Look at the little C program I enclosed in the original posting with the two test runs at the end and you will see that username 'bonker$' is skipped over. There is a copy of that posting at the bottom of this email. After I sent the email I wrote a variation using getpwent() and it skipped it as well. My next question to the list is how hard would it be for me to kludge around this either by using a different character? I feel writing a custom function my_getpwnam() function is a loosing battle because PAM, etc. all use run-time library. Thank you! Bill On Monday, Feb 1 1999 at 20:09:35, Andrew Perrin - Demography wrote: >unless I'm misunderstanding your message, I think your problem is simple: >the -m flag on smbpasswd adds the $ for you; if your machine is named >BONKERS and its associated /etc/passwd entry is for BONKERS$, you should >just do smbpasswd -a -m bonkers . > >Hope this helps- >Andy > >--------------------------------------------------------------------- >Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support >Department of Demography - University of California at Berkeley >2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA >http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > >On Tue, 2 Feb 1999, Bill Nugent wrote: > >> Howdy, >> >> I reported earlier that I could not get smbpasswd to work properly - >> "smbpasswd -m 'bonkers$'" is one example. I think I may have found a >> problem - getpwnam() doesn't work when '$' is the last character of the >> name. I'm running RedHat Linux 5.2 with glibc-2.0.7-29 and my >> /etc/passwd (and /etc/shadow) have an entry for bonkers$: >> >> bonkers$:4999:5000:bonkers to use NT:/home/samba/Machines:/bin/false >> >> My test program: >> >> $ cat test.c >> #include >> #include >> #include >> >> main(int argc, char *argv[]) >> { >> struct passwd *p = getpwnam(argv[1]); >> >> printf("%s = %x\n", argv[1], p); >> } >> >> And some results: >> >> $ ./test joe # Dummy user joe - an entry is returned >> joe = 400ae2d8 >> $ ./test 'bonkers$' # And this is broken >> bonkers$ = 0 >> >> I tried escaping the dollar sign in case there was an RE involved...no >> such luck. >> >> I submitted a bug report to RedHat. I took a look at the glibc source >> and it is appears to be non-trivial (multiple levels of macros) and I do >> not have the cycles to spare looking into this problem as well...sigh. >> >> Bill >> > From greg at discreet.com Tue Feb 2 13:50:03 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:04 2003 Subject: multiple WINS replies Message-ID: Hi, I'm using samba 2.0 release as a wins server and on all my other samba machines I'm getting messages such as: Copyright Andrew Tridgell 1994-1998 [1999/02/01 09:02:33, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (2) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:02:33, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (3) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:02:33, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (4) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:07:35, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (2) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:07:35, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (3) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:07:35, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (4) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:12:36, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (2) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:12:36, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (3) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:12:36, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (4) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 [1999/02/01 09:17:36, 0] nmbd/nmbd_namequery.c:(92) query_name_response: Multiple (2) responses received for a query on subnet 192.168.20.56 for name DL_RDMTL<1d>. This response was from IP 192.168.20.30 yada yada yada I have verified with tcpdump and nmblookup that 20.30 (my WINS server) does, in fact, reply exactly 4 times to a query for each request. Not a big deal but it does kind of bloat the logs so if I can turn it off that would be good. Some details: that machine has bind interfaces only = yes and has two interfaces configured. Any ideas? Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jhr at comp.uark.edu Tue Feb 2 14:14:50 1999 From: jhr at comp.uark.edu (Jason H. Reeves) Date: Tue Dec 2 02:25:04 2003 Subject: Sparc IPC's In-Reply-To: Message-ID: On Tue, 2 Feb 1999, Simon Murcott wrote: |~~>Has anyone tried to run samba on a slow machine like a SparcStation IPC? I'm running Samba 2.0 on an IPC with Solaris 2.6 (no CDE) and it seems to like it just fine. The only thing that's really sluggish is SWAT. It's much faster for me to just edit smb.conf. I'm sure on faster systems SWAT is a nice tool, but it's not the answer for slower systems. As long as you're not planning on running SWAT, though, you should be ok. 0010010010010101001001010100101010010100101010010101001001010100100101 0 1 1 jason h. reeves - - kc5ttq 1 0 java.person 0 1 computingServices 1 0 universityOfArkansas 0 0 1 1010100101010101010121010010101010010101110101010100101010010110101010 ^ |____ the 'maybe' bit - the future of computing... y From mark at bish.net Tue Feb 2 15:50:22 1999 From: mark at bish.net (Mark Bishop) Date: Tue Dec 2 02:25:04 2003 Subject: passwds Message-ID: Are there any easy ways that users can change their own passwds without logging into the Linux machine and using smbpasswd? ------------------------------------------------------------------------ | Mark Bishop (mark@bish.net) | Computer Engineering Senior | | 618.529.5760 | Southern Illinois University | | http://bish.net | TCT Systems Manager | From cartegw at Eng.Auburn.EDU Tue Feb 2 14:51:05 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:04 2003 Subject: passwds References: Message-ID: <36B710D9.12377ED0@eng.auburn.edu> Mark Bishop wrote: > > Are there any easy ways that users can > change their own passwds without logging into > the Linux machine and using smbpasswd? see the "unix pasword sync" and related parameters in the smb.conf man page. There have also been other solutions posted (Andy Perrin for one I think). Check the list archives. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jan.van.rensburg at epiuse.com Tue Feb 2 15:21:06 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:25:04 2003 Subject: passwds Message-ID: since the password sync'ing has been brought up again i want to repost something i posted about 3 weeks ago put have received no replies for. i'd be really happy if anyone could help me out, since this is straight from the ntdom faq, but doesn't work. thanks, --jan van rensburg i'm having problems with the unix password sync in samba2.0.0. my samba server is a linux box running as a PDC, and the client is an NT4 sp4 workstation. when i press ctrl+alt+del and change my password without the "unix password sync" enabled everything works fine. if however i add this to smb.conf: unix password sync = True passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* passwd chat debug = True i get an "Error changing password..." message on NT and in log. i get: [1998/01/13 11:40:49, 0] rpc_server/srv_pipe.c:api_pipe_request(592) api_pipe_request: **** MUST CALL become_user() HERE **** when i run testparm i get: ERROR: the 'unix password sync' parameter is set and the 'passwd program' (/usr/bin/passwd %u) cannot be executed (error was No such file or directory). when i change: passwd program = /usr/bin/passwd %u to passwd program = /usr/bin/passwd the unix password syncing work, except that it changes root's password and not the samba user's password - as should be expected, i guess... --jan van rensburg From mark at bish.net Tue Feb 2 16:36:32 1999 From: mark at bish.net (Mark Bishop) Date: Tue Dec 2 02:25:04 2003 Subject: passwds In-Reply-To: <36B710D9.12377ED0@eng.auburn.edu> Message-ID: On Wed, 3 Feb 1999, Gerald Carter wrote: > > > see the "unix pasword sync" and related parameters in > the smb.conf man page. There have also been other solutions posted > (Andy Perrin for one I think). Check the list archives. > Ok, now I'm confused. If I have a user on a windows NT client trying to change their passwd do I need to hack the registry and send non-encrypted passwds? ------------------------------------------------------------------------ | Mark Bishop (mark@bish.net) | Computer Engineering Senior | | 618.529.5760 | Southern Illinois University | | http://bish.net | TCT Systems Manager | From rls at rfc.comm.harris.com Tue Feb 2 15:31:08 1999 From: rls at rfc.comm.harris.com (Bob Sass) Date: Tue Dec 2 02:25:04 2003 Subject: ntdomain groups Message-ID: samba ver. 2.0.0 aix ver. 4.2.1 nt ver. 4.0 sp3 I am using ntdomain authentication and haveing a problem when the nt user has greater than 32 groups. The user will not authenticate. I believe these are the pertinent errors [1999/01/22 14:56:13, 0] rpc_parse/parse_net.c:net_io_user_info3(1023) PANIC: assert failed at rpc_parse/parse_net.c(1023) [1999/01/22 14:56:13, 0] lib/util.c:smb_panic(2383) PANIC: assert failed [1999/01/22 14:56:39, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) cli_net_sam_logon: NT_STATUS_WRONG_PASSWORD [1999/01/22 14:56:39, 0] smbd/password.c:domain_client_validate(1357) domain_client_validate: unable to validate password for user username in domain rfc to Domain controller RFCPDC. Error was NT_STATUS_WRONG_PASSWORD. Is there a hard limit on number of groups? Bob Sass From abakun at reac.com Tue Feb 2 15:40:09 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:04 2003 Subject: passwds References: Message-ID: <36B71C59.33784CB0@reac.com> > Ok, now I'm confused. If I have a user on a windows NT client trying to > change their passwd do I need to hack the registry and send non-encrypted > passwds? No. The Control-Alt-Delete | change password box sends the new password in unencrypted form, no matter if you have encrypted passwords on or not. From cartegw at Eng.Auburn.EDU Tue Feb 2 16:31:11 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:04 2003 Subject: passwds References: Message-ID: <36B7284F.87FE75EC@eng.auburn.edu> Mark Bishop wrote: > > Ok, now I'm confused. If I have a user on a windows NT > client trying to change their passwd do I need to hack > the registry and send non-encrypted passwds? No. NT uses the standard challeng response for the old password and then encrypts th plain text of the new one with the hash of the old one. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue Feb 2 16:32:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:04 2003 Subject: ntdomain groups References: Message-ID: <36B72883.56417907@eng.auburn.edu> Bob Sass wrote: > > Is there a hard limit on number of groups? There is a limit of 16 groups on SunoS and 32 groups on Solaris. Don't know about AIX. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Christian.Kumpf at Dauenhauer.DE Tue Feb 2 16:36:21 1999 From: Christian.Kumpf at Dauenhauer.DE (Christian Kumpf) Date: Tue Dec 2 02:25:04 2003 Subject: passwds References: <36B7284F.87FE75EC@eng.auburn.edu> Message-ID: <36B72985.18E2FA65@Dauenhauer.DE> Gerald Carter wrote: > > No. NT uses the standard challeng response for the old > password and then encrypts th plain text of the new one > with the hash of the old one. > As far as I understand, this implies that I need root-privileges to the password database to change the unix-password since the old password is transfered encrypted. Is there a hack (other than extra client/server programs for passowrd-changes) to have password sync in a setup, where the unix-password-database is on a different computer (i.e. unix passwords are distributed via NIS)? -- Christian Kumpf Systeam Engineering GmbH System Developer Donnersbergring 15 Smurf@Dauenhhauer.DE 64295 Darmstadt Tel.: -49-6151-313 9-39 Fax.: -49-6151-313 9-71 From cartegw at Eng.Auburn.EDU Tue Feb 2 17:05:16 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:04 2003 Subject: passwds References: <36B7284F.87FE75EC@eng.auburn.edu> <36B72985.18E2FA65@Dauenhauer.DE> Message-ID: <36B7304C.F5AACC69@eng.auburn.edu> Christian Kumpf wrote: > > As far as I understand, this implies that I > need root-privileges to the password database to > change the unix-password since the old password is > transfered encrypted. Is there a hack (other than extra > client/server programs for passowrd-changes) to have > password sync in a setup, where the unix-password-database > is on a different computer (i.e. unix passwords are > distributed via NIS)? Nope. I mean there are solutions, but they are simple custom password programs. There was yppasswd replacement or something I think. Check the Samba FTP site under contributors. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue Feb 2 18:32:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:04 2003 Subject: passwds References: Message-ID: <36B744BA.D7C65528@eng.auburn.edu> Jan van Rensburg wrote: > > passwd program = /usr/bin/passwd > > the unix password syncing work, except that it changes > root's password and not the samba user's password - as > should be expected, i guess... What OS are you using? Are you using NIS or a local /etc/passwd file? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rls at rfc.comm.harris.com Tue Feb 2 18:33:14 1999 From: rls at rfc.comm.harris.com (Bob Sass) Date: Tue Dec 2 02:25:04 2003 Subject: ntdomain groups In-Reply-To: <36B72883.56417907@eng.auburn.edu> Message-ID: Through trial and error AIX seems to top out at 32. Is there a reasonable way to change this? (or would that be a bad idea) Just trying to understand the problem here. Is there a reason it is 32? Are we doing something wrong with our groups to have more than 32 or is it just a who would ever have more than 32 groups? Where is this in the code? Thanks Bob Sass On Tue, 2 Feb 1999, Gerald Carter wrote: > Bob Sass wrote: > > > > Is there a hard limit on number of groups? > > There is a limit of 16 groups on SunoS and 32 > groups on Solaris. Don't know about AIX. > > From lkcl at switchboard.net Tue Feb 2 18:45:10 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:04 2003 Subject: runaway smbd process In-Reply-To: <199902020301.TAA14897@wizard.sp.gap.com> Message-ID: On Tue, 2 Feb 1999, John Young wrote: > > Phil wrote: > > > Heya Luke, we seem to be getting an odd runaway smbd when a normal user is > > trying to logon. An administrator can log on in two seconds, but it takes > > a regular account about five minutes, and an smbd process running as root > > goes to 100% CPU usage. Here's the part of the log file that seems > > relevant: > > > > [1999/02/01 21:40:32, 1] smbd/ipc.c:api_fd_reply(3272) > > api_fd_reply: INVALID PIPE HANDLE: 703b > > > Although I am not in the situation above (I cannot login at all), I am seeing > a similar error (just in case the additional info helps in tracking this > down). > > Samba 2.0.0 (normal download, not CVS), Solaris 2.6, WinNT Terminal > Server (NT4sp3 w/ICA (Winframe)). > >From the log for the connecting client: > > [1999/02/01 18:42:53, 3] lib/doscalls.c:dos_ChDir(327) > dos_ChDir to /tmp > [1999/02/01 18:42:53, 3] smbd/ipc.c:reply_trans(3621) > trans <\PIPE\> data=140 params=0 setup=2 > [1999/02/01 18:42:53, 5] smbd/ipc.c:reply_trans(3633) > calling named_pipe > [1999/02/01 18:42:53, 3] smbd/ipc.c:named_pipe(3476) > named pipe command on <> name > [1999/02/01 18:42:53, 5] smbd/ipc.c:api_fd_reply(3240) > api_fd_reply > [1999/02/01 18:42:53, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(398) > search for pipe pnum=7015 > [1999/02/01 18:42:53, 1] smbd/ipc.c:api_fd_reply(3297) > api_fd_reply: INVALID PIPE HANDLE: 7015 this is usually because of a crashed smbd process earlier. please remember that 2.0.0 tree is not supporting nt PDC stuff fully, so if there are bugs in 2.0.0 rpc code, i'm not so concerned (it's at least 3 months out of date). let me fix the latest cvs code and you can try it again. watch for the jeremy-merge in a few weeks, too. luke From lkcl at switchboard.net Tue Feb 2 18:52:29 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:04 2003 Subject: System Policy Problems In-Reply-To: <000101be4e6e$c582b800$0245a8c0@dagobah.cgocable.net> Message-ID: On Tue, 2 Feb 1999, Jamie ffolliott wrote: > > here are the relevant parts of the smb.conf > > > > [netlogon] > > comment = TAG DC Automatic Software Downloads > > preexec = exec /usr/local/samba/bin/smblogin.sh '%L' '%m' '%U' > > '%G' '%a' '%T' > > path = /usr/local/samba/smb_logins > > writable = no > > guest ok = yes > > create mask = 0775 > > browseable = yes > > You'll need: "locking = no" for policies to work. It's in the ntdom faq ;) > > We also have "writable = yes" on our system so we can edit the logon script > and default user profile from a desktop, but that shouldn't be necessary. this is a security risk, you can have ordinary users creating scripts for other users (including, say administrator). bad idea. if you must do this, have "write users = xxxx" where xxxx is an admin. luke From lkcl at switchboard.net Tue Feb 2 19:02:05 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:04 2003 Subject: Sparc IPC's In-Reply-To: Message-ID: On Wed, 3 Feb 1999, Jason H. Reeves wrote: > > On Tue, 2 Feb 1999, Simon Murcott wrote: > > |~~>Has anyone tried to run samba on a slow machine like a SparcStation IPC? > > I'm running Samba 2.0 on an IPC with Solaris 2.6 (no CDE) and it > seems to like it just fine. The only thing that's really sluggish is i run sometimes on a 486dx4-100 (12mb) and on a 486dx5-133 (32mb). the only thing i found i needed to do was to increase the smbd and nmbd process priorities (nice --10) so that they didn't get swapped out. luke From lkcl at switchboard.net Tue Feb 2 19:05:19 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:04 2003 Subject: passwds In-Reply-To: Message-ID: On Wed, 3 Feb 1999, Jan van Rensburg wrote: > i'm having problems with the unix password sync in samba2.0.0. > my samba server is a linux box running as a PDC, and the client is an NT4 > sp4 workstation. when i press ctrl+alt+del and change my password without ^^^ i need to fix this. From abakun at reac.com Tue Feb 2 19:08:47 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:04 2003 Subject: ntdomain groups References: Message-ID: <36B74D3F.E0DD706D@reac.com> Bob Sass wrote: > Through trial and error AIX seems to top out at 32. > > Is there a reasonable way to change this? (or would that be a bad idea) > > Just trying to understand the problem here. Is there a reason it is 32? > Are we doing something wrong with our groups to have more than 32 or is it > just a who would ever have more than 32 groups? > > Where is this in the code? In the kernel's code, most likely. You may be able to change this limit through kernel configuration. I know HP-UX has a kernel configuration thing in SAM where you can tune various parameters, and I think AIX has some way to do this also. It usually amounts to selecting an option or editing a file, and then building a new kernel (instructions for how to do so should be included with your machine) and rebooting. If you have a support contract with IBM for your AIX, they should be able to tell you exactly what to do to increase this limit, or at least let you know that there is no way to increase it. Andy. From cartegw at Eng.Auburn.EDU Tue Feb 2 19:13:16 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:04 2003 Subject: ntdomain groups References: Message-ID: <36B74E4C.966B55E0@eng.auburn.edu> Bob Sass wrote: > > Is there a reasonable way to change this? (or would that > be a bad idea) > > Just trying to understand the problem here. Is there a > reason it is 32? Are we doing something wrong with our groups > to have more than 32 or is it just a who would ever have > more than 32 groups? > > Where is this in the code? The limit is setup by the OS not Samba. Check the man page on initgroups() jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jmeff at engsoc.queensu.ca Tue Feb 2 19:11:40 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:05 2003 Subject: System Policy Problems In-Reply-To: Message-ID: <000301be4edf$dd07c4e0$0245a8c0@dagobah.cgocable.net> > On Tue, 2 Feb 1999, Luke Kenneth Casson Leighton wrote: > > We also have "writable = yes" on our system so we can edit the > >logon script > > and default user profile from a desktop, but that shouldn't be > >necessary. > > this is a security risk, you can have ordinary users creating scripts for > other users (including, say administrator). bad idea. if you must do > this, have "write users = xxxx" where xxxx is an admin. > unix permissions don't allow users to write to that directory, but I see your point. will add "write list = uuuu, @gggg" (uuuu = an admin, gggg = an admin group) to the netlogon share - thanks. Jamie From rls at rfc.comm.harris.com Tue Feb 2 19:32:54 1999 From: rls at rfc.comm.harris.com (Bob Sass) Date: Tue Dec 2 02:25:05 2003 Subject: ntdomain groups In-Reply-To: <36B74E4C.966B55E0@eng.auburn.edu> Message-ID: Does this mean that the number of NT groups allowed is linked to the number of AIX groups? Bob On Tue, 2 Feb 1999, Gerald Carter wrote: > Bob Sass wrote: > > > > Is there a reasonable way to change this? (or would that > > be a bad idea) > > > > Just trying to understand the problem here. Is there a > > reason it is 32? Are we doing something wrong with our groups > > to have more than 32 or is it just a who would ever have > > more than 32 groups? > > > > Where is this in the code? > > The limit is setup by the OS not Samba. Check the man > page on initgroups() > > From yevy at netscape.net Tue Feb 2 20:19:09 1999 From: yevy at netscape.net (yevy@netscape.net) Date: Tue Dec 2 02:25:05 2003 Subject: Telneting and ftping to PDC Message-ID: <19990202201909.28913.qmail@www0y.netaddress.usa.net> I have setup and Linux box and my PDC for and NT4.0 SP3 workstation. I can login to the domain and performance is fine. But when I then attempt to telnet or ftp to the PDC it takes some 5 minutes to establish the connection. After the connection is establish performance is fine. Any suggestions, clues, solutions to this problem? Eugene A. Yefimov yevy@netscape.net ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail From cartegw at Eng.Auburn.EDU Tue Feb 2 20:40:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:05 2003 Subject: ntdomain groups References: Message-ID: <36B762BA.F8CE127B@eng.auburn.edu> Bob Sass wrote: > > Does this mean that the number of NT groups allowed is linked to the > number of AIX groups? Samba get's group membership from /etc/passwd and /etc/group. The list is obtained through a initgroups() call so yes. Only the group returned by the OS will be used for membership. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From whn at topelo.lopi.com Tue Feb 2 20:50:36 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:05 2003 Subject: Samba 2.1 pre-release okay - RedHat 5.2/glibc is my problem In-Reply-To: Your message of Wed, 03 Feb 1999 00:20:42 +1100. <19990202132056.10103.qmail@topelo.lopi.com> Message-ID: <19990202205036.11927.qmail@topelo.lopi.com> Andrew, I've been at this too long and I'm not seeing straight. My password entry was defective: bonkers$:4999:5000:bonkers to use NT:/home/samba/Machines:/bin/false No password field and this is why it was being discarded. Should have been: bonkers$:x:4999:5000:bonkers to use NT:/home/samba/Machines:/bin/false Well...I still have the segmentation fault to figure out...I hope it some other stupid mistake I made. Feeling dumber every day! ;-) Bill On Wednesday, Feb 3 1999 at 00:20:42, Bill Nugent wrote: >Andrew, > >I've tried that already. :-( The source code for smbpasswd strips off >any '$' on the end and then appends one when run '-m' just to be sure (at >about line 378 of utils/smbpasswd.c). > >The problem is with glibc 2.0.7 runtime library - it skips over usernames >that have a '$' in them (I have not exhaustively tried all permutations >but on the end and in the middle are ignored). > >Look at the little C program I enclosed in the original posting with the >two test runs at the end and you will see that username 'bonker$' is >skipped over. There is a copy of that posting at the bottom of this >email. > >After I sent the email I wrote a variation using getpwent() and it >skipped it as well. > >My next question to the list is how hard would it be for me to kludge >around this either by using a different character? I feel writing a >custom function my_getpwnam() function is a loosing battle because PAM, >etc. all use run-time library. > >Thank you! > > Bill > >On Monday, Feb 1 1999 at 20:09:35, Andrew Perrin - Demography wrote: > >>unless I'm misunderstanding your message, I think your problem is simple: >>the -m flag on smbpasswd adds the $ for you; if your machine is named >>BONKERS and its associated /etc/passwd entry is for BONKERS$, you should >>just do smbpasswd -a -m bonkers . >> >>Hope this helps- >>Andy >> >>--------------------------------------------------------------------- >>Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support >>Department of Demography - University of California at Berkeley >>2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA >>http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 >> >>On Tue, 2 Feb 1999, Bill Nugent wrote: >> >>> Howdy, >>> >>> I reported earlier that I could not get smbpasswd to work properly - >>> "smbpasswd -m 'bonkers$'" is one example. I think I may have found a >>> problem - getpwnam() doesn't work when '$' is the last character of >the >>> name. I'm running RedHat Linux 5.2 with glibc-2.0.7-29 and my >>> /etc/passwd (and /etc/shadow) have an entry for bonkers$: >>> >>> bonkers$:4999:5000:bonkers to use NT:/home/samba/Machines:/bin/false >>> >>> My test program: >>> >>> $ cat test.c >>> #include >>> #include >>> #include >>> >>> main(int argc, char *argv[]) >>> { >>> struct passwd *p = getpwnam(argv[1]); >>> >>> printf("%s = %x\n", argv[1], p); >>> } >>> ser joe - an entry is returned >>> joe = 400ae2d8 >>> $ ./test 'bonkers$' # And this is broken >>> bonkers$ = 0 >>> >>> I tried escaping the dollar sign in case there was an RE involved...no >>> such luck. >>> >>> I submitted a bug report to RedHat. I took a look at the glibc source >>> and it is appears to be non-trivial (multiple levels of macros) and I >do >>> not have the cycles to spare looking into this problem as well...sigh. >>> >>> Bill >>> >> > > > From greg at discreet.com Tue Feb 2 20:54:02 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:05 2003 Subject: LSASS goes BOOM! Message-ID: Hi, I mentioned this a while ago but now I have updated to SP4 and it still happens. If NT4SP4 is a member of a domain and I run ClearCase Doctor I crash lsass.exe which pops-up dr. watson. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From matthew at janus.law.usyd.edu.au Tue Feb 2 21:00:53 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:05 2003 Subject: LSASS goes BOOM! In-Reply-To: from "Greg Dickie" at Feb 3, 99 07:55:24 am Message-ID: <199902022100.IAA14250@janus.law.usyd.edu.au> > > > Hi, > > I mentioned this a while ago but now I have updated to SP4 and it still > happens. > > If NT4SP4 is a member of a domain and I run ClearCase Doctor I crash lsass.exe > which pops-up dr. watson. > I can 'Dr-Watson' lass.exe with the 'cacls.exe' program - a script I found to 'secure' a public NT workstation (based on something from the ZAK I gather) that simply is a list of cacl command lines kills my workstations every time. Ive sent Luke details - but was beging to wonder if I was the only person who had this particular crash. From aperrin at demog.Berkeley.EDU Tue Feb 2 21:20:56 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:05 2003 Subject: Telneting and ftping to PDC In-Reply-To: <19990202201909.28913.qmail@www0y.netaddress.usa.net> Message-ID: Turn off samba and try telnetting to the machine -- if it's still a problem, it has to do with your linux setup and not samba. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 3 Feb 1999 yevy@netscape.net wrote: > I have setup and Linux box and my PDC for and NT4.0 SP3 workstation. I can > login to the domain and performance is fine. But when I then attempt to > telnet or ftp to the PDC it takes some 5 minutes to establish the connection. > After the connection is establish performance is fine. > > Any suggestions, clues, solutions to this problem? > > > Eugene A. Yefimov > yevy@netscape.net > > > ____________________________________________________________________ > More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail > From jfjobart at look-voyages.fr Tue Feb 2 21:29:05 1999 From: jfjobart at look-voyages.fr (=?iso-8859-1?Q?Jean=2DFran=E7ois?= Jobart) Date: Tue Dec 2 02:25:06 2003 Subject: Telneting and ftping to PDC References: <19990202201909.28913.qmail@www0y.netaddress.usa.net> Message-ID: <36B76E21.717E69B4@look-voyages.fr> yevy@netscape.net wrote: > I have setup and Linux box and my PDC for and NT4.0 SP3 workstation. I can > login to the domain and performance is fine. But when I then attempt to > telnet or ftp to the PDC it takes some 5 minutes to establish the connection. > After the connection is establish performance is fine. I don't know if it is a PDC problem. > Any suggestions, clues, solutions to this problem? Perhaps you have a IP to Name resolving problem. Is your workstation is in DNS, /etc/hosts or NIS(+) map ? If using DNS, have you the correct reverse mapping data in the DNS ? Try : 1) nslookup IP_adress_of_the_workstation and look the time of the answer. 2) add your test workstation in /etc/hosts and try again. Have a nice day. Jean-Fran?ois Jobart From simonmu at optimation.co.nz Tue Feb 2 21:52:32 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:25:06 2003 Subject: passwds In-Reply-To: <36B744BA.D7C65528@eng.auburn.edu> Message-ID: On Wed, 3 Feb 1999, Gerald Carter wrote: > > passwd program = /usr/bin/passwd > > > > the unix password syncing work, except that it changes > > root's password and not the samba user's password - as > > should be expected, i guess... > > What OS are you using? Are you using NIS or a > local /etc/passwd file? I have been unsuccessful with the Solaris 2.6 passwd (yppasswd is a hard link to this and they both do the same thing) so far. What I have noticed is that it looks like the passwd program will close stdin and the reopen it which will kill any scripts written for it and I think this is also causing samba to fail with it. I am thinking of making a small passwd replacement that will simply to the crypt() and modify the NIS database accordingly. Regards Simon Murcott From cartegw at Eng.Auburn.EDU Tue Feb 2 22:04:36 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:25:06 2003 Subject: LSASS goes BOOM! In-Reply-To: <199902022100.IAA14250@janus.law.usyd.edu.au> Message-ID: On Wed, 3 Feb 1999, Matthew Geier wrote: > I can 'Dr-Watson' lass.exe with the 'cacls.exe' program - a script I found to > 'secure' a public NT workstation (based on something from the ZAK I gather) > that simply is a list of cacl command lines kills my workstations every > time. > Ive sent Luke details - but was beging to wonder if I was the only person > who had this particular crash. No. You're not alone. LSASS.EXE if fairly fragil I think. I can crash it by using an invalid parameter to one ACL setting tool also. Just not that robust. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tommy at decisive.com Wed Feb 3 01:26:16 1999 From: tommy at decisive.com (Tommy Ho) Date: Tue Dec 2 02:25:06 2003 Subject: NT/Samba 2.0.0 password problem Message-ID: <61CA71EB63B4D111926B006008CDC8303E722A@oakland.websurvey.net> I believe this may not be the problem that happens the first time. I have a RedHat 5.2 running with Samba Server 2.0.0. Everything work alright with secuity of smb.conf on server mode. security = server encrypted password = yes password server = PDC However, when I tired to change to user mode, I cannot pass the authorization. security = user encrypted password = yes smb passwd file = /etc/smbpasswd username map = /etc/smbusers I have followed the instruction to use pwdump to extract the smbpassd and created some username map. I even tried looking up FAQ, setting clear text logon, changing /etc/pam.d/samba. Nevertheless, none works. What I get is knock out from \\samba\IPC$ for incorrect password. Any idea. ______________________________________________ Tommy Ho IS Team, Decisive Technology From lkcl at switchboard.net Wed Feb 3 02:26:07 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:06 2003 Subject: latest cvs (main branch): groups fixed (maybe) Message-ID: i've added some code that caches unix groups to avoid a 2-level "getgrent" and "getgrnam" problem that is apparent on some unixen. could the patient people who have been waiting since 1st dec for this to be fixed please try it out? thank you! luke (samba team) From darrylc at vulcan.telstra.com.au Wed Feb 3 05:23:03 1999 From: darrylc at vulcan.telstra.com.au (Darryl Cording) Date: Tue Dec 2 02:25:06 2003 Subject: System Policy Problems Message-ID: <199902030523.PAA14199@vulcan.telecom.com.au> >See: >http://us1.samba.org/samba/docs/ntdom_faq/page4.html#4-3-2 Ooops, it's not in my copy...better get a fresh one. >You also need "public = no", and "locking = no" for the netlogon share. I added these but it makes no difference:-( I use the 'poledit.exe' from the NTWS Resource Kit. I am assuming that this program is OK to use? It seems to do everything that it is supposed to. I'll keep on hammering away.......... thanks darryl From jan.van.rensburg at epiuse.com Wed Feb 3 09:04:12 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:25:06 2003 Subject: passwds Message-ID: i'm using redhat 5.2 with /etc/passwd. however, before i put the system into production i will use /etc/shadow instead. luke, did you imply that this is a known issue when using a nt4 sp4 setup? --jan van rensburg > -----Original Message----- > From: Gerald Carter [mailto:cartegw@Eng.Auburn.EDU] > Sent: Tuesday, February 02, 1999 8:34 PM > To: Multiple recipients of list > Subject: Re: passwds > > > Jan van Rensburg wrote: > > > > passwd program = /usr/bin/passwd > > > > the unix password syncing work, except that it changes > > root's password and not the samba user's password - as > > should be expected, i guess... > > What OS are you using? Are you using NIS or a > local /etc/passwd file? > > > > > jerry > ______________________________________________________________ > __________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn > University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From appro at fy.chalmers.se Wed Feb 3 13:17:50 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:25:06 2003 Subject: Citrix Metaframe demystified Message-ID: <199902031317.OAA29700@fysparc9.fy.chalmers.se> Hello, everybody! As several of you pointed out SAMBA PDC drives Windows NT Terminal Server Edition (TSE) with Citrix Metaframe nuts. I was fortunate enough to have two TSE+Metaframe boxes in the house, one talking to NT Server PDC and one talking to SAMBA PDC:-) so that I had the chance to trace and compare network traffic going on betweem TSE and PDC during logon sequence. Here is what I've managed to figure out. Unlike plain NT Workstation TSE+Metaframe box at some point attempts to connect to PDC's \winreg pipe (remote connection to registry, right?) in order to query System\CurrentControlSet\Control\Citrix\UserConfig\jdoe and then InheritAutoLogon keys. Now the difference in behavior of NT PDC and SAMBA PDC (in my place) appears to be that NT PDC returns NT_STATUS_ACCESS_DENIED (notorious "limit remote access to registry" from every security advisory), while SAMBA grants access and returns a value that winlogon.exe obviously fails to interpret as it crashes with exception C0000005 (I myself have no clue about the number, but I bet it's kind of SEGV) according to the Event Viewer. In order to confirm my assumption I've attempted to totally disable \winreg in SAMBA in following manner: *** source/smbd/nttrans.c.orig Tue Dec 8 19:33:09 1998 --- source/smbd/nttrans.c Wed Feb 3 11:40:16 1999 *************** *** 45,51 **** --- 45,53 ---- "\\ntsvcs", "\\lsass", "\\lsarpc", + #if 0 "\\winreg", + #endif NULL }; Ta-da! I can now login on TSE as SAMBA domain user! Once again I want to point out that the patch above is just something I did in order to back up my analysis of network traces. No more, no less. Cheers. Andy. From appro at fy.chalmers.se Wed Feb 3 13:37:16 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:25:06 2003 Subject: include = smb.conf.host.%h Message-ID: <199902031337.OAA29736@fysparc9.fy.chalmers.se> Hello again! I've ran into a problem with 2.1.0-prealpha smbd (never tried 2.0.0). It unlike other accompanying programs, namely nmbd and testparm, fails to interpret 'include = /blah/blah/blah.%h' directive in smb.conf. I used to it and find it very handy. What I do (and definitely want to keep doing) is collect all config files in /same/place, put common lines in /same/place/smbd.conf and terminate it with 'include = /same/place/smb.conf.host.%h'. Pretty cool, huh? In either case I looked into the code and discovered that (unlike other accompanying programs, see above) myhostname remains uninitialized for first parse of config file. Following seem to cure the problem (cut-n-paste courtesy goes to nmbd code): *** source/smbd/server.c.orig Sat Dec 5 21:19:10 1998 --- source/smbd/server.c Mon Feb 1 18:24:40 1999 *************** *** 446,453 **** ****************************************************************************/ static void init_structs(void ) { - get_myname(myhostname,NULL); - /* * Set the machine NETBIOS name if not already * set from the config file. --- 446,451 ---- *************** *** 635,640 **** --- 633,644 ---- exit(1); } + if( !get_myname( myhostname, NULL) ) + { + DEBUG( 0, ( "Unable to get my hostname - exiting.\n" ) ); + return -1; + } + if (!reload_services(False)) return(-1); Cheers. Andy. From Jean-Francois.Micouleau at dalalu.fr Wed Feb 3 14:21:34 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:25:06 2003 Subject: Citrix Metaframe demystified In-Reply-To: <199902031317.OAA29700@fysparc9.fy.chalmers.se> Message-ID: On Thu, 4 Feb 1999, Andy Polyakov wrote: > Hello, everybody! > > As several of you pointed out SAMBA PDC drives Windows NT Terminal > Server Edition (TSE) with Citrix Metaframe nuts. I was fortunate enough > to have two TSE+Metaframe boxes in the house, one talking to NT Server > PDC and one talking to SAMBA PDC:-) so that I had the chance to trace > and compare network traffic going on betweem TSE and PDC during logon > sequence. Here is what I've managed to figure out. Unlike plain NT > Workstation TSE+Metaframe box at some point attempts to connect to > PDC's \winreg pipe (remote connection to registry, right?) in order to yes, right. > query System\CurrentControlSet\Control\Citrix\UserConfig\jdoe and then > InheritAutoLogon keys. Now the difference in behavior of NT PDC and > SAMBA PDC (in my place) appears to be that NT PDC returns > NT_STATUS_ACCESS_DENIED (notorious "limit remote access to registry" > from every security advisory), while SAMBA grants access and returns a > value that winlogon.exe obviously fails to interpret as it crashes with > exception C0000005 (I myself have no clue about the number, but I bet > it's kind of SEGV) according to the Event Viewer. Samba has currently a minimal support for the registry, open/close and lookup a value. What ever value you ask, Samba always return the same string "LanmanNT". > Ta-da! I can now login on TSE as SAMBA domain user! > > Once again I want to point out that the patch above is just something I > did in order to back up my analysis of network traces. No more, no > less. > > Cheers. Andy. J.F. From cartegw at Eng.Auburn.EDU Wed Feb 3 15:27:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:06 2003 Subject: System Policy Problems References: <199902030523.PAA14199@vulcan.telecom.com.au> Message-ID: <36B86AD9.B153EB86@eng.auburn.edu> Darryl Cording wrote: > > I use the 'poledit.exe' from the NTWS Resource Kit. I am > assuming that this program is OK to use? It seems to > do everything that it is supposed to. I have not tried that one, but yes it should work. I'll look into this some more in the next day or so. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Feb 3 15:27:56 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:06 2003 Subject: System Policy Problems References: <199902030523.PAA14199@vulcan.telecom.com.au> Message-ID: <36B86AFC.DDA6BAC2@eng.auburn.edu> Darryl Cording wrote: > > I use the 'poledit.exe' from the NTWS Resource Kit. I am > assuming that this program is OK to use? It seems to > do everything that it is supposed to. I have not tried that one, but yes it should work. I'll look into this some more in the next day or so. BTW...What is the name of the file and what case settings do you have in effect for [netlogon] jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Wed Feb 3 16:42:40 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:06 2003 Subject: passwds In-Reply-To: Message-ID: On Wed, 3 Feb 1999, Jan van Rensburg wrote: > i'm using redhat 5.2 with /etc/passwd. however, before i put the system into > production i will use /etc/shadow instead. luke, did you imply that this is > a known issue when using a nt4 sp4 setup? yes. > --jan van rensburg > > > -----Original Message----- > > From: Gerald Carter [mailto:cartegw@Eng.Auburn.EDU] > > Sent: Tuesday, February 02, 1999 8:34 PM > > To: Multiple recipients of list > > Subject: Re: passwds > > > > > > Jan van Rensburg wrote: > > > > > > passwd program = /usr/bin/passwd > > > > > > the unix password syncing work, except that it changes > > > root's password and not the samba user's password - as > > > should be expected, i guess... > > > > What OS are you using? Are you using NIS or a > > local /etc/passwd file? > > > > > > > > > > jerry > > ______________________________________________________________ > > __________ > > Gerald ( Jerry ) Carter > > Engineering Network Services Auburn > > University > > jerry@eng.auburn.edu > http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Wed Feb 3 16:43:42 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:06 2003 Subject: passwds In-Reply-To: Message-ID: On Wed, 3 Feb 1999, Jan van Rensburg wrote: > i'm using redhat 5.2 with /etc/passwd. however, before i put the system into > production i will use /etc/shadow instead. luke, did you imply that this is > a known issue when using a nt4 sp4 setup? sorry, you asked me, i thought you were asking a different question. answer: don't know (ignore the yes :-) From lkcl at switchboard.net Wed Feb 3 16:58:01 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:06 2003 Subject: Citrix Metaframe demystified In-Reply-To: <199902031317.OAA29700@fysparc9.fy.chalmers.se> Message-ID: On Thu, 4 Feb 1999, Andy Polyakov wrote: > Hello, everybody! > > As several of you pointed out SAMBA PDC drives Windows NT Terminal > Server Edition (TSE) with Citrix Metaframe nuts. I was fortunate enough yes, yes, yes - thank you very much. we have a very simple registry: it caters for one key and one key only: that key being sufficient to tell USERMGR.EXE enough for it to proceed. i have been meaning to do something about this. From lkcl at switchboard.net Wed Feb 3 17:09:23 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:06 2003 Subject: include = smb.conf.host.%h In-Reply-To: <199902031337.OAA29736@fysparc9.fy.chalmers.se> Message-ID: On Thu, 4 Feb 1999, Andy Polyakov wrote: > Hello again! > > I've ran into a problem with 2.1.0-prealpha smbd (never tried 2.0.0). > It unlike other accompanying programs, namely nmbd and testparm, fails thanx. From dave at www.buffalostate.edu Wed Feb 3 17:40:12 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:07 2003 Subject: Telneting and ftping to PDC In-Reply-To: <19990202201909.28913.qmail@www0y.netaddress.usa.net> Message-ID: > I have setup and Linux box and my PDC for and NT4.0 SP3 workstation. I can > login to the domain and performance is fine. But when I then attempt to > telnet or ftp to the PDC it takes some 5 minutes to establish the connection. > After the connection is establish performance is fine. > > Any suggestions, clues, solutions to this problem? possible DNS misconfiguration.. Windows uses, WINS/Broadcast/LMhosts to find a logon server telnet and ftp need dns, or a local hosts file dave From hulet at ittc.ukans.edu Wed Feb 3 19:08:02 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:25:07 2003 Subject: latest cvs (main branch): groups fixed (maybe) In-Reply-To: Message-ID: Simply wonderful. DEC UNIX 4.0d loves the new code. I was able to login and for the first time use the user manager (side affect?). I also changed my password for fun. Glad you are back Luke. Is your book tour coming to Kansas City? On Wed, 3 Feb 1999, Luke Kenneth Casson Leighton wrote: > i've added some code that caches unix groups to avoid a 2-level "getgrent" > and "getgrnam" problem that is apparent on some unixen. > > could the patient people who have been waiting since 1st dec for this to > be fixed please try it out? > > thank you! > > luke (samba team) > From lkcl at switchboard.net Wed Feb 3 19:19:47 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:07 2003 Subject: latest cvs (main branch): groups fixed (maybe) In-Reply-To: Message-ID: On Wed, 3 Feb 1999, Michael S. Hulet wrote: > Simply wonderful. DEC UNIX 4.0d loves the new code. I was able to login > and for the first time use the user manager (side affect?). cool! wild! > I also > changed my password for fun. Glad you are back Luke. Is your book tour > coming to Kansas City? dunno. what's a book? From cartegw at Eng.Auburn.EDU Wed Feb 3 22:47:58 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:07 2003 Subject: access forbidden References: <36B8542C.43E33F53@bigfoot.de> Message-ID: <36B8D21E.E13F269E@eng.auburn.edu> Christian Hoerlle wrote: > > I?ve found a not working link in > http://us1.samba.org/samba/docs/ntdom_faq/page1.html. > If I click to the link > http://peng1.uindy.edu/samba/todo.html the server > is not offline but is telling me that I?ve no access right. > Would be nice if this could be corrected. That page is out of my control. I've removed the link until I can get in touch with the author. Thanks. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ken at hudat.com Thu Feb 4 06:56:01 1999 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:25:07 2003 Subject: Telneting and ftping to PDC In-Reply-To: Message-ID: On Thu, 4 Feb 1999, Dave J. Andruczyk wrote: > > I have setup and Linux box and my PDC for and NT4.0 SP3 workstation. I can > > login to the domain and performance is fine. But when I then attempt to > > telnet or ftp to the PDC it takes some 5 minutes to establish the connection. > > After the connection is establish performance is fine. > > > > Any suggestions, clues, solutions to this problem? > > possible DNS misconfiguration.. > > Windows uses, WINS/Broadcast/LMhosts to find a logon server > > telnet and ftp need dns, or a local hosts file Now that I think about it... I had a similar problem, where the solution was a working reverse name lookup on the server side. The server we were connecting to couldn't to a reverse name lookup on the client (for the logs), therefore it would take a while before the connection processed, but after that, it was fine. -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From lex at tor.prima.tu-chel.ac.ru Thu Feb 4 12:13:08 1999 From: lex at tor.prima.tu-chel.ac.ru (Bic) Date: Tue Dec 2 02:25:07 2003 Subject: UNICAST_SUBNET Message-ID: Hi all! Have some question about UNICAST_SUBNET... 1. What is this? 2. Why Samba detects one of two interfaces as UNICAST, but not broadcast? 3. What the difference between unicast and broadcast subnets... Cheers, SaLiK. From jpkidd at iupui.edu Thu Feb 4 13:05:44 1999 From: jpkidd at iupui.edu (jpkidd@iupui.edu) Date: Tue Dec 2 02:25:07 2003 Subject: Telneting and ftping to PDC In-Reply-To: Message-ID: I had a similar problem to this and what solved it for me was making sure the default gateway pointed the the correct device. Use the netstat and ifconfig commands to see where your default gateway is. If it is pointed to the wrong device it will take a long time for telnet and ftp sessions to open. In my setup, I had my default gateway set to a non-existent device (automagically by instaltion). When I removed the non-existing gateway by the route command, everything worked just fine. good luck On Thu, 4 Feb 1999, Kendrick Vargas wrote: > On Thu, 4 Feb 1999, Dave J. Andruczyk wrote: > > > > I have setup and Linux box and my PDC for and NT4.0 SP3 workstation. I can > > > login to the domain and performance is fine. But when I then attempt to > > > telnet or ftp to the PDC it takes some 5 minutes to establish the connection. > > > After the connection is establish performance is fine. > > > > > > Any suggestions, clues, solutions to this problem? > > > > possible DNS misconfiguration.. > > > > Windows uses, WINS/Broadcast/LMhosts to find a logon server > > > > telnet and ftp need dns, or a local hosts file > > Now that I think about it... I had a similar problem, where the solution > was a working reverse name lookup on the server side. The server we were > connecting to couldn't to a reverse name lookup on the client (for the > logs), therefore it would take a while before the connection processed, > but after that, it was fine. > -peace > > --- BEGIN GEEK CODE BLOCK ------------+----------- > GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see > P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." > O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree > X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake > y*(+) ------ END GEEK CODE BLOCK -----+ > From reiffert at student.physik.uni-mainz.de Thu Feb 4 14:14:46 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:25:07 2003 Subject: logfile-analyzer Message-ID: <36B9AB56.D3C21C3E@student.physik.uni-mainz.de> Is there a logfile analyzer for the nmb logfile and the smb logfile ? All i need to know is which users logs on how often, when and on what PC, preferable entering this information in our mysql-db. The other thing that would make my life easier is, who has access how often to what files on a dedicated share. Has anyone expierince with that ? Did anyone try to modify an apache-logfile analyzer ? It would be very nice to hear _your_ thoughts about this !! Every service should have a graphical analyzer of its logfiles! Thomas -- Thomas Reifferscheid www: http://www.uni-mainz.de/~reift005 ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From lex at tor.prima.tu-chel.ac.ru Thu Feb 4 19:39:39 1999 From: lex at tor.prima.tu-chel.ac.ru (Bic) Date: Tue Dec 2 02:25:09 2003 Subject: Domain groups and admins Message-ID: Hello! In man about smb.conf(5) i have found that there is a possibility to create domain groups and users... But else that possibilities there were nothing. And link points to samba-ntdom@samba.org I decided to ask where can i find examples ot something else about domain groups and users creating? NT User Manager for Domain prints errors when i try to add user to some groups... From abs at maunsell.co.uk Thu Feb 4 15:29:16 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:25:09 2003 Subject: password entries in latest cvs Message-ID: <19990204152916.33678@maunsell.co.uk> This on solaris 2.4 with gcc 2.7.2 from the HEAD branch (2.1.0-prealpha) :- # smbpasswd -a -m lon1 Added user lon1$. Password changed for user lon1$ # cat /usr/local/etc/smbpasswd abs:10648:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-XXXXXXXX: nobody:60001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[W ]:LCT-XXXXXXXX: (I did the X's) # smbpasswd -a -m lon1 add_smbfilepwd_entry: entry with unix name nobody already exists Failed to add entry for user lon1$. Failed to change password entry for lon1$ # grep '^lon1' /etc/passwd lon1$:x:62994:200:WinCenter Server:/usr/local/lib/samba:/bin/true # grep nobody /etc/passwd nobody:x:60001:60001:uid no body:/: Needless to say, I cant log into the domain from NT workstations, the log says :- # tail /var/log/samba/lon1.log [1999/02/04 14:46:05, 0] passdb/sampassdb.c:pwdb_sam_map_names(472) pwdb_sam_map_names: no unix password entry for 11153 [1999/02/04 14:46:05, 0] passdb/sampassdb.c:pwdb_sam_map_names(513) pwdb_sam_map_names: could not find Primary Group for 11153 [1999/02/04 14:46:05, 0] passdb/sampassdb.c:pwdb_sam_map_names(472) pwdb_sam_map_names: no unix password entry for 11153 [1999/02/04 14:46:05, 0] passdb/sampassdb.c:pwdb_sam_map_names(513) pwdb_sam_map_names: could not find Primary Group for 11153 where [11153] is the uid of the first entry in /usr/local/etc/smbpasswd -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From rosierni at god.bel.alcatel.be Thu Feb 4 15:29:18 1999 From: rosierni at god.bel.alcatel.be (Nick Rosier) Date: Tue Dec 2 02:25:09 2003 Subject: Samba 2.0 user-validation from NT-account domain when in NT-resource domain Message-ID: <36B9BCCE.D5FA1EDE@god.bel.alcatel.be> How do I configure my Samba-server to join a NT-resource domain but validate the users in a NT-account domain. I've added the server to the resource domain; all users logged on on a win95 box can use the shares, NT users get an 'unexpected network error' and following message is generated in the log.smb file: [1999/02/04 16:02:59, 0] rpc_parse/parse_net.c:(1023) PANIC: assert failed at rpc_parse/parse_net.c(1023) [1999/02/04 16:02:59, 0] lib/util.c:(2383) PANIC: assert failed [1999/02/04 16:03:04, 0] rpc_parse/parse_net.c:(1023) PANIC: assert failed at rpc_parse/parse_net.c(1023) [1999/02/04 16:03:04, 0] lib/util.c:(2383) PANIC: assert failed [1999/02/04 16:03:05, 0] rpc_parse/parse_net.c:(1023) PANIC: assert failed at rpc_parse/parse_net.c(1023) [1999/02/04 16:03:05, 0] lib/util.c:(2383) I've tried to change in the [global] section the workgroup (domain) to the account domain but then get errors that the trust file ACCT.SERVER.mac N. From abakun at reac.com Thu Feb 4 16:10:56 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:09 2003 Subject: logfile-analyzer References: <36B9AB56.D3C21C3E@student.physik.uni-mainz.de> Message-ID: <36B9C690.AC26B858@reac.com> I'm working on an auditing patch to samba, which may provide the functionality you are looking for. It currently interfaces with syslog to log various actions, and you could parse the output file and insert it into your database. More information, including a patch against 2.0.0beta5 (I think it should apply okay to 2.0.0 production, but let me know if it doesn't) is available at: http://www.reac.com/samba/samba-audit.html It is still beta, and there are numerous things I want to change about it, but I've been using it in my production environment for about 4 months with no problems. Thomas Reifferscheid wrote: > Is there a logfile analyzer for the nmb logfile and the smb logfile ? > > All i need to know is which users logs on how often, when and on what > PC, preferable entering this information in our mysql-db. > The other thing that would make my life easier is, who has access how > often to what files on a dedicated share. > > Has anyone expierince with that ? Did anyone try to modify an > apache-logfile analyzer ? > > It would be very nice to hear _your_ thoughts about this !! > > Every service should have a graphical analyzer of its logfiles! From cartegw at Eng.Auburn.EDU Thu Feb 4 16:37:49 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:09 2003 Subject: Domain groups and admins References: Message-ID: <36B9CCDD.5D8513A3@eng.auburn.edu> Bic wrote: > > Hello! > > In man about smb.conf(5) i have found that there is a possibility > to create domain groups and users... But else that > possibilities there were nothing. And link points to > samba-ntdom@samba.org I decided to ask where can i find > examples ot something else about domain groups and > users creating? Check the NTDOM FAQ linked off the Samba web site (under documentation). > NT User Manager for Domain prints errors when i try to > add user to some groups... The support for User Manager is read-only currently. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Thu Feb 4 17:33:23 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:09 2003 Subject: latest CVS appears busted Message-ID: Dohhh! And it was going so well! with the latest CVS my workstation cannot find a PDC. checking log files now but I wouldn't update just yet..... Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From ccunning at socrates.math.ohio-state.edu Thu Feb 4 18:14:19 1999 From: ccunning at socrates.math.ohio-state.edu (Chad Cunningham) Date: Tue Dec 2 02:25:09 2003 Subject: nt groups Message-ID: Hi, I just got our Solaris machine functioning as an NT Domain Controller. Works great, much easier than I expected. But, what is the current statis of groups? The docs seem to say you can't do it. I want to lock down our NT clients so that users can't modify settings or install software. I don't know much about NT, but I have been told I need to do this by setting up groups on the NT controller, in this case, samba. Is there any way I can do it? Chad From rls at rfc.comm.harris.com Thu Feb 4 18:31:27 1999 From: rls at rfc.comm.harris.com (Bob Sass) Date: Tue Dec 2 02:25:09 2003 Subject: Samba 2.0 user-validation from NT-account domain when in NT-resource In-Reply-To: <36B9BCCE.D5FA1EDE@god.bel.alcatel.be> Message-ID: That is the same error I get. I believe you will find it is caused by having to many NT groups for your NT user. If I have greater than 32 NT groups associated with a NT user I get these errors. Bob Sass On Fri, 5 Feb 1999, Nick Rosier wrote: > How do I configure my Samba-server to join a NT-resource domain but > validate the users in a NT-account domain. > > I've added the server to the resource domain; all users logged on on a > win95 box can use the shares, NT users get an 'unexpected network error' > and following message is generated in the log.smb file: > > [1999/02/04 16:02:59, 0] rpc_parse/parse_net.c:(1023) > PANIC: assert failed at rpc_parse/parse_net.c(1023) > [1999/02/04 16:02:59, 0] lib/util.c:(2383) > PANIC: assert failed > [1999/02/04 16:03:04, 0] rpc_parse/parse_net.c:(1023) > PANIC: assert failed at rpc_parse/parse_net.c(1023) > [1999/02/04 16:03:04, 0] lib/util.c:(2383) > PANIC: assert failed > [1999/02/04 16:03:05, 0] rpc_parse/parse_net.c:(1023) > PANIC: assert failed at rpc_parse/parse_net.c(1023) > [1999/02/04 16:03:05, 0] lib/util.c:(2383) > > I've tried to change in the [global] section the workgroup (domain) to > the account domain but then get errors that the trust file > ACCT.SERVER.mac > > N. > > > From jallison at cthulhu.engr.sgi.com Thu Feb 4 18:39:44 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:09 2003 Subject: Samba 2.0 user-validation from NT-account domain when in NT-resource References: Message-ID: <36B9E970.2F4532BF@engr.sgi.com> Bob Sass wrote: > > That is the same error I get. I believe you will find it is caused by > having to many NT groups for your NT user. If I have greater than 32 NT > groups associated with a NT user I get these errors. > As a temporary fix apply the following patch and recompile. It's tacky but will server until we get that stuff allocated on demand. Regards, Jeremy Allison, Samba Team. -------------------------------------------------------------------- Index: include/rpc_lsa.h =================================================================== RCS file: /data/cvs/samba/source/include/rpc_lsa.h,v retrieving revision 1.8 diff -u -r1.8 rpc_lsa.h --- rpc_lsa.h 1998/11/10 19:04:58 1.8 +++ rpc_lsa.h 1999/02/04 18:37:52 @@ -51,7 +51,7 @@ /* XXXX these are here to get a compile! */ #define LSA_LOOKUPRIDS 0xFD -#define LSA_MAX_GROUPS 32 +#define LSA_MAX_GROUPS 96 #define LSA_MAX_SIDS 32 /* DOM_QUERY - info class 3 and 5 LSA Query response */ -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From bryanh at graonline.com Thu Feb 4 21:19:53 1999 From: bryanh at graonline.com (Bryan Harper) Date: Tue Dec 2 02:25:09 2003 Subject: Network Neighborhood is empty Message-ID: <000e01be5084$1e639360$0b0101c0@nc.gra_ut.com> Hi, I'm new to the Linux/Unix world so if this is not the forum for my problem kindly point me in the right direction. Anyway, I have Linux(RedHat 5.2) server with samba(1.9.18p10-3) acting as a NT domain server everything was working fine until I installed (or botched up the install of) squid. Now, when any client be it win98 or win95 tries to browse the network an error "Unable to browse Network. The Network is not accessible" pops up. However, if you use Start|Find|Computer and type the computer name you can see the computer and get to its shares etc. Network logon and all drive mappings work fine as well. What did I mess up? And how can I fix it? thanks in advance, Bryan From D.Bannon at latrobe.edu.au Thu Feb 4 21:52:51 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:09 2003 Subject: logfile-analyzer In-Reply-To: <36B9AB56.D3C21C3E@student.physik.uni-mainz.de> Message-ID: <3.0.3.32.19990205085251.0076bbe8@bioserve.biochem.latrobe.edu.au> At 01:17 AM 05/02/1999 +1100, Thomas Reifferscheid wrote: >Is there a logfile analyzer for the nmb logfile and the smb logfile ? > >All i need to know is which users logs on how often, when and on what >PC, preferable entering this information in our mysql-db. >The other thing that would make my life easier is, who has access how >often to what files on a dedicated share. Wow, you must have a lot of time available to read such things ... The samba log files are more about hunting bugs than generating reports, how about this : In your 'homes' share add these two lines : root preexec= echo \"%u connected from %m at %T\" >> disk2/samba/var/use.log root postexec=echo \"%u disconnect from %m at %T\" >> disk2/samba/var/use.log David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From tas at microdisplay.com Fri Feb 5 00:56:44 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:09 2003 Subject: Turning OFF Network Profiles Safely Message-ID: <003401be50a2$664b7da0$f2c6d6cf@ebola.microdisplay.com> Hi, Roaming profiles are wrecking havoc on my now NT-SERVERLESS NT domain :) I tried to turn them off by commenting out the "logon path" line in the smb.conf and restarting smbd. However, the long logout times and network traffic (tcpdump) persisted during login and logouts AFTER this was commented out. Things were being read and written someplace, so I turned it back on. IS it safe to comment out the [Profiles] and [netlogon] entries to disable roaming profiles? If not, then what is the preferred method? Thanks -Todd [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] From hliao at calstatela.edu Fri Feb 5 02:12:06 1999 From: hliao at calstatela.edu (Henry Liao) Date: Tue Dec 2 02:25:09 2003 Subject: nt groups In-Reply-To: Message-ID: On Fri, 5 Feb 1999, Chad Cunningham wrote: ] Hi, ] ] I just got our Solaris machine functioning as an NT Domain ] Controller. Works great, much easier than I expected. But, what is ] the current statis of groups? The docs seem to say you can't do ] it. I want to lock down our NT clients so that users can't modify ] settings or install software. I don't know much about NT, but I ] have been told I need to do this by setting up groups on the NT ] controller, in this case, samba. Is there any way I can do it? ] ] Chad ] I have been trying to get Solaris 2.7 or 2.6 to run as NT PDC. Would you please shed some light on how you have configured yours. The smb.conf, passwd, smbpasswd would be very helpful. Are you using the HEAD or the SAMBA_2_0 branch from CVS? I tried everything in the NTDOMAIN FAQ w/o any success. Any pointer is greatly appreciated. TIA. -Henry Liao o Network Systems Group )> Henry.Liao@calstatela.edu Cal State Univ, Los Angeles ___./]___ http://www.calstatela.edu/staff/hliao From ccunning at math.ohio-state.edu Fri Feb 5 03:28:35 1999 From: ccunning at math.ohio-state.edu (Chad Cunningham) Date: Tue Dec 2 02:25:09 2003 Subject: nt groups References: Message-ID: <36BA6528.E90835B2@math.ohio-state.edu> Sure, I did it on Solaris 2.7 on a Sparc Ultra5. I knew several people who were trying to accomplish it at the time, so I put up a 5 minute guide at http://socrates.mps.ohio-state.edu/~ccunning/samba.html. I used the 2.0 release. If you have any problems, let me know. The process described on the page was painless and quick for me. Henry Liao wrote: > I have been trying to get Solaris 2.7 or 2.6 to run as NT PDC. > Would you please shed some light on how you have configured yours. The > smb.conf, passwd, smbpasswd would be very helpful. Are you using the > HEAD or the SAMBA_2_0 branch from CVS? I tried everything in the > NTDOMAIN FAQ w/o any success. Any pointer is greatly appreciated. > TIA. > > -Henry Liao o > Network Systems Group )> Henry.Liao@calstatela.edu > Cal State Univ, Los Angeles ___./]___ http://www.calstatela.edu/staff/hliao From D.Bannon at latrobe.edu.au Fri Feb 5 06:17:32 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:09 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: <003401be50a2$664b7da0$f2c6d6cf@ebola.microdisplay.com> Message-ID: <3.0.3.32.19990205171732.007686d8@bioserve.biochem.latrobe.edu.au> At 11:58 AM 05/02/1999 +1100, Todd Stiers wrote: >Roaming profiles are wrecking havoc on my now NT-SERVERLESS >NT domain :) > >I tried to turn them off by commenting out the "logon path" >line in the smb.conf and restarting smbd. > > It seems that if you do NTDomain you are stuck with domain profiles. You can tell the workstations not to cache locally, very important if each computer has a large number of users (ie in a lab). You should also tell Internet Explorer not to save it (huge) cache. In one lab under my care I have a post exec that removes the users profile off the server after they log off ! Anyone leave things on the desktop and its lost ! This way the profile is still sent to the server, but at least it does not grow endlessly. If the samba team ever decides to make samba do _more_ (rather than just better) than NT, control of user profiles would be a good place to start. David >IS it safe to comment out the [Profiles] and [netlogon] >entries to disable roaming profiles? If not, then what is the >preferred method? > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From af at biomath.jussieu.fr Fri Feb 5 11:36:34 1999 From: af at biomath.jussieu.fr (FAUCONNET Alain) Date: Tue Dec 2 02:25:09 2003 Subject: New domain/group maps and localized versions of NT? Message-ID: <199902051136.MAA06063@boule.biomath.jussieu.fr> Hello, I have read this in the NTDOM archives (sorry, I didn't retain the author's name) : [*** begin quote ***] If you're running the head cvs branch, it's another story. To sum up in when the samba server is a PDC: smb.conf: domain user map = /usr/local/samba/lib/domainuser.map domain group map = /usr/local/samba/lib/domaingroup.map domainuser.map contains the mapping between the NT users and their equivalent on Unix: [[root@doubleface lib]# cat domainuser.map root administrator ^^^-> a tab or an '=' sign should work. domaingroup.map contains the mapping between the NT domain groups and the Unix groups [[root@doubleface lib]# cat domaingroup.map wheel "Domain Admins" ^^^-> a tab or an '=' sign should work. 'wheel' must be in /etc/group. All the Unix users who are in the 'wheel' unix group will be domain admins on the NT side. [*** end quote ***] This seems to imply that those file will determine a ONE-TO-ONE equivalence between the Unix and NT groups. Unfortunately the brainless people at Microsoft have localized the names of the NT groups. For the french version for example, the "Domain Admins" group has become "Administrateurs du domaine" or something like that (how about logging into your Unix station with "racine" instead of "root" ? they really don't think a second when it comes to fool with OS *constants* in the name of localization). I'm still using the 2.0.0 production code but planning to switch to the HEAD branch soon, and this is a concern to me. How will the domain group map handle localized group names ? will it allow multiple right-hand values ? (same goes for domain user maps) Greetings from Paris, _Alain_ -- Alain FAUCONNET Ingenieur systeme/System Administrator AP-HP/SIM Public Health 91 bld de l'Hopital 75013 PARIS FRANCE Medical Computing Research Labs Mail: af@biomath.jussieu.fr Tel: (+33) (0)1-40-77-96-19 Fax: (+33) (0)1-45-86-80-68 I've RTFMed. It says: "Refer to your system administrator" But... I *am* the system administrator :-] From Dave.Stevenson at durham.ac.uk Fri Feb 5 12:11:29 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:25:09 2003 Subject: nt groups Message-ID: <6790.199902051211@gengis> Have been running CVS head branch of Samba(2.0.0) dated 4th Sept for months, very reliably with about 50 NT4(SP3) clients and 150 users working as domain controller (PDC) and with roaming profiles, logon scripts etc. So stable I am loath to change it....so I loaded up another similar machine with latest CVS HEAD branch (3-2-99) I pulled and compiled OK (Both systems Solaris2.6, compiler gcc2.8.1) Configured second machine ZARQUON to use first( TZU) as password server, added ZARQUON as a client with "smbpasswd -m zarquon " and experienced the following from the new server. (Names changed to protect the innocents) [1999/02/05 11:33:55, 10] libsmb/clientgen.c:cli_shutdown(2450) cli_shutdown [1999/02/05 11:33:55, 1] lib/sids.c:get_domain_sids(266) lsa query info failed [1999/02/05 11:33:55, 0] smbd/server.c:main(687) ERROR: Samba cannot obtain PDC SID from PDC(s) TZU. with config entries so.. encrypt passwords = yes password level = 0 username level = 0 security = domain (Same thing with security = server but OK with security = share ) # suspend permanently I suspect temporarily #admin users = pcadmin guest account = pcguest #hosts allow = @smb_access # # host stuff # password server = TZU netbios name = zarquon workgroup = GEOLSCI domain master = no wins server = " IP address of TZU" time server = no Am I flogging a dead horse here? Have the mechanisms to obtain SID's changed so much that it is unreasonable to hope that this would work? I vaguely recall that there were a few ntdom messages about scripts to convert old format smbpasswd files to the latest format. Searching the archives I have failed to locate them. Can anyone point me in the right direction? Thanks From greg at discreet.com Fri Feb 5 12:43:32 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:09 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: <003401be50a2$664b7da0$f2c6d6cf@ebola.microdisplay.com> Message-ID: I'm betting it is not the profiles in general but the Internet Expoiter settings in the prifile thats is causing your problems. It has been discussed here before and I have seen it, this braindead app wants to save all its cache files on the server! Has anyone made a .reg to turn this off? Greg On 05-Feb-99 Todd Stiers wrote: > Hi, > > Roaming profiles are wrecking havoc on my now NT-SERVERLESS > NT domain :) > > I tried to turn them off by commenting out the "logon path" > line in the smb.conf and restarting smbd. > > However, the long logout times and network traffic (tcpdump) persisted > during login and logouts AFTER this was commented out. > Things were being read and written someplace, so I turned it back on. > > IS it safe to comment out the [Profiles] and [netlogon] > entries to disable roaming profiles? If not, then what is the > preferred method? > > Thanks > -Todd > > [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From Jean-Francois.Micouleau at dalalu.fr Fri Feb 5 14:06:08 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:25:09 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <199902051136.MAA06063@boule.biomath.jussieu.fr> Message-ID: On Fri, 5 Feb 1999, FAUCONNET Alain wrote: > Hello, Bonjour Alain, > I have read this in the NTDOM archives (sorry, I didn't retain the > author's name) : That's me. > This seems to imply that those file will determine a ONE-TO-ONE > equivalence between the Unix and NT groups. Yep. > Unfortunately the > brainless people at Microsoft have localized the names of the NT > groups. For the french version for example, the "Domain Admins" group > has become "Administrateurs du domaine" or something like that (how > about logging into your Unix station with "racine" instead of "root" ? No problem with samba so far. My NT testbed is half english, half french. It's working with Samba as with NT, you can have a French NT workstation and a English NT PDC. Only the SID value is important. > they really don't think a second when it comes to fool with OS > *constants* in the name of localization). > > I'm still using the 2.0.0 production code but planning to switch to > the HEAD branch soon, and this is a concern to me. How will the domain > group map handle localized group names ? will it allow multiple > right-hand values ? (same goes for domain user maps) Yes. > Greetings from Paris, > _Alain_ greetings from Bordeaux, Jean Francois From jpkidd at iupui.edu Fri Feb 5 14:22:08 1999 From: jpkidd at iupui.edu (jpkidd@iupui.edu) Date: Tue Dec 2 02:25:09 2003 Subject: Outlook 97 Message-ID: I hope this is not too off beat for this list, but I was wondering if any of you are using Samba with any groupware like Outlook 97's calender or scheduling features? If you are what special considerations did you have to take into account. I am working on a small networking project for my church and would like to avoid using NT server if Samba would suffice. So.....can it be done? Jim Kidd From abs at maunsell.co.uk Fri Feb 5 15:03:00 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:25:09 2003 Subject: amrestore of a pc with smbclient In-Reply-To: <19990129181157.39125@maunsell.co.uk>; from Andy Smith on Sat, Jan 30, 1999 at 05:13:26AM +1100 References: <19990129181157.39125@maunsell.co.uk> Message-ID: <19990205150259.11829@maunsell.co.uk> On Sat, Jan 30, 1999 at 05:13:26AM +1100, Andy Smith wrote: > > I've been having a discussion over in the amanda user group about this > problem, it would appear that smbclient is failing to read correctly > from stdin (in this case a pipe from amrestore). This smbclient is the Wasn't related to stdin at all... > latest cvs version from the head branch, I haven't tried it yet with > the 2.0.0 release, so I haven't at this stage reported it to samba-bugs. ... on either 2.0.0 or 2.1.0-prealpha, the results are the same :- # smbclient '\\d2767\c$' XXXXXX -d0 -U administrator -W d2767 -Tx /export/tmp/backup.tar ./tmp/ntconfig.POL Added interface ip=???.???.??.?? bcast=???.???.??.??? nmask=255.255.255.0 restore tar file \tmp\ntconfig.POL of size 36864 bytes checksums don't match 0 1514 abandoning restore, -1 from read tar header # ls -l /export/tmp/backup.tar -rw-r--r-- 1 abs dev 163949056 Feb 5 09:57 /export/tmp/backup.tar The file >is< successfully restored and the tarfile /export/tmp/backup.tar does extract successfully without error using gnutar on the tape server. Looks like a bug in 2.0.0 (which happens to be propagated in 2.1.0-prealpha) so I am reporting it to samba-bugs@samba.org. Please let me know if I can provide any further information. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From ce at atl.dk Fri Feb 5 18:11:41 1999 From: ce at atl.dk (Christian E) Date: Tue Dec 2 02:25:09 2003 Subject: problems with group relationships !!! Message-ID: <36BB345D.E13E62B1@atl.dk> Hi, all. I'm currently trying to implement a samba server as a file server in my company instead of our current NT-server. At the moment the Samba server is not a domain controller, but it will be one day. I'm having major problems at the moment though...here goes: It seems as if the Samba- daemon only reads what group the user belongs to when it is started/restarted. Can it really be true ??? I have made several tests and they indicate this. IMHO the only proper way to control access to various shares are on a per group basis, and it works in NT. But if I remove a user from a group on the Samba-server machine, the user can still delete/create files as if he was stil a menber of the group until I restart Samba. Do I have to set up the Samba server as a PDC to solve or...??? I really hope there is a simple solution to this or otherwise I'll have to skip implementing Samba,because this is just as bad as rebooting an NT-server once in a while in my opinion. A server should not need to be restarted..... Phew, that's all...hope you can help best regards -- Christian Ejstrup, RF- Development Engineer ATL Research A/S, Sofiendalsvej 85, DK-9200 Aalborg SV Phone: +45 96-346868, GSM: +45 22-234304, URL: www.atl.dk From cwood at wencor.com Fri Feb 5 20:10:31 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:25:09 2003 Subject: Not in Neighborhood and no login scripts In-Reply-To: Message-ID: On Tue, 2 Feb 1999, Chris Wood wrote: > > I've been trying to setup login scripts for users authenticating against > Samba 2.0 (PDC). I've heard people mention that win95 needs to be able to > build the path to the netlogon thus netlogon must have browseable = yes. > I've tried this without luck (though I can find the server, browse the > share and run the .bat file manually). > > When I upgraded to Samba 2.0, Samba disappeared from the network > neighborhood and hasn't come back since. :) Could the absense of Samba > in the 'hood cause the problem of login scripts failing to run? If so, > what can I do to get Samba in the neighborhood? OK, I found the problem I was having (it was silly) and it has raised another question. The Problem was on the Win95 machines: domain = SAMBA workgroup = workgroup WINS = IP of SAMBA server The Win95 machines only see other win95 machines where workgroup = workgroup even though the machines are in the SAMBA PDC domain and the WINS server is setup. The win95 machines cannot see the samba server in the neighborhood. If I set workgroup = SAMBA, then it does. Are the Win95 machines not really using the WINS server for resolution? -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From awilliam at whitemice.org Fri Feb 5 23:15:50 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:25:09 2003 Subject: problems with group relationships !!! In-Reply-To: Christian E "problems with group relationships !!!" (Feb 6, 5:13am) References: <36BB345D.E13E62B1@atl.dk> Message-ID: <9902052315.ZM18826@estate1.whitemice.org> On Feb 6, 5:13am, Christian E wrote: > Subject: problems with group relationships !!! > Hi, all. > > I'm currently trying to implement a samba server as a file server in my > company instead of our current NT-server. At the moment the Samba server > is not a domain controller, but it will be one day. I'm having major > problems at the moment though...here goes: > > It seems as if the Samba- daemon only reads what group the user belongs > to when it is started/restarted. Can it really be true ??? I have made > several tests and they indicate this. IMHO the only proper way to > control access to various shares are on a per group basis, and it works > in NT. But if I remove a user from a group on the Samba-server machine, > the user can still delete/create files as if he was stil a menber of the > group until I restart Samba. > Do I have to set up the Samba server as a PDC to solve or...??? > I really hope there is a simple solution to this or otherwise I'll have > to skip implementing Samba,because this is just as bad as rebooting an > NT-server once in a while in my opinion. A server should not need to be > restarted..... > Phew, that's all...hope you can help Have you tried "killall -1 smbd" this causes Samba to reload it's config without shuting down or restarting. It works great for me. I've never changed a user's group while poeple were logged in so I don't know if it does that, but I know it relaods just about everything else. Note that this in on a Linux system, don't know about other systems. Let me know. From jallison at cthulhu.engr.sgi.com Sat Feb 6 03:26:12 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:10 2003 Subject: Samba 2.0.1 released. Message-ID: <36BBB654.16E6CECC@engr.sgi.com> The Samba Team is pleased to announce Samba 2.0.1. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. Due to a couple of smbd crash bugs that were found in Samba 2.0.0 it is recommened all sites using Samba 2.0.0 upgrade to this release. It may be fetched via ftp from : ftp:///pub/samba/samba-2.0.1.tar.gz Or just follow the link on the main page of your nearest http://samba.org mirror. Binary packages for supported systems will be made available within a short time. A separate announcement will be made for the release of these packages. Offers of binary Samba packages for various systems are welcome and should be sent to samba-bugs@samba.anu.edu.au. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.anu.edu.au As always, all bugs are our responsibility. Without further ado, here are the release notes. Regards, The Samba Team. -------------------------------------------------------- WHATS NEW IN Samba 2.0.1 ======================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. Bugfixes added since 2.0.0 -------------------------- 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 2). Autoconf changes to help HPUX configure correctly. 3). Autoconf changes to allow lock directory to be set. 4). Client fix to allow port to be set. 5). clitar fix to send debug messages to stderr. 6). smbmount race condition fix. 7). Fix for bug where trying to browse large numbers of shares generated an error from an NT client. 8). Wrapper for setgroups for SunOS 4.x 9). Fix for directory deleting failing from multiuser NT. 10). Fix for crash bug if bitmap was full. 11). Fix for Linux genrand where /dev/random could cause clients to timeout on connect if the entropy pool was empty. 12). The default PASSWD_CHAT may now be overridden in local.h 13). HPUX printing fixes for default programs. 14). Reverted (erroneous) code in MACHINE.SID generation that was setting the sid to 0x21 - should be *decimal* 21. 15). Fix for printing to remote machine under SVR4. 16). Fix for chgpasswd wait being interrupted with EINTR. 17). Fix for disk free routine. NT and Win98 now correctly show greater than 2GB disks. 18). Fix for crash bug in stat cache statistics printing. 19). Fix for filenames ending in .~xx. 20). Fix for access check code wait being interrupted with EINTR. 21). Fix for password changes from "invalid password" to a valid one setting the account disabled bit. 22). Fix for smbd crash bug in SMBreadraw cache prime code. 23). Fix for overly zealous lock range overflow reporting. 24). Fix for large disk disk free reporting (NT SMB code). 25). Fix for NT failing to truncate files correctly. 26). Fix for smbd crash bug with SMBcancel calls. 27). Additional -T flag to nmblookup to do reverse DNS on addresses. 28). SWAT fix to start/stop smbd/nmbd correctly. Major changes in Samba 2.0 -------------------------- This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From chicken at garlic.com Sat Feb 6 03:40:54 1999 From: chicken at garlic.com (Aaron Dougherty) Date: Tue Dec 2 02:25:10 2003 Subject: No Listing in Network Neighborhood Message-ID: <001701be5182$80bb7600$017b7b7b@coruscant.empire> Hello, I am relatively new to Samba. I have installed it to Solaris 7. Everything seems to be working just fine, and I can map my tmp directory by explicitly stating \\SAMBA_SERVER\TMP, but I can not see the Samba Server in my Network Neighborhood. Does anyone have any suggestions? Thanks, -Aaron From sp.som at hisl.co.in Sat Feb 6 03:46:52 1999 From: sp.som at hisl.co.in (SP.Somprav-Hisl) Date: Tue Dec 2 02:25:10 2003 Subject: MAIL!!!! Message-ID: <301677A5C27FD21198CF00902710D36C0522DC@SQLWEB> I have installed RH 5.2 and samba is also configured and working properly, I have an NT Exchange Server installed as my mail server and in the linux machine I have installed staroffice I would like to configure the mail client in linux and access the NT server for receiving and sending mail, I am stuck at configuring the outbok in the So50. any help in this regard would be appreciated. thanks Somprav pareek From John_Young at sp.gap.com Sat Feb 6 09:08:56 1999 From: John_Young at sp.gap.com (John Young) Date: Tue Dec 2 02:25:10 2003 Subject: Samba 2.0.1 vs. CVS with Domain PDC & TSE Message-ID: <199902060908.BAA07410@wizard.sp.gap.com> First, let me say a HUGE thank you to the Samba Team, Andy Polyakov (tips on getting things to work w/Terminal Server), and others! I actually got things working where my Solaris 2.6 box was pretending to be an NT PDC for both NT Workstation and NT Terminal Server Edition (TSE). Very cool, and very funny. Probably the most stable PDC the Redmond kids have ever seen... My question is, I can only get things to work using the CVS source from ftp://cvs.samba.org/pub/unpacked/samba which I downloaded on 02 Feb 1999 (three or four days ago). If I try to use the brand-new 2.0.1 distribution, my clients cannot seem to authenticate. The only mods I made to the CVS source was the nttrans.c suggestion (#if 0 / #endif) from Andy Polyakov, and Solaris 2.6 include bug considerations in configure, configure.in, and util.c. In 2.0.1, the only change I made was to again implement Andy's nttrans.c mod. Does this make sense to anyone? I could grab some log excerpts if that would help (I'm way too tired right now). The NT workstation box actually popped up a couple of psuedo infomative boxes like: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." The other message was much more terse - something about not being able to log in, I think. I noticed that 2.0.1 creates MACHINE.SID, while the CVS build only seems to need SAMBA.SID (SAMBA is my domain name). Sorry if I've missed something in the docs - I promise I have been putting a bunch of time into studying the material. Any tips / ideas anybody? Thanks! John ________________________________________________________________ John Young Voice 650 874 4198 Director, Corporate Architecture I.S. Fax 650 874 4224 Gap, Inc. john_young@sp.gap.com From cwood at wencor.com Sat Feb 6 18:10:39 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:25:10 2003 Subject: No Listing in Network Neighborhood In-Reply-To: <001701be5182$80bb7600$017b7b7b@coruscant.empire> Message-ID: On Sat, 6 Feb 1999, Aaron Dougherty wrote: > Hello, > I am relatively new to Samba. I have installed it to Solaris 7. Everything > seems to be working just fine, and I can map my tmp directory by explicitly > stating \\SAMBA_SERVER\TMP, but I can not see the Samba Server in my Network > Neighborhood. Does anyone have any suggestions? I recently had this battle too. Things I've heard of that can cause this: 1. "Interfaces =" setting in smb.conf is wrong, or has the wrong subnet mask. 2. "workgroup = xxx " in smb.conf but on the Win95 machine workgroup is set = yyy. Change Win95 to xxx and Samba shows up. 3. nmbd deamon isn't running... you should see 2 nmbd's running, if you only see one, restart nmbd. Umm. That's all I can think of off the top of my head. -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From D.Bannon at latrobe.edu.au Sun Feb 7 21:35:20 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:10 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: References: <003401be50a2$664b7da0$f2c6d6cf@ebola.microdisplay.com> Message-ID: <3.0.3.32.19990208083520.00778bb0@bioserve.biochem.latrobe.edu.au> At 11:44 PM 05/02/1999 +1100, Greg Dickie wrote: > >I'm betting it is not the profiles in general but the Internet Expoiter >settings in the prifile thats is causing your problems. It has been discussed >here before and I have seen it, this braindead app wants to save all its cache >files on the server! > >Has anyone made a .reg to turn this off? > Yep, dont forget to make sure there is a line feed after last line. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Netwo rk] "DisablePwdCaching"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths] "Directory"="c:\temp" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1] "Directory"="c:\temp\cache1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2] "Directory"="c:\temp\cache2" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3] "Directory"="c:\temp\cache3" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4] "Directory"="c:\temp\cache4" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths\Cookies] "Directory"="c:\temp\cookies" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URL Settings] "Directory"="c:\temp\history" David. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sun Feb 7 22:00:20 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:10 2003 Subject: Samba 2.0.1 vs. CVS with Domain PDC & TSE In-Reply-To: <199902060908.BAA07410@wizard.sp.gap.com> Message-ID: <3.0.3.32.19990208090020.00a70654@bioserve.biochem.latrobe.edu.au> At 08:12 PM 06/02/1999 +1100, John Young wrote: > >My question is, I can only get things to work using the CVS >source from ftp://cvs.samba.org/pub/unpacked/samba which I >downloaded on 02 Feb 1999 (three or four days ago). If I try to >use the brand-new 2.0.1 distribution, my clients cannot seem to >authenticate. John, this could be a bug that been hinted at from time to time. The NT machines change thier passwd from time to time and installing a new version resets samba so it wants to use the default one again. This problem crops up after you have been running one version for some weeks usually, so yours seems a bit quick ..... If you revert to the older, working version and then copy the binaries in without using 'make install' things might work. Alternativly, reset each machine password (smbpasswd -m machine) where 'machine' is the name of each machine that you want to log on. Then, as admin, remove each machine from the domain and rejoin. Gee, the first option looks good ! I suspect the list may be interested in what you find. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From eric at technocraft.com Sun Feb 7 22:29:02 1999 From: eric at technocraft.com (Eric Mason) Date: Tue Dec 2 02:25:10 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: <3.0.3.32.19990208083520.00778bb0@bioserve.biochem.latrobe.edu.au> Message-ID: <000001be52e9$433e0c30$0200a8c0@eric> Is there a key to turn off caching of the profile at all? So it's accessed directly off the server instead of downloading it and reuploading it every time you log on or off? > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > David Bannon > Sent: Sunday, February 07, 1999 4:38 PM > To: Multiple recipients of list > Subject: RE: Turning OFF Network Profiles Safely > > > At 11:44 PM 05/02/1999 +1100, Greg Dickie wrote: > > > >I'm betting it is not the profiles in general but the Internet Expoiter > >settings in the prifile thats is causing your problems. It has > been discussed > >here before and I have seen it, this braindead app wants to save all its > cache > >files on the server! > > > >Has anyone made a .reg to turn this off? > > > Yep, dont forget to make sure there is a line feed after last line. > > REGEDIT4 > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Poli > cies\Netwo > rk] > "DisablePwdCaching"=dword:00000001 > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Paths] > "Directory"="c:\temp" > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Paths\Path1] > "Directory"="c:\temp\cache1" > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Paths\Path2] > "Directory"="c:\temp\cache2" > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Paths\Path3] > "Directory"="c:\temp\cache3" > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Paths\Path4] > "Directory"="c:\temp\cache4" > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Special Paths\Cookies] > "Directory"="c:\temp\cookies" > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\URL Settings] > "Directory"="c:\temp\history" > > David. > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > From jmeff at engsoc.queensu.ca Sun Feb 7 22:53:00 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:10 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: <000001be52e9$433e0c30$0200a8c0@eric> Message-ID: <000001be52ec$9cd1b0a0$0245a8c0@dagobah.cgocable.net> > Is there a key to turn off caching of the profile at all? So > it's accessed > directly off the server instead of downloading it and reuploading it every > time you log on or off? Samba only supports roaming profiles currently, but here's a few things to try out.. *Login to the NTWS, on the System Control Panel, view the Profiles tab, and "change type" of your profile to a local profile. I think Samba resets this however the next time you logon. *You can disable profile caching on the NTWS to save disk space, meaning the locally cached copy of the profile is deleted when the user logs out, but the profile still gets downloaded/reuploaded every time you log on/off. Take a look in the policy editor for the setting (under Default Computer) and use a ntconfig.pol in the netlogon share. *With SP4, you can also disable uploading certain directories within the profile when the user logs out (eg. Temporary Internet Files, to save network traffic). Again, look in the policy editor - it's part of proquota, which can also set a limit on the size of a user's profile. *You could try editing the profile paths to map to the server, but I've never tested that and I'm doubtful it works (let me know if it does!) - eg. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths] "Directory"="\\SERVER\Profiles\%USERNAME%\Temporary Internet Files" etc. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "AppData"="\\SERVER\Profiles\%USERNAME%\Application Data" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Cache"=""\\SERVER\Profiles\%USERNAME%\Cache"" (note the double-quotes for Cache, Cookies and History values, and %USERNAME% system variable) Jamie Engineering Society Queen's U From eric at technocraft.com Sun Feb 7 23:31:40 1999 From: eric at technocraft.com (Eric Mason) Date: Tue Dec 2 02:25:10 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: <000001be52ec$9cd1b0a0$0245a8c0@dagobah.cgocable.net> Message-ID: <000101be52f2$03579fb0$0200a8c0@eric> Now that's an interesting thought. Do you know if NT accesses anything in the profile before it runs the login script? If not I could have it map the home directory and then access the profile on that drive. Does this make sense? > > *You could try editing the profile paths to map to the server, but I've > never tested that and I'm doubtful it works (let me know if it > does!) - eg. > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Cache\Paths] > "Directory"="\\SERVER\Profiles\%USERNAME%\Temporary Internet Files" > etc. > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo > rer\Shell > Folders] > "AppData"="\\SERVER\Profiles\%USERNAME%\Application Data" > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo > rer\Shell > Folders] > "Cache"=""\\SERVER\Profiles\%USERNAME%\Cache"" > > (note the double-quotes for Cache, Cookies and History values, and > %USERNAME% system variable) > > Jamie > Engineering Society > Queen's U > From jmeff at engsoc.queensu.ca Sun Feb 7 23:49:13 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:10 2003 Subject: Turning OFF Network Profiles Safely In-Reply-To: <000101be52f2$03579fb0$0200a8c0@eric> Message-ID: <000101be52f4$77441140$0245a8c0@dagobah.cgocable.net> Well, i'd assume that the profile gets downloaded, the HKEY_CURRENT_USER hive (ntuser.dat) gets loaded in the registry, and then the logon script runs. The user doesn't get to their desktop until the login script completes. Alternatively, you could create a new Default Profile for each user with your custom registry settings, and reset roaming profiles (not something that makes users very happy though ;) See the Profiles and Policies guide at http://www.microsoft.com/ntserver/management/deployment/planguide/prof_polic ies.asp But I'd have to say try what you had in mind, and see what happens. Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Eric Mason > Sent: Sunday, February 07, 1999 6:31 PM > To: Multiple recipients of list > Subject: RE: Turning OFF Network Profiles Safely > > > Now that's an interesting thought. Do you know if NT accesses anything in > the profile before it runs the login script? If not I could have > it map the > home directory and then access the profile on that drive. Does this make > sense? > > > > > *You could try editing the profile paths to map to the server, but I've > > never tested that and I'm doubtful it works (let me know if it > > does!) - eg. > > [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet > > Settings\Cache\Paths] > > "Directory"="\\SERVER\Profiles\%USERNAME%\Temporary Internet Files" > > etc. > > > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo > > rer\Shell > > Folders] > > "AppData"="\\SERVER\Profiles\%USERNAME%\Application Data" > > > > [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo > > rer\Shell > > Folders] > > "Cache"=""\\SERVER\Profiles\%USERNAME%\Cache"" > > > > (note the double-quotes for Cache, Cookies and History values, and > > %USERNAME% system variable) > > > > Jamie > > Engineering Society > > Queen's U > > > From lkcl at switchboard.net Mon Feb 8 00:51:40 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: logfile-analyzer In-Reply-To: <36B9C690.AC26B858@reac.com> Message-ID: i would like to see samba capable of reporting through nt "event viewer". On Fri, 5 Feb 1999, Andy Bakun wrote: > I'm working on an auditing patch to samba, which may provide the > functionality you are looking for. It currently interfaces with syslog to > log various actions, and you could parse the output file and insert it into > your database. > > More information, including a patch against 2.0.0beta5 (I think it should > apply okay to 2.0.0 production, but let me know if it doesn't) is available > at: > > http://www.reac.com/samba/samba-audit.html > > It is still beta, and there are numerous things I want to change about it, > but I've been using it in my production environment for about 4 months with > no problems. > > Thomas Reifferscheid wrote: > > > Is there a logfile analyzer for the nmb logfile and the smb logfile ? > > > > All i need to know is which users logs on how often, when and on what > > PC, preferable entering this information in our mysql-db. > > The other thing that would make my life easier is, who has access how > > often to what files on a dedicated share. > > > > Has anyone expierince with that ? Did anyone try to modify an > > apache-logfile analyzer ? > > > > It would be very nice to hear _your_ thoughts about this !! > > > > Every service should have a graphical analyzer of its logfiles! > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From aperrin at demog.Berkeley.EDU Mon Feb 8 01:01:18 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:10 2003 Subject: logfile-analyzer In-Reply-To: Message-ID: Hm, that seems like a low priority to me - since all Event Viewer seems to do vis-a-vis a text file is remove potentially useful information. I'm afraid I don't get what's wrong with logging to a text file, although I agree that logging as it's currently in samba is more useful for debugging than for auditing. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 8 Feb 1999, Luke Kenneth Casson Leighton wrote: > i would like to see samba capable of reporting through nt "event viewer". > > On Fri, 5 Feb 1999, Andy Bakun wrote: > > > I'm working on an auditing patch to samba, which may provide the > > functionality you are looking for. It currently interfaces with syslog to > > log various actions, and you could parse the output file and insert it into > > your database. > > > > More information, including a patch against 2.0.0beta5 (I think it should > > apply okay to 2.0.0 production, but let me know if it doesn't) is available > > at: > > > > http://www.reac.com/samba/samba-audit.html > > > > It is still beta, and there are numerous things I want to change about it, > > but I've been using it in my production environment for about 4 months with > > no problems. > > > > Thomas Reifferscheid wrote: > > > > > Is there a logfile analyzer for the nmb logfile and the smb logfile ? > > > > > > All i need to know is which users logs on how often, when and on what > > > PC, preferable entering this information in our mysql-db. > > > The other thing that would make my life easier is, who has access how > > > often to what files on a dedicated share. > > > > > > Has anyone expierince with that ? Did anyone try to modify an > > > apache-logfile analyzer ? > > > > > > It would be very nice to hear _your_ thoughts about this !! > > > > > > Every service should have a graphical analyzer of its logfiles! > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba and Network Consultancy > From lkcl at switchboard.net Mon Feb 8 01:08:22 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <199902051136.MAA06063@boule.biomath.jussieu.fr> Message-ID: alain, i have hard-wired the names of the local accounts. nt doesn't actually care aboutthe names: it only cares about the RID values. if you want to change the names to something different then please feel free to do so in lib/util_pwdb.c - you can select absolutely anything you like :-) just don't change the RID values. regards, luke On Fri, 5 Feb 1999, FAUCONNET Alain wrote: > Hello, > > I have read this in the NTDOM archives (sorry, I didn't retain the > author's name) : > > [*** begin quote ***] > > If you're running the head cvs branch, it's another story. > > To sum up in when the samba server is a PDC: > smb.conf: > > domain user map = /usr/local/samba/lib/domainuser.map > domain group map = /usr/local/samba/lib/domaingroup.map > > domainuser.map contains the mapping between the NT users and their > equivalent on Unix: > > [[root@doubleface lib]# cat domainuser.map > root administrator > > ^^^-> a tab or an '=' sign should work. > > domaingroup.map contains the mapping between the NT domain groups and the > Unix groups > > [[root@doubleface lib]# cat domaingroup.map > wheel "Domain Admins" > > ^^^-> a tab or an '=' sign should work. > > 'wheel' must be in /etc/group. All the Unix users who are in the 'wheel' > unix group will be domain admins on the NT side. > > [*** end quote ***] > > This seems to imply that those file will determine a ONE-TO-ONE > equivalence between the Unix and NT groups. Unfortunately the > brainless people at Microsoft have localized the names of the NT > groups. For the french version for example, the "Domain Admins" group > has become "Administrateurs du domaine" or something like that (how > about logging into your Unix station with "racine" instead of "root" ? > they really don't think a second when it comes to fool with OS > *constants* in the name of localization). > > I'm still using the 2.0.0 production code but planning to switch to > the HEAD branch soon, and this is a concern to me. How will the domain > group map handle localized group names ? will it allow multiple > right-hand values ? (same goes for domain user maps) > > Greetings from Paris, > _Alain_ > -- > Alain FAUCONNET Ingenieur systeme/System Administrator AP-HP/SIM > Public Health 91 bld de l'Hopital 75013 PARIS FRANCE > Medical Computing Research Labs Mail: af@biomath.jussieu.fr > Tel: (+33) (0)1-40-77-96-19 Fax: (+33) (0)1-45-86-80-68 > I've RTFMed. It says: "Refer to your system administrator" > But... I *am* the system administrator :-] > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Mon Feb 8 01:11:23 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: nt groups In-Reply-To: <6790.199902051211@gengis> Message-ID: dave, can you please run rpcclient (latest cvs version) as follows: rpcclient -S tzu -U% -l log smb> lsaquery DOMAIN: .... .... smb> exit if you get valid information back then all is well on samba(2.0.0) dated 4th Sept. if you do not i have a bug in latest cvs to fix. regards, luke On Fri, 5 Feb 1999 Dave.Stevenson@durham.ac.uk wrote: > Have been running CVS head branch of Samba(2.0.0) dated 4th Sept for months, very reliably with > about 50 NT4(SP3) clients and 150 users working as domain controller (PDC) and with roaming > profiles, logon scripts etc. > > So stable I am loath to change it....so I loaded up another similar machine with latest > CVS HEAD branch (3-2-99) I pulled and compiled OK (Both systems Solaris2.6, compiler gcc2.8.1) > > Configured second machine ZARQUON to use first( TZU) as password server, added ZARQUON as > a client with "smbpasswd -m zarquon " and experienced the following from the new server. > (Names changed to protect the innocents) > > [1999/02/05 11:33:55, 10] libsmb/clientgen.c:cli_shutdown(2450) > cli_shutdown > [1999/02/05 11:33:55, 1] lib/sids.c:get_domain_sids(266) > lsa query info failed > [1999/02/05 11:33:55, 0] smbd/server.c:main(687) > ERROR: Samba cannot obtain PDC SID from PDC(s) TZU. > > with config entries so.. > > encrypt passwords = yes > password level = 0 > username level = 0 > security = domain (Same thing with security = server but OK with security = share ) > # suspend permanently I suspect temporarily > #admin users = pcadmin > guest account = pcguest > #hosts allow = @smb_access > > # > # host stuff > # > password server = TZU > netbios name = zarquon > workgroup = GEOLSCI > domain master = no > wins server = " IP address of TZU" > time server = no > > > Am I flogging a dead horse here? Have the mechanisms to obtain SID's changed so much > that it is unreasonable to hope that this would work? > > I vaguely recall that there were a few ntdom messages about scripts to convert old format smbpasswd > files to the latest format. Searching the archives I have failed to locate them. Can > anyone point me in the right direction? > > > Thanks > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From chicken at garlic.com Mon Feb 8 01:18:57 1999 From: chicken at garlic.com (Aaron Dougherty) Date: Tue Dec 2 02:25:10 2003 Subject: No Listing in Network Neighborhood Message-ID: <001801be5301$01acff20$017b7b7b@empire> Looks like it was 2 things. 1) I had the wrong workgroup information in my smb.conf 2) I didn't have nmbd running at all. FYI, I only have 1 nmbd running, and it shows in network neighborhood now. Thanks for the help. -Aaron ----- Original Message ----- From: Chris Wood To: Multiple recipients of list Sent: Saturday, February 06, 1999 10:12 AM Subject: Re: No Listing in Network Neighborhood >On Sat, 6 Feb 1999, Aaron Dougherty wrote: > >> Hello, >> I am relatively new to Samba. I have installed it to Solaris 7. Everything >> seems to be working just fine, and I can map my tmp directory by explicitly >> stating \\SAMBA_SERVER\TMP, but I can not see the Samba Server in my Network >> Neighborhood. Does anyone have any suggestions? > >I recently had this battle too. Things I've heard of that can cause >this: >1. "Interfaces =" setting in smb.conf is wrong, or has the wrong > subnet mask. >2. "workgroup = xxx " in smb.conf but on the Win95 machine workgroup is > set = yyy. Change Win95 to xxx and Samba shows up. >3. nmbd deamon isn't running... you should see 2 nmbd's running, if you > only see one, restart nmbd. > >Umm. That's all I can think of off the top of my head. > >-=-=-=-=-=- >Chris Wood Kitco, Inc. >801-489-2097 Wencor West, Inc. >[cwood@wencor.com] Durham Aircraft Services >-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > From lkcl at switchboard.net Mon Feb 8 01:34:50 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: Samba 2.0.1 vs. CVS with Domain PDC & TSE In-Reply-To: <199902060908.BAA07410@wizard.sp.gap.com> Message-ID: > I noticed that 2.0.1 creates MACHINE.SID, while the CVS build > only seems to need SAMBA.SID (SAMBA is my domain name). Sorry correct. be careful if you revert to 2.0.1, you will need to manually rename SAMBA.SID to MACHINE.SID beforehand. "Welcome to the SAMBA Domain" has a particularly satisfying ring to it, n'est ce pas? From ce at atl.dk Mon Feb 8 10:20:43 1999 From: ce at atl.dk (Christian E) Date: Tue Dec 2 02:25:10 2003 Subject: Problems with group relationships, part 2 "The Solution" Message-ID: <36BEBA7B.A666BE1A@atl.dk> Hi, all Thanks a lot for your help..For a moment I was actually planning on skipping my implementation of Samba in my company (shame on me....should've known that a Unix prog. is far better than any Win. prog.)...by killing the smbd process running with the users ID the group relationship is re-read....In NT you actually have to log off and back on in order for it to work, so this is much better...no doubt that Samba is the future PDC and file-server here.... :-) best regards -- Christian Ejstrup, RF- Development Engineer ATL Research A/S, Sofiendalsvej 85, DK-9200 Aalborg SV Phone: +45 96-346868, GSM: +45 22-234304, URL: www.atl.dk From ambach at unfall.klinik.uni-mainz.de Mon Feb 8 13:49:16 1999 From: ambach at unfall.klinik.uni-mainz.de (Christian Ambach) Date: Tue Dec 2 02:25:10 2003 Subject: New domain/group maps and localized versions of NT? References: <199902051136.MAA06063@boule.biomath.jussieu.fr> Message-ID: <36BEEB5C.6417A6D@unfall.klinik.uni-mainz.de> FAUCONNET Alain schrieb: > This seems to imply that those file will determine a ONE-TO-ONE > equivalence between the Unix and NT groups. Unfortunately the > brainless people at Microsoft have localized the names of the NT > groups. For the french version for example, the "Domain Admins" group > has become "Administrateurs du domaine" or something like that (how > about logging into your Unix station with "racine" instead of "root" ? > they really don't think a second when it comes to fool with OS > *constants* in the name of localization). My german NT WS 4.0 recognizes Domain Admins as "Dom?nenadministratoren" the german term for Domain Admins. Is it possible that NT internally uses s.th. like "group ids" and recognizes the Domain Admin group by looking at this id, not at the name ?? Christian Ambach From lkcl at switchboard.net Mon Feb 8 15:22:21 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: Problems with group relationships, part 2 "The Solution" In-Reply-To: <36BEBA7B.A666BE1A@atl.dk> Message-ID: On Mon, 8 Feb 1999, Christian E wrote: > Hi, all > > Thanks a lot for your help..For a moment I was actually planning on > skipping my implementation of Samba in my company (shame on > me....should've known that a Unix prog. is far better than any Win. > prog.)...by killing the smbd process running with the users ID the group > relationship is re-read.... REALLY???? cool! > In NT you actually have to log off and back > on in order for it to work, so this is much better you not kidding. if you experience any side-effects (e.g running any programs that potentially cache group info) let us know. lukes From lkcl at switchboard.net Mon Feb 8 15:31:56 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <36BEEB5C.6417A6D@unfall.klinik.uni-mainz.de> Message-ID: On Tue, 9 Feb 1999, Christian Ambach wrote: > FAUCONNET Alain schrieb: > > > This seems to imply that those file will determine a ONE-TO-ONE > > equivalence between the Unix and NT groups. Unfortunately the > > brainless people at Microsoft have localized the names of the NT > > groups. For the french version for example, the "Domain Admins" group > > has become "Administrateurs du domaine" or something like that (how > > about logging into your Unix station with "racine" instead of "root" ? > > they really don't think a second when it comes to fool with OS > > *constants* in the name of localization). > > My german NT WS 4.0 recognizes Domain Admins as "Domänenadministratoren" > the german term for Domain Admins. > > Is it possible that NT internally uses s.th. like "group ids" and > recognizes the Domain Admin group by looking at this id, not at the name no. do this: unix$ rpcclient -S nt_wks -U% -l log smb> lsaquery [Domain: ...] smb> lookupnames Domssnenadministratoren Name: Domss... SID: S-1-5-21-nnn-nnn-nnn-513 smb> exit unix$ From simon.mccartney at dnet.co.uk Mon Feb 8 19:35:59 1999 From: simon.mccartney at dnet.co.uk (Simon McCartney) Date: Tue Dec 2 02:25:10 2003 Subject: Sparc IPC's In-Reply-To: Message-ID: <000001be539a$418421c0$2b02a8c0@zeus.dnet.co.uk> I'm running Samba 2.0 on RH5.2 which is running on a 386dx40 20Mb RAM box, everything is fine, including SWAT, although domain logon's can be a bit sluggish... > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Jason H. Reeves > Sent: 02 February 1999 14:16 > To: Multiple recipients of list > Subject: Re: Sparc IPC's > > > > On Tue, 2 Feb 1999, Simon Murcott wrote: > > |~~>Has anyone tried to run samba on a slow machine like a > SparcStation IPC? > > I'm running Samba 2.0 on an IPC with Solaris 2.6 (no CDE) and it > seems to like it just fine. The only thing that's really sluggish is > SWAT. It's much faster for me to just edit smb.conf. I'm sure on > faster systems SWAT is a nice tool, but it's not the answer for slower > systems. As long as you're not planning on running SWAT, though, you > should be ok. > > > 0010010010010101001001010100101010010100101010010101001001010100100101 > 0 > 1 > 1 jason h. reeves - - kc5ttq > 1 > 0 java.person > 0 > 1 computingServices > 1 > 0 universityOfArkansas > 0 > 0 > 1 > > 1010100101010101010121010010101010010101110101010100101010010110101010 > ^ > |____ the 'maybe' bit - the future of > computing... > y > > From bilo at sslmit.unibo.it Mon Feb 8 20:22:11 1999 From: bilo at sslmit.unibo.it (Gabriele Carioli) Date: Tue Dec 2 02:25:10 2003 Subject: Using-UsrMgr.exe/SvrMgr.exe-with-Samba howto anywhere? Message-ID: <007201be53a0$b62c9380$6401a8c0@jose.macondo.net> Hi everybody I've lurked through the old messages posted to this list, and I ve seen some of them regarding the possibility of using Usrmgr.exe to browse/change user profiles/passwords on a Samba server. I'm using Samba 2.0.2 on RedHat Linux 5.2 (kernel 2.0.6). Could anybody please address me to a document expaining how to do it? Thanks in advance. P.S. I'm not sure wether this is the right place to ask for my problem or not. In the case it's not, please, accept my apologies From abakun at reac.com Mon Feb 8 23:14:30 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:10 2003 Subject: logfile-analyzer References: Message-ID: <36BF6FD6.1EA0735E@reac.com> Luke Kenneth Casson Leighton wrote: > i would like to see samba capable of reporting through nt "event viewer". I, for one, wouldn't. NT's Event Viewer is pure crap. You can't sort the columns, nor can you search it effectively. A text file coupled with grep has served my purposes, and if you need more than that, you can parse a flat text file and put it into an SQL database of some sort, thereby giving you even more options than NT's Event Viewer does in terms of report generation. From lkcl at switchboard.net Mon Feb 8 23:34:10 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:10 2003 Subject: logfile-analyzer In-Reply-To: <36BF6FD6.1EA0735E@reac.com> Message-ID: On Tue, 9 Feb 1999, Andy Bakun wrote: > Luke Kenneth Casson Leighton wrote: > > > i would like to see samba capable of reporting through nt "event viewer". > > I, for one, wouldn't. NT's Event Viewer is pure crap. You can't sort the :-) i was thinking in terms of implementing both client and server: rpcclient and smbd. that way you can grab all events, output them to a text file and you get the best of both worlds in both nt and unix. luke From michel at nijenrode.nl Mon Feb 8 23:44:39 1999 From: michel at nijenrode.nl (Michel) Date: Tue Dec 2 02:25:11 2003 Subject: logfile-analyzer In-Reply-To: Your message of "Tue, 09 Feb 1999 10:16:56 +1100." <36BF6FD6.1EA0735E@reac.com> Message-ID: <199902082344.AAA10488@bordeaux.nijenrode.nl> Additionally, if there's *anything at all* you want to have if everything else fails, is a logfile. To have such a a thing available, it should be reliable. A textdump to disk is about as reliable as you can get; introducing going through a layer like event viewer introduces potential unreliable factors. However, it would be nice to have such as an aditional option - severe errors go to a file, but this and extended logging could be redirected to other resources, perhaps through ODBC. This would enable powerful automated escalation facilities for use in (for example) helpdesk software or other databases. Taking this a step further (and diverting slightly off topic), such an ODBC interface would also be very nifty for configuration purposes (for example, to manage group shares and priviliges for users and even importing/adding new users to the system userbase from a master database that contains the staff/student records). I reckon that stuffing (whatever) info from samba to an ODBC server would not be that difficult, but pulling (configurational) info from such a server into samba would pose a challenge. Would there be others interested in such a feature? Michel. (this should probably be on the generic list) -- Michel van der Laan - michel@nijenrode.nl http://www.nijenrode.nl/~michel In your mail from 9-2-1999 you write: > Luke Kenneth Casson Leighton wrote: > > > i would like to see samba capable of reporting through nt "event viewer". > > I, for one, wouldn't. NT's Event Viewer is pure crap. You can't sort the > columns, nor can you search it effectively. A text file coupled with grep ha >s > served my purposes, and if you need more than that, you can parse a flat text > file and put it into an SQL database of some sort, thereby giving you even mo >re > options than NT's Event Viewer does in terms of report generation. From lkcl at switchboard.net Mon Feb 8 23:44:52 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: C00000BE hack-around In-Reply-To: Message-ID: ok. jeremy's fixed this in 2.0.2, i've fixed it in main branch. could people please attempt to download the latest cvs (and try a password change if you have nt 4 sp3) and test it? if you are using cvs main branch be warned: you may get a BSOD when logging in, i have *no* idea what is causing this! luke > > The cause of this problem seems to be certain unicode strings stored > > internally in byte arrays as "a\0b\0" rather than "\0a\0b", so when > > trying to be converted to ascii strings, routines like unistrn2 get > > it wrong and return "\0\0" instead of "ab". > > as matt chapman mentions, the use of SVAL instead of a typecast will swap > the byte correctly, converting char* to wide-char correctly on a > per-system basis. > > your solution is correct for you, benjamin, because you are using a server > that has a byte order opposite to intel processors. From tas at microdisplay.com Mon Feb 8 23:48:32 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:11 2003 Subject: Sporadic Password Sync (?) Message-ID: <001601be53bd$88d7a1f0$f2c6d6cf@ebola.microdisplay.com> Hi, I wrapped my /usr/bin/passwd program in a bash script so I could script synconization to a database(mysql) with the encryption left in the /etc/passwd file. Changing passwords on my local machine works only occasionally, and I have no clue as to why. Does NT store passwords in a buffer or use a timer to prevent rapid changes, or for changing passwords to previous passwords? My scripts work perfectly as root, and like I said, 1 out of 10 attempts suddenly goes through perfectly. The "lock workstation" NT option seems to use a password stored someplace (I get no net traffic from this). Thanks, Todd [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] From tas at microdisplay.com Tue Feb 9 00:12:37 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:11 2003 Subject: Sporadic Password Sync (?) In-Reply-To: <001601be53bd$88d7a1f0$f2c6d6cf@ebola.microdisplay.com> Message-ID: <001701be53c0$e66b23c0$f2c6d6cf@ebola.microdisplay.com> Actually, it seems I can sync passwords but only after each and every smbd server restart! -Todd > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Todd Stiers > Sent: Monday, February 08, 1999 3:54 PM > To: Multiple recipients of list > Subject: Sporadic Password Sync (?) > > > Hi, > > I wrapped my /usr/bin/passwd program in a bash script so I could > script synconization to a database(mysql) with the encryption left > in the /etc/passwd file. > > Changing passwords on my local machine works only occasionally, > and I have no clue as to why. > > Does NT store passwords in a buffer or use a timer to prevent > rapid changes, or for changing passwords to previous passwords? > My scripts work perfectly as root, and like I said, 1 out of 10 attempts > suddenly goes through perfectly. > > The "lock workstation" NT option seems to use a password stored someplace > (I get no net traffic from this). > > Thanks, > Todd > > [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] > From tas at microdisplay.com Tue Feb 9 00:56:31 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:11 2003 Subject: Sporadic Password Sync (?) In-Reply-To: <001701be53c0$e66b23c0$f2c6d6cf@ebola.microdisplay.com> Message-ID: <001a01be53c7$081f9f40$f2c6d6cf@ebola.microdisplay.com> Okay, so heres the pattern. I can ONLY change passwords from the NT system if the password being generated was done so by hand using "smbpasswd". The NT machine DOES indeed change the password entry in the smbpasswd file, but it does not get used by subsequent changes. The pattern holds for 8 and 6 character long passwords... -Todd From alex at gsm.adelaide.edu.au Tue Feb 9 13:49:37 1999 From: alex at gsm.adelaide.edu.au (Alex Ardalich) Date: Tue Dec 2 02:25:11 2003 Subject: Possible to have a NT Server not try and be a PDC? Message-ID: <19990210001936.A29720@gsm.adelaide.edu.au> Heyas, I've been using Samba 1.9.x for over a year to serve everyone within the dept, using a NT Server as a password host. I've been testing 2.0.1 as a PDC and implemented it today with great success (except printing broke, but I just switched to using TCP/IP printing services). I have the following in the smb.conf... os level = 2 domain master = yes preferred master = yes but the NT Server still wants to answer when adding a machine to a domain. Is there anyway to have the NT Server on the same domain and sit there quietly? Thanks, Alex From cartegw at Eng.Auburn.EDU Tue Feb 9 14:09:33 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:25:11 2003 Subject: Possible to have a NT Server not try and be a PDC? References: <19990210001936.A29720@gsm.adelaide.edu.au> Message-ID: <36C0419D.2667FEED@eng.auburn.edu> Alex Ardalich wrote: > > but the NT Server still wants to answer when adding a machine to > a domain. > > Is there anyway to have the NT Server on the same domain and > sit there quietly? Not as a PDC. Your PDC must register the DOMAIN<1b> name record. This is how clients locate the domain controller. > os level = 2 ^^ This should be higher so as to win the election and register the name. > domain master = yes > preferred master = yes jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Tue Feb 9 16:03:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <36C04A97.9ADDA454@unfall.klinik.uni-mainz.de> Message-ID: On Tue, 9 Feb 1999, Christian Ambach wrote: > > unix$ rpcclient -S nt_wks -U% -l log > > smb> lsaquery > > [Domain: ...] > > > > smb> lookupnames Domssnenadministratoren > > Name: Domss... SID: S-1-5-21-nnn-nnn-nnn-513 > > > > smb> exit > > unix$ > > I only receive NT_STATUS_NONE_MAPPED either when using > "Domänenadministratoren" nor using "Domain Admins" ok, the syntax may be lookupnames \YOUR_DOMAIN\... - try that. From lkcl at switchboard.net Tue Feb 9 16:02:44 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: Possible to have a NT Server not try and be a PDC? In-Reply-To: <19990210001936.A29720@gsm.adelaide.edu.au> Message-ID: On Wed, 10 Feb 1999, Alex Ardalich wrote: > Heyas, > > I've been using Samba 1.9.x for over a year to serve everyone > within the dept, using a NT Server as a password host. as a PDC? you cannot ever have two PDCs. you will need to disable one of them. From ambach at unfall.klinik.uni-Mainz.de Tue Feb 9 14:47:51 1999 From: ambach at unfall.klinik.uni-Mainz.de (Christian Ambach) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? References: Message-ID: <36C04A97.9ADDA454@unfall.klinik.uni-mainz.de> Luke Kenneth Casson Leighton schrieb: > > My german NT WS 4.0 recognizes Domain Admins as "Dom?nenadministratoren" > > the german term for Domain Admins. > > > > Is it possible that NT internally uses s.th. like "group ids" and > > recognizes the Domain Admin group by looking at this id, not at the name > > no. do this: > > unix$ rpcclient -S nt_wks -U% -l log > smb> lsaquery > [Domain: ...] > > smb> lookupnames Domssnenadministratoren > Name: Domss... SID: S-1-5-21-nnn-nnn-nnn-513 > > smb> exit > unix$ I only receive NT_STATUS_NONE_MAPPED either when using "Dom?nenadministratoren" nor using "Domain Admins" Christian Ambach From hliao at calstatela.edu Tue Feb 9 19:55:40 1999 From: hliao at calstatela.edu (Henry Liao) Date: Tue Dec 2 02:25:11 2003 Subject: integrate Exchange 5.5 w/ SAMBA PDC In-Reply-To: <36BA6528.E90835B2@math.ohio-state.edu> Message-ID: Chad, Thank you for the 5-minute info on your web site. I tried it with 2.0.2 but still no dice. Here is a script of my test run. I am getting an ERRSRV error and my NT server (has Exchange 5.5) doesn't see it on the Network Neighborhood or map any network drive from SAMBA PDC. tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) My ultimate goal is to integrate MS Exchange 5.5 w/ a SAMBA PDC, so exchange server will use SAMBA PDC for authentication. I have tried the HEAD branch from the CVS source or SAMBA 2.0x w/ no luck. I must be doing something wrong and/or the capability is not there yet. Has any brave soul tried this yet?? TIA -Henry Liao o Network Systems Group )> Henry.Liao@calstatela.edu Cal State Univ, Los Angeles ___./]___ http://www.calstatela.edu/staff/hliao -----test run script on a Solaris 2.7 running SAMBA 2.0.2----- Script started on Tue Feb 09 11:32:45 1999 edgemail:root> /bin/csh edgemail#(/ )>cd samba/bin /usr/local/samba/bin edgemail#(/usr/local/samba/bin )>testparm Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[Profiles]" Processing section "[printers]" Processing section "[public]" Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters workgroup = NIS netbios name = EDGEMAIL netbios aliases = server string = EDGEMAIL SAMBA Server interfaces = 130.182.118.3/24 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No use rhosts = No map to guest = Never null passwords = No password server = smb passwd file = /usr/local/samba/private/smbpasswd hosts equiv = root directory = / passwd program = /bin/passwd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No log level = 2 syslog = 1 syslog only = No log file = /usr/local/samba/var/log.%m max log size = 100 timestamp logs = Yes protocol = NT1 read bmpx = Yes read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = lpstat printer driver file = /usr/local/samba/lib/printers.def strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = %U.bat logon path = \\%N\%U\profiles logon drive = logon home = \\%N\%U domain logons = Yes os level = 0 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes dns proxy = Yes wins proxy = No wins server = wins support = Yes kernel oplocks = Yes ole locking compatibility = Yes smbrun = /usr/local/samba/bin/smbrun config file = preload = lock dir = /usr/local/samba/var/locks default service = message command = dfree command = valid chars = remote announce = 130.182.118.255 130.182.7.255 remote browse sync = 130.182.118.255 130.182.118.21 130.182.118.8 130.182.7.2 socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = nobody invalid users = valid users = admin users = hliao read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 guest only = No guest ok = No only user = No hosts allow = 130.182.118. 130.182.7. 127. hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = sysv print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = lpc stop %p queueresume command = lpc start %p printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes strict locking = No share modes = Yes copy = include = exec = postexec = root preexec = root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [homes] comment = Home Directories read only = No create mask = 0755 browseable = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes share modes = No [Profiles] comment = Windows User Profiles path = /home/%U/profiles read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /usr/spool/samba print ok = Yes browseable = No [public] path = /a/public read only = No guest ok = Yes edgemail#(/usr/local/samba/bin )>cd ../lib edgemail#(/usr/local/samba/lib )>cat smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 netbios name = EDGEMAIL workgroup = NIS # server string is the equivalent of the NT Description field server string = EDGEMAIL SAMBA Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 130.182.118. 130.182.7. 127. ; hosts equiv = /usr/local/samba/lib/hosts.equiv # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest guest account = nobody # this tells Samba to use a separate log file for each machine # that connects log file = /usr/local/samba/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 100 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 interfaces = 130.182.118.3/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 ; remote browse sync = 130.182.118.255 130.182.118.21 130.182.118.8 remote browse sync = 130.182.118.255 130.182.118.21 130.182.118.8 130.182.7.2 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 ; remote announce = 130.182.118.255 130.182.117.255 130.182.113.255 130.182.7.255 remote announce = 130.182.118.255 130.182.7.255 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 ; os level = 2 ; log level = 2 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes ; domain sid=S-1-5-21-123-456-789 # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U logon home = \\%N\%U logon path = \\%N\%U\profiles logon script = %U.bat # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. ; domain admin users = hliao,sysop,eyeh ; domain guest users = nobody admin users = hliao #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no read only = no create mode = 0755 guest ok = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] comment = Windows User Profiles path = /home/%U/profiles browseable = no guest ok = yes writeable = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /usr/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 [public] path = /a/public public = yes ; only guest = yes writable = yes printable = no browseable = yes edgemail#(/usr/local/samba/lib )>cd ../private edgemail#(/usr/local/samba/private )>cat smbpasswd EXCHANGE$:61001:D307B2351E87800017306D272A9441BB:B01939617C167DFBE37D3A22D9BF8861:[W ]:LCT-36C078F2: ASSET$:61003:4D7E4C604112C960AAD3B435B51404EE:6510A46013FF324E735C64228EC5B059:[W ]:LCT-36C078F2: CIRCUS$:61005:2E85509B18961412AAD3B435B51404EE:919A7D00C9570CCF878DD5E08B0157D9:[W ]:LCT-36C078F2: PLUTO$:61006:D2C66974B9C3D9F4AAD3B435B51404EE:8DDD5EE55C7D5BFD6DAC4C04421B8C1F:[W ]:LCT-36C078F2: CLOWN$:61002:2A1EE97E6A4F8BFAAAD3B435B51404EE:AD0CEBEC10C29E2A596F502C5E4D1227:[W ]:LCT-36C078F2: EDGEMAIL$:61007:27C4242F916F1866F500944B53168930:CE10AE705601AD969ACFDE33DA69E677:[W ]:LCT-36C078F2: NIS$:61008:0B60F97DB227B081AAD3B435B51404EE:1F55C8D149A357B39A55E66287C2B7A6:[W ]:LCT-36C078F2: NIS2$:61009:2186D2A00FB182C4AAD3B435B51404EE:F10C913D435C60D0AE4B157FB1BE67AD:[W ]:LCT-36C078F2: hliao:99:0D43A9552C1361DD9C5014AE4718A7EE:BFDD15F02CACB392283F05152DF52D30:[U ]:LCT-36C078F7: eyeh:51111:E1479D95ADEB99E517306D272A9441BB:7988F188B70CC265D8705757C0E21256:[U ]:LCT-36C078FA: seng:10122:3C92959E453B56DB17306D272A9441BB:9F5481507F64642CBD05A8A9C1F5A32E:[U ]:LCT-36C078FF: edgemail#(/usr/local/samba/private )>egrep -i exchange /etc/passwd /etc/shadow /etc/passwd:EXCHANGE$:x:61001:60001:exchange:/dev/null:/bin/false /etc/shadow:EXCHANGE$:NP:6445:::::: edgemail#(/usr/local/samba/private )>sed '/EXCHANGE/d' smbpasswd > 1 edgemail#(/usr/local/samba/private )>mv 1 smbpasswd edgemail#(/usr/local/samba/private )>cat smbpasswd ASSET$:61003:4D7E4C604112C960AAD3B435B51404EE:6510A46013FF324E735C64228EC5B059:[W ]:LCT-36C078F2: CIRCUS$:61005:2E85509B18961412AAD3B435B51404EE:919A7D00C9570CCF878DD5E08B0157D9:[W ]:LCT-36C078F2: PLUTO$:61006:D2C66974B9C3D9F4AAD3B435B51404EE:8DDD5EE55C7D5BFD6DAC4C04421B8C1F:[W ]:LCT-36C078F2: CLOWN$:61002:2A1EE97E6A4F8BFAAAD3B435B51404EE:AD0CEBEC10C29E2A596F502C5E4D1227:[W ]:LCT-36C078F2: EDGEMAIL$:61007:27C4242F916F1866F500944B53168930:CE10AE705601AD969ACFDE33DA69E677:[W ]:LCT-36C078F2: NIS$:61008:0B60F97DB227B081AAD3B435B51404EE:1F55C8D149A357B39A55E66287C2B7A6:[W ]:LCT-36C078F2: NIS2$:61009:2186D2A00FB182C4AAD3B435B51404EE:F10C913D435C60D0AE4B157FB1BE67AD:[W ]:LCT-36C078F2: hliao:99:0D43A9552C1361DD9C5014AE4718A7EE:BFDD15F02CACB392283F05152DF52D30:[U ]:LCT-36C078F7: eyeh:51111:E1479D95ADEB99E517306D272A9441BB:7988F188B70CC265D8705757C0E21256:[U ]:LCT-36C078FA: seng:10122:3C92959E453B56DB17306D272A9441BB:9F5481507F64642CBD05A8A9C1F5A32E:[U ]:LCT-36C078FF: edgemail#(/usr/local/samba/private )>egrep -i exchange /etc/passwd /etc/shadow /etc/passwd:EXCHANGE$:x:61001:60001:exchange:/dev/null:/bin/false /etc/shadow:EXCHANGE$:NP:6445:::::: edgemail#(/usr/local/samba/private )>smbpasswd -a -m EXCHANGE Added user EXCHANGE$. Password changed for user EXCHANGE$ edgemail#(/usr/local/samba/private )>!cat cat smbpasswd ASSET$:61003:4D7E4C604112C960AAD3B435B51404EE:6510A46013FF324E735C64228EC5B059:[W ]:LCT-36C078F2: CIRCUS$:61005:2E85509B18961412AAD3B435B51404EE:919A7D00C9570CCF878DD5E08B0157D9:[W ]:LCT-36C078F2: PLUTO$:61006:D2C66974B9C3D9F4AAD3B435B51404EE:8DDD5EE55C7D5BFD6DAC4C04421B8C1F:[W ]:LCT-36C078F2: CLOWN$:61002:2A1EE97E6A4F8BFAAAD3B435B51404EE:AD0CEBEC10C29E2A596F502C5E4D1227:[W ]:LCT-36C078F2: EDGEMAIL$:61007:27C4242F916F1866F500944B53168930:CE10AE705601AD969ACFDE33DA69E677:[W ]:LCT-36C078F2: NIS$:61008:0B60F97DB227B081AAD3B435B51404EE:1F55C8D149A357B39A55E66287C2B7A6:[W ]:LCT-36C078F2: NIS2$:61009:2186D2A00FB182C4AAD3B435B51404EE:F10C913D435C60D0AE4B157FB1BE67AD:[W ]:LCT-36C078F2: hliao:99:0D43A9552C1361DD9C5014AE4718A7EE:BFDD15F02CACB392283F05152DF52D30:[U ]:LCT-36C078F7: eyeh:51111:E1479D95ADEB99E517306D272A9441BB:7988F188B70CC265D8705757C0E21256:[U ]:LCT-36C078FA: seng:10122:3C92959E453B56DB17306D272A9441BB:9F5481507F64642CBD05A8A9C1F5A32E:[U ]:LCT-36C078FF: EXCHANGE$:61001:D307B2351E87800017306D272A9441BB:B01939617C167DFBE37D3A22D9BF8861:[W ]:LCT-36C08DDB: edgemail#(/usr/local/samba/private )>/etc/init.d/sambaserver stop Stopping Samba SMB server. edgemail#(/usr/local/samba/private )>/etc/init.d/samba.server start Starting Samba SMB server. # # press on the password prompt, and gives me error # edgemail#(/usr/local/samba/private )>smbclient -L edgemail Added interface ip=130.182.118.3 bcast=130.182.118.255 nmask=255.255.255.0 Password: tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) # # enter passwd for eyeh, and it gives me output # edgemail#(/usr/local/samba/private )>smbclient -L edgemail -U eyeh Added interface ip=130.182.118.3 bcast=130.182.118.255 nmask=255.255.255.0 Password: Sharename Type Comment --------- ---- ------- HOME Disk home IPC$ IPC Remote IPC Server Comment --------- ------- EDGEMAIL NB server on edgemail Workgroup Master --------- ------- ATS LIANG CSLA-NIS CIRCUS NIS2 EXCHANGE REALAV STREAMER WORKGROUP DU2 # # enter passwd for eyeh, and it gives me output, again # edgemail#(/usr/local/samba/private )>smbclient -L edgemail -U eyeh Added interface ip=130.182.118.3 bcast=130.182.118.255 nmask=255.255.255.0 Password: Sharename Type Comment --------- ---- ------- HOME Disk home IPC$ IPC Remote IPC Server Comment --------- ------- EDGEMAIL EDGEMAIL SAMBA Server Workgroup Master --------- ------- ATS LIANG CSLA-NIS CIRCUS NIS EDGEMAIL NIS2 EXCHANGE REALAV STREAMER WORKGROUP DU2 edgemail#(/usr/local/samba/bin )>. edgemail#(/usr/local/samba/bin )>edgemail:root> ^D script done on Tue Feb 09 11:36:23 1999 From mp at agymk.mumszki.hu Tue Feb 9 22:24:47 1999 From: mp at agymk.mumszki.hu (Martha Peter) Date: Tue Dec 2 02:25:11 2003 Subject: Samba 2.0.0 and ipfwadm on Linux Message-ID: Hi I have a little problem with $SUBJECT. I must totally open our firewall to let samba be the domain controller. If i open only udp ports 137-138 and tcp port 137-139 samba doesn't handle domain logons, i get "domain Controller cannot be found" errors. But this is the case when i let a specific client to access the samba server at any ports. Is it a linux (ipfwadm) problem or a samba "feature"? I also think i did something wrong, but any other programs work well. Thanks in advance. Peter From greg at discreet.com Tue Feb 9 23:18:33 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:11 2003 Subject: Good news and bad news Message-ID: First the good news: with the latest CVS I no longer get the BSOD, I also no longer crash lsass !? This is great, don't break it puleez Now the bad news: Domain User manager cannot find the PDC but I just logged onto the domain ? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From yan at cardinalengineering.com Wed Feb 10 11:45:14 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:25:11 2003 Subject: Samba 2.0.0 and ipfwadm on Linux References: Message-ID: <36C1714A.6B8382AD@cardinalengineering.com> The client connects from a random unpriviledged port to 139. You need to open your firewall for connections from 1024:65535 to 139 on the server for tcp protocol. If you know the name of the service, and don't need browsing, that is the only service you need. 138 and 137 are used for browsing and name resolution. I've had good luck running a little identd daemon on Win32 machines, and using tcpwrappers to restrict by user and machine who can log on. See http://gpu.srv.ualberta.ca/lynx/lynx/HELP/modem/ident-win.html Yan Martha Peter wrote: > Hi > > I have a little problem with $SUBJECT. I must totally open our firewall > to let samba be the domain controller. If i open only udp ports 137-138 > and tcp port 137-139 samba doesn't handle domain logons, i get "domain > Controller cannot be found" errors. But this is the case when i let a > specific client to access the samba server at any ports. > Is it a linux (ipfwadm) problem or a samba "feature"? I also think i did > something wrong, but any other programs work well. Thanks in advance. > > Peter From greg at discreet.com Wed Feb 10 12:38:54 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:11 2003 Subject: something is missing Message-ID: Hi, Today's CVS report: Logging in to domain leaves HOMEDRIVE HOMEPATH LOGONSERVER USERDOMAIN USERNAME all uninitialised. This is no doubt related to yesterdays report of not being able to find a PDC. I can login however... ? Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lex at tor.prima.tu-chel.ac.ru Wed Feb 10 13:17:18 1999 From: lex at tor.prima.tu-chel.ac.ru (Bic) Date: Tue Dec 2 02:25:11 2003 Subject: Trouble Message-ID: Hello! I have some trouble with HEAD branch Samba-2.1.0 I have installed it and added my NT workstation in Domain... Everithing looks good. I took smb.conf from Samba-2.0.0 and have changed something in it like domain group map, domain user map and have removed domain groups and so on... When I tried to login from NT workstation it says that everiting is ok and when it trieing to attemp to existing profile (created by previous version of Samba. And everything was working with Samba-2.0.0) NT WS show very blue display :) and claims that IRQL_NOT_LESS_OR_EQUAL error detected in file ntoskrnl.exe What that may means? Cheers, SaLiK. From Bas.Kelderman at eptl.elf-p.fr Wed Feb 10 14:01:31 1999 From: Bas.Kelderman at eptl.elf-p.fr (Bas.Kelderman@eptl.elf-p.fr) Date: Tue Dec 2 02:25:11 2003 Subject: Domain logons for NT WS Message-ID: I upgraded to samba 2.0.2 yesterday hoping that finally the only NT WS on my network would be able to logon to the domain. I tried adding the machine to the smdpasswd file but when I tried this I constanly got an "user MACHINE$ unknown in system passwd file". I hope that I don't have to create an account for eacht NT WS in the system psswd file? The Win9x machines al log on the domain very nicely, logon paths are defined though the profiles are kept in the users home directories (this because users all have their own station and don't, or hardly ever, switch workstation). Is there an easy way to get the NT machine to log on to the domain? Thanks in advance. Bas From greg at discreet.com Wed Feb 10 14:14:11 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:11 2003 Subject: Domain logons for NT WS In-Reply-To: Message-ID: Hi Bas, Unfortunately you do, in fact, have to create a regular UNIX user account for each workstation. Give them a locked password, a bogus home directory and shell though, all it needs is the UID and GID. Don't blame samba, blame Windoze! Greg On 10-Feb-99 Bas.Kelderman@eptl.elf-p.fr wrote: > I upgraded to samba 2.0.2 yesterday hoping that finally the only NT WS > on my network would be able to logon to the domain. I tried adding the > machine to the smdpasswd file but when I tried this I constanly got an > "user MACHINE$ unknown in system passwd file". I hope that I don't have > to create an account for eacht NT WS in the system psswd file? > > The Win9x machines al log on the domain very nicely, logon paths are > defined though the profiles are kept in the users home directories > (this because users all have their own station and don't, or hardly > ever, switch workstation). > Is there an easy way to get the NT machine to log on to the domain? > > Thanks in advance. > Bas --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jaeger at morpheus.net Wed Feb 10 14:37:03 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:25:11 2003 Subject: nmbd problems Message-ID: <36C1998F.FE8EB459@morpheus.net> For some reason, using EITHER the cvs tree or the released source from the samba.org ftp mirrors, whenever I start smbd and nmbd, nmbd always dies immediately after. Anyone know what the problem might be? I haven't found this in the docs, but I'll continue to look. Has this been asked on the list before, and if so, are there archives of this list? I'll go look through them, rather than waste time rehashing it on the list itself. TIA, Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From lkcl at switchboard.net Wed Feb 10 19:28:55 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: Good news and bad news In-Reply-To: Message-ID: On Wed, 10 Feb 1999, Greg Dickie wrote: > > First the good news: with the latest CVS I no longer get the BSOD, I also no > longer crash lsass !? This is great, good. > don't break it puleez hur hur hur. > Now the bad news: Domain User manager cannot find the PDC but I just logged > onto the domain ? no rest for the wicked. *sigh* send me a debug log... From cly at sunshine.bke.hu Wed Feb 10 21:35:53 1999 From: cly at sunshine.bke.hu (Dobos =?ISO-8859-1?Q?S=E1ndor?=) Date: Tue Dec 2 02:25:11 2003 Subject: interesting thing in log.nmb...TCPIP slowdown on some machines. Message-ID: <36C1FBB9.373BD416@sunshine.bke.hu> I found a letter on the board about the tcpip slowdown on some machines, which are connected to samba. I met the same thing, but: I have 3 NT-s, two of them does the next thing: if I start ftp or telnet, the program starts very slowly. It means, the program dont appears on the desktop for some tens of seconds! But after about 60 secs it appears, and works. The third works fine. I found the next thing in my log.nmb: .... MBAPLANNING(1) current master browser = BEETHOVEN BEETHOVEN 400c9b2b (Beethoven szervere) PC1 40011003 () PC3 40011203 () PC2 40011003 () .... This repeats again in "normal" state of operation. PC3 is the good working machine, and PC1 and PC2 are the bad? Something relation between telnet-problem and this? (the above numbers seems like status "bits"...but You know this sure...I dont) Ps: To this problem the previous answer was the bad configuration of DNS. I dont think that this is the problem. I checked named, all config files, named mem-cache, the hosts and lmhosts files, the machines network config... they are the same except the tcp numbers, but they are consistent in all data-places... Cly From lkcl at switchboard.net Wed Feb 10 19:45:23 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: Trouble In-Reply-To: Message-ID: On Thu, 11 Feb 1999, Bic wrote: > Hello! > > I have some trouble with HEAD branch Samba-2.1.0 updated from when? the issue you describe was yesterday's problem :) From pfrazao at ualg.pt Wed Feb 10 20:37:45 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:11 2003 Subject: Samba 2.0.2 PDC, Shares and Printers Message-ID: <36C1EE19.3E5F2F4@ualg.pt> Hi All, I am trying to set up a Samba PDC, which will have NT Workstations, W95 and W98 as clients. User authentication is ok, roaming profiles are ok, access to PDC shares is ok. Good Work. Problems: 1) In two NT Wkst clients I would like to share a disk or be able to access their c$ share. I can not do it because I can not set permissions on the new share, and accessing trough \\machine\c$ never gives me access irrespective of user/pass combination used. 2) I have two printers set up at the PDC. W95 clients are ok to print and manage printer properties. NT Wkst clients can print but they can not set other printer properties (paper type, size, stuff ...). Problem number one is very important to me, so if anybody has got a hint I would apreciate. Thanks. Below I am sending parts of smb.conf file: # Global parameters workgroup = BLABLA server string = blabla encrypt passwords = Yes name resolve order = wins bcast lmhosts host socket options = TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=4096 SO_SNDBUF=4096 domain admin group = root domain admin users = root logon path = \\%L\%U\WinProfile logon drive = z: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes message command = csh -c 'xedit %s;rm %s' & create mask = 0740 directory mask = 0750 printing = lprng [oki16] comment = OKI Okipage 16n LED Page Printer path = /tmp print ok = Yes postscript = Yes printer driver = OKIDATA OKIPAGE 16n [epson800] comment = EPSON Stylus Color 800 path = /tmp print ok = Yes printer driver = EPSON Stylus COLOR 800 Thanks, Pedro From lkcl at switchboard.net Wed Feb 10 21:23:54 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: interesting thing in log.nmb...TCPIP slowdown on some machines. In-Reply-To: <36C1FBB9.373BD416@sunshine.bke.hu> Message-ID: On Thu, 11 Feb 1999, Dobos [ISO-8859-1] Sándor wrote: > I found a letter on the board about the tcpip slowdown on some machines, > which are connected to samba. I met the same thing, but: > I have 3 NT-s, two of them does the next thing: if I start ftp or > telnet, the program starts very slowly. It means, the program dont > appears on the desktop for some tens of seconds! But after about 60 secs do you also have ipx/spx+NetBIOS or NETBEUI+NetBIOS running on those machines? this is guaranteed to slow down the resolution of NetBIOS names. luke From ambach at unfall.klinik.uni-mainz.de Wed Feb 10 10:59:55 1999 From: ambach at unfall.klinik.uni-mainz.de (Christian Ambach) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? References: Message-ID: <36C166AB.324BB073@unfall.klinik.uni-mainz.de> Luke Kenneth Casson Leighton schrieb: > > On Tue, 9 Feb 1999, Christian Ambach wrote: > > > > unix$ rpcclient -S nt_wks -U% -l log > > > smb> lsaquery > > > [Domain: ...] > > > > > > smb> lookupnames Domssnenadministratoren > > > Name: Domss... SID: S-1-5-21-nnn-nnn-nnn-513 > > > > > > smb> exit > > > unix$ > > > > I only receive NT_STATUS_NONE_MAPPED either when using > > "Dom?nenadministratoren" nor using "Domain Admins" > > ok, the syntax may be lookupnames \YOUR_DOMAIN\... - try that. Hmm, lookup names \MY_DOMAIN\Domain Admins differs from \MY_DOMAIN\Dom?nenadministratoren Christian Ambach From lkcl at switchboard.net Wed Feb 10 22:55:14 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <36C166AB.324BB073@unfall.klinik.uni-mainz.de> Message-ID: On Wed, 10 Feb 1999, Christian Ambach wrote: > Luke Kenneth Casson Leighton schrieb: > > > > On Tue, 9 Feb 1999, Christian Ambach wrote: > > > > > > unix$ rpcclient -S nt_wks -U% -l log > > > > smb> lsaquery > > > > [Domain: ...] > > > > > > > > smb> lookupnames Domssnenadministratoren > > > > Name: Domss... SID: S-1-5-21-nnn-nnn-nnn-513 > > > > > > > > smb> exit > > > > unix$ > > > > > > I only receive NT_STATUS_NONE_MAPPED either when using > > > "Domänenadministratoren" nor using "Domain Admins" > > > > ok, the syntax may be lookupnames \YOUR_DOMAIN\... - try that. > > Hmm, lookup names \MY_DOMAIN\Domain Admins differs from > \MY_DOMAIN\Domänenadministratoren really???! what does it give? very intriguing... don't tell me "Domain Admins" gives 513 and \MY_DOMAIN\Domänenadministratoren gives... oh, i dunno: 1000andsomething? From cly at sunshine.bke.hu Thu Feb 11 09:56:25 1999 From: cly at sunshine.bke.hu (Dobos Sandor) Date: Tue Dec 2 02:25:11 2003 Subject: interesting thing in log.nmb...TCPIP slowdown on some machines. References: Message-ID: <36C2A949.BDD65D78@sunshine.bke.hu> Luke Kenneth Casson Leighton wrote: > On Thu, 11 Feb 1999, Dobos [ISO-8859-1] S?ndor wrote: > > > I found a letter on the board about the tcpip slowdown on some machines, > > which are connected to samba. I met the same thing, but: > > I have 3 NT-s, two of them does the next thing: if I start ftp or > > telnet, the program starts very slowly. It means, the program dont > > appears on the desktop for some tens of seconds! But after about 60 secs > > do you also have ipx/spx+NetBIOS or NETBEUI+NetBIOS running on those > machines? this is guaranteed to slow down the resolution of NetBIOS > names. > > luke Yes, but the same thing happened, when I disabled all protocols but the tcpip. I think, telnet dont need netbios names to work... :-) Cly From chicken at garlic.com Thu Feb 11 09:29:05 1999 From: chicken at garlic.com (Aaron Dougherty) Date: Tue Dec 2 02:25:11 2003 Subject: Password Authentication Message-ID: <003301be55a0$f941a5f0$017b7b7b@empire> Hello, This may be a stupid question, but samba seems like the right place to start looking. I am trying to figure out a way for my Unix logons to authenticate against an NT server. Is there any way to do this? Or could someone help give me a good place to start looking. Thanks. -Aaron From jan.van.rensburg at epiuse.com Thu Feb 11 10:15:22 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:25:11 2003 Subject: network neighborhood problems Message-ID: NN problems again. My samba 2.0.2 server running on RedHat Linux 5.2 doesn't show up in the Network Neighborhood. When i do a find computer, i can find it just fine, browse the shares etc. I've searched through the list archives but don't see anything useful. I double checked my broadcast address on the samba box. The samba server is configured to use an nt wins server. from smb.conf: wins support = no wins server = 10.10.10.10 (nt wins server ip) wins proxy = yes (should i take this out) another stange thing, when i run server administrator the samba machine is greyed out, but when i click on it i can view users, shares etc. any ideas? (i'm fresh out). thanks, --jan van rensburg From chicken at garlic.com Thu Feb 11 11:13:56 1999 From: chicken at garlic.com (Aaron Dougherty) Date: Tue Dec 2 02:25:11 2003 Subject: network neighborhood problems Message-ID: <000a01be55af$a1f77720$017b7b7b@empire> Here's a few things that helped me, when I ran into NN problems 1) Double check the workgroup declared in smb.conf is the same as your win95 workgroup (or winNT domain) 2) Make sure nmbd is running. (I had to restart both the Unix and NT machine before that took) 3) Make sure you have a static IP mapping of the Linux box in your Wins Database. Hope that helps -Aaron ----- Original Message ----- From: Jan van Rensburg To: Multiple recipients of list Sent: Thursday, February 11, 1999 2:18 AM Subject: network neighborhood problems >NN problems again. My samba 2.0.2 server running on RedHat Linux 5.2 doesn't >show up in the Network Neighborhood. When i do a find computer, i can find >it just fine, browse the shares etc. I've searched through the list archives >but don't see anything useful. I double checked my broadcast address on the >samba box. The samba server is configured to use an nt wins server. >from smb.conf: > >wins support = no >wins server = 10.10.10.10 (nt wins server ip) >wins proxy = yes (should i take this out) > >another stange thing, when i run server administrator the samba machine is >greyed out, but when i click on it i can view users, shares etc. > >any ideas? (i'm fresh out). > >thanks, >--jan van rensburg > > From ambach at unfall.klinik.uni-mainz.de Thu Feb 11 10:34:27 1999 From: ambach at unfall.klinik.uni-mainz.de (Christian Ambach) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? References: Message-ID: <36C2B233.F31BA03F@unfall.klinik.uni-mainz.de> Luke Kenneth Casson Leighton schrieb: > > > > > unix$ rpcclient -S nt_wks -U% -l log > > > > > smb> lsaquery > > > > > [Domain: ...] > > > > > > > > > > smb> lookupnames Domssnenadministratoren > > > > > Name: Domss... SID: S-1-5-21-nnn-nnn-nnn-513 > > > > > > > > > > smb> exit > > > > > unix$ > > > > > > > > I only receive NT_STATUS_NONE_MAPPED either when using > > > > "Dom?nenadministratoren" nor using "Domain Admins" > > > > > > ok, the syntax may be lookupnames \YOUR_DOMAIN\... - try that. > > > > Hmm, lookup names \MY_DOMAIN\Domain Admins differs from > > \MY_DOMAIN\Dom?nenadministratoren > > really???! what does it give? very intriguing... don't tell me "Domain > Admins" gives 513 and \MY_DOMAIN\Dom?nenadministratoren gives... oh, i > dunno: 1000andsomething? smb: \> lookup names \UNFALLCHIRURGIE\Domain Admins lookup names \UNFALLCHIRURGIE\Domain Admins Lookup SIDS: SID: S-1-5-21-93602495-1700949397-1959552931-0 -> \PC6\ SID: S-1-5-21-93602495-1700949397-1959552931-0 -> \PC6\ SID: S-1-5-21-93602495-1700949397-1959552931-0 -> \PC6\ smb: \> lookup names \UNFALLCHIRURGIE\Dom?nenadministratoren lookup names \UNFALLCHIRURGIE\Dom?nenadministratoren Lookup SIDS: SID: S-1-5-21-93602495-1700949397-1959552931-0 -> \PC6\ SID: S-1-5-21-93602495-1700949397-1959552931-0 -> \PC6\ smb: \> Why are there less SID when using Dom?nenadministratoren than using Domain Admins ??? Christian Ambach From jan.van.rensburg at epiuse.com Thu Feb 11 13:41:09 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:25:11 2003 Subject: network neighborhood problems Message-ID: thanks for the reply. unfortunately for me i've tried all those things without any luck. i'll let you know when i figure it out. --jan van rensburg > -----Original Message----- > From: Aaron Dougherty [mailto:chicken@garlic.com] > Sent: Thursday, February 11, 1999 1:22 PM > To: Multiple recipients of list > Subject: Re: network neighborhood problems > > > Here's a few things that helped me, when I ran into NN problems > > 1) Double check the workgroup declared in smb.conf is the > same as your win95 > workgroup (or winNT domain) > > 2) Make sure nmbd is running. (I had to restart both the Unix > and NT machine > before that took) > > 3) Make sure you have a static IP mapping of the Linux box in > your Wins > Database. > > Hope that helps > > -Aaron > > ----- Original Message ----- > From: Jan van Rensburg > To: Multiple recipients of list > Sent: Thursday, February 11, 1999 2:18 AM > Subject: network neighborhood problems > > > >NN problems again. My samba 2.0.2 server running on RedHat Linux 5.2 > doesn't > >show up in the Network Neighborhood. When i do a find > computer, i can find > >it just fine, browse the shares etc. I've searched through the list > archives > >but don't see anything useful. I double checked my > broadcast address on > the > >samba box. The samba server is configured to use an nt wins server. > >from smb.conf: > > > >wins support = no > >wins server = 10.10.10.10 (nt wins server ip) > >wins proxy = yes (should i take this out) > > > >another stange thing, when i run server administrator the > samba machine is > >greyed out, but when i click on it i can view users, shares etc. > > > >any ideas? (i'm fresh out). > > > >thanks, > >--jan van rensburg > > > > > From laage at ulm.temic-semi.de Thu Feb 11 16:25:50 1999 From: laage at ulm.temic-semi.de (Mattias Laage) Date: Tue Dec 2 02:25:11 2003 Subject: passwords again Message-ID: <36C3048E.FD9DAD0F@ulm.temic-semi.de> Hello We've got a NT-domain and a HP-UX Net. The connection from NT to Unix-disks works well, I see the Samba Server in the neighborhood. The unix-password of the users are identical with the NT-passwords. But with first samba connection users have to type theirs passwords, the following drive connect automatically. Question: What must I do (how must a smb.conf look like) to get rid of the double password request I tried to find out from smb.conf, but whatever tried without success Mattias Laage Temic Semiconductor GmbH, IT13-UL Lise-Meitner-Str. 4, D 89081 ULM Phone: +49 731 5094 210 Fax: +49 731 5094 288 email: laage@ulm.temic-semi.de From lkcl at switchboard.net Thu Feb 11 17:01:31 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <36C2B233.F31BA03F@unfall.klinik.uni-mainz.de> Message-ID: christian, i'm sorry! firstly, i appear to be *missing* the lookupnames command. secondly, when it is added it will be "lookupnames" not "lookup names". this will attempt to lookup "names". actually it will say "ambiguous command" because lookup* includes lookupsids command as well as lookupnames. thirdly, you will need to put "Domain Admins" in quotes else the command will look up "Domain" and "Admins". luke From lkcl at switchboard.net Thu Feb 11 17:19:31 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: New domain/group maps and localized versions of NT? In-Reply-To: <36C2B233.F31BA03F@unfall.klinik.uni-mainz.de> Message-ID: > smb: \> lookup names \UNFALLCHIRURGIE\Domain Admins > lookup names \UNFALLCHIRURGIE\Domain Admins christian, you are using samba 2.0 aren't you? you will need to use latest cvs version of rpcclient. the above command will do this: lookupsids "names" lookupsids "\UNFALL..\Domain" lookupsids "Admins" which is why you get three responses. compile cvs head branch version of rpcclient and do this EXACTLY as typed: smb: \> lookupnames "UNFALLCHIRURGIE\Domain Admins". then substitute the german version of that name. thanx! From dave at www.buffalostate.edu Thu Feb 11 19:41:09 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:11 2003 Subject: Password Authentication In-Reply-To: <003301be55a0$f941a5f0$017b7b7b@empire> Message-ID: > Hello, > This may be a stupid question, but samba seems like the right place to start > looking. I am trying to figure out a way for my Unix logons to authenticate > against an NT server. Is there any way to do this? Or could someone help > give me a good place to start looking. Thanks. pam_smb.so A pam module to authenticate against a SMB/NT box. Works great, but requires a password entry in the local password file to work ( no password is required, but it needes it for the uid/gid/homdir/shell I beleive) **************** Getting pam_smb: **************** ftp://ftp.csn.ul.ie/pub/linux/pam_smb/ or http://www.csn.ul.ie/~airlied/pam_smb/ Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From matthew at janus.law.usyd.edu.au Thu Feb 11 20:15:57 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:11 2003 Subject: Password less account Message-ID: <199902112015.HAA20552@janus.law.usyd.edu.au> Does samba support the 'no allow user to change password' flag yet ?. I have a 'public' lab - hopefully I can set an empty password so people can just type and get access. I want the machines to login and map drives as a 'dummy' user. I DONT want some wally changing the password on the dummy account. My attempts so far with this have resulted in a machine that auto logins as a local user to the workstation. Unfortunaly, I now cant undo it again - tweekui doesnt have the 'network' tab unless you are admin, and an ordinary user cant edit the registry. (Ive gone and set the entire file system to Read for everybody....) Any one know of an 'su' type command for NT, before I re-install this workstation ?. From andre at anneck.de Thu Feb 11 21:07:07 1999 From: andre at anneck.de (andre@anneck.de) Date: Tue Dec 2 02:25:11 2003 Subject: The latest version? In-Reply-To: References: <003301be55a0$f941a5f0$017b7b7b@empire> Message-ID: <199902112102.WAA09377@bbaer.muenster.de> Hi there... Q: The support for a samba machine to act as a full PDC ist yet not official.. .but... how risky is it to use it... what does work what doesnt.. and.... Is there a -current version later than 2.0.2? The UORMSS - Source Net http://www.anneck.de/rmss ------------------------------------- ICQ# 1339921 | Home: http://anneck.de From simonmu at optimation.co.nz Thu Feb 11 21:28:37 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:25:11 2003 Subject: Password less account In-Reply-To: <199902112015.HAA20552@janus.law.usyd.edu.au> Message-ID: On Fri, 12 Feb 1999, Matthew Geier wrote: > Does samba support the 'no allow user to change password' flag yet ?. > > I have a 'public' lab - hopefully I can set an empty password so people > can just type and get access. I want the machines to login and > map drives as a 'dummy' user. I DONT want some wally changing the password > on the dummy account. > > My attempts so far with this have resulted in a machine that auto > logins as a local user to the workstation. Unfortunaly, I now cant > undo it again - tweekui doesnt have the 'network' tab unless you are > admin, and an ordinary user cant edit the registry. (Ive gone and > set the entire file system to Read for everybody....) > > Any one know of an 'su' type command for NT, before I re-install > this workstation ?. getadmin.exe http://cmp.phys.msu.su/ntclub/pub/code.htm I suspect that SP4 will not allow this to work but from what I understand it users techniques that are deep inside NT's architecture Regards Simon Murcott Man will occasionally stumble over the truth, but most of the time he will pick himself up and continue on. -Churchill From bmacy at sunshinecomputing.com Thu Feb 11 21:36:17 1999 From: bmacy at sunshinecomputing.com (Brian Macy) Date: Tue Dec 2 02:25:11 2003 Subject: [Patch] util_pwdb.c for joining domain.... Message-ID: <019201be5606$8f46d8d0$020210ac@paso.atasd.com> Honestly I have no idea if this is the right fix but it works for me. Basically the Linux Samba box was looking at itself as a password server even though lp_passwordserver() was giving the correct domain controller. Brian Macy --- util_pwdb.c Thu Feb 11 13:30:01 1999 +++ util_pwdb-pat.c Thu Feb 11 13:31:10 1999 @@ -444,11 +444,10 @@ } else { - if (!get_domain_sids(&global_member_sid, &global_sam_sid, global_myname)) + if (!get_domain_sids(&global_member_sid, &global_sam_sid, lp_passwordserver())) { return False; } } return initialise_password_db(); } From cartegw at Eng.Auburn.EDU Thu Feb 11 21:46:09 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:11 2003 Subject: Password less account References: <199902112015.HAA20552@janus.law.usyd.edu.au> Message-ID: <36C34FA1.6494F325@eng.auburn.edu> Matthew Geier wrote: > > Does samba support the 'no allow user to change password' flag yet ?. > > I have a 'public' lab - hopefully I can set an empty password so people > can just type and get access. I want the machines to login and > map drives as a 'dummy' user. I DONT want some wally changing the password > on the dummy account. > > My attempts so far with this have resulted in a machine that auto > logins as a local user to the workstation. Unfortunaly, I now cant > undo it again - tweekui doesnt have the 'network' tab unless you are > admin, and an ordinary user cant edit the registry. (Ive gone and > set the entire file system to Read for everybody....) > > Any one know of an 'su' type command for NT, before I re-install > this workstation ?. net use \\workstation\ipc$ /user:localAdmin then run regedt32 and connect to the remote machine registry to remove the AutoLogon key. BTW...There is a SU service provided with the NT 4 Resource Kit Supplement 2 jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Thu Feb 11 21:59:55 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: [Patch] util_pwdb.c for joining domain.... In-Reply-To: <019201be5606$8f46d8d0$020210ac@paso.atasd.com> Message-ID: brian, what's your setup? you're probably right, except that... hm... no, it _should_ be getting names from itself BUT of course, smbd hasn't been initialised before then so ha ha, yes, it will fail. oh, except that it's not _called_ from smbd so that's ok. hang on. ok, you must start smbd first: then you can start everything else (nmbd, smbpasswd etc). On Fri, 12 Feb 1999, Brian Macy wrote: > Honestly I have no idea if this is the right fix but it works for me. > Basically the Linux Samba box was looking at itself as a password server > even though lp_passwordserver() was giving the correct domain controller. > > Brian Macy > > --- util_pwdb.c Thu Feb 11 13:30:01 1999 > +++ util_pwdb-pat.c Thu Feb 11 13:31:10 1999 > @@ -444,11 +444,10 @@ > } > else > { > - if (!get_domain_sids(&global_member_sid, &global_sam_sid, > global_myname)) > + if (!get_domain_sids(&global_member_sid, &global_sam_sid, > lp_passwordserver())) > { > return False; > } > } > > return initialise_password_db(); > } > > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From bmacy at sunshinecomputing.com Thu Feb 11 23:04:32 1999 From: bmacy at sunshinecomputing.com (Brian Macy) Date: Tue Dec 2 02:25:11 2003 Subject: [Patch] util_pwdb.c for joining domain.... Message-ID: <001601be5612$e379c140$020210ac@paso.atasd.com> >what's your setup? you're probably right, except that... hm... no, it >_should_ be getting names from itself BUT of course, smbd hasn't been >initialised before then so ha ha, yes, it will fail. oh, except that it's >not _called_ from smbd so that's ok. > >hang on. ok, you must start smbd first: then you can start everything >else (nmbd, smbpasswd etc). Hmmm... the entire network is pretty simple: 1 Samba Server acting as a PDC (RedHat 5.1x86 box) 1 Samba Server trying to login to the PDC (RedHat 5.2 dual x86 box) 1 Win98 box Anyways, it's of course the second machine that is giving me the problem. Both Samba servers are using the latest CVS code (the second machine at least of today and the first as of a day of so ago). If you tell me which settings you are interested in I'll be happy to send them to you. Also... another problem I have. If an NT Workstation is logged into the Samba domain crashes, I can't get back on the Domain. The Samba server seems to get and process the login packet (as seen in log.nmb). Anyways, if I log into the NT Workstation in the local "domain", switch to workgroup, then switch back to the domain it works fine. Brian Macy From lkcl at switchboard.net Thu Feb 11 23:33:34 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:11 2003 Subject: [Patch] util_pwdb.c for joining domain.... In-Reply-To: <001601be5612$e379c140$020210ac@paso.atasd.com> Message-ID: > Hmmm... the entire network is pretty simple: > 1 Samba Server acting as a PDC (RedHat 5.1x86 box) > 1 Samba Server trying to login to the PDC (RedHat 5.2 dual x86 box) > 1 Win98 box > > Anyways, it's of course the second machine that is giving me the problem. > Both Samba servers are using the latest CVS code (the second machine at > least of today and the first as of a day of so ago). If you tell me which > settings you are interested in I'll be happy to send them to you. can't remember :) i _appear_ to have fixed some unicode issues, try cvs again. > Also... another problem I have. If an NT Workstation is logged into the > Samba domain crashes, I can't get back on the Domain. The Samba server seems yes, that'd be right - it loses sync with the NT workstation on the trust account stuff. sorry! From bmacy at sunshinecomputing.com Thu Feb 11 23:44:04 1999 From: bmacy at sunshinecomputing.com (Brian Macy) Date: Tue Dec 2 02:25:11 2003 Subject: [Patch] util_pwdb.c for joining domain.... Message-ID: <002101be5618$6912b4b0$020210ac@paso.atasd.com> >can't remember :) i _appear_ to have fixed some unicode issues, try cvs again. Will do. BTW is there a reason why it thinks the profile is roaming? It gets really annoying and the machine locks on logoff. Brian Macy From whn at topelo.lopi.com Fri Feb 12 02:55:07 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:12 2003 Subject: [Patch] util_pwdb.c for joining domain.... In-Reply-To: Your message of Fri, 12 Feb 1999 10:36:28 +1100. Message-ID: <19990212025507.30381.qmail@topelo.lopi.com> On Friday, Feb 12 1999 at 10:36:28, Luke Kenneth Casson Leighton wrote: >can't remember :) i _appear_ to have fixed some unicode issues, try cvs >again. > >> Also... another problem I have. If an NT Workstation is logged into the >> Samba domain crashes, I can't get back on the Domain. The Samba server seems > >yes, that'd be right - it loses sync with the NT workstation on the trust >account stuff. sorry! > Broken on RedHat 5.2 i386: Compiling rpcclient/display.c rpcclient/display.c: In function `display_sam_user_info_21': rpcclient/display.c:1159: `user' undeclared (first use this function) rpcclient/display.c:1159: (Each undeclared identifier is reported only once rpcclient/display.c:1159: for each function it appears in.) make: *** [rpcclient/display.o] Error 1 This patch allows it to compile (don't know about proper operation): --- rpcclient/display.c.orig Thu Feb 11 21:52:36 1999 +++ rpcclient/display.c Thu Feb 11 21:52:38 1999 @@ -1156,31 +1156,31 @@ unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)); fprintf(out_hnd, "\t\tUser Name :\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_full_name, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)); fprintf(out_hnd, "\t\tFull Name :\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_home_dir, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)); fprintf(out_hnd, "\t\tHome Drive :\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_dir_drive, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)); fprintf(out_hnd, "\t\tDir Drive :\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_profile_path, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)); fprintf(out_hnd, "\t\tProfile Path:\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_logon_script, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)); fprintf(out_hnd, "\t\tLogon Script:\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_acct_desc, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)); fprintf(out_hnd, "\t\tDescription :\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_workstations, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)); fprintf(out_hnd, "\t\tWorkstations:\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_unknown_str, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)); fprintf(out_hnd, "\t\tUnknown Str :\t%s\n", temp); - unistr2_to_ascii(temp, &user->uni_munged_dial, sizeof(temp)); + unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)); fprintf(out_hnd, "\t\tRemote Dial :\t%s\n", temp); fprintf(out_hnd, "\t\tLogon Time :\t%s\n", http_timestring(nt_time_to_unix(&(usr->logon_time )))); Bill From m.chapman at student.unsw.edu.au Fri Feb 12 03:08:31 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:12 2003 Subject: [Patch] util_pwdb.c for joining domain.... References: <19990212025507.30381.qmail@topelo.lopi.com> Message-ID: <36C39B2F.343620B1@student.unsw.edu.au> Bill Nugent wrote: > Compiling rpcclient/display.c > rpcclient/display.c: In function `display_sam_user_info_21': > rpcclient/display.c:1159: `user' undeclared (first use this function) > rpcclient/display.c:1159: (Each undeclared identifier is reported only > once > rpcclient/display.c:1159: for each function it appears in.) > make: *** [rpcclient/display.o] Error 1 Oops, sorry, cut and paste error. Didn't think to test rpcclient. Fixed now. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From jan.van.rensburg at epiuse.com Fri Feb 12 06:30:18 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:25:12 2003 Subject: network neighborhood problems - solution Message-ID: i finally fixed the network neighborhood problems thanks to kenny's advice. in smb.conf i changed to: local master = yes (was no) os level = 40 (was 30) preferred master = yes (was no) thanks to all who replied. i'd like to summarize all the advice i've received: 1. make sure the broadcast address on the interface is correct 2. make sure that wins server = is correct 3. only use tcp/ip 4. make sure the workgroup setting is correct 5. make sure nmbd is running 6. put a static mapping in the nt WINS database of the samba machine (still don't know if this is good advice) 7. make the samba server the master browser --jan van rensburg > -----Original Message----- > From: Kenny Lim [mailto:kenny@predawnia.org] > Sent: Friday, February 12, 1999 12:45 AM > To: jan.van.rensburg@epiuse.com > Subject: Re: network neighborhood problems > > > Disabling other protocols such as IPX usually helps, but most > effective of all > is to disable NT as a master browser which is conflicting with SAMBA. > > Just my $0.02 > Kenny > > Jan van Rensburg wrote: > > > > thanks for the reply. > > unfortunately for me i've tried all those things without > any luck. i'll let > > you know when i figure it out. > > > > --jan van rensburg > > > > > -----Original Message----- > > > From: Aaron Dougherty [mailto:chicken@garlic.com] > > > Sent: Thursday, February 11, 1999 1:22 PM > > > To: Multiple recipients of list > > > Subject: Re: network neighborhood problems > > > > > > > > > Here's a few things that helped me, when I ran into NN problems > > > > > > 1) Double check the workgroup declared in smb.conf is the > > > same as your win95 > > > workgroup (or winNT domain) > > > > > > 2) Make sure nmbd is running. (I had to restart both the Unix > > > and NT machine > > > before that took) > > > > > > 3) Make sure you have a static IP mapping of the Linux box in > > > your Wins > > > Database. > > > > > > Hope that helps > > > > > > -Aaron > > > > > > ----- Original Message ----- > > > From: Jan van Rensburg > > > To: Multiple recipients of list > > > Sent: Thursday, February 11, 1999 2:18 AM > > > Subject: network neighborhood problems > > > > > > > > > >NN problems again. My samba 2.0.2 server running on > RedHat Linux 5.2 > > > doesn't > > > >show up in the Network Neighborhood. When i do a find > > > computer, i can find > > > >it just fine, browse the shares etc. I've searched > through the list > > > archives > > > >but don't see anything useful. I double checked my > > > broadcast address on > > > the > > > >samba box. The samba server is configured to use an nt > wins server. > > > >from smb.conf: > > > > > > > >wins support = no > > > >wins server = 10.10.10.10 (nt wins server ip) > > > >wins proxy = yes (should i take this out) > > > > > > > >another stange thing, when i run server administrator the > > > samba machine is > > > >greyed out, but when i click on it i can view users, shares etc. > > > > > > > >any ideas? (i'm fresh out). > > > > > > > >thanks, > > > >--jan van rensburg > > > > > > > > > > > > From m.brodbelt at acu.ac.uk Fri Feb 12 11:44:28 1999 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:25:12 2003 Subject: Password less account References: <199902112015.HAA20552@janus.law.usyd.edu.au> Message-ID: <36C4141C.323B7F1F@acu.ac.uk> > My attempts so far with this have resulted in a machine that auto > logins as a local user to the workstation. Unfortunaly, I now cant > undo it again - tweekui doesnt have the 'network' tab unless you are > admin, and an ordinary user cant edit the registry. (Ive gone and > set the entire file system to Read for everybody....) > > Any one know of an 'su' type command for NT, before I re-install > this workstation ?. If your machine is part of a domain, you can logon to any other machine in the domain with admin rights, and from regedit, connect a network registry. Then you can undo the grief..... HTH Mike. From robh at acprog.ifas.ufl.edu Fri Feb 12 13:54:16 1999 From: robh at acprog.ifas.ufl.edu (Rob Holley) Date: Tue Dec 2 02:25:12 2003 Subject: Password less account References: <199902112015.HAA20552@janus.law.usyd.edu.au> <36C4141C.323B7F1F@acu.ac.uk> Message-ID: <36C43288.236D1C5E@acprog.ifas.ufl.edu> Mike Brodbelt wrote: > > > My attempts so far with this have resulted in a machine that auto > > logins as a local user to the workstation. Unfortunaly, I now cant > > undo it again - tweekui doesnt have the 'network' tab unless you are > > admin, and an ordinary user cant edit the registry. (Ive gone and > > set the entire file system to Read for everybody....) > > > > Any one know of an 'su' type command for NT, before I re-install > > this workstation ?. > > If your machine is part of a domain, you can logon to any other machine > in the domain with admin rights, and from regedit, connect a network > registry. Then you can undo the grief..... > HTH > > Mike. I belive you can logoff/logon or restart the workstation and hold the shift key down during what would be your autologon. This should kill all special functions of the login and give you a normal login window. -- Rob \\|// - ? (o o) /==================================oOOo=(_)=oOOo========\ | Rob Holley "UNIX Guy" robh@hal-net.com | | University of Florida robh@acprog.ifas.ufl.edu | | IFAS Academic Programs | | .oooO | | http://www.hal-net.com/~robh ( ) Oooo. | \===================================\ (==( )==========/ \_) ) / (_/ From hulet at ittc.ukans.edu Fri Feb 12 14:16:07 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:25:12 2003 Subject: Login problem In-Reply-To: Message-ID: Since Luke fixed the getgrent problem, every morning when I log in I get this error, "The system can not log you on (C000005B). Please try again or consult your system administrator. I say OK, consult myself and try again. It then logs me fine. I haven't cvs'd since last Wednesday because this one works so well except this annoyance every morning. I am using Samba on a Digital Unix 4.0d. Also, I had to disable local group map and domain user map to login. I don't know if the getgrent and getgrnam fix was supposed to fix them also. Just reporting back. On Wed, 3 Feb 1999, Luke Kenneth Casson Leighton wrote: > i've added some code that caches unix groups to avoid a 2-level "getgrent" > and "getgrnam" problem that is apparent on some unixen. > From lkcl at switchboard.net Fri Feb 12 14:58:03 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:12 2003 Subject: [Patch] util_pwdb.c for joining domain.... In-Reply-To: <36C39B2F.343620B1@student.unsw.edu.au> Message-ID: On Fri, 12 Feb 1999, Matt Chapman wrote: > Bill Nugent wrote: > > > Compiling rpcclient/display.c > > rpcclient/display.c: In function `display_sam_user_info_21': > > rpcclient/display.c:1159: `user' undeclared (first use this function) > > rpcclient/display.c:1159: (Each undeclared identifier is reported only > > once > > rpcclient/display.c:1159: for each function it appears in.) > > make: *** [rpcclient/display.o] Error 1 > > Oops, sorry, cut and paste error. Didn't think to test rpcclient. cvs -t update -d -P [correct conflict errors] make clean make proto make [correct errors] cvs -t diff -u > foo vi foo [examine, use to prepare commit message] cvs -t commit From jaeger at morpheus.net Fri Feb 12 17:25:59 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:25:12 2003 Subject: smbpasswd problems Message-ID: If this has been brought up before, I apologize. I'm having a problem with smbpasswd. Whenever I compile samba using the cvs, instead of the release, smbpasswd core dumps when I try to add a user. Using the release, I can add them fine, usually. Any ideas? Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From andre at anneck.de Fri Feb 12 18:27:36 1999 From: andre at anneck.de (andre@anneck.de) Date: Tue Dec 2 02:25:12 2003 Subject: Setting up machine$ account In-Reply-To: <36C4141C.323B7F1F@acu.ac.uk> Message-ID: <199902121822.TAA26906@bbaer.muenster.de> Hi there... ... today I tried to follow the docs on NTDomain.txt. It reads that you have to set an MACHINE$ for each NT-Box who tries to connected to a Samba-PDC. It gives an example in brackets: (smbpasswd -m machine$ passwd) well.. wenn I try to use smbpasswd with the -m flag, and suplly _any_ XYZname it tells me that there is no account like YXZname in the system password file :-(. when I us adduser XYZname and then use smbpasswd it still tells me the same... I tried to use the $ at the end of the machine-name-string, but same result... complains about that the user dosnt exists. :-( Do I have to write the line for the machine$ user into the /private/passwd file by hand... And if yes... in what format??? TIA, Andre. The UORMSS - Source Net http://www.anneck.de/rmss ------------------------------------- ICQ# 1339921 | Home: http://anneck.de From atristan at math.ucr.edu Fri Feb 12 19:19:15 1999 From: atristan at math.ucr.edu (andrew tristan) Date: Tue Dec 2 02:25:12 2003 Subject: 2 questions - munged service names and password sync Message-ID: <199902121919.LAA22460@charity.ucr.edu> Using Jerry Carter's NTDOM FAQ, I've gotten samba 2.1.0-prealpha (I checked it out on Wed) running on a SunOS 5.5.1 box, and acting as the PDC for a couple of NT-v4+SP4 boxes. I can join the domain, authentication works exactly as expected, etc. I expect that the problems I'm having are due to stupidity on my part. I didn't find either of these discussed in the archives for the list, if I missed something please let me know. 1. password sync I haven't been able to get password sync working quite correctly. With "unix password sync" turned off, smbpasswd works correctly; that is, the smb password gets updated correctly. However, when I turn on password sync, the unix password gets changed, but the smb password does not. Some of the relevant bits from smb.conf: domain master = yes preferred master = yes domain logons = yes security = user encrypt passwords = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* The actual error message from smbpasswd is: machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. Failed to change password for luser I turned debugging on (this is only d3, I can report higher levels if necessary), but had little luck interpreting the results. Here are what I take to be the important bits: [1999/02/12 08:45:08, 3] smbd/ipc.c:(3399) Doing SamOEMChangePassword [1999/02/12 08:45:08, 3] smbd/ipc.c:(1741) api_SamOEMChangePassword: Change password for [1999/02/12 08:45:08, 3] smbd/chgpasswd.c:(381) Password change for user: luser [1999/02/12 08:45:08, 3] smbd/chgpasswd.c:(360) Dochild for user luser (uid=0,gid=0) [1999/02/12 08:45:11, 3] smbd/chgpasswd.c:(279) response 3 incorrect [1999/02/12 08:45:11, 3] smbd/chgpasswd.c:(321) Child failed to change password: luser [1999/02/12 08:45:11, 3] smbd/chgpasswd.c:(326) The process is no longer waiting! Source diving made it no more clear. 2. munged service names With, load printers = yes printcap name = lpstat I can see my printers with testprns, but the clients report something like \\sambahost\|||||||| and I get [1999/02/12 09:53:21, 0] smbd/service.c:(210) client (199.199.199.199) couldn't find service ???????? in the client log files. Thanks for any help, Andrew -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From wolfgang.ratzka at gmx.de Thu Feb 11 22:59:54 1999 From: wolfgang.ratzka at gmx.de (Wolfgang Ratzka) Date: Tue Dec 2 02:25:12 2003 Subject: Password less account References: <199902112015.HAA20552@janus.law.usyd.edu.au> Message-ID: <36C360EA.1CF0F403@gmx.de> Matthew Geier wrote: > My attempts so far with this have resulted in a machine that auto > logins as a local user to the workstation. Unfortunaly, I now cant > undo it again - tweekui doesnt have the 'network' tab unless you are > admin, and an ordinary user cant edit the registry. (Ive gone and > set the entire file system to Read for everybody....) You can circumvent autologin by pressing the shift(?) key during login (check Microsoft's knowledgebase or the NT-FAQ). -- Wolfgang Ratzka (per Modem von zu Hause) [WARNING: I can read mail headers and I complain to spammer's postmasters!] From simon.mccartney at dnet.co.uk Fri Feb 12 20:29:48 1999 From: simon.mccartney at dnet.co.uk (Simon McCartney) Date: Tue Dec 2 02:25:12 2003 Subject: passwd chat for RH5.2 with PAM Message-ID: <000001be56c6$6f432fa0$2b02a8c0@zeus.dnet.co.uk> Has anybody got RH5.2 to work with Samba 2.0.2 "unix password sync" option ? I have never been able to get this to work and I'm becoming convinced that I'm doing something horredously stupid, so any suggestions or solutions would be much appreciated. I always seem to get errors like: passwd chat = "New*UNIX*password:*" %n\n "*Retype*" %n\n "*updated successfully*" [1999/02/12 20:38:26, 100] smbd/chgpasswd.c:talktochild(264) talktochild: chatbuf=[New*UNIX*password:* nt domnow *Retype* nt domnow *updated] responsebuf=[New UNIX password: ] [1999/02/12 20:38:26, 3] smbd/chgpasswd.c:talktochild(267) response 1 incorrect passwd chat = "*New*" %n\n "*Retype*" %n\n "*updated*" [1999/02/12 20:28:09, 100] smbd/chgpasswd.c:talktochild(264) talktochild: chatbuf=[*New* nt menow *Retype* nt menow *updated] responsebuf=[New UNIX password: ] [1999/02/12 20:28:09, 3] smbd/chgpasswd.c:talktochild(267) response 1 incorrect McC From pcc at llnl.gov Fri Feb 12 20:47:46 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:25:12 2003 Subject: Authentication problems with "-d 100" Message-ID: <3.0.5.32.19990212124746.00a0d430@poptop.llnl.gov> All, Mu system: SunOS snuggy 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-4 Running Samba 2.0.2 Trying to get to my homedir with no debugging seems to work fine. Log shows: [1999/02/12 11:12:16, 1] smbd/service.c:make_connection(488) spanner (128.115.222.74) connect to service pcc as user pcc (uid=13912, gid=1000) (pid 2671) But with "-d 100" I get a not accessible error. I am getting a lot of these type entries: [1999/02/12 11:11:17, 8] smbd/trans2.c:get_lanman2_dir_entry(359) get_lanman2_dir_entry:readdir on dirptr 0x101930 now at offset 6 And during the compile, I got : Compiling passdb/pass_check.c passdb/pass_check.c:93: warning: initialization from incompatible pointer type lib/system.c: In function `sys_readdir': lib/system.c:304: warning: return from incompatible pointer type Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From simon.mccartney at dnet.co.uk Fri Feb 12 20:47:34 1999 From: simon.mccartney at dnet.co.uk (Simon McCartney) Date: Tue Dec 2 02:25:12 2003 Subject: password chat and RH5.2 Message-ID: <000101be56c8$eabebfd0$2b02a8c0@zeus.dnet.co.uk> OK, minor update, after looking some other peoples solutions, I can now get this far, passwd chat = *password* "%n\n" *password* "%n\n" "passwd: all*" gives: [1999/02/12 21:01:33, 10] smbd/chgpasswd.c:dochild(190) Invoking '/usr/bin/passwd simonm' as password change program. [1999/02/12 21:01:34, 100] smbd/chgpasswd.c:talktochild(264) talktochild: chatbuf=[*password*] responsebuf=[New UNIX password: ] [1999/02/12 21:01:34, 100] smbd/chgpasswd.c:talktochild(277) talktochild: sendbuf=[head2toe ] [1999/02/12 21:01:34, 100] smbd/chgpasswd.c:talktochild(264) talktochild: chatbuf=[*password*] responsebuf=[ Retype new UNIX password: ] [1999/02/12 21:01:34, 100] smbd/chgpasswd.c:talktochild(277) talktochild: sendbuf=[head2toe ] [1999/02/12 21:01:38, 100] smbd/chgpasswd.c:talktochild(264) talktochild: chatbuf=[passwd: all*] responsebuf=[] [1999/02/12 21:01:38, 3] smbd/chgpasswd.c:talktochild(267) response 3 incorrect Why would the responsebuf be empty ? surely it should contain something like "passwd: all authentication tokens updated successfully" ? McC From m.chapman at student.unsw.edu.au Fri Feb 12 20:50:27 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:12 2003 Subject: 2 questions - munged service names and password sync References: <199902121919.LAA22460@charity.ucr.edu> Message-ID: <36C49413.3E805FB6@student.unsw.edu.au> andrew tristan wrote: > passwd chat = *password* %n\n *password* %n\n *successfull* "successful" has one 'l'. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From atristan at math.ucr.edu Fri Feb 12 21:29:37 1999 From: atristan at math.ucr.edu (andrew tristan) Date: Tue Dec 2 02:25:12 2003 Subject: 2 questions - munged service names and password sync In-Reply-To: Matt Chapman "Re: 2 questions - munged service names and password sync" (Feb 12, 8:50pm) Message-ID: <199902122129.NAA23684@charity.ucr.edu> Doh! As it happens, though, when run by root, SunOS 5.5.1 /usr/bin/passwd issues no such success message. It just goes New password: Re-enter new password: and that's all. OK, change that, and try again: machine 127.0.0.1 rejected the password change: Error was : \ The specified password is invalid. Failed to change password for luser Same error. Thanks, A -- On Feb 12, 8:50pm, Matt Chapman wrote: > Subject: Re: 2 questions - munged service names and password sync > andrew tristan wrote: > > > passwd chat = *password* %n\n *password* %n\n *successfull* > > "successful" has one 'l'. > > Matt > > -- > Matt Chapman > m.chapman@student.unsw.edu.au > -- End of excerpt from Matt Chapman -- -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From cartegw at Eng.Auburn.EDU Fri Feb 12 20:19:35 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:12 2003 Subject: Setting up machine$ account References: <199902121822.TAA26906@bbaer.muenster.de> Message-ID: <36C48CD7.C2707E72@eng.auburn.edu> andre@anneck.de wrote: > > Hi there... > > .. today I tried to follow the docs on NTDomain.txt. Better to follow the stpes in the NT Domain FAQ online at http://samba.org. Choose a mirror site and look under documentation. > It reads that you have to set an MACHINE$ for each NT-Box who > tries to connected to a Samba-PDC. It gives an example in > brackets: > (smbpasswd -m machine$ passwd) smbpasswd -a -m > Do I have to write the line for the machine$ user into the > /private/passwd file by hand... And if yes... in what format??? /etc/passwd in thr standard format. The NTDOM FAQ has some more information in Section 2. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From eparis at ven.ra.rockwell.com Fri Feb 12 22:16:02 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:12 2003 Subject: Roaming profiles not being updated Message-ID: <7a2972$t03$1@zeus.ven.ra.rockwell.com> Hi! I have a problem since a little while ago (can't remember when I started see it). My roaming profiles get updated only during the first login but after that I need to reboot my NT workstation and login again to have them updated. After I reboot and login again NT prints a mesage saying that "your local profile is newer than the one stored in the server, do you want to use the local profile instead of the remote?" This is Samba 2.0.2 and NT workstation 4SP4. Any help will be appreciated. Thanks, peloy.- From jmeff at engsoc.queensu.ca Fri Feb 12 22:28:34 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:12 2003 Subject: password chat and RH5.2 In-Reply-To: <000101be56c8$eabebfd0$2b02a8c0@zeus.dnet.co.uk> Message-ID: <000201be56d7$06eff8a0$0245a8c0@dagobah.cgocable.net> With Redhat 5.2, samba prealpha CVS, we found the password chat only worked with "smbd -d 100" and "passwd chat debug = true" in smb.conf. Turning password chat debug off disabled password changing, so we're stuck on this as well at the moment. Password changing apparently works on solaris systems, but it's got problems with RedHat 5.x (and i suspect other systems). Jamie > [1999/02/12 21:01:38, 100] smbd/chgpasswd.c:talktochild(264) > talktochild: chatbuf=[passwd: all*] responsebuf=[] > [1999/02/12 21:01:38, 3] smbd/chgpasswd.c:talktochild(267) > response 3 incorrect > > Why would the responsebuf be empty ? surely it should contain something > like "passwd: all authentication tokens updated successfully" ? > > McC > From whn at topelo.lopi.com Sat Feb 13 01:54:15 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:12 2003 Subject: Roaming profiles not being updated In-Reply-To: Your message of Sat, 13 Feb 1999 09:25:03 +1100. <7a2972$t03$1@zeus.ven.ra.rockwell.com> Message-ID: <19990213015415.9863.qmail@topelo.lopi.com> Howdy, Your problem sounds like it is different than one I bumped into but it was caused by "writable = yes" missing in the Profiles section of the example smb.conf file in the RedHat 5.2 binary rpm distribution. Bill On Saturday, Feb 13 1999 at 09:25:03, "Eloy A. Paris" wrote: >Hi! > >I have a problem since a little while ago (can't remember when I >started see it). > >My roaming profiles get updated only during the first login but after >that I need to reboot my NT workstation and login again to have them >updated. After I reboot and login again NT prints a mesage saying that >"your local profile is newer than the one stored in the server, do you >want to use the local profile instead of the remote?" > >This is Samba 2.0.2 and NT workstation 4SP4. > >Any help will be appreciated. > >Thanks, > >peloy.- > From whn at topelo.lopi.com Sat Feb 13 02:15:12 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:12 2003 Subject: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate Message-ID: <19990213021512.9996.qmail@topelo.lopi.com> Howdy, I noticed a few posts on this in the Samba archives, I bumped into this today and got a little futher than the other folks appeared to. Dave is able to do things expect it doesn't realize it so it gives error messages. Here are the details: Domain logins work. When you open up the share you see an empty folder with 0K on disk and 0K available. You can not copy a file to the share. You can create a new folder but Dave gives an error message. The folder is called "untitled folder" as it should be. Looking at log level 4 everything appears to work correctly on the Samba end from what I can tell. If you try to create another new folder this is created and called "untitled folder 2" but again Dave doesn't know it. Looking at the log Dave queries if "untitled folder" exists (it does), then it queries if "untitled folder 2" exists (it doesn't), Dave then asks for the directory to be made and it is but again Dave treats it as an error condition. Dave was also successful at creating an empty Desktop file (0K) and it created the DesktopFolderDB directory with an empty Desktop_DF file in it. I can send Samba traces if anyone is interested in trying to puzzle this out because this is beyond my knowledge level of Samba and free time. TIA, Bill From eparis at ven.ra.rockwell.com Sat Feb 13 02:37:17 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:12 2003 Subject: Roaming profiles not being updated References: <7a2972$t03$1@zeus.ven.ra.rockwell.com> <19990213015415.9863.qmail@topelo.lopi.com> Message-ID: <7a2ogt$rgd$1@zeus.ven.ra.rockwell.com> Hi, Bill Nugent wrote: > Your problem sounds like it is different than one I bumped into but it > was caused by "writable = yes" missing in the Profiles section of the > example smb.conf file in the RedHat 5.2 binary rpm distribution. Yup, I think the problem is different because I have: [Profiles] comment = Profiles directory browseable = no path = /home/samba/profiles writable = yes and polux:/etc/samba# ls -ld /home/samba/profiles/ drwxrwsrwx 3 root staff 1024 Nov 12 09:47 /home/samba/profiles/ This is very strange... peloy.- From af at biomath.jussieu.fr Sat Feb 13 08:25:46 1999 From: af at biomath.jussieu.fr (FAUCONNET Alain) Date: Tue Dec 2 02:25:12 2003 Subject: Authentication problems with "-d 100" In-Reply-To: <3.0.5.32.19990212124746.00a0d430@poptop.llnl.gov> from Phil Cox at "Feb 13, 99 07:50:50 am" Message-ID: <199902130825.JAA03731@boule.biomath.jussieu.fr> Phil Cox wrote / a ecrit: > Mu system: > SunOS snuggy 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-4 > Running Samba 2.0.2 > (...) > And during the compile, I got : > > Compiling passdb/pass_check.c > passdb/pass_check.c:93: warning: initialization from incompatible pointer type > lib/system.c: In function `sys_readdir': > lib/system.c:304: warning: return from incompatible pointer type > That kind of error usually is caused by a mix of BSD-compatibility headers and native ones. Make sure that you don't invoke the /usr/usb/cc compiler during the configure and/or make phase. Make sure that /usr/ucb/include is not used either. _AF_ -- Alain FAUCONNET Ingenieur systeme/System Administrator AP-HP/SIM Public Health 91 bld de l'Hopital 75013 PARIS FRANCE Medical Computing Research Labs Mail: af@biomath.jussieu.fr Tel: (+33) (0)1-40-77-96-19 Fax: (+33) (0)1-45-86-80-68 I've RTFMed. It says: "Refer to your system administrator" But... I *am* the system administrator :-] From whn at topelo.lopi.com Sat Feb 13 18:52:14 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:12 2003 Subject: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate Message-ID: <19990213185214.16666.qmail@topelo.lopi.com> ------- Forwarded Message Date: Sat, 13 Feb 1999 10:53:27 -0600 From: Carl Ketterling To: "Bill Nugent" Subject: Re: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate Bill, I've included some information from our online support database related to your situation. I think this is all you need. If you have further questions or comments, please let us know. Sincerely, Carl Ketterling Samba 2.0: DAVE v2.1 will work with Samba v2.0 if the filesystem flag on SAMBA is not set to NTFS. If your installation requires your filesystem flag to be set to NTFS, please contact our customer support department for a test version of DAVE Client. On 2/12/99 8:15 PM, Bill Nugent wrote... >Howdy, > >I noticed a few posts on this in the Samba archives, I bumped into this >today and got a little futher than the other folks appeared to. Dave is >able to do things expect it doesn't realize it so it gives error messages. > >Here are the details: Domain logins work. When you open up the share you >see an empty folder with 0K on disk and 0K available. You can not copy a >file to the share. You can create a new folder but Dave gives an error >message. The folder is called "untitled folder" as it should be. >Looking at log level 4 everything appears to work correctly on the Samba >end from what I can tell. > >If you try to create another new folder this is created and called >"untitled folder 2" but again Dave doesn't know it. Looking at the log >Dave queries if "untitled folder" exists (it does), then it queries if >"untitled folder 2" exists (it doesn't), Dave then asks for the directory >to be made and it is but again Dave treats it as an error condition. > >Dave was also successful at creating an empty Desktop file (0K) and it >created the DesktopFolderDB directory with an empty Desktop_DF file in it. > >I can send Samba traces if anyone is interested in trying to puzzle this >out because this is beyond my knowledge level of Samba and free time. > > TIA, > Bill > - ------------------------------------------------------------------- Carl Ketterling carl@thursby.com Customer Support Engineer (817) 478-5070 Thursby Software Systems, Inc. - ------------------------------------------------------------------- - --- Try our answer database at --- - ------------------------------------------------------------------- ------- End of Forwarded Message From cartegw at Eng.Auburn.EDU Sat Feb 13 20:52:23 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:12 2003 Subject: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate References: <19990213021512.9996.qmail@topelo.lopi.com> Message-ID: <36C5E607.E03AD23A@eng.auburn.edu> Bill Nugent wrote: > > Howdy, > > I noticed a few posts on this in the Samba archives, I > bumped into this today and got a little futher than the > other folks appeared to. Dave is able to do things expect > it doesn't realize it so it gives error messages. I remember there was an issue that once you support the NT SMB commands, DAVE expects you to support NT streams as well which Samba does not currently. Thursby has a fix for this i think, but I do not remember which version of DAVE exhibited the problem and which version contains the patch. Jeremy or Luke, can you elaborate? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From robh at acprog.ifas.ufl.edu Sat Feb 13 21:05:24 1999 From: robh at acprog.ifas.ufl.edu (Rob Holley) Date: Tue Dec 2 02:25:12 2003 Subject: Multiple Uses & Groups in Domain Message-ID: <36C5E914.767191C6@acprog.ifas.ufl.edu> Hello All, Perhaps someone can shed some light on my problem. I have a Sparc5 running CVS of a few days ago. Functioning as a PDC with roaming profiles, group map... "staff" to "Domain Admins", "users" to "Domain Users". Workstations are NT4.0 SP3. I have added "DOMAIN\Domain Admins" to the local Administrator group and all works well, whenever Domain Admins logon they have the permissions of the local Admin, Domain Users have local user permissions. But, I have noticed as I try to set local permissions on the NTFS, Adding will bring up the DOMAIN list of groups and users with duplicate names... I am starting to notice multiple copies of usernames and Domain groups? Thanks -- Rob \\|// - ? (o o) /==================================oOOo=(_)=oOOo========\ | Rob Holley "UNIX Guy" robh@hal-net.com | | University of Florida robh@acprog.ifas.ufl.edu | | IFAS Academic Programs | | .oooO | | http://www.hal-net.com/~robh ( ) Oooo. | \===================================\ (==( )==========/ \_) ) / (_/ From rosierni at god.bel.alcatel.be Sat Feb 13 21:14:37 1999 From: rosierni at god.bel.alcatel.be (Nick R. Rosier) Date: Tue Dec 2 02:25:12 2003 Subject: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate References: <19990213021512.9996.qmail@topelo.lopi.com> Message-ID: <36C5EB3D.9F99F1E2@god.bel.alcatel.be> Hi, we had a simular problem and this helped (no need to patch Dave): Jeremy Allison wrote: > > "Christopher N. Deckard" writes: > > >I just got samba 2 working with the PDC. All of our NT and 98 clients > >can connect and see the shares and the files. The problem is our Mac > >clients cannot. Dave can see the Shares of the samba server, but when > >it mounts the share it cannot see any files. It reports 0 files and 0Kb > >of space taken up. Is this a Samba config problem or is it Dave's > >fault. We are using version 2.1 of Dave on Mac OS 8.5. Samba is > >version 2.0.0 on Solaris 2.6. Encrypted passwords are on. Also a WINS > >server is configured. > > There is a patch for this on the Thursby site. The problem > is that Samba reports a filesystem type of NTFS and Dave > expects to be able to use stream files. You can either > download the patch from Thursby, or add the line > > fstype = Samba > > to the [global] section of your smb.conf. > > Hope this helps, > > Jeremy Allison, > Samba Team. N. Bill Nugent wrote: > Howdy, > > I noticed a few posts on this in the Samba archives, I bumped into this > today and got a little futher than the other folks appeared to. Dave is > able to do things expect it doesn't realize it so it gives error messages. > > Here are the details: Domain logins work. When you open up the share you > see an empty folder with 0K on disk and 0K available. You can not copy a > file to the share. You can create a new folder but Dave gives an error > message. The folder is called "untitled folder" as it should be. > Looking at log level 4 everything appears to work correctly on the Samba > end from what I can tell. > > If you try to create another new folder this is created and called > "untitled folder 2" but again Dave doesn't know it. Looking at the log > Dave queries if "untitled folder" exists (it does), then it queries if > "untitled folder 2" exists (it doesn't), Dave then asks for the directory > to be made and it is but again Dave treats it as an error condition. > > Dave was also successful at creating an empty Desktop file (0K) and it > created the DesktopFolderDB directory with an empty Desktop_DF file in it. > > I can send Samba traces if anyone is interested in trying to puzzle this > out because this is beyond my knowledge level of Samba and free time. > > TIA, > Bill From svedja at lysator.liu.se Sat Feb 13 22:15:35 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:25:12 2003 Subject: Readline & Samba ? Message-ID: Samba-2.0.2 configure script seems to have problems with readline-library. First is doesn't detect it in /usr/local/lib, but later it has problems with checking for readline in -lreadline. Is readline used somewhere in Samba-source or is it just rudimentary code leftover from old times ? The configure checks for "readline"-function but it is not used anywhere. *** First problem is because it doesn't check for readline files in /usr/local/[include|lib]. I didn't find any good place to add extra include places for compilation in configure so I suggest we add it. Same for additional libraries on "non-standard" places. Second problem can be illustrated by this (Solaris 2.6 x86 & Gcc-2.8.1) : configure:3514: checking for readline in -lreadline configure:3533: gcc -o conftest -O -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c -lreadline -ldl -lpam 1>&5 Undefined first referenced symbol in file tgetnum /usr/local/lib/libreadline.a(readline.o) tgetstr /usr/local/lib/libreadline.a(readline.o) tgoto /usr/local/lib/libreadline.a(display.o) tputs /usr/local/lib/libreadline.a(readline.o) tgetent /usr/local/lib/libreadline.a(readline.o) tgetflag /usr/local/lib/libreadline.a(readline.o) ld: fatal: Symbol referencing errors. No output written to conftest configure: failed program was: #line 3522 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char readline(); int main() { readline() ; return 0; } ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From yan at cardinalengineering.com Sun Feb 14 01:39:15 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:25:12 2003 Subject: smbclient from samba server Message-ID: <36C62943.9C7DD075@cardinalengineering.com> I need to mount an NTws share on a samba server. The samba server acts as a PDC for the NTws. Is there any way to do this without specifying the user and password? It just seems redundant to have the smbclient provide a user and password in a script that will be provided back to the samba server encrypted in order to verify a user.... Is there a pseudo-user that could be accepted? Something like machine name? just a random thought.... Yan From rfs at aw.com.pl Sun Feb 14 13:57:21 1999 From: rfs at aw.com.pl (Rafal Szczesniak) Date: Tue Dec 2 02:25:12 2003 Subject: No subject Message-ID: subscribe From gazo at policc.unex.es Sun Feb 14 13:45:13 1999 From: gazo at policc.unex.es (Alfonso Gazo) Date: Tue Dec 2 02:25:12 2003 Subject: Subscribe Message-ID: <4.1.19990214144447.00a3aaa0@pop3.bluepotato.org> Subscribe From D.Bannon at latrobe.edu.au Sun Feb 14 22:18:12 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:12 2003 Subject: password chat and RH5.2 In-Reply-To: <000201be56d7$06eff8a0$0245a8c0@dagobah.cgocable.net> References: <000101be56c8$eabebfd0$2b02a8c0@zeus.dnet.co.uk> Message-ID: <3.0.3.32.19990215091812.00a41c80@bioserve.biochem.latrobe.edu.au> At 09:33 AM 13/02/1999 +1100, Jamie ffolliott wrote: >Password changing apparently works on solaris >systems, but it's got problems with RedHat 5.x (and i suspect other >systems). > I have it working fine on RH5.1, the secret is to be very unspecific with passwd chat text, only use the minimum and wild cards all around and, very important, remember RH linux obsession with 'good' passwords ! The change will fail if you break any one of a hundred odd rules for what a passwd can be, and samba cannot detect this. I once suggested that we would be better to have an option to write the passwds directly and enforce the security rules in samba, at least that way we could send a sensible message when the passwd is unacceptable. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From cly at sunshine.bke.hu Mon Feb 15 12:41:01 1999 From: cly at sunshine.bke.hu (Dobos =?ISO-8859-1?Q?S=E1ndor?=) Date: Tue Dec 2 02:25:12 2003 Subject: what is this in log.nmb? Message-ID: <36C815DD.69A2974E@sunshine.bke.hu> Can anybody explain me, what is the meaning of the numbers below? What is the difference between PC1, PC2 and PC3? What is that number 2 in the PC3's row? .... MBAPLANNING(1) current master browser = BEETHOVEN BEETHOVEN 400c9b2b (Beethoven szervere) PC1 40011003 () PC3 40011203 () PC2 40011003 () .... Cly From tridge at samba.org Mon Feb 15 13:02:08 1999 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:25:12 2003 Subject: what is this in log.nmb? In-Reply-To: <36C815DD.69A2974E@sunshine.bke.hu> (message from Dobos =?ISO-8859-1?Q?S=E1ndor?= on Mon, 15 Feb 1999 23:42:31 +1100) References: <36C815DD.69A2974E@sunshine.bke.hu> Message-ID: <19990215130216Z12819170-4380+14284@samba.anu.edu.au> > Can anybody explain me, what is the meaning of the numbers below? Look at the SV_TYPE_* definitions in source/include/smb.h > What is the difference between PC1, PC2 and PC3? > What is that number 2 in the PC3's row? > ... > MBAPLANNING(1) current master browser = BEETHOVEN > BEETHOVEN 400c9b2b (Beethoven szervere) > PC1 40011003 () > PC3 40011203 () > PC2 40011003 () > ... the 2 indicates that PC3 offers print services. See the SV_TYPE_PRINTQ_SERVER definition. Does anyone feel like writing a pretty printer for the types? It would be nice to print: (40011003: LOCAL_ONLY,POTENTIAL_BROWSER,NT,PRINTQ,SERVER,WORKSTATION) even better if we could have a generic routine for bitmap printing that takes a structure list like this: { {SV_TYPE_WORKSTATION, "WORKSTATION"}, {SV_TYPE_SERVER, "SERVER"}, ... } and then pretty-prints a value on demand Cheers, Tridge From dnehring at telemedia.de Mon Feb 15 17:31:20 1999 From: dnehring at telemedia.de (Dirk Nehring) Date: Tue Dec 2 02:25:12 2003 Subject: security = user and security = share simultaneously? Message-ID: <19990215183120.A621@fireball.highway.bertelsmann.de> Hi folks, we use our Samba Server 2.0.2 as PDC (security = user). We have now the problem to export some share with "security = share". Since "security" is a global option, this is not possible. The other possibilty to use "\\host\sharexx%user" doesn't work for windows 9x clients, we need to provide a valid user name (i.e. "smbclient \\\\host\\sharexx -U user" works, but not "smbclient \\\\host\\sharexx%user"). Is this possible? Can we provide a pseudo share from this server? Dirk -- Dirk Nehring | Phone: +49 5241 80-1560 Telemedia Bertelsmann AG | Fax: +49 5241 80-9518 Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de 33311 G?tersloh | From greg at discreet.com Mon Feb 15 18:15:58 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:12 2003 Subject: security = user and security = share simultaneously? In-Reply-To: <19990215183120.A621@fireball.highway.bertelsmann.de> Message-ID: We do this by spwcifying a netbios alias which has the security option diffent than the main server. Greg On 15-Feb-99 Dirk Nehring wrote: > Hi folks, > > we use our Samba Server 2.0.2 as PDC (security = user). We have now the > problem to export some share with "security = share". Since "security" > is a global option, this is not possible. The other possibilty to use > "\\host\sharexx%user" doesn't work for windows 9x clients, we need to > provide a valid user name (i.e. "smbclient \\\\host\\sharexx -U > user" works, but not "smbclient \\\\host\\sharexx%user"). > > Is this possible? Can we provide a pseudo share from this server? > > Dirk > > -- > Dirk Nehring | Phone: +49 5241 80-1560 > Telemedia Bertelsmann AG | Fax: +49 5241 80-9518 > Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de > 33311 G?tersloh | --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From jaeger at morpheus.net Mon Feb 15 18:27:01 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:25:12 2003 Subject: smbpasswd crashes Message-ID: <36C866F5.F0823A95@morpheus.net> Has anyone had this problem, or run across this problem? Every single time I run smbpasswd, without fail, it core dumps. It goes through whatever user interaction it's supposed to, such as adding a user (prompts for password), but then segfaults, dumping core. This only happens when I use the CVS tree, but it's happened with EVERY tree I've downloaded, on all four of the machines I've compiled it on. (RedHat 5.2, RedHat 5.1, Sparc RedHat 5.2, Debian 2.0) Any ideas? Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From matthew at janus.law.usyd.edu.au Mon Feb 15 22:00:38 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:12 2003 Subject: Network 'Default User' Message-ID: <199902152200.JAA28790@janus.law.usyd.edu.au> After a suggestion recently about a 'Default User' in the netlogin share I tried it out, and it worked fine. However some time in the last few CVS sync's, it seems this has stopped working - a new user without a profile is only getting the default local workstation profile. I had a number of desktop shortcuts placed in the network default user, so users would get a useful collection of shortcuts to start with, it did work a while back. 2.1alpha on Linux if any one wants to know. Any one else have any experience with this ? From rupert.weber at ibm.net Mon Feb 15 23:37:01 1999 From: rupert.weber at ibm.net (Rupert Weber-Henschel) Date: Tue Dec 2 02:25:12 2003 Subject: smbpasswd crashes References: <36C866F5.F0823A95@morpheus.net> Message-ID: <36C8AF9D.7CAE9CFE@ibm.net> Same here. CVS HEAD downloaded yesterday (Feb 14). Running on SuSE Linux 6.0. (glibc 2.0.7 / kernel 2.1.1) /etc/smbpasswd is an empty file with mode 600 -- it remains unchanged. Here is the output (Note: My domain/workgroup is called RWHOME, *not* RWHO) Trying to add a workstation to the domain: rodion:~ # smbpasswd -a -m ws1 [... shows some smb.conf parameters and connection to port 139...] [... then pauses for ca. 6 secs. ...] LSA Open Policy LSA Query Info Policy LSA_QUERYINFOPOLICY (level 3): domain:RWHO domain sid:S-0-0 LSA Query Info Policy LSA_QUERYINFOPOLICY (level 5): domain: domain sid:S-1-5-21-1894242129-850291618-198214434 LSA Close LSA Query Info Policy Domain Member - Domain: RWHO SID: S-0-0 Domain Controller - Domain: SID: S-1-5-21-1894242129-850291618-198214434 getfileline: end of file reached getfileline: end of file reached Segmentation fault Trying to add a user: rodion:~ # smbpasswd -a rw [...all the same as when adding ws...] Domain Member - Domain: RWHO SID: S-0-0 Domain Controller - Domain: SID: S-1-5-21-1894242129-850291618-198214434 New SMB password: Retype new SMB password: getfileline: end of file reached getfileline: end of file reached Segmentation fault Matt Housh wrote: > > Has anyone had this problem, or run across this problem? Every single > time I run smbpasswd, without fail, it core dumps. It goes through > whatever user interaction it's supposed to, such as adding a user > (prompts for password), but then segfaults, dumping core. This only > happens when I use the CVS tree, but it's happened with EVERY tree I've > downloaded, on all four of the machines I've compiled it on. (RedHat > 5.2, RedHat 5.1, Sparc RedHat 5.2, Debian 2.0) Any ideas? > -- Rupert Weber-Henschel E-Mail: rw@times-square.net Fax: +49-89-34023886 PGP Public Key: http://www.cip.physik.uni-muenchen.de/~weber From whn at topelo.lopi.com Tue Feb 16 00:43:29 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:12 2003 Subject: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate In-Reply-To: Your message of Sun, 14 Feb 1999 05:53:05 +1100. <19990213185214.16666.qmail@topelo.lopi.com> Message-ID: <19990216004329.27464.qmail@topelo.lopi.com> Howdy, I tested the new test version of Dave 2.1 with Samba 2.1 pre-alpha and it works! I also tried adding "fstype = Samba" to the [global] section of the smb.conf file and this worked as well with the production copy of Dave 2.1. Thank you all for the help, Bill On Sunday, Feb 14 1999 at 05:53:05, Bill Nugent wrote: > >------- Forwarded Message > >Date: Sat, 13 Feb 1999 10:53:27 -0600 >From: Carl Ketterling >To: "Bill Nugent" >Subject: Re: Mac Dave 2.1 and Samba 2.0.0/2.1-pre-alpha don't communicate > >Bill, > >I've included some information from our online support database related >to your situation. I think this is all you need. > >If you have further questions or comments, please let us know. > >Sincerely, >Carl Ketterling > >Samba 2.0: >DAVE v2.1 will work with Samba v2.0 if the filesystem flag on SAMBA is >not set to NTFS. If your installation requires your filesystem flag to >be set to NTFS, please contact our customer support department for a test >version of DAVE Client. > > >On 2/12/99 8:15 PM, Bill Nugent wrote... > >>Howdy, >> >>I noticed a few posts on this in the Samba archives, I bumped into this >>today and got a little futher than the other folks appeared to. Dave is >>able to do things expect it doesn't realize it so it gives error >messages. >> >>Here are the details: Domain logins work. When you open up the share >you >>see an empty folder with 0K on disk and 0K available. You can not copy >a >>file to the share. You can create a new folder but Dave gives an error >>message. The folder is called "untitled folder" as it should be. >>Looking at log level 4 everything appears to work correctly on the Samba >>end from what I can tell. >> >>If you try to create another new folder this is created and called >>"untitled folder 2" but again Dave doesn't know it. Looking at the log >>Dave queries if "untitled folder" exists (it does), then it queries if >>"untitled folder 2" exists (it doesn't), Dave then asks for the >directory >>to be made and it is but again Dave treats it as an error condition. >> >>Dave was also successful at creating an empty Desktop file (0K) and it >>created the DesktopFolderDB directory with an empty Desktop_DF file in >it. >> >>I can send Samba traces if anyone is interested in trying to puzzle this >>out because this is beyond my knowledge level of Samba and free time. >> >> TIA, >> Bill >> > > > >- ------------------------------------------------------------------- >Carl Ketterling carl@thursby.com >Customer Support Engineer (817) 478-5070 >Thursby Software Systems, Inc. >- ------------------------------------------------------------------- >- --- Try our answer database at --- >- ------------------------------------------------------------------- > > >------- End of Forwarded Message > > > From darrylc at vulcan.telstra.com.au Tue Feb 16 05:48:55 1999 From: darrylc at vulcan.telstra.com.au (Darryl Cording) Date: Tue Dec 2 02:25:12 2003 Subject: Printing permissions Message-ID: <199902160548.PAA15228@vulcan.telecom.com.au> Hi, I have set up some HP printers via Samba by using the Lanman registry hack as documented in NTDOM FAQ, section 2.5 Although the NTWS SP3 client can print test pages as a run of the mill user through the Control Panel/Printers/ Properties, they can't print via any other application (eg: Word, Excel..etc). They are getting the message "...driver not installed, use control panel printers to install the driver". The driver IS installed so I figured it must be a permission problem, knowing what windows error messages are like. If I add the user to the "domain admin group" parameter in smb.conf, printing works like it should. I don't really want all of my users being "Domain Admins", so I was wondering if anybody could inform me of the correct way to do this. I am running Samba 2.0 , I realise that the CVS branch has better group mapping functionality, but I would like to know how it is done with the 2.0 series. Any help will be much appreciated, Thanks Darryl From whn at topelo.lopi.com Tue Feb 16 12:11:39 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:12 2003 Subject: smbpasswd crashes In-Reply-To: Your message of Tue, 16 Feb 1999 10:39:21 +1100. <36C8AF9D.7CAE9CFE@ibm.net> Message-ID: <19990216121139.30320.qmail@topelo.lopi.com> I reported this about two weeks ago and attempted to debug it with help from Luke but I don't know the code base and the effort ran out of steam. The work around I've been using is to use smbpasswd from 2.0.0. I haven't tried 2.0.2 yet. Hope this helps, Bill On Tuesday, Feb 16 1999 at 10:39:21, Rupert Weber-Henschel wrote: >Same here. >CVS HEAD downloaded yesterday (Feb 14). >Running on SuSE Linux 6.0. (glibc 2.0.7 / kernel 2.1.1) >/etc/smbpasswd is an empty file with mode 600 -- it remains unchanged. > > >Here is the output (Note: My domain/workgroup is called RWHOME, *not* >RWHO) > >Trying to add a workstation to the domain: > > rodion:~ # smbpasswd -a -m ws1 > [... shows some smb.conf parameters and connection to port 139...] > [... then pauses for ca. 6 secs. ...] > LSA Open Policy > LSA Query Info Policy > LSA_QUERYINFOPOLICY (level 3): domain:RWHO domain sid:S-0-0 > LSA Query Info Policy > LSA_QUERYINFOPOLICY (level 5): domain: domain >sid:S-1-5-21-1894242129-850291618-198214434 > LSA Close > LSA Query Info Policy > Domain Member - Domain: RWHO SID: S-0-0 > Domain Controller - Domain: SID: >S-1-5-21-1894242129-850291618-198214434 > getfileline: end of file reached > getfileline: end of file reached > Segmentation fault > > >Trying to add a user: > > rodion:~ # smbpasswd -a rw > [...all the same as when adding ws...] > Domain Member - Domain: RWHO SID: S-0-0 > Domain Controller - Domain: SID: >S-1-5-21-1894242129-850291618-198214434 > New SMB password: > Retype new SMB password: > getfileline: end of file reached > getfileline: end of file reached > Segmentation fault > > > >Matt Housh wrote: >> >> Has anyone had this problem, or run across this problem? Every singl >*e >> time I run smbpasswd, without fail, it core dumps. It goes through >> whatever user interaction it's supposed to, such as adding a user >> (prompts for password), but then segfaults, dumping core. This only >> happens when I use the CVS tree, but it's happened with EVERY tree I've >> downloaded, on all four of the machines I've compiled it on. (RedHat >> 5.2, RedHat 5.1, Sparc RedHat 5.2, Debian 2.0) Any ideas? >> > > >-- >Rupert Weber-Henschel >E-Mail: rw@times-square.net >Fax: +49-89-34023886 > >PGP Public Key: http://www.cip.physik.uni-muenchen.de/~weber > From jaeger at morpheus.net Tue Feb 16 14:18:32 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:25:12 2003 Subject: smbpasswd crashes References: <19990216121139.30320.qmail@topelo.lopi.com> Message-ID: <36C97E38.9A84D243@morpheus.net> > The work around I've been using is to use smbpasswd from 2.0.0. I > haven't tried 2.0.2 yet. I've been using the one from 2.0.2, but I had considered the possibility, however unlikely, that this was what was causing my NT machine to miserably fail to connect to a samba-controlled domain... I guess I'll keep messing with it... Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From lkcl at switchboard.net Tue Feb 16 16:00:43 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:12 2003 Subject: what is this in log.nmb? In-Reply-To: <19990215130216Z12819170-4380+14284@samba.anu.edu.au> Message-ID: On Tue, 16 Feb 1999, Andrew Tridgell wrote: > > Can anybody explain me, what is the meaning of the numbers below? > > Look at the SV_TYPE_* definitions in source/include/smb.h > > > What is the difference between PC1, PC2 and PC3? > > What is that number 2 in the PC3's row? > > ... > > MBAPLANNING(1) current master browser = BEETHOVEN > > BEETHOVEN 400c9b2b (Beethoven szervere) > > PC1 40011003 () > > PC3 40011203 () > > PC2 40011003 () > > ... > > the 2 indicates that PC3 offers print services. See the > SV_TYPE_PRINTQ_SERVER definition. > > Does anyone feel like writing a pretty printer for the types? It would > be nice to print: > > (40011003: LOCAL_ONLY,POTENTIAL_BROWSER,NT,PRINTQ,SERVER,WORKSTATION) > > even better if we could have a generic routine for bitmap printing > that takes a structure list like this: > > { > {SV_TYPE_WORKSTATION, "WORKSTATION"}, > {SV_TYPE_SERVER, "SERVER"}, > ... > } > > and then pretty-prints a value on demand rpcclient/display.c:get_server_type_string(). From lkcl at switchboard.net Tue Feb 16 16:03:31 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:12 2003 Subject: what is this in log.nmb? In-Reply-To: <19990215130216Z12819170-4380+14284@samba.anu.edu.au> Message-ID: On Tue, 16 Feb 1999, Andrew Tridgell wrote: > > Can anybody explain me, what is the meaning of the numbers below? > > Look at the SV_TYPE_* definitions in source/include/smb.h > > > What is the difference between PC1, PC2 and PC3? > > What is that number 2 in the PC3's row? > > ... > > MBAPLANNING(1) current master browser = BEETHOVEN > > BEETHOVEN 400c9b2b (Beethoven szervere) > > PC1 40011003 () > > PC3 40011203 () > > PC2 40011003 () > > ... > > the 2 indicates that PC3 offers print services. See the > SV_TYPE_PRINTQ_SERVER definition. > > Does anyone feel like writing a pretty printer for the types? It would > be nice to print: > > (40011003: LOCAL_ONLY,POTENTIAL_BROWSER,NT,PRINTQ,SERVER,WORKSTATION) > > even better if we could have a generic routine for bitmap printing > that takes a structure list like this: > > { > {SV_TYPE_WORKSTATION, "WORKSTATION"}, > {SV_TYPE_SERVER, "SERVER"}, > ... > } > > and then pretty-prints a value on demand there are enough of these in rpcclient/display.c that i've been considering this for a while. also, a reverse version would be extremely useful, with both "enum" and "bitmap" versions. reason: data entry in rpcclient and data display in rpcclient and smbclient and log output. example: regaddkeysec \HKLM\System Administrator RWX ^^^ permissions RWX get turned into a bit-field. example: a version of CACLS.EXE. etc. From dave at www.buffalostate.edu Tue Feb 16 16:17:37 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:12 2003 Subject: Roaming profiles not being updated In-Reply-To: <7a2972$t03$1@zeus.ven.ra.rockwell.com> Message-ID: > My roaming profiles get updated only during the first login but after > that I need to reboot my NT workstation and login again to have them > updated. After I reboot and login again NT prints a mesage saying that > "your local profile is newer than the one stored in the server, do you > want to use the local profile instead of the remote?" > > This is Samba 2.0.2 and NT workstation 4SP4. > > Any help will be appreciated. seems like the system clocks are out of sync between the server and workstation. consider adding "net time /set /yes" in your logon batch file, so as to sync the workstations time with the server. (the above command works for win95/98, but I did NOT test it under NT, but I would assume it does work). (test from command prompt first) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From yan at cardinalengineering.com Tue Feb 16 16:37:27 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:25:12 2003 Subject: smbmount problems? Message-ID: <36C99EC7.21B7E36D@cardinalengineering.com> I am trying to mount a shared NT directory form the samba server. I keep getting the following message: mount error: Invalid argument Please look at smbmount's manual page for possible reasons and the following in the log files Feb 16 11:18:51 portia kernel: smb_dont_catch_keepalive: server->data_ready == NULL I've tried every combination of smbmount commands that I could think of. The mount used to work under 1.9.?; I changed to 2.0.0b5 and it quit working.... my mount command is [root@portia /etc]# smbmount //PANDORA/DATA/ /mnt/data -c portia -U user -P password Was this one of the bugs that was fixed in the production versions? Win32 machines can mount the share. Also, I continue to have problems with smbadduser. The -m option simply does not seem to work. I had to create the entry for pandora by hand. After I added pandora, browsing quit working.... I can use find computer and see all the shares for the computers it finds, but network neighborhood is empty on all machines starting this morning... Nevertheless, one of my users remarked that the network has been remarkably stable since we dumped NT server and switched to samba ;-) TIA, Yan From aperrin at demog.Berkeley.EDU Tue Feb 16 16:36:25 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:13 2003 Subject: Roaming profiles not being updated In-Reply-To: Message-ID: Unfortunately it doesn't work in NT because of permission problems -- the standard 'users' group doesn't have permission to change the system time, so putting net time /set /yes in the logon batch file just generates a 'permission denied' message. (I leave it there anyway so the time gets set whenever an administrator logs in.) If anybody has advice on how to grant this privilege to users *without* editing 100 registries by hand, I'd be interested. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 17 Feb 1999, Dave J. Andruczyk wrote: > > My roaming profiles get updated only during the first login but after > > that I need to reboot my NT workstation and login again to have them > > updated. After I reboot and login again NT prints a mesage saying that > > "your local profile is newer than the one stored in the server, do you > > want to use the local profile instead of the remote?" > > > > This is Samba 2.0.2 and NT workstation 4SP4. > > > > Any help will be appreciated. > > > seems like the system clocks are out of sync between the server and > workstation. consider adding "net time /set /yes" in your logon batch > file, so as to sync the workstations time with the server. (the above > command works for win95/98, but I did NOT test it under NT, but I would > assume it does work). (test from command prompt first) > > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College > > > From dave at www.buffalostate.edu Tue Feb 16 16:51:56 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:13 2003 Subject: Roaming profiles not being updated In-Reply-To: Message-ID: > Unfortunately it doesn't work in NT because of permission problems -- the > standard 'users' group doesn't have permission to change the system time, > so putting net time /set /yes in the logon batch file just generates a > 'permission denied' message. (I leave it there anyway so the time gets > set whenever an administrator logs in.) If anybody has advice on how to > grant this privilege to users *without* editing 100 registries by hand, > I'd be interested. I also beleive there was a "network time" client program for NT (there might be a free one on windowsnt.com, or winfiles.com) that would talk to an ntp time server (redhat 5.2 comes with xntpd, which is easy to get going). first, sync the times, and see if this makes the profile problem go away before going thru the trouble... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From mhw at wittsend.com Tue Feb 16 17:07:50 1999 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:25:13 2003 Subject: smbmount problems? In-Reply-To: <36C99EC7.21B7E36D@cardinalengineering.com> from Yan Seiner at "Feb 17, 1999 3:37:43 am" Message-ID: <199902161707.MAA25812@alcove.wittsend.com> Yan Seiner enscribed thusly: > I am trying to mount a shared NT directory form the samba server. I keep > getting the following message: > mount error: Invalid argument > Please look at smbmount's manual page for possible reasons > and the following in the log files > Feb 16 11:18:51 portia kernel: smb_dont_catch_keepalive: > server->data_ready == NULL > I've tried every combination of smbmount commands that I could think > of. The mount used to work under 1.9.?; I changed to 2.0.0b5 and it > quit working.... > my mount command is > [root@portia /etc]# smbmount //PANDORA/DATA/ /mnt/data -c portia -U user > -P password This is the old syntax for the smbmount program from the smbfs package. This syntax is not yet supported by the Samba version of the smbmount program. Using the smbmount from Samba, the same command would be this: smbmount //PANDORA/DATA password -U user -n portia -c "mount /mnt/data" The smbmount that you were using before did not come from the Samba package at all. If you want to use the old syntax, I currently have a shim script that translates and calls the appropriate smbmount.smbfs or smbmount.samba depending on your kernel rev (the two versions are not compatible). Go to http://www.wittsend.com/mhw/smbmount.html for more information. > Was this one of the bugs that was fixed in the production versions? > > Win32 machines can mount the share. > > Also, I continue to have problems with smbadduser. The -m option simply > does not seem to work. I had to create the entry for pandora by hand. > After I added pandora, browsing quit working.... I can use find > computer and see all the shares for the computers it finds, but network > neighborhood is empty on all machines starting this morning... > > Nevertheless, one of my users remarked that the network has been > remarkably stable since we dumped NT server and switched to samba ;-) > > TIA, > > Yan > -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From svedja at lysator.liu.se Tue Feb 16 17:08:15 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:25:13 2003 Subject: Roaming profiles not being updated In-Reply-To: Message-ID: I use a small shareware program called K9, from the maker of Tardis, that runs as a NT-service and listens to standard NTP-broadcasts on the network. Then I instruct my UNIX-server to broadcast the time thru with the help of NTP-daemon that is included in many systems. Solaris and Linux has it by default and it is called xntp and xntpd there. As you understand the load on the server is minimal, and xntp can sync your local server with other servers, that maybe have a atomic clock connected to it. Dejan On Wed, 17 Feb 1999, Andrew Perrin - Demography wrote: > Unfortunately it doesn't work in NT because of permission problems -- the > standard 'users' group doesn't have permission to change the system time, > so putting net time /set /yes in the logon batch file just generates a > 'permission denied' message. (I leave it there anyway so the time gets > set whenever an administrator logs in.) If anybody has advice on how to > grant this privilege to users *without* editing 100 registries by hand, > I'd be interested. > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Wed, 17 Feb 1999, Dave J. Andruczyk wrote: > > > > My roaming profiles get updated only during the first login but after > > > that I need to reboot my NT workstation and login again to have them > > > updated. After I reboot and login again NT prints a mesage saying that > > > "your local profile is newer than the one stored in the server, do you > > > want to use the local profile instead of the remote?" > > > > > > This is Samba 2.0.2 and NT workstation 4SP4. > > > > > > Any help will be appreciated. > > > > > > seems like the system clocks are out of sync between the server and > > workstation. consider adding "net time /set /yes" in your logon batch > > file, so as to sync the workstations time with the server. (the above > > command works for win95/98, but I did NOT test it under NT, but I would > > assume it does work). (test from command prompt first) > > > > > > Dave J. Andruczyk > > Instructional Support Associate > > Department of Technology > > Buffalo State College > > > > > > > > ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From allen at driversoft.com Tue Feb 16 17:09:54 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:25:13 2003 Subject: Roaming profiles not being updated In-Reply-To: Message-ID: net time /set /yes works under NT. I use it in my login scripts. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Wed, 17 Feb 1999, Dave J. Andruczyk wrote: > > My roaming profiles get updated only during the first login but after > > that I need to reboot my NT workstation and login again to have them > > updated. After I reboot and login again NT prints a mesage saying that > > "your local profile is newer than the one stored in the server, do you > > want to use the local profile instead of the remote?" > > > > This is Samba 2.0.2 and NT workstation 4SP4. > > > > Any help will be appreciated. > > > seems like the system clocks are out of sync between the server and > workstation. consider adding "net time /set /yes" in your logon batch > file, so as to sync the workstations time with the server. (the above > command works for win95/98, but I did NOT test it under NT, but I would > assume it does work). (test from command prompt first) > > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College > > > > From abakun at reac.com Tue Feb 16 17:10:16 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:13 2003 Subject: Roaming profiles not being updated References: Message-ID: <36C9A677.FE2EAD54@reac.com> You can use User Manager to grant the 'set the system time' privledge to Everyone (in the past, I've had to remove the network cable from the machine in order to keep User Manager from crashing because of the various inabilities of samba). But this is equlivent to editing the registry, you need to do it on every machine. I suspose you could put it in a policy file? Anyone know if that would work? Andrew Perrin - Demography wrote: > Unfortunately it doesn't work in NT because of permission problems -- the > standard 'users' group doesn't have permission to change the system time, > so putting net time /set /yes in the logon batch file just generates a > 'permission denied' message. (I leave it there anyway so the time gets > set whenever an administrator logs in.) If anybody has advice on how to > grant this privilege to users *without* editing 100 registries by hand, > I'd be interested. From lkcl at switchboard.net Tue Feb 16 17:57:26 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:13 2003 Subject: what is this in log.nmb? In-Reply-To: Message-ID: On Wed, 17 Feb 1999, Luke Kenneth Casson Leighton wrote: > On Tue, 16 Feb 1999, Andrew Tridgell wrote: > > > > Can anybody explain me, what is the meaning of the numbers below? > > > > Look at the SV_TYPE_* definitions in source/include/smb.h > > > > > What is the difference between PC1, PC2 and PC3? > > > What is that number 2 in the PC3's row? > > > ... > > > MBAPLANNING(1) current master browser = BEETHOVEN > > > BEETHOVEN 400c9b2b (Beethoven szervere) > > > PC1 40011003 () > > > PC3 40011203 () > > > PC2 40011003 () > > > ... > > > > the 2 indicates that PC3 offers print services. See the > > SV_TYPE_PRINTQ_SERVER definition. > > > > Does anyone feel like writing a pretty printer for the types? It would > > be nice to print: > > > > (40011003: LOCAL_ONLY,POTENTIAL_BROWSER,NT,PRINTQ,SERVER,WORKSTATION) > > > > even better if we could have a generic routine for bitmap printing > > that takes a structure list like this: done. From lkcl at switchboard.net Tue Feb 16 18:14:45 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:13 2003 Subject: rpcclient "shutdown" command Message-ID: useful command for unix-admins of nt machines everywhere: remote "shutdown" command in rpcclient. i need to work out which flags do what to get it to reboot rather than sit there. rpcclient -S nt_srv_name -U user [-l log] Password: xxxx smb: /> shutdown [message] [timeout, seconds] OK smb: /> quit i'll do a "shutdown abort" later. luke From greg at discreet.com Tue Feb 16 18:47:02 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:13 2003 Subject: rpcclient "shutdown" command In-Reply-To: Message-ID: yes ooo baby, that's what I need! I'm such a geek! Greg On 16-Feb-99 Luke Kenneth Casson Leighton wrote: > useful command for unix-admins of nt machines everywhere: remote > "shutdown" command in rpcclient. i need to work out which flags do what > to get it to reboot rather than sit there. > > rpcclient -S nt_srv_name -U user [-l log] > Password: xxxx > smb: /> shutdown [message] [timeout, seconds] > OK > smb: /> quit > > i'll do a "shutdown abort" later. > > luke --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From ksmith at barton.ca Tue Feb 16 23:37:11 1999 From: ksmith at barton.ca (Ken Smith) Date: Tue Dec 2 02:25:13 2003 Subject: More Network Neighbourhood Problems Message-ID: <8825671A.00826259.00@planetbarton.bartoninsurance.com> I'm old to Linux but new to SaMBa and have been experimenting with different configurations. My original SMB install was a redhat RPM but I have since downloaded 2.0.0 and installed it the old fashioned way. Now for the problem (smb.conf to follow): When I originally installed smb and configured it I had trouble getting the smb server to show up in Net Neighbours. I eventually got it very stable. Then I upgraded and presto everything worked great. Then I noticed that the server appeared in Net Neighbours when I first logged on but the first time I went into it and then came back out it would disappear from the list. Domain was still there but no server.... To make a long story short, I have been playing and fiddling with the smb.conf and now I can never get the server to appear in the network neighbourhhood or via explorer. I am using Win98 but we have mutlitudes of Win95 machines that can not see the server either. We can all access the server using the "\\servername" format on the address line but I really miss seeing the icon in network neighbourhood. I should point out that when I access the domain via explorer then the server icon appears in the left-hand pane under the domain icon but not in the right-hand pane. (a bit about our surroundings) - the "trial" smb server is running on RedHat Linux 5.2 - it is connected to a large private class A network and resides on the same subnet as one of our NT servers (however, putting it on a net by itself did not correct the problem) - it has it's own Domain name "SAMBA" - it is presently acting as a login server for my workstation - it is fairly friendly with the rest of the network (the SMB.CONF file) # Samba config file created using SWAT # from 10.25.83.134 (10.25.83.134) # Date: 1999/02/16 14:13:40 # Global parameters workgroup = SAMBA netbios name = TRIAL encrypt passwords = Yes map to guest = Bad User passwd program = /usr/bin/passwd %u username map = /usr/local/samba/lib/users.map log level = 3 log file = /usr/local/samba/logs/log.%m time server = Yes load printers = No domain logons = Yes os level = 40 preferred master = Yes domain master = Yes dns proxy = No wins server = 10.25.83.156 guest account = pcguest hosts allow = 10.25. [homes] comment = Home Directories (by user name) path = /home/%u read only = No create mask = 0750 browseable = No [tmp] comment = Temporary file space path = /tmp guest ok = Yes [public] comment = Public Stuff path = /home/samba write list = @staff guest ok = Yes [pchome] comment = PC Directories (by netbios machine name) path = /home/%m username = %S force user = %m read only = No [sagidocs] path = /sagidocs/sagidocs force group = users read only = No guest ok = Yes [software] path = /sagidocs/software read only = No guest only = Yes guest ok = Yes [ftp_pub] path = /home/ftp/pub force group = ftp read only = No guest ok = Yes [Private] comment = Share to test group options path = /sagidocs/private guest account = valid users = admin scrappydoo @staff force user = coe force group = staff read only = No I am open to any and all suggestions on what I am doing wrong here....as I said, I had that darn icon and it occassionally faded but now it is gone entirely and I assume it is a conflict in the network somewhere but I haven't been able to see it in the log.nmb. HELP! From darrylc at vulcan.telstra.com.au Wed Feb 17 01:01:07 1999 From: darrylc at vulcan.telstra.com.au (Darryl Cording) Date: Tue Dec 2 02:25:13 2003 Subject: Printing permissions Message-ID: <199902170101.LAA25480@vulcan.telecom.com.au> Thanks Jerry, Unfortuately this is not the problem as the local clients are using a FAT filesytem. Another intriguing thing I have noticed which may be related is that system policies are only inforced if the user is made a "Domain Admin" via the "domain admin group" parameter. Also if the user is not in the domain admin group they get the error "...the state of your remembered conections can not be saved" when using NET USE commands. I guess it is more to do with group access permissions as it seems to affect more than just printing. Is this sort of behaviour normal, or do I have broken clients? Maybe the CVS group functionallity is the way to go. As I have to rollout a production setup I have been waiting for it to get a bit more stable before revisting it again. If I could just get some sort of consistent group mapping for just "domain admins" and "everyone" else to work under 2.0, that would be enough for now. I guess I could always give all users access to the "Domain Admin" group then enforce stringent policy rules so they don't break thier machines. My worry then would be what backdoors does doing something like this open? I'll keep on battling. If anybody thinks this is strange behaviour and would like a log file to look at, just let me know. regards, darryl From jmeff at engsoc.queensu.ca Wed Feb 17 02:58:06 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:13 2003 Subject: idea: passwd chat script Message-ID: I'm wondering, is it possible to write a shell script to run as the "passwd program" in smb.conf, which essentially calls the unix /usr/bin/passwd, plus whatever other custom things you wish to do? In my case, I'd like to add an extra command to update a user's frontpage passwd when they change their samba password from NT's ctrl-alt-del dialogue, so passwords are in sync (unix/samba/other). (We aren't worried about the security problems with frontpage) I bet there's other possibilities here, so i'm suggesting a new feature for samba 2.1prealpha: allow shell scripts to run from the "passwd program" option (or a new "passwd script" option), and let the "passwd chat" provide the interactive responses to the passwd script. comments/ideas? I think this would simplify password synchronization quite nicely - all from the NT password dialogue. For example, here's a very basic configuration i'm thinking of: * This currently doesn't work in the latest 2.1prealpha CVS smb.conf: passwd program = /usr/local/sbin/pwdchat.sh %u passwd chat = *password* %n\n *password* %n\n *successfull* *password* %n\n *successfull* unix passwd sync = yes here's pwdchat.sh : #!/bin/sh LOGIN=$1 if [ -z $LOGIN ]; then exit 2 fi # Let standard unix-based passwd prompt for the password # "passwd chat" string should handle the responses /usr/bin/passwd $LOGIN # Another passwd program echo -n "re-enter password:" read PASS /usr/bin/another_passwd $LOGIN $PASS echo "all passwords changed successfully" From pfaff at edge.cis.McMaster.CA Wed Feb 17 04:40:54 1999 From: pfaff at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:25:13 2003 Subject: idea: passwd chat script In-Reply-To: Message-ID: On Wed, 17 Feb 1999, Jamie ffolliott wrote: > I'm wondering, is it possible to write a shell script to run as the > "passwd program" in smb.conf, which essentially calls the unix > /usr/bin/passwd, plus whatever other custom things you wish to do? yes, or it can also be a semicolon separated list of commands. i use this to sync my nis master password map: passwd program = /bin/passwd -r files %u; cd /var/yp; /usr/ccs/bin/make passwd passwd chat = *New\spassword:* "%n\n" *new\spassword:* "%n\n" *updated\spasswd* . *pushed\spasswd* > In my case, I'd like to add an extra command to update a user's frontpage > passwd when they change their samba password from NT's ctrl-alt-del > dialogue, so passwords are in sync (unix/samba/other). (We aren't worried > about the security problems with frontpage) sure, that's all possible now. your passwd chat just has to have enough expect-send strings to satisfy the passwd program. > I bet there's other possibilities here, so i'm suggesting a new feature > for samba 2.1prealpha: allow shell scripts to run from the "passwd > program" option (or a new "passwd script" option), and let the "passwd > chat" provide the interactive responses to the passwd script. > > comments/ideas? > > I think this would simplify password synchronization quite nicely - all > from the NT password dialogue. > > For example, here's a very basic configuration i'm thinking of: > * This currently doesn't work in the latest 2.1prealpha CVS > > smb.conf: > passwd program = /usr/local/sbin/pwdchat.sh %u > passwd chat = *password* %n\n *password* %n\n *successfull* *password* > %n\n *successfull* > unix passwd sync = yes > > here's pwdchat.sh : > > #!/bin/sh > LOGIN=$1 > if [ -z $LOGIN ]; then > exit 2 > fi > > # Let standard unix-based passwd prompt for the password > # "passwd chat" string should handle the responses > /usr/bin/passwd $LOGIN > > # Another passwd program > echo -n "re-enter password:" > read PASS > /usr/bin/another_passwd $LOGIN $PASS > echo "all passwords changed successfully" > -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From ambach at unfall.klinik.uni-mainz.de Wed Feb 17 10:15:36 1999 From: ambach at unfall.klinik.uni-mainz.de (Christian Ambach) Date: Tue Dec 2 02:25:13 2003 Subject: More Network Neighbourhood Problems References: <8825671A.00826259.00@planetbarton.bartoninsurance.com> Message-ID: <36CA96C8.45B84E2E@unfall.klinik.uni-mainz.de> Ken Smith schrieb: > > I'm old to Linux but new to SaMBa and have been experimenting with > different configurations. My original SMB install was a redhat RPM but I > have since downloaded 2.0.0 and installed it the old fashioned way. Now > for the problem (smb.conf to follow): > > When I originally installed smb and configured it I had trouble getting the > smb server to show up in Net Neighbours. I eventually got it very stable. > Then I upgraded and presto everything worked great. Then I noticed that > the server appeared in Net Neighbours when I first logged on but the first > time I went into it and then came back out it would disappear from the > list. Domain was still there but no server.... > > To make a long story short, I have been playing and fiddling with the > smb.conf and now I can never get the server to appear in the network > neighbourhhood or via explorer. I am using Win98 but we have mutlitudes of > Win95 machines that can not see the server either. We can all access the > server using the "\\servername" format on the address line but I really > miss seeing the icon in network neighbourhood. > I should point out that when I access the domain via explorer then the > server icon appears in the left-hand pane under the domain icon but not in > the right-hand pane. Did you tell the Windows machines that they are in the Workgroup SAMBA, if not, they won't see the server in the Network Neighborhood. Christian Ambach From lex at tor.prima.tu-chel.ac.ru Wed Feb 17 12:04:42 1999 From: lex at tor.prima.tu-chel.ac.ru (Bic) Date: Tue Dec 2 02:25:13 2003 Subject: smbpasswd and loging in Message-ID: Hi all! I have at least two troubles with Samba. 1. When I add NT workstation to domain with smbpasswd -a -m WS1 it thinks a little and then prints out that I connected to domain MIDGXXXXX (the real name of domain is MIDGARD). Here XXXXX are some randomize characters (possibly stack) and after asks passwords and behave itself good 2. When I add NT workstation to domain and reboot it I try to login and getting new profile. Fine. After I logging out and try to login again. and getting such answer: "Your Enter Bad password or Name. Test that your sy mbols are not capitalized... and so on." And everything I can do after this is to login locally and only removing this station from domain and adding it to domain can help... What should I do? Cheers, SaLiK. From cartegw at Eng.Auburn.EDU Wed Feb 17 13:55:46 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:13 2003 Subject: Printing permissions References: <199902170101.LAA25480@vulcan.telecom.com.au> Message-ID: <36CACA62.B5760DBA@eng.auburn.edu> Darryl Cording wrote: > > Thanks Jerry, > > Unfortuately this is not the problem as the local clients are using > a FAT filesytem. Another intriguing thing I have noticed which may > be related is that system policies are only inforced if the user > is made a "Domain Admin" via the "domain admin group" parameter. > Also if the user is not in the domain admin group they get the > error "...the state of your remembered conections can not be saved" > when using NET USE commands. Are you trying to use older profiles? I have noticed that sometimes the ntuser.dat file gets truncated to 32Kb. At that point it is corrupt and should be deleted. > I guess it is more to do with group access permissions > as it seems to affect more than just printing. > > Is this sort of behaviour normal, or do I have broken clients? Something's not right that's for sure. This is not normal behavior. > I guess I could always give all users access to the > "Domain Admin" group then enforce stringent policy rules > so they don't break thier machines. My worry then would > be what backdoors does doing something like this open? This would be an extremely bad idea in my opinion. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From john at CSUA.Berkeley.EDU Wed Feb 17 14:51:37 1999 From: john at CSUA.Berkeley.EDU (John Morgan Salomon) Date: Tue Dec 2 02:25:13 2003 Subject: Samba as Resource Domain PDC? Message-ID: <199902171451.GAA25452@soda.CSUA.Berkeley.EDU> Hi there, I suppose it's possible that I missed something in this mailing list's archive, but I was wondering whether anyone has succeded in setting up Samba 2.0 as a PDC in an NT resource domain? I'm trying to add an NT 4.0 workstation (create a domain account), but it can't find the domain in question's PDC (Samba server is currently the only machine in there.) My NT server manager also can't find a PDC for the domain; after reading NTDOMAINS.txt, I got the impression that you couldn't really have an NT domain without a PDC? Am I totally on crack, or could someone give me some tips on this? I'm currently not overly concerned with tuning or security, I would just like to get it working of at all possible. Thanks, -John ps: Here is my smb.conf # Global parameters workgroup = ALPS-DEV netbios name = MATTERHORN encrypt passwords = Yes map to guest = Bad Password username map = /usr/local/samba/lib/username.map unix password sync = Yes log level = 4 log file = /var/log/samba/log.%m name resolve order = lmhosts host wins bcast dns os level = 32 preferred master = Yes domain master = Yes wins server = admin users = root admin administrator From dnehring at telemedia.de Wed Feb 17 14:59:42 1999 From: dnehring at telemedia.de (Dirk Nehring) Date: Tue Dec 2 02:25:14 2003 Subject: security = user and security = share simultaneously? In-Reply-To: ; from Greg Dickie on Mon, Feb 15, 1999 at 01:15:58PM -0500 References: <19990215183120.A621@fireball.highway.bertelsmann.de> Message-ID: <19990217155942.A6439@fireball.highway.bertelsmann.de> On Mon, Feb 15, 1999 at 01:15:58PM -0500, Greg Dickie wrote: This works, thanks. Dirk > We do this by spwcifying a netbios alias which has the security option diffent > than the main server. > > Greg > > > On 15-Feb-99 Dirk Nehring wrote: > > Hi folks, > > > > we use our Samba Server 2.0.2 as PDC (security = user). We have now the > > problem to export some share with "security = share". Since "security" > > is a global option, this is not possible. The other possibilty to use > > "\\host\sharexx%user" doesn't work for windows 9x clients, we need to > > provide a valid user name (i.e. "smbclient \\\\host\\sharexx -U > > user" works, but not "smbclient \\\\host\\sharexx%user"). > > > > Is this possible? Can we provide a pseudo share from this server? > > > > Dirk > > > > -- > > Dirk Nehring | Phone: +49 5241 80-1560 > > Telemedia Bertelsmann AG | Fax: +49 5241 80-9518 > > Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de > > 33311 G?tersloh | > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet logic > Montreal > (514) 954-7171 > greg@discreet.com > -- Dirk Nehring | Phone: +49 5241 80-1560 Telemedia Bertelsmann AG | Fax: +49 5241 80-9518 Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de 33311 G?tersloh | From hinman at networkcs.com Wed Feb 17 15:04:24 1999 From: hinman at networkcs.com (Lee E. Hinman) Date: Tue Dec 2 02:25:14 2003 Subject: Roaming profiles not being updated In-Reply-To: <36C9A677.FE2EAD54@reac.com> from Andy Bakun at "Feb 17, 99 04:18:54 am" Message-ID: <199902171504.JAA22963@us.networkcs.com> We do something a little different since our NT machines are done with an unattended install we have it run ntrights as one of the last steps. ntrights.exe -u "Domain Users" +r SeSystemtimePrivilege Lee > You can use User Manager to grant the 'set the system time' privledge to > Everyone (in the past, I've had to remove the network cable from the machine > in order to keep User Manager from crashing because of the various inabilities > of samba). But this is equlivent to editing the registry, you need to do it > on every machine. I suspose you could put it in a policy file? Anyone know > if that would work? > > Andrew Perrin - Demography wrote: > > > Unfortunately it doesn't work in NT because of permission problems -- the > > standard 'users' group doesn't have permission to change the system time, > > so putting net time /set /yes in the logon batch file just generates a > > 'permission denied' message. (I leave it there anyway so the time gets > > set whenever an administrator logs in.) If anybody has advice on how to > > grant this privilege to users *without* editing 100 registries by hand, > > I'd be interested. > -- ___________________________________________________________________________ | Lee E. Hinman PhD. | Email: hinman@networkcs.com | | Network Computing Services Inc. | Phone: 612-337-3442 | | Network & System Admin Group | Pager: 800-759-8352 PIN#1335657 | | 1200 Washington Ave S. | Text-Pager: hinman-page@networkcs.com | | Minneapolis, MN 55415 | Web: www.networkcs.com | --------------------------------------------------------------------------- From greg at discreet.com Wed Feb 17 15:13:55 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:14 2003 Subject: Samba as Resource Domain PDC? In-Reply-To: <199902171451.GAA25452@soda.CSUA.Berkeley.EDU> Message-ID: Did you try "domain logons = yes" ? Greg On 17-Feb-99 John Morgan Salomon wrote: > Hi there, > > I suppose it's possible that I missed something in this mailing list's > archive, but I was wondering whether anyone has succeded in setting > up Samba 2.0 as a PDC in an NT resource domain? I'm trying to add > an NT 4.0 workstation (create a domain account), but it can't find the > domain in question's PDC (Samba server is currently the only machine > in there.) > > My NT server manager also can't find a PDC for the domain; after reading > NTDOMAINS.txt, I got the impression that you couldn't really have an NT > domain without a PDC? Am I totally on crack, or could someone give me > some tips on this? I'm currently not overly concerned with tuning or > security, I would just like to get it working of at all possible. > > Thanks, > > -John > > > ps: Here is my smb.conf > ># Global parameters > workgroup = ALPS-DEV > netbios name = MATTERHORN > encrypt passwords = Yes > map to guest = Bad Password > username map = /usr/local/samba/lib/username.map > unix password sync = Yes > log level = 4 > log file = /var/log/samba/log.%m > name resolve order = lmhosts host wins bcast dns > os level = 32 > preferred master = Yes > domain master = Yes > wins server = > admin users = root admin administrator --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Wed Feb 17 15:29:20 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:14 2003 Subject: Samba as Resource Domain PDC? References: <199902171451.GAA25452@soda.CSUA.Berkeley.EDU> Message-ID: <36CAE050.E16F4667@eng.auburn.edu> John Morgan Salomon wrote: > > # Global parameters > workgroup = ALPS-DEV > netbios name = MATTERHORN > encrypt passwords = Yes > map to guest = Bad Password > username map = /usr/local/samba/lib/username.map > unix password sync = Yes > log level = 4 > log file = /var/log/samba/log.%m > name resolve order = lmhosts host wins bcast dns > os level = 32 > preferred master = Yes > domain master = Yes > wins server = > admin users = root admin administrator add "domain logons = yes" and "os level = 64" just to be safe. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pfrazao at ualg.pt Wed Feb 17 15:40:43 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:14 2003 Subject: Samba as Resource Domain PDC? References: <199902171451.GAA25452@soda.CSUA.Berkeley.EDU> Message-ID: <36CAE2FB.9371DEC5@ualg.pt> John Morgan Salomon wrote: > > Hi there, > > I suppose it's possible that I missed something in this mailing list's > archive, but I was wondering whether anyone has succeded in setting > up Samba 2.0 as a PDC in an NT resource domain? I'm trying to add > an NT 4.0 workstation (create a domain account), but it can't find the > domain in question's PDC (Samba server is currently the only machine > in there.) I have a samba 2.0.2 setup as PDC for a domain. I can add machines to the domain, setup user roaming profiles, sharing files and printers, everything ok with password sync/changing and also setup policies to winnt and 95 client machines/users. Good work folks :) > > My NT server manager also can't find a PDC for the domain; after reading > NTDOMAINS.txt, I got the impression that you couldn't really have an NT > domain without a PDC? Am I totally on crack, or could someone give me > some tips on this? I'm currently not overly concerned with tuning or > security, I would just like to get it working of at all possible. > > Thanks, I believe there are somethings missing in your smb.conf. Here is an excerpt from mine: # Global parameters workgroup = server string = encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *changed* unix password sync = Yes null passwords = No name resolve order = wins bcast lmhosts host deadtime = 1 socket options = TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=4096 SO_SNDBUF=4096 logon path = \\%L\%U\WinProfile logon drive = z: domain logons = Yes logon script = %U.bat os level = 65 preferred master = Yes domain master = Yes wins proxy = No wins support = Yes debug level = 0 message command = csh -c 'xedit %s;rm %s' & create mask = 0740 directory mask = 0750 [netlogon] # This should be the location for your user scripts and policie files path = /usr/local/samba/lib/netlogon browseable = No writeable = No Guest ok = No locking = No public = No [HOMES] read only = No browseable = No Guest ok = No Some coments: Before going to a NT worstation in order to add it to the domain you should create a machine account in the machine running samba: useradd -u -g -d/dev/null -s/bin/false $ smbpasswd -a -m Now go to the NT workstation, Control Panel, Network, Click change and add the machine to the domain. Just one more thing: I compiled samba 2.0.2 with -DNTDOMAIN but I am not shure if this is needed. Hope this helps. Pedro From m.chapman at student.unsw.edu.au Wed Feb 17 22:45:25 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:14 2003 Subject: smbpasswd and loging in References: Message-ID: <36CB4685.11D1FBF0@student.unsw.edu.au> Bic wrote: > I have at least two troubles with Samba. > 1. When I add NT workstation to domain with > smbpasswd -a -m WS1 > it thinks a little and then prints out that I connected to domain > MIDGXXXXX (the real name of domain is MIDGARD). Here XXXXX are some randomize characters (possibly stack) > and after asks passwords and behave itself good Try cvs updating - I fixed a few such problems a couple of days ago. If that doesn't fix it please let me know. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From eparis at ven.ra.rockwell.com Thu Feb 18 00:09:26 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:14 2003 Subject: [SOLVED?] Re: Roaming profiles not being updated References: <7a2972$t03$1@zeus.ven.ra.rockwell.com> Message-ID: <7aflnm$3pp$1@zeus.ven.ra.rockwell.com> Hi guys, My NT workstation did not have any time sync. problem (the login script was running a "NET /TIME /SET" to keep the time in sync. with the Samba PDC). I was using Samba 2.0.2 and my profiles were not being updated after each logoff. However, it looks like after I upgraded to the latest CVS version my problem went away and now the roaming profiles are being updated. Does this sound reasonable (that roaming profiles were not working properly on 2.0.2 but are on 2.1prealpha)? peloy.- Eloy A. Paris wrote: > Hi! > > I have a problem since a little while ago (can't remember when I > started see it). > > My roaming profiles get updated only during the first login but after > that I need to reboot my NT workstation and login again to have them > updated. After I reboot and login again NT prints a mesage saying that > "your local profile is newer than the one stored in the server, do you > want to use the local profile instead of the remote?" > > This is Samba 2.0.2 and NT workstation 4SP4. > > Any help will be appreciated. > > Thanks, > > peloy.- > From jallison at cthulhu.engr.sgi.com Thu Feb 18 00:14:50 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:14 2003 Subject: [SOLVED?] Re: Roaming profiles not being updated References: <7a2972$t03$1@zeus.ven.ra.rockwell.com> <7aflnm$3pp$1@zeus.ven.ra.rockwell.com> Message-ID: <36CB5B7A.B372D165@engr.sgi.com> Eloy A. Paris wrote: > > Hi guys, > > My NT workstation did not have any time sync. problem (the login > script was running a "NET /TIME /SET" to keep the time in sync. with > the Samba PDC). > > I was using Samba 2.0.2 and my profiles were not being updated after > each logoff. > > However, it looks like after I upgraded to the latest CVS version my > problem went away and now the roaming profiles are being updated. > > Does this sound reasonable (that roaming profiles were not working > properly on 2.0.2 but are on 2.1prealpha)? If that's true I need to know about it. The 2.1 code stream is a great domain controller but a lousy fileserver right now :-). Can you investigate the roaming profile problem with 2.0.x some more ? Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From eparis at ven.ra.rockwell.com Thu Feb 18 00:12:02 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS Message-ID: <7aflsi$3pp$2@zeus.ven.ra.rockwell.com> Hi, I'm using today's CVS snapshot of the HEAD branch and I am getting this message in smbd's log file: trust account chapu$ should be in DOMAIN_GROUP_RID_USERS Also, both Server Manager and User Manager for Domains are crashing on my NT4SP4 workstation. Could these two things be related? Thanks! peloy.- From lkcl at switchboard.net Thu Feb 18 00:24:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:14 2003 Subject: [SOLVED?] Re: Roaming profiles not being updated In-Reply-To: <36CB5B7A.B372D165@engr.sgi.com> Message-ID: On Thu, 18 Feb 1999, Jeremy Allison wrote: > Eloy A. Paris wrote: > > > > Hi guys, > > > > My NT workstation did not have any time sync. problem (the login > > script was running a "NET /TIME /SET" to keep the time in sync. with > > the Samba PDC). > > > > I was using Samba 2.0.2 and my profiles were not being updated after > > each logoff. > > > > However, it looks like after I upgraded to the latest CVS version my > > problem went away and now the roaming profiles are being updated. > > > > Does this sound reasonable (that roaming profiles were not working > > properly on 2.0.2 but are on 2.1prealpha)? > > If that's true I need to know about it. The 2.1 code > stream is a great domain controller but a lousy fileserver > right now :-). > > Can you investigate the roaming profile problem with > 2.0.x some more ? it's probably that lsalookupnames/sids call, jeremy. From lkcl at switchboard.net Thu Feb 18 00:32:38 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS In-Reply-To: <7aflsi$3pp$2@zeus.ven.ra.rockwell.com> Message-ID: On Thu, 18 Feb 1999, Eloy A. Paris wrote: > Hi, > > I'm using today's CVS snapshot of the HEAD branch and I am getting > this message in smbd's log file: > > trust account chapu$ should be in DOMAIN_GROUP_RID_USERS > > Also, both Server Manager and User Manager for Domains are crashing on > my NT4SP4 workstation. how many accounts do you have? i have a large-number-of-users bug to fix in SamrEnumDomUsers (or SamrQueryDisplayInfo). > Could these two things be related? no. From jimb at tara-lu.com Thu Feb 18 00:47:17 1999 From: jimb at tara-lu.com (James W Bennett) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS References: Message-ID: <36CB6315.B8A1DCF@tara-lu.com> Luke Kenneth Casson Leighton wrote: > > On Thu, 18 Feb 1999, Eloy A. Paris wrote: > > > Hi, > > > > I'm using today's CVS snapshot of the HEAD branch and I am getting > > this message in smbd's log file: > > > > trust account chapu$ should be in DOMAIN_GROUP_RID_USERS > > > > Also, both Server Manager and User Manager for Domains are crashing on > > my NT4SP4 workstation. > > how many accounts do you have? i have a large-number-of-users bug to fix > in SamrEnumDomUsers (or SamrQueryDisplayInfo). > > > Could these two things be related? > > no. We are geting the same symptoms here with our NT4SP4 Workstations. 10-15 users. If you need any tracing let me know. There also appears to be some kind of dirty buffer or unterminated string problem during login. Sometimes the username in the log files appears correct and sometimes it has apparently random characters appended to them. CVS from 13 Feb NT4SP4 Workstations RedHat Linux 5.2, Kernel 2.0.36 -- Jim Bennett Tara-Lu Corporation email: jimb@tara-lu.com voice: (907) 688-6138 ICQ: 13783490 18943 Melissa Lane www: http://www.tara-lu.com/~jimb/ Chugiak, AK 99567 pgp: finger jimb@tara-lu.com U.S.A. From eparis at ven.ra.rockwell.com Thu Feb 18 01:18:33 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:14 2003 Subject: [SOLVED?] Re: Roaming profiles not being updated References: <7a2972$t03$1@zeus.ven.ra.rockwell.com> <36CB5B7A.B372D165@engr.sgi.com> Message-ID: <7afpp9$8lb$1@zeus.ven.ra.rockwell.com> Hi, Jeremy Allison wrote: >> Does this sound reasonable (that roaming profiles were not working >> properly on 2.0.2 but are on 2.1prealpha)? > > If that's true I need to know about it. The 2.1 code > stream is a great domain controller but a lousy fileserver > right now :-). What do you mean? I haven't noticed anything strange with the 2.1 fileserver code... > Can you investigate the roaming profile problem with > 2.0.x some more ? Sure. Anything special you want me to do? peloy.- From jallison at cthulhu.engr.sgi.com Thu Feb 18 01:34:05 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:14 2003 Subject: [SOLVED?] Re: Roaming profiles not being updated References: <7a2972$t03$1@zeus.ven.ra.rockwell.com> <36CB5B7A.B372D165@engr.sgi.com> <7afpp9$8lb$1@zeus.ven.ra.rockwell.com> Message-ID: <36CB6E0D.D0BF842A@engr.sgi.com> Eloy A. Paris wrote: > > What do you mean? I haven't noticed anything strange with the 2.1 > fileserver code... > The 2.1alpha fileserver code doesn't have a *lot* of the bugfixes that have gone into 2.0.x. One day there will be a big merge (and a groaning and gnashing of teeth :-). > Sure. Anything special you want me to do? Is it reproducible ? If so can you send me either a debug level 100 or NetMon capture log of it occurring ? Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From eparis at ven.ra.rockwell.com Thu Feb 18 01:37:08 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS References: <7aflsi$3pp$2@zeus.ven.ra.rockwell.com> Message-ID: <7afqs4$a2h$1@zeus.ven.ra.rockwell.com> Hi Luke! Luke Kenneth Casson Leighton wrote: > how many accounts do you have? i have a large-number-of-users bug to fix > in SamrEnumDomUsers (or SamrQueryDisplayInfo). Just two user accounts and one machine account. I guess this doesn't qualify as "large-number-of-users" :-) Is there a way to add the machine account to this DOMAIN_GROUP_RID_USERS group? (perhaps I missed a configuration step or something?) peloy.- From eparis at ven.ra.rockwell.com Thu Feb 18 01:38:57 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS References: <36CB6315.B8A1DCF@tara-lu.com> Message-ID: <7afqvh$a2h$2@zeus.ven.ra.rockwell.com> James W Bennett wrote: > There also appears to be some kind of dirty buffer or unterminated string > problem > during login. Sometimes the username in the log files appears correct and > sometimes > it has apparently random characters appended to them. I am not seeing this problem here (CVS from Feb. 17, Linux 2.2.1). peloy.- From atristan at math.ucr.edu Thu Feb 18 01:47:37 1999 From: atristan at math.ucr.edu (andrew tristan) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS In-Reply-To: "Eloy A. Paris" "trust account machine$ should be in DOMAIN_GROUP_RID_USERS" (Feb 18, 11:23am) Message-ID: <199902180147.RAA19076@charity.ucr.edu> I'm seeing this as well; I fetched my cvs copy last week sometime, running on a sunos 5.5.1 machine, compiled with sun's cc v4.1 (I think). While I'm at it, I'm seeing a lot of these: [1999/02/17 16:23:27, 0] smbd/uid.c:(366) ERROR: become root depth is non zero [1999/02/17 16:23:27, 0] smbd/uid.c:(387) ERROR: unbecome root depth is 0 in client log files (it's always the same lines, haven't had time to look at the source). Is this a known problem? A -- On Feb 18, 11:23am, "Eloy A. Paris" wrote: > Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS > Hi, > > I'm using today's CVS snapshot of the HEAD branch and I am getting > this message in smbd's log file: > > trust account chapu$ should be in DOMAIN_GROUP_RID_USERS > > Also, both Server Manager and User Manager for Domains are crashing on > my NT4SP4 workstation. > > Could these two things be related? > > Thanks! > > peloy.- -- End of excerpt from "Eloy A. Paris" -- -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From m.chapman at student.unsw.edu.au Thu Feb 18 04:22:21 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS References: <36CB6315.B8A1DCF@tara-lu.com> Message-ID: <36CB957D.89682419@student.unsw.edu.au> James W Bennett wrote: > There also appears to be some kind of dirty buffer or unterminated string > problem > during login. Sometimes the username in the log files appears correct and > sometimes > it has apparently random characters appended to them. > > CVS from 13 Feb My mistake, fixed soon thereafter. Sorry! Matt -- Matt Chapman m.chapman@student.unsw.edu.au From m.chapman at student.unsw.edu.au Thu Feb 18 04:17:13 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS References: Message-ID: <36CB9448.3CEFBA71@student.unsw.edu.au> > how many accounts do you have? i have a large-number-of-users bug to fix > in SamrEnumDomUsers (or SamrQueryDisplayInfo). I'm currently adding another few info levels to SamrQueryDisplayInfo (mainly for Win95) so I will see what I can do in terms of making it more robust. The trick is to only send as much data as we/the client (as specified in the query) can cope with on each call, and return STATUS_MORE_ENTRIES. I'm also going to make sure the buffer size is returned correctly; I suspect the demarshalling stub doesn't actually check its validity and that causes a few oopses. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From shaun.pankau at mcdata.com Thu Feb 18 04:37:42 1999 From: shaun.pankau at mcdata.com (Shaun Pankau) Date: Tue Dec 2 02:25:14 2003 Subject: Subscribe me Message-ID: <36CB9916.32C19500@mcdata.com> Subscription request. Please add shaun.pankau@mcdata.com to the samba-ntdom mailing list. Thanks. Regards, Shaun Pankau shaun.pankau@mcdata.com Sr. UNIX Administrator (303) 460-3172 - Direct Corporate IT Systems (303) 553-3381 - Pager McDATA Corporation (303) 465-4996 - Fax From Bas.Kelderman at eptl.elf-p.fr Thu Feb 18 08:57:25 1999 From: Bas.Kelderman at eptl.elf-p.fr (Bas.Kelderman@eptl.elf-p.fr) Date: Tue Dec 2 02:25:14 2003 Subject: User level security in Win98 Message-ID: Hi, I'm running Samba 2.0.2 on a RedHat 5.2 - 2.0.36 box and there are some Win98 machines connected to it. At the moment the Samba box is authenticating 'domain' logons and all seems to be runnig well. I just tried to setup the Windows boxes to use user level security instead of share lavel security but then the windows box couldn't find any users. Is there any way in which this will work? (I would like to share my drives only for a few users). Bas From m.chapman at student.unsw.edu.au Thu Feb 18 09:34:47 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:14 2003 Subject: User level security in Win98 References: Message-ID: <36CBDEB7.C2E7C3B8@student.unsw.edu.au> Bas.Kelderman@eptl.elf-p.fr wrote: > I'm running Samba 2.0.2 on a RedHat 5.2 - 2.0.36 box and there are some > Win98 machines connected to it. At the moment the Samba box is > authenticating 'domain' logons and all seems to be runnig well. I just > tried to setup the Windows boxes to use user level security instead of > share lavel security but then the windows box couldn't find any users. > Is there any way in which this will work? (I would like to share my > drives only for a few users). I remember someone posted information on how to manually set access controls in the registry, you may want to search the archives. As for the latest CVS code, I've just implemented the necessary RPC calls and am now testing; will be ready within 24 hours :-) Matt -- Matt Chapman m.chapman@student.unsw.edu.au From reiffert at student.physik.uni-mainz.de Thu Feb 18 13:11:40 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:25:14 2003 Subject: NT gets ill while browsing Domaine-Users Message-ID: <36CC118C.6F189DDD@student.physik.uni-mainz.de> While trying to add some Rights and perms, NT trys to browse the Domaine-Users, gets ill, and the explorer is restarted. This sucks. (nt too) Does anybody else has this problem ? When i stop the smbd i can browse the local users and groups (but not the domaine users). Thomas -- Thomas Reifferscheid www: http://www.uni-mainz.de/~reift005 ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From greg at discreet.com Thu Feb 18 14:58:10 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:14 2003 Subject: latest CVS Message-ID: seems to crash the Loser Manager for Domains. May not be new, I have not tried it for awhile. more unicode? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From ingeh at student.uit.no Thu Feb 18 17:09:59 1999 From: ingeh at student.uit.no (Inge-Haavard Hunstad) Date: Tue Dec 2 02:25:14 2003 Subject: latest CVS References: Message-ID: <36CC4967.1C896FD0@cc.uit.no> Greg Dickie wrote: > > seems to crash the Loser Manager for Domains. > > May not be new, I have not tried it for awhile. > > more unicode? I have the same problem but there is another one too, if it isn't me whos doing it all wrong. In rpcclient I'm doing a remote shutdown. This looks ok, but suddenly it starts to write a lot of "receive_smb: length < 0!". It's like it loops. Can sombody tell me i this is normal behavior. Inge-H?vard From lkcl at switchboard.net Thu Feb 18 17:14:34 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS In-Reply-To: <7afqs4$a2h$1@zeus.ven.ra.rockwell.com> Message-ID: On Thu, 18 Feb 1999, Eloy A. Paris wrote: > Hi Luke! hi eloy, you been off the scene for a while, what brings you back? > Luke Kenneth Casson Leighton wrote: > > > how many accounts do you have? i have a large-number-of-users bug to fix > > in SamrEnumDomUsers (or SamrQueryDisplayInfo). > > Just two user accounts and one machine account. I guess this doesn't > qualify as "large-number-of-users" :-) dur, nope! > Is there a way to add the machine account to this > DOMAIN_GROUP_RID_USERS group? (perhaps I missed a configuration step > or something?) domain group map set an entry "Domain Users"=some_unix_group and then make all trust accounts a member of that unix group. From lkcl at switchboard.net Thu Feb 18 17:16:42 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:14 2003 Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS In-Reply-To: <199902180147.RAA19076@charity.ucr.edu> Message-ID: dudes, good people, please try to stay current when reporting issues, things change pretty fast sometimes (by the hour). for your own peace of mind, however, if you find a version that works for you then *keep a copy*. alternatively you can always use the -D option to get a back-dated cvs version. luke On Thu, 18 Feb 1999, andrew tristan wrote: > I'm seeing this as well; I fetched my cvs copy last week sometime, running on a > sunos 5.5.1 machine, compiled with sun's cc v4.1 (I think). > > While I'm at it, I'm seeing a lot of these: > [1999/02/17 16:23:27, 0] smbd/uid.c:(366) > ERROR: become root depth is non zero > [1999/02/17 16:23:27, 0] smbd/uid.c:(387) > ERROR: unbecome root depth is 0 > in client log files (it's always the same lines, haven't had time to look > at the source). Is this a known problem? > A > > -- On Feb 18, 11:23am, "Eloy A. Paris" wrote: > > Subject: trust account machine$ should be in DOMAIN_GROUP_RID_USERS > > Hi, > > > > I'm using today's CVS snapshot of the HEAD branch and I am getting > > this message in smbd's log file: > > > > trust account chapu$ should be in DOMAIN_GROUP_RID_USERS > > > > Also, both Server Manager and User Manager for Domains are crashing on > > my NT4SP4 workstation. > > > > Could these two things be related? > > > > Thanks! > > > > peloy.- > -- End of excerpt from "Eloy A. Paris" -- > > > > -- > andrew.tristan@ucr.edu Unix Systems Group, UC Riverside > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From Inge-Havard.Hunstad at cc.uit.no Thu Feb 18 17:58:51 1999 From: Inge-Havard.Hunstad at cc.uit.no (Inge-Haavard Hunstad) Date: Tue Dec 2 02:25:15 2003 Subject: latest CVS Message-ID: <199902181758.SAA17381@apache.cc.uit.no> Greg Dickie wrote: > > seems to crash the Loser Manager for Domains. > > May not be new, I have not tried it for awhile. > > more unicode? I have the same problem but there's another one too, if it isn't me whos doing it all wrong. In rpcclient I'm doing a remote shutdown. This looks ok, but suddenly it starts to write a lot of "receive_smb: length < 0!". It's like it loops. Can sombody tell me if this is normal behavior. Inge-H?vard From lkcl at switchboard.net Thu Feb 18 18:13:57 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:15 2003 Subject: latest CVS In-Reply-To: Message-ID: On Fri, 19 Feb 1999, Greg Dickie wrote: > > seems to crash the Loser Manager for Domains. > > May not be new, I have not tried it for awhile. > > more unicode? oops, no - a bug in rpc_client/parse_reg.c's "reg_r_info" routine that's been in there for months, sometimes it junks usrmgr sometimes it doesn't, how odd... explains a lot, though! From brian at bstc.net Thu Feb 18 17:31:01 1999 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:25:15 2003 Subject: User level security in Win98 References: Message-ID: <36CC4E55.6EDDCA8B@bstc.net> checkout my work-arounds.. at: http://bstc.net/~brian/docs/w95-8-registry-info/ Brian Roberson BrainStorm Technologies Linux Solution Provider (402) 690-7306 http://www.bstc.net/ Bas.Kelderman@eptl.elf-p.fr wrote: > Hi, > > I'm running Samba 2.0.2 on a RedHat 5.2 - 2.0.36 box and there are some > Win98 machines connected to it. At the moment the Samba box is > authenticating 'domain' logons and all seems to be runnig well. I just > tried to setup the Windows boxes to use user level security instead of > share lavel security but then the windows box couldn't find any users. > Is there any way in which this will work? (I would like to share my > drives only for a few users). > > Bas From lkcl at switchboard.net Thu Feb 18 22:49:25 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:15 2003 Subject: latest CVS In-Reply-To: <36CC4967.1C896FD0@cc.uit.no> Message-ID: On Fri, 19 Feb 1999, Inge-Haavard Hunstad wrote: > Greg Dickie wrote: > > > > seems to crash the Loser Manager for Domains. > > > > May not be new, I have not tried it for awhile. > > > > more unicode? > > I have the same problem but there is another one too, if it isn't me > whos doing it all wrong. > > In rpcclient I'm doing a remote shutdown. This looks ok, but suddenly it > starts to write a lot of "receive_smb: length < 0!". It's like it loops. it's probably because you shut the remote server down, it loses a connection :) > Can sombody tell me i this is normal behavior. i have absolutely no idea, i just wrote that command a few days ago, just for fun. From sansdrap at hedy.ucl.ac.be Fri Feb 19 10:25:56 1999 From: sansdrap at hedy.ucl.ac.be (Jacques Sansdrap) Date: Tue Dec 2 02:25:15 2003 Subject: Unix groups enumeration Message-ID: <36CD3C34.F86A2D86@hedy.ucl.ac.be> On Linux RH 5.2, last HEAD branch (and a few ones before): The last group of /etc/group is not presented on the NT side (like user manager). On another subject: does the Win32 call "NetUserGetInfo" is supposed to work? Thanks to all members of the samba team for a nice work. JS From marcjadu at moosburg.org Fri Feb 19 12:14:28 1999 From: marcjadu at moosburg.org (MarcVJ) Date: Tue Dec 2 02:25:15 2003 Subject: how to save win profiles only on server? References: <36CD3C34.F86A2D86@hedy.ucl.ac.be> Message-ID: <36CD55A4.338B9BE3@moosburg.org> Is it possible to tell Samba/Windows to save user profiles only on the server and not to back it up locally? If yes , how???? From pfrazao at ualg.pt Fri Feb 19 12:38:04 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:15 2003 Subject: how to save win profiles only on server? References: <36CD3C34.F86A2D86@hedy.ucl.ac.be> <36CD55A4.338B9BE3@moosburg.org> Message-ID: <36CD5B2C.731C603A@ualg.pt> MarcVJ wrote: > > Is it possible to tell Samba/Windows to save user profiles only on the > server and not to back it up locally? > If yes , how???? Yes, it is possible. Use the system policies editor (NT software), create a new policy. There is a setting in Default Computer or Default User which allows you to enable deletion of cached copies of roaming profiles. Save the policy file with the name ntconfig.pol and place it in your [netlogon] share. Go to the workstations, Control Panel, Services and start the Directory Replicator Service. Don't forget to set it for Automatic startup. Go to Control Panel (you should be there), Server and under Replication, enable Import Directories. Et voila, this should do it. Probably there should be a registry key that you could simply modify, without the need for these policies stuff. I dont know which key. Maybe you will find these policies usefull for other purposes, but have some caution with some settings (you can get a lot of headaches with this thing). I am assuming your samba is a PDC. Hope this helps. Ciao, -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872959 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From Chad.Campbell at innovision.com Fri Feb 19 12:53:30 1999 From: Chad.Campbell at innovision.com (Chad Campbell) Date: Tue Dec 2 02:25:15 2003 Subject: 2.0.2 SID problem? Message-ID: <36CD5ECA.E09B0F3C@innovision.com> In trying to move from 2.0 to 2.0.2, we found that all of our user profiles were rendered useless. Anyone that logged on to the domain had a new profile created. This is due to the SID fix, right? Now that the SIDs have changed, NTUSER.DAT files with the old SIDs are useless. Is there a workaround for this, or will we just have to start over with fresh profiles? Thanks, Chad -- Chad Campbell Software Engineer, Innovision Corporation Chad.Campbell@innovision.com (913)226-8700 From greg at discreet.com Fri Feb 19 13:43:02 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:15 2003 Subject: Greg's annoying daily CVS report Message-ID: Today the domain user manager does not crash but I get "A device attached to the system is not functioning" This one has popped up before intermittently. Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From Jean-Francois.Micouleau at dalalu.fr Fri Feb 19 13:48:06 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:25:15 2003 Subject: 2.0.2 SID problem? In-Reply-To: <36CD5ECA.E09B0F3C@innovision.com> Message-ID: On Fri, 19 Feb 1999, Chad Campbell wrote: > In trying to move from 2.0 to 2.0.2, we found that all of our user > profiles were rendered useless. Anyone that logged on to the domain had > a new profile created. This is due to the SID fix, right? yes. > Now that the > SIDs have changed, NTUSER.DAT files with the old SIDs are useless. Is > there a workaround for this, or will we just have to start over with > fresh profiles? No, there is no workaround. I would even delete all the profiles: the roaming ones on the server and the local copies on the workstations. I had some strange behaviour with NT from not doing it the first time. J.F. From Werner_Gaubatz at Physik.TU-Muenchen.DE Fri Feb 19 13:56:22 1999 From: Werner_Gaubatz at Physik.TU-Muenchen.DE (Werner Gaubatz) Date: Tue Dec 2 02:25:16 2003 Subject: 2.0.2 SID problem? In-Reply-To: Your message of "Fri, 19 Feb 1999 23:56:10 +1100." <36CD5ECA.E09B0F3C@innovision.com> Message-ID: <199902191356.OAA08946@srv.cip.physik.tu-muenchen.de> Hi Chad ! You wrote: > In trying to move from 2.0 to 2.0.2, we found that all of our user > profiles were rendered useless. Anyone that logged on to the domain had > a new profile created. This is due to the SID fix, right? Now that the > SIDs have changed, NTUSER.DAT files with the old SIDs are useless. Is > there a workaround for this, or will we just have to start over with > fresh profiles? I had that problem just a week ago. I used the following procedure: 1) copy all (more or less) useless NTUSER.DAT to a local NT machine: Ask all users to log in at that workstation. The profiles will be stored locally in c:\winnt\profiles\$USER\NTUSER.DAT 2) log in as administrator on this machine. Physically DISCONNECT the computer from the network. Otherwise regedt32 dumps core, when it tries to read the user names from SAMBA PDC. Now you just have to wait for a timeout and get a ignorable error message about a missing and incomplete user list :-) 3) user regedt32 to load a new structure from each NTUSER.DAT of all your users. For each structure delete the "unknown user" in the security information. Now add "everybody" with full permissions for the complete tree to each profile. Once this is finished, unload all structures and close regedt32. 4) reconnect the computer to the network. copy recursively all directories from c:\winnt\profiles\$USER\ containig the modified profiles to your server to eg. /tmp/new-profiles/$USER/ 5) telnet into your server, where all profiles are stored and become root. For each of your users you'll have to copy the new profiles to the proflie-directory for this user as this user to get the UNIX-ownership and permissions right. su root with root-password for each user do: su - $USER (you won't need a password here) cd path-to-profile-directory-for-this-user (might be ~/profile) cp -r /tmp/new-profiles/$USER/* . (cp -r copies recursively all files) logout Whie you do all the copying back, your users shoul not be logged in. Otherwises the fixed profile will be overwritten by a broken one when the user logs out at the other NT-Machine. Tedious, but this will keep all your users happier, beacuse they won't loose their customisations for WinWord, the desktop, .... Hope this helps a little bit. But there is definitely a problem: all the profiles are now world-read-- and -writable in the sense NT uses the access rights to a profile. Werner ------------------------------------------------------------------------------ Werner Gaubatz Tel: +49 (89) 289 12182 FRM-II Bau Fax: +49 (89) 289 12112 Technische Universit"at M"unchen mailto:gaubatz@physik.tu-muenchen.de D-85747 Garching / Germany http://www.frm2.tu-muenchen.de ------------------------------------------------------------------------------ From jan.van.rensburg at epiuse.com Fri Feb 19 14:07:04 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:25:16 2003 Subject: smb authentication for apache Message-ID: hi there, has anybody figured out a way to let apache 1.3.x authenticate against a NT4SP4 server? i compiled apache with the mod_auth_pam module, and installed pam_smb module by Dave Airlie but i can't get it work. i know the pam_smb modlule must work, because i could make it work with telnet. out of my httpd.conf: AuthType Basic AuthName "web site" require group some_unix_group AuthUserFile /etc/passwd i've tried various permutations with /etc/pam.d/httpd, at the moment i have: auth required /lib/security/pam_smb_auth.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_pwdb.so if i do a tcpdump it looks like the apache server talks to the NT server, and there's even a success audit in the NT event log. any ideas appreciated. --jan van rensburg From Michel.Christaller at cea.fr Fri Feb 19 15:27:56 1999 From: Michel.Christaller at cea.fr (Michel Christaller) Date: Tue Dec 2 02:25:16 2003 Subject: Upgrading prealpha to 2.0 Message-ID: <36CD82FC.AF71DCF@cea.fr> Hi, I use a samba prealpha-2 as "PDC" for my NT workstations. This has a "domain sid" line in smb.conf and a smbpasswd containing MACHINE$ entries and passwords. Now I want to upgrade to samba 2.0. My main concern is not having to reintegrate my NT workstations to the domain after. I know I can write my current sid to the MACHINE.SID file. But can I keep the smbpasswd unchanged ? Will my NT stations log into the domain without having to integrate them again ? -- Michel Christaller System Engineer - Ath?sa > Support open source software ! < From lkcl at switchboard.net Fri Feb 19 15:37:36 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:16 2003 Subject: Unix groups enumeration In-Reply-To: <36CD3C34.F86A2D86@hedy.ucl.ac.be> Message-ID: On Fri, 19 Feb 1999, Jacques Sansdrap wrote: > On Linux RH 5.2, last HEAD branch (and a few ones before): > > The last group of /etc/group is not presented on the NT side aaww, darn. well spoted. > (like user manager). > > On another subject: does the Win32 call "NetUserGetInfo" is > supposed to work? yes, but only at one specific info level. it also depends whether the call is being made from 95 or nt. > Thanks to all members of the samba team for a nice work. ta! From lkcl at switchboard.net Fri Feb 19 15:45:53 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:16 2003 Subject: Unix groups enumeration In-Reply-To: <36CD3C34.F86A2D86@hedy.ucl.ac.be> Message-ID: On Fri, 19 Feb 1999, Jacques Sansdrap wrote: > On Linux RH 5.2, last HEAD branch (and a few ones before): > > The last group of /etc/group is not presented on the NT side > (like user manager). it won't get presented on aliases, built-in or domain groups, fixed this. thanx! From lkcl at switchboard.net Fri Feb 19 15:53:32 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:16 2003 Subject: 2.0.2 SID problem? In-Reply-To: <36CD5ECA.E09B0F3C@innovision.com> Message-ID: On Fri, 19 Feb 1999, Chad Campbell wrote: > In trying to move from 2.0 to 2.0.2, we found that all of our user > profiles were rendered useless. Anyone that logged on to the domain had > a new profile created. This is due to the SID fix, right? Now that the yes. sorry. we were using strtol which only copes with signed longs, and has an upper limit. we grabbed the gnu source for strtoul > SIDs have changed, NTUSER.DAT files with the old SIDs are useless. Is > there a workaround for this, or will we just have to start over with > fresh profiles? ok, you will need to know what the old sid was. any sub-components above 0x7fffffff will need to be set to 0x7fffffff. i'm not so sure that anyone really wants to do this. or... jeremy, did we fix this _prior_ to release? is the real fix to do with that stuff-up with 0x15 and 15 and 0x20 and 20 etc in S-1-5-21 i think the fix, chad, may be to modify the .SID file to say S-1-5-0x15-... instead of S-1-5-0x21-... it's all very painful and i'm sorry about it, but what are you doing using 2.0 and/or 2.0.2 as a PDC? (lord help us all with pre-alpha code, microsoft is going to put that damn KB article advising people not to use samba after all...) :-) luke From lkcl at switchboard.net Fri Feb 19 15:54:11 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:16 2003 Subject: Greg's annoying daily CVS report In-Reply-To: Message-ID: On Sat, 20 Feb 1999, Greg Dickie wrote: > > Today the domain user manager does not crash but I get > "A device attached to the system is not functioning" argh, no rest for the wicked. i've said that before, haven't i? From greg at discreet.com Fri Feb 19 15:58:59 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:16 2003 Subject: Greg's annoying daily CVS report In-Reply-To: Message-ID: On 19-Feb-99 Luke Kenneth Casson Leighton wrote: > On Sat, 20 Feb 1999, Greg Dickie wrote: > >> >> Today the domain user manager does not crash but I get >> "A device attached to the system is not functioning" > > argh, no rest for the wicked. i've said that before, haven't i? Ooo ya --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From Chad.Campbell at innovision.com Fri Feb 19 16:26:00 1999 From: Chad.Campbell at innovision.com (Chad Campbell) Date: Tue Dec 2 02:25:16 2003 Subject: 2.0.2 SID problem? References: Message-ID: <36CD9098.712AA1AC@innovision.com> > it's all very painful and i'm sorry about it, but what are you doing using > 2.0 and/or 2.0.2 as a PDC? (lord help us all with pre-alpha code, > microsoft is going to put that damn KB article advising people not to use > samba after all...) I know, I know - it's this thing called a "Corporate Initiative (TM)," and it's main goal is both to get rid of NT as a server and to make thin clients out of our NT workstations. It started in August back when PDC support was (at least by my understanding) slated for 2.0. By December, when I realized 2.0 was not going to have stable PDC support, it was too late to hold off on the project, so we went with the alpha code anyway. The good news is that we've only needed some minor workarounds related to the lack of NT group support. The SID problem is the only big problem so far. However, even if we don't go with the fixes given on the list, we have the capability to reload NT and all apps on every machine in about 30 minutes with new profiles. So don't waste too much time helping us out on this - and thanks for all the help so far. Chad -- Chad Campbell Software Engineer, Innovision Corporation Chad.Campbell@innovision.com (913)226-8700 From jallison at cthulhu.engr.sgi.com Fri Feb 19 17:12:33 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:16 2003 Subject: 2.0.2 SID problem? References: Message-ID: <36CD9B81.FC8EF627@engr.sgi.com> Luke Kenneth Casson Leighton wrote: > or... jeremy, did we fix this _prior_ to release? is the real fix to do > with that stuff-up with 0x15 and 15 and 0x20 and 20 etc in S-1-5-21 i > think the fix, chad, may be to modify the .SID file to say S-1-5-0x15-... > instead of S-1-5-0x21-... Yes I did change this prior to release. The real problem is the mistake with the 0x15 and 15. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From greg at discreet.com Fri Feb 19 17:27:06 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:16 2003 Subject: Greg's annoying daily CVS report In-Reply-To: Message-ID: Allright since you were all so nice to me here's another problem.... server manager for domains crashes. Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Fri Feb 19 17:40:07 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:16 2003 Subject: Greg's annoying daily CVS report In-Reply-To: Message-ID: On Fri, 19 Feb 1999, Greg Dickie wrote: > > Allright since you were all so nice to me here's another problem.... > > server manager for domains crashes. i know, i just noticed that i'm trying to get samr_enum_dom_users() working and i need another test case. i'll checkin what i've found so far on samr_lookup_names() so you can get the same "access denied" error that i get :-) From greg at discreet.com Fri Feb 19 18:01:31 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:16 2003 Subject: Greg's annoying daily CVS report In-Reply-To: Message-ID: You are the bestest On 19-Feb-99 Luke Kenneth Casson Leighton wrote: > On Fri, 19 Feb 1999, Greg Dickie wrote: > >> >> Allright since you were all so nice to me here's another problem.... >> >> server manager for domains crashes. > > i know, i just noticed that i'm trying to get samr_enum_dom_users() > working and i need another test case. i'll checkin what i've found so far > on samr_lookup_names() so you can get the same "access denied" error that > i get :-) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From abakun at reac.com Fri Feb 19 18:29:56 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:16 2003 Subject: 2.0.2 SID problem? References: <199902191356.OAA08946@srv.cip.physik.tu-muenchen.de> Message-ID: <36CDADA4.44D49CC2@reac.com> In Control Panel | System | User Profiles, Adminstrator accounts have the ability to "copy" a profile. Could this make it easier to do this, rather than having to use regedt32? Werner Gaubatz wrote: > 1) copy all (more or less) useless NTUSER.DAT to a local NT machine: > Ask all users to log in at that workstation. The profiles will be stored > locally in c:\winnt\profiles\$USER\NTUSER.DAT > > 2) log in as administrator on this machine. Physically DISCONNECT the > computer from the network. Otherwise regedt32 dumps core, when it tries > to read the user names from SAMBA PDC. Now you just have to wait for a > timeout and get a ignorable error message about a missing and incomplete > user list :-) > > 3) user regedt32 to load a new structure from each NTUSER.DAT of all > your users. For each structure delete the "unknown user" in the > security information. Now add "everybody" with full permissions for > the complete tree to each profile. Once this is finished, unload all > structures and close regedt32. > > From Werner_Gaubatz at physik.tu-muenchen.de Fri Feb 19 19:47:05 1999 From: Werner_Gaubatz at physik.tu-muenchen.de (Werner Gaubatz) Date: Tue Dec 2 02:25:16 2003 Subject: 2.0.2 SID problem? In-Reply-To: Your message of "Fri, 19 Feb 1999 12:29:56 CST." <36CDADA4.44D49CC2@reac.com> Message-ID: <199902191947.UAA05167@srv.cip.physik.tu-muenchen.de> Andy Bakun wrote: > In Control Panel | System | User Profiles, Adminstrator accounts have > the ability to "copy" a profile. Could this make it easier to do this, > rather than having to use regedt32? > > > > > I'v had no success to read this profile again as a normal user in a first trial step. The access infomation is stored in the NTUSER.DAT file. Somehow you have to get the information, who might read this profile into this file. Once i found the legthy and somwhat difficult solution for my 10 or 12 users, i used it and did'nt spend more time with control panel to copy a profile. So i don't know, who get's access to this new profile. Maybe control panel is easier..... you'll have to try how to get in the access rights for the users. As far as i understood this NT bussiness, regedt32 was the only way. Werner Gaubatz From cigor at EUnet.yu Fri Feb 19 21:17:15 1999 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:25:16 2003 Subject: how to save win profiles only on server? Message-ID: <01be5c4d$398b24d0$0200a8c0@big.co.yu> -----Original Message----- From: Pedro Miguel Frazao Fernandes Ferreira To: Multiple recipients of list Date: Friday, February 19, 1999 13:44 Subject: Re: how to save win profiles only on server? > Probably there should be a registry key that you could simply modify, >without the need for these policies stuff. I dont know which key. Maybe >you will find these policies usefull for other purposes, but have some >caution with some settings (you can get a lot of headaches with this >thing). > I am assuming your samba is a PDC. Hope this helps. Yes it is posible. YOu do not have to create NTconfig.pol. You have to select open registry from first menu. Then under Local computer on the same location you can enagle Delete chached Roaming profiles. This will do the trick. I hope this helps. ______________________________________________ Colovic Igor Linux Users Group of Yugoslavia www.linux.org.yu cigor@eunet.yu DelphiPro@yahoo.com From eparis at ven.ra.rockwell.com Fri Feb 19 22:00:01 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:25:16 2003 Subject: [SOLVED?] Re: Roaming profiles not being updated References: <7a2972$t03$1@zeus.ven.ra.rockwell.com> <36CB5B7A.B372D165@engr.sgi.com> Message-ID: <7akmt1$53b$1@zeus.ven.ra.rockwell.com> Jeremy, Luke, all: Jeremy Allison wrote: >> Does this sound reasonable (that roaming profiles were not working >> properly on 2.0.2 but are on 2.1prealpha)? > > If that's true I need to know about it. The 2.1 code > stream is a great domain controller but a lousy fileserver > right now :-). > > Can you investigate the roaming profile problem with > 2.0.x some more ? It looks like I was completely wrong in diagnosing the cause of the problem. I thought the problem got solved by moving from 2.0.2 to 2.1prealpha but after a great successful start I found out that under some circumstances the roaming profiles were not being updated either. I discovered that the problem hapens when I log into the Samba domain and _then_ I log into our NetWare server by using the IntranetWare client. Then, when I log off, the NT workstation does not connect to the Profiles share and therefore the roaming profile does not get updated. I bet the same thing would happen if I were loging in into a NT PDC. This crappy Novell IntranetWare client is always causing problems with NT. It's not the first time this client causes problems. It's an old version though, I should probably try a newer one. So, go ahead with 2.0.3 Jeremy! Sorry for the false alarm :-( peloy.- From mhaigh at village.vu.edu.au Sat Feb 20 00:58:09 1999 From: mhaigh at village.vu.edu.au (Mick Haigh) Date: Tue Dec 2 02:25:16 2003 Subject: setting "User cannot change password" Message-ID: <36CE08A1.477456C7@village.vu.edu.au> Hiya everyone - I haven't been paying much attention to this list of late (too busy), and I couldn't find anything on this topic in the ntdom archives. Is there a flag that one can put in the password file which will stop a user from being able to change their password using the Ctrl-Alt-Delete method?? TIA Mick -------------- next part -------------- A non-text attachment was scrubbed... Name: mhaigh.vcf Type: text/x-vcard Size: 229 bytes Desc: Card for Mick Haigh Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990220/8ee9b0b1/mhaigh.vcf From whn at topelo.lopi.com Sat Feb 20 01:20:49 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:16 2003 Subject: Summary of Re: how to save win profiles only on server? In-Reply-To: Your message of Sat, 20 Feb 1999 08:19:50 +1100. <01be5c4d$398b24d0$0200a8c0@big.co.yu> Message-ID: <19990220012049.6569.qmail@topelo.lopi.com> Howdy, There were two responses to the MarcVJ's question and I'm trying understand this since I bumped into this today. Doing only 3a below didn't fix it for me which is what I tried on my own. So the summary as I understand it is: 1. Control Panel/Services - set Directory Replicator Service to Automatic. 2. Control Panel/Server - under Replications, enable Import Directories. It looks a bit more complicated this - need to tell it a local directory (default okay?) and add the samba server - is this correct? Tomorrow morning I'll be trying out these steps but I don't have email there so I'd like to avoid any potential problems) 3a. On a global basis create the ntconfig.pol and place it in [netlogon] share as as outline by Pedro (below). All the NT Workstations will then properly use the Roaming Profiles or 3b. On a host by host basis I can follow Colovic's advice (further below) and edit the registry and under "Local Computer" enable "Delete Cachedg Roaming Profile" (or some such but I get the drift - IMHO the policy editor holds your hand a bit better and makes it easier). Corrections are encouraged! Bill On Friday, Feb 19 1999 at 23:40:19, Pedro Miguel Frazao Fernandes Ferreira wrot >*e: > Yes, it is possible. Use the system policies editor (NT software), >create a new policy. There is a setting in Default Computer or Default >User which allows you to enable deletion of cached copies of roaming >profiles. Save the policy file with the name ntconfig.pol and place it >in your [netlogon] share. Go to the workstations, Control Panel, >Services and start the Directory Replicator Service. Don't forget to set >it for Automatic startup. Go to Control Panel (you should be there), >Server and under Replication, enable Import Directories. Et voila, this >should do it. > Probably there should be a registry key that you could simply modify, >without the need for these policies stuff. I dont know which key. Maybe >you will find these policies usefull for other purposes, but have some >caution with some settings (you can get a lot of headaches with this >thing). On Saturday, Feb 20 1999 at 08:19:50, "Colovic Igor" wrote: >Yes it is posible. YOu do not have to create NTconfig.pol. >You have to select open registry from first menu. >Then under Local computer on the same location you can enagle Delete chached >Roaming profiles. >This will do the trick. From mhaigh at village.vu.edu.au Sat Feb 20 01:30:07 1999 From: mhaigh at village.vu.edu.au (Mick Haigh) Date: Tue Dec 2 02:25:16 2003 Subject: setting "User cannot change password" Message-ID: <36CE101E.173E2DA8@village.vu.edu.au> Hmm - seems I forgot to turn off my vCard :( Anyway - my last post said - is there a flag that I can set in a password entry that will prevent a user from changing his/her password from NT?? I had a look throught the archives but couldn't find anything. TIA. Mick -------------- next part -------------- A non-text attachment was scrubbed... Name: mhaigh.vcf Type: text/x-vcard Size: 229 bytes Desc: Card for Mick Haigh Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990220/ef7fa889/mhaigh.vcf From mhaigh at village.vu.edu.au Sat Feb 20 01:34:19 1999 From: mhaigh at village.vu.edu.au (Mick Haigh) Date: Tue Dec 2 02:25:16 2003 Subject: setting "User cannot change password" Message-ID: <36CE111B.842DFC11@village.vu.edu.au> Hmm - seems I forgot to turn off my vCard - twice :( Anyway - my last post said - is there a flag that I can set in a password entry that will prevent a user from changing his/her password from NT?? I had a look throught the archives but couldn't find anything. TIA. Mick From whn at topelo.lopi.com Sat Feb 20 02:37:20 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:16 2003 Subject: setting "User cannot change password" In-Reply-To: Your message of Sat, 20 Feb 1999 12:31:52 +1100. <36CE111B.842DFC11@village.vu.edu.au> Message-ID: <19990220023720.6830.qmail@topelo.lopi.com> I haven't tried this yet but I came across this... Run the policy editor poledit.exe (see Samba NT domain FAQ 5.1 for directions on how to get it), under File pull down menu, select Open Registry, then double click on Local User, open up Windows NT System and you'll see a check box for "Disable Change Password" - check it. I'm sure there is a way to do it with regedt32.exe or some such but heck if I know where in there it is! :-) Hope this helps! Bill On Saturday, Feb 20 1999 at 12:31:52, Mick Haigh wrote: >Hmm - seems I forgot to turn off my vCard - twice :( > >Anyway - my last post said - is there a flag that I can set in a >password entry that will prevent a user from changing his/her password >from NT?? > >I had a look throught the archives but couldn't find anything. > >TIA. >Mick > From lkcl at switchboard.net Sat Feb 20 15:54:35 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:16 2003 Subject: setting "User cannot change password" In-Reply-To: <36CE111B.842DFC11@village.vu.edu.au> Message-ID: check the ACB_xxxx flags in ntdomain.h, check where they are used in the password database, then set the appropriate flag in private/smbpasswd. currently the flags are [U ] for a user and [W ] for a workstation trust account. On Sat, 20 Feb 1999, Mick Haigh wrote: > Hmm - seems I forgot to turn off my vCard - twice :( > > Anyway - my last post said - is there a flag that I can set in a > password entry that will prevent a user from changing his/her password > from NT?? > > I had a look throught the archives but couldn't find anything. > > TIA. > Mick > > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From mhaigh at village.vu.edu.au Sun Feb 21 00:18:52 1999 From: mhaigh at village.vu.edu.au (Mick Haigh) Date: Tue Dec 2 02:25:16 2003 Subject: setting "User cannot change password" References: Message-ID: <36CF50EC.EAF80D42@village.vu.edu.au> Luke Kenneth Casson Leighton wrote: > check the ACB_xxxx flags in ntdomain.h, check where they are used in the > password database, then set the appropriate flag in private/smbpasswd. > currently the flags are [U ] for a user and [W ] for a > workstation trust account. Cool - got it. Although that information actually appears in smb.h in the HEAD branch. Cheers. Mick From whn at topelo.lopi.com Sun Feb 21 03:52:03 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:17 2003 Subject: Update suggestion for Samba NT Domain FAQ Message-ID: <19990221035203.18475.qmail@topelo.lopi.com> Howdy Jerry and everyone else, I have now gotten Samba going as a PDC for some NT Workstation SP4 - thank you! I've found many of the emails of the last few days very helpful in filling the gaps "FAQ for Samba NTDOM PDC support" hasn't yet caught up on (especially for people like me who are NT/Domain/PDC ignorant). Here is my attempt at an update for the FAQ to help fill the gaps so other folks have an easier time. If you choose to use any part of this material, please double check what I've added to your wonderful FAQ - I'm still on the steep, slippery part of the learning curve! Thank you again, Bill FAQ for Samba NTDOM PDC support 2.2. How do I get my NT Workstation / Server to login to the Samba controlled Domain? o Obtain the latest main branch samba code (see question 2.1) o Set up samba with encrypted passwords: see ENCRYPTION.txt (probably out of date: you no longer need the DES libraries, but other than that, ENCRYPTION.txt is current). At this point, you ought to test that your samba server is accessible correctly with encrypted passwords, before progressing with any of the NT workstation-specific bits: it's up to you. o To create the machine account on the Samba PDC, first create an account in /etc/passwd (or equivalent in the case of NIS / NIS+) for the username for each system in the domain including the Samba PDC. Currently the uid is all that will be used and this is to ensure that the samba generated machine RID for the worstation account will be unique. Therefore you should not reuse unix uid's in /etc/passwd. The shell or home directory fields in /etc/passwd are not used for now and can be set to /bin/False and /dev/null respectively. On my Samba PDC (server.example.com) the /etc/passwd entries look like this: server$:Dummy:800:800:Samba Server:/dev/null:/bin/false ws1$:Dummy:801:800:NT Workstation 1:/dev/null:/bin/false ws2$:Dummy:802:800:NT Workstation 2:/dev/null:/bin/false All of these systems must be in a unique Unix group which will be mapped to the NT Domain Group "Domain Users" so the entry in my /etc/group (or equivalent in the case of NIS/NIS+) is: domainUsers:x:800:server$,ws1$,ws2$ This is the line in my smb.conf to create the domain user map file: domain user map = /usr/local/samba/etc/domain.user.map The line in domain.user.map is: domainUsers "Domain Users" The double quotes are needed or else the line is misparsed. Then run the following commands: # smbpasswd -a -m server # smbpasswd -a -m ws1 # smbpasswd -a -m ws2 This will create an entry in the private/smbpasswd file in the form of my_workstation's_name$:uid:LM_XXX:NT_XXX:[W]:LTC-XXXX: The LM_XXX and NT_XXX fields are the ascii representations of the 16 byte LanMan and NT MD4 hashes respectively of the password "my_workstation's_name". If you reload Windows NT on a system then you will need to regenerate the entry in smbpasswd. At the moment the 2.1-pre-alpha source tree version of smbpasswd is broken for Redhat 5.2 but the version in the 2.0.2 release works. o If you want to have a domain wide policy settings then use the NT Policy Editor (see question 5.1 to see how to get it) to create ntconfig.pol and then place it in the root of the [netlogon] share. o If you want the NT profiles stored on the server then make sure the systems are in time sync. This can be done by setting the in the logon script by including the line "NET \\server /TIME /SET" and by granting all users the right to set the system time. Probably a better way is to have an NTP broadcast on your network (maybe from the Samba PDC) and run clients on the NT workstations. If you don't do this then it is possible for profile updates to fail under some circumstatnces. In the Samba 2.0.0 and 2.0.2 releases the RedHat sample smb.conf file need this line added to [Profiles] share: writeable = true o If using NT server to log in, run the User Manager for Domains, and add the capability to "Log in Locally" to the policies, which you would have to do even if you were logging in to another NT PDC instead of a Samba PDC. o Set up the following parameters in smb.conf ; substitute your workgroup here workgroup = SAMBA ; tells workstations to use SAMBA as its Primary Domain Controller. domain logons = yes o Starting smbd will create a file name private/SAMBA.SID with permissions rw-r--r--. The file contains the domain SID for the samba PDC. The filename will differ depending on the value of the workgroup parameter. If the contents of this file change, no domain members will be able to logon and will need to be readded to the domain again. Guard it carefully! o Make sure samba is running before the next step is carried out. if this is your first time, just for fun you might like to switch the debug log level to about 20. the NT pipes produces some very pretty output when decoding requests and generating responses, which would be particularly useful to see in tcpdump at some point. o In the NT Network Settings, change the domain to SAMBA. Do not attempt to create an account using the other part of the dialog: it will fail at present. You should get a wonderful message saying "Welcome to the SAMBA Domain." If you don't, then please first increase your debug log levels and also get a tcpdump (or preferably NetMonitor) trace and examine it carefully. You should see a NETLOGON, a SAMLOGON on UDP port 138. If you don't, then you probably don't have "domain logons = yes" or there is some other problem in resolving the NetBIOS name SAMBA<1c> or in the /etc/passwd and/or smbpasswd entries for the NT client. On port 139, you should see a LSA_OPEN_POLICY, two LSA_QUERY_INFOs (one for a domain SID of S-1-3... and another for S-1-5) and then an LSA_CLOSE or two. You may see a pipe connection to a wkssvc pipe, and you may also see a "Net Server Get Info" being issued on the srvsvc pipe. Assuming you got the Welcome message, go through the obligatory reboot (the NT box, not the Samba server). ... 2.6. My Roaming Profiles are not updating! o Make sure the Directory Replicator Service is running and setup on the NT Workstation: Go to each workstation, Control Panel, Services, set Directory Replicator Service to Automatic and start it running. Go to the Control Panel, Server, Replication, enable Import Directories, add the Samba PDC. o Make sure your systems have the same time. o Make sure the Profiles share is writable by the client (e.g., this should already be working in a non-domain login for the user). o Look in log.smbd and if you see a line like: trust account ws1$ should be in DOMAIN_GROUP_RID_USERS then something is messed up with the Unix group membership, or the domain group map entry for "Domain Users". From chris at netquarters.net Sat Feb 20 05:26:40 1999 From: chris at netquarters.net (Christopher Robert Woods) Date: Tue Dec 2 02:25:17 2003 Subject: Simple question Message-ID: <199902210526.AAA27986@tautog.netquarters.net> Ok, this should be easy enough for someone to answer. Appreciate any feedback. I have been bangin' my head for weeks trying to setup my simple 2 machine network. This is what I want: linux machine name: LINUX (host & netbios) kernel ver: 2.2.0 samba ver: samba 2.0.2-19990209 I want that machine to be the PDC for the Domain - WOODS. I also have a Win '95 machine that I want to be a domain member using user level security and use the nexus admin toolset (win '95 version of NT's Server Manager, User Manager for Domains, etc) What document should I look at for as straightforward a description as possible to help me setup what I want. THANKS! Chris Woods - MCSE chris@nqi.net From whn at topelo.lopi.com Sun Feb 21 10:40:48 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:17 2003 Subject: Simple question In-Reply-To: Your message of Sun, 21 Feb 1999 16:28:05 +1100. <199902210526.AAA27986@tautog.netquarters.net> Message-ID: <19990221104048.20810.qmail@topelo.lopi.com> Howdy Chris, First get what you've got working (e.g., non-domain file/print sharing). Read the Samba NT Domain FAQ docuement in the documentation section of www.samba.org. You will then need new source code (2.1-pre-alpha) as described in the FAQ. An update to the FAQ was posted last night to the samba-ntdom list with some RedHat workarounds (may or may not apply to other Linux's) - YMMV especially because your using Win95. See the archive section of www.samba.org. Hope this helps. Bill On Sunday, Feb 21 1999 at 16:28:05, "Christopher Robert Woods" wrote: > >Ok, this should be easy enough for someone to answer. >Appreciate any feedback. > >I have been bangin' my head for weeks trying to setup my simple 2 >machine network. This is what I want: > >linux machine >name: LINUX (host & netbios) >kernel ver: 2.2.0 >samba ver: samba 2.0.2-19990209 > >I want that machine to be the PDC for the Domain - WOODS. > >I also have a Win '95 machine that I want to be a domain member >using user level security and use the nexus admin toolset (win '95 >version of NT's Server Manager, User Manager for Domains, etc) > >What document should I look at for as straightforward a description >as possible to help me setup what I want. THANKS! > >Chris Woods - MCSE >chris@nqi.net > From marcjadu at moosburg.org Sun Feb 21 15:14:43 1999 From: marcjadu at moosburg.org (MarcVJ) Date: Tue Dec 2 02:25:17 2003 Subject: how to save win profiles only on server? References: <01be5c4d$398b24d0$0200a8c0@big.co.yu> Message-ID: <36D022E3.9CE568AC@moosburg.org> Where exactly is this key??? i couldnt find it Colovic Igor schrieb: > > Probably there should be a registry key that you could simply modify, > >without the need for these policies stuff. I dont know which key. > > I am assuming your samba is a PDC. Hope this helps. > > Yes it is posible. YOu do not have to create NTconfig.pol. > You have to select open registry from first menu. > Then under Local computer on the same location you can enagle Delete chached > Roaming profiles. > This will do the trick. > > I hope this helps. > > ______________________________________________ > Colovic Igor Linux Users Group of Yugoslavia > www.linux.org.yu > cigor@eunet.yu > DelphiPro@yahoo.com From wulu at bigfoot.com Sun Feb 21 15:49:12 1999 From: wulu at bigfoot.com (rt) Date: Tue Dec 2 02:25:17 2003 Subject: how to save win profiles only on server? References: <01be5c4d$398b24d0$0200a8c0@big.co.yu> <36D022E3.9CE568AC@moosburg.org> Message-ID: <36D02AF8.79CED368@bigfoot.com> Try the this key under NT4wks... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Edit or add value DeleteRoamingCache as type REG_DWORD. Set it to 1. MarcVJ schrieb: > Where exactly is this key??? i couldnt find it > > Colovic Igor schrieb: > > > Probably there should be a registry key that you could simply modify, > > >without the need for these policies stuff. I dont know which key. > > > > I am assuming your samba is a PDC. Hope this helps. > > > > Yes it is posible. YOu do not have to create NTconfig.pol. > > You have to select open registry from first menu. > > Then under Local computer on the same location you can enagle Delete chached > > Roaming profiles. > > This will do the trick. > > > > I hope this helps. > > > > ______________________________________________ > > Colovic Igor Linux Users Group of Yugoslavia > > www.linux.org.yu > > cigor@eunet.yu > > DelphiPro@yahoo.com From chris at netquarters.net Sat Feb 20 16:29:46 1999 From: chris at netquarters.net (Christopher Robert Woods) Date: Tue Dec 2 02:25:17 2003 Subject: Simple question In-Reply-To: <19990221104048.20810.qmail@topelo.lopi.com> Message-ID: <199902211629.LAA27994@tautog.netquarters.net> Thank you very much for the reply. I am beginning to wonder if my workstation is just hosed, because I have tried everything on the linux side. I actually got somewhere this morning when I could nbtstat -a linux and got a reply (linux is the nbn of my linux machine) and it showed up in my net neighborhood. But I got that IPC$ error when I tried to browse in NNeighborhood, changed some things and now nb resolution doesn't seem to be working at all, as nmblookup -B LINUX __LINUX__ fails. I have verified that nbmd is running, have added: 192.168.0.1 LINUX to /etc/lmhosts verifed that netbios-ns 137/udp is in /etc/services and to be safe added netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd/nmbd to /etc/inetd.conf though I don't think that is how nmbd is getting started. Funny thing is that nmblookup -B WKS1 '*' correctly sees my workstation. So, I guess I haven't even gotten to part one of your recommendations!! ;) I also went out and bought the Samba book, maybe that will help. It just doesn't seem like it should be this hard. ;) Thanks for all your help. Have a good day. > First get what you've got working (e.g., non-domain file/print sharing). From soporte at sentinel.com.ar Sun Feb 21 16:09:56 1999 From: soporte at sentinel.com.ar (Hernan Ochoa) Date: Tue Dec 2 02:25:17 2003 Subject: how does the domain logon works? Message-ID: <000001be5db6$6999f100$060014c0@marisco> Hi. i have a few questions you may answer me, maybe you can help me, thanks in advance: 1. where can i find information about the LSA API (documentation for all the functions) and for the SAM API? (lsasrv.dll, samlib.dll, samsrv.dll). 2. i want to change a user's LM and MD4 password hashes directly into the sam, i took the pwdump samba password dumper, and i modified it so when i find a user called 'test' i change the buffer where the "V" registry value is stored with a new LM and MD4 hash, everything is encrypted correctly, my only problem is that i can't write back the modified "V" value to the registry for that user. why is that? i went to regedt32 and add FULL CONTROL for Administrators to HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users and to every key which its name is the user's RID. i also modified the RegOpenKeyEx function call to ask for KEY_SET_VALUE access, but when i try the program, RegOpenKeyEx refuses to open the key saying "Access is denied", why is that? i can succesfully go to the registry and change the "V" value by hand. is there another way to change directly the MD4 and LM hash of a user? i saw a SamRSetUserInformation and a LsaSetSecret functions in samsv.dll and advapi32.dll, but i can't find any documentation for them, that's the reason of my first question. 3. where can i get NetMonitor? is it on the sdk? in the resource kit? 4.after a user is successfully logged on to a NT PDC, there is a permanent connection between the workstation the user logged on from and the NT PDC? 5. each machine in a domain owns a SID right? that SID is given by the NT PDC? i read some MDSN documentation and it says that for a user to log on three steps are accomplished: 1. discovery of a PDC to validate the user 2. creation of a secure channel 3. pass-through authentication 1 is ok, now in 2, what does it means? when a user in a certain workstation wants to log on to a NT PDC, the workstation MUST be a domain member right? if it isn't, NETLOGON will refuse the connection, right?. so, the workstation is a member of a DOMAIN, now workstation sends to NETLOGON a username of MACHINE$ and a password of MACHINE$ to create the secure channel? is that right? the password is always MACHINE$? you can't change it? the only thing authenticated is this username/password and not the worstation SID?. sorry for the amount of questions, i'm reading a lot but i think i have to read a lot more :), i want to completely understand how domain logon is accomplished, what can i read? i want to know all the low level details, encryption.txt from the samba docs directoy says something about it, but i want more. can you help me? at least guide me to what i should read? thank you so much, and sorry again for bothering you. -------------- next part -------------- HTML attachment scrubbed and removed From pfaff at edge.cis.McMaster.CA Sun Feb 21 23:48:33 1999 From: pfaff at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:25:17 2003 Subject: 2.0.2 SID problem? In-Reply-To: <36CDADA4.44D49CC2@reac.com> Message-ID: On Sat, 20 Feb 1999, Andy Bakun wrote: > In Control Panel | System | User Profiles, Adminstrator accounts have > the ability to "copy" a profile. Could this make it easier to do this, > rather than having to use regedt32? Yes, I've used this method to copy a profile and change the "Permitted To Use" field in the Copy Profile dialog to Everyone. I used this when I moved user profiles from an NT PDC to a samba server. When using samba 2.0.x you have to be logged into the local Administrator account so that it doesn't attempt to get a list of domain users and crash. I wouldn't say it's easier than the method below suggested by Werner, although I haven't tried his method and I don't know exactly what he means in step 3. What would probably be easiest is if you could do what Werner is suggesting but using a command line registry editor such as regini. Anyone know if this is possible, and the exact procedure to carry this out? > Werner Gaubatz wrote: > > > 1) copy all (more or less) useless NTUSER.DAT to a local NT machine: > > Ask all users to log in at that workstation. The profiles will be stored > > locally in c:\winnt\profiles\$USER\NTUSER.DAT > > > > 2) log in as administrator on this machine. Physically DISCONNECT the > > computer from the network. Otherwise regedt32 dumps core, when it tries > > to read the user names from SAMBA PDC. Now you just have to wait for a > > timeout and get a ignorable error message about a missing and incomplete > > user list :-) > > > > 3) user regedt32 to load a new structure from each NTUSER.DAT of all > > your users. For each structure delete the "unknown user" in the > > security information. Now add "everybody" with full permissions for > > the complete tree to each profile. Once this is finished, unload all > > structures and close regedt32. > > > > -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From D.Bannon at latrobe.edu.au Mon Feb 22 06:09:21 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:17 2003 Subject: Password Change In-Reply-To: <36CD55A4.338B9BE3@moosburg.org> References: <36CD3C34.F86A2D86@hedy.ucl.ac.be> Message-ID: <3.0.3.32.19990222170921.00771300@bioserve.biochem.latrobe.edu.au> It seems a bug has crept into the password changing system in the last couple of weeks. CVS from two days ago certainly cannot _reliably_ change passwords from the NT dialog (in my, and apparently several other systems). I have been attempting to track this down and am most confused ! If you restart samba and then set a users passwd with smbpasswd the user can change their pw once. Second time, it fails. The first time they change their passwd api_SetUserPassword is called, it calls check_lanman_password and then change_lanman_password. All is well. The second password field in ~/smbpasswd is set to all XXX..XX. When they try and change the password a second time pass_oem_change is called, it fails because there is 'no ntlm password'. Now, I cannot find where it is decided which of the two paths to take, can anyone point me in the right direction ? Looking at source, pass_oem_change is called from api_SamOEMChange etc but that does not seem to be the case here. Any ideas ?? ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From giuliox at tin.it Mon Feb 22 10:57:46 1999 From: giuliox at tin.it (Giulio) Date: Tue Dec 2 02:25:17 2003 Subject: User with a BLANK password Message-ID: <19990222105946.NZTG21717.fep02-svc@[212.216.107.185]> 1- NT4sbs4.5b2 (PDC, no plaintext registry hack, no guest allowed) 2- Linux 2.0.33 libc5, samba 2.0.2 (security=domain, it has 1 as password server and reached its domain ok, no smbpasswd file, domain auth) 3- Linux 2.0.33 libc5, samba 2.0.2 (security=share) On the NT4PDC I have a user, "myuser" with a BLANK password; there is a share available to "everyone". >From 3, as "myuser" connecting to a 1's share: smbclient '\\1\share' -U myuser -N and I get access (with BLANK password), nt4 shows the user "myuser" as connected. >From 3, as "myuser" connecting to a 2's share: smbclient '\\2\share' -U myuser -N ... session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) If on nt4 I change the password for the myuser user from BLANK to something (not blank) then Samba authenticates the myuser user ok. >From 3, as "myuser" connecting to a 2's share: smbclient '\\2\share' password -U myuser Why does Samba doesn't accept BLANK passwords? The same is true If I switch from domain to user security; On 2 I create the smbpasswd entry for user myuser, when asked for the password I simply press ENTER twice; smbpasswd tell me it updated the password; but then user myuser cannot login; whereas if I change its passwd to "not blank" then is ok. Thanks. -- Giulio giuliox@tin.it From pfrazao at ualg.pt Mon Feb 22 12:18:55 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:17 2003 Subject: Summary of Re: how to save win profiles only on server? Message-ID: <36D14B2F.3BEFEE7B@ualg.pt> Bill Nugent wrote: > > Howdy, > > There were two responses to the MarcVJ's question and I'm trying > understand this since I bumped into this today. Doing only 3a below > didn't fix it for me which is what I tried on my own. > > So the summary as I understand it is: > > 1. Control Panel/Services - set Directory Replicator Service to Automatic. > 2. Control Panel/Server - under Replications, enable Import Directories. > It looks a bit more complicated this - need to tell it a local > directory (default okay?) and add the samba server - is this correct? > Tomorrow morning I'll be trying out these steps but I don't have email > there so I'd like to avoid any potential problems) > In my setup and based on what I could read from help files, default directory is ok and you do not need to add a samba server or domain name if your NT workstation is properly setup as a member of a domain which as a valid PDC (samba is great as PDC). If this is true the NT wkst will, by default, download the policy file from its domain PDC. It worked just fine for me. > 3a. On a global basis create the ntconfig.pol and place it in [netlogon] > share as as outline by Pedro (below). All the NT Workstations will > then properly use the Roaming Profiles Correction here: All the NT workstations will then properly use the policy file. Remember that this was to enable policies. Using policies you can configure some things about roaming profiles. See the difference ? Policies are more/different than roaming profiles. > > or > > 3b. On a host by host basis I can follow Colovic's advice (further below) > and edit the registry and under "Local Computer" enable > "Delete Cachedg Roaming Profile" (or some such but I get the > drift - IMHO the policy editor holds your hand a bit better and makes > it easier). > > Corrections are encouraged! > > Bill > > On Friday, Feb 19 1999 at 23:40:19, Pedro Miguel Frazao Fernandes > Ferreira wrot > >*e: > > > Yes, it is possible. Use the system policies editor (NT software), > >create a new policy. There is a setting in Default Computer or Default > >User which allows you to enable deletion of cached copies of roaming > >profiles. Save the policy file with the name ntconfig.pol and place it > >in your [netlogon] share. Go to the workstations, Control Panel, > >Services and start the Directory Replicator Service. Don't forget to set > >it for Automatic startup. Go to Control Panel (you should be there), > >Server and under Replication, enable Import Directories. Et voila, this > >should do it. > > Probably there should be a registry key that you could simply modify, > >without the need for these policies stuff. I dont know which key. Maybe > >you will find these policies usefull for other purposes, but have some > >caution with some settings (you can get a lot of headaches with this > >thing). > > On Saturday, Feb 20 1999 at 08:19:50, "Colovic Igor" wrote: > > >Yes it is posible. YOu do not have to create NTconfig.pol. > >You have to select open registry from first menu. > >Then under Local computer on the same location you can enagle Delete > chached > >Roaming profiles. > >This will do the trick. -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872959 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From whn at topelo.lopi.com Mon Feb 22 12:23:18 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:17 2003 Subject: Simple question In-Reply-To: Your message of Sat, 20 Feb 1999 11:29:46 -0500. <199902211629.LAA27994@tautog.netquarters.net> Message-ID: <19990222122318.26500.qmail@topelo.lopi.com> One thing I forgot to mention - NT seems to become confused if you restart Samba too many times - more than 5 to 10 times seems to be the unlucky number so I fell into the habit of rebooting the NT box every four or five times I restarted Samba while experimenting with smb.conf values, etc. Maybe this is your problem. Bill From pfrazao at ualg.pt Mon Feb 22 12:31:43 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:17 2003 Subject: Update suggestion for Samba NT Domain FAQ References: <19990221035203.18475.qmail@topelo.lopi.com> Message-ID: <36D14E2F.AC4B6555@ualg.pt> Bill Nugent wrote: > > Howdy Jerry and everyone else, > > I have now gotten Samba going as a PDC for some NT Workstation > SP4 - thank you! > > I've found many of the emails of the last few days very helpful > in filling the gaps "FAQ for Samba NTDOM PDC support" hasn't yet > caught up on (especially for people like me who are NT/Domain/PDC > ignorant). > > Here is my attempt at an update for the FAQ to help fill the gaps > so other folks have an easier time. > > If you choose to use any part of this material, please double check > what I've added to your wonderful FAQ - I'm still on the steep, > slippery part of the learning curve! > > Thank you again, > Bill > > FAQ for Samba NTDOM PDC support > > 2.2. How do I get my NT Workstation / Server to login to the Samba > controlled Domain? > > o Obtain the latest main branch samba code (see question 2.1) > > o Set up samba with encrypted passwords: see ENCRYPTION.txt (probably > out of date: you no longer need the DES libraries, but other than > that, ENCRYPTION.txt is current). > > At this point, you ought to test that your samba server is > accessible correctly with encrypted passwords, before progressing > with any of the NT workstation-specific bits: it's up to you. > > o To create the machine account on the Samba PDC, first create an > account in /etc/passwd (or equivalent in the case of NIS / NIS+) > for the username for each system in the > domain including the Samba PDC. > > Currently the uid is all that will be used and this is to ensure > that the samba generated machine RID for the worstation account will > be unique. Therefore you should not reuse unix uid's in > /etc/passwd. The shell or home directory fields in /etc/passwd are > not used for now and can be set to /bin/False and /dev/null > respectively. > > On my Samba PDC (server.example.com) the /etc/passwd entries look > like this: > > server$:Dummy:800:800:Samba Server:/dev/null:/bin/false > ws1$:Dummy:801:800:NT Workstation 1:/dev/null:/bin/false > ws2$:Dummy:802:800:NT Workstation 2:/dev/null:/bin/false > > All of these systems must be in a unique Unix group which will be > mapped to the NT Domain Group "Domain Users" so the entry in my > /etc/group (or equivalent in the case of NIS/NIS+) is: > > domainUsers:x:800:server$,ws1$,ws2$ > > This is the line in my smb.conf to create the domain user map file: > > domain user map = /usr/local/samba/etc/domain.user.map > > The line in domain.user.map is: > > domainUsers "Domain Users" > > The double quotes are needed or else the line is misparsed. > > Then run the following commands: > > # smbpasswd -a -m server > # smbpasswd -a -m ws1 > # smbpasswd -a -m ws2 > > This will create an entry in the private/smbpasswd file in the form > of > > my_workstation's_name$:uid:LM_XXX:NT_XXX:[W]:LTC-XXXX: > > The LM_XXX and NT_XXX fields are the ascii representations of the 16 > byte LanMan and NT MD4 hashes respectively of the password > "my_workstation's_name". > > If you reload Windows NT on a system then you will need to > regenerate the entry in smbpasswd. > > At the moment the 2.1-pre-alpha source tree version of smbpasswd is > broken for Redhat 5.2 but the version in the 2.0.2 release works. > > o If you want to have a domain wide policy settings then use the NT > Policy Editor (see question 5.1 to see how to get it) to create > ntconfig.pol and then place it in the root of the [netlogon] share. > > o If you want the NT profiles stored on the server then make sure the > systems are in time sync. This can be done by setting the in the > logon script by including the line "NET \\server /TIME /SET" and by > granting all users the right to set the system time. Probably a > better way is to have an NTP broadcast on your network (maybe from > the Samba PDC) and run clients on the NT workstations. If you don't > do this then it is possible for profile updates to fail under some > circumstatnces. > > In the Samba 2.0.0 and 2.0.2 releases the RedHat sample smb.conf > file need this line added to [Profiles] share: > > writeable = true > > o If using NT server to log in, run the User Manager for Domains, and > add the capability to "Log in Locally" to the policies, which you > would have to do even if you were logging in to another NT PDC > instead of a Samba PDC. > > o Set up the following parameters in smb.conf > > ; substitute your workgroup here > workgroup = SAMBA > > ; tells workstations to use SAMBA as its Primary Domain Controller. > domain logons = yes > > o Starting smbd will create a file name private/SAMBA.SID with > permissions rw-r--r--. The file contains the domain SID for the > samba PDC. The filename will differ depending on the value of the > workgroup parameter. If the contents of this file change, no domain > members will be able to logon and will need to be readded to the > domain again. Guard it carefully! > > o Make sure samba is running before the next step is carried out. if > this is your first time, just for fun you might like to switch the > debug log level to about 20. the NT pipes produces some very pretty > output when decoding requests and generating responses, which would > be particularly useful to see in tcpdump at some point. > > o In the NT Network Settings, change the domain to SAMBA. Do not > attempt to create an account using the other part of the dialog: it > will fail at present. > > You should get a wonderful message saying "Welcome to the SAMBA > Domain." > > If you don't, then please first increase your debug log levels and > also get a tcpdump (or preferably NetMonitor) trace and examine it > carefully. You should see a NETLOGON, a SAMLOGON on UDP port > 138. If you don't, then you probably don't have "domain logons = > yes" or there is some other problem in resolving the NetBIOS name > SAMBA<1c> or in the /etc/passwd and/or smbpasswd entries for the NT > client. > > On port 139, you should see a LSA_OPEN_POLICY, two LSA_QUERY_INFOs > (one for a domain SID of S-1-3... and another for S-1-5) and then an > LSA_CLOSE or two. > > You may see a pipe connection to a wkssvc pipe, and you may also see > a "Net Server Get Info" being issued on the srvsvc pipe. > > Assuming you got the Welcome message, go through the obligatory > reboot (the NT box, not the Samba server). > > .. > > 2.6. My Roaming Profiles are not updating! > > o Make sure the Directory Replicator Service is running and setup on > the NT Workstation: Go to each workstation, Control Panel, > Services, set Directory Replicator Service to Automatic and start it > running. Go to the Control Panel, Server, Replication, enable > Import Directories, add the Samba PDC. Wait. I think this is in order to use policies (.pol files with registry settings which are loaded by W95, NT wkst, W98 machines). policy files != roaming profiles. I believe the question to this should be: My domain member computers are not reading the policy file from the server. (Or something like this). > > o Make sure your systems have the same time. > > o Make sure the Profiles share is writable by the client (e.g., this > should already be working in a non-domain login for the user). > > o Look in log.smbd and if you see a line like: > > trust account ws1$ should be in DOMAIN_GROUP_RID_USERS > > then something is messed up with the Unix group membership, or the > domain group map entry for "Domain Users". -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872959 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From oroy at gwl.com Mon Feb 22 14:03:30 1999 From: oroy at gwl.com (Olivier Roy De Rives) Date: Tue Dec 2 02:25:18 2003 Subject: PDC and BDC Message-ID: <01be5e6c$200aa500$8fc73805@gp-odin> Hello, I encountered a few problems setting up a Samba domain controller in an NT domain: I have an NT PDC and an NT BDC and I tried to setup Samba to join the domain; everything was working great until the PDC was rebooted... the Samba server took office as the PDC for that domain and I was no longer able to log into the NT boxes (even as root/admin). Also we had all our remote (dial-in) workstations unable to map a drive to the Samba machine (not being member of the domain and most of them not supporting password encryption...). I returned to the simpler Samba 2.0.2 smb.conf setting: security = share, which works for everyone... I can't wait till Samba allows "true" NT PDC functionality, so I can get rid of the NT PDC and administrate NT from Samba and the BDCs! Keep up the good work... PS: Here is a sample of the smb.conf file I had setup: [global] ?? dead time = 15 ?? printing = sysv ?? printcap name = /etc/samba.printcap ?? load printers = yes ?? log file = /opt/tools/samba/logs/log.%m ?? lock directory = /opt/tools/samba/var/locks ?? netbios name = GP-DRAGON ?? share modes = yes ?? security = domain ?? os level = 65 ?? passwd program = /usr/local/bin/expasswd %u ?? encrypt passwords = yes ?? update encrypted = yes ?? unix password sync = yes ?? workgroup = ISIS-D ?? domain logons = yes ?? password server = GP-DNT1 GP-DNT2 ?? hosts allow = 143.199.56. 127. ?? hosts equiv = /etc/hosts.equiv ?? server string = GP-DRAGON ?? smbpasswd file = /opt/tools/samba/private/smbpasswd ?? socket options = TCP_NODELAY ?? domain master = no ?? local master = no Olivier? Roy De Rives NT/UNIX Systems Administrator Great-West Life & Annuity Denver, CO (303)689-4437 Fax: 689-4850 From cartegw at Eng.Auburn.EDU Mon Feb 22 14:06:40 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:18 2003 Subject: how does the domain logon works? References: <000001be5db6$6999f100$060014c0@marisco> Message-ID: <36D16470.1748FA2C@eng.auburn.edu> > 1. where can i find information about the LSA API > (documentation for all the functions) and for the > SAM API? (lsasrv.dll, samlib.dll, samsrv.dll). Don't know if they are. If anywhere, check the MSDN CD's > 3. where can i get NetMonitor? is it on the sdk? in > the resource kit? SMS CD's or the Windows NT Server CD. SMS is better. > 5. each machine in a domain owns a SID right? that SID is given by the > NT PDC? i read some MDSN documentation and it says that for a user to > log on three steps are accomplished: > > 1. discovery of a PDC to validate the user > 2. creation of a secure channel > 3. pass-through authentication > > 1 is ok, now in 2, what does it means? when a user in a certain > workstation wants to log on to a NT PDC, the workstation MUST be a > domain member right? if it isn't, NETLOGON will refuse the connection, > right?. > so, the workstation is a member of a DOMAIN, now workstation sends to > NETLOGON a username of MACHINE$ and a password of MACHINE$ > to create the secure channel? is that right? the password > is always MACHINE$? you can't change it? the only thing > authenticated is this username/password > and not the worstation SID?. The password is initially set to 'machine' which is the machine NetBIOS names in lower case. Upon joining the domain, the password is changed to some random value. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Mon Feb 22 14:13:38 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:18 2003 Subject: PDC and BDC References: <01be5e6c$200aa500$8fc73805@gp-odin> Message-ID: <36D16612.FCA50D38@eng.auburn.edu> Olivier Roy De Rives wrote: > > [global] > dead time = 15 > printing = sysv > printcap name = /etc/samba.printcap > load printers = yes > log file = /opt/tools/samba/logs/log.%m > lock directory = /opt/tools/samba/var/locks > netbios name = GP-DRAGON > share modes = yes > security = domain > os level = 65 os level = 0 > passwd program = /usr/local/bin/expasswd %u > encrypt passwords = yes > update encrypted = yes The previous two parameters are mutually exclusive. > unix password sync = yes > workgroup = ISIS-D > domain logons = yes domain logons = no > password server = GP-DNT1 GP-DNT2 > hosts allow = 143.199.56. 127. > hosts equiv = /etc/hosts.equiv > server string = GP-DRAGON > smbpasswd file = /opt/tools/samba/private/smbpasswd > socket options = TCP_NODELAY > domain master = no > local master = no ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From b-dawson at tronicplanet.de Mon Feb 22 14:12:21 1999 From: b-dawson at tronicplanet.de (Brian Dawson) Date: Tue Dec 2 02:25:18 2003 Subject: Dos clients with Samba Message-ID: <36D165C5.BF6FDE59@tronicplanet.de> Anybody have any tips on setting up DOS 6.22 clients to be able to use a Samba 2.0.2 server with encrypted password enabled? Is this possible with DOS and LanManager to connect to the Samba server? Brian From soporte at sentinel.com.ar Mon Feb 22 11:42:41 1999 From: soporte at sentinel.com.ar (Hernan Ochoa) Date: Tue Dec 2 02:25:18 2003 Subject: modifying the SAM directly Message-ID: <00c901be5e58$77101bf0$060014c0@marisco> Hi!. i want to modify the SAM database in the registry directly. the key is HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users and then i have all the users RID, and i know how to modify the V records thanks to the pwdump samba program. ok, my problem is, i can't get the right permissions i need in the call to RegOpenKeyEx to be able to set the V value. i tried KEY_SET_VALUE but it tells that i can't open it. i also did this, i used regedt32 and i gave to the Administrators group FULL CONTROL to the whole key tree, but in my program, i still CAN'T modify the damn key. suppose i want to modify HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users 00003FA1 that is a user's rid, inside that key is a F value and a V value. now, i try to open the key with RegOpenKeyEx and with the access set to KEY_SET_VALUE among other permissions, and i can't open the damn key. why? if i use regedt32 and i try to change it by hand i can do it, why can't i do it in coding? thanks in advance . From lkcl at switchboard.net Mon Feb 22 14:58:31 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:18 2003 Subject: how does the domain logon works? In-Reply-To: <36D16470.1748FA2C@eng.auburn.edu> Message-ID: On Tue, 23 Feb 1999, Gerald Carter wrote: > > 1. where can i find information about the LSA API > > (documentation for all the functions) and for the > > SAM API? (lsasrv.dll, samlib.dll, samsrv.dll). > > Don't know if they are. If anywhere, check the > MSDN CD's LSA api: lsaauth.hlp in the docs/network directory of the nt ddk (_not_ copied by default: go direct to the cd). it's thoroughly bastardised as to be completely useless for development. SAM api: write a cheque for $1,000,000 per year to microsoft for a read-only source code license. ...or look at samba sources. From soporte at sentinel.com.ar Mon Feb 22 12:05:53 1999 From: soporte at sentinel.com.ar (Hernan Ochoa) Date: Tue Dec 2 02:25:18 2003 Subject: netmonitor Message-ID: <000701be5e5b$b3ba52c0$060014c0@marisco> hi. sorry for asking this in this mailing list, but i know here you use netmonitor. my problem is, i found netmonitor the NT Server CD, it is in i386\netmon\, but i have to copy it by hand, and then when i execute it it says that no network drivers were found, and that i should consult my manual (??, obviolsy the help files say nothing about this). what's going on? thanks in advance. From njh1 at st-andrews.ac.uk Mon Feb 22 13:35:34 1999 From: njh1 at st-andrews.ac.uk (Nicholas Humfrey) Date: Tue Dec 2 02:25:18 2003 Subject: Domain Logons and Win98 Message-ID: I am trying to setup a Computer Classroom, using Win98 PCs and a central Linux server & Samba 2.02. There are no Win NT machines on the network at the moment, so for simplicity I am using plain text passwords rather than encrypted. I think I have traced the problem down to the passwords being put into Uppercase by the Win 98 machines and then not matching correctly on the server. (I successfully logged on when I changed my password on the server to capitals). I tried turning of Network logons and just connecting to the Samba server manually. In this case it accepted my partially lower case password. Is this something Win98 does to Domain logon passwords ? Would it help to turn on encrypted passwords ? Can I turn this feature off in the registry ? Thanks Nicholas Humfrey Madras College From sansdrap at hedy.ucl.ac.be Mon Feb 22 15:31:35 1999 From: sansdrap at hedy.ucl.ac.be (Jacques Sansdrap) Date: Tue Dec 2 02:25:18 2003 Subject: Groups and policy Message-ID: <36D17857.FD02D1E3@hedy.ucl.ac.be> After much head scratching I have found (one of?) the reason why the policies didn't work with my setup: The users for who the policy was to be used have the GID of the appropriate group in /etc/passwd but are not listed in /etc/group. It seems that Samba look only in /etc/group to find of which group a user is a member. Something for the FAQ? Even after having corrected this, the application of policies seems erratic. JS From lkcl at switchboard.net Mon Feb 22 15:35:53 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:18 2003 Subject: Update suggestion for Samba NT Domain FAQ In-Reply-To: <19990221035203.18475.qmail@topelo.lopi.com> Message-ID: bill, thankx. comments below. > o To create the machine account on the Samba PDC, first create an workstation trust account. there is no such thing as a machine account. > All of these systems must be in a unique Unix group which will be > mapped to the NT Domain Group "Domain Users" so the entry in my > /etc/group (or equivalent in the case of NIS/NIS+) is: > > domainUsers:x:800:server$,ws1$,ws2$ ...plus any other users (real users) that are domain users. > This is the line in my smb.conf to create the domain user map file: > > domain user map = /usr/local/samba/etc/domain.user.map > > The line in domain.user.map is: > > domainUsers "Domain Users" ^ you need a tab or an "=" not a space. > my_workstation's_name$:uid:LM_XXX:NT_XXX:[W]:LTC-XXXX: ^ there are about eight spaces in here. > o Make sure samba is running before the next step is carried out. if > this is your first time, just for fun you might like to switch the > debug log level to about 20. the NT pipes produces some very pretty > output when decoding requests and generating responses, which would > be particularly useful to see in tcpdump at some point. :) > You should get a wonderful message saying "Welcome to the SAMBA > Domain." my favourite part, this. > On port 139, you should see a LSA_OPEN_POLICY, two LSA_QUERY_INFOs > (one for a domain SID of S-1-3... and another for S-1-5) and then an > LSA_CLOSE or two. two. one. hang on. LsaOpenPolicy, then _one_ LsaClose. yes. one. > You may see a pipe connection to a wkssvc pipe, and you may also see > a "Net Server Get Info" being issued on the srvsvc pipe. ^ ^ ^ remove spaces. > o Look in log.smbd and if you see a line like: > > trust account ws1$ should be in DOMAIN_GROUP_RID_USERS > > then something is messed up with the Unix group membership, or the > domain group map entry for "Domain Users". ... domain group map entry for "Domain Users". Check that all entries in the map files have "=" or tabs as separators between the unix and nt names. thanx once again, bill. From jaeger at morpheus.net Mon Feb 22 15:44:35 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:25:18 2003 Subject: Domain Name Message-ID: <36D17B63.A50F325D@morpheus.net> Am I just nuts, or does Samba only work as a domain controller when the domain name (WORKGROUP option in smb.conf) is set to 'samba'? I tried for hours one day to set one up with a different name, and finally switched it to 'samba' in desperation. With _NO_ other changes, this worked, all of a sudden. What's the deal? Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From greg at discreet.com Mon Feb 22 16:07:18 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:18 2003 Subject: Greg's annoying daily latest CVS report Message-ID: Uh-Oh. The system cannot log you on to this domain because the system's computer account in it's primary domain yada yada yada.... It does not work today, checking logs now. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From lkcl at switchboard.net Mon Feb 22 16:08:41 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:18 2003 Subject: Password Change In-Reply-To: <3.0.3.32.19990222170921.00771300@bioserve.biochem.latrobe.edu.au> Message-ID: david, are you using a non-intel-byte-alignment processor (e.g sparc?) if yes, matt could you look into those unicode string issues. david please send us a password change from a TEST account NOT a real account. recompile with -DDEBUG_PASSWORD and then set log level to 100. thanx!. On Mon, 22 Feb 1999, David Bannon wrote: > It seems a bug has crept into the password changing system in the last > couple of weeks. CVS from two days ago certainly cannot _reliably_ change > passwords from the NT dialog (in my, and apparently several other systems). > > I have been attempting to track this down and am most confused ! > > If you restart samba and then set a users passwd with smbpasswd the user > can change their pw once. Second time, it fails. > > The first time they change their passwd api_SetUserPassword is called, it > calls check_lanman_password and then change_lanman_password. All is well. > The second password field in ~/smbpasswd is set to all XXX..XX. > > When they try and change the password a second time pass_oem_change is > called, it fails because there is 'no ntlm password'. > > Now, I cannot find where it is decided which of the two paths to take, can > anyone point me in the right direction ? Looking at source, pass_oem_change > is called from api_SamOEMChange etc but that does not seem to be the case > here. > > Any ideas ?? > > > > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From Armin.Amon at mgm-edv.de Mon Feb 22 16:10:50 1999 From: Armin.Amon at mgm-edv.de (Armin Amon) Date: Tue Dec 2 02:25:18 2003 Subject: netmonitor References: <000701be5e5b$b3ba52c0$060014c0@marisco> Message-ID: <36D18189.AAE06BC9@mgm-edv.de> Install NetMon via services in the network settings. ... add.. Microsoft Network Monitor Tool and Agent. bye Armin Hernan Ochoa wrote: > hi. > > sorry for asking this in this mailing list, but i know here you use > netmonitor. > my problem is, i found netmonitor the NT Server CD, it is in i386\netmon\, > but > i have to copy it by hand, and then when i execute it it says that no > network drivers > were found, and that i should consult my manual (??, obviolsy the help files > say nothing about this). > > what's going on? thanks in advance. From lkcl at switchboard.net Mon Feb 22 16:12:12 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:18 2003 Subject: Dos clients with Samba In-Reply-To: <36D165C5.BF6FDE59@tronicplanet.de> Message-ID: i've used MSCLIENT 3 before on a samba 1.9.15p8 server it was absolutely fine. if it's not let us know. the only thing was that the ip address components (e.g for WINS server) in the .INI files had to be separated by spaces not "." which is wierd. On Tue, 23 Feb 1999, Brian Dawson wrote: > Anybody have any tips on setting up DOS 6.22 clients to be able to use a > Samba 2.0.2 server with encrypted password enabled? Is this possible > with DOS and LanManager to connect to the Samba server? > > Brian > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Mon Feb 22 16:31:30 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:18 2003 Subject: Groups and policy In-Reply-To: <36D17857.FD02D1E3@hedy.ucl.ac.be> Message-ID: On Tue, 23 Feb 1999, Jacques Sansdrap wrote: > After much head scratching I have found (one of?) the reason > why the policies didn't work with my setup: > > The users for who the policy was to be used have the GID of the > appropriate group in /etc/passwd but are not listed in /etc/group. > It seems that Samba look only in /etc/group to find of which > group a user is a member. yeah, i know - i didn't quite understand unix "primary group" permissions when i wrote the code. i want to move to a file cache with a program that generates the nt permissions file as a result: i don't want to have to "add" the user's primary group. also, the program could catch problems like unix groups and unix users with the same name: under NT you *must* have a unique name across users, groups, aliases and domains. From williamj at email.aston.ac.uk Mon Feb 22 12:34:24 1999 From: williamj at email.aston.ac.uk (John Williams) Date: Tue Dec 2 02:25:18 2003 Subject: Samba PDC and Windows NT Message-ID: <3.0.5.32.19990222123424.00a6c300@email.aston.ac.uk> Hi, I am running samba 2.0.2 on Linux 2.0.36 and trying to get it to be a PDC, the server is called gnats and the domain REDHAT. There are no other systems in the domain. I went through the setup and initially everything worked fine. I added a workstation called treacle, got the welcome message and could login with a UNIX username. (After the usual reboots of course.) Howvever after a few minutes I could no longer login and got an error message that the REDHAT domain was not available. Running tcpdump I could only see two problems: a warning about snap length too short Dialect Error! ASCIIZ of type 0 (safety=9) (repeated with different safety nos) Looked at with smbclient from another system the workstation treacle was the domain master browser. Any help as to what may be happening would be very welcome. BTW there have been reports from users of systems suddenly moving workgroups for no obvious reason and workgroups appearing and disappearing. Thanks John >Script started on Mon Feb 22 12:04:27 1999 >[ ~]\> smbclient -L gnats -U root > >Domain=[REDHAT] OS=[Unix] Server=[Samba 2.0.2] >security=user > >Server=[GNATS] User=[root] Workgroup=[REDHAT] Domain=[REDHAT] > > >This machine has a workgroup list: > > Workgroup Master > --------- ------- > ABS ABS1079 > > REDHAT TREACLE > > --- John Williams Team Leader Academic Systems LIS (MB) Aston University Aston Triangle Birmingham B4 7ET 0121 359 3611 x 5142 Fax 0121 359 7358 Mobile 07801266235 From cartegw at Eng.Auburn.EDU Mon Feb 22 17:10:29 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:18 2003 Subject: Domain Name References: <36D17B63.A50F325D@morpheus.net> Message-ID: <36D18F85.BF78D6A1@eng.auburn.edu> Matt Housh wrote: > > Am I just nuts, or does Samba only work as a domain > controller when the domain name (WORKGROUP option in smb.conf) > is set to 'samba'? I tried for hours one day to set one up > with a different name, and finally switched it to > 'samba' in desperation. With _NO_ other changes, this worked, > all of a sudden. What's the deal? Don't know what happened with your setup, but it does work with other DOMAIN names. We're you tryingot use an existing DOMAIN name that already had an existing domain master browser? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Mon Feb 22 17:12:22 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:19 2003 Subject: netmonitor References: <000701be5e5b$b3ba52c0$060014c0@marisco> Message-ID: <36D18FF6.3973DCF8@eng.auburn.edu> Hernan Ochoa wrote: > > hi. > > my problem is, i found netmonitor the NT Server CD, it is > in i386\netmon\, but i have to copy it by hand, and then > when i execute it it says that no network drivers > were found, and that i should consult my manual (??, obviolsy > the help files say nothing about this). > > what's going on? thanks in advance. You must install the network monitor agent (network control panel-> add services) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dave at www.buffalostate.edu Mon Feb 22 17:16:36 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:19 2003 Subject: Domain Name In-Reply-To: <36D17B63.A50F325D@morpheus.net> Message-ID: > > Am I just nuts, or does Samba only work as a domain controller when the > domain name (WORKGROUP option in smb.conf) is set to 'samba'? I tried > for hours one day to set one up with a different name, and finally > switched it to 'samba' in desperation. With _NO_ other changes, this > worked, all of a sudden. What's the deal? when running as a domain controller, it is highly reccommened that the WORKGROUP name and DOMAIN (samba domain not DNS) are IDENTICAL. (it is documented in MS's online docs (buried fairly deep too). Dave From lkcl at switchboard.net Mon Feb 22 17:19:29 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:19 2003 Subject: Domain Name In-Reply-To: <36D17B63.A50F325D@morpheus.net> Message-ID: probably an "offset" issue. were all previous names you were using a multiple of 2 characters in length? "samba" is not. "samba1" is. you don't specify which version you are using. On Tue, 23 Feb 1999, Matt Housh wrote: > > Am I just nuts, or does Samba only work as a domain controller when the > domain name (WORKGROUP option in smb.conf) is set to 'samba'? I tried > for hours one day to set one up with a different name, and finally > switched it to 'samba' in desperation. With _NO_ other changes, this > worked, all of a sudden. What's the deal? > > Matt > > ------------------------------------------------------------ > Matt Housh email: mhoush@utulsa.edu > Microcomputer Specialist The University of Tulsa > Engineering and Natural Sciences > > "Preserving the right to arm bears..." > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From jaeger at morpheus.net Mon Feb 22 17:32:22 1999 From: jaeger at morpheus.net (Matt Housh) Date: Tue Dec 2 02:25:19 2003 Subject: Domain Names Message-ID: I've gotten a response from a friend of mine at another university doing the same thing I'm attempting to do, with a pointer or two, so I'll try again. To sum up what I've gotten from this list, it's most likely NOT an offset issue, as both domain names I've used were an odd number of letters long (does this matter? that would be pretty lame.) Matt ------------------------------------------------------------ Matt Housh email: mhoush@utulsa.edu Microcomputer Specialist The University of Tulsa Engineering and Natural Sciences "Preserving the right to arm bears..." From marcjadu at moosburg.org Mon Feb 22 18:38:31 1999 From: marcjadu at moosburg.org (MarcVJ) Date: Tue Dec 2 02:25:19 2003 Subject: how to save win profiles only on server? References: <01be5c4d$398b24d0$0200a8c0@big.co.yu> <36D022E3.9CE568AC@moosburg.org> <36D02AF8.79CED368@bigfoot.com> Message-ID: <36D1A427.46C0E5BF@moosburg.org> Is this also applicable to Win98? rt wrote: > > Try the this key under NT4wks... > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon > > Edit or add value DeleteRoamingCache as type REG_DWORD. Set it to 1. > [...] From atristan at math.ucr.edu Mon Feb 22 19:08:11 1999 From: atristan at math.ucr.edu (andrew tristan) Date: Tue Dec 2 02:25:19 2003 Subject: latest cvs Message-ID: <199902221908.LAA17560@charity.ucr.edu> Sent this last Friday, but mangled the address... I followed LKCL's advice and grabbed the latest cvs to see whether it would solve some of the problems that I'm having, and indeed it did. Service names no longer show up as "//sambaserver/|||||||||", and roaming profiles now work as expected. I still can't get password sync to work though. If anyone has got a clue as to what I'm doing wrong, I'd love to hear it. This is on a SunOS 5.5.1 machine. Below is the chat debug output, relevant bits from smb.conf, and the actual error message. The weird thing is that /etc/shadow actually gets updated with the new password, although samba/private/smbpasswd does not. Given that this is so, I wouldn't expect that the passwd chat is the problem. With password sync turned off, smbpasswd works as expected. Here's the error: machine 127.0.0.1 rejected the password change: Error was : \ The specified password is invalid. Failed to change password for luser Here's the relevant stuff from smb.conf: unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = New\spassword: "%n\n" \nRe-enter\snew\spassword: "%n\n" And the chat debug output: [1999/02/19 12:57:55, 10] smbd/chgpasswd.c:(202) Invoking '/usr/bin/passwd luser' as password change program. [1999/02/19 12:57:56, 100] smbd/chgpasswd.c:(276) talktochild: chatbuf=[New password:] responsebuf=[New password:] [1999/02/19 12:57:56, 100] smbd/chgpasswd.c:(289) talktochild: sendbuf=[1234zxcv ] [1999/02/19 12:57:56, 100] smbd/chgpasswd.c:(276) talktochild: chatbuf=[ Re-enter new password:] responsebuf=[ Re-enter new password:] [1999/02/19 12:57:56, 100] smbd/chgpasswd.c:(289) talktochild: sendbuf=[1234zxcv ] [1999/02/19 12:57:58, 3] smbd/chgpasswd.c:(326) The process is no longer waiting! The chat sequence looks right to me (and the unix password gets updated, so this must be right). HAVE_WAITPID gets defined, should I undef it and see whether wait4() does better than waitpid()? On another note, when I tell folks that I'm running a PDC on a unix box, their eyes pop out of their heads and their tongues drop to the floor; samba is mighty cool. Thanks, Andrew -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From dave at www.buffalostate.edu Mon Feb 22 19:34:12 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:19 2003 Subject: Samba PDC and Windows NT In-Reply-To: <3.0.5.32.19990222123424.00a6c300@email.aston.ac.uk> Message-ID: > I am running samba 2.0.2 on Linux 2.0.36 and trying to get it to be a PDC, > the server is called gnats and the domain REDHAT. There are no other > systems in the domain. I went through the setup and initially everything > worked fine. I added a workstation called treacle, got the welcome message > and could login with a UNIX username. (After the usual reboots of course.) > > Howvever after a few minutes I could no longer login and got an error > message that the REDHAT domain was not available. Running tcpdump I could > only see two problems: > > Looked at with smbclient from another system the workstation treacle was > the domain master browser. > Any help as to what may be happening would be very welcome. BTW there have > been reports from users of systems suddenly moving workgroups for no > obvious reason and workgroups appearing and disappearing. My guess is your OS level is set too low. Set it to 64 or higher, and make sure "prefer master" along with "domain master" and "local master" are all "yes" Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From chris at netquarters.net Mon Feb 22 21:25:45 1999 From: chris at netquarters.net (Christopher Woods) Date: Tue Dec 2 02:25:19 2003 Subject: Simple question In-Reply-To: <19990222122318.26500.qmail@topelo.lopi.com> Message-ID: On Mon, 22 Feb 1999, Bill Nugent wrote: > One thing I forgot to mention - NT seems to become confused if you > restart Samba too many times - more than 5 to 10 times seems to be the > unlucky number so I fell into the habit of rebooting the NT box every > four or five times I restarted Samba while experimenting with smb.conf > values, etc. Well, I think that and having a mismatch between what Samba expected and Win'95 was giving as far as password encryption seemed to solve my problems!! Thank you very much Bill. I am happily logging into my linux SAMBA machine and able to read/write to shares etc. This is great!!!! Thanks!! Christopher Woods chris@netquarters.net From tavis at mahler.econ.columbia.edu Mon Feb 22 21:47:25 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:25:19 2003 Subject: Password Changing In-Reply-To: <36D18FF6.3973DCF8@eng.auburn.edu> Message-ID: I'm not sure if this is the right list, but I'm having a problem with regular old smbpasswd password changes, and I'm wondering if anyone has seen it before and knows what it is. Password changing works fine for root, but when a non-root user tries to change his or her password, it fails with a notice of "The specified password is invalid" even though both the given Unix and SMB password are the same and work fine. I also get a message in the client machine log for the server of "password changing not compiled for user ([the relevant user])." I'm running 2.0.2 on SunOS 4.1.3U1, though I've had the problem with previous versions as well. I'm enclosing my smb.conf and log.[server] files in case they help. Many thanks for any attention, Tavis ****************************************************************** ; Configuration file for smbd. ; ============================================================================ [global] workgroup=SAMBADC server string=Sparc2 in Sociology hosts allow = 128.59.226.78 , 128.59. , 127. guest account = nobody socket options = TCP_NODELAY domain logons = yes domain master = yes local master = yes os level = 100 security = user encrypt passwords = yes null passwords = true unix password sync = yes passwd program = /bin/passwd %u passwd chat = "*New password*" %n\n "*new password*" %n\n passwd chat debug = true logon script = %U.bat logon drive = l: wins support = yes wins proxy = yes remote announce = 128.59.226.175 , 128.59.226.42, 128.59.194.255, 128.59.220.255 remote browse sync = 128.59.220.18 preferred master = yes printing = bsd printcap name = /etc/printcap load printers = yes log file = /usr/local/samba/log.%m debug level = 3 lock directory = /usr/local/samba/var/locks share modes = yes case sensitive = no preserve case = yes short preserve case = yes [NETLOGON] path = /usr/local/samba/lib/netlogon writeable = no guest ok = yes locking = no share modes = no [homes] comment = Home Directories read only = no create mode = 0750 [printers] comment = All Printers printable = yes public = no writable = no create mode = 0700 ************************************************************ log.markov [ Markov is the server] [1999/02/22 16:29:22, 3] smbd/process.c:process_smb(565) Transaction 1 of length 168 [1999/02/22 16:29:22, 3] smbd/process.c:switch_message(402) switch message SMBnegprot (pid 6017) [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [PC NETWORK PROGRAM 1.0] [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [MICROSOFT NETWORKS 1.03] [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [MICROSOFT NETWORKS 3.0] [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LANMAN1.0] [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LM1.2X002] [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [Samba] [1999/02/22 16:29:22, 3] smbd/negprot.c:reply_negprot(409) Selected protocol NT LANMAN 1.0 [1999/02/22 16:29:22, 3] smbd/process.c:process_smb(565) Transaction 2 of length 78 [1999/02/22 16:29:22, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 6017) [1999/02/22 16:29:22, 3] smbd/reply.c:reply_sesssetup_and_X(675) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] [1999/02/22 16:29:22, 3] smbd/reply.c:reply_sesssetup_and_X(679) sesssetupX:name=[] [1999/02/22 16:29:22, 3] smbd/password.c:setup_groups(192) nobody is in 1 groups: 65534 [1999/02/22 16:29:22, 3] smbd/password.c:register_vuid(270) uid 65534 registered to name nobody [1999/02/22 16:29:22, 3] smbd/password.c:register_vuid(272) Clearing default real name [1999/02/22 16:29:22, 3] smbd/process.c:process_smb(565) Transaction 3 of length 69 [1999/02/22 16:29:22, 3] smbd/process.c:switch_message(402) switch message SMBtconX (pid 6017) [1999/02/22 16:29:22, 2] lib/access.c:check_access(249) Allowed connection from localhost (127.0.0.1) [1999/02/22 16:29:22, 3] smbd/password.c:pass_check_smb(506) account for user nobody was disabled. [1999/02/22 16:29:22, 3] smbd/password.c:pass_check_smb(506) account for user nobody was disabled. [1999/02/22 16:29:22, 3] smbd/password.c:authorise_login(794) ACCEPTED: guest account and guest ok [1999/02/22 16:29:22, 3] smbd/service.c:make_connection(386) Connect path is /tmp [1999/02/22 16:29:22, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/02/22 16:29:22, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /usr/local/samba/var [1999/02/22 16:29:22, 3] smbd/service.c:make_connection(488) markov (127.0.0.1) connect to service IPC$ as user nobody (uid=65534, gid=65534) (pid 6017) [1999/02/22 16:29:22, 3] smbd/reply.c:reply_tcon_and_X(340) tconX service=ipc$ user=nobody [1999/02/22 16:29:23, 3] smbd/process.c:process_smb(565) Transaction 4 of length 634 [1999/02/22 16:29:23, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 6017) [1999/02/22 16:29:23, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/02/22 16:29:23, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\LANMAN> data=532 params=22 setup=0 [1999/02/22 16:29:23, 3] smbd/ipc.c:named_pipe(3479) named pipe command on name [1999/02/22 16:29:23, 3] smbd/ipc.c:api_reply(3424) Got API command 214 of form (tdscnt=532,tpscnt=22,mdrcnt=0,mprcnt=2) [1999/02/22 16:29:23, 3] smbd/ipc.c:api_reply(3429) Doing SamOEMChangePassword [1999/02/22 16:29:23, 3] smbd/ipc.c:api_SamOEMChangePassword(1769) api_SamOEMChangePassword: Change password for [1999/02/22 16:29:23, 0] smbd/chgpasswd.c:chgpasswd(463) Password changing not compiled in (user=tavis) [1999/02/22 16:29:23, 3] smbd/process.c:timeout_processing(755) end of file from client [1999/02/22 16:29:23, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /usr/local/samba/var [1999/02/22 16:29:23, 2] smbd/server.c:exit_server(406) Closing connections [1999/02/22 16:29:23, 3] smbd/service.c:close_cnum(514) markov (0.0.0.0) closed connection to service IPC$ [1999/02/22 16:29:23, 3] smbd/connection.c:yield_connection(40) Yielding connection to IPC$ [1999/02/22 16:29:23, 3] smbd/server.c:exit_server(431) Server exit (normal exit) From lkcl at switchboard.net Mon Feb 22 23:35:09 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:19 2003 Subject: Domain Names In-Reply-To: Message-ID: On Tue, 23 Feb 1999, Matt Housh wrote: > > I've gotten a response from a friend of mine at another university > doing the same thing I'm attempting to do, with a pointer or two, so I'll > try again. To sum up what I've gotten from this list, it's most likely NOT > an offset issue, as both domain names I've used were an odd number of > letters long (does this matter? that would be pretty lame.) it did matter in older versions of this code: that tells us that there is a 4-byte alignment issue with the unicode strings. remember, this stuff is all hand-coded it's NOT auto-generated like most other dce/rpc implementations. From whn at topelo.lopi.com Mon Feb 22 23:50:19 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:19 2003 Subject: Update suggestion for Samba NT Domain FAQ In-Reply-To: Your message of Mon, 22 Feb 1999 12:31:43 +0000. <36D14E2F.AC4B6555@ualg.pt> Message-ID: <19990222235019.28848.qmail@topelo.lopi.com> On Monday, Feb 22 1999 at 12:31:43, Pedro Miguel Frazao Fernandes Ferreira wrot >*e: >> 2.6. My Roaming Profiles are not updating! >> >> o Make sure the Directory Replicator Service is running and setup on >> the NT Workstation: Go to each workstation, Control Panel, >> Services, set Directory Replicator Service to Automatic and start it >> running. Go to the Control Panel, Server, Replication, enable >> Import Directories, add the Samba PDC. > > Wait. I think this is in order to use policies (.pol files with >registry settings which are loaded by W95, NT wkst, W98 machines). >policy files != roaming profiles. I believe the question to this should >be: > > My domain member computers are not reading the policy file from the >server. (Or something like this). Pedro, This was my experience but please keep in mind that I've only been doing NT for a few weeks other than an occasional use of Word, pulling long hours to get this working and I could be confused! 8*) I'm only an egg. I had a computer in a domain. I could logon both locally (e.g., Domain: wk1) or on the domain (e.g., Domain: Samba). The local login would use roaming profile - the domain login did not. Once I turned on the Directory Replicator Service roaming profiles worked for the domain logins as well. I'll try to verify this behavior in the next few days but then again maybe I'm confused. TIA, Bill From whn at topelo.lopi.com Mon Feb 22 23:58:40 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:19 2003 Subject: Samba PDC and Windows NT In-Reply-To: Your message of Tue, 23 Feb 1999 03:45:52 +1100. <3.0.5.32.19990222123424.00a6c300@email.aston.ac.uk> Message-ID: <19990222235840.28890.qmail@topelo.lopi.com> Howyd, Sounds like smb.conf is not quite right. It would be helpful to see your smb.conf file but try this first: local master = yes os level = 65 domain master = yes preferred master = yes If I understand things this should rig the election in Samba's favor. Bill On Tuesday, Feb 23 1999 at 03:45:52, John Williams wrote: >Hi, >I am running samba 2.0.2 on Linux 2.0.36 and trying to get it to be a PDC, >the server is called gnats and the domain REDHAT. There are no other >systems in the domain. I went through the setup and initially everything >worked fine. I added a workstation called treacle, got the welcome message >and could login with a UNIX username. (After the usual reboots of course.) > >Howvever after a few minutes I could no longer login and got an error >message that the REDHAT domain was not available. Running tcpdump I could >only see two problems: >a warning about snap length too short >Dialect Error! ASCIIZ of type 0 (safety=9) (repeated with different safety >nos) > >Looked at with smbclient from another system the workstation treacle was >the domain master browser. >Any help as to what may be happening would be very welcome. BTW there have >been reports from users of systems suddenly moving workgroups for no >obvious reason and workgroups appearing and disappearing. >Thanks >John >>Script started on Mon Feb 22 12:04:27 1999 >>[ ~]\> smbclient -L gnats -U root >> >>Domain=[REDHAT] OS=[Unix] Server=[Samba 2.0.2] >>security=user >> >>Server=[GNATS] User=[root] Workgroup=[REDHAT] Domain=[REDHAT] >> >> >>This machine has a workgroup list: >> >> Workgroup Master >> --------- ------- >> ABS ABS1079 >> >> REDHAT TREACLE >> >> >--- >John Williams Team Leader Academic Systems >LIS (MB) Aston University >Aston Triangle Birmingham B4 7ET >0121 359 3611 x 5142 Fax 0121 359 7358 >Mobile 07801266235 > From whn at topelo.lopi.com Tue Feb 23 00:12:14 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:19 2003 Subject: Update for Samba NT Domain FAQ with corrections In-Reply-To: Your message of Sat, 20 Feb 1999 22:52:03 -0500. Message-ID: <19990223001214.28946.qmail@topelo.lopi.com> Howdy, I've received a fair amount of feedback - here is a second draft. Thank you Luke and Pedro! Thank you again, Bill FAQ for Samba NTDOM PDC support 2.2. How do I get my NT Workstation / Server to login to the Samba controlled Domain? o Obtain the latest main branch samba code (see question 2.1) o Set up samba with encrypted passwords: see ENCRYPTION.txt (probably out of date: you no longer need the DES libraries, but other than that, ENCRYPTION.txt is current). At this point, you ought to test that your samba server is accessible correctly with encrypted passwords, before progressing with any of the NT workstation-specific bits: it's up to you. o To create the trust account for each computer to join the domain with Samba as the PDC, first create an account in /etc/passwd (or equivalent in the case of NIS / NIS+) for the username for each system in the domain including the Samba PDC. Currently the uid is all that will be used and this is to ensure that the samba generated machine RID for the worstation account will be unique. Therefore you should not reuse unix uid's in /etc/passwd. The shell or home directory fields in /etc/passwd are not used for now and can be set to /bin/False and /dev/null respectively. On my Samba PDC (server.example.com) the /etc/passwd entries look like this: server$:Dummy:800:800:Samba Server:/dev/null:/bin/false ws1$:Dummy:801:800:NT Workstation 1:/dev/null:/bin/false ws2$:Dummy:802:800:NT Workstation 2:/dev/null:/bin/false All of these systems must be in a unique Unix group which will be mapped to the NT Domain Group "Domain Users" so the entry in my /etc/group (or equivalent in the case of NIS/NIS+) is: domainUsers:x:800:server$,ws1$,ws2$ This group should have members all of the other users (real users) (hmmm...I don't think I'm doing this but it seems to work) This is the line in my smb.conf to create the domain user map file: domain user map = /usr/local/samba/etc/domain.user.map The line in domain.user.map is: domainUsers = "Domain Users" The double quotes are needed or else the line is misparsed. Then run the following commands: # smbpasswd -a -m server # smbpasswd -a -m ws1 # smbpasswd -a -m ws2 This will create an entry in the private/smbpasswd file in the form of my_workstation's_name$:uid:LM_XXX:NT_XXX:[W ]:LTC-XXXX: The LM_XXX and NT_XXX fields are the ascii representations of the 16 byte LanMan and NT MD4 hashes respectively of the password "my_workstation's_name". If you reload Windows NT on a system then you will need to regenerate the entry in smbpasswd. At the moment the 2.1-pre-alpha source tree version of smbpasswd is broken for Redhat 5.2 but the version in the 2.0.2 release works. o If you want to have a domain wide policy settings then use the NT Policy Editor (see question 5.1 to see how to get it) to create ntconfig.pol and then place it in the root of the [netlogon] share. o If you want the NT profiles stored on the server then make sure the systems are in time sync. This can be done by setting the in the logon script by including the line "NET \\server /TIME /SET" and by granting all users the right to set the system time. Probably a better way is to have an NTP broadcast on your network (maybe from the Samba PDC) and run clients on the NT workstations. If you don't do this then it is possible for profile updates to fail under some circumstatnces. In the Samba 2.0.0 and 2.0.2 releases the RedHat sample smb.conf file need this line added to [Profiles] share: writeable = true o If using NT server to log in, run the User Manager for Domains, and add the capability to "Log in Locally" to the policies, which you would have to do even if you were logging in to another NT PDC instead of a Samba PDC. o Set up the following parameters in smb.conf ; substitute your workgroup here workgroup = SAMBA ; tells workstations to use SAMBA as its Primary Domain Controller. domain logons = yes o Starting smbd will create a file name private/SAMBA.SID with permissions rw-r--r--. The file contains the domain SID for the samba PDC. The filename will differ depending on the value of the workgroup parameter. If the contents of this file change, no domain members will be able to logon and will need to be readded to the domain again. Guard it carefully! o Make sure samba is running before the next step is carried out. if this is your first time, just for fun you might like to switch the debug log level to about 20. the NT pipes produces some very pretty output when decoding requests and generating responses, which would be particularly useful to see in tcpdump at some point. o In the NT Network Settings, change the domain to SAMBA. Do not attempt to create an account using the other part of the dialog: it will fail at present. You should get a wonderful message saying "Welcome to the SAMBA Domain." If you don't, then please first increase your debug log levels and also get a tcpdump (or preferably NetMonitor) trace and examine it carefully. You should see a NETLOGON, a SAMLOGON on UDP port 138. If you don't, then you probably don't have "domain logons = yes" or there is some other problem in resolving the NetBIOS name SAMBA<1c> or in the /etc/passwd and/or smbpasswd entries for the NT client. On port 139, you should see a LSA_OPEN_POLICY, two LSA_QUERY_INFOs (one for a domain SID of S-1-3... and another for S-1-5) and then one LSA_CLOSE. You may see a pipe connection to a wkssvc pipe, and you may also see a "NetServerGetInfo" being issued on the srvsvc pipe. Assuming you got the Welcome message, go through the obligatory reboot (the NT box, not the Samba server). ... 2.6. My Roaming Profiles are not updating! o Make sure the Directory Replicator Service is running and setup on the NT Workstation: Go to each workstation, Control Panel, Services, set Directory Replicator Service to Automatic and start it running. Go to the Control Panel, Server, Replication, enable Import Directories, add the Samba PDC. o Make sure your systems have the same time. o Make sure the Profiles share is writable by the client (e.g., this should already be working in a non-domain login for the user). o Look in log.smbd and if you see a line like: trust account ws1$ should be in DOMAIN_GROUP_RID_USERS then something is messed up with the Unix group membership, or the domain group map entry for "Domain Users". Check that all entries in the map files have "=" or tabs as separators between the Unix NT names. o Make sure the file permissions and ownerships in the [Profiles] share are correct. o None of the above has fixed it and are feeling desperate? Then either this trouble shooting list is incomplete (likely) or something is confused (very likely) - try rebooting the NT box and while NT is not running (e.g., BIOS is counting memory) restart the smbd & nmbd just in case a change you made hasn't been incorporated...desperate times require desperate measures. I've noticed NT can get confused if I've restarted my Samba servertoo many times or the phase of the moon is wrong. Someone should write smbpom (SMB Phase Of Moon) program to display the inner workings of NT ;^) 2.7 My domain member computer is not reading the policy file from the server! o Make sure the Directory Replicator Service is running and setup on the NT Workstation: Go to each workstation, Control Panel, Services, set Directory Replicator Service to Automatic and start it running. Go to the Control Panel, Server, Replication, enable Import Directories, add the Samba PDC. o Make sure your NTconfig.pol file is in the right place - in the [netlogon] share's root directory and the file permissions are set so it is readable. From mjwestkamper at weiinc.com Tue Feb 23 00:42:22 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:25:19 2003 Subject: Setup Message-ID: <36D1F96E.E216074A@weiinc.com> I am trying to set up a Linux box as a Domain Controller and file / print server with a bunch of win95/NT systems. There will be about 60 clients and about 45gb on the server to start. I am replacing an OS/2 server. I have tried, albeit unsuccessfully, to get the 95/NT systems to work as clients to the Linux box. The Linux is RedHat 5.2 with the "latest" samba, as of a week ago. The NT system see the Linux box, however cannot seem to browse it nor can I force a manual USE. Much of what I see here pretty focused on some pretty detailed stuff. Is there a "Set it up this way and it will run" document around? If I cannot set it up as a DC then a Workgroup is fine. I just need the file store and printers. Mike From king at babylon.de Mon Feb 22 18:13:39 1999 From: king at babylon.de (Jens Kuehnel) Date: Tue Dec 2 02:25:19 2003 Subject: Password with space => Problem In-Reply-To: <3.0.3.32.19990222170921.00771300@bioserve.biochem.latrobe.edu.au> Message-ID: Hi, when you activate unix password sync with the default passwd chat you can`t use passwords with spaces. you have to do a workaround with "%n\n". Why don`t add anyone the "" to the default? I tried to find where the defaults are set, but I cant find it. CU Jens P.S.: Sorry for my bad english! From yan at cardinalengineering.com Tue Feb 23 02:33:33 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:25:19 2003 Subject: 2.0.2 upgrade woes Message-ID: <36D2137D.3F5F1A9D@cardinalengineering.com> I am running 2.0.0b5. Rock solid, no problems. This afternoon I took the plunge and installed 2.0.2 - domain logons quit working. I messed around a bit, could not get it to work. Did a good bit of cleaning up to get rid of 1.9 samba stuff that was still around - no joy. Could not get it to work, so I did a make revert - back to 2.0.0b5; domain logons work again (thanks for the revert - it's great!!) Problem solved except for one user (me). I can't log on. Here's what happens: I log on to the domain as usual. My desktop does not come up; only the default icons appear. None of my drives are mounted. I try to mount a drive; it mounts, but I get a message that the profile could not be updated. No matter what I do, I can't get my profile to update on the server. This is reproducible across machines, so it has something to do with the server profile. I copied a good, known profile over the assumed bad one and it made no difference. I am assuming that there's registry entries that I need to clean up. Any advice at all would be welcome; I can also provide log files of the entire mess if desired. TIA, Yan From ereklaatz at mcd-panasonic.de Tue Feb 23 10:02:08 1999 From: ereklaatz at mcd-panasonic.de (Erek Laatz) Date: Tue Dec 2 02:25:19 2003 Subject: Samba as NT PDC (bye bye NT...) Message-ID: <01BE5F1B.F5AE9E50.ereklaatz@mcd-panasonic.de> ------------------------------------------------ Erek Laatz Matsushita Communication Deutschland GmbH EDP section Lahnstrasse 5 Industriegebiet Sued D - 24539 Neumuenster / GERMANY Phone: +49 4321 882 240 FAX: +49 4321 882 222 eMail: ereklaatz@mcd-panasonic.de ------------------------------------------------ From dcimaro at ipruniv.cce.unipr.it Tue Feb 23 11:14:51 1999 From: dcimaro at ipruniv.cce.unipr.it (Diego Cimarosa) Date: Tue Dec 2 02:25:20 2003 Subject: Wrong domain is not checked ? Message-ID: <000801be5f1d$bbeb4180$655d4ea0@diego.labgiuri.unipr.it> Hi all, I am quite new with Samba and, after many and many hours spent reading docs and HOWTOs etc. I haven't resolved my problem yet. Can anybody help me ? (Domain blues ... start here !) I have a network of 25 PCs running Windows98, 1 PC running Linux Red Hat 5.2 and samba-2.0.2-19990209 as NT server. My goal is to prevent access to the machines without a proper account authentication. ****** If, during Windows98 login, I enter the domain specified in smb.conf EVERYTHING works fine (the user must be a registered user, the password is checked correctly, I can browse from windows clients and share directory on linux box ... ) BUT, any other domain name IS NOT CHECKED !!! And, for example, I can access with : User : goffy, Password : goffy, Domain : waltdisney ... ***** This is my configuration ... On "Microsoft Network" I have : Primary access => Client for Microsoft Network Client for Microsoft Network => Validation of access => Windows NT Domain name=mydomain Identification => Workgroup name=mydomain With poledit.exe I have : local computer => Logon => Logon banner : standard poledit caption and text Require validation from network for Windows access Don't show last user at logon Don't show logon progress Microsoft Client for Windows Networks => Log on to Windows NT => Domain name: mydomain Workgroup : mydomain This is my smb.conf #======================= Global Settings ================================== [global] debug level = 2 workgroup = mydomain server string = Linux Red Hat - Samba Server hosts allow = 160.x.y.z 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m max log size = 500 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY local master = yes os level = 33 domain master = yes domain logons = yes logon script = %U.bat name resolve order = wins lmhosts bcast wins support = yes dns proxy = no [homes] comment = Home Directories browseable = no writable = yes create mode = 0750 [netlogon] comment = Network Logon Service path = /home/samba/netlogon writable = no share modes = no [shared] comment = Directory condivisa sul Server Linux path = /home/shared public = yes read only = no writable = yes [cdrom] comment = CDROM condiviso su Linux path = /cdrom public = yes read only = yes writable = no #============================== END SMB.CONF================================== (Domain blues ... ENDS here !) Any suggestion ? Thanks and CIAO ! From dbannon at bioserve.latrobe.edu.au Tue Feb 23 10:24:49 1999 From: dbannon at bioserve.latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:20 2003 Subject: Wrong domain is not checked ? In-Reply-To: <000801be5f1d$bbeb4180$655d4ea0@diego.labgiuri.unipr.it> Message-ID: <3.0.1.32.19990223212449.0069b05c@bioserve.latrobe.edu.au> At 09:11 PM 23/02/1999 +1100, Diego Cimarosa wrote: >I have a network of 25 PCs running Windows98, 1 PC running Linux Red Hat 5.2 >and samba-2.0.2-19990209 as NT server. My goal is to prevent access to >the machines without a proper account authentication. > Then you need to use NT workstations, not win98 (assuming that win98 does not do it any better than 95). Sorry. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From gerard.leymarie at epita.fr Tue Feb 23 13:04:02 1999 From: gerard.leymarie at epita.fr (Gerard LEYMARIE) Date: Tue Dec 2 02:25:20 2003 Subject: I want to suscribe Message-ID: <000901be5f2c$fdcca6c0$160000c8@euroalliance.com> Hi, How can i suscribe?? Thanks From pfrazao at ualg.pt Tue Feb 23 13:03:27 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:20 2003 Subject: Wrong domain is not checked ? References: <3.0.1.32.19990223212449.0069b05c@bioserve.latrobe.edu.au> Message-ID: <36D2A71F.735E8DE1@ualg.pt> David Bannon wrote: > > At 09:11 PM 23/02/1999 +1100, Diego Cimarosa wrote: > > >I have a network of 25 PCs running Windows98, > > 1 PC running Linux Red Hat 5.2 > >and samba-2.0.2-19990209 as NT server. My goal is to prevent access to > >the machines without a proper account authentication. > > > > Then you need to use NT workstations, not win98 (assuming that win98 does > not do it any better than 95). Sorry. I have done this. Just checked it now and when I go to W95 I use my username, password and some invalid domain: the result is that I can not login. I used policies for w95 from the w95 resource kit, seted up the computer for user level access: I believe you must install the w95 resource kit and also a patch for this RK. They are available from the company you all know in something they call Technet online, I belive. Pedro > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872959 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From Bas.Kelderman at eptl.elf-p.fr Tue Feb 23 13:12:46 1999 From: Bas.Kelderman at eptl.elf-p.fr (Bas.Kelderman@eptl.elf-p.fr) Date: Tue Dec 2 02:25:20 2003 Subject: Wrong domain is not checked ? Message-ID: That is not completely true, I run Samba 2.0.2 and a bunch of Win98 pc's and the authentication is done through Samba and I have a policy that doesn't allow users to log on unless they are authenticated within the domain. So that is a way to solve it. Bas ---------- <| >From: dbannon@bioserve.latrobe.edu.au <| >To: samba-ntdom@samba.org <| >Subject: Re: Wrong domain is not checked ? <| >Date: Tuesday, February 23, 1999 11:33PM <| > <| >At 09:11 PM 23/02/1999 +1100, Diego Cimarosa wrote: <| > <| >>I have a network of 25 PCs running Windows98, <| > <| > <| > <| >1 PC running Linux Red Hat 5.2 <| >>and samba-2.0.2-19990209 as NT server. My goal is to prevent access to <| >>the machines without a proper account authentication. <| >> <| > <| >Then you need to use NT workstations, not win98 (assuming that win98 does <| >not do it any better than 95). Sorry. -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 76 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990223/b5c0b354/WINMAIL.bin From cartegw at Eng.Auburn.EDU Tue Feb 23 14:04:08 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:20 2003 Subject: Wrong domain is not checked ? References: Message-ID: <36D2B558.572F477A@eng.auburn.edu> Bas.Kelderman@eptl.elf-p.fr wrote: > > That is not completely true, I run Samba 2.0.2 and a bunch of Win98 > pc's and the authentication is done through Samba and I have a policy > that doesn't allow users to log on unless they are > authenticated within the domain. > So that is a way to solve it. "Windows 9x gives you all the security you deserve" :) It is impossible to completely secure a Windows 9x box period. Believe me, I have tried for countless hours. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue Feb 23 14:09:08 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:20 2003 Subject: Setup References: <36D1F96E.E216074A@weiinc.com> Message-ID: <36D2B684.16F73A8B@eng.auburn.edu> Mike Westkamper wrote: > > Much of what I see here pretty focused on some pretty > detailed stuff. Is there a "Set it up this way and it > will run" document around? If I cannot set it up as a DC > then a Workgroup is fine. I just need the file > store and printers. Mike, This list is focused on Samba testing the PDC support. Have you worked through the DIAGNOSIS.txt file (about 10 or so steps in there). Also check the docs related to pasword encryption and Windows NT 4 SP3. (WinNT.txt) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Tue Feb 23 15:56:15 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:20 2003 Subject: Update for Samba NT Domain FAQ with corrections In-Reply-To: <19990223001214.28946.qmail@topelo.lopi.com> Message-ID: > domainUsers:x:800:server$,ws1$,ws2$ > > This group should have members all of the other users (real users) .. all of the other domain users (real users) > if I've restarted my Samba servertoo many times or the phase of the ^ space cool. From dany at databit.ro Tue Feb 23 16:53:43 1999 From: dany at databit.ro (Dan Ardelean) Date: Tue Dec 2 02:25:20 2003 Subject: netmonitor Message-ID: <007401be5f4d$13362a70$169566c2@orion.databit.ro> -----Original Message----- From: Gerald Carter To: Multiple recipients of list Date: Monday, February 22, 1999 10:11 PM Subject: Re: netmonitor >Hernan Ochoa wrote: >> >> hi. >> >> my problem is, i found netmonitor the NT Server CD, it is >> in i386\netmon\, but i have to copy it by hand, and then >> when i execute it it says that no network drivers >> were found, and that i should consult my manual (??, obviolsy >> the help files say nothing about this). >> >> what's going on? thanks in advance. > >You must install the network monitor agent (network control panel-> >add services) >jerry It seems that even after this some features won't work in netmon claiming for TCPIP.DLL, IPX.DLL, etc which I didn't find on the NT server CD not even if the TCPIP.DL_ format ... Isn't there a netmon which can be installed on a NT workstation ? Dan From cartegw at Eng.Auburn.EDU Tue Feb 23 16:50:39 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:21 2003 Subject: netmonitor References: <007401be5f4d$13362a70$169566c2@orion.databit.ro> Message-ID: <36D2DC5F.2F309B01@eng.auburn.edu> Dan Ardelean wrote: > > It seems that even after this some features won't work > in netmon claiming for TCPIP.DLL, IPX.DLL, etc > which I didn't find on the NT server CD not even if > the TCPIP.DL_ format ... > > Isn't there a netmon which can be installed on a NT workstation ? Yes. But you simply copy files from an NT Server installation. The steps are outlined in the domain FAQ. On an NT Server, install the Netmon agent and tools. Then you can xcopy %systenmroot%\system32\netmon\*.* to a NT Wks that ha the netmon agent installed and it will work. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From allen at driversoft.com Tue Feb 23 17:12:11 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? In-Reply-To: <36D2B558.572F477A@eng.auburn.edu> Message-ID: Even with policies, people are able to execute command.com without logging in. from there you can run explorer.exe and you have all you need. getting around even the best 9x security can be trivial. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Wed, 24 Feb 1999, Gerald Carter wrote: > Bas.Kelderman@eptl.elf-p.fr wrote: > > > > That is not completely true, I run Samba 2.0.2 and a bunch of Win98 > > pc's and the authentication is done through Samba and I have a policy > > that doesn't allow users to log on unless they are > > authenticated within the domain. > > So that is a way to solve it. > > "Windows 9x gives you all the security you deserve" :) > > It is impossible to completely secure a Windows 9x box period. > Believe me, I have tried for countless hours. > > > > > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From pfrazao at ualg.pt Tue Feb 23 17:37:14 1999 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? References: Message-ID: <36D2E74A.FBD8A1BB@ualg.pt> Allen Reese wrote: > > Even with policies, people are able to execute command.com without logging > in. from there you can run explorer.exe and you have all you need. > getting around even the best 9x security can be trivial. How do you execute command.com without loging in ? I have checked this and I can not do it. But as I pointed out earlier, I have installed the &%$#&%$ft W95 Resource Kit and the respective patch. I just dont know if it alters something. Pedro > > Allen Reese > Senior Software Engineer > Driversoft, Inc. > allen@driversoft.com > > On Wed, 24 Feb 1999, Gerald Carter wrote: > > > Bas.Kelderman@eptl.elf-p.fr wrote: > > > > > > That is not completely true, I run Samba 2.0.2 and a bunch of Win98 > > > pc's and the authentication is done through Samba and I have a policy > > > that doesn't allow users to log on unless they are > > > authenticated within the domain. > > > So that is a way to solve it. > > > > "Windows 9x gives you all the security you deserve" :) > > > > It is impossible to completely secure a Windows 9x box period. > > Believe me, I have tried for countless hours. > > > > > > > > > > jerry > > ________________________________________________________________________ > > Gerald ( Jerry ) Carter > > Engineering Network Services Auburn University > > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > > > "...a hundred billion castaways looking for a home." > > - Sting "Message in a Bottle" ( 1979 ) > > -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872959 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From greg at discreet.com Tue Feb 23 17:49:00 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:21 2003 Subject: Greg's annoying daily CVS report Message-ID: Hmmm. Same problem as yesterday but more symptoms now. The smbd dies with a SIGSEV, I managed to catch it once in dbx and it looked like someone was trouncing the stack in the group database stuff (doncha love pointers!). Here's the stupid part. Now I cannot reproduce it so it's not always happening. Maybe I'll run it through purify and see what happens.... Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From allen at driversoft.com Tue Feb 23 17:47:24 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? In-Reply-To: <36D2E74A.FBD8A1BB@ualg.pt> Message-ID: One of the ways is to press ctrl-alt-esc. This will bring up the task manager. there are a few other ways But I don't remember them. I used to work in a large network enviroment with all 95 stations, very strict policies, and this was against NT Server, people there still got command.com and other programs running. ;) Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Tue, 23 Feb 1999, Pedro Miguel Frazao Fernandes Ferreira wrote: > Allen Reese wrote: > > > > Even with policies, people are able to execute command.com without logging > > in. from there you can run explorer.exe and you have all you need. > > getting around even the best 9x security can be trivial. > > How do you execute command.com without loging in ? I have checked this > and I can not do it. But as I pointed out earlier, I have installed the > &%$#&%$ft W95 Resource Kit and the respective patch. I just dont know if > it alters something. > > Pedro > > > > > Allen Reese > > Senior Software Engineer > > Driversoft, Inc. > > allen@driversoft.com > > > > On Wed, 24 Feb 1999, Gerald Carter wrote: > > > > > Bas.Kelderman@eptl.elf-p.fr wrote: > > > > > > > > That is not completely true, I run Samba 2.0.2 and a bunch of Win98 > > > > pc's and the authentication is done through Samba and I have a policy > > > > that doesn't allow users to log on unless they are > > > > authenticated within the domain. > > > > So that is a way to solve it. > > > > > > "Windows 9x gives you all the security you deserve" :) > > > > > > It is impossible to completely secure a Windows 9x box period. > > > Believe me, I have tried for countless hours. > > > > > > > > > > > > > > > jerry > > > ________________________________________________________________________ > > > Gerald ( Jerry ) Carter > > > Engineering Network Services Auburn University > > > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > > > > > "...a hundred billion castaways looking for a home." > > > - Sting "Message in a Bottle" ( 1979 ) > > > > > -- > ------------------------------------------------------------------------ > Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve > U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal > pfrazao@ualg.pt Tel.:+351 89 800950 / 872959 Fax: +351 89 818560 > http://w3.ualg.pt/~pfrazao > From dave at www.buffalostate.edu Tue Feb 23 19:04:57 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? In-Reply-To: Message-ID: > Even with policies, people are able to execute command.com without logging > in. from there you can run explorer.exe and you have all you need. > getting around even the best 9x security can be trivial. Just rename "taskman.exe" to something else, and then you can't pop it up at the logon screen with Ctrl-Alt-Esc. There are documented ways to prevent "safe mode" bootups, and use the bios to prevent booting from floppy or CDrom. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From allen at driversoft.com Tue Feb 23 19:11:38 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? In-Reply-To: Message-ID: 9x is still not secure. ;) Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Tue, 23 Feb 1999, Dave J. Andruczyk wrote: > > Even with policies, people are able to execute command.com without logging > > in. from there you can run explorer.exe and you have all you need. > > getting around even the best 9x security can be trivial. > > Just rename "taskman.exe" to something else, and then you can't pop it up > at the logon screen with Ctrl-Alt-Esc. There are documented ways to > prevent "safe mode" bootups, and use the bios to prevent booting from > floppy or CDrom. > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College > > > > From WHGI at chevron.com Tue Feb 23 21:02:52 1999 From: WHGI at chevron.com (Gilmore, William H. (WHGI)) Date: Tue Dec 2 02:25:21 2003 Subject: Samba in a Multiple-Master Domain Model Message-ID: <99333C02DACFD1118B0C00805F6F6C8001BF197D@CON-MSX1> I am currently looking at implementing Samba to provide file access to some of our UNIX servers from out NT desktop environment and need some guidance regarding the capabilities of using Domain Authentication with Samba. Our NT environment is based upon the Microsoft Multiple-Master Domain model. In essence, all user accounts are defined in domains MD1 and MD2. All network resources are place in resource domains such as CITY1, CITY2, etc. The desktop machines are also placed in the resource domains (i.e. CITY1, etc.). A one way trust from the resource domains to the master accounts domains is in place. When the desktop users on MACH1 which is a member of resource domain CITY2 logs in they authenticate to MD1 or MD2 dependent upon where their account is. My question is, if I install Samba on UNIX1 and make it a memer of the resource domain CITY1, will it allow acess to user ids that are located in the MD1, MD2, etc domains. As a much less attractive alternative, I can setup Samba to use user authentication and a hosts equiv file to provide seamless interface to my users, but this does depend upon the user machine for authentication. If I can limit the client machines to be on WinNT machines, this would be acceptable. Two questions here. Is there any way to limit authentication to be NT1 and only NT1? Has anybody used user security with host equiv and go it working right? My quick tests indicate that a user is still prompted for a passwd. Thanks in advance. William PS: If you are wondering about why the multiple master domain model, it is the recommended implementation for large organizations (i.e. more the 15,000 IDs in a domain). From hancox at SLAC.Stanford.EDU Tue Feb 23 21:15:34 1999 From: hancox at SLAC.Stanford.EDU (Patrick Hancox) Date: Tue Dec 2 02:25:21 2003 Subject: NTLMv2 Message-ID: <36D31A76.9F6E2722@slac.stanford.edu> I'm a little confused about something. Does SAMBA currently support the NTLMv2 authentication method introduced in WinNT sp4 or not? Same question goes for the SMB signing introduced in sp3. Any pointers would be helpful. Patrick Hancox SLAC Computing Services Stanford Linear Accelerator Center -------------- next part -------------- A non-text attachment was scrubbed... Name: hancox.vcf Type: text/x-vcard Size: 461 bytes Desc: Card for Patrick Hancox Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990223/960985ed/hancox.vcf From urs.steiner at switzerland.org Tue Feb 23 22:48:57 1999 From: urs.steiner at switzerland.org (Urs Steiner) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? Message-ID: <003401be5f7e$b34bcd40$0300a8c0@noway.maximilianeum.ch> Lo Dave >prevent "safe mode" bootups, and use the bios to prevent booting from >floppy or CDrom. you mean the bios password? like the standard "LKWPETER" for the one sort of bioses ? (can't remember the other one just now ...) every one who can read and search the internet, can get into the bios and do it with it what he wants... on the other hand, one could also just open the box and reset the bios ... if you got (physical) access to a box, you can (eventually) into it ... Urs -- mail: urs [dot] steiner [at] switzerland [dot] org http://www.vis.ethz.ch/~urs/ phone: 01/261 57 26 666C - packed decimal number of the beast From cartegw at Eng.Auburn.EDU Wed Feb 24 02:18:00 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:21 2003 Subject: NTLMv2 References: <36D31A76.9F6E2722@slac.stanford.edu> Message-ID: <36D36158.C813F38B@eng.auburn.edu> Patrick Hancox wrote: > > I'm a little confused about something. Does SAMBA > currently support the NTLMv2 authentication method > introduced in WinNT sp4 or not? Same question goes for > the SMB signing introduced in sp3. Any pointers would > be helpful. No on both accounts. Corrections welcome (Jeremy, Luke, Andrew?) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Feb 24 02:30:22 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:21 2003 Subject: Samba in a Multiple-Master Domain Model References: <99333C02DACFD1118B0C00805F6F6C8001BF197D@CON-MSX1> Message-ID: <36D3643E.B4A56A03@eng.auburn.edu> Gilmore, William H. (WHGI) wrote: > > > My question is, if I install Samba on UNIX1 and make it a memer > of the resource domain CITY1, will it allow acess to user ids > that are located in the MD1, MD2, etc domains. Samba as a domain member can participate in domain trusts. > Is there any way to limit authentication to be NT1 and only NT1? the protocol parameter only limits the highest level protocol negotiated. I don't know of a way to prevent downgrading. > Has anybody used user security with host equiv and go it > working right? My quick tests indicate that a user is > still prompted for a passwd. Never used it. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gerard.leymarie at epita.fr Wed Feb 24 09:24:36 1999 From: gerard.leymarie at epita.fr (Gerard LEYMARIE) Date: Tue Dec 2 02:25:21 2003 Subject: How to become an administrator Message-ID: <001301be5fd7$805ae340$160000c8@euroalliance.com> Hello, I resolved all my problems, thank you evrybody and bye bye NT server Just one question, How to become a domain's admin to manage a NT workstation, i'm in the root group under samba but not under NT so ican't add printer etc... Please reply From daniel at med.up.pt Wed Feb 24 09:46:35 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? In-Reply-To: Message-ID: On Wed, 24 Feb 1999, Dave J. Andruczyk wrote: > > Even with policies, people are able to execute command.com without logging > > in. from there you can run explorer.exe and you have all you need. > > getting around even the best 9x security can be trivial. > > Just rename "taskman.exe" to something else, and then you can't pop it up > at the logon screen with Ctrl-Alt-Esc. There are documented ways to > prevent "safe mode" bootups, and use the bios to prevent booting from > floppy or CDrom. I also renamed taskman.exe at first, but completely erased it afterwards (it was some 2 years ago, when I secured win95 to the best I could in a Cibercafe) - I found that after you logon, explorer takes care of giving you the task management so when you press Ctrl-Alt-Esc or that Window Key in Win95 Keyboards, it still works as expected... after logon, I repeat. It really prevented from, at least, doing unauthorized/unlogged logins into win95 thus preventing an interactive gui session. As for the safe mode prevention, just to save interested people the trouble of searching, the key is the \MSDOS.SYS file, now (after win95) a plaintext file with some important directives therein like: Bootkeys=0 ;Means no bootkeys available when pressing F8 or F5 upon boot As for general security, a lot is possible but you always stumble across the fact that there is no file permissions protection, so a good backup/image scheme is due here. I have implemented some - one with a Boot CD, which restores a previously imaged copy of the disk and another with a dual (win95/linux) boot on the same machine with special restore and backup logins onto the linux partition, which perform the task automatically - the later takes only 5/6 minutes to complete including reboots. Gone a little offtopic, but I didn't started it! :-) Hope to help, Daniel Fonseca From dcimaro at ipruniv.cce.unipr.it Wed Feb 24 09:29:41 1999 From: dcimaro at ipruniv.cce.unipr.it (Diego Cimarosa) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? ... is not true ? Message-ID: <008601be5fd8$34d1ec60$655d4ea0@diego.labgiuri.unipr.it> Bas wrote : ---------------------------------------------------------------------------- ----------------- That is not completely true, I run Samba 2.0.2 and a bunch of Win98 pc's and the authentication is done through Samba and I have a policy that doesn't allow users to log on unless they are authenticated within the domain. So that is a way to solve it. Bas dbannon@bioserve.latrobe.edu.au ---------------------------------------------------------------------------- ----------------- Do you accept 3 tons of spaghetti, pizzas and mandolino for your solution ? I can also : send you a "love" card (!!!), some "pesto", a picture of Pope Joan XXIII, Chick Corea, Lou Reed, Pink Floyd albums, stamps, my blood ... my ... HELLLLLPPP !!! From akorud at polynet.lviv.ua Wed Feb 24 11:09:21 1999 From: akorud at polynet.lviv.ua (akorud@polynet.lviv.ua) Date: Tue Dec 2 02:25:21 2003 Subject: NT WS in samba domain problem. Message-ID: <000001be5fe6$211c4450$1c00a8c0@lp.lviv.ua> Hi. I have such problem: 1. I had NT PDC with domain name 'TEST' and NT WS connected to it. 2. I changed NT PDC to samba PDC wihh workgroup = 'TEST'. 3. W95 see 'TEST' as PDC and log to it without problems. 4. On NTWS I set that it is member of workgroup 'TEST' and all is OK. 5. When I try switch NT to domain 'TEST' i got message: "You are already connected to domain TEST. Please disconnect first" Where is the problem. I have this problem both on samba-2.0.2 and on latest CVS. NT machine is added to smbpasswd as in latest NT FAQ (from this list). Thanks in advance. Andrij Korud, Lviv, Ukraine From akorud at polynet.lviv.ua Wed Feb 24 11:11:05 1999 From: akorud at polynet.lviv.ua (akorud@polynet.lviv.ua) Date: Tue Dec 2 02:25:21 2003 Subject: User list in Win95 Message-ID: <000101be5fe6$5ec6db80$1c00a8c0@lp.lviv.ua> Hi. Is it possible to obtain list of users in W95 running in "User level" access mode. I've tried to do this on latest (24.02.99) CVS and got message "Cannot get list of users at this time. Try again later" Can anybody help me? Thanks in advance. Andrij Korud, Lviv, Ukraine From ambach at unfall.klinik.uni-mainz.de Wed Feb 24 11:45:40 1999 From: ambach at unfall.klinik.uni-mainz.de (Christian Ambach) Date: Tue Dec 2 02:25:21 2003 Subject: NT WS in samba domain problem. References: <000001be5fe6$211c4450$1c00a8c0@lp.lviv.ua> Message-ID: <36D3E664.986E638E@unfall.klinik.uni-mainz.de> akorud@polynet.lviv.ua schrieb: > > Hi. I have such problem: > 1. I had NT PDC with domain name 'TEST' and NT WS connected to it. > 2. I changed NT PDC to samba PDC wihh workgroup = 'TEST'. > 3. W95 see 'TEST' as PDC and log to it without problems. > 4. On NTWS I set that it is member of workgroup 'TEST' and all is OK. > 5. When I try switch NT to domain 'TEST' i got message: > "You are already connected to domain TEST. Please disconnect first" You mustn't have a connection open to that domain. When loggin in, don't map any drives. You can also kill the smbd process that is responsible for that workstation. I already had that problem and after a new login everything was ok. Christian Ambach From lkcl at switchboard.net Wed Feb 24 14:07:41 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:21 2003 Subject: NTLMv2 In-Reply-To: <36D31A76.9F6E2722@slac.stanford.edu> Message-ID: On Wed, 24 Feb 1999, Patrick Hancox wrote: > This is a multi-part message in MIME format. > > --Boundary_(ID_uQLbkW/RYEk7ujCZArmnXw) > Content-type: text/plain; charset=us-ascii > Content-transfer-encoding: 7BIT > > I'm a little confused about something. Does SAMBA currently support the > NTLMv2 authentication method introduced in WinNT sp4 or not? Same > question goes for the SMB signing introduced in sp3. Any pointers would > be helpful. neither of these two are implemented in samba yet. NTLMv2 would be easy to do, i only need to know the exact format of the packets: with NTLMv1 already in place most of the work's done. From hulet at ittc.ukans.edu Wed Feb 24 14:56:18 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:25:21 2003 Subject: NT WS in samba domain problem. In-Reply-To: <000001be5fe6$211c4450$1c00a8c0@lp.lviv.ua> Message-ID: An easy way to see your network connections is from the MS dos prompt. You can do a net use command which will show you which network connections are established. You can then type net use /delete drive_letter net use /? will give you help. Sometimes you get an IPC$ share connected from browsing, which doesn't show up in Disconnect Network Drive but net use will show it to you. Michael Hulet Network System Administrator ITTC, University of Kansas On Wed, 24 Feb 1999 akorud@polynet.lviv.ua wrote: > Hi. I have such problem: > 1. I had NT PDC with domain name 'TEST' and NT WS connected to it. > 2. I changed NT PDC to samba PDC wihh workgroup = 'TEST'. > 3. W95 see 'TEST' as PDC and log to it without problems. > 4. On NTWS I set that it is member of workgroup 'TEST' and all is OK. > 5. When I try switch NT to domain 'TEST' i got message: > "You are already connected to domain TEST. Please disconnect first" > > Where is the problem. I have this problem both on samba-2.0.2 and on latest > CVS. > NT machine is added to smbpasswd as in latest NT FAQ (from this list). > > Thanks in advance. > Andrij Korud, Lviv, Ukraine > From adam.w.cabler at lmco.com Wed Feb 24 16:40:56 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:25:21 2003 Subject: Cvs Message-ID: I am having trouble getting the latest code for Samba. I am accessing cvs through a firewall, but I wouldn't think thats the issue. When I give cvs the initial command, it says "logging in" and asks for password, but when I supply the password, it does nothing for a while, and finally say "Connection timed out". I know this group, like myself, needs cvs to get the latest code in order to have a working Samba PDC, so I thought someone else might have had this problem. thanks, adam From D.Bannon at latrobe.edu.au Wed Feb 24 21:38:13 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:21 2003 Subject: NT WS in samba domain problem. In-Reply-To: <000001be5fe6$211c4450$1c00a8c0@lp.lviv.ua> Message-ID: <3.0.3.32.19990225083813.00774688@bioserve.biochem.latrobe.edu.au> At 10:11 PM 24/02/1999 +1100, akorud@polynet.lviv.ua wrote: >Hi. I have such problem: >1. I had NT PDC with domain name 'TEST' and NT WS connected to it. >2. I changed NT PDC to samba PDC wihh workgroup = 'TEST'. >3. W95 see 'TEST' as PDC and log to it without problems. >4. On NTWS I set that it is member of workgroup 'TEST' and all is OK. >5. When I try switch NT to domain 'TEST' i got message: >"You are already connected to domain TEST. Please disconnect first" > Take the NTws out of the domain or workgroup to some arbitary workgroup name (ie 'workgroup'), reset the samba passwd (*) for it and then rejoin the (TEST) domain. * smbpasswd -a -m machine where machine is the the name of the NTws concerned. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Wed Feb 24 23:55:54 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:21 2003 Subject: Wrong domain is not checked ? In-Reply-To: References: Message-ID: <3.0.3.32.19990225105554.00a707e0@bioserve.biochem.latrobe.edu.au> At 08:49 PM 24/02/1999 +1100, Daniel Fonseca wrote: >On Wed, 24 Feb 1999, Dave J. Andruczyk wrote: > >> > Even with policies, people are able to execute command.com without logging >> > in. from there you can run explorer.exe and you have all you need. >> > getting around even the best 9x security can be trivial. >> > >Gone a little offtopic, but I didn't started it! :-) > No, but maybe I did. I told someone that to make their samba (or NT) controlled domain secure, to use NTws not 95/98. I still think my answer is basicly correct, yes you can do all sorts of things to 95 to fix each seperate avenue of attack but thats no substitute for a operating system that is designed to be secure. NT certainly is not perfect but at least the designers tried ! Over the years I have used some (but not all) of the tricks mentioned, there was always something else needed and admin get harder with each trick ! But lets get back to the chase, this list is all about using Samba PDC with NTws, please lets keep it there ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From girgen at partitur.se Thu Feb 25 02:37:37 1999 From: girgen at partitur.se (Palle Girgensohn) Date: Tue Dec 2 02:25:21 2003 Subject: Installing NT BDC in a samba PDC domain? Message-ID: <36D4B771.F6B59D2E@partitur.se> Hi! I'm trying to do a fresh installation of an NT server as a BDC in a domain controlled by a samba-2.0.2-release PDC. After setting the IP address (static) on the NT machine, it can't find any domain, and cannot be pinged. So, I tried setting it through DHCP, and then it shows up and can be pinged. (Strange, but this is NT and has nothing to do with samba, I guess). This has, though: When trying to connect to the domain, with userid adminstrator and passwd, I get: This computer already configured as a workstation or server in the domain. Contact your system administrator. (hey, that's me :) This is a fresh install!!! It has been installed before, but that was days ago, and it's been shut off in the mean time. Then it was a "stand-alone server" and could join the domain (as a workstation, since it was "stand-alone" server). Still, read on the list about moving a running machine to a domain, and having to disconnect (via DOS) all connected net drives, but this is during installation of NT, so there's no DOS window... :( I did try to kill off the smbd daemons to disconnect, but it hasn't helped. I have followed the NT dom faq, with the latest add-ons in the nt-dom mailing list. the machine account is there, and administrator group and password. the group mapping. But since I run 2.0.2-release, the domain users map config param isn't available, but should matter here? Any ideas? I'm running debug at level 3, and attach some logs here. uname -a: FreeBSD trumpet.partitur.se 3.1-STABLE FreeBSD 3.1-STABLE #0: Fri Feb 19 23:35:59 CET 1999 Thanks for any help! /Palle Here's the sambalog.triangel when trying to connect: [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 1 of length 174 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBnegprot (pid 1526) [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [PC NETWORK PROGRAM 1.0] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [XENIX CORE] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [MICROSOFT NETWORKS 1.03] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LANMAN1.0] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [Windows for Workgroups 3.1a] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LM1.2X002] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LANMAN2.1] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [NT LM 0.12] [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(409) Selected protocol NT LM 0.12 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 2 of length 197 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 1526) [1999/02/25 03:17:56, 3] smbd/reply.c:reply_sesssetup_and_X(675) Domain=[MUSIK] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/02/25 03:17:56, 3] smbd/reply.c:reply_sesssetup_and_X(679) sesssetupX:name=[administrator] [1999/02/25 03:17:56, 3] param/loadparm.c:lp_add_home(1445) adding home directory administrator at / [1999/02/25 03:17:56, 3] smbd/password.c:setup_groups(192) administrator is in 3 groups: 4001, 4001, 21 [1999/02/25 03:17:56, 3] smbd/password.c:register_vuid(270) uid 4001 registered to name administrator [1999/02/25 03:17:56, 3] smbd/password.c:register_vuid(272) Clearing default real name [1999/02/25 03:17:56, 3] smbd/process.c:chain_reply(715) Chained message [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtconX (pid 1526) [1999/02/25 03:17:56, 2] lib/access.c:check_access(249) Allowed connection from e-string.partitur.se (193.219.246.235) [1999/02/25 03:17:56, 3] smbd/password.c:authorise_login(737) ACCEPTED: validated uid ok as non-guest [1999/02/25 03:17:56, 3] smbd/service.c:make_connection(386) Connect path is /tmp [1999/02/25 03:17:56, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/02/25 03:17:56, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to / [1999/02/25 03:17:56, 3] smbd/service.c:make_connection(488) triangel (193.219.246.235) connect to service IPC$ as user administrator (uid=4001, gid=4001) (pid 1526) [1999/02/25 03:17:56, 3] smbd/reply.c:reply_tcon_and_X(340) tconX service=ipc$ user=administrator [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 3 of length 95 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 1526) [1999/02/25 03:17:56, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/02/25 03:17:56, 3] smbd/nttrans.c:nt_open_pipe(528) nt_open_pipe: Known pipe srvsvc opening. [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 4 of length 152 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=72 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "srvsvc" (pnum 7022)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 5 of length 144 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=64 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "srvsvc" (pnum 7022)Doing \PIPE\srvsvc [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SRV_NET_SRV_GET_INFO [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 6 of length 46 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 1526) [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 7 of length 93 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 1526) [1999/02/25 03:17:56, 3] smbd/nttrans.c:nt_open_pipe(528) nt_open_pipe: Known pipe samr opening. [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 8 of length 152 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=72 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 9 of length 144 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=64 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CONNECT [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_pol_status(195) Setting policy status=20 pnum=1 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 10 of length 95 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 1526) [1999/02/25 03:17:56, 3] smbd/nttrans.c:nt_open_pipe(528) nt_open_pipe: Known pipe lsarpc opening. [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 11 of length 152 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=72 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "lsarpc" (pnum 7024)api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 12 of length 168 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=88 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "lsarpc" (pnum 7024)Doing \PIPE\lsarpc [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: LSA_OPENPOLICY2 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 13 of length 126 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=46 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "lsarpc" (pnum 7024)Doing \PIPE\lsarpc [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: LSA_QUERYINFOPOLICY [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 14 of length 124 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "lsarpc" (pnum 7024)Doing \PIPE\lsarpc [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: LSA_CLOSE [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 15 of length 46 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 1526) [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 16 of length 156 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=76 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_OPEN_DOMAIN [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) Setting policy sid=S-1-5-21-3984286113-2146044006-1873831581 pnum=2 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 17 of length 172 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=92 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_0x32 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 18 of length 178 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=98 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_LOOKUP_NAMES [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 19 of length 132 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=52 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_OPEN_USER [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_rid(175) Setting policy device rid=203d0 pnum=3 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 20 of length 126 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=46 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_QUERY_USERINFO [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_rid(258) Getting policy device rid=203d0 pnum=3 [1999/02/25 03:17:56, 3] rpc_server/srv_samr.c:get_user_info_10(1034) User:[triangel$] [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 21 of length 124 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CLOSE_HND [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) Closed policy name pnum=3 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 22 of length 124 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CLOSE_HND [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) Closed policy name pnum=2 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 23 of length 156 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=76 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_OPEN_DOMAIN [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) Setting policy sid=S-1-5-21-3984286113-2146044006-1873831581 pnum=2 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 24 of length 144 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=64 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_OPEN_DOMAIN [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) Setting policy sid=S-1-5-32 pnum=3 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 25 of length 178 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=98 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_LOOKUP_NAMES [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 26 of length 132 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=52 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_OPEN_USER [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_rid(175) Setting policy device rid=203d0 pnum=4 [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) Transaction 27 of length 126 [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=46 params=0 setup=2 [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_QUERY_USERINFO [1999/02/25 03:17:56, 3] rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_rid(258) Getting policy device rid=203d0 pnum=4 [1999/02/25 03:17:57, 3] rpc_server/srv_samr.c:get_user_info_21(1067) User:[triangel$] [1999/02/25 03:17:57, 0] rpc_server/srv_samr.c:get_user_info_21(1072) get_user_info_21 - TODO: convert unix times to NTTIMEs [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 28 of length 128 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=48 params=0 setup=2 [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_UNKNOWN_3 [1999/02/25 03:17:57, 3] rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_rid(258) Getting policy device rid=203d0 pnum=4 [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 29 of length 124 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CLOSE_HND [1999/02/25 03:17:57, 3] rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) Closed policy name pnum=4 [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 30 of length 124 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CLOSE_HND [1999/02/25 03:17:57, 3] rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) Closed policy name pnum=2 [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 31 of length 124 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CLOSE_HND [1999/02/25 03:17:57, 3] rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) Closed policy name pnum=3 [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 32 of length 124 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 1526) [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) trans <\PIPE\> data=44 params=0 setup=2 [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) named pipe command on <> name [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CLOSE_HND [1999/02/25 03:17:57, 3] rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) Closed policy name pnum=1 [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 33 of length 46 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 1526) [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 34 of length 39 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBtdis (pid 1526) [1999/02/25 03:17:57, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to / [1999/02/25 03:17:57, 3] smbd/service.c:close_cnum(514) triangel (193.219.246.235) closed connection to service IPC$ [1999/02/25 03:17:57, 3] smbd/connection.c:yield_connection(40) Yielding connection to IPC$ [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) Transaction 35 of length 43 [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) switch message SMBulogoffX (pid 1526) [1999/02/25 03:17:57, 3] smbd/reply.c:reply_ulogoffX(1597) ulogoffX vuid=100 [1999/02/25 03:17:57, 3] smbd/process.c:timeout_processing(755) end of file from client [1999/02/25 03:17:57, 2] smbd/server.c:exit_server(406) Closing connections [1999/02/25 03:17:57, 3] smbd/server.c:exit_server(431) Server exit (normal exit) ...................... and log.nmb: [1999/02/25 03:17:40, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:41, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:42, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:42, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:43, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:44, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:45, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:45, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:46, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:47, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:48, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:48, 3] nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) process_name_registration_request: Name registration for name WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 [1999/02/25 03:17:56, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(466) process_name_query_request: Name query from 193.219.246.235 on subnet 193.219.246.210 for name MUSIK<1b> [1999/02/25 03:17:56, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(603) OK [1999/02/25 03:17:56, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 193.219.246.235: code = 7 [1999/02/25 03:17:56, 3] nmbd/nmbd_processlogon.c:process_logon_packet(160) process_logon_packet: GETDC request from TRIANGEL at IP 193.219.246.235, reporting TRUMPET domain MUSIK 0xc ntversion=1 lm_nt token=ffff lm_20 token=ffff [1999/02/25 03:17:56, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(466) process_name_query_request: Name query from 193.219.246.235 on subnet 193.219.246.210 for name TRUMPET<20> [1999/02/25 03:17:56, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(603) OK [1999/02/25 03:17:56, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 193.219.246.235: code = 7 [1999/02/25 03:17:56, 3] nmbd/nmbd_processlogon.c:process_logon_packet(160) process_logon_packet: GETDC request from TRIANGEL at IP 193.219.246.235, reporting TRUMPET domain MUSIK 0xc ntversion=1 lm_nt token=ffff lm_20 token=ffff From jjm at iname.com Thu Feb 25 03:33:27 1999 From: jjm at iname.com (Johan Meiring) Date: Tue Dec 2 02:25:21 2003 Subject: updated FAQ - roaming profiles and ntconfig.pol Message-ID: <000001be606f$9b887400$7a4948a6@sandra> Hi, Just my two cents. In the new draft FAQ is is mentioned that you should start the directory replicator service in order to get roaming profiles/policies to work. This should definately not be neccesary. Unfortunately I did not have time to read throughn the FAQ in detail. ALso unfortunately I do not have a test installation to test this with. It is definately not neccesary if you use NT WKS to NT SERVER. AS far as I know, the ntconfig.pol file should just be in the netlogon share of the PC (samba or NT) used as the PDC. If you log on to the LOCAL NT WKS, the the directory replicator might be neccesary because it will copy the file to the LOCAL 'netlogon' directory (%SYSTEMROOT\system32\repl\import\scripts) Johan From cartegw at Eng.Auburn.EDU Thu Feb 25 04:00:30 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:21 2003 Subject: Installing NT BDC in a samba PDC domain? References: <36D4B771.F6B59D2E@partitur.se> Message-ID: <36D4CADE.C0F016B@eng.auburn.edu> Palle Girgensohn wrote: > > Hi! > > I'm trying to do a fresh installation of an NT server as a BDC in a > domain controlled by a samba-2.0.2-release PDC. PDC <-> BDC relationships are not implemented currently. See NTDOM FAQ Q1.1 for what is there are what is not. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tomek at is.fh-hamburg.de Thu Feb 25 09:57:57 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:25:21 2003 Subject: Problems using cvs Message-ID: <36D51EA5.E3FD48E@is.fh-hamburg.de> I am trying to get the latest samba pdc sourcecode. So i did as described in CVS_ACCESS.txt : cvs -d :pserver:cvs@samba.org:/cvsroot login password: cvs cvs -d :pserver:cvs@samba.org:/cvsroot co -r BRANCH_NTDOM samba cd samba cvs update -d -P Everything was working without any errors or warnings. Then i changed into samba/source and i wanted to compile samba. But there is not Makefile or configure file. Should i merge samba 2.0.2 code with samba-ntdom code. What am i doing wrong ? -- Have a nice day ! Tomek From greg at discreet.com Thu Feb 25 12:03:20 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:21 2003 Subject: Installing NT BDC in a samba PDC domain? In-Reply-To: <36D4B771.F6B59D2E@partitur.se> Message-ID: I'm totally guessing here but did you reset the machine password in smbpasswd to the default? Greg On 25-Feb-99 Palle Girgensohn wrote: > Hi! > > I'm trying to do a fresh installation of an NT server as a BDC in a > domain controlled by a samba-2.0.2-release PDC. After setting the IP > address (static) on the NT machine, it can't find any domain, and cannot > be pinged. So, I tried setting it through DHCP, and then it shows up and > can be pinged. (Strange, but this is NT and has nothing to do with > samba, I guess). > > This has, though: > > When trying to connect to the domain, with userid adminstrator and > passwd, I get: > > This computer already configured as a workstation or server > in the domain. Contact your system administrator. (hey, that's me :) > > This is a fresh install!!! It has been installed before, but that was > days ago, and it's been shut off in the mean time. Then it was a > "stand-alone server" and could join the domain (as a workstation, since > it was "stand-alone" server). Still, read on the list about moving a > running machine to a domain, and having to disconnect (via DOS) all > connected net drives, but this is during installation of NT, so there's > no DOS window... :( I did try to kill off the smbd daemons to > disconnect, but it hasn't helped. > > I have followed the NT dom faq, with the latest add-ons in the nt-dom > mailing list. the machine account is there, and administrator group and > password. the group mapping. But since I run 2.0.2-release, the domain > users map config param isn't available, but should matter here? > > Any ideas? I'm running debug at level 3, and attach some logs here. > > uname -a: > FreeBSD trumpet.partitur.se 3.1-STABLE FreeBSD 3.1-STABLE #0: Fri Feb 19 > 23:35:59 CET 1999 > > Thanks for any help! > > /Palle > > > Here's the sambalog.triangel when trying to connect: > > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 1 of length 174 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBnegprot (pid 1526) > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [PC NETWORK PROGRAM 1.0] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [XENIX CORE] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [MICROSOFT NETWORKS 1.03] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [LANMAN1.0] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [Windows for Workgroups 3.1a] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [LM1.2X002] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [LANMAN2.1] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(332) > Requested protocol [NT LM 0.12] > [1999/02/25 03:17:56, 3] smbd/negprot.c:reply_negprot(409) > Selected protocol NT LM 0.12 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 2 of length 197 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBsesssetupX (pid 1526) > [1999/02/25 03:17:56, 3] smbd/reply.c:reply_sesssetup_and_X(675) > Domain=[MUSIK] NativeOS=[Windows NT 1381] NativeLanMan=[] > [1999/02/25 03:17:56, 3] smbd/reply.c:reply_sesssetup_and_X(679) > sesssetupX:name=[administrator] > [1999/02/25 03:17:56, 3] param/loadparm.c:lp_add_home(1445) > adding home directory administrator at / > [1999/02/25 03:17:56, 3] smbd/password.c:setup_groups(192) > administrator is in 3 groups: 4001, 4001, 21 > [1999/02/25 03:17:56, 3] smbd/password.c:register_vuid(270) > uid 4001 registered to name administrator > [1999/02/25 03:17:56, 3] smbd/password.c:register_vuid(272) > Clearing default real name > [1999/02/25 03:17:56, 3] smbd/process.c:chain_reply(715) > Chained message > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtconX (pid 1526) > [1999/02/25 03:17:56, 2] lib/access.c:check_access(249) > Allowed connection from e-string.partitur.se (193.219.246.235) > [1999/02/25 03:17:56, 3] smbd/password.c:authorise_login(737) > ACCEPTED: validated uid ok as non-guest > [1999/02/25 03:17:56, 3] smbd/service.c:make_connection(386) > Connect path is /tmp > [1999/02/25 03:17:56, 3] lib/doscalls.c:dos_ChDir(327) > dos_ChDir to /tmp > [1999/02/25 03:17:56, 3] lib/doscalls.c:dos_ChDir(327) > dos_ChDir to / > [1999/02/25 03:17:56, 3] smbd/service.c:make_connection(488) > triangel (193.219.246.235) connect to service IPC$ as user > administrator (uid=4001, gid=4001) (pid 1526) > [1999/02/25 03:17:56, 3] smbd/reply.c:reply_tcon_and_X(340) > tconX service=ipc$ user=administrator > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 3 of length 95 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBntcreateX (pid 1526) > [1999/02/25 03:17:56, 3] lib/doscalls.c:dos_ChDir(327) > dos_ChDir to /tmp > [1999/02/25 03:17:56, 3] smbd/nttrans.c:nt_open_pipe(528) > nt_open_pipe: Known pipe srvsvc opening. > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 4 of length 152 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=72 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "srvsvc" (pnum 7022)api_pipe_bind_req: > \PIPE\srvsvc -> \PIPE\ntsvcs > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 5 of length 144 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=64 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "srvsvc" (pnum 7022)Doing \PIPE\srvsvc > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SRV_NET_SRV_GET_INFO > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 6 of length 46 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBclose (pid 1526) > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 7 of length 93 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBntcreateX (pid 1526) > [1999/02/25 03:17:56, 3] smbd/nttrans.c:nt_open_pipe(528) > nt_open_pipe: Known pipe samr opening. > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 8 of length 152 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=72 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)api_pipe_bind_req: > \PIPE\samr -> \PIPE\lsass > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 9 of length 144 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=64 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CONNECT > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_pol_status(195) > Setting policy status=20 pnum=1 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 10 of length 95 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBntcreateX (pid 1526) > [1999/02/25 03:17:56, 3] smbd/nttrans.c:nt_open_pipe(528) > nt_open_pipe: Known pipe lsarpc opening. > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 11 of length 152 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=72 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "lsarpc" (pnum 7024)api_pipe_bind_req: > \PIPE\lsarpc -> \PIPE\lsass > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 12 of length 168 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=88 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "lsarpc" (pnum 7024)Doing \PIPE\lsarpc > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: LSA_OPENPOLICY2 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 13 of length 126 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=46 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "lsarpc" (pnum 7024)Doing \PIPE\lsarpc > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: LSA_QUERYINFOPOLICY > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 14 of length 124 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "lsarpc" (pnum 7024)Doing \PIPE\lsarpc > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: LSA_CLOSE > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 15 of length 46 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBclose (pid 1526) > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 16 of length 156 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=76 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_OPEN_DOMAIN > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) > Setting policy sid=S-1-5-21-3984286113-2146044006-1873831581 pnum=2 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 17 of length 172 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=92 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_0x32 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 18 of length 178 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=98 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_LOOKUP_NAMES > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 19 of length 132 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=52 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_OPEN_USER > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_rid(175) > Setting policy device rid=203d0 pnum=3 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 20 of length 126 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=46 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_QUERY_USERINFO > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_rid(258) > Getting policy device rid=203d0 pnum=3 > [1999/02/25 03:17:56, 3] rpc_server/srv_samr.c:get_user_info_10(1034) > User:[triangel$] > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 21 of length 124 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CLOSE_HND > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) > Closed policy name pnum=3 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 22 of length 124 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CLOSE_HND > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) > Closed policy name pnum=2 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 23 of length 156 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=76 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_OPEN_DOMAIN > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) > Setting policy sid=S-1-5-21-3984286113-2146044006-1873831581 pnum=2 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 24 of length 144 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=64 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_OPEN_DOMAIN > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_sid(216) > Setting policy sid=S-1-5-32 pnum=3 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 25 of length 178 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=98 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_LOOKUP_NAMES > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 26 of length 132 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=52 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_OPEN_USER > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:set_lsa_policy_samr_rid(175) > Setting policy device rid=203d0 pnum=4 > [1999/02/25 03:17:56, 3] smbd/process.c:process_smb(565) > Transaction 27 of length 126 > [1999/02/25 03:17:56, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:56, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=46 params=0 setup=2 > [1999/02/25 03:17:56, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:56, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:56, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_QUERY_USERINFO > [1999/02/25 03:17:56, 3] > rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_rid(258) > Getting policy device rid=203d0 pnum=4 > [1999/02/25 03:17:57, 3] rpc_server/srv_samr.c:get_user_info_21(1067) > User:[triangel$] > [1999/02/25 03:17:57, 0] rpc_server/srv_samr.c:get_user_info_21(1072) > get_user_info_21 - TODO: convert unix times to NTTIMEs > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 28 of length 128 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=48 params=0 setup=2 > [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_UNKNOWN_3 > [1999/02/25 03:17:57, 3] > rpc_server/srv_lsa_hnd.c:get_lsa_policy_samr_rid(258) > Getting policy device rid=203d0 pnum=4 > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 29 of length 124 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CLOSE_HND > [1999/02/25 03:17:57, 3] > rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) > Closed policy name pnum=4 > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 30 of length 124 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CLOSE_HND > [1999/02/25 03:17:57, 3] > rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) > Closed policy name pnum=2 > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 31 of length 124 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CLOSE_HND > [1999/02/25 03:17:57, 3] > rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) > Closed policy name pnum=3 > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 32 of length 124 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 1526) > [1999/02/25 03:17:57, 3] smbd/ipc.c:reply_trans(3624) > trans <\PIPE\> data=44 params=0 setup=2 > [1999/02/25 03:17:57, 3] smbd/ipc.c:named_pipe(3479) > named pipe command on <> name > [1999/02/25 03:17:57, 3] smbd/ipc.c:api_fd_reply(3264) > Got API command 0x26 on pipe "samr" (pnum 7023)Doing \PIPE\samr > [1999/02/25 03:17:57, 3] rpc_server/srv_pipe.c:api_rpc_command(671) > api_rpc_command: SAMR_CLOSE_HND > [1999/02/25 03:17:57, 3] > rpc_server/srv_lsa_hnd.c:close_lsa_policy_hnd(298) > Closed policy name pnum=1 > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 33 of length 46 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBclose (pid 1526) > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 34 of length 39 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBtdis (pid 1526) > [1999/02/25 03:17:57, 3] lib/doscalls.c:dos_ChDir(327) > dos_ChDir to / > [1999/02/25 03:17:57, 3] smbd/service.c:close_cnum(514) > triangel (193.219.246.235) closed connection to service IPC$ > [1999/02/25 03:17:57, 3] smbd/connection.c:yield_connection(40) > Yielding connection to IPC$ > [1999/02/25 03:17:57, 3] smbd/process.c:process_smb(565) > Transaction 35 of length 43 > [1999/02/25 03:17:57, 3] smbd/process.c:switch_message(402) > switch message SMBulogoffX (pid 1526) > [1999/02/25 03:17:57, 3] smbd/reply.c:reply_ulogoffX(1597) > ulogoffX vuid=100 > [1999/02/25 03:17:57, 3] smbd/process.c:timeout_processing(755) > end of file from client > [1999/02/25 03:17:57, 2] smbd/server.c:exit_server(406) > Closing connections > [1999/02/25 03:17:57, 3] smbd/server.c:exit_server(431) > Server exit (normal exit) > > > > ..................... > > and log.nmb: > > [1999/02/25 03:17:40, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:41, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:42, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:42, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > TRIANGEL<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:43, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:44, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:45, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:45, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<00> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:46, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:47, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:48, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:48, 3] > nmbd/nmbd_incomingrequests.c:process_name_registration_request(231) > process_name_registration_request: Name registration for name > WORKGROUP<1c> IP 193.219.246.235 on subnet 193.219.246.210 > [1999/02/25 03:17:56, 3] > nmbd/nmbd_incomingrequests.c:process_name_query_request(466) > process_name_query_request: Name query from 193.219.246.235 on subnet > 193.219.246.210 for name MUSIK<1b> > [1999/02/25 03:17:56, 3] > nmbd/nmbd_incomingrequests.c:process_name_query_request(603) > OK > [1999/02/25 03:17:56, 1] > nmbd/nmbd_processlogon.c:process_logon_packet(69) > process_logon_packet: Logon from 193.219.246.235: code = 7 > [1999/02/25 03:17:56, 3] > nmbd/nmbd_processlogon.c:process_logon_packet(160) > process_logon_packet: GETDC request from TRIANGEL at IP > 193.219.246.235, reporting TRUMPET domain MUSIK 0xc ntversion=1 lm_nt > token=ffff lm_20 token=ffff > [1999/02/25 03:17:56, 3] > nmbd/nmbd_incomingrequests.c:process_name_query_request(466) > process_name_query_request: Name query from 193.219.246.235 on subnet > 193.219.246.210 for name TRUMPET<20> > [1999/02/25 03:17:56, 3] > nmbd/nmbd_incomingrequests.c:process_name_query_request(603) > OK > [1999/02/25 03:17:56, 1] > nmbd/nmbd_processlogon.c:process_logon_packet(69) > process_logon_packet: Logon from 193.219.246.235: code = 7 > [1999/02/25 03:17:56, 3] > nmbd/nmbd_processlogon.c:process_logon_packet(160) > process_logon_packet: GETDC request from TRIANGEL at IP > 193.219.246.235, reporting TRUMPET domain MUSIK 0xc ntversion=1 lm_nt > token=ffff lm_20 token=ffff --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Thu Feb 25 12:05:32 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:23 2003 Subject: Problems using cvs In-Reply-To: <36D51EA5.E3FD48E@is.fh-hamburg.de> Message-ID: Do not specify the branch. The HEAD branch (default) is where the current PDC code lives. Greg On 25-Feb-99 Tomek Jarosinski wrote: > I am trying to get the latest samba pdc sourcecode. > > So i did as described in CVS_ACCESS.txt : > > cvs -d :pserver:cvs@samba.org:/cvsroot login > > password: cvs > > cvs -d :pserver:cvs@samba.org:/cvsroot co -r BRANCH_NTDOM samba > > cd samba > > cvs update -d -P > > Everything was working without any errors or warnings. Then i changed > into samba/source and i wanted to compile samba. But there is not > Makefile or configure file. Should i merge samba 2.0.2 code with > samba-ntdom code. What am i doing wrong ? > > -- > Have a nice day ! > > Tomek --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From Alexandre.Lecuyer at iu-vannes.fr Thu Feb 25 14:51:14 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:25:23 2003 Subject: RID Message-ID: <36D56362.837323B6@iu-vannes.fr> Hi all, I am using Samba as a primary domain controller on a small network for test purposes. All the clients are NT4 (+sp4) workstations. Everything we need works fine but I still have a few questions : 1) in log. I get warnings about the RID [1999/02/25 15:10:26, 0] passdb/sampass.c:getsamfile21pwent(108) trust account wstation-1$ should be in DOMAIN_GROUP_RID_USERS What does that mean ? 2) I have problems using the local domain map (to user local admin accounts) I followed the explanations given in the FAQ for Samba NTDOM PDC support, but when i try to login I get the following error : (from log.) [1999/02/25 15:10:26, 0] passdb/sampassdb.c:pwdb_sam_map_names(535) UNIX User lefsys Primary Group is in the wrong domain! S-1-5-32-544 What's the problem ? Any help will be appreciated thanx ! -- Alexandre L?cuyer CCRI IUT-IUP de Vannes From cartegw at Eng.Auburn.EDU Thu Feb 25 16:29:33 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:23 2003 Subject: RID References: <36D56362.837323B6@iu-vannes.fr> Message-ID: <36D57A6D.481F892F@eng.auburn.edu> Alexandre Lecuyer wrote: > > in log. I get warnings about the RID > [1999/02/25 15:10:26, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account wstation-1$ should be in DOMAIN_GROUP_RID_USERS This is a reminder note Luke left to himself. It can be safely ignored. > I have problems using the local domain map (to user local admin > [1999/02/25 15:10:26, 0] passdb/sampassdb.c:pwdb_sam_map_names(535) > UNIX User lefsys Primary Group is in the wrong domain! S-1-5-32-544 probably have something like domain_group.map wheel="Domain Admins" local_group.map wheel=Adminstrators Luke, can you explain again what the local group gets you if you are running as a Samba PDC. I mean as an example. I know what the affect. Rather I'm asking for a practical example. Thanks, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From j.c.burton at gats-inc.com Thu Feb 25 18:21:52 1999 From: j.c.burton at gats-inc.com (John Burton) Date: Tue Dec 2 02:25:23 2003 Subject: Samba Serving two domains/workgroups... Message-ID: <36D594C0.2419D6F5@gats-inc.com> Hi! Hopefully someone can answer my question here...I have Samba 2.0.2 running on a Linux box on a Class C network. The Linux box has two interfaces on that network (using IP Aliasing). Samba responds properly on both interfaces. I have it reading a different "included" config file depending upon which interface the request comes in on. Looking from the Windows I can "see" both "machines", but they are both in the same workgroup / domain. What I would *like* to do is have have one interface/name appear in one workgroup, and the other interface/name appear in the other workgroup/domain. I've tried the obvious of defining the workgroup name in the included config file, but it didn't work... Suggestions? Thoughts? Has anyone done this sort of thing before? John PS. I'd also like both interfaces to act as a logon server / PDC for its particular domain, with its own seperate smbpasswd file... -- John Burton, Ph.D. Senior Associate GATS, Inc. j.c.burton@gats-inc.com 11864 Canon Blvd - Suite 101 jcb@visi.net (personal) Newport News, VA 23606 (757) 873-5920 (voice) (757) 873-5920 (fax) From nescau at akira.ucpel.tche.br Thu Feb 25 13:44:25 1999 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:25:23 2003 Subject: Reply.c patch [ disk quotas ] Message-ID: Hi! Following this message there's a little patch that "corrects" a weird behavior (or feature) of reply.c - at least in Linux and Solaris boxes. If you're writing a file in the disk and you reach the quota roof, the file will be truncated and zero filled 'till its nominal size - it isn't a Samba problem, it's a filesystem feature but when it begins to create corrupted files it's time to stop. This simple and ugly patch corrects the truncated file size every time the above scene happens to any user. Hope this helps. Luis Claudio PS: I did this patch in Samba 2.0.2 [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- Gospel User -- NetAdmin -- Linuxer -- Musician? ] [ RHuser - DRWATSON.EXE user - http://akira.ucpel.tche.br/~nescau - IS 40:31 ] [______________________________ Yeshua Hamashia _____________________________] # -----------------cut here-------------------- --- smbd/reply.c.orig Thu Feb 25 16:22:59 1999 +++ smbd/reply.c Thu Feb 25 16:24:56 1999 @@ -2399,14 +2399,21 @@ if (lp_syncalways(SNUM(conn))) sync_file(conn,fsp); - if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) + if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) { + nwritten = set_filelen(fsp->fd_ptr->fd, (SMB_OFF_T)startpos); + DEBUG(0,("REPLY.C: File [%s] truncated to %d bytes\n", + fsp->fsp_name, (SMB_OFF_T)startpos)); return(UNIXERROR(ERRDOS,ERRnoaccess)); + } outsize = set_message(outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,nwritten); if (nwritten < (ssize_t)numtowrite) { + nwritten = set_filelen(fsp->fd_ptr->fd, (SMB_OFF_T)startpos + nwritten); + DEBUG(0,("REPLY.C: File [%s] truncated to %d bytes\n", + fsp->fsp_name, (SMB_OFF_T)startpos)); CVAL(outbuf,smb_rcls) = ERRHRD; SSVAL(outbuf,smb_err,ERRdiskfull); } From rajesh.pillai at ruhr-uni-bochum.de Thu Feb 25 22:52:28 1999 From: rajesh.pillai at ruhr-uni-bochum.de (Rajesh Kumar Pillai) Date: Tue Dec 2 02:25:23 2003 Subject: No subject Message-ID: <000801be6111$967f3550$0100000a@ranger.orfeus.de> -------------- next part -------------- HTML attachment scrubbed and removed From cartegw at Eng.Auburn.EDU Thu Feb 25 22:04:19 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:23 2003 Subject: Update for Samba NT Domain FAQ with corrections References: <19990223001214.28946.qmail@topelo.lopi.com> Message-ID: <36D5C8E3.23B3C72C@eng.auburn.edu> Greetings, I've been fairly silent as of late. Things have been busy. Here's my take on things. I am updating the FAQ as I write. First let me state that running a PDC, Samba or NT, requires knowledge of NT. There is no way around this. You need to know things about how NT caches user profiles and how system policies are downloaded. Also what's the difference between the GINA and LSA. Also have to through this in. [HKLM\SOFTWARE|Microsoft=Windows NT\WinLogon] DeleteRoamingCache"=0x00000001 does **not** prevent profiles from being cached locally. It only deletes the cache when the user logs out and the profile information has been successfully updated on the server. If the machine Blue Screens prior to this, the cache is left on the machine. [sorry, had to get that one out] Bill Nugent wrote: > > FAQ for Samba NTDOM PDC support > > 2.2. How do I get my NT Workstation / Server to login to the Samba > controlled Domain? > > o Obtain the latest main branch samba code (see question 2.1) > > o Set up samba with encrypted passwords: see ENCRYPTION.txt (probably > out of date: you no longer need the DES libraries, but other than > that, ENCRYPTION.txt is current). > > At this point, you ought to test that your samba server is > accessible correctly with encrypted passwords, before progressing > with any of the NT workstation-specific bits: it's up to you. > > o To create the trust account for each computer to join the > domain with > Samba as the PDC, first create an account in /etc/passwd (or > equivalent in the case of NIS / NIS+) for the username > for each system in the domain including > the Samba PDC. Do not need to include an entry for the Samba PDC. > Currently the uid is all that will be used and this is to ensure > that the samba generated machine RID for the worstation account will > be unique. Therefore you should not reuse unix uid's in > /etc/passwd. The shell or home directory fields in /etc/passwd are > not used for now and can be set to /bin/False and /dev/null > respectively. > > On my Samba PDC (server.example.com) the /etc/passwd entries look > like this: > > ws1$:Dummy:801:800:NT Workstation 1:/dev/null:/bin/false > ws2$:Dummy:802:800:NT Workstation 2:/dev/null:/bin/false > > All of these systems must be in a unique Unix group which will be ^^^^ > mapped to the NT Domain Group "Domain Users" so the entry in my > /etc/group (or equivalent in the case of NIS/NIS+) is: > > domainUsers:x:800:server$,ws1$,ws2$ Incorrect. [an aside to Luke... Can you set the debug level hugh for the "machine$ should be in group Domain Users" message. Really seems to be causing a lot of confusion. There is no reason that I can think of not to have the group hard coded for workstation trust accounts. Am I wrong? ...end of aside] > This group should have members all of the other users (real users) > (hmmm...I don't think I'm doing this but it seems to work) > > This is the line in my smb.conf to create the domain user map file: > > domain user map = /usr/local/samba/etc/domain.user.map > > The line in domain.user.map is: > > domainUsers = "Domain Users" > > The double quotes are needed or else the line is misparsed. This is correct, but again not neccessary for workstation trust accounts. > Then run the following commands: > > # smbpasswd -a -m server not needed for the PDC > # smbpasswd -a -m ws1 > # smbpasswd -a -m ws2 > > This will create an entry in the private/smbpasswd file in the form > of > > my_workstation's_name$:uid:LM_XXX:NT_XXX:[W ]:LTC-XXXX: > > The LM_XXX and NT_XXX fields are the ascii representations of the 16 > byte LanMan and NT MD4 hashes respectively of the password > "my_workstation's_name". > > If you reload Windows NT on a system then you will need to > regenerate the entry in smbpasswd. How about saying this like... When a machine joins a domain it uses the default password (i.e. it's netbios name in lower case letters. Once it has successfully joined the domain, the client will change it's password to some random value using the old password a the encryption key. Therefore if you must rejoin the domain, you must reset the pasword for the workstation trust account on the sersver. > At the moment the 2.1-pre-alpha source tree version of smbpasswd is > broken for Redhat 5.2 but the version in the 2.0.2 release works. 2.0 is not PDC code period. Regardless of whether not parts of it work that way. > o If you want to have a domain wide policy settings then use the NT > Policy Editor (see question 5.1 to see how to get it) to create > ntconfig.pol and then place it in the root of the [netlogon] share. This is not really part of adding a machine to the domain. So i thinkI'm going to leave it a a separate item. > o If you want the NT profiles stored on the server then make sure the > systems are in time sync. This can be done by setting the in the > logon script by including the line "NET \\server /TIME /SET" and by > granting all users the right to set the system time. Probably a > better way is to have an NTP broadcast on your network (maybe from > the Samba PDC) and run clients on the NT workstations. If you don't > do this then it is possible for profile updates to fail under some > circumstatnces. Same here. Not really part of adding to a domain. > In the Samba 2.0.0 and 2.0.2 releases the RedHat sample smb.conf > file need this line added to [Profiles] share: > > writeable = true 2.0 PDC is broken, so I'm leaving this part out. > o If using NT server to log in, run the User Manager for Domains, and > add the capability to "Log in Locally" to the policies, which you > would have to do even if you were logging in to another NT PDC > instead of a Samba PDC. > > ... > > 2.6. My Roaming Profiles are not updating! > > o Make sure the Directory Replicator Service is running and setup on > the NT Workstation: Go to each workstation, Control Panel, > Services, set Directory Replicator Service to Automatic and start it > running. Go to the Control Panel, Server, Replication, enable > Import Directories, add the Samba PDC. Huh? Have never had to do this. This is from the Wks Resource Kit... The copying of a master set of directories from a server (called an export server) to specified servers or workstations (called import computers) in the same or other domains. Replication simplifies the task of maintaining identical sets of directories and files on multiple computers, because only a single master copy of the data must be maintained. Files are replicated when they are added to an exported directory, and every time a change is saved to the file. See also Directory Replicator service. Has nothing to do with profiles. > o Make sure your systems have the same time. valid. > o Make sure the Profiles share is writable by the client (e.g., this > should already be working in a non-domain login for the user). valid. > o Look in log.smbd and if you see a line like: > > trust account ws1$ should be in DOMAIN_GROUP_RID_USERS > > then something is messed up with the Unix group membership, or the > domain group map entry for "Domain Users". Check that all entries > in the map files have "=" or tabs as separators between the Unix > NT names. This doesn't matter. > > o Make sure the file permissions and ownerships in the [Profiles] > share are correct. Yes. Should be checked when verify write access (up to admin to do this obviously) > o None of the above has fixed it and are feeling desperate? Then > either this trouble shooting list is incomplete (likely) or something > is confused (very likely) - try rebooting the NT box and while NT is > not running (e.g., BIOS is counting memory) restart the smbd & nmbd > just in case a change you made hasn't been incorporated...desperate > times require desperate measures. I've noticed NT can get confused > if I've restarted my Samba servertoo many times or the phase of the > moon is wrong. Someone should write smbpom (SMB Phase Of Moon) > program to display the inner workings of NT ;^) ????? Methinks I'll leave this out as well. > 2.7 My domain member computer is not reading the policy file from > the server! > > o Make sure the Directory Replicator Service is running and setup on > the NT Workstation: Go to each workstation, Control Panel, > Services, set Directory Replicator Service to Automatic and start it > running. Go to the Control Panel, Server, Replication, enable > Import Directories, add the Samba PDC. Again, nothing to do with policies (unless I am dastardly wrong) > o Make sure your NTconfig.pol file is in the right place - in the > [netlogon] share's root directory and the file permissions are > set so it is readable. also locking = no broweable = yes and play with case settings. Bill, Thanks for the rewrite. I'm working on updating things now. May not finish until tomorrow morning. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Thu Feb 25 22:38:02 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:23 2003 Subject: Update for Samba NT Domain FAQ with corrections In-Reply-To: <36D5C8E3.23B3C72C@eng.auburn.edu> Message-ID: > Can you set the debug level hugh for the "machine$ > should be in group Domain Users" message. Really seems > to be causing a lot of confusion. not yet. once the issue is resolved satisfactorily. it's there as a reminder to get this sorted out, one way or the other. > There is no reason that I can think of not to have > the group hard coded for workstation trust accounts. > Am I wrong? i don't know. > ...end of aside] > > > This group should have members all of the other users (real users) > > (hmmm...I don't think I'm doing this but it seems to work) > > > > This is the line in my smb.conf to create the domain user map file: > > > > domain user map = /usr/local/samba/etc/domain.user.map > > > > The line in domain.user.map is: > > > > domainUsers = "Domain Users" > > > > The double quotes are needed or else the line is misparsed. the quotes are needed only for names that have spaces in them. From lkcl at switchboard.net Thu Feb 25 22:40:51 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:23 2003 Subject: Update for Samba NT Domain FAQ with corrections In-Reply-To: <36D5C8E3.23B3C72C@eng.auburn.edu> Message-ID: > When a machine joins a domain it uses the default > password (i.e. it's netbios name in lower case letters. (i.e it is netbios name...) does not make sense. i think you mean (i.e its NetBIOS name ...) > Once it has successfully joined the domain, the client > will change it's password to some random value using ^^^^ ... the client will change it is password ... ? you mean: ... the client will change its password. > > At the moment the 2.1-pre-alpha source tree version of smbpasswd is > > broken for Redhat 5.2 but the version in the 2.0.2 release works. > > 2.0 is not PDC code period. Regardless of whether not parts of > it work that way. [he means smbpasswd in 2.0.2 works]. From cartegw at Eng.Auburn.EDU Fri Feb 26 04:54:17 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:23 2003 Subject: LISA NT '99: last call for papers Message-ID: <36D628F9.CAFEB5E1@eng.auburn.edu> Greetings everyone. Please excuse the noise. I'm sending this last call for papers to this list because this is one place were all the cool people hang out. :) The deadline for paper submission to the Large Installation System Administration of Windows NT (LISA NT) conference has been extended to March 4. The original call for papers can be found at http://www.usenix.org/events/lisa-nt99/cfp.html If you have any questions, feel free to contact me. * Overview What are the qualities of good models of system and network administration? Sites around the world are asking this question as they build networks of varying size and complexity that include Microsoft Windows NT on the desktop, in the server room, or both. The Large Installation System Administration of Windows NT conference, LISA-NT, is a forum to bring system administration professionals together to discuss workable solutions to the issues of administering and scaling the NT environment. LISA-NT '99 will bring together peers and experts in our field. We invite you to submit technical papers as well as proposals for invited talks, panel sessions, tutorials, and Work-in-Progress reports. There are also opportunities for Birds-of-a-Feather sessions and demos of products and solutions. Please review this call for papers, make a submission, and join us in making LISA-NT '99 the premiere conference for system administrators of distributed NT environments. We look forward to your participation. If you have questions not covered in this call for papers or in the detailed author guidelines regarding submissions, acceptable topics, etc., you may e-mail us at lisantchairs@usenix.org>. Thanks, jerry co-chair LISA NT '99 ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From roos at goofy.rsn.hk-r.se Fri Feb 26 08:32:17 1999 From: roos at goofy.rsn.hk-r.se (Johan Roos) Date: Tue Dec 2 02:25:23 2003 Subject: Please help! (Repost: trust) (fwd) Message-ID: I have a samba server called RUT that joined the nt-domain INFO with a PCD named ARCH. The users on info can connect to RUT perfectly. ARCH trusts the nt-domain-groups W3_BD and W3_BT of the nt-domain BYGGDOK on a PDC named BYGGDOK, but those users are denied by RUT. (they can connect to other nt-servers in the nt-domain INFO) I tried: domain groups = W3_BD W3_BT which did me no good. (Cant find any documentation on that option) How to configure samba to do this? RUT only provides SHARES, no printers and no login. The UNIX-users are not allowed to connect to the samba-server (thus no smbpasswd-file). The system is RedHat 5.2 and samba is 2.0.2. Here is the current smb.config. I tried both with and without the options marked by a * and the server was restarted every time. # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 1999/02/23 11:26:31 # Global parameters workgroup = INFO netbios name = RUT server string = Byggdoks testsambaserver fr webben security = DOMAIN encrypt passwords = Yes password server = ARCH BYGGSERV // I tried to add BYGGSERV (didnt do it) log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY * domain groups = W3_BD W3_BT dns proxy = No * wins server = 193.10.7.19 * domain logons = no * hosts allow = 193.10.7. 127.0.0.1 log level = 10 [homes] comment = Home Directories read only = No browseable = No [byggdok] path = /home/httpd/byggdok read only = No [byggtorg] path = /home/httpd/byggtorg read only = No /Roos From eric.devolder at eft.be Fri Feb 26 09:50:23 1999 From: eric.devolder at eft.be (EFT.Eric Devolder) Date: Tue Dec 2 02:25:23 2003 Subject: ntconfig.pol ?? where to put it ?? Message-ID: Hi there, I'm currently trying to startup an LAN of NT & 9x PCs ( at client side ) and Linux (at server side). Of course, I'm interrested in Domain login for 9x boxes as well for NT boxes. Up to here, everything seems to work. I still need to move the profiles from [homes] to [profiles]. The last question is: How can I ensure that the ntconfig.pol is loaded ? I've encountered problems with Windows Messaging client for NT Workstation, that starts then exits immedialty. I'm pretty sure this is a side-board effect to the fact I didn't put any ntconfig.pol file. In this case also, lots of things are forbidden. The only thing I want to do is to be able to still be administrator on the local machine, in order to launch services, etc... How can I achieve this ? simply with ntconfig.pol ? is there a special option I have to fit in ? Thank you for helping, Eric Devolder From jrivas at ares.ipf.uvigo.es Fri Feb 26 11:59:27 1999 From: jrivas at ares.ipf.uvigo.es (José Luis Rivas López) Date: Tue Dec 2 02:25:23 2003 Subject: No subject In-Reply-To: <3.0.5.32.19981202082656.009a9a30@poptop.llnl.gov> Message-ID: When i add machines at smbpasswd file ('smbpasswd -m MACHINE-NAME$') Failed to find entry for user MACHINE-NAME$ Failed to change password entry for MACHINE-NAME$ Firmado, José Luis Rivas López Administrador de la red -- José Luis Rivas López Area Ingenieria de los Procesos de Fabricación Dpto. de Diseño en Ingenieria E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO Campus Universitario s/n, 36200 Vigo, ESPAÑA Teléfono: +34 986 812 602 Fax: +34 986 812 180 e-mail: jrivas@ipf.uvigo.es Visite nuestras páginas: http://www.ipf.uvigo.es From greg at discreet.com Fri Feb 26 11:51:22 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:23 2003 Subject: Samba Serving two domains/workgroups... In-Reply-To: <36D594C0.2419D6F5@gats-inc.com> Message-ID: I believe you need to actually run two different instances of nmbd to accomplish what you are looking for... Of course I could be wrong. Greg On 25-Feb-99 John Burton wrote: > Hi! > Hopefully someone can answer my question here...I have Samba 2.0.2 > running on a Linux box on a Class C network. The Linux box has two > interfaces on that network (using IP Aliasing). Samba responds properly > on both interfaces. I have it reading a different "included" config file > depending upon which interface the request comes in on. Looking from the > Windows I can "see" both "machines", but they are both in the same > workgroup / domain. What I would *like* to do is have have one > interface/name appear in one workgroup, and the other interface/name > appear in the other workgroup/domain. I've tried the obvious of defining > the workgroup name in the included config file, but it didn't work... > Suggestions? Thoughts? Has anyone done this sort of thing before? > > John > > PS. I'd also like both interfaces to act as a logon server / PDC for its > particular domain, with its own seperate smbpasswd file... > > -- > John Burton, Ph.D. > Senior Associate GATS, Inc. > j.c.burton@gats-inc.com 11864 Canon Blvd - Suite 101 > jcb@visi.net (personal) Newport News, VA 23606 > (757) 873-5920 (voice) (757) 873-5920 (fax) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From alex at adelaide.on.net Fri Feb 26 13:39:42 1999 From: alex at adelaide.on.net (Alex Ardalich) Date: Tue Dec 2 02:25:23 2003 Subject: References: Message-ID: <36D6A41E.31FD544@adelaide.on.net> Jos? Luis Rivas L?pez wrote: > When i add machines at smbpasswd file ('smbpasswd -m MACHINE-NAME$') > Failed to find entry for user MACHINE-NAME$ > Failed to change password entry for MACHINE-NAME$ You haven't added the machine to your /etc/passwd Read the NTDOM FAQ off the main samba web site Alex From cartegw at Eng.Auburn.EDU Fri Feb 26 13:41:50 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:23 2003 Subject: References: Message-ID: <36D6A49E.A05E8D5B@eng.auburn.edu> Jos? Luis Rivas L?pez wrote: > > When i add machines at smbpasswd file ('smbpasswd -m MACHINE-NAME$') > Failed to find entry for user MACHINE-NAME$ > Failed to change password entry for MACHINE-NAME$ > smbpasswd -a -m MECHINE-NAME no '$' appended. smbpaswd doe this for the. the -a indicates that you are adding an account. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From eric.devolder at eft.be Fri Feb 26 13:44:31 1999 From: eric.devolder at eft.be (EFT.Eric Devolder) Date: Tue Dec 2 02:25:24 2003 Subject: my real problem is ntconfig.pol Message-ID: Hello, Now I'm sure the ntconfig.pol is *really* downloaded to the NT box. The last problem is always: When logged with samba as PDC on the SAMBA domain, the user of the NT box can no more start or stop services, change local user config, and so on. My question is what do I have to incorporate into ntconfig.pol in order to allow this behavior ? Do I have to recreate entries in this file for each user and/or machine that logs in ? How can I do ? Please help ! Thank you, Eric DEVOLDER From cartegw at Eng.Auburn.EDU Fri Feb 26 14:13:42 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:24 2003 Subject: my real problem is ntconfig.pol References: Message-ID: <36D6AC16.22AF433F@eng.auburn.edu> EFT.Eric Devolder wrote: > > Now I'm sure the ntconfig.pol is *really* downloaded to the NT box. > > The last problem is always: When logged with samba as PDC on > the SAMBA domain, the user of the NT box can no more start > or stop services, change local user config, and so on. My > question is what do I have to incorporate into ntconfig.pol > in order to allow this behavior ? Do I have to recreate > entries in this file for each user and/or machine that > logs in ? How can I do ? Please help ! The things you mention sound more like user right associated with an account (although the ability to start and stop services is reserved only for Administrators if I remember correctly...not listed under user right). jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mblack at csihq.com Fri Feb 26 14:05:24 1999 From: mblack at csihq.com (Mike Black) Date: Tue Dec 2 02:25:24 2003 Subject: Message-ID: <000e01be6191$0e4074d0$a4c809c0@micbla.mnint1.mnemonic.com> Any reason smbpasswd couldn't be smart enough to strip off the $?? Sounds like this will be a common problem. Just do: strtok(machinename,"$"); ___________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 -----Original Message----- From: Gerald Carter To: Multiple recipients of list Date: Friday, February 26, 1999 8:47 AM Subject: Re: Jos? Luis Rivas L?pez wrote: > > When i add machines at smbpasswd file ('smbpasswd -m MACHINE-NAME$') > Failed to find entry for user MACHINE-NAME$ > Failed to change password entry for MACHINE-NAME$ > smbpasswd -a -m MECHINE-NAME no '$' appended. smbpaswd doe this for the. the -a indicates that you are adding an account. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From eric.devolder at eft.be Fri Feb 26 14:22:22 1999 From: eric.devolder at eft.be (EFT.Eric Devolder) Date: Tue Dec 2 02:25:24 2003 Subject: my real problem is ntconfig.pol Message-ID: You are right! but here each developer has its own NT Box. Of course, they need to be constantly logged with administrator right. And they work alone on their machines. But when I perform a NT logging, the user can no more have this local administrator right, and I really don't know how to do it, as the user is not defined on the local machine but on the Unix Box. However, when logged as network user, the User manager tool is viewable only. (what we could expect). In your response, you say "right associated with an account". How can I change this ? Is it in the policy editor ? But then perhaps do I have to create special groups / users in the polices in order to achieve this ? This confuses me a lot ! Perhaps it's not a samba stright-forward related issue, but if you can help me, or indicate me where I can find this info... Thank you. > -----Original Message----- > From: Gerald Carter [SMTP:cartegw@eng.auburn.edu] > Sent: vendredi 26 f?vrier 1999 15:16 > To: EFT.Eric Devolder > Subject: Re: my real problem is ntconfig.pol > > EFT.Eric Devolder wrote: > > > > Now I'm sure the ntconfig.pol is *really* downloaded to the NT box. > > > > The last problem is always: When logged with samba as PDC on > > the SAMBA domain, the user of the NT box can no more start > > or stop services, change local user config, and so on. My > > question is what do I have to incorporate into ntconfig.pol > > in order to allow this behavior ? Do I have to recreate > > entries in this file for each user and/or machine that > > logs in ? How can I do ? Please help ! > > The things you mention sound more like user right associated > with an account (although the ability to start and stop > services is reserved only for Administrators if I > remember correctly...not listed under user right). > > > > > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From m.chapman at student.unsw.edu.au Fri Feb 26 14:16:55 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:24 2003 Subject: References: <000e01be6191$0e4074d0$a4c809c0@micbla.mnint1.mnemonic.com> Message-ID: <36D6ACD7.3589297D@student.unsw.edu.au> Mike Black wrote: > Any reason smbpasswd couldn't be smart enough to strip off the $?? It does. Jose's problem was that he didn't specify -a. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From cartegw at Eng.Auburn.EDU Fri Feb 26 14:22:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:24 2003 Subject: References: <000e01be6191$0e4074d0$a4c809c0@micbla.mnint1.mnemonic.com> Message-ID: <36D6AE34.3E38E137@eng.auburn.edu> Mike Black wrote: > > Any reason smbpasswd couldn't be smart enough to strip off > the $?? Sounds like this will be a common problem. > Just do: > > strtok(machinename,"$"); It does. if (user_name[strlen(user_name)-1] == '$') { user_name[strlen(user_name)-1] = 0; } The problem was that he was trying to add a machine account without specifying the -a flag. Therefore the message about not being able to locate the entry. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Fri Feb 26 14:26:35 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:24 2003 Subject: my real problem is ntconfig.pol References: Message-ID: <36D6AF1B.F58C5626@eng.auburn.edu> EFT.Eric Devolder wrote: > > You are right! but here each developer has its own NT Box. > Of course, they need to be constantly logged with > administrator right. And they work alone on their machines. > But when I perform a NT logging, the user can no more have > this local administrator right, and I really don't know > how to do it, as the user is not defined on the local > machine but on the Unix Box. However, when logged > as network user, the User manager tool is viewable > only. (what we could expect). On the NT client, execute net localgroup Administrators /add where is the name of the domain account. This assumes that users have personal boxes that they consistently use. > In your response, you say "right associated with an > account". How can I change this ? Is it in the policy > editor ? Rights and policies are two separate issues. > But then perhaps do I have to create special groups / > users in the polices in order to achieve this ? Nope. See above comments. > This confuses me a lot ! Perhaps it's not a samba > stright-forward related issue, but if you can help me, > or indicate me where I can find this info... Truthfully, this is strictly an NT related issue. However, lately this list has been more of a "how to administer Windows NT" type list. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rw at times-square.net Fri Feb 26 14:51:30 1999 From: rw at times-square.net (Rupert Weber-Henschel) Date: Tue Dec 2 02:25:24 2003 Subject: It's is not... References: Message-ID: <36D6B4F2.F59E025E@times-square.net> Sorry for wasting bandwidth, but I couldn't resist to share this fortune... It's is not, it isn't ain't, and it's it's, not its, if you mean it is. If you don't, it's its. Then too, it's hers. It isn't her's. It isn't our's either. It's ours, and likewise yours and theirs. -- Oxford University Press, Edpress News Luke Kenneth Casson Leighton wrote: > [...] > (i.e it is netbios name...) does not make sense. i think you mean (i.e > its NetBIOS name ...) > [...] > .. the client will change it is password ... ? you mean: > .. the client will change its password. -- Rupert Weber-Henschel E-Mail: rw@times-square.net From m.brodbelt at acu.ac.uk Fri Feb 26 15:04:33 1999 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:25:24 2003 Subject: my real problem is ntconfig.pol References: Message-ID: <36D6B801.3201EA88@acu.ac.uk> EFT.Eric Devolder wrote: > > Hello, > > Now I'm sure the ntconfig.pol is *really* downloaded to the NT box. > > The last problem is always: When logged with samba as PDC on the SAMBA > domain, the user of the NT box can no more start or stop services, change > local user config, and so on. My question is what do I have to incorporate > into ntconfig.pol in order to allow this behavior ? > Do I have to recreate entries in this file for each user and/or machine that > logs in ? How can I do ? Please help ! This isn't really a Samba issue, it's just the same with an NT server. An NT machine has a local SAM database where it stores user accounts. If you make a user on the NT box a member of the Administrators group, they gain admin rights to the box. The account with these rights will be LOCALMACHINE\username. If you then make the machine a member of an NT domain, the group DOMAIN\Domain Users will be added to LOCALMACHINE\Users, and DOMAIN\Domain Administrators will be added to LOCALMACHINE\Administrators. If you have added user accounts so that the guy who previously logged in as LOCALMACHINE\username now logs in as DOMAIN\username, then that person will lose Admin rights to the local box, as DOMAIN\username is *not* a member of the LOCALMACHINE\Administrators group. To change this, run the User Manager on each NT workstation, and add the appropriate domain user account to that workstation's local Administrators group. This should fix your problem. HTH Mike. From eric.devolder at eft.be Fri Feb 26 15:05:55 1999 From: eric.devolder at eft.be (EFT.Eric Devolder) Date: Tue Dec 2 02:25:24 2003 Subject: my real problem is ntconfig.pol Message-ID: Okay. Perhaps do I ommit to say some things: - For historical reasons, each user had already an account on their machine, but not registered in any domain. (local account). I've created network accounts with the same name. That is perhaps why I get this problem. In fact, if I log on the local domain, (ont on SAMBA but on NT WS own domain), and if I execute this command, NT says to me that the username is already part of Administrators group. (what is coherent with what I said in the previous mail). But now if I log onto the SAMBA domain, and if I try to launch this command, NT disagrees with error code 5. and if I try to perform "net user XXX /DOMAIN", it crashes ne1.exe on my NT box... > -----Original Message----- > From: Gerald Carter [SMTP:cartegw@eng.auburn.edu] > Sent: vendredi 26 f?vrier 1999 15:30 > To: EFT.Eric Devolder > Subject: Re: my real problem is ntconfig.pol > > EFT.Eric Devolder wrote: > > > > You are right! but here each developer has its own NT Box. > > Of course, they need to be constantly logged with > > administrator right. And they work alone on their machines. > > But when I perform a NT logging, the user can no more have > > this local administrator right, and I really don't know > > how to do it, as the user is not defined on the local > > machine but on the Unix Box. However, when logged > > as network user, the User manager tool is viewable > > only. (what we could expect). > > On the NT client, execute > > net localgroup Administrators /add > > where is the name of the domain account. This > assumes that users have personal boxes that they consistently > use. > > > In your response, you say "right associated with an > > account". How can I change this ? Is it in the policy > > editor ? > > Rights and policies are two separate issues. > > > But then perhaps do I have to create special groups / > > users in the polices in order to achieve this ? > > Nope. See above comments. > > > This confuses me a lot ! Perhaps it's not a samba > > stright-forward related issue, but if you can help me, > > or indicate me where I can find this info... > > Truthfully, this is strictly an NT related issue. However, > lately this list has been more of a "how to administer > Windows NT" type list. > > > > Hope this helps, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Fri Feb 26 15:31:17 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:24 2003 Subject: RID In-Reply-To: <36D57A6D.481F892F@eng.auburn.edu> Message-ID: On Fri, 26 Feb 1999, Gerald Carter wrote: > Alexandre Lecuyer wrote: > > > > in log. I get warnings about the RID > > [1999/02/25 15:10:26, 0] passdb/sampass.c:getsamfile21pwent(108) > > trust account wstation-1$ should be in DOMAIN_GROUP_RID_USERS > > This is a reminder note Luke left to himself. It can be > safely ignored. > > > I have problems using the local domain map (to user local admin > > > [1999/02/25 15:10:26, 0] passdb/sampassdb.c:pwdb_sam_map_names(535) > > UNIX User lefsys Primary Group is in the wrong domain! S-1-5-32-544 > > probably have something like > > domain_group.map > wheel="Domain Admins" > > local_group.map > wheel=Adminstrators > > > Luke, can you explain again what the local group gets you if > you are running as a Samba PDC. I mean as an example. > I know what the affect. Rather I'm asking for a practical > example. argh, i don't know! it's exactly the same as if you were using an nt server. the example that john gave me was if you want to move files from one domain to another. you make a local group the owner of the files (or something) and then you make a domain group a member of the local group. when you move the files to another domain you can still access the files, and you make the _new_ domain a member of the local group in order for the new domain users to access it. if you make a domain group the owner of the files and you remove the domain controller you can no longer access those files (unknown SID/rid). the arrangement above makes sure that you can access files in the absence of the domain controller. From cartegw at Eng.Auburn.EDU Fri Feb 26 17:23:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:25 2003 Subject: RID References: Message-ID: <36D6D88E.31FAFB5A@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > the example that john gave me was if you want to move files > from one domain to another. you make a local group the owner > of the files (or something) and then you make a domain > group a member of the local group. when you move the > files to another domain you can still access the files, > and you make the _new_ domain a member of the local group > in order for the new domain users to access it. > > if you make a domain group the owner of the files and > you remove the domain controller you can no longer access > those files (unknown SID/rid). > > the arrangement above makes sure that you can access > files in the absence of the domain controller. Sure. That makes sense. I gues I'm trying to figure out how this fits in with a Samba PDC. Need to go read some more before I say anything else. Off to get more coffee. :) Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Fri Feb 26 17:44:54 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:25 2003 Subject: Updated FAQ posted Message-ID: <36D6DD96.F0F5112E@eng.auburn.edu> Thanks to all who gave feedback on the next revision of the NTDOM FAQ. I've just uploaded the files and they should be available in an hour or so opn the main site and shortly thereafter on the mirror closet to you. As always, correction, additions, deletion, comments, etc... are welcome. I think I've fixed all the it's <=> its goofs. :) Updated * version information to correspond to the release of 2.0 * 2.2. How do I get my NT Workstation / Server to join the Samba controlled Domain? * 4.3.2. I can't get system policies to work. * 6.1 How do I get my samba server to become a member ( not PDC ) of an NT domain? -> includes reference to migration scripts to help in the creation of users and groups (id's only) on the samba domain member. Added * 2.6. I keep getting the message "trust account xxx should be in DOMAIN_GROUP_RID_USERS." What do I need to do? * 4.2.3. The roaming profiles do not seem to be updating on the server. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tas at microdisplay.com Fri Feb 26 18:20:31 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:25 2003 Subject: smbmount and Samba NTDOM Message-ID: <001c01be61b4$b1636000$f2c6d6cf@ebola.microdisplay.com> Hi, My Redhat 4.2 and 5.0 Linux "smbmount" programs fail to mount shares off of my Samba 2.0 NTDOM servers. "smbclient" works great, however I have scripts and processes that create tars of the Linux machines TO the Windows machines. "smbclient" seems to only create tars FROM the Windows machine. SO is smbmount gone, or is there an official workaround/ replacement? Any suggestions appreciated. -Todd [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] From alicia at usf.edu Fri Feb 26 18:18:00 1999 From: alicia at usf.edu (Alicia F. Balsera) Date: Tue Dec 2 02:25:25 2003 Subject: Trust relationship between PDCs Message-ID: <36D6E557.5D4E4291@usf.edu> I joined this mailing list a week ago after downloading the 2.0.2 code, and with the assistance of the multiple, generous, and frequent(!) contributors, I have been successful in establishing a Samba PDC on a Solaris 2.6 box which authenticates and support profiles for NT and Win95 workstations. Thank you to you all. The part that I do not have clear is how to establish a trust relationship between the PDC of an NT domain and my Samba PDC. On the NT side, I have set up my Samba domain as a trusted domain. What else do I need to do on the Samba PDC to set up the trust relationship? My ultimate goal is to use the Samba PDC for authentication and support of the profiles only, and use the resources controlled (served) from the NT PDC. -------------- next part -------------- A non-text attachment was scrubbed... Name: alicia.vcf Type: text/x-vcard Size: 392 bytes Desc: Card for Alicia F. Balsera Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990226/409e1f48/alicia.vcf From cartegw at Eng.Auburn.EDU Fri Feb 26 18:37:39 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:25 2003 Subject: Trust relationship between PDCs References: <36D6E557.5D4E4291@usf.edu> Message-ID: <36D6E9F3.1EF3D8E2@eng.auburn.edu> > The part that I do not have clear is how to establish a > trust relationship > between the PDC of an NT domain and my Samba PDC. On the NT Trust relationships are not implemented yet. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From alicia at usf.edu Fri Feb 26 20:17:34 1999 From: alicia at usf.edu (Alicia F. Balsera) Date: Tue Dec 2 02:25:25 2003 Subject: Trust relationship between PDCs In-Reply-To: <36D6E9F3.1EF3D8E2@eng.auburn.edu> Message-ID: On Sat, 27 Feb 1999, Gerald Carter wrote: > > The part that I do not have clear is how to establish a > > trust relationship between the PDC of an NT domain and > > my Samba PDC. > > Trust relationships are not implemented yet. I will watch closely for new developments as my goal is to authenticate from the SAMBA PDC while using the resources controlled by the NT PDCs... What is the status of LDAP support for Samba? I am interested in using our Directory Server for authentication rather than depending on the UNIX and/or smbpasswd files. From dthies at mail.ctsfw.edu Sat Feb 27 02:13:02 1999 From: dthies at mail.ctsfw.edu (Daniel Thies) Date: Tue Dec 2 02:25:26 2003 Subject: Samba Serving two domains/workgroups... In-Reply-To: <36D594C0.2419D6F5@gats-inc.com> Message-ID: We have been running several domains on one machine for several months now. Each domain is server by a completely separate set of smbd and nmbd processes. They are kept separate by compiling different binaries from the samba source and configuring different --prefix options. For example cd samba configure --prefix=/usr/local/dom1 make make install configure --prefix=/usr/local/dom2 make make install Then set of two separate configuration files, /usr/local/dom[12]/lib/smb.conf and smbpasswd files /usr/local/dom[12]/lib/smbpasswd Set the interface parameter to the appropriate address in each config file and do not change the default directories unless you know what your doing. Sharing the same lock directory for example will cause a crash, all though sharing smbpasswd seems to work fine if you like that sort of thing. Daniel Thies dthies@mail.ctsfw.edu On Fri, 26 Feb 1999, John Burton wrote: > Hi! > Hopefully someone can answer my question here...I have Samba 2.0.2 > running on a Linux box on a Class C network. The Linux box has two > interfaces on that network (using IP Aliasing). Samba responds properly > on both interfaces. I have it reading a different "included" config file > depending upon which interface the request comes in on. Looking from the > Windows I can "see" both "machines", but they are both in the same > workgroup / domain. What I would *like* to do is have have one > interface/name appear in one workgroup, and the other interface/name > appear in the other workgroup/domain. I've tried the obvious of defining > the workgroup name in the included config file, but it didn't work... > Suggestions? Thoughts? Has anyone done this sort of thing before? > > John > > PS. I'd also like both interfaces to act as a logon server / PDC for its > particular domain, with its own seperate smbpasswd file... > > -- > John Burton, Ph.D. > Senior Associate GATS, Inc. > j.c.burton@gats-inc.com 11864 Canon Blvd - Suite 101 > jcb@visi.net (personal) Newport News, VA 23606 > (757) 873-5920 (voice) (757) 873-5920 (fax) > From cartegw at Eng.Auburn.EDU Sat Feb 27 04:09:04 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:26 2003 Subject: Trust relationship between PDCs References: Message-ID: <36D76FE0.A30F4751@eng.auburn.edu> Alicia F. Balsera wrote: > > What is the status of LDAP support for Samba? I am interested > in using our Directory Server for authentication rather than > depending on the UNIX and/or smbpasswd files. The LDAP backend is experientmal but working. You'll need to configure the CVS code using the '--with-ldap-support flag' Some other the others, (Matt, JF-?) can give a better description of the schema and setup sublties. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From matthew at janus.law.usyd.edu.au Sat Feb 27 07:55:49 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:26 2003 Subject: Wrong domain is not checked ? In-Reply-To: from "Bas.Kelderman@eptl.elf-p.fr" at Feb 24, 99 00:16:52 am Message-ID: <199902270755.SAA11931@janus.law.usyd.edu.au> > That is not completely true, I run Samba 2.0.2 and a bunch of Win98 > pc's and the authentication is done through Samba and I have a policy > that doesn't allow users to log on unless they are authenticated within > the domain. > So that is a way to solve it. > And remarkably easy to defeat. Cause the task manager to appear (one of the 'windows' keys) and 'run application' explorer.exe. Works as a policy, but dont think for a minute the machine is 'secure'. From mzwier at alliance.kamsc.k12.mi.us Sat Feb 27 16:04:53 1999 From: mzwier at alliance.kamsc.k12.mi.us (Matthew Zwier) Date: Tue Dec 2 02:25:26 2003 Subject: WINLOGON.EXE segfaults with SAMBA PDC and NetWare client 4.5 Message-ID: <19990227110453.A20852@alliance.kamsc.k12.mi.us> We're using samba 2.0.2 (i386 RPM release) to emulate an NT PDC with our Linux (RedHat 5.2, 2.2.1 kernel) box. With 2.0.0, we were able to validate usernames against and store profiles on our server just fine, but file copies between NT workstations and the SAMBA server would regularly fail with various problems (mostly "Unexpected network error"). With 2.0.2, the file transfer problem has been resolved, but now WINLOGON.EXE crashes with an access violation shortly after entering a password. The failure appears to generate the following log entries: [1999/02/27 10:47:07, 0] lib/util_sock.c:read_data(376) read_data: read failure. Error = Connection reset by peer [1999/02/27 10:47:41, 0] lib/username.c:map_username(85) can't open username map /home/samba/private/users.map [1999/02/27 10:47:41, 0] rpc_server/srv_samr.c:get_user_info_21(1072) get_user_info_21 - TODO: convert unix times to NTTIMEs I can't figure out what effect, if any, the "can't open username map" error has on the logon process. The filename above is correct and readable to smbd. I don't know if the following have any impact on the situation, but they make me nervous: [1999/02/27 10:41:02, 0] param/loadparm.c:map_parameter(1568) Unknown parameter encountered: "domain controller" [1999/02/27 10:41:02, 0] param/loadparm.c:lp_do_parameter(1940) Ignoring unknown parameter "domain controller" [1999/02/27 10:41:02, 0] param/loadparm.c:map_parameter(1568) Unknown parameter encountered: "domain sid" [1999/02/27 10:41:02, 0] param/loadparm.c:lp_do_parameter(1940) Ignoring unknown parameter "domain sid" [1999/02/27 10:41:02, 0] param/loadparm.c:map_parameter(1568) Unknown parameter encountered: "domain group map" [1999/02/27 10:41:02, 0] param/loadparm.c:lp_do_parameter(1940) Ignoring unknown parameter "domain group map" [1999/02/27 10:41:02, 0] param/loadparm.c:map_parameter(1568) Unknown parameter encountered: "local group map" [1999/02/27 10:41:02, 0] param/loadparm.c:lp_do_parameter(1940) Ignoring unknown parameter "local group map" The workstation successfully joins the domain, but can't log in. We're running NT4SP4, and falling back to the version of WINLOGON.EXE distributed with NT4SP3 (now THAT was an interesting trick to attempt) had no effect. We're also running NetWare client utilities 4.5 to access our Novell servers. Given the option not to login to Novell, WINLOGON.EXE still crashes. No crashes occur when logging in as a local user. Is 2.0.2 an inadequate release for PDC services? Or is there a bug of some variety in NT, Samba, or both? Any help would be greatly appreciated. Thank you. Matt Zwier mzwier@alliance.kamsc.k12.mi.us From jallison at cthulhu.engr.sgi.com Sat Feb 27 22:39:08 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:25:26 2003 Subject: Samba 2.0.3 released. Message-ID: <36D8740C.1DC6EEB4@engr.sgi.com> The Samba Team is pleased to announce Samba 2.0.3. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. It may be fetched via ftp from : ftp:///pub/samba/samba-2.0.3.tar.gz Or just follow the link on the main page of your nearest http://samba.org mirror. Binary packages for supported systems will be made available within a short time. A separate announcement will be made for the release of these packages. Offers of binary Samba packages for various systems are welcome and should be sent to samba-bugs@samba.anu.edu.au. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.anu.edu.au As always, all bugs are our responsibility. Without further ado, here are the release notes. Regards, The Samba Team. -------------------------------------------------------- WHATS NEW IN Samba 2.0.3 ======================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. New/Changed parameters in 2.0.3 ------------------------------- There are 2 new parameters and one enhanced parameter in the smb.conf file. The new parameters are : nt acl support -------------- This is a global parameter that defaults to False (at the present time). If set to yes it allows UNIX file permissions to be reported via the Windows NT "cacls.exe" program. As some of the RPC calls that allow cacls to report the name of the owner of a file are not yet implemented in 2.0.3 this parameter is set to "no" by default. The default state of this parameter will change to "yes" in a future release. min passwd length ----------------- This is an integer global parameter that tells Samba the minimum permissible UNIX password length (in characters) when Samba is set to synchronise the Windows and UNIX passwords. By default this is set to 5, and was previously hardcoded into Samba 2.0.x. The modified parameter is : announce as ----------- Prior to 2.0.3 this parameter had only one setting for Windows NT compatibility, "NT", which was the default. This is still the default and this still tells Samba to announce itself in browse lists as an NT server, however this parameter may now be set to "NT workstation" which causes Samba to announce itself as an NT workstation instead of a server. All of these new parameters and changes are documented in the smb.conf man pages and html pages. Updated and New documentation ----------------------------- The NT Domain FAQ has been updated. Three new text documents have been provided : docs/textdocs/File-Cacheing.txt docs/textdocs/NT-Guest-Access.txt docs/textdocs/CRLF-LF-Conversions.txt Bugfixes added since 2.0.2 -------------------------- 1). --with-ssl configure now include ssl include directory. Fix from Richard Sharpe. 2). Patch for configure for glibc2.1 support (large files etc.). 3). Several bugfixes for smbclient tar mode from Bob Boehmer (boehmer@worldnet.att.net) to fix smbclient aborting problems when restoring tar files. 4). Some automount fixes for smbmount. 5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as root. As no-one has given us root access to such a server this cannot be tested fully, but should work. 6). Crash bug fix in debug code where *real* uid rather than *effective* uid was being checked before attempting to rotate log files. This fix should help a *lot* of people who were reporting smbd aborting in the middle of a copy operation. 7). SIGALRM bugfix to ensure infinate file locks time out. 8). New code to implement NT ACL reporting for cacls.exe program. 9). UDP loopback socket rebind fix for Solaris. 10). Ensure all UNICODE strings are correctly in little-endian format. 11). smbpasswd file locking fix. 12). Fixes for strncpy problems with glibc2.1. 13). Ensure smbd correctly reports major and minor version number and server type when queried via NT rpc calls. 14). Bugfix for short mangled names not being pulled off the mangled stack correctly. 15). Fix for mapping of rwx bits being incorrectly overwritten when doing ATTRIB.EXE 16). Fix for returning multiple PDU packets in NT rpc code. Should allow multiple shares to be returned correctly). 17). Improved mapping of NT open access requests into UNIX open modes. 18). Fix for copying files from an NTFS volume that contain multiple data forks. Added 'magic' error code NT needs. 19). Fixed crash bug when primary NT authentication server is down, rolls over to secondaries correctly now. 20). Fixed timeout processing to be timer based. Now will always occur even if smbd is under load. 21). Fixed signed/unsigned problem in quotas code. 22). Fixed bug where setting the password of a completely fresh user would end up setting the account disabled flag. 23). Improved user logon messages to help admins having trouble with user authentication. Bugfixes added since 2.0.1 -------------------------- Note that due to a critical signal handling bug in 2.0.1, this release has been removed and replaced immediately with 2.0.2. The Samba Team would like to apologise for any problem this may have caused. 1). Fixed smbd looping on SIGCLD problem. This was caused by a missing break statement in a critical piece of code. Bugfixes added since 2.0.0 -------------------------- 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 2). Autoconf changes to help HPUX configure correctly. 3). Autoconf changes to allow lock directory to be set. 4). Client fix to allow port to be set. 5). clitar fix to send debug messages to stderr. 6). smbmount race condition fix. 7). Fix for bug where trying to browse large numbers of shares generated an error from an NT client. 8). Wrapper for setgroups for SunOS 4.x 9). Fix for directory deleting failing from multiuser NT. 10). Fix for crash bug if bitmap was full. 11). Fix for Linux genrand where /dev/random could cause clients to timeout on connect if the entropy pool was empty. 12). The default PASSWD_CHAT may now be overridden in local.h 13). HPUX printing fixes for default programs. 14). Reverted (erroneous) code in MACHINE.SID generation that was setting the sid to 0x21 - should be *decimal* 21. 15). Fix for printing to remote machine under SVR4. 16). Fix for chgpasswd wait being interrupted with EINTR. 17). Fix for disk free routine. NT and Win98 now correctly show greater than 2GB disks. 18). Fix for crash bug in stat cache statistics printing. 19). Fix for filenames ending in .~xx. 20). Fix for access check code wait being interrupted with EINTR. 21). Fix for password changes from "invalid password" to a valid one setting the account disabled bit. 22). Fix for smbd crash bug in SMBreadraw cache prime code. 23). Fix for overly zealous lock range overflow reporting. 24). Fix for large disk disk free reporting (NT SMB code). 25). Fix for NT failing to truncate files correctly. 26). Fix for smbd crash bug with SMBcancel calls. 27). Additional -T flag to nmblookup to do reverse DNS on addresses. 28). SWAT fix to start/stop smbd/nmbd correctly. Major changes in Samba 2.0 -------------------------- This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From nuno at lwp.si.ualg.pt Sun Feb 28 03:45:40 1999 From: nuno at lwp.si.ualg.pt (Nuno Loureiro) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) Message-ID: Hi!! I'm using NTDOM since it very begginning. I have 1500 accounts and about 50 NT4 Workstation SP3. I was using 1.9.18 HEAD branch, and I just upgraded to the latest CVS. I compiled it, converted smbpasswd to the new format, I had to create worstations accounts again to work (maybe cause now it generates a SID). I can login but policies/profiles are not working properly... It downloads profiles in some situations and do not in others. It writes the profiles in the server when logging off. The problem I have now is that when I login it gives that msg about "Slow network connection, yadda yadda yadda..., Download profiles or use local". I click download and it downloads and when I logoff it saves them in the server as expected. The network is 10BaseT, and when it gives that msg, the login and logout are only a bit slower. I noticed that at least one account logins and logouts fine. What can I do? Why that msg when logging in? TIA, nl ----- Nuno Andre Henriques Loureiro http://lwp.ualg.pt/~nuno PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC E8 4D DC 23 8E 2B 72 B4 Finger nuno@lwp.ualg.pt for more info From Brendon_Meyer at fmi.com Sun Feb 28 04:08:02 1999 From: Brendon_Meyer at fmi.com (Brendon Meyer) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) References: Message-ID: <36D8C121.EBAA1907@fmi.com> Nuno Loureiro wrote: > Hi!! Greetings. > I'm using NTDOM since it very begginning. I have 1500 accounts and about > 50 NT4 Workstation SP3. > I was using 1.9.18 HEAD branch, and I just upgraded to the latest CVS. > I compiled it, converted smbpasswd to the new format, I had to create > worstations accounts again to work (maybe cause now it generates a SID). > I can login but policies/profiles are not working properly... > It downloads profiles in some situations and do not in others. > It writes the profiles in the server when logging off. > The problem I have now is that when I login it gives that msg about > "Slow network connection, yadda yadda yadda..., Download profiles or use local". > I click download and it downloads and when I logoff it saves them in the > server as expected. The network is 10BaseT, and when it gives that msg, the > login and logout are only a bit slower. I noticed that at least one account > logins and logouts fine. > What can I do? Why that msg when logging in? I have notices this with nearly all versions of SAMBA. What I did to overcome it was to load the following registry entry into the NT workstations to eliminate the "question". ---> CUT HERE <--- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SlowLinkDetectEnabled"=dword:00000000 ---> END CUT <--- The exacty "why" would probably be better handled by one of the active developers (Luke, Andrew, anyone? ... comments ... I must admit I haven't looked at the code for some time now). Brendon Meyer From jan.van.rensburg at epiuse.com Sun Feb 28 14:07:55 1999 From: jan.van.rensburg at epiuse.com (jan van rensburg) Date: Tue Dec 2 02:25:26 2003 Subject: Trust relationship between PDCs References: Message-ID: <99022812110400.00329@puffy.epiuse.co.za> hi, jerry/luke, isn't it a bit of a waste of time to try and implement trust relationships now? should the focus of effort not rather be on nt5/win2000 functionality? as far as i understand with nt5, trust relationships will become "obsolete". --jan van rensburg On Fri, 26 Feb 1999, Alicia F. Balsera wrote: >On Sat, 27 Feb 1999, Gerald Carter wrote: > >> > The part that I do not have clear is how to establish a >> > trust relationship between the PDC of an NT domain and >> > my Samba PDC. >> >> Trust relationships are not implemented yet. > >I will watch closely for new developments as my goal is to >authenticate from the SAMBA PDC while using the resources >controlled by the NT PDCs... > >What is the status of LDAP support for Samba? I am interested >in using our Directory Server for authentication rather than >depending on the UNIX and/or smbpasswd files. -- From cartegw at Eng.Auburn.EDU Sun Feb 28 13:11:45 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:26 2003 Subject: Trust relationship between PDCs References: <99022812110400.00329@puffy.epiuse.co.za> Message-ID: <36D94091.8E602061@eng.auburn.edu> jvr-, Anyone want to wager exactly when win2000 will come out and exactly when people will migrate? My guess is that there is still a few years left in NT 4. But I could be wrong? >From the queries on this list, it still seems like people want trust relationship functionality. Without it, a Samba domain is currently isolated (in a manner of speaking). Your point is well taken though. Cheers, jerry jan van rensburg wrote: > > hi, > jerry/luke, isn't it a bit of a waste of time to try > and implement trust relationships now? should the focus of > effort not rather be on nt5/win2000 functionality? as far > as i understand with nt5, trust relationships > will become "obsolete". ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From nuno at lwp.si.ualg.pt Sun Feb 28 15:02:56 1999 From: nuno at lwp.si.ualg.pt (Nuno Loureiro) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) In-Reply-To: <36D8DFB0.2778BC97@fmi.com> Message-ID: On 28-Feb-99 Brendon Meyer wrote this and I have to respond: -> Nuno Loureiro wrote: -> -> -> > But, its slower.. I did the test with about 7 or 8 accounts.. 1 of them I -> > just created. I rm -r profiles from those users, and I deleted local -> > profiles too on NT. -> > -> > On 1 of them the login is fast.. On the others the login is slower and -> > that msg about slow link appears, and on the account I just created -> > the login is very slow. -> > -> > what could explain this? -> -> Hmmm .... now that *is* interesting. -> -> In our situation, the speed of logins is quite consistent. There is a -> semi-saturated E3 link between us and the domain controllers. As a result, -> there is usually a few seconds delay so we get this message consistently. But in my case is 10BaseT, so we should never get this message :/ -> When we have previously stored users NT login profiles on a NT server we -> sometimes got this message (though over the course of time, the message came -> up more often than not). With SAMBA this message came up consistently but -> it was not "significantly" slower. -> -> Let me ask a silly question here. -> -> How are you authenticating your users? -> -> Are you using the SAMBA domain authentication or are you telling Samba to -> pass off authentication to a NT domain controller (possibly a SAMBA DC)? I have samba as PDC. All the NTs are Workstations. -> ... and this begs the question, are you getting messages such as: -> -> password server xxxxxx rejected the password -> NT Password did not match ! Defaulting to Lanman Yes, I noticed *sometimes* I got that message, and sometimes not. I will paste you some logs.. [1999/02/28 02:13:16, 0] passdb/sampass.c:getsamfile21pwent(108) trust account lig30$ should be in DOMAIN_GROUP_RID_USERS [1999/02/28 02:13:32, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1999/02/28 02:14:03, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1999/02/28 02:15:36, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1999/02/28 02:16:08, 0] smbd/reply.c:reply_sesssetup_and_X(710) NT Password did not match ! Defaulting to Lanman [1999/02/28 02:16:40, 0] smbd/reply.c:reply_sesssetup_and_X(710) ... lig14 (10.11.85.114) connect to service a123456 as user a123456 (uid=1250, gid=111) (pid 11146) [1999/02/28 02:26:47, 1] smbd/service.c:make_connection(486) lig14 (10.11.85.114) connect to service Netlogon as user a123456 (uid=1250, gid=111) (pid 11146) [1999/02/28 02:26:47, 1] smbd/service.c:make_connection(486) lig14 (10.11.85.114) connect to service dj670 as user a123456 (uid=1250, gid=111)(pid 11146) [1999/02/28 02:26:48, 1] smbd/service.c:make_connection(486) lig14 (10.11.85.114) connect to service laser as user a123456 (uid=1250, gid=111)(pid 11146) ... [1999/02/28 05:11:59, 0] passdb/sampass.c:getsamfile21pwent(108) trust account lig30$ should be in DOMAIN_GROUP_RID_USERS [1999/02/28 05:12:00, 0] smbd/uid.c:become_root(366) ERROR: become root depth is non zero [1999/02/28 05:12:00, 0] smbd/uid.c:unbecome_root(387) ERROR: unbecome root depth is 0 [1999/02/28 05:12:07, 1] smbd/service.c:make_connection(486) lig10 (10.11.85.110) connect to service a10330 as user a10330 (uid=2056, gid=111)(pid 6497) [1999/02/28 05:12:08, 1] smbd/service.c:make_connection(486) lig10 (10.11.85.110) connect to service dj670 as user a10330 (uid=2056, gid=111) (pid 6497) [1999/02/28 05:12:09, 1] smbd/service.c:make_connection(486) lig10 (10.11.85.110) connect to service laser as user a10330 (uid=2056, gid=111) (pid 6497) I will also paste some parts of my smb.conf: ;======================= Global Settings ===================================== [global] workgroup = CIG remote announce = 10.11.91.1/CIG remote browse sync = 10.11.91.1 comment = CI-Gambelas Samba Server ; domain sid = S-1-5-21-123-456-789-123 ; debuglevel = 20 security = USER encrypt passwords = yes local master = yes os level = 75 domain master = yes preferred master = yes domain logons = yes wins support = yes dns proxy = yes logon drive = u: logon home = "\\rtfm\%U" logon path = \\%L\Profiles\%U logon script = %m.bat unix realname = yes time server = True guest account = nobody ; domain admin users = nuno, bpedro, victor, antobar, viseu unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *assword changed* load printers = no domain group map = /etc/domaingroup.map local group map = /etc/localgroup.map ; Logs log file = /usr/local/samba/var/log.%m max log size = 500 ; log level = 50 short preserve case = yes preserve case = yes ; Security and file integrity related options lock directory = /usr/local/samba/var/locks locking = yes share modes = yes guest ok = no ; Performance Related Options ; Before setting socket options read the smb.conf man page!! socket options = TCP_NODELAY ; Use keep alive only if really needed!!!! ; keep alive = 60 dead time = 0 # Unix users can map to different SMB User names username map = /etc/users.map ;============================ Share Definitions ============================== (...) [Netlogon] comment = Samba Network Logon Service path = /home/samba/netlogon ; Case sensitivity breaks logon script processing!!! case sensitive = no default case = yes guest ok = no locking = no public = no writable = yes ; For browseable say NO if you want to hide the NETLOGON share browseable = no [Profiles] path = /home/samba/profiles browseable = yes printable = no guest ok = yes writable = yes (...) ----- Nuno Andre Henriques Loureiro http://lwp.ualg.pt/~nuno PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC E8 4D DC 23 8E 2B 72 B4 Finger nuno@lwp.ualg.pt for more info From nuno at lwp.si.ualg.pt Sun Feb 28 15:21:03 1999 From: nuno at lwp.si.ualg.pt (Nuno Loureiro) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) In-Reply-To: <36D8C121.EBAA1907@fmi.com> Message-ID: On 28-Feb-99 Brendon Meyer wrote this and I have to respond: -> I have notices this with nearly all versions of SAMBA. What I did to -> overcome it -> was to load the following registry entry into the NT workstations to -> eliminate the -> "question". -> -> -> ---> CUT HERE <--- -> REGEDIT4 -> -> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] -> "SlowLinkDetectEnabled"=dword:00000000 -> -> ---> END CUT <--- -> -> The exacty "why" would probably be better handled by one of the active -> developers -> (Luke, Andrew, anyone? ... comments ... I must admit I haven't looked at -> the code -> for some time now). But, its slower.. I did the test with about 7 or 8 accounts.. 1 of them I just created. I rm -r profiles from those users, and I deleted local profiles too on NT. On 1 of them the login is fast.. On the others the login is slower and that msg about slow link appears, and on the account I just created the login is very slow. what could explain this? ----- Nuno Andre Henriques Loureiro http://lwp.ualg.pt/~nuno PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC E8 4D DC 23 8E 2B 72 B4 Finger nuno@lwp.ualg.pt for more info From wolfgang.ratzka at gmx.de Sun Feb 28 15:59:52 1999 From: wolfgang.ratzka at gmx.de (Wolfgang Ratzka) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) References: Message-ID: <36D967F8.26FE4E6C@gmx.de> Nuno Loureiro wrote: > > But in my case is 10BaseT, so we should never get this message :/ I get the message when I store user profiles on a samba server. My interpretation is that the authentication process is taking very long (we have ~9000 users in /etc/passwd) and therefore samba has a slow start, which leads NT to expect (quite wrongly ;-) overal slow performance.. -- Wolfgang Ratzka (per Modem von zu Hause) [WARNING: I can read mail headers and I complain to spammer's postmasters!] From svedja at lysator.liu.se Sun Feb 28 17:02:15 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) In-Reply-To: <36D967F8.26FE4E6C@gmx.de> Message-ID: On Mon, 1 Mar 1999, Wolfgang Ratzka wrote: > Nuno Loureiro wrote: > > > > But in my case is 10BaseT, so we should never get this message :/ > > I get the message when I store user profiles on a samba server. > My interpretation is that the authentication process is taking > very long (we have ~9000 users in /etc/passwd) and therefore > samba has a slow start, which leads NT to expect (quite wrongly ;-) > overal slow performance.. Suspecting the same problem here. About 17000 accounts on samba. ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From cigor at EUnet.yu Sun Feb 28 18:19:44 1999 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) Message-ID: <01be6346$ea390ae0$0200a8c0@big.co.yu> There is one reg key that I have readed from common.adm(file that poledit is using). There is one key: HKEY_LOCAL_MASHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\SlowLinkDetectEnabled I dod not find this key in my reg file, but I you can seek for it. For last 6 moungths I dod not have expirience with slow network connections. If you find it there you can delete it, or change it value to 0. I do not know witch hase efect. Tell me if this give result that you are seeking for. I hope this help. ______________________________________________ Colovic Igor Linux Users Group of Yugoslavia www.linux.org.yu cigor@eunet.yu DelphiPro@yahoo.com From dave at www.buffalostate.edu Sun Feb 28 20:17:39 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:26 2003 Subject: Wrong domain is not checked ? In-Reply-To: <199902270755.SAA11931@janus.law.usyd.edu.au> Message-ID: > > pc's and the authentication is done through Samba and I have a policy > > that doesn't allow users to log on unless they are authenticated within > > the domain. > > So that is a way to solve it. > > > > And remarkably easy to defeat. Cause the task manager to appear > (one of the 'windows' keys) and 'run application' explorer.exe. rename taskman.exe to something else, then you can't pop it up with LwinKey, or Ctrl-Alt-Esc at the logon prompt. normal taskman use under the explorer seems to be unaffected. (ctrl-alt-del under explorer still will bring it up) > Works as a policy, but dont think for a minute the machine is > 'secure'. Win9x will never be "secure" but there are various tricks that can be done to slow down (note: not "stop") most malicious users. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From nuno at lwp.si.ualg.pt Sun Feb 28 21:01:30 1999 From: nuno at lwp.si.ualg.pt (Nuno Loureiro) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) In-Reply-To: <36D8C121.EBAA1907@fmi.com> Message-ID: On 28-Feb-99 Brendon Meyer wrote this and I have to respond: I noticed some new stuff... The account I said that does not give the slow link message is in top of smbpasswd... The other accounts that are also fast, but gives the slow link message are less than the middle of smbpasswd. The account I told that is very slow (that I just created) is the last line of smbpasswd. I changed one of the middle accounts to the top of the file and its very fast and no slow link msg. So I conclude that the new(?) algorithm for authentication is a lot more slower than the old one. -> -> ---> CUT HERE <--- -> REGEDIT4 -> -> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] -> "SlowLinkDetectEnabled"=dword:00000000 -> -> ---> END CUT <--- Do you know how to put it in the .adm files? I have winnt.adm with this: (...) POLICY !!EnableSlowLinkDetect VALUENAME "SlowLinkDetectEnabled" END POLICY (...) If I check it in poledit it puts the value data to 1. If I dont check it it doesnt set the value. I want to set the value data to 0, like you have in your example... How can I do that? ----- Nuno Andre Henriques Loureiro http://lwp.ualg.pt/~nuno PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC E8 4D DC 23 8E 2B 72 B4 Finger nuno@lwp.ualg.pt for more info From yan at cardinalengineering.com Sun Feb 28 23:57:35 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:25:26 2003 Subject: Downloading Profiles/Policies (slow connection) References: Message-ID: <36D9D7EF.AB52F8FC@cardinalengineering.com> We only have a handful of accounts (6 users and 7 machines) and the slow connection appeared on NT boxes when we went to an NT server for PDC with samba for file service. I attributted it to the delay in the NT server box (both the samba server and the NT server are P5-166 boxes on a 10bt network). Samba 2.0.0b5 (about to take the punge into 2.0.3 :-) and NT 4 SP4 Yan Nuno Loureiro wrote: > On 28-Feb-99 Brendon Meyer wrote this and I have to respond: > > -> I have notices this with nearly all versions of SAMBA. What I did to > -> overcome it > -> was to load the following registry entry into the NT workstations to > -> eliminate the > -> "question". > -> > -> > -> ---> CUT HERE <--- > -> REGEDIT4 > -> > -> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > -> "SlowLinkDetectEnabled"=dword:00000000 > -> > -> ---> END CUT <--- > -> > -> The exacty "why" would probably be better handled by one of the active > -> developers > -> (Luke, Andrew, anyone? ... comments ... I must admit I haven't looked at > -> the code > -> for some time now). > > But, its slower.. I did the test with about 7 or 8 accounts.. 1 of them I just > created. I rm -r profiles from those users, and I deleted local profiles too on > NT. > > On 1 of them the login is fast.. On the others the login is slower and that msg > about slow link appears, and on the account I just created the login is very > slow. > > what could explain this? > > ----- > Nuno Andre Henriques Loureiro > http://lwp.ualg.pt/~nuno > PGP FingerPrint: 85 B2 B7 DA 28 C0 D9 BC E8 4D DC 23 8E 2B 72 B4 > Finger nuno@lwp.ualg.pt for more info From ehsan at APADANA.COM Wed Feb 3 16:11:57 1999 From: ehsan at APADANA.COM (Ehsan Mohammady) Date: Tue Dec 2 02:25:32 2003 Subject: No subject Message-ID: <001101be4f8f$ecc76240$93e0c1d0@pand.apadana.com> unsubscribe -------------- next part -------------- HTML attachment scrubbed and removed From dwchan at lightstream.net Fri Feb 5 05:48:54 1999 From: dwchan at lightstream.net (Dominic W. Chan) Date: Tue Dec 2 02:25:39 2003 Subject: Security = Server using NT PDC Message-ID: <006601be50cb$380e5880$0101a8c0@leighann> I am trying to set up my samba to use a Win NT PDC as my auth server. and I am running into few problem. I am currently running Rh 5.1 with kernel 2.0.36 and Samba 1.9.18p10. When I am using security = user or share, with either encryted password or not, everything seem to work fine! When I don't use encryted password, I update my NT server with the plain clear text registry fix, everything works. When I do want to use encryted password, I take out the plain clear text registry entries, and everything work ok too. However, when I try to set security = server and provide a password server (the server netbios name is LEIGHANN), I keep getting the following error (Note: both the Samba server and the NT PDC are in the same subnet/network) resolve_name: Attempting wins lookup for name <0x20> bind succeeded on port 0 receive_smb error (Connection reset by peer) exiting Closing connections 1999/03/06 20:50:42 Server exit (normal exit) resolve_name: Attempting lmhosts lookup for name resolve_name: Attempting broadcast lookup for name <0x20> bind succeeded on port 0 server_cryptkey: Can't resolve address for password server not available After failing in looking for the password server, it switch to using my local encryted file! I have check and double check my smb.conf, and everything seem fine! security = server # Use password server option only with security = server password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. password level = 1 username level = 1 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/smbpasswd # Unix users can map to different SMB User names username map = /etc/smbusers Is there a problem with version 1.9.18 that it will not using NT PDC as the password server, what am I doing wrong?? dwc From p.grimmerink at home.nl Fri Feb 26 11:12:24 1999 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:28:47 2003 Subject: samba-tng-0.6 problems In-Reply-To: <3.0.6.32.20000221091604.008ff100@203.16.214.248> Message-ID: Hello, I recently tried out samba-tng-0.6, (tried 0.4 before, currently still running 6 months ago samba head branche) I have noticed the following 'problems', still keeping me from switching to samba-tng; -I have added an 'administrator' user in the samba domain, mapped a group it belonged to to 'BUILTIN\Administrators', and now I can't log into NT 4.0 server or workstation with this 'administrator' domain account. (log.smb says 'password did not match') From win9x, this user can log in correctly, though. -when I log in as 'root' (also in smbpasswd file, also member of the group mapped to 'BUILTIN\Administrators'), NT says that the machine account for the server is probably not there. Normal domain users work fine. -I can't see groups in the usermanager for domains, in NT. -can't use the usermanager for domains under win9x at all: "PDC for this domain can't be found" ?! -when I grant a group access to a share (NT), members from that group can't access the share. It works when I manually add all users to the share. Probably related: when I rpcclient to an NT server, and query the members of that group, the group appears to be empty. When I do the same for the samba-pdc, the group contains all the users. -when I do the same under win9x, members of groups only gain access when the group is recognized by windows ("Domain Users" for instance) Groups I don't map to a windows-builtin groupname, don't work. -From NT, the local administrator can't even access win9x machines via the network. (Probably the same problem as the administrator account in the domain not being able to log in to NT). This seems like a long list, but there is one huge improvement since version 0.4; win9x users can log in to the domain! (Login takes much longer than with the old head smbd, somehow, but it works) Conclusion: I can switch to samba-tng in only one of my network situations (the one at my home): One samba server (PDC), and only win98 workstations. The other situations have both NT and win9x, so I can't use TNG. I hope that most of these problems will be solved one day, then I can finally get rid off all NT servers! Best regards, Pieter